MarketTakers/arbiter
6
0
Fork 0
Code Issues 26 Pull Requests 1 Packages Projects Releases Wiki Activity

refactor(server::crypto): use fixed-size [u8; 32] and KeyCell throughout seal key API
Some checks failed
ci/woodpecker/pr/server-lint Pipeline failed
Details
ci/woodpecker/pr/server-audit Pipeline was successful
Details
ci/woodpecker/pr/server-vet Pipeline failed
Details
ci/woodpecker/pr/server-test Pipeline was successful
Details

Browse Source
This commit is contained in:
CleverWild
2026-06-12 21:15:07 +02:00
parent a3b98ca024
commit 0098c3c08a
12 changed files with 53 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
server/crates/arbiter-server/tests/client/auth.rs
View File

@@ -1,8 +1,5 @@
use super::common::ChannelTransport;
use arbiter_crypto::{
authn::{self, AuthChallenge, CLIENT_CONTEXT},
safecell::{SafeCell, SafeCellHandle as _},
};
use arbiter_crypto::authn::{self, AuthChallenge, CLIENT_CONTEXT};
use arbiter_proto::{
ClientMetadata,
transport::{Receiver, Sender},
@@ -100,7 +97,7 @@ async fn spawn_test_actors(db: &db::DatabasePool) -> GlobalActors {
actors
.vault
.ask(Bootstrap {
seal_key_raw: SafeCell::new([0u8; 32].to_vec()),
seal_key: arbiter_server::crypto::KeyCell::from([0u8; 32]),
})
.await
.unwrap();

3
server/crates/arbiter-server/tests/common/mod.rs
View File

@@ -2,7 +2,6 @@
dead_code,
reason = "Common test utilities that may not be used in every test"
)]
use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
use arbiter_proto::transport::{Bi, Error, Receiver, Sender};
use arbiter_server::{
actors::{GlobalActors, vault::Vault},
@@ -19,7 +18,7 @@ pub(crate) async fn bootstrapped_vault(db: &db::DatabasePool) -> Vault {
.await
.unwrap();
actor
.bootstrap(SafeCell::new([0u8; 32].to_vec()))
.bootstrap(arbiter_server::crypto::KeyCell::from([0u8; 32]))
.await
.unwrap();
actor

13
server/crates/arbiter-server/tests/operator/auth.rs
View File

@@ -1,8 +1,5 @@
use super::common::ChannelTransport;
use arbiter_crypto::{
authn::{self, AuthChallenge, OPERATOR_CONTEXT},
safecell::{SafeCell, SafeCellHandle as _},
};
use arbiter_crypto::authn::{self, AuthChallenge, OPERATOR_CONTEXT};
use arbiter_proto::transport::{Error as TransportError, Receiver, Sender};
use arbiter_server::{
actors::{GlobalActors, bootstrap::GetToken, vault::Bootstrap},
@@ -157,7 +154,7 @@ pub async fn bootstrap_token_auth() {
actors
.vault
.ask(Bootstrap {
seal_key_raw: SafeCell::new([0u8; 32].to_vec()),
seal_key: arbiter_server::crypto::KeyCell::from([0u8; 32]),
})
.await
.unwrap();
@@ -275,7 +272,7 @@ pub async fn challenge_auth() {
actors
.vault
.ask(Bootstrap {
seal_key_raw: SafeCell::new([0u8; 32].to_vec()),
seal_key: arbiter_server::crypto::KeyCell::from([0u8; 32]),
})
.await
.unwrap();
@@ -361,7 +358,7 @@ pub async fn challenge_auth_rejects_integrity_tag_mismatch_when_unsealed() {
actors
.vault
.ask(Bootstrap {
seal_key_raw: SafeCell::new([0u8; 32].to_vec()),
seal_key: arbiter_server::crypto::KeyCell::from([0u8; 32]),
})
.await
.unwrap();
@@ -434,7 +431,7 @@ pub async fn challenge_auth_rejects_invalid_signature() {
actors
.vault
.ask(Bootstrap {
seal_key_raw: SafeCell::new([0u8; 32].to_vec()),
seal_key: arbiter_server::crypto::KeyCell::from([0u8; 32]),
})
.await
.unwrap();

7
server/crates/arbiter-server/tests/operator/unseal.rs
View File

@@ -1,7 +1,4 @@
use arbiter_crypto::{
authn,
safecell::{SafeCell, SafeCellHandle as _},
};
use arbiter_crypto::authn;
use arbiter_server::{
actors::{
GlobalActors,
@@ -34,7 +31,7 @@ async fn setup_sealed_gate(
actors
.vault
.ask(Bootstrap {
seal_key_raw: SafeCell::new(seal_key.to_vec()),
seal_key: arbiter_server::crypto::KeyCell::from(*seal_key),
})
.await
.unwrap();

2
server/crates/arbiter-server/tests/vault/concurrency.rs
View File

@@ -166,7 +166,7 @@ async fn decrypt_roundtrip_after_high_concurrency() {
.await
.unwrap();
decryptor
.try_unseal(SafeCell::new([0u8; 32].to_vec()))
.try_unseal(arbiter_server::crypto::KeyCell::from([0u8; 32]))
.await
.unwrap();

12
server/crates/arbiter-server/tests/vault/lifecycle.rs
View File

@@ -5,7 +5,7 @@ use arbiter_server::{
GlobalActors,
vault::{Error, Vault},
},
crypto::encryption::v1::{Nonce, ROOT_KEY_TAG},
crypto::{KeyCell, encryption::v1::{Nonce, ROOT_KEY_TAG}},
db::{self, models, schema},
};
@@ -20,7 +20,7 @@ async fn test_bootstrap() {
.await
.unwrap();
let seal_key = SafeCell::new([0u8; 32].to_vec());
let seal_key = KeyCell::from([0u8; 32]);
actor.bootstrap(seal_key).await.unwrap();
let mut conn = db.get().await.unwrap();
@@ -43,7 +43,7 @@ async fn test_bootstrap_rejects_double() {
let db = db::create_test_pool().await;
let mut actor = common::bootstrapped_vault(&db).await;
let seal_key2 = SafeCell::new([0u8; 32].to_vec());
let seal_key2 = KeyCell::from([0u8; 32]);
let err = actor.bootstrap(seal_key2).await.unwrap_err();
assert!(matches!(err, Error::AlreadyBootstrapped));
}
@@ -105,7 +105,7 @@ async fn test_unseal_correct_password() {
let mut actor = Vault::new(db.clone(), GlobalActors::spawn_message_bus())
.await
.unwrap();
let seal_key = SafeCell::new([0u8; 32].to_vec());
let seal_key = KeyCell::from([0u8; 32]);
actor.try_unseal(seal_key).await.unwrap();
let mut decrypted = actor.decrypt(aead_id).await.unwrap();
@@ -129,11 +129,11 @@ async fn test_unseal_wrong_then_correct_password() {
.await
.unwrap();
let bad_key = SafeCell::new([1u8; 32].to_vec());
let bad_key = KeyCell::from([1u8; 32]);
let err = actor.try_unseal(bad_key).await.unwrap_err();
assert!(matches!(err, Error::InvalidKey));
let good_key = SafeCell::new([0u8; 32].to_vec());
let good_key = KeyCell::from([0u8; 32]);
actor.try_unseal(good_key).await.unwrap();
let mut decrypted = actor.decrypt(aead_id).await.unwrap();