refactor(hashing): introduce Hashable derive macro and migrate server types

server/crates/arbiter-server/Cargo.toml

@@ -18,6 +18,7 @@ diesel-async = { version = "0.8.0", features = [
 ] }
 arbiter-proto.path = "../arbiter-proto"
 arbiter-crypto.path = "../arbiter-crypto"
+arbiter-macros.path = "../arbiter-macros"
 tracing.workspace = true
 tracing-subscriber = { version = "0.3", features = ["env-filter"] }
 tonic.workspace = true
@@ -44,7 +45,7 @@ restructed = "0.2.2"
 strum = { version = "0.28.0", features = ["derive"] }
 pem = "3.0.6"
 sha2.workspace = true
-hmac = "0.12"
+hmac.workspace = true
 spki.workspace = true
 alloy.workspace = true
 prost-types.workspace = true

server/crates/arbiter-server/src/actors/client/mod.rs

@@ -5,7 +5,7 @@ use tracing::{error, info};
 
 use crate::{
     actors::{GlobalActors, client::session::ClientSession},
-    crypto::integrity::{Integrable, hashing::Hashable},
+    crypto::integrity::Integrable,
     db,
 };
 
@@ -15,6 +15,7 @@ pub struct ClientProfile {
     pub metadata: ClientMetadata,
 }
 
+#[derive(arbiter_macros::Hashable)]
 pub struct ClientCredentials {
     pub pubkey: authn::PublicKey,
     pub nonce: i32,
@@ -24,13 +25,6 @@ impl Integrable for ClientCredentials {
     const KIND: &'static str = "client_credentials";
 }
 
-impl Hashable for ClientCredentials {
-    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
-        hasher.update(self.pubkey.to_bytes());
-        self.nonce.hash(hasher);
-    }
-}
-
 pub struct ClientConnection {
     pub(crate) db: db::DatabasePool,
     pub(crate) actors: GlobalActors,

server/crates/arbiter-server/src/actors/user_agent/mod.rs

@@ -5,7 +5,7 @@ use crate::{
 };
 use arbiter_crypto::authn;
 
-#[derive(Debug)]
+#[derive(Debug, arbiter_macros::Hashable)]
 pub struct UserAgentCredentials {
     pub pubkey: authn::PublicKey,
     pub nonce: i32,
@@ -38,18 +38,3 @@ pub mod session;
 
 pub use auth::authenticate;
 pub use session::UserAgentSession;
-
-use crate::crypto::integrity::hashing::Hashable;
-
-impl Hashable for authn::PublicKey {
-    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
-        hasher.update(self.to_bytes());
-    }
-}
-
-impl Hashable for UserAgentCredentials {
-    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
-        self.pubkey.hash(hasher);
-        self.nonce.hash(hasher);
-    }
-}

server/crates/arbiter-server/src/crypto/integrity/v1.rs

@@ -1,6 +1,6 @@
-use crate::{actors::keyholder, crypto::integrity::hashing::Hashable};
-use arbiter_crypto::safecell::SafeCellHandle as _;
-use hmac::{Hmac, Mac as _};
+use crate::actors::keyholder;
+use arbiter_crypto::hashing::Hashable;
+use hmac::Hmac;
 use sha2::Sha256;
 
 use diesel::{ExpressionMethods as _, QueryDsl, dsl::insert_into, sqlite::Sqlite};
@@ -8,8 +8,6 @@ use diesel_async::{AsyncConnection, RunQueryDsl};
 use kameo::{actor::ActorRef, error::SendError};
 use sha2::Digest as _;
 
-pub mod hashing;
-
 use crate::{
     actors::keyholder::{KeyHolder, SignIntegrity, VerifyIntegrity},
     db::{
@@ -203,10 +201,6 @@ mod tests {
     use diesel::{ExpressionMethods as _, QueryDsl};
     use diesel_async::RunQueryDsl;
     use kameo::{actor::ActorRef, prelude::Spawn};
-    
-    use sha2::Digest;
-
-    
 
     use crate::{
         actors::keyholder::{Bootstrap, KeyHolder},
@@ -215,20 +209,11 @@ mod tests {
     use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
 
     use super::{Error, Integrable, sign_entity, verify_entity};
-    use super::hashing::Hashable;
-
-    #[derive(Clone)]
+    #[derive(Clone, arbiter_macros::Hashable)]
     struct DummyEntity {
         payload_version: i32,
         payload: Vec<u8>,
     }
-
-    impl Hashable for DummyEntity {
-        fn hash<H: Digest>(&self, hasher: &mut H) {
-            self.payload_version.hash(hasher);
-            self.payload.hash(hasher);
-        }
-    }
     impl Integrable for DummyEntity {
         const KIND: &'static str = "dummy_entity";
     }

server/crates/arbiter-server/src/crypto/integrity/v1/hashing.rs

@@ -1,107 +0,0 @@
-use hmac::digest::Digest;
-use std::collections::HashSet;
-
-/// Deterministically hash a value by feeding its fields into the hasher in a consistent order.
-pub trait Hashable {
-    fn hash<H: Digest>(&self, hasher: &mut H);
-}
-
-macro_rules! impl_numeric {
-($($t:ty),*) => {
-    $(
-        impl Hashable for $t {
-            fn hash<H: Digest>(&self, hasher: &mut H) {
-                hasher.update(&self.to_be_bytes());
-            }
-        }
-    )*
-};
-}
-
-impl_numeric!(u8, u16, u32, u64, i8, i16, i32, i64);
-
-impl Hashable for &[u8] {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        hasher.update(self);
-    }
-}
-
-impl Hashable for String {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        hasher.update(self.as_bytes());
-    }
-}
-
-impl<T: Hashable + PartialOrd> Hashable for Vec<T> {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        let ref_sorted = {
-            let mut sorted = self.iter().collect::<Vec<_>>();
-            sorted.sort_by(|a, b| a.partial_cmp(b).unwrap());
-            sorted
-        };
-        for item in ref_sorted {
-            item.hash(hasher);
-        }
-    }
-}
-
-impl<T: Hashable + PartialOrd> Hashable for HashSet<T> {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        let ref_sorted = {
-            let mut sorted = self.iter().collect::<Vec<_>>();
-            sorted.sort_by(|a, b| a.partial_cmp(b).unwrap());
-            sorted
-        };
-        for item in ref_sorted {
-            item.hash(hasher);
-        }
-    }
-}
-
-impl<T: Hashable> Hashable for Option<T> {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        match self {
-            Some(value) => {
-                hasher.update([1]);
-                value.hash(hasher);
-            }
-            None => hasher.update([0]),
-        }
-    }
-}
-
-impl<T: Hashable> Hashable for Box<T> {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        self.as_ref().hash(hasher);
-    }
-}
-
-impl<T: Hashable> Hashable for &T {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        (*self).hash(hasher);
-    }
-}
-
-impl Hashable for alloy::primitives::Address {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        hasher.update(self.as_slice());
-    }
-}
-
-impl Hashable for alloy::primitives::U256 {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        hasher.update(self.to_be_bytes::<32>());
-    }
-}
-
-impl Hashable for chrono::Duration {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        hasher.update(self.num_seconds().to_be_bytes());
-    }
-}
-
-impl Hashable for chrono::DateTime<chrono::Utc> {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        hasher.update(self.timestamp_millis().to_be_bytes());
-    }
-}

server/crates/arbiter-server/src/evm/policies.rs

@@ -127,19 +127,19 @@ pub enum SpecificMeaning {
     TokenTransfer(token_transfers::Meaning),
 }
 
-#[derive(Clone, Debug, PartialEq, Eq, Hash, PartialOrd, Ord)]
+#[derive(Clone, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, arbiter_macros::Hashable)]
 pub struct TransactionRateLimit {
     pub count: u32,
     pub window: Duration,
 }
 
-#[derive(Clone, Debug, PartialEq, Eq, Hash, PartialOrd, Ord)]
+#[derive(Clone, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, arbiter_macros::Hashable)]
 pub struct VolumeRateLimit {
     pub max_volume: U256,
     pub window: Duration,
 }
 
-#[derive(Clone, Debug, PartialEq, Eq, Hash)]
+#[derive(Clone, Debug, PartialEq, Eq, Hash, arbiter_macros::Hashable)]
 pub struct SharedGrantSettings {
     pub wallet_access_id: i32,
     pub chain: ChainId,
@@ -200,7 +200,7 @@ pub enum SpecificGrant {
     TokenTransfer(token_transfers::Settings),
 }
 
-#[derive(Debug)]
+#[derive(Debug, arbiter_macros::Hashable)]
 pub struct CombinedSettings<PolicyGrant> {
     pub shared: SharedGrantSettings,
     pub specific: PolicyGrant,
@@ -219,38 +219,3 @@ impl<P: Integrable> Integrable for CombinedSettings<P> {
     const KIND: &'static str = P::KIND;
     const VERSION: i32 = P::VERSION;
 }
-
-use crate::crypto::integrity::hashing::Hashable;
-
-impl Hashable for TransactionRateLimit {
-    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
-        self.count.hash(hasher);
-        self.window.hash(hasher);
-    }
-}
-
-impl Hashable for VolumeRateLimit {
-    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
-        self.max_volume.hash(hasher);
-        self.window.hash(hasher);
-    }
-}
-
-impl Hashable for SharedGrantSettings {
-    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
-        self.wallet_access_id.hash(hasher);
-        self.chain.hash(hasher);
-        self.valid_from.hash(hasher);
-        self.valid_until.hash(hasher);
-        self.max_gas_fee_per_gas.hash(hasher);
-        self.max_priority_fee_per_gas.hash(hasher);
-        self.rate_limit.hash(hasher);
-    }
-}
-
-impl<P: Hashable> Hashable for CombinedSettings<P> {
-    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
-        self.shared.hash(hasher);
-        self.specific.hash(hasher);
-    }
-}

server/crates/arbiter-server/src/evm/policies/ether_transfer/mod.rs

@@ -52,7 +52,7 @@ impl From<Meaning> for SpecificMeaning {
 }
 
 // A grant for ether transfers, which can be scoped to specific target addresses and volume limits
-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, arbiter_macros::Hashable)]
 pub struct Settings {
     pub target: Vec<Address>,
     pub limit: VolumeRateLimit,
@@ -61,15 +61,6 @@ impl Integrable for Settings {
     const KIND: &'static str = "EtherTransfer";
 }
 
-use crate::crypto::integrity::hashing::Hashable;
-
-impl Hashable for Settings {
-    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
-        self.target.hash(hasher);
-        self.limit.hash(hasher);
-    }
-}
-
 impl From<Settings> for SpecificGrant {
     fn from(val: Settings) -> SpecificGrant {
         SpecificGrant::EtherTransfer(val)

server/crates/arbiter-server/src/evm/policies/ether_transfer/tests.rs

@@ -340,7 +340,7 @@ proptest::proptest! {
     ) {
         use rand::{SeedableRng, seq::SliceRandom};
         use sha2::Digest;
-        use crate::crypto::integrity::hashing::Hashable;
+        use arbiter_crypto::hashing::Hashable;
 
         let addrs: Vec<Address> = raw_addrs.iter().map(|b| Address::from(*b)).collect();
         let mut shuffled = addrs.clone();

server/crates/arbiter-server/src/evm/policies/token_transfers/mod.rs

@@ -62,7 +62,7 @@ impl From<Meaning> for SpecificMeaning {
 }
 
 // A grant for token transfers, which can be scoped to specific target addresses and volume limits
-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, arbiter_macros::Hashable)]
 pub struct Settings {
     pub token_contract: Address,
     pub target: Option<Address>,
@@ -72,16 +72,6 @@ impl Integrable for Settings {
     const KIND: &'static str = "TokenTransfer";
 }
 
-use crate::crypto::integrity::hashing::Hashable;
-
-impl Hashable for Settings {
-    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
-        self.token_contract.hash(hasher);
-        self.target.hash(hasher);
-        self.volume_limits.hash(hasher);
-    }
-}
-
 impl From<Settings> for SpecificGrant {
     fn from(val: Settings) -> SpecificGrant {
         SpecificGrant::TokenTransfer(val)

server/crates/arbiter-server/src/evm/policies/token_transfers/tests.rs

@@ -419,7 +419,7 @@ proptest::proptest! {
     ) {
         use rand::{SeedableRng, seq::SliceRandom};
         use sha2::Digest;
-        use crate::crypto::integrity::hashing::Hashable;
+        use arbiter_crypto::hashing::Hashable;
 
         let limits: Vec<VolumeRateLimit> = raw_limits
             .iter()