merge: refactor-integrity-check into main

server/crates/arbiter-server/src/crypto/integrity/v1.rs

@@ -1,4 +1,3 @@
-use crate::actors::keyholder;
 use arbiter_crypto::hashing::Hashable;
 use hmac::Hmac;
 use sha2::Sha256;
@@ -9,7 +8,7 @@ use kameo::{actor::ActorRef, error::SendError};
 use sha2::Digest as _;
 
 use crate::{
-    actors::keyholder::{KeyHolder, SignIntegrity, VerifyIntegrity},
+    actors::vault::{self, GetState, SignIntegrity, Vault, VerifyIntegrity},
     db::{
         self,
         models::{IntegrityEnvelope, NewIntegrityEnvelope},
@@ -22,11 +21,11 @@ pub enum Error {
     #[error("Database error: {0}")]
     Database(#[from] db::DatabaseError),
 
-    #[error("KeyHolder error: {0}")]
-    Keyholder(#[from] keyholder::Error),
+    #[error("Vault error: {0}")]
+    Vault(#[from] vault::Error),
 
-    #[error("KeyHolder mailbox error")]
-    KeyholderSend,
+    #[error("Vault mailbox error")]
+    VaultSend,
 
     #[error("Integrity envelope is missing for entity {entity_kind}")]
     MissingEnvelope { entity_kind: &'static str },
@@ -103,7 +102,7 @@ impl IntoId for &'_ [u8] {
 
 pub async fn sign_entity<E: Integrable>(
     conn: &mut impl AsyncConnection<Backend = Sqlite>,
-    keyholder: &ActorRef<KeyHolder>,
+    vault: &ActorRef<Vault>,
     entity: &E,
     entity_id: impl IntoId,
 ) -> Result<(), Error> {
@@ -113,13 +112,14 @@ pub async fn sign_entity<E: Integrable>(
 
     let mac_input = build_mac_input(E::KIND, &entity_id, E::VERSION, &payload_hash);
 
-    let (key_version, mac) = keyholder
-        .ask(SignIntegrity { mac_input })
-        .await
-        .map_err(|err| match err {
-            kameo::error::SendError::HandlerError(inner) => Error::Keyholder(inner),
-            _ => Error::KeyholderSend,
-        })?;
+    let (key_version, mac) =
+        vault
+            .ask(SignIntegrity { mac_input })
+            .await
+            .map_err(|err| match err {
+                kameo::error::SendError::HandlerError(inner) => Error::Vault(inner),
+                _ => Error::VaultSend,
+            })?;
 
     insert_into(integrity_envelope::table)
         .values(NewIntegrityEnvelope {
@@ -148,7 +148,7 @@ pub async fn sign_entity<E: Integrable>(
 
 pub async fn verify_entity<E: Integrable>(
     conn: &mut impl AsyncConnection<Backend = Sqlite>,
-    keyholder: &ActorRef<KeyHolder>,
+    vault: &ActorRef<Vault>,
     entity: &E,
     entity_id: impl IntoId,
 ) -> Result<AttestationStatus, Error> {
@@ -176,7 +176,7 @@ pub async fn verify_entity<E: Integrable>(
     let payload_hash = payload_hash(&entity);
     let mac_input = build_mac_input(E::KIND, &entity_id, envelope.payload_version, &payload_hash);
 
-    let result = keyholder
+    let result = vault
         .ask(VerifyIntegrity {
             mac_input,
             expected_mac: envelope.mac,
@@ -189,13 +189,16 @@ pub async fn verify_entity<E: Integrable>(
         Ok(false) => Err(Error::MacMismatch {
             entity_kind: E::KIND,
         }),
-        Err(SendError::HandlerError(keyholder::Error::NotBootstrapped)) => {
-            Ok(AttestationStatus::Unavailable)
-        }
-        Err(_) => Err(Error::KeyholderSend),
+        Err(SendError::HandlerError(vault::Error::Sealed)) => Ok(AttestationStatus::Unavailable),
+        Err(_) => Err(Error::VaultSend),
     }
 }
 
+pub async fn is_signing_available(vault: &ActorRef<Vault>) -> Result<bool, Error> {
+    let state = vault.ask(GetState).await.map_err(|_| Error::VaultSend)?;
+    Ok(matches!(state, vault::VaultState::Unsealed))
+}
+
 #[cfg(test)]
 mod tests {
     use diesel::{ExpressionMethods as _, QueryDsl};
@@ -203,7 +206,10 @@ mod tests {
     use kameo::{actor::ActorRef, prelude::Spawn};
 
     use crate::{
-        actors::keyholder::{Bootstrap, KeyHolder},
+        actors::{
+            GlobalActors,
+            vault::{Bootstrap, Vault},
+        },
         db::{self, schema},
     };
     use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
@@ -218,8 +224,12 @@ mod tests {
         const KIND: &'static str = "dummy_entity";
     }
 
-    async fn bootstrapped_keyholder(db: &db::DatabasePool) -> ActorRef<KeyHolder> {
-        let actor = KeyHolder::spawn(KeyHolder::new(db.clone()).await.unwrap());
+    async fn bootstrapped_vault(db: &db::DatabasePool) -> ActorRef<Vault> {
+        let actor = Vault::spawn(
+            Vault::new(db.clone(), GlobalActors::spawn_message_bus())
+                .await
+                .unwrap(),
+        );
         actor
             .ask(Bootstrap {
                 seal_key_raw: SafeCell::new(b"integrity-test-seal-key".to_vec()),
@@ -232,7 +242,7 @@ mod tests {
     #[tokio::test]
     async fn sign_writes_envelope_and_verify_passes() {
         let db = db::create_test_pool().await;
-        let keyholder = bootstrapped_keyholder(&db).await;
+        let vault = bootstrapped_vault(&db).await;
         let mut conn = db.get().await.unwrap();
 
         const ENTITY_ID: &[u8] = b"entity-id-7";
@@ -242,7 +252,7 @@ mod tests {
             payload: b"payload-v1".to_vec(),
         };
 
-        sign_entity(&mut conn, &keyholder, &entity, ENTITY_ID)
+        sign_entity(&mut conn, &vault, &entity, ENTITY_ID)
             .await
             .unwrap();
 
@@ -255,7 +265,7 @@ mod tests {
             .unwrap();
 
         assert_eq!(count, 1, "envelope row must be created exactly once");
-        verify_entity(&mut conn, &keyholder, &entity, ENTITY_ID)
+        verify_entity(&mut conn, &vault, &entity, ENTITY_ID)
             .await
             .unwrap();
     }
@@ -263,7 +273,7 @@ mod tests {
     #[tokio::test]
     async fn tampered_mac_fails_verification() {
         let db = db::create_test_pool().await;
-        let keyholder = bootstrapped_keyholder(&db).await;
+        let vault = bootstrapped_vault(&db).await;
         let mut conn = db.get().await.unwrap();
 
         const ENTITY_ID: &[u8] = b"entity-id-11";
@@ -273,7 +283,7 @@ mod tests {
             payload: b"payload-v1".to_vec(),
         };
 
-        sign_entity(&mut conn, &keyholder, &entity, ENTITY_ID)
+        sign_entity(&mut conn, &vault, &entity, ENTITY_ID)
             .await
             .unwrap();
 
@@ -285,7 +295,7 @@ mod tests {
             .await
             .unwrap();
 
-        let err = verify_entity(&mut conn, &keyholder, &entity, ENTITY_ID)
+        let err = verify_entity(&mut conn, &vault, &entity, ENTITY_ID)
             .await
             .unwrap_err();
         assert!(matches!(err, Error::MacMismatch { .. }));
@@ -294,7 +304,7 @@ mod tests {
     #[tokio::test]
     async fn changed_payload_fails_verification() {
         let db = db::create_test_pool().await;
-        let keyholder = bootstrapped_keyholder(&db).await;
+        let vault = bootstrapped_vault(&db).await;
         let mut conn = db.get().await.unwrap();
 
         const ENTITY_ID: &[u8] = b"entity-id-21";
@@ -304,7 +314,7 @@ mod tests {
             payload: b"payload-v1".to_vec(),
         };
 
-        sign_entity(&mut conn, &keyholder, &entity, ENTITY_ID)
+        sign_entity(&mut conn, &vault, &entity, ENTITY_ID)
             .await
             .unwrap();
 
@@ -313,7 +323,7 @@ mod tests {
             ..entity
         };
 
-        let err = verify_entity(&mut conn, &keyholder, &tampered, ENTITY_ID)
+        let err = verify_entity(&mut conn, &vault, &tampered, ENTITY_ID)
             .await
             .unwrap_err();
         assert!(matches!(err, Error::MacMismatch { .. }));