refactor(server): moved shared module crypto into arbiter-crypto

2026-04-07 15:41:50 +02:00
parent a845181ef6
commit d22ab49e3d
40 changed files with 319 additions and 209 deletions
--- a/server/crates/arbiter-server/src/actors/client/auth.rs
+++ b/server/crates/arbiter-server/src/actors/client/auth.rs
@@ -1,5 +1,6 @@
+use arbiter_crypto::authn::{self, CLIENT_CONTEXT};
 use arbiter_proto::{
-    CLIENT_CONTEXT, ClientMetadata,
+    ClientMetadata,
    transport::{Bi, expect_message},
 };
 use chrono::Utc;
@@ -17,7 +18,6 @@ use crate::{
        flow_coordinator::{self, RequestClientApproval},
        keyholder::KeyHolder,
    },
-    crypto::authn,
    crypto::integrity::{self, AttestationStatus},
    db::{
        self,
@@ -26,8 +26,6 @@ use crate::{
    },
 };

-
-
 #[derive(thiserror::Error, Debug, Clone, PartialEq, Eq)]
 pub enum Error {
    #[error("Database pool unavailable")]
@@ -355,7 +353,10 @@ where
    T: Bi<Inbound, Result<Outbound, Error>> + ?Sized,
 {
    transport
-        .send(Ok(Outbound::AuthChallenge { pubkey: pubkey.clone(), nonce }))
+        .send(Ok(Outbound::AuthChallenge {
+            pubkey: pubkey.clone(),
+            nonce,
+        }))
        .await
        .map_err(|e| {
            error!(error = ?e, "Failed to send auth challenge");
--- a/server/crates/arbiter-server/src/actors/client/mod.rs
+++ b/server/crates/arbiter-server/src/actors/client/mod.rs
@@ -1,10 +1,10 @@
+use arbiter_crypto::authn;
 use arbiter_proto::{ClientMetadata, transport::Bi};
 use kameo::actor::Spawn;
 use tracing::{error, info};

 use crate::{
    actors::{GlobalActors, client::session::ClientSession},
-    crypto::authn,
    crypto::integrity::{Integrable, hashing::Hashable},
    db,
 };
@@ -50,10 +50,7 @@ where
    T: Bi<auth::Inbound, Result<auth::Outbound, auth::Error>> + Send + ?Sized,
 {
    let fut = auth::authenticate(&mut props, transport);
-    println!(
-        "authenticate future size: {}",
-        std::mem::size_of_val(&fut)
-    );
+    println!("authenticate future size: {}", std::mem::size_of_val(&fut));
    match fut.await {
        Ok(client_id) => {
            ClientSession::spawn(ClientSession::new(props, client_id));
--- a/server/crates/arbiter-server/src/actors/evm/mod.rs
+++ b/server/crates/arbiter-server/src/actors/evm/mod.rs
@@ -21,8 +21,9 @@ use crate::{
            ether_transfer::EtherTransfer, token_transfers::TokenTransfer,
        },
    },
-    safe_cell::{SafeCell, SafeCellHandle as _},
+   
 };
+use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};

 pub use crate::evm::safe_signer;

--- a/server/crates/arbiter-server/src/actors/keyholder/mod.rs
+++ b/server/crates/arbiter-server/src/actors/keyholder/mod.rs
@@ -15,7 +15,6 @@ use crate::{
        encryption::v1::{self, Nonce},
        integrity::v1::HmacSha256,
    },
-    safe_cell::SafeCell,
 };
 use crate::{
    db::{
@@ -23,8 +22,8 @@ use crate::{
        models::{self, RootKeyHistory},
        schema::{self},
    },
-    safe_cell::SafeCellHandle as _,
 };
+use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};

 #[derive(Default, EnumDiscriminants)]
 #[strum_discriminants(derive(Reply), vis(pub), name(KeyHolderState))]
@@ -402,8 +401,8 @@ mod tests {

    use crate::{
        db::{self},
-        safe_cell::SafeCell,
    };
+    use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};

    use super::*;

--- a/server/crates/arbiter-server/src/actors/user_agent/auth.rs
+++ b/server/crates/arbiter-server/src/actors/user_agent/auth.rs
@@ -1,3 +1,4 @@
+use arbiter_crypto::authn;
 use arbiter_proto::transport::Bi;
 use tracing::error;

@@ -5,8 +6,6 @@ use crate::actors::user_agent::{
    UserAgentConnection,
    auth::state::{AuthContext, AuthStateMachine},
 };
-use crate::crypto::authn;
-
 mod state;
 use state::*;

--- a/server/crates/arbiter-server/src/actors/user_agent/auth/state.rs
+++ b/server/crates/arbiter-server/src/actors/user_agent/auth/state.rs
@@ -1,4 +1,5 @@
-use arbiter_proto::{USERAGENT_CONTEXT, transport::Bi};
+use arbiter_crypto::authn::{self, USERAGENT_CONTEXT};
+use arbiter_proto::{transport::Bi};
 use diesel::{ExpressionMethods as _, OptionalExtension as _, QueryDsl, update};
 use diesel_async::{AsyncConnection, RunQueryDsl};
 use kameo::actor::ActorRef;
@@ -11,7 +12,6 @@ use crate::{
        keyholder::KeyHolder,
        user_agent::{UserAgentConnection, UserAgentCredentials, auth::Outbound},
    },
-    crypto::authn,
    crypto::integrity,
    db::{DatabasePool, schema::useragent_client},
 };
--- a/server/crates/arbiter-server/src/actors/user_agent/mod.rs
+++ b/server/crates/arbiter-server/src/actors/user_agent/mod.rs
@@ -1,9 +1,10 @@
 use crate::{
    actors::{GlobalActors, client::ClientProfile},
-    crypto::authn,
    crypto::integrity::Integrable,
    db,
 };
+use arbiter_crypto::authn;
+

 #[derive(Debug)]
 pub struct UserAgentCredentials {
--- a/server/crates/arbiter-server/src/actors/user_agent/session.rs
+++ b/server/crates/arbiter-server/src/actors/user_agent/session.rs
@@ -1,3 +1,5 @@
+use arbiter_crypto::authn;
+
 use std::{borrow::Cow, collections::HashMap};

 use arbiter_proto::transport::Sender;
@@ -11,8 +13,6 @@ use crate::actors::{
    flow_coordinator::{RegisterUserAgent, client_connect_approval::ClientApprovalController},
    user_agent::{OutOfBand, UserAgentConnection},
 };
-use crate::crypto::authn;
-
 mod state;
 use state::{DummyContext, UserAgentEvents, UserAgentStateMachine};

@@ -119,14 +119,13 @@ impl UserAgentSession {
            return;
        }

-        self.pending_client_approvals
-            .insert(
-                client.pubkey.to_bytes(),
-                PendingClientApproval {
-                    pubkey: client.pubkey,
-                    controller,
-                },
-            );
+        self.pending_client_approvals.insert(
+            client.pubkey.to_bytes(),
+            PendingClientApproval {
+                pubkey: client.pubkey,
+                controller,
+            },
+        );
    }
 }

--- a/server/crates/arbiter-server/src/actors/user_agent/session/connection.rs
+++ b/server/crates/arbiter-server/src/actors/user_agent/session/connection.rs
@@ -1,6 +1,7 @@
 use std::sync::Mutex;

 use alloy::{consensus::TxEip1559, primitives::Address, signers::Signature};
+use arbiter_crypto::{authn, safecell::{SafeCell, SafeCellHandle as _}};
 use chacha20poly1305::{AeadInPlace, XChaCha20Poly1305, XNonce, aead::KeyInit};
 use diesel::{ExpressionMethods as _, QueryDsl as _, SelectableHelper};
 use diesel_async::{AsyncConnection, RunQueryDsl};
@@ -13,12 +14,10 @@ use x25519_dalek::{EphemeralSecret, PublicKey};
 use crate::actors::flow_coordinator::client_connect_approval::ClientApprovalAnswer;
 use crate::actors::keyholder::KeyHolderState;
 use crate::actors::user_agent::session::Error;
-use crate::crypto::authn;
 use crate::db::models::{
    EvmWalletAccess, NewEvmWalletAccess, ProgramClient, ProgramClientMetadata,
 };
 use crate::evm::policies::{Grant, SpecificGrant};
-use crate::safe_cell::SafeCell;
 use crate::{
    actors::{
        evm::{
@@ -31,7 +30,6 @@ use crate::{
            state::{UnsealContext, UserAgentEvents, UserAgentStates},
        },
    },
-    safe_cell::SafeCellHandle as _,
 };

 impl UserAgentSession {
@@ -477,10 +475,7 @@ impl UserAgentSession {
        pubkey: authn::PublicKey,
        ctx: &mut Context<Self, Result<(), Error>>,
    ) -> Result<(), Error> {
-        let pending_approval = match self
-            .pending_client_approvals
-            .remove(&pubkey.to_bytes())
-        {
+        let pending_approval = match self.pending_client_approvals.remove(&pubkey.to_bytes()) {
            Some(approval) => approval,
            None => {
                error!("Received client connection response for unknown client");