Skip to content

Commit

Permalink
fix: get rid of move and unnecessary cloning
Browse files Browse the repository at this point in the history
  • Loading branch information
@bittermandel
bittermandel committed Oct 10, 2024
1 parent c73cf4c commit 7df4584
Show file tree
Hide file tree
Showing 4 changed files with 71 additions and 87 deletions.
14 changes: 7 additions & 7 deletions crates/valv/src/api/server.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,8 @@ impl MasterKeyManagementService for API {
let key = self
.valv
.create_key(
request.get_ref().keyring_name.clone(),
request.get_ref().master_key_id.clone(),
&request.get_ref().keyring_name,
&request.get_ref().master_key_id,
)
.await;

Expand Down Expand Up @@ -101,8 +101,8 @@ impl MasterKeyManagementService for API {
let encrypted_value = self
.valv
.encrypt(
request.get_ref().keyring_name.clone(),
request.get_ref().master_key_id.clone(),
&request.get_ref().keyring_name,
&request.get_ref().master_key_id,
request.get_ref().plaintext.clone().to_vec(),
)
.await;
Expand Down Expand Up @@ -133,9 +133,9 @@ impl MasterKeyManagementService for API {
let decrypted_result = self
.valv
.decrypt(
request.get_ref().keyring_name.clone(),
request.get_ref().master_key_id.clone(),
request.get_ref().ciphertext.clone().to_vec(),
&request.get_ref().keyring_name,
&request.get_ref().master_key_id,
request.get_ref().ciphertext.to_vec(),
)
.await;
match decrypted_result {
Expand Down
128 changes: 56 additions & 72 deletions crates/valv/src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@ pub mod valv {
}

#[derive(Clone, Serialize, Deserialize, PartialEq)]
pub struct CryptoKey {
pub name: String,
pub struct CryptoKey<'a> {
pub name: &'a str,
pub encrypted_value: Vec<u8>,
}

Expand All @@ -32,8 +32,8 @@ pub struct CryptoKeyVersion {
pub wrapped_key: Vec<u8>,
}

pub struct KeyMaterial {
pub name: String,
pub struct KeyMaterial<'a> {
pub name: &'a str,
pub decrypted_key: [u8; 32],
pub iv: [u8; 12],
}
Expand All @@ -42,27 +42,27 @@ pub struct KeyMaterial {
pub trait ValvAPI: Send + Sync {
// TODO: Separate get_key into get_key_metadata and get_key_with_primary_version

async fn create_key(&self, tenant: String, name: String) -> Result<internal::Key>;
async fn get_key(&self, tenant: String, name: String) -> Result<Option<internal::Key>>;
async fn list_keys(&self, tenant: String) -> Result<Option<Vec<internal::Key>>>;
async fn update_key(&self, tenant: String, key: internal::Key) -> Result<internal::Key>;
async fn create_key(&self, tenant: &str, name: &str) -> Result<internal::Key>;
async fn get_key(&self, tenant: &str, name: &str) -> Result<Option<internal::Key>>;
async fn list_keys(&self, tenant: &str) -> Result<Option<Vec<internal::Key>>>;
async fn update_key(&self, tenant: &str, key: internal::Key) -> Result<internal::Key>;

async fn get_key_version(
&self,
tenant: String,
key_name: String,
tenant: &str,
key_name: &str,
version_id: u32,
) -> Result<Option<internal::KeyVersion>>;
async fn encrypt(
&self,
tenant: String,
key_name: String,
tenant: &str,
key_name: &str,
plaintext: Vec<u8>,
) -> Result<Vec<u8>>;
async fn decrypt(
&self,
tenant: String,
key_name: String,
tenant: &str,
key_name: &str,
ciphertext: Vec<u8>,
) -> Result<Vec<u8>>;
}
Expand All @@ -87,19 +87,16 @@ impl Valv {

#[async_trait::async_trait]
impl ValvAPI for Valv {
async fn get_key(&self, tenant: String, key_name: String) -> Result<Option<internal::Key>> {
async fn get_key(&self, tenant: &str, key_name: &str) -> Result<Option<internal::Key>> {
let trx_result = self
.db
.database
.run(|trx, _| {
let trx = trx;
let tenant = tenant.clone();
let key_name = key_name.clone();

async move {
async {
let trx = trx;
let key = self
.db
.get_key_metadata(&trx, tenant.as_str(), key_name.as_str())
.get_key_metadata(&trx, tenant, key_name)
.await?;

Ok(key)
Expand All @@ -118,16 +115,17 @@ impl ValvAPI for Valv {
}
}

async fn list_keys(&self, tenant: String) -> Result<Option<Vec<internal::Key>>> {
async fn list_keys(&self, tenant: &str) -> Result<Option<Vec<internal::Key>>> {
let trx_result = self
.db
.database
.run(|trx, _| {
let trx = trx;
let tenant = tenant.clone();

async move {
let keys = self.db.list_key_metadata(&trx, tenant.as_str()).await?;
async {
let trx = trx;
let keys = self.db.list_key_metadata(&trx, tenant).await?;

Ok(Some(keys))
}
Expand All @@ -145,7 +143,7 @@ impl ValvAPI for Valv {
}
}

async fn create_key(&self, tenant: String, name: String) -> Result<internal::Key> {
async fn create_key(&self, tenant: &str, name: &str) -> Result<internal::Key> {
let mut iv = [0; 12];
let mut key = [0; 32];
let mut tag = [0; 16];
Expand All @@ -169,7 +167,7 @@ impl ValvAPI for Valv {
encrypted_result.extend_from_slice(&tag);

let key = internal::Key {
key_id: name.clone(),
key_id: name.to_string(),
primary_version_id: 1,
purpose: "ENCRYPT_DECRYPT".to_string(),
creation_time: Some(prost_types::Timestamp {
Expand All @@ -183,7 +181,7 @@ impl ValvAPI for Valv {
};

let key_version = internal::KeyVersion {
key_id: name.clone(),
key_id: name.to_string(),
key_material: encrypted_result.to_vec().into(),
state: internal::KeyVersionState::Enabled as i32,
version: 1,
Expand All @@ -198,18 +196,14 @@ impl ValvAPI for Valv {
.db
.database
.run(|trx, _| {
let trx = trx;
let tenant = tenant.clone();
let key = key.clone();
let key_version = key_version.clone();

async move {
async {
let trx = trx;
self.db
.update_key_metadata(&trx, tenant.as_str(), key.clone())
.update_key_metadata(&trx, tenant, &key)
.await?;

self.db
.append_key_version(&trx, tenant.as_str(), key.clone(), key_version.clone())
.append_key_version(&trx, tenant, &key, &key_version)
.await?;

Ok(())
Expand All @@ -226,18 +220,15 @@ impl ValvAPI for Valv {
}
}

async fn update_key(&self, tenant: String, key: internal::Key) -> Result<internal::Key> {
async fn update_key(&self, tenant: &str, key: internal::Key) -> Result<internal::Key> {
let trx_result = self
.db
.database
.run(|trx, _| {
let trx = trx;
let tenant = tenant.clone();
let key = key.clone();

async move {
async {
let trx = trx;
self.db
.update_key_metadata(&trx, tenant.as_str(), key.clone())
.update_key_metadata(&trx, tenant, &key)
.await?;

Ok(())
Expand All @@ -258,22 +249,19 @@ impl ValvAPI for Valv {

async fn get_key_version(
&self,
tenant: String,
key_name: String,
tenant: &str,
key_name: &str,
version_id: u32,
) -> Result<Option<internal::KeyVersion>> {
let trx_result = self
.db
.database
.run(|trx, _| {
let trx = trx;
let tenant = tenant.clone();
let key_name = key_name.clone();

async move {
async {
let trx = trx;
let key_version = self
.db
.get_key_version(&trx, tenant.as_str(), &key_name, version_id)
.get_key_version(&trx, tenant, &key_name, version_id)
.await?;
Ok(key_version)
}
Expand All @@ -293,41 +281,38 @@ impl ValvAPI for Valv {

async fn encrypt(
&self,
tenant: String,
key_name: String,
tenant: &str,
key_name: &str,
plaintext: Vec<u8>,
) -> Result<Vec<u8>> {
let trx_result = self
.db
.database
.run(|trx, _| {
let trx = trx;
let tenant = tenant.clone();
let key_name = key_name.clone();
let plaintext = plaintext.clone();

async move {
async {
let trx = trx;
let key = self
.db
.get_key_metadata(&trx, tenant.as_str(), &key_name)
.get_key_metadata(&trx, tenant, &key_name)
.await?;

let key = match key {
Some(key) => key,
None => {
return Err(ValvError::KeyNotFound(key_name).into());
return Err(ValvError::KeyNotFound(key_name.to_string()).into());
}
};

let key_version = self
.db
.get_key_version(&trx, tenant.as_str(), &key.key_id, key.primary_version_id)
.get_key_version(&trx, tenant, &key.key_id, key.primary_version_id)
.await?;

let key_version = match key_version {
Some(key_version) => key_version,
None => {
return Err(ValvError::KeyNotFound(key_name).into());
return Err(ValvError::KeyNotFound(key_name.to_string()).into());
}
};

Expand Down Expand Up @@ -397,46 +382,45 @@ impl ValvAPI for Valv {

async fn decrypt(
&self,
tenant: String,
key_name: String,
tenant: &str,
key_name: &str,
ciphertext: Vec<u8>,
) -> Result<Vec<u8>> {
let trx_result = self
.db
.database
.run(|trx, _| {
let trx = trx;
let tenant = tenant.clone();
let key_name = key_name.clone();
let ciphertext = ciphertext.clone();

async move {
async {
let trx = trx;
let key_name = key_name;

let (key_version_id, remainder) = ciphertext.split_at(4);
let (iv, remainder) = remainder.split_at(12);
let (cipher, tag) = remainder.split_at(remainder.len() - 16);

let key = self
.db
.get_key_metadata(&trx, tenant.as_str(), &key_name)
.get_key_metadata(&trx.clone(), tenant, &key_name)
.await?;

let key = match key {
Some(key) => key,
None => {
return Err(ValvError::KeyNotFound(key_name).into());
return Err(ValvError::KeyNotFound(key_name.to_string()).into());
}
};

let key_version_id = std::io::Cursor::new(key_version_id).get_u32();
let key_version = self
.db
.get_key_version(&trx, tenant.as_str(), &key.key_id, key_version_id)
.get_key_version(&trx, tenant, &key.key_id, key_version_id)
.await?;

let key_version = match key_version {
Some(key_version) => key_version,
None => {
return Err(ValvError::KeyNotFound(key_name).into());
return Err(ValvError::KeyNotFound(key_name.to_string()).into());
}
};

Expand Down
8 changes: 4 additions & 4 deletions crates/valv/src/storage/fdb.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ impl ValvStorage for FoundationDB {
&self,
trx: &foundationdb::RetryableTransaction,
tenant: &str,
key: internal::Key,
key: &internal::Key,
) -> Result<()> {
let path = self.get_metadata_fdb_key(trx, tenant, &key.key_id).await?;

Expand Down Expand Up @@ -265,8 +265,8 @@ impl ValvStorage for FoundationDB {
&self,
trx: &foundationdb::RetryableTransaction,
tenant: &str,
key: internal::Key,
key_version: internal::KeyVersion,
key: &internal::Key,
key_version: &internal::KeyVersion,
) -> Result<()> {
let version_key = self
.get_version_fdb_key(trx, tenant, &key.key_id, key_version.version)
Expand All @@ -283,7 +283,7 @@ impl ValvStorage for FoundationDB {
tenant: &str,
key_id: &str,
version_id: u32,
version: internal::KeyVersion,
version: &internal::KeyVersion,
) -> Result<()> {
todo!()
}
Expand Down
Loading

0 comments on commit 7df4584

Please sign in to comment.