reachable_secrets/
storage.rs

1// SPDX-FileCopyrightText: 2025 eaon <eaon@posteo.net>
2// SPDX-License-Identifier: EUPL-1.2
3
4use reach_core::{
5    communication::secrets::{AllReachableVerifyingKeys, Hello, SecretsCommunication, SecretsOk},
6    storage::Storable,
7};
8
9use crate::{
10    error::Error,
11    server::{
12        SecretsGlobalContext, SecretsRequest, SecretsSessionContext, populate_verifying_keys,
13        request_handler, verifying_keys_index,
14    },
15};
16
17pub mod db {
18    use redb::{MultimapTableDefinition, TableDefinition};
19
20    use reach_aliases::SixFour;
21    use reach_core::storage::{GenericVault, db};
22
23    pub type LockedReachableSecretKeys = db::Prost<GenericVault, 3669>;
24
25    pub const REACHABLE_PUBLIC_KEYS_POOL: MultimapTableDefinition<
26        '_,
27        SixFour,
28        db::ReachablePublicKeys,
29    > = MultimapTableDefinition::new("reachable_public_keys_pool");
30    pub const REACHABLE_SECRET_KEYS: TableDefinition<
31        '_,
32        db::ReachablePublicKeys,
33        LockedReachableSecretKeys,
34    > = TableDefinition::new("reachable_secret_keys");
35    pub const SHARED_SECRET_KEYS: TableDefinition<'_, db::SharedPublicKeys, db::GenericVault> =
36        TableDefinition::new("shared_secret_keys");
37}
38
39request_handler!(
40    async fn handle(
41        _request: Hello,
42        global_context: _,
43        _session_context: _,
44    ) -> Result<SecretsOk, Error> {
45        let data_path = |p| global_context.data_path(p);
46
47        let paths = [
48            data_path("key-vault.rkv"),
49            data_path("signing-keys-vault.rskv"),
50            data_path("salts.slt"),
51            data_path("attestant-verifying-keys.ravk"),
52        ];
53
54        paths
55            .iter()
56            .all(|p| p.exists())
57            .then_some(SecretsOk)
58            .ok_or(Error::Uninitialized)
59    }
60);
61
62request_handler!(
63    async fn handle(
64        request: AllReachableVerifyingKeys,
65        global_context: _,
66        session_context: _,
67    ) -> Result<SecretsOk, Error> {
68        let idx = {
69            let ctx = session_context.read().await;
70
71            let signing_keys = ctx.signing_keys_or(Error::Uninitialized)?;
72            request
73                .inner
74                .store(&global_context.data_path("all-verifying-keys.rarvk"))?;
75
76            verifying_keys_index(signing_keys, &request.reachable_verifying_keys)?
77        };
78
79        {
80            let mut ctx = session_context.write().await;
81            populate_verifying_keys(&mut ctx, &request.reachable_verifying_keys, idx);
82        }
83
84        Ok(SecretsOk)
85    }
86);
reachable_secrets/storage.rs

reachable_secrets/
storage.rs
