fix(store): switch SecretBytes to SecretBytesMut

This is done due to the recent Secrecy breaking changes induced by Bytes 0.5
tokio-rs/bytes#335
iqlusioninc/crates#301

Author: gakonst

crates/interledger-store/Cargo.toml

@@ -21,7 +21,7 @@ path = "tests/redis/redis_tests.rs"
 required-features = ["redis"]
 
 [dependencies]
-bytes = { version = "0.4.12", default-features = false }
+bytes = { version = "0.5", default-features = false }
 futures = { version = "0.3", default-features = false }
 interledger-api = { path = "../interledger-api", version = "^0.3.0", default-features = false }
 interledger-packet = { path = "../interledger-packet", version = "^0.4.0", default-features = false }
@@ -42,8 +42,8 @@ serde_json = { version = "1.0.41", default-features = false }
 tokio = { version = "0.2.6", default-features = false, features = ["macros", "rt-core"] }
 url = { version = "2.1.0", default-features = false, features = ["serde"] }
 http = { version = "0.2", default-features = false }
-secrecy = { version = "0.5.1", default-features = false, features = ["serde", "bytes"] }
-zeroize = { version = "1.0.0", default-features = false, features = ["bytes"] }
+secrecy = { version = "0.6", features = ["serde", "bytes"] }
+zeroize = { version = "1.0.0", default-features = false }
 num-bigint = { version = "0.2.3", default-features = false, features = ["std"]}
 uuid = { version = "0.8.1", default-features = false, features = ["serde"] }
 

crates/interledger-store/src/account.rs

@@ -11,7 +11,7 @@ use interledger_service_util::{
 use interledger_settlement::core::types::{SettlementAccount, SettlementEngineDetails};
 use log::error;
 use ring::aead;
-use secrecy::{ExposeSecret, SecretBytes, SecretString};
+use secrecy::{ExposeSecret, SecretBytesMut, SecretString};
 use serde::Serializer;
 use serde::{Deserialize, Serialize};
 use std::str::{self, FromStr};
@@ -31,14 +31,14 @@ pub struct Account {
     pub(crate) min_balance: Option<i64>,
     pub(crate) ilp_over_http_url: Option<Url>,
     #[serde(serialize_with = "optional_secret_bytes_to_utf8")]
-    pub(crate) ilp_over_http_incoming_token: Option<SecretBytes>,
+    pub(crate) ilp_over_http_incoming_token: Option<SecretBytesMut>,
     #[serde(serialize_with = "optional_secret_bytes_to_utf8")]
-    pub(crate) ilp_over_http_outgoing_token: Option<SecretBytes>,
+    pub(crate) ilp_over_http_outgoing_token: Option<SecretBytesMut>,
     pub(crate) ilp_over_btp_url: Option<Url>,
     #[serde(serialize_with = "optional_secret_bytes_to_utf8")]
-    pub(crate) ilp_over_btp_incoming_token: Option<SecretBytes>,
+    pub(crate) ilp_over_btp_incoming_token: Option<SecretBytesMut>,
     #[serde(serialize_with = "optional_secret_bytes_to_utf8")]
-    pub(crate) ilp_over_btp_outgoing_token: Option<SecretBytes>,
+    pub(crate) ilp_over_btp_outgoing_token: Option<SecretBytesMut>,
     pub(crate) settle_threshold: Option<i64>,
     pub(crate) settle_to: Option<i64>,
     pub(crate) routing_relation: RoutingRelation,
@@ -56,7 +56,7 @@ where
 }
 
 fn optional_secret_bytes_to_utf8<S>(
-    _bytes: &Option<SecretBytes>,
+    _bytes: &Option<SecretBytesMut>,
     serializer: S,
 ) -> Result<S::Ok, S::Error>
 where
@@ -118,17 +118,17 @@ impl Account {
             ilp_over_http_url,
             ilp_over_http_incoming_token: details
                 .ilp_over_http_incoming_token
-                .map(|token| SecretBytes::new(token.expose_secret().to_string())),
+                .map(|token| SecretBytesMut::new(token.expose_secret().as_str())),
             ilp_over_http_outgoing_token: details
                 .ilp_over_http_outgoing_token
-                .map(|token| SecretBytes::new(token.expose_secret().to_string())),
+                .map(|token| SecretBytesMut::new(token.expose_secret().as_str())),
             ilp_over_btp_url,
             ilp_over_btp_incoming_token: details
                 .ilp_over_btp_incoming_token
-                .map(|token| SecretBytes::new(token.expose_secret().to_string())),
+                .map(|token| SecretBytesMut::new(token.expose_secret().as_str())),
             ilp_over_btp_outgoing_token: details
                 .ilp_over_btp_outgoing_token
-                .map(|token| SecretBytes::new(token.expose_secret().to_string())),
+                .map(|token| SecretBytesMut::new(token.expose_secret().as_str())),
             settle_to: details.settle_to,
             settle_threshold: details.settle_threshold,
             routing_relation,
@@ -144,25 +144,25 @@ impl Account {
         encryption_key: &aead::LessSafeKey,
     ) -> AccountWithEncryptedTokens {
         if let Some(ref token) = self.ilp_over_btp_outgoing_token {
-            self.ilp_over_btp_outgoing_token = Some(SecretBytes::from(encrypt_token(
+            self.ilp_over_btp_outgoing_token = Some(SecretBytesMut::from(encrypt_token(
                 encryption_key,
                 &token.expose_secret(),
             )));
         }
         if let Some(ref token) = self.ilp_over_http_outgoing_token {
-            self.ilp_over_http_outgoing_token = Some(SecretBytes::from(encrypt_token(
+            self.ilp_over_http_outgoing_token = Some(SecretBytesMut::from(encrypt_token(
                 encryption_key,
                 &token.expose_secret(),
             )));
         }
         if let Some(ref token) = self.ilp_over_btp_incoming_token {
-            self.ilp_over_btp_incoming_token = Some(SecretBytes::from(encrypt_token(
+            self.ilp_over_btp_incoming_token = Some(SecretBytesMut::from(encrypt_token(
                 encryption_key,
                 &token.expose_secret(),
             )));
         }
         if let Some(ref token) = self.ilp_over_http_incoming_token {
-            self.ilp_over_http_incoming_token = Some(SecretBytes::from(encrypt_token(
+            self.ilp_over_http_incoming_token = Some(SecretBytesMut::from(encrypt_token(
                 encryption_key,
                 &token.expose_secret(),
             )));

crates/interledger-store/src/crypto.rs

@@ -1,4 +1,4 @@
-use bytes::Bytes;
+use bytes::BytesMut;
 use ring::{
     aead, hmac,
     rand::{SecureRandom, SystemRandom},
@@ -8,7 +8,7 @@ const NONCE_LENGTH: usize = 12;
 static ENCRYPTION_KEY_GENERATION_STRING: &[u8] = b"ilp_store_redis_encryption_key";
 
 use core::sync::atomic;
-use secrecy::{DebugSecret, Secret, SecretBytes};
+use secrecy::{DebugSecret, Secret, SecretBytesMut};
 use std::ptr;
 use zeroize::Zeroize;
 
@@ -117,7 +117,7 @@ pub fn generate_keys(server_secret: &[u8]) -> (Secret<EncryptionKey>, Secret<Dec
     (encryption_key, decryption_key)
 }
 
-pub fn encrypt_token(encryption_key: &aead::LessSafeKey, token: &[u8]) -> Bytes {
+pub fn encrypt_token(encryption_key: &aead::LessSafeKey, token: &[u8]) -> BytesMut {
     let mut token = token.to_vec();
 
     let mut nonce: [u8; NONCE_LENGTH] = [0; NONCE_LENGTH];
@@ -129,7 +129,7 @@ pub fn encrypt_token(encryption_key: &aead::LessSafeKey, token: &[u8]) -> Bytes
     match encryption_key.seal_in_place_append_tag(nonce, aead::Aad::from(&[]), &mut token) {
         Ok(_) => {
             token.append(&mut nonce_copy.as_ref().to_vec());
-            Bytes::from(token)
+            BytesMut::from(token.as_slice())
         }
         _ => panic!("Unable to encrypt token"),
     }
@@ -138,7 +138,7 @@ pub fn encrypt_token(encryption_key: &aead::LessSafeKey, token: &[u8]) -> Bytes
 pub fn decrypt_token(
     decryption_key: &aead::LessSafeKey,
     encrypted: &[u8],
-) -> Result<SecretBytes, ()> {
+) -> Result<SecretBytesMut, ()> {
     if encrypted.len() < aead::MAX_TAG_LEN {
         return Err(());
     }
@@ -150,7 +150,7 @@ pub fn decrypt_token(
     let nonce = aead::Nonce::assume_unique_for_key(nonce);
 
     if let Ok(token) = decryption_key.open_in_place(nonce, aead::Aad::empty(), &mut encrypted) {
-        Ok(SecretBytes::new(token.to_vec()))
+        Ok(SecretBytesMut::new(&token[..]))
     } else {
         Err(())
     }

crates/interledger-store/src/redis/mod.rs

@@ -20,7 +20,7 @@ use reconnect::RedisReconnect;
 use super::account::{Account, AccountWithEncryptedTokens};
 use super::crypto::{encrypt_token, generate_keys, DecryptionKey, EncryptionKey};
 use async_trait::async_trait;
-use bytes::Bytes;
+use bytes::{Bytes, BytesMut};
 use futures::channel::mpsc::UnboundedSender;
 use http::StatusCode;
 use interledger_api::{AccountDetails, AccountSettings, EncryptedAccountSettings, NodeStore};
@@ -47,7 +47,7 @@ use redis_crate::{
     self, cmd, from_redis_value, Client, ConnectionInfo, ControlFlow, ErrorKind, FromRedisValue,
     PubSubCommands, RedisError, RedisWrite, Script, ToRedisArgs, Value,
 };
-use secrecy::{ExposeSecret, Secret, SecretBytes};
+use secrecy::{ExposeSecret, Secret, SecretBytesMut};
 use serde::{Deserialize, Serialize};
 use serde_json;
 use std::{
@@ -993,24 +993,28 @@ impl NodeStore for RedisStore {
                     &encryption_key.expose_secret().0,
                     token.expose_secret().as_bytes(),
                 )
+                .freeze()
             }),
             ilp_over_http_incoming_token: settings.ilp_over_http_incoming_token.map(|token| {
                 encrypt_token(
                     &encryption_key.expose_secret().0,
                     token.expose_secret().as_bytes(),
                 )
+                .freeze()
             }),
             ilp_over_btp_outgoing_token: settings.ilp_over_btp_outgoing_token.map(|token| {
                 encrypt_token(
                     &encryption_key.expose_secret().0,
                     token.expose_secret().as_bytes(),
                 )
+                .freeze()
             }),
             ilp_over_http_outgoing_token: settings.ilp_over_http_outgoing_token.map(|token| {
                 encrypt_token(
                     &encryption_key.expose_secret().0,
                     token.expose_secret().as_bytes(),
                 )
+                .freeze()
             }),
         };
 
@@ -2032,23 +2036,23 @@ impl FromRedisValue for AccountWithEncryptedTokens {
                     "ilp_over_http_incoming_token",
                     &hash,
                 )?
-                .map(SecretBytes::from),
+                .map(SecretBytesMut::from),
                 ilp_over_http_outgoing_token: get_bytes_option(
                     "ilp_over_http_outgoing_token",
                     &hash,
                 )?
-                .map(SecretBytes::from),
+                .map(SecretBytesMut::from),
                 ilp_over_btp_url: get_url_option("ilp_over_btp_url", &hash)?,
                 ilp_over_btp_incoming_token: get_bytes_option(
                     "ilp_over_btp_incoming_token",
                     &hash,
                 )?
-                .map(SecretBytes::from),
+                .map(SecretBytesMut::from),
                 ilp_over_btp_outgoing_token: get_bytes_option(
                     "ilp_over_btp_outgoing_token",
                     &hash,
                 )?
-                .map(SecretBytes::from),
+                .map(SecretBytesMut::from),
                 max_packet_amount: get_value("max_packet_amount", &hash)?,
                 min_balance: get_value_option("min_balance", &hash)?,
                 settle_threshold: get_value_option("settle_threshold", &hash)?,
@@ -2089,10 +2093,13 @@ where
     }
 }
 
-fn get_bytes_option(key: &str, map: &HashMap<String, Value>) -> Result<Option<Bytes>, RedisError> {
+fn get_bytes_option(
+    key: &str,
+    map: &HashMap<String, Value>,
+) -> Result<Option<BytesMut>, RedisError> {
     if let Some(ref value) = map.get(key) {
         let vec: Vec<u8> = from_redis_value(value)?;
-        Ok(Some(Bytes::from(vec)))
+        Ok(Some(BytesMut::from(vec.as_slice())))
     } else {
         Ok(None)
     }