Make private key and public key lazy static variables

Cargo.lock

@@ -1121,6 +1121,7 @@ dependencies = [
  "hex",
  "hmac",
  "http",
+ "lazy_static",
  "r2d2",
  "r2d2_sqlite",
  "regex",

Cargo.toml

@@ -10,6 +10,7 @@ curve25519-parser = "0.2"
 hex = "0.4"
 hmac = "0.10"
 http = "0.2"
+lazy_static = "1.4"
 regex = "1.4"
 rusqlite = "0.24"
 r2d2_sqlite = "0.17"

src/crypto.rs

@@ -17,7 +17,7 @@ type HmacSha256 = Hmac<Sha256>;
 
 const IV_SIZE: usize = 12;
 
-pub async fn get_x25519_symmetric_key(public_key: Vec<u8>, private_key: x25519_dalek::StaticSecret) -> Result<Vec<u8>, warp::reject::Rejection> {
+pub async fn get_x25519_symmetric_key(public_key: Vec<u8>, private_key: &x25519_dalek::StaticSecret) -> Result<Vec<u8>, warp::reject::Rejection> {
     if public_key.len() != 32 {
         println!("Couldn't create symmetric key using public key of invalid length: {}.", hex::encode(public_key));
         return Err(warp::reject::custom(Error::DecryptionFailed)); 

src/main.rs

@@ -9,7 +9,7 @@ mod storage;
 
 #[tokio::main]
 async fn main() {
-    let public_key = hex::encode(onion_requests::get_public_key().as_bytes());
+    let public_key = hex::encode(onion_requests::PUBLIC_KEY.as_bytes());
     println!("The public key of this server is: {}", public_key);
     let pool = storage::pool();
     let conn = storage::conn(&pool).unwrap();

src/onion_requests.rs

@@ -20,6 +20,19 @@ struct OnionRequestPayloadMetadata {
     pub ephemeral_key: String
 }
 
+lazy_static::lazy_static! {
+
+    pub static ref PRIVATE_KEY: x25519_dalek::StaticSecret = {
+        let bytes = include_bytes!("../x25519_private_key.pem");
+        return curve25519_parser::parse_openssl_25519_privkey(bytes).unwrap();
+    };
+
+    pub static ref PUBLIC_KEY: x25519_dalek::PublicKey = {
+        let bytes = include_bytes!("../x25519_public_key.pem");
+        return curve25519_parser::parse_openssl_25519_pubkey(bytes).unwrap();
+    };
+}
+
 pub async fn handle_onion_request(blob: warp::hyper::body::Bytes, pool: storage::DatabaseConnectionPool) -> Result<impl warp::Reply, Rejection> {
     let payload = parse_onion_request_payload(blob).await?;
     let plaintext = decrypt_onion_request_payload(payload).await?;
@@ -79,25 +92,13 @@ async fn parse_onion_request_payload(blob: warp::hyper::body::Bytes) -> Result<O
 
 async fn decrypt_onion_request_payload(payload: OnionRequestPayload) -> Result<Vec<u8>, Rejection> {
     let ephemeral_key = hex::decode(payload.metadata.ephemeral_key).unwrap(); // Safe because it was validated in the parsing step
-    let symmetric_key = crypto::get_x25519_symmetric_key(ephemeral_key, get_private_key()).await?;
+    let symmetric_key = crypto::get_x25519_symmetric_key(ephemeral_key, &PRIVATE_KEY).await?;
     let plaintext = crypto::decrypt_aes_gcm(payload.ciphertext, symmetric_key).await?;
     return Ok(plaintext);
 }
 
 // Utilities
 
-// FIXME: get_private_key() and get_public_key() should be lazy static variables
-
-fn get_private_key() -> x25519_dalek::StaticSecret {
-    let bytes = include_bytes!("../x25519_private_key.pem");
-    return curve25519_parser::parse_openssl_25519_privkey(bytes).unwrap();
-}
-
-pub fn get_public_key() -> x25519_dalek::PublicKey {
-    let bytes = include_bytes!("../x25519_public_key.pem");
-    return curve25519_parser::parse_openssl_25519_pubkey(bytes).unwrap();
-}
-
 fn as_le_u32(array: &[u8; 4]) -> u32 {
     ((array[0] as u32) << 00) +
     ((array[1] as u32) << 08) +