Audit public API to take arguments by reference where possible (#1373)

spacebear21 · web-flow · commit a2173c80dd45 · 2026-03-03T14:34:56.000-05:00
diff --git a/payjoin-cli/src/app/v2/ohttp.rs b/payjoin-cli/src/app/v2/ohttp.rs
@@ -85,7 +85,7 @@ async fn fetch_ohttp_keys(
                     payjoin::io::fetch_ohttp_keys_with_cert(
                         selected_relay.as_str(),
                         payjoin_directory.as_str(),
-                        cert_der,
+                        &cert_der,
                     )
                     .await
                 } else {
diff --git a/payjoin-test-utils/src/lib.rs b/payjoin-test-utils/src/lib.rs
@@ -103,7 +103,7 @@ impl TestServices {
         fetch_ohttp_keys_with_cert(
             self.ohttp_relay_url().as_str(),
             self.directory_url().as_str(),
-            self.cert(),
+            &self.cert(),
         )
         .await
     }
diff --git a/payjoin/src/core/hpke.rs b/payjoin/src/core/hpke.rs
@@ -171,7 +171,7 @@ impl<'de> serde::Deserialize<'de> for HpkePublicKey {
 
 /// Message A is sent from the sender to the receiver containing an Original PSBT payload
 pub fn encrypt_message_a(
-    body: Vec<u8>,
+    mut body: Vec<u8>,
     reply_pk: &HpkePublicKey,
     receiver_pk: &HpkePublicKey,
 ) -> Result<Vec<u8>, HpkeError> {
@@ -182,7 +182,6 @@ pub fn encrypt_message_a(
             INFO_A,
             &mut OsRng,
         )?;
-    let mut body = body;
     pad_plaintext(&mut body, PADDED_PLAINTEXT_A_LENGTH)?;
     let mut plaintext = compressed_bytes_from_pubkey(reply_pk).to_vec();
     plaintext.extend(body);
@@ -194,7 +193,7 @@ pub fn encrypt_message_a(
 
 pub fn decrypt_message_a(
     message_a: &[u8],
-    receiver_sk: HpkeSecretKey,
+    receiver_sk: &HpkeSecretKey,
 ) -> Result<(Vec<u8>, HpkePublicKey), HpkeError> {
     use std::io::{Cursor, Read};
 
@@ -247,7 +246,7 @@ pub fn encrypt_message_b(
 pub fn decrypt_message_b(
     message_b: &[u8],
     receiver_pk: HpkePublicKey,
-    sender_sk: HpkeSecretKey,
+    sender_sk: &HpkeSecretKey,
 ) -> Result<Vec<u8>, HpkeError> {
     let enc = message_b.get(..ELLSWIFT_ENCODING_SIZE).ok_or(HpkeError::PayloadTooShort)?;
     let enc = encapped_key_from_ellswift_bytes(enc)?;
@@ -345,7 +344,7 @@ mod test {
         .expect("encryption should work");
         assert_eq!(message_a.len(), PADDED_MESSAGE_BYTES);
 
-        let decrypted = decrypt_message_a(&message_a, receiver_keypair.secret_key().clone())
+        let decrypted = decrypt_message_a(&message_a, receiver_keypair.secret_key())
             .expect("decryption should work");
 
         assert_eq!(decrypted.0.len(), PADDED_PLAINTEXT_A_LENGTH);
@@ -363,28 +362,28 @@ mod test {
         )
         .expect("encryption should work");
 
-        let decrypted = decrypt_message_a(&message_a, receiver_keypair.secret_key().clone())
+        let decrypted = decrypt_message_a(&message_a, receiver_keypair.secret_key())
             .expect("decryption should work");
 
         assert_eq!(decrypted.0.len(), plaintext.len());
         assert_eq!(decrypted, (plaintext.to_vec(), reply_keypair.public_key().clone()));
 
         let unrelated_keypair = HpkeKeyPair::gen_keypair();
         assert_eq!(
-            decrypt_message_a(&message_a, unrelated_keypair.secret_key().clone()),
+            decrypt_message_a(&message_a, unrelated_keypair.secret_key()),
             Err(HpkeError::Hpke(hpke::HpkeError::OpenError))
         );
 
         let mut corrupted_message_a = message_a.clone();
         corrupted_message_a[3] ^= 1; // corrupt dhkem
         assert_eq!(
-            decrypt_message_a(&corrupted_message_a, receiver_keypair.secret_key().clone()),
+            decrypt_message_a(&corrupted_message_a, receiver_keypair.secret_key()),
             Err(HpkeError::Hpke(hpke::HpkeError::OpenError))
         );
         let mut corrupted_message_a = message_a.clone();
         corrupted_message_a[PADDED_MESSAGE_BYTES - 3] ^= 1; // corrupt aead ciphertext
         assert_eq!(
-            decrypt_message_a(&corrupted_message_a, receiver_keypair.secret_key().clone()),
+            decrypt_message_a(&corrupted_message_a, receiver_keypair.secret_key()),
             Err(HpkeError::Hpke(hpke::HpkeError::OpenError))
         );
 
@@ -418,7 +417,7 @@ mod test {
         let decrypted = decrypt_message_b(
             &message_b,
             receiver_keypair.public_key().clone(),
-            reply_keypair.secret_key().clone(),
+            reply_keypair.secret_key(),
         )
         .expect("decryption should work");
 
@@ -437,7 +436,7 @@ mod test {
         let decrypted = decrypt_message_b(
             &message_b,
             receiver_keypair.public_key().clone(),
-            reply_keypair.secret_key().clone(),
+            reply_keypair.secret_key(),
         )
         .expect("decryption should work");
         assert_eq!(decrypted.len(), plaintext.len());
@@ -448,15 +447,15 @@ mod test {
             decrypt_message_b(
                 &message_b,
                 receiver_keypair.public_key().clone(),
-                unrelated_keypair.secret_key().clone() // wrong decryption key
+                unrelated_keypair.secret_key() // wrong decryption key
             ),
             Err(HpkeError::Hpke(hpke::HpkeError::OpenError))
         );
         assert_eq!(
             decrypt_message_b(
                 &message_b,
                 unrelated_keypair.public_key().clone(), // wrong auth key
-                reply_keypair.secret_key().clone()
+                reply_keypair.secret_key()
             ),
             Err(HpkeError::Hpke(hpke::HpkeError::OpenError))
         );
@@ -467,7 +466,7 @@ mod test {
             decrypt_message_b(
                 &corrupted_message_b,
                 receiver_keypair.public_key().clone(),
-                reply_keypair.secret_key().clone()
+                reply_keypair.secret_key()
             ),
             Err(HpkeError::Hpke(hpke::HpkeError::OpenError))
         );
@@ -477,7 +476,7 @@ mod test {
             decrypt_message_b(
                 &corrupted_message_b,
                 receiver_keypair.public_key().clone(),
-                reply_keypair.secret_key().clone()
+                reply_keypair.secret_key()
             ),
             Err(HpkeError::Hpke(hpke::HpkeError::OpenError))
         );
diff --git a/payjoin/src/core/io.rs b/payjoin/src/core/io.rs
@@ -45,13 +45,13 @@ pub async fn fetch_ohttp_keys(
 pub async fn fetch_ohttp_keys_with_cert(
     ohttp_relay: impl IntoUrl,
     payjoin_directory: impl IntoUrl,
-    cert_der: Vec<u8>,
+    cert_der: &[u8],
 ) -> Result<OhttpKeys, Error> {
     let ohttp_keys_url = payjoin_directory.into_url()?.join("/.well-known/ohttp-gateway")?;
     let proxy = Proxy::all(ohttp_relay.into_url()?.as_str())?;
     let client = Client::builder()
         .use_rustls_tls()
-        .add_root_certificate(reqwest::tls::Certificate::from_der(&cert_der)?)
+        .add_root_certificate(reqwest::tls::Certificate::from_der(cert_der)?)
         .proxy(proxy)
         .http1_only()
         .build()?;
diff --git a/payjoin/src/core/receive/v2/mod.rs b/payjoin/src/core/receive/v2/mod.rs
@@ -473,7 +473,7 @@ impl Receiver<Initialized> {
         response: Vec<u8>,
     ) -> Result<(OriginalPayload, HpkePublicKey), ProtocolError> {
         let (payload_bytes, reply_key) =
-            decrypt_message_a(&response, self.session_context.receiver_key.secret_key().clone())
+            decrypt_message_a(&response, self.session_context.receiver_key.secret_key())
                 .map_err(|e| ProtocolError::V2(InternalSessionError::Hpke(e).into()))?;
         let payload = std::str::from_utf8(&payload_bytes)
             .map_err(|e| ProtocolError::OriginalPayload(InternalPayloadError::Utf8(e).into()))?;
@@ -1187,7 +1187,7 @@ impl Receiver<HasReplyableError> {
         let body = {
             if let Some(reply_key) = &session_context.reply_key {
                 encrypt_message_b(
-                    self.error_reply.to_json().to_string().as_bytes().to_vec(),
+                    self.error_reply.to_json().to_string().into_bytes(),
                     &session_context.receiver_key,
                     reply_key,
                 )
diff --git a/payjoin/src/core/send/v2/mod.rs b/payjoin/src/core/send/v2/mod.rs
@@ -377,7 +377,7 @@ pub(crate) fn extract_request(
 ) -> Result<(Request, ClientResponse), CreateRequestError> {
     let body = encrypt_message_a(
         body,
-        &HpkeKeyPair::from_secret_key(&session_context.reply_key).public_key().clone(),
+        HpkeKeyPair::from_secret_key(&session_context.reply_key).public_key(),
         session_context.pj_param.receiver_pubkey(),
     )
     .map_err(InternalCreateRequestError::Hpke)?;
@@ -495,7 +495,7 @@ impl Sender<PollingForProposal> {
         let body = match decrypt_message_b(
             &body,
             self.session_context.pj_param.receiver_pubkey().clone(),
-            self.session_context.reply_key.clone(),
+            &self.session_context.reply_key,
         ) {
             Ok(body) => body,
             Err(e) =>

Original file line number	Diff line number	Diff line change
`@@ -85,7 +85,7 @@ async fn fetch_ohttp_keys(`
`85`	`85`	`payjoin::io::fetch_ohttp_keys_with_cert(`
`86`	`86`	`selected_relay.as_str(),`
`87`	`87`	`payjoin_directory.as_str(),`
`88`		`- cert_der,`
	`88`	`+ &cert_der,`
`89`	`89`	`)`
`90`	`90`	`.await`
`91`	`91`	`} else {`
Original file line number	Diff line number	Diff line change
`@@ -103,7 +103,7 @@ impl TestServices {`
`103`	`103`	`fetch_ohttp_keys_with_cert(`
`104`	`104`	`self.ohttp_relay_url().as_str(),`
`105`	`105`	`self.directory_url().as_str(),`
`106`		`- self.cert(),`
	`106`	`+ &self.cert(),`
`107`	`107`	`)`
`108`	`108`	`.await`
`109`	`109`	`}`