venice-e2ee-proxy 0.1.3

OpenAI-compatible proxy for Venice.ai E2EE models
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

//! Startup proxy-instance key management.
//!
//! The proxy generates one secp256k1 keypair per process when configured to do
//! so. E2EE code uses the private key to decrypt Venice response chunks and
//! sends the uncompressed public key hex in Venice E2EE request headers.

use std::{fmt, sync::Arc};

use k256::{SecretKey, elliptic_curve::sec1::ToEncodedPoint};
use rand_core::OsRng;
use zeroize::ZeroizeOnDrop;

use crate::config::KeysConfig;

/// Per-process secp256k1 keypair used by this proxy instance.
#[derive(Clone)]
pub struct ProxyInstanceKey {
    inner: Arc<ProxyInstanceKeyInner>,
}

/// Shared key material stored behind [`ProxyInstanceKey`] clones.
struct ProxyInstanceKeyInner {
    private_key: ProxyInstancePrivateKey,
    public_key_hex: String,
}

/// Redacted, zeroizing wrapper around the proxy instance private key.
struct ProxyInstancePrivateKey(SecretKey);

impl ProxyInstancePrivateKey {
    /// Wraps a secp256k1 private key for redacted debug output and zeroizing drop behavior.
    fn new(private_key: SecretKey) -> Self {
        Self(private_key)
    }

    /// Returns the matching uncompressed SEC1 public key as lowercase hex.
    fn public_key_hex(&self) -> String {
        let public_key = self.0.public_key();
        hex::encode(public_key.to_encoded_point(false).as_bytes())
    }

    /// Returns the wrapped private key for local E2EE response decryption.
    fn secret_key(&self) -> &SecretKey {
        &self.0
    }
}

impl ZeroizeOnDrop for ProxyInstancePrivateKey {}

impl fmt::Debug for ProxyInstancePrivateKey {
    /// Formats the private key wrapper without exposing key material.
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.write_str("[redacted]")
    }
}

impl ProxyInstanceKey {
    /// Generates a new secp256k1 keypair for this process.
    pub fn generate() -> Self {
        let private_key = SecretKey::random(&mut OsRng);
        Self::from_private_key(private_key)
    }

    /// Generates a key when `keys.generate_proxy_instance_key_on_startup` is enabled.
    pub fn generate_from_config(config: &KeysConfig) -> Option<Self> {
        config
            .generate_proxy_instance_key_on_startup
            .then(Self::generate)
    }

    /// Builds proxy instance key state from an existing private key.
    fn from_private_key(private_key: SecretKey) -> Self {
        let private_key = ProxyInstancePrivateKey::new(private_key);
        let public_key_hex = private_key.public_key_hex();

        Self {
            inner: Arc::new(ProxyInstanceKeyInner {
                private_key,
                public_key_hex,
            }),
        }
    }

    /// Uncompressed SEC1 public key encoded as lowercase hex.
    ///
    /// Venice expects 65 bytes (`04 || x || y`), represented as 130 hex chars.
    pub fn public_key_hex(&self) -> &str {
        &self.inner.public_key_hex
    }

    /// Returns the private key used to decrypt Venice E2EE response chunks.
    #[allow(dead_code)]
    pub(crate) fn private_key(&self) -> &SecretKey {
        self.inner.private_key.secret_key()
    }
}

impl fmt::Debug for ProxyInstanceKey {
    /// Formats key metadata while redacting private key material.
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.debug_struct("ProxyInstanceKey")
            .field("private_key", &"[redacted]")
            .field("public_key_hex", &self.public_key_hex())
            .finish()
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn generates_uncompressed_public_key_hex_in_venice_format() {
        let key = ProxyInstanceKey::generate();

        assert_eq!(key.public_key_hex().len(), 130);
        assert!(key.public_key_hex().starts_with("04"));
        assert!(key.public_key_hex().chars().all(|c| c.is_ascii_hexdigit()));
        assert!(
            key.public_key_hex()
                .chars()
                .all(|c| !c.is_ascii_uppercase())
        );
    }

    #[test]
    fn respects_startup_key_generation_config() {
        let enabled = KeysConfig {
            generate_proxy_instance_key_on_startup: true,
        };
        let disabled = KeysConfig {
            generate_proxy_instance_key_on_startup: false,
        };

        assert!(ProxyInstanceKey::generate_from_config(&enabled).is_some());
        assert!(ProxyInstanceKey::generate_from_config(&disabled).is_none());
    }

    #[test]
    fn private_key_material_is_zeroized_on_drop() {
        fn assert_zeroize_on_drop<T: ZeroizeOnDrop>() {}

        assert_zeroize_on_drop::<SecretKey>();
        assert_zeroize_on_drop::<ProxyInstancePrivateKey>();

        let key = ProxyInstanceKey::generate();
        let _private_key_ref: &SecretKey = key.private_key();
    }

    #[test]
    fn debug_output_redacts_private_key_material() {
        let key = ProxyInstanceKey::generate();
        let debug = format!("{key:?}");

        assert!(debug.contains("[redacted]"));
        assert!(debug.contains(key.public_key_hex()));
    }
}