aletheiadb 0.1.0

A high-performance bi-temporal graph database for LLM integration
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147

//! Key derivation via HKDF-SHA256.
//!
//! Derives per-component Data Encryption Keys (DEKs) from the Master Encryption
//! Key (MEK) using HKDF-SHA256. Each storage component (WAL, indexes, cold
//! storage, checkpoints) gets a unique DEK to limit blast radius if any single
//! key is compromised.

use hkdf::Hkdf;
use sha2::Sha256;
use zeroize::Zeroizing;

use crate::encryption::KeyDerivationError;

/// HKDF info-string context for WAL encryption keys.
pub const WAL_DEK_CONTEXT: &str = "wal";

/// HKDF info-string context for index encryption keys.
pub const INDEX_DEK_CONTEXT: &str = "index";

/// HKDF info-string context for cold storage encryption keys.
pub const COLD_DEK_CONTEXT: &str = "cold";

/// HKDF info-string context for checkpoint encryption keys.
pub const CHECKPOINT_DEK_CONTEXT: &str = "checkpoint";

/// Derives per-component DEKs from a master encryption key using HKDF-SHA256.
///
/// The info string format is `aletheiadb-{component}-dek-v1` which binds each
/// derived key to a specific component and allows future key-schedule versioning.
pub struct KeyDerivation {
    mek: Zeroizing<[u8; 32]>,
}

impl KeyDerivation {
    /// Create a new key derivation context from a master encryption key.
    pub fn new(mek: Zeroizing<[u8; 32]>) -> Self {
        Self { mek }
    }

    /// Derive a 32-byte DEK for the given component name.
    ///
    /// The component name is embedded in the HKDF info string as
    /// `aletheiadb-{component}-dek-v1`.
    pub fn derive_dek(&self, component: &str) -> Result<Zeroizing<[u8; 32]>, KeyDerivationError> {
        let hkdf = Hkdf::<Sha256>::new(None, self.mek.as_ref());
        let info = format!("aletheiadb-{component}-dek-v1");

        let mut okm = Zeroizing::new([0u8; 32]);
        hkdf.expand(info.as_bytes(), okm.as_mut())
            .map_err(|e| KeyDerivationError::DerivationFailed(e.to_string()))?;

        Ok(okm)
    }

    /// Derive the DEK for WAL encryption.
    pub fn derive_wal_dek(&self) -> Result<Zeroizing<[u8; 32]>, KeyDerivationError> {
        self.derive_dek(WAL_DEK_CONTEXT)
    }

    /// Derive the DEK for index encryption.
    pub fn derive_index_dek(&self) -> Result<Zeroizing<[u8; 32]>, KeyDerivationError> {
        self.derive_dek(INDEX_DEK_CONTEXT)
    }

    /// Derive the DEK for cold storage encryption.
    pub fn derive_cold_dek(&self) -> Result<Zeroizing<[u8; 32]>, KeyDerivationError> {
        self.derive_dek(COLD_DEK_CONTEXT)
    }

    /// Derive the DEK for checkpoint encryption.
    pub fn derive_checkpoint_dek(&self) -> Result<Zeroizing<[u8; 32]>, KeyDerivationError> {
        self.derive_dek(CHECKPOINT_DEK_CONTEXT)
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use rand::RngCore;

    fn random_mek() -> Zeroizing<[u8; 32]> {
        let mut key = Zeroizing::new([0u8; 32]);
        rand::thread_rng().fill_bytes(key.as_mut());
        key
    }

    #[test]
    fn derive_dek_deterministic() {
        let mek = random_mek();
        let kd = KeyDerivation::new(mek.clone());

        let dek1 = kd.derive_dek("wal").unwrap();
        let dek2 = kd.derive_dek("wal").unwrap();
        assert_eq!(dek1.as_ref(), dek2.as_ref());
    }

    #[test]
    fn different_components_different_deks() {
        let mek = random_mek();
        let kd = KeyDerivation::new(mek);

        let wal = kd.derive_wal_dek().unwrap();
        let index = kd.derive_index_dek().unwrap();
        let cold = kd.derive_cold_dek().unwrap();
        let checkpoint = kd.derive_checkpoint_dek().unwrap();

        // All four must be distinct
        let deks: Vec<&[u8; 32]> = vec![&*wal, &*index, &*cold, &*checkpoint];
        for i in 0..deks.len() {
            for j in (i + 1)..deks.len() {
                assert_ne!(deks[i], deks[j], "DEK {i} and {j} must differ");
            }
        }
    }

    #[test]
    fn different_mek_different_deks() {
        let mek1 = random_mek();
        let mek2 = random_mek();
        let kd1 = KeyDerivation::new(mek1);
        let kd2 = KeyDerivation::new(mek2);

        let dek1 = kd1.derive_wal_dek().unwrap();
        let dek2 = kd2.derive_wal_dek().unwrap();
        assert_ne!(dek1.as_ref(), dek2.as_ref());
    }

    #[test]
    fn custom_component_works() {
        let mek = random_mek();
        let kd = KeyDerivation::new(mek);

        let dek = kd.derive_dek("my-custom-component").unwrap();
        assert_eq!(dek.as_ref().len(), 32);
    }

    #[test]
    fn dek_is_32_bytes() {
        let mek = random_mek();
        let kd = KeyDerivation::new(mek);

        assert_eq!(kd.derive_wal_dek().unwrap().as_ref().len(), 32);
        assert_eq!(kd.derive_index_dek().unwrap().as_ref().len(), 32);
        assert_eq!(kd.derive_cold_dek().unwrap().as_ref().len(), 32);
        assert_eq!(kd.derive_checkpoint_dek().unwrap().as_ref().len(), 32);
    }
}