cipherstash-client 0.34.1-alpha.1

The official CipherStash SDK
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292

//! Module for CipherStash encryption schemes and indexers
mod builder;
pub mod compound_indexer;
mod errors;
mod indexer;
mod json_indexer;
mod jsonb_indexer;
mod match_indexer;
mod ore_indexer;
mod plaintext;
mod scoped_cipher;
mod text;
mod unique_indexer;

use crate::zerokms::{EncryptPayload, EncryptedRecord, IndexKey, ZeroKMSWithClientKey};
use compound_indexer::{
    accumulator::Accumulator, composable_plaintext::ComposablePlaintext, ComposableIndex,
    CompoundIndex,
};
use serde::Serialize;
use stack_auth::AuthStrategy;
use zerokms_protocol::cipherstash_config::{column::IndexType, operator::Operator, ColumnType};

// Re-exports
pub use builder::{Encryptable, Encrypted, QueryBuilder, Queryable, StorageBuilder};
pub use errors::{EncryptionError, TypeParseError};
pub use indexer::IndexerInit;
pub use indexer::QueryOp;
pub use json_indexer::{
    EncryptedEntry, EncryptedSteVecTerm, JsonIndexer, JsonIndexerOptions, SteQueryVec, SteVec,
    TokenizedSelector,
};
pub use jsonb_indexer::*;
pub use match_indexer::MatchIndexer;
pub use ore_indexer::OreIndexer;
pub use plaintext::{
    BytesWithDescriptor, Plaintext, PlaintextNullVariant, PlaintextTarget, TryFromPlaintext,
};
pub use scoped_cipher::{DecryptOptions, ScopedCipher};
pub use unique_indexer::UniqueIndexer;

pub struct Encryption<C = stack_auth::AutoStrategy> {
    index_key: IndexKey,
    client: ZeroKMSWithClientKey<C>,
}

impl<Creds> Encryption<Creds>
where
    Creds: Send + Sync + 'static,
    for<'a> &'a Creds: AuthStrategy,
{
    pub fn new(root_key: IndexKey, client: ZeroKMSWithClientKey<Creds>) -> Self {
        Self {
            index_key: root_key,
            client,
        }
    }

    pub async fn encrypt<T: Into<BytesWithDescriptor>>(
        &self,
        items: impl IntoIterator<Item = T>,
    ) -> Result<Vec<EncryptedRecord>, EncryptionError> {
        let payloads: Vec<BytesWithDescriptor> = items.into_iter().map(Into::into).collect();

        Ok(self
            .client
            .encrypt(payloads.iter().map(EncryptPayload::from), None)
            .await?)
    }

    pub async fn encrypt_single(
        &self,
        target: PlaintextTarget,
    ) -> Result<EncryptedRecord, EncryptionError> {
        let payload = target.payload();

        let ciphertext = self
            .client
            .encrypt_single(EncryptPayload::from(&payload), None)
            .await?;

        Ok(ciphertext)
    }

    pub async fn decrypt_single(
        &self,
        ciphertext: EncryptedRecord,
    ) -> Result<Plaintext, EncryptionError> {
        let decrypted = self
            .client
            .decrypt_single(ciphertext, None, None, None)
            .await?;
        Ok(Plaintext::from_slice(&decrypted)?)
    }

    /// Like `decrypt` but doesn't expect all values to be decryptable.
    /// This only means that a given input is `None` or the slice is not a
    /// serialized [`EncryptedRecord`].
    /// In the future this could also cover cases
    /// where the caller is not _authorized_ to decrypt a given value.
    ///
    /// As it stands, this function will return an Error if any valid ciphertexts
    /// fail to decrypt.
    ///
    /// Items in the returned vec wil be in the same order as the input
    /// but any values that are unable to be decrypted will be returned as `None`.
    ///
    /// Encrypted records must be encoded with hex.
    pub async fn maybe_decrypt_hex<I, C>(
        &self,
        ciphertexts: I,
    ) -> Result<Vec<Option<Plaintext>>, EncryptionError>
    where
        I: IntoIterator<Item = Option<C>>,
        C: AsRef<[u8]>,
    {
        let records: (Vec<bool>, Vec<EncryptedRecord>) =
            ciphertexts
                .into_iter()
                .fold(Default::default(), |(mut all, mut target), hex_str| {
                    if let Some(rec) = hex_str
                        .map(hex::decode)
                        .transpose()
                        .unwrap_or(None)
                        .and_then(|bytes| EncryptedRecord::from_cbor_bytes(&bytes).ok())
                    {
                        target.push(rec);
                        all.push(true);
                    } else {
                        all.push(false);
                    }
                    (all, target)
                });

        let decrypted = self.client.decrypt(records.1, None, None, None).await?;
        let mut results = decrypted
            .into_iter()
            .map(|bytes| Plaintext::from_slice(&bytes));

        Ok(records
            .0
            .iter()
            .map(|valid| {
                if *valid {
                    results.next().transpose()
                } else {
                    Ok(None)
                }
            })
            .collect::<Result<Vec<Option<Plaintext>>, _>>()?)
    }

    pub async fn decrypt(
        &self,
        ciphertexts: impl IntoIterator<Item = EncryptedRecord>,
    ) -> Result<Vec<Plaintext>, EncryptionError> {
        let decrypted = self.client.decrypt(ciphertexts, None, None, None).await?;
        Ok(decrypted
            .iter()
            .map(|bytes| Plaintext::from_slice(bytes))
            .collect::<Result<Vec<Plaintext>, _>>()?)
    }

    pub fn index(
        &self,
        value: &Plaintext,
        index_type: &IndexType,
    ) -> Result<IndexTerm, EncryptionError> {
        match index_type {
            IndexType::Ore => OreIndexer::try_init(index_type)?.encrypt(value, &self.index_key),
            IndexType::Unique { .. } => {
                UniqueIndexer::try_init(index_type)?.encrypt(value, &self.index_key)
            }
            IndexType::Match { .. } => {
                MatchIndexer::try_init(index_type)?.encrypt(value, &self.index_key)
            }
            IndexType::SteVec { .. } => Err(EncryptionError::IndexingError(
                "SteVec not supported via direct Encryption API: use Pipeline or Builder instead"
                    .to_string(),
            )),
        }
    }

    pub fn index_all(&self, target: &PlaintextTarget) -> Result<Vec<IndexTerm>, EncryptionError> {
        let mut indexes = vec![];

        for index in target.config().indexes.iter() {
            indexes.push(self.index(&target.plaintext, &index.index_type)?);
        }

        Ok(indexes)
    }

    pub fn compound_index(
        &self,
        index: &CompoundIndex<impl ComposableIndex + Send>,
        input: impl Into<ComposablePlaintext>,
        salt: Option<impl AsRef<[u8]>>,
        term_length: usize,
    ) -> Result<IndexTerm, EncryptionError> {
        let accumulator = salt
            .map(|s| Accumulator::from_salt(s.as_ref()))
            .unwrap_or_else(Accumulator::empty);

        let term = index
            .compose_index(&self.index_key, input.into(), accumulator)?
            .truncate(term_length)?;

        Ok(term.into())
    }

    pub fn compound_query(
        &self,
        index: &CompoundIndex<impl ComposableIndex + Send>,
        input: impl Into<ComposablePlaintext>,
        salt: Option<impl AsRef<[u8]>>,
        term_length: usize,
    ) -> Result<IndexTerm, EncryptionError> {
        let accumulator = salt
            .map(|s| Accumulator::from_salt(s.as_ref()))
            .unwrap_or_else(Accumulator::empty);

        let term = index
            .compose_query(&self.index_key, input.into(), accumulator)?
            .exactly_one()?
            .truncate(term_length)?;

        Ok(term.try_into()?)
    }

    pub fn index_for_operator(
        &self,
        value: &Plaintext,
        index_type: &IndexType,
        operator: &Operator,
        cast_type: &ColumnType,
    ) -> Result<IndexTerm, EncryptionError> {
        // Check if index supports op
        if !index_type.supports(operator, cast_type) {
            return Err(EncryptionError::IndexingError(format!(
                "Unsupported operator ({}) for Index {:?}",
                operator.as_str(),
                index_type
            )));
        }
        match index_type {
            IndexType::Ore => OreIndexer.encrypt_for_query(value, &self.index_key),
            // Unique and Match don't work any differently for queries
            IndexType::Unique { .. } => self.index(value, index_type),
            IndexType::Match { .. } => self.index(value, index_type),
            IndexType::SteVec { .. } => self.index(value, index_type),
        }
    }
}

#[derive(Debug, Eq, PartialEq, Serialize)]
pub enum IndexTerm {
    Binary(Vec<u8>),
    BinaryVec(Vec<Vec<u8>>),
    BitMap(Vec<u16>),
    /// Represents a full ORE Ciphertext (both left and right)
    OreFull(Vec<u8>),
    /// Array of FullOre terms
    OreArray(Vec<Vec<u8>>),
    /// Represents a Left ORE Ciphertext
    OreLeft(Vec<u8>),
    SteVecSelector(TokenizedSelector<16>),
    SteVecTerm(EncryptedSteVecTerm),
    SteQueryVec(SteQueryVec<16>),
    /// NULL index field
    Null,
}

impl IndexTerm {
    pub fn as_binary(self) -> Option<Vec<u8>> {
        if let Self::Binary(x) = self {
            Some(x)
        } else {
            None
        }
    }

    /// Get the index term as a vector of binary terms.
    /// If the term is a single binary term, it will be wrapped in a vec.
    pub fn as_binary_vec(self) -> Option<Vec<Vec<u8>>> {
        match self {
            Self::BinaryVec(x) => Some(x),
            Self::Binary(x) => Some(vec![x]),
            _ => None,
        }
    }
}