hexvault 1.1.2

Cascading cell-partitioned encryption architecture.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136

//! Cell isolation and payload management.
//!
//! A cell is the fundamental unit of isolation. It owns a set of encrypted
//! payloads and ensures that they are only accessible through keys derived
//! using the cell's unique identity.

use std::collections::HashMap;

use crate::error::HexvaultError;
use crate::keys::PartitionKey;
use crate::stack::{self, Layer, LayerContext};

/// A unique identifier for a cell.
pub type CellId = String;

/// A payload stored within a cell.
pub struct Payload {
    /// The encrypted bytes.
    pub data: Vec<u8>,
    /// The layer at which this payload was sealed.
    pub sealed_at: Layer,
}

/// An independent encryption domain.
pub struct Cell {
    id: CellId,
    payloads: HashMap<String, Payload>,
}

impl Cell {
    /// Create a new, empty cell.
    pub fn new(id: CellId) -> Self {
        Self {
            id,
            payloads: HashMap::new(),
        }
    }

    /// Return the cell's ID.
    pub fn id(&self) -> &str {
        &self.id
    }

    /// Seal a plaintext value into the cell.
    ///
    /// The value is encrypted up to the specified layer and stored under the given key.
    pub fn store(
        &mut self,
        partition_key: &PartitionKey,
        key: &str,
        text: &[u8],
        layer: Layer,
        context: &LayerContext,
    ) -> Result<(), HexvaultError> {
        let sealed = stack::seal(partition_key, &self.id, layer, context, text)?;
        self.payloads.insert(
            key.to_string(),
            Payload {
                data: sealed,
                sealed_at: layer,
            },
        );
        Ok(())
    }

    /// Retrieve and peel a stored payload.
    ///
    /// Returns the original plaintext if the key exists and the correct context
    /// is provided for all layers.
    pub fn retrieve(
        &self,
        partition_key: &PartitionKey,
        key: &str,
        context: &LayerContext,
    ) -> Result<Vec<u8>, HexvaultError> {
        let payload = self
            .payloads
            .get(key)
            .ok_or_else(|| HexvaultError::CellNotFound(key.to_string()))?;

        stack::peel(
            partition_key,
            &self.id,
            payload.sealed_at,
            context,
            &payload.data,
        )
    }

    /// Remove a payload from the cell.
    pub fn remove(&mut self, key: &str) {
        self.payloads.remove(key);
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_cell_isolation() {
        use crate::keys::MasterKey;
        let master = MasterKey::from_bytes([1u8; 32]);
        let partition = crate::keys::derive_partition_key(&master, "p1").unwrap();
        let mut cell_a = Cell::new("cell-a".to_string());
        let mut cell_b = Cell::new("cell-b".to_string());
        let context = LayerContext::default();

        cell_a
            .store(&partition, "secret", b"hello a", Layer::AtRest, &context)
            .unwrap();
        cell_b
            .store(&partition, "secret", b"hello b", Layer::AtRest, &context)
            .unwrap();

        assert_eq!(
            cell_a.retrieve(&partition, "secret", &context).unwrap(),
            b"hello a"
        );
        assert_eq!(
            cell_b.retrieve(&partition, "secret", &context).unwrap(),
            b"hello b"
        );

        // Simulate swap/wrong ID by calling stack::peel directly with wrong ID
        let sealed_a = cell_a.payloads.get("secret").unwrap();
        assert!(stack::peel(
            &partition,
            "cell-b",
            sealed_a.sealed_at,
            &context,
            &sealed_a.data
        )
        .is_err());
    }
}