ironoxide 4.3.1

A pure-Rust SDK for accessing IronCore's privacy platform
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197

//! Blind Index Search API
//!
//! This is a technique that allows you to hide the terms that have been indexed. This particular implementation uses tri-grams, which
//! are salted and hashed to produce the list of tokens.
//!
//! ## BlindIndexSearch
//!
//! The BlindIndexSearch gives the ability to generate queries as well as create the search entries to store.
//!
//! # Optional
//! This requires the optional `beta` feature to be enabled.

#[cfg(feature = "blocking")]
use crate::blocking::BlockingIronOxide;

use crate::{
    IronOxide, IronOxideErr, Result,
    document::{
        DocumentEncryptOpts,
        advanced::{DocumentAdvancedOps, DocumentEncryptUnmanagedResult},
    },
    group::GroupId,
    internal::take_lock,
};
use futures::Future;
pub use ironcore_search_helpers::transliterate_string;
use ironcore_search_helpers::{
    generate_hashes_for_string, generate_hashes_for_string_with_padding,
};
use rand::Rng as _;
use recrypt::api::DefaultRng;
use serde::{Deserialize, Serialize};
use std::{
    collections::HashSet,
    convert::{TryFrom, TryInto},
    fmt,
    ops::DerefMut,
    sync::Mutex,
};

///The required length of the salt.
const REQUIRED_LEN: usize = 32;

#[derive(Debug, PartialEq, Clone, Hash, Eq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct EncryptedBlindIndexSalt {
    pub encrypted_deks: Vec<u8>,
    pub encrypted_salt_bytes: Vec<u8>,
}

impl EncryptedBlindIndexSalt {
    //encrypt the blind index salt and give back the BlindIndexSearch object.
    pub async fn initialize_search(&self, ironoxide: &IronOxide) -> Result<BlindIndexSearch> {
        let decrypted_value = ironoxide
            .document_decrypt_unmanaged(&self.encrypted_salt_bytes[..], &self.encrypted_deks[..])
            .await?;
        decrypted_value.decrypted_data().try_into()
    }

    #[cfg(feature = "blocking")]
    pub fn initialize_search_blocking(&self, bio: &BlockingIronOxide) -> Result<BlindIndexSearch> {
        bio.runtime.block_on(self.initialize_search(&bio.ironoxide))
    }
}

///Trait which gives the ability to create a blind index.
pub trait BlindIndexSearchInitialize {
    ///Create an index and encrypt it to the provided group_id.
    fn create_blind_index(
        &self,
        group_id: &GroupId,
    ) -> impl Future<Output = Result<EncryptedBlindIndexSalt>> + Send;
}

impl BlindIndexSearchInitialize for IronOxide {
    async fn create_blind_index(&self, group_id: &GroupId) -> Result<EncryptedBlindIndexSalt> {
        let salt = {
            let mut mut_salt = [0u8; 32];
            take_lock(&self.rng).deref_mut().fill_bytes(&mut mut_salt);
            mut_salt
        };

        let encrypted_salt = self
            .document_encrypt_unmanaged(
                salt.into(),
                &DocumentEncryptOpts::with_explicit_grants(
                    None,
                    None,
                    false,
                    vec![group_id.into()],
                ),
            )
            .await?;
        encrypted_salt.try_into()
    }
}

pub struct BlindIndexSearch {
    decrypted_salt: [u8; 32],
    rng: Mutex<DefaultRng>,
}

/// We can just implement this manually since the DefaultRng doesn't implement Debug
impl fmt::Debug for BlindIndexSearch {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.debug_struct("BlindIndexSearch")
            .field("decrypted_salt", &self.decrypted_salt)
            .finish()
    }
}

impl TryFrom<&[u8]> for BlindIndexSearch {
    type Error = IronOxideErr;
    fn try_from(bytes: &[u8]) -> Result<BlindIndexSearch> {
        let decrypted_len = bytes.len();
        if decrypted_len != REQUIRED_LEN {
            Err(IronOxideErr::WrongSizeError(
                Some(decrypted_len),
                Some(REQUIRED_LEN),
            ))
        } else {
            let mut a = [0u8; 32];
            a.copy_from_slice(&bytes[0..32]);
            Ok(BlindIndexSearch::new(a))
        }
    }
}

impl TryFrom<DocumentEncryptUnmanagedResult> for EncryptedBlindIndexSalt {
    type Error = IronOxideErr;
    fn try_from(r: DocumentEncryptUnmanagedResult) -> Result<EncryptedBlindIndexSalt> {
        match r.access_errs().get(0) {
            None => Ok(EncryptedBlindIndexSalt {
                encrypted_deks: r.encrypted_deks().to_vec(),
                encrypted_salt_bytes: r.encrypted_data().to_vec(),
            }),
            Some(err) => Err(IronOxideErr::UserOrGroupDoesNotExist(
                err.user_or_group.clone(),
            )),
        }
    }
}

impl BlindIndexSearch {
    fn new(decrypted_salt: [u8; 32]) -> BlindIndexSearch {
        let rng = Mutex::new(DefaultRng::default());
        BlindIndexSearch {
            decrypted_salt,
            rng,
        }
    }

    /// Generate the list of tokens to use to find entries that match the search query, given the specified partition_id.
    /// query - The string you want to tokenize and hash
    /// partition_id - An extra string you want to include in every hash, this allows 2 queries with different partition_ids to produce a different set of tokens for the same query
    pub fn tokenize_query(&self, query: &str, partition_id: Option<&str>) -> Result<HashSet<u32>> {
        generate_hashes_for_string(query, partition_id, &self.decrypted_salt[..])
            .map_err(|message| IronOxideErr::ValidationError("query".to_string(), message))
    }

    /// Generate the list of tokens to create a search entry for `data`. This function will also return some random values in the HashSet, which will make
    /// it harder for someone to know what the input was. Because of this, calling this function will not be the same as `tokenize_query`, but `tokenize_query` will always
    /// return a subset of the values returned by `tokenize_data`.
    ///
    /// data - The string you want to tokenize and hash
    /// partition_id - An extra string you want to include in every hash, this allows 2 queries with different partition_ids to produce a different set of tokens for the same data
    pub fn tokenize_data(&self, data: &str, partition_id: Option<&str>) -> Result<HashSet<u32>> {
        generate_hashes_for_string_with_padding(
            data,
            partition_id,
            &self.decrypted_salt[..],
            &self.rng,
        )
        .map_err(|message| IronOxideErr::ValidationError("data".to_string(), message))
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use galvanic_assert::*;

    #[test]
    fn try_from_works_for_correct_size() -> Result<()> {
        let bytes = [0u8; 32];
        let _: BlindIndexSearch = (&bytes[..]).try_into()?;
        Ok(())
    }
    #[test]
    fn try_from_errors_for_incorrect_size() -> Result<()> {
        let bytes = [0u8; 100];
        let maybe_error: Result<BlindIndexSearch> = (&bytes[..]).try_into();
        let error = maybe_error.unwrap_err();
        assert_that!(&error, is_variant!(IronOxideErr::WrongSizeError));
        Ok(())
    }
}