rose-squared-sdk 0.1.0

Privacy-preserving encrypted search SDK implementing the SWiSSSE protocol with forward/backward security and volume-hiding, compilable to WebAssembly
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169

// Encrypted Database (EDB) abstraction layer.
//
// The server is FULLY UNTRUSTED.  It stores (Tag → EncValue) pairs and
// executes fetch/put/delete operations on tags it cannot interpret.
//
// The `EncryptedStore` trait is the single extension point for storage
// backends.  Implement it for:
//   • IndexedDB   (browser WASM, see wasm/js_store.rs)
//   • Redis       (server-side proxy for high-throughput deployments)
//   • S3          (blob store with DynamoDB index for tag lookups)
//   • SQLite      (local native testing)
//   • HashMap     (in-memory mock — shipped here for unit tests)
//
// Design: storage-agnostic trait with async methods.
// In WASM, async fns resolve to JS Promises automatically via wasm-bindgen.

use std::collections::HashMap;
use async_trait::async_trait;

use crate::crypto::primitives::{EncValue, Tag};
use crate::error::VaultError;

// ── Raw EDB entry (wire type) ─────────────────────────────────────────────────

/// A single (tag, ciphertext) pair ready to be written to the EDB.
pub struct RawEdbEntry {
    pub tag:   Tag,
    pub value: EncValue,
}

// ── Storage trait ─────────────────────────────────────────────────────────────

/// Implement this trait for any key-value store that will back the EDB.
///
/// All inputs and outputs are opaque byte arrays — the store never sees
/// plaintext keywords, document IDs, or user data.
#[async_trait(?Send)]    // ?Send because WASM is single-threaded
pub trait EncryptedStore {
    /// Fetch the encrypted value stored at `tag`, if any.
    async fn get(&self, tag: &Tag) -> Result<Option<EncValue>, VaultError>;

    /// Store a single (tag, value) pair.  Overwrites any existing entry.
    async fn put(&self, tag: Tag, value: EncValue) -> Result<(), VaultError>;

    /// Remove the entry at `tag`.  No-op if tag does not exist.
    async fn delete(&self, tag: &Tag) -> Result<(), VaultError>;

    /// Fetch multiple tags in a single round-trip.
    ///
    /// The default implementation issues sequential GETs.
    /// Backends should override this with a real batch read (e.g., Redis MGET).
    ///
    /// Returns a Vec aligned with `tags`: `None` for any tag not present.
    async fn get_batch(&self, tags: &[Tag]) -> Result<Vec<Option<EncValue>>, VaultError> {
        let mut out = Vec::with_capacity(tags.len());
        for tag in tags {
            out.push(self.get(tag).await?);
        }
        Ok(out)
    }

    /// Write multiple entries and delete a set of old tags atomically.
    ///
    /// Used by the delete protocol (Backward Security Type-II) where we must
    /// atomically retire old-epoch entries and write new-epoch entries.
    ///
    /// Default: sequential puts then deletes (not truly atomic — override for
    /// production stores that support transactions).
    async fn atomic_update(
        &self,
        puts:    Vec<RawEdbEntry>,
        removes: Vec<Tag>,
    ) -> Result<(), VaultError> {
        for entry in puts {
            self.put(entry.tag, entry.value).await?;
        }
        for tag in removes {
            self.delete(&tag).await?;
        }
        Ok(())
    }

    // ── SWiSSSE: volume-hiding batch write ────────────────────────────────────

    /// Write exactly `target_count` entries, padding with dummy entries if needed.
    ///
    /// This is the key SWiSSSE primitive: every write to the EDB has the same
    /// observable volume (number of entries written), suppressing the volume
    /// leakage that lets a passive server distinguish large vs. small updates.
    ///
    /// Dummy entries are (random_tag, random_ciphertext) pairs that are
    /// cryptographically indistinguishable from real entries.
    async fn padded_put_batch(
        &self,
        real_entries: Vec<RawEdbEntry>,
        target_count: usize,
    ) -> Result<(), VaultError> {
        use rand::RngCore;
        use crate::crypto::primitives::LAMBDA;

        if real_entries.len() > target_count {
            return Err(VaultError::VolumeLimitExceeded { max: target_count });
        }

        let pad_count = target_count - real_entries.len();
        let mut rng = rand::thread_rng();

        // Write real entries.
        for entry in real_entries {
            self.put(entry.tag, entry.value).await?;
        }

        // Write dummy entries: both tag and ciphertext are uniformly random.
        // The server cannot distinguish these from real writes.
        for _ in 0..pad_count {
            let mut dummy_tag = [0u8; LAMBDA];
            let mut dummy_val = vec![0u8; 60]; // matches real entry size
            rng.fill_bytes(&mut dummy_tag);
            rng.fill_bytes(&mut dummy_val);
            self.put(Tag(dummy_tag), EncValue(dummy_val)).await?;
        }

        Ok(())
    }
}

// ── In-memory mock store ──────────────────────────────────────────────────────

/// A `HashMap`-backed `EncryptedStore` for unit tests and local development.
///
/// NOT suitable for production — no persistence, no concurrency safety.
pub struct MockStore {
    inner: std::sync::Mutex<HashMap<[u8; 32], Vec<u8>>>,
}

impl MockStore {
    pub fn new() -> Self {
        Self { inner: std::sync::Mutex::new(HashMap::new()) }
    }

    /// Number of entries currently stored.  Useful for test assertions.
    pub fn len(&self) -> usize {
        self.inner.lock().unwrap().len()
    }
}

impl Default for MockStore {
    fn default() -> Self { Self::new() }
}

#[async_trait(?Send)]
impl EncryptedStore for MockStore {
    async fn get(&self, tag: &Tag) -> Result<Option<EncValue>, VaultError> {
        let map = self.inner.lock().unwrap();
        Ok(map.get(&tag.0).map(|v| EncValue(v.clone())))
    }

    async fn put(&self, tag: Tag, value: EncValue) -> Result<(), VaultError> {
        let mut map = self.inner.lock().unwrap();
        map.insert(tag.0, value.0);
        Ok(())
    }

    async fn delete(&self, tag: &Tag) -> Result<(), VaultError> {
        let mut map = self.inner.lock().unwrap();
        map.remove(&tag.0);
        Ok(())
    }
}