Skip to main content

EncryptedStore

rose_squared_sdk::server::edb

Trait EncryptedStore 

Source 
pub trait EncryptedStore {
    // Required methods
    fn get<'life0, 'life1, 'async_trait>(
        &'life0 self,
        tag: &'life1 Tag,
    ) -> Pin<Box<dyn Future<Output = Result<Option<EncValue>, VaultError>> + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;
    fn put<'life0, 'async_trait>(
        &'life0 self,
        tag: Tag,
        value: EncValue,
    ) -> Pin<Box<dyn Future<Output = Result<(), VaultError>> + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;
    fn delete<'life0, 'life1, 'async_trait>(
        &'life0 self,
        tag: &'life1 Tag,
    ) -> Pin<Box<dyn Future<Output = Result<(), VaultError>> + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;

    // Provided methods
    fn get_batch<'life0, 'life1, 'async_trait>(
        &'life0 self,
        tags: &'life1 [Tag],
    ) -> Pin<Box<dyn Future<Output = Result<Vec<Option<EncValue>>, VaultError>> + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait { ... }
    fn atomic_update<'life0, 'async_trait>(
        &'life0 self,
        puts: Vec<RawEdbEntry>,
        removes: Vec<Tag>,
    ) -> Pin<Box<dyn Future<Output = Result<(), VaultError>> + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait { ... }
    fn padded_put_batch<'life0, 'async_trait>(
        &'life0 self,
        real_entries: Vec<RawEdbEntry>,
        target_count: usize,
    ) -> Pin<Box<dyn Future<Output = Result<(), VaultError>> + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait { ... }
}
Expand description

Implement this trait for any key-value store that will back the EDB.

All inputs and outputs are opaque byte arrays — the store never sees plaintext keywords, document IDs, or user data.

Required Methods§

Source

fn get<'life0, 'life1, 'async_trait>( &'life0 self, tag: &'life1 Tag, ) -> Pin<Box<dyn Future<Output = Result<Option<EncValue>, VaultError>> + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Fetch the encrypted value stored at tag, if any.

Source

fn put<'life0, 'async_trait>( &'life0 self, tag: Tag, value: EncValue, ) -> Pin<Box<dyn Future<Output = Result<(), VaultError>> + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait,

Store a single (tag, value) pair. Overwrites any existing entry.

Source

fn delete<'life0, 'life1, 'async_trait>( &'life0 self, tag: &'life1 Tag, ) -> Pin<Box<dyn Future<Output = Result<(), VaultError>> + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Remove the entry at tag. No-op if tag does not exist.

Provided Methods§

Source

fn get_batch<'life0, 'life1, 'async_trait>( &'life0 self, tags: &'life1 [Tag], ) -> Pin<Box<dyn Future<Output = Result<Vec<Option<EncValue>>, VaultError>> + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Fetch multiple tags in a single round-trip.

The default implementation issues sequential GETs. Backends should override this with a real batch read (e.g., Redis MGET).

Returns a Vec aligned with tags: None for any tag not present.

Source

fn atomic_update<'life0, 'async_trait>( &'life0 self, puts: Vec<RawEdbEntry>, removes: Vec<Tag>, ) -> Pin<Box<dyn Future<Output = Result<(), VaultError>> + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait,

Write multiple entries and delete a set of old tags atomically.

Used by the delete protocol (Backward Security Type-II) where we must atomically retire old-epoch entries and write new-epoch entries.

Default: sequential puts then deletes (not truly atomic — override for production stores that support transactions).

Source

fn padded_put_batch<'life0, 'async_trait>( &'life0 self, real_entries: Vec<RawEdbEntry>, target_count: usize, ) -> Pin<Box<dyn Future<Output = Result<(), VaultError>> + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait,

Write exactly target_count entries, padding with dummy entries if needed.

This is the key SWiSSSE primitive: every write to the EDB has the same observable volume (number of entries written), suppressing the volume leakage that lets a passive server distinguish large vs. small updates.

Dummy entries are (random_tag, random_ciphertext) pairs that are cryptographically indistinguishable from real entries.

Implementors§