cargo fmt

Author: coderdan

src/crypto/attrs/flattened_encrypted_attributes.rs

@@ -3,9 +3,7 @@ use crate::{
     encrypted_table::{TableAttributes, ZeroKmsCipher},
     traits::TableAttribute,
 };
-use cipherstash_client::{
-    encryption::Plaintext, zerokms::EncryptedRecord
-};
+use cipherstash_client::{encryption::Plaintext, zerokms::EncryptedRecord};
 use itertools::Itertools;
 
 use super::FlattenedProtectedAttributes;
@@ -45,11 +43,14 @@ impl FlattenedEncryptedAttributes {
         cipher
             .decrypt(self.attrs.into_iter())
             .await
-            .map(|records| records
-                .into_iter()
-                // FIXME: We should change the decrypt method to return a plaintext and/or make a Plaintext::from_bytes method which consumes the bytes
-                .map(|bytes| Plaintext::from_slice(&bytes).unwrap())
-                .zip(descriptors.into_iter()).collect())
+            .map(|records| {
+                records
+                    .into_iter()
+                    // FIXME: We should change the decrypt method to return a plaintext and/or make a Plaintext::from_bytes method which consumes the bytes
+                    .map(|bytes| Plaintext::from_slice(&bytes).unwrap())
+                    .zip(descriptors.into_iter())
+                    .collect()
+            })
             // FIXME: EncryptedRecord should return an error exposed in cipherstash_client
             .map_err(|_| SealError::AssertionFailed("FIXME".to_string()))
     }

src/crypto/attrs/flattened_protected_attributes.rs

@@ -2,9 +2,13 @@ use super::{
     flattened_encrypted_attributes::FlattenedEncryptedAttributes,
     normalized_protected_attributes::NormalizedKey,
 };
-use crate::{crypto::SealError, encrypted_table::{AttributeName, ScopedZeroKmsCipher}};
+use crate::{
+    crypto::SealError,
+    encrypted_table::{AttributeName, ScopedZeroKmsCipher},
+};
 use cipherstash_client::{
-    encryption::{BytesWithDescriptor, Plaintext}, zerokms::EncryptPayload,
+    encryption::{BytesWithDescriptor, Plaintext},
+    zerokms::EncryptPayload,
 };
 use itertools::Itertools;
 
@@ -38,9 +42,7 @@ impl FlattenedProtectedAttributes {
         let payloads: Vec<BytesWithDescriptor> = self.0.into_iter().map(Into::into).collect();
 
         cipher
-            .encrypt(
-                payloads.iter().map(EncryptPayload::from),
-            )
+            .encrypt(payloads.iter().map(EncryptPayload::from))
             .await?
             .into_iter()
             .chunks(chunk_size)

src/crypto/mod.rs

@@ -4,12 +4,12 @@ mod sealed;
 mod sealer;
 mod unsealed;
 use crate::{
-    traits::{PrimaryKeyError, PrimaryKeyParts, ReadConversionError, WriteConversionError}, Identifiable, IndexType, PrimaryKey
+    traits::{PrimaryKeyError, PrimaryKeyParts, ReadConversionError, WriteConversionError},
+    Identifiable, IndexType, PrimaryKey,
 };
 use cipherstash_client::{
-    encryption::{
-        EncryptionError, TypeParseError
-    },zerokms
+    encryption::{EncryptionError, TypeParseError},
+    zerokms,
 };
 use miette::Diagnostic;
 use std::borrow::Cow;

src/crypto/sealed.rs

@@ -203,18 +203,21 @@ impl TryFrom<SealedTableEntry> for HashMap<String, AttributeValue> {
 
 #[cfg(test)]
 mod tests {
-    use crate::encrypted_table::{ZeroKmsCipher};
+    use crate::encrypted_table::ZeroKmsCipher;
 
     use super::SealedTableEntry;
     use cipherstash_client::{
-        credentials::auto_refresh::AutoRefresh, ConsoleConfig, ZeroKMS, ZeroKMSConfig
+        credentials::auto_refresh::AutoRefresh, ConsoleConfig, ZeroKMS, ZeroKMSConfig,
     };
     use miette::IntoDiagnostic;
     use std::{borrow::Cow, sync::Arc};
 
     // FIXME: Use the test cipher from CipherStash Client when that's ready
     async fn get_cipher() -> Result<Arc<ZeroKmsCipher>, Box<dyn std::error::Error>> {
-        let console_config = ConsoleConfig::builder().with_env().build().into_diagnostic()?;
+        let console_config = ConsoleConfig::builder()
+            .with_env()
+            .build()
+            .into_diagnostic()?;
         let zero_kms_config = ZeroKMSConfig::builder()
             .decryption_log(true)
             .with_env()

src/crypto/sealer.rs

@@ -1,16 +1,17 @@
 use super::{
-    attrs::FlattenedProtectedAttributes, b64_encode, format_term_key, SealError, SealedTableEntry, Unsealed, MAX_TERMS_PER_INDEX
+    attrs::FlattenedProtectedAttributes, b64_encode, format_term_key, SealError, SealedTableEntry,
+    Unsealed, MAX_TERMS_PER_INDEX,
 };
 use crate::{
-    encrypted_table::{AttributeName, ScopedZeroKmsCipher, TableAttribute, TableAttributes, TableEntry},
+    encrypted_table::{
+        AttributeName, ScopedZeroKmsCipher, TableAttribute, TableAttributes, TableEntry,
+    },
     traits::PrimaryKeyParts,
     IndexType,
 };
-use cipherstash_client::{
-    encryption::{
-        compound_indexer::{ComposableIndex, ComposablePlaintext},
-        IndexTerm,
-    },
+use cipherstash_client::encryption::{
+    compound_indexer::{ComposableIndex, ComposablePlaintext},
+    IndexTerm,
 };
 use itertools::Itertools;
 use std::{borrow::Cow, collections::HashMap};
@@ -51,10 +52,7 @@ impl RecordsWithTerms {
         }
     }
 
-    async fn encrypt(
-        self,
-        cipher: &ScopedZeroKmsCipher,
-    ) -> Result<Vec<Sealed>, SealError> {
+    async fn encrypt(self, cipher: &ScopedZeroKmsCipher) -> Result<Vec<Sealed>, SealError> {
         let num_records = self.records.len();
         let mut pksks = Vec::with_capacity(num_records);
         let mut record_terms = Vec::with_capacity(num_records);
@@ -175,7 +173,9 @@ impl Sealer {
                             .take(MAX_TERMS_PER_INDEX)
                             .map(|x| (index_name.clone(), index_type, x))
                             .collect()),
-                        x => Err(SealError::InvalidCiphertext(format!("Invalid index term: `{x:?}"))),
+                        x => Err(SealError::InvalidCiphertext(format!(
+                            "Invalid index term: `{x:?}"
+                        ))),
                     })
                     .flatten_ok()
                     .try_collect()?;
@@ -184,12 +184,10 @@ impl Sealer {
                     .into_iter()
                     .enumerate()
                     .map(|(i, (index_name, index_type, value))| {
-                        let sk = b64_encode(
-                            cipher.mac::<32>(
-                                &format_term_key(sk.as_str(), &index_name, index_type, i),
-                                Some(pk.as_str()),
-                            ),
-                        );
+                        let sk = b64_encode(cipher.mac::<32>(
+                            &format_term_key(sk.as_str(), &index_name, index_type, i),
+                            Some(pk.as_str()),
+                        ));
 
                         Ok::<_, SealError>(Term { sk, value })
                     })

src/encrypted_table/mod.rs

@@ -18,18 +18,21 @@ use crate::{
 };
 use aws_sdk_dynamodb::types::{AttributeValue, Delete, Put, TransactWriteItem};
 use cipherstash_client::{
-    config::{console_config::ConsoleConfig, cts_config::CtsConfig, zero_kms_config::ZeroKMSConfig}, credentials::{
-        auto_refresh::AutoRefresh,
-        service_credentials::ServiceCredentials,
-    }, encryption::ScopedCipher, zerokms::{ZeroKMS, ZeroKMSWithClientKey}
+    config::{
+        console_config::ConsoleConfig, cts_config::CtsConfig, zero_kms_config::ZeroKMSConfig,
+    },
+    credentials::{auto_refresh::AutoRefresh, service_credentials::ServiceCredentials},
+    encryption::ScopedCipher,
+    zerokms::{ZeroKMS, ZeroKMSWithClientKey},
 };
 use log::info;
-use uuid::Uuid;
 use std::{
     borrow::Cow,
     collections::{HashMap, HashSet},
-    ops::Deref, sync::Arc,
+    ops::Deref,
+    sync::Arc,
 };
+use uuid::Uuid;
 
 pub struct Headless;
 
@@ -274,7 +277,8 @@ impl<D> EncryptedTable<D> {
         &self,
         items: impl IntoIterator<Item = HashMap<String, AttributeValue>>,
     ) -> Result<Vec<T>, DecryptError>
-    where T: Decryptable + Identifiable,
+    where
+        T: Decryptable + Identifiable,
     {
         decrypt_all(&self.cipher, items).await
     }
@@ -284,13 +288,18 @@ impl<D> EncryptedTable<D> {
         delete: PreparedDelete,
         dataset_id: Option<Uuid>,
     ) -> Result<DynamoRecordPatch, DeleteError> {
-        let scoped_cipher = ScopedZeroKmsCipher::init(self.cipher.clone(), dataset_id).await.unwrap();
+        let scoped_cipher = ScopedZeroKmsCipher::init(self.cipher.clone(), dataset_id)
+            .await
+            .unwrap();
 
-        let PrimaryKeyParts { pk, sk } = encrypt_primary_key_parts(&scoped_cipher, delete.primary_key)?;
+        let PrimaryKeyParts { pk, sk } =
+            encrypt_primary_key_parts(&scoped_cipher, delete.primary_key)?;
 
         let delete_records = all_index_keys(&sk, delete.protected_indexes)
             .into_iter()
-            .map(|x| Ok::<_, DeleteError>(b64_encode(scoped_cipher.mac::<32>(&x, Some(pk.as_str())))))
+            .map(|x| {
+                Ok::<_, DeleteError>(b64_encode(scoped_cipher.mac::<32>(&x, Some(pk.as_str()))))
+            })
             .chain([Ok(sk)])
             .map(|sk| {
                 let sk = sk?;
@@ -330,9 +339,7 @@ impl<D> EncryptedTable<D> {
         } = record;
 
         // Do the encryption
-        let sealed = sealer
-            .seal(protected_attributes, &indexable_cipher)
-            .await?;
+        let sealed = sealer.seal(protected_attributes, &indexable_cipher).await?;
 
         let mut put_records = Vec::with_capacity(sealed.len());
 
@@ -395,20 +402,32 @@ impl EncryptedTable<Dynamo> {
         T: Decryptable + Identifiable,
     {
         // TODO: Don't unwrap
-        let scoped_cipher = ScopedZeroKmsCipher::init(self.cipher.clone(), None).await.unwrap();
+        let scoped_cipher = ScopedZeroKmsCipher::init(self.cipher.clone(), None)
+            .await
+            .unwrap();
         self.get_inner(k, scoped_cipher).await
     }
 
-    pub async fn get_via<T>(&self, k: impl Into<T::PrimaryKey>, dataset_id: Uuid) -> Result<Option<T>, GetError>
+    pub async fn get_via<T>(
+        &self,
+        k: impl Into<T::PrimaryKey>,
+        dataset_id: Uuid,
+    ) -> Result<Option<T>, GetError>
     where
         T: Decryptable + Identifiable,
     {
         // TODO: Don't unwrap
-        let scoped_cipher = ScopedZeroKmsCipher::init(self.cipher.clone(), Some(dataset_id)).await.unwrap();
+        let scoped_cipher = ScopedZeroKmsCipher::init(self.cipher.clone(), Some(dataset_id))
+            .await
+            .unwrap();
         self.get_inner(k, scoped_cipher).await
     }
 
-    async fn get_inner<T>(&self, k: impl Into<T::PrimaryKey>, cipher: ScopedZeroKmsCipher) -> Result<Option<T>, GetError>
+    async fn get_inner<T>(
+        &self,
+        k: impl Into<T::PrimaryKey>,
+        cipher: ScopedZeroKmsCipher,
+    ) -> Result<Option<T>, GetError>
     where
         T: Decryptable + Identifiable,
     {
@@ -513,7 +532,6 @@ impl EncryptedTable<Dynamo> {
     }
 }
 
-
 /// Take a prepared primary key and encrypt it to get the [`PrimaryKeyParts`] which can be used
 /// for retrieval.
 fn encrypt_primary_key_parts(
@@ -533,13 +551,16 @@ fn encrypt_primary_key_parts(
     Ok(PrimaryKeyParts { pk, sk })
 }
 
-async fn decrypt<T>(scoped_cipher: &ZeroKmsCipher, item: HashMap<String, AttributeValue>) -> Result<T, DecryptError>
+async fn decrypt<T>(
+    scoped_cipher: &ZeroKmsCipher,
+    item: HashMap<String, AttributeValue>,
+) -> Result<T, DecryptError>
 where
     T: Decryptable + Identifiable,
 {
     let uspec = UnsealSpec::new_for_decryptable::<T>();
     let table_entry = SealedTableEntry::try_from(item)?;
-        let result = table_entry.unseal(uspec, scoped_cipher).await?;
+    let result = table_entry.unseal(uspec, scoped_cipher).await?;
 
     Ok(result.into_value()?)
 }

src/encrypted_table/query.rs

@@ -1,9 +1,7 @@
 use aws_sdk_dynamodb::{primitives::Blob, types::AttributeValue};
-use cipherstash_client::{
-    encryption::{
-        compound_indexer::{ComposableIndex, ComposablePlaintext},
-        Plaintext
-    },
+use cipherstash_client::encryption::{
+    compound_indexer::{ComposableIndex, ComposablePlaintext},
+    Plaintext,
 };
 use itertools::Itertools;
 use std::{borrow::Cow, collections::HashMap, marker::PhantomData};
@@ -14,7 +12,7 @@ use crate::{
 };
 use cipherstash_client::encryption::IndexTerm;
 
-use super::{Dynamo, EncryptedTable, ScopedZeroKmsCipher, QueryError, SealError};
+use super::{Dynamo, EncryptedTable, QueryError, ScopedZeroKmsCipher, SealError};
 
 /// A builder for a query operation which returns records of type `S`.
 /// `B` is the storage backend used to store the data.
@@ -44,7 +42,9 @@ impl PreparedQuery {
         } = self;
 
         let info = format!("{}#{}", type_name, index_name);
-        let index_term = scoped_cipher.compound_query(composed_index, plaintext, info).map_err(SealError::from)?;
+        let index_term = scoped_cipher
+            .compound_query(composed_index, plaintext, info)
+            .map_err(SealError::from)?;
 
         // With DynamoDB queries must always return a single term
         let term = if let IndexTerm::Binary(x) = index_term {
@@ -132,7 +132,9 @@ where
     where
         T: Decryptable + Identifiable,
     {
-        let scoped_cipher = ScopedZeroKmsCipher::init(self.storage.cipher.clone(), None).await.unwrap();
+        let scoped_cipher = ScopedZeroKmsCipher::init(self.storage.cipher.clone(), None)
+            .await
+            .unwrap();
 
         let storage = self.storage;
         let query = self.build()?;

src/errors/mod.rs

@@ -9,9 +9,7 @@ pub use crate::{
     traits::{ReadConversionError, WriteConversionError},
 };
 
-pub use cipherstash_client::{
-    config::errors::ConfigError, encryption::EncryptionError,
-};
+pub use cipherstash_client::{config::errors::ConfigError, encryption::EncryptionError};
 
 pub use aws_sdk_dynamodb::error::BuildError;
 

src/lib.rs

@@ -20,4 +20,4 @@ pub use cipherstash_dynamodb_derive::{Decryptable, Encryptable, Identifiable, Se
 
 // Re-exports
 pub use cipherstash_client::encryption;
-pub type Key = [u8; 32];
+pub type Key = [u8; 32];

tests/common.rs

@@ -84,8 +84,6 @@ pub async fn create_table(client: &Client, table_name: &str) {
         .expect("Failed to create table");
 }
 
-
-
 #[macro_export]
 macro_rules! assert_err {
     ($cond:expr,) => {
@@ -130,4 +128,4 @@ macro_rules! assert_none {
             Err(e) => (),
         }
     };
-}
+}