Hmac all sort keys

Bennett Hardwick · Bennett Hardwick · commit 6fec90b69dbe · 2023-11-27T11:49:31.000+10:00
diff --git a/src/crypto/mod.rs b/src/crypto/mod.rs
@@ -56,7 +56,7 @@ pub(crate) fn all_index_keys<E: Searchable + Encryptable>(sort_key: &str) -> Vec
         .collect()
 }
 
-pub(crate) fn encrypt_partition_key<C>(
+pub(crate) fn hmac<C>(
     value: &str,
     cipher: &Encryption<C>,
 ) -> Result<String, EncryptionError>
diff --git a/src/crypto/sealer.rs b/src/crypto/sealer.rs
@@ -1,4 +1,4 @@
-use super::{encrypt_partition_key, SealError, Sealed, Unsealed, MAX_TERMS_PER_INDEX};
+use super::{hmac, SealError, Sealed, Unsealed, MAX_TERMS_PER_INDEX};
 use crate::{
     encrypted_table::{TableAttribute, TableEntry},
     traits::PrimaryKeyParts,
@@ -64,11 +64,11 @@ impl<T> Sealer<T> {
         let mut sk = self.inner.sort_key();
 
         if T::is_partition_key_encrypted() {
-            pk = encrypt_partition_key(&pk, cipher)?;
+            pk = hmac(&pk, cipher)?;
         }
 
         if T::is_sort_key_encrypted() {
-            sk = encrypt_partition_key(&sk, cipher)?;
+            sk = hmac(&sk, cipher)?;
         }
 
         let mut table_entry = TableEntry::new_with_attributes(
@@ -112,15 +112,14 @@ impl<T> Sealer<T> {
                     })
                     .ok_or(SealError::MissingAttribute(index_name.to_string()))
                     .and_then(|(attr, index, index_name)| {
-                        cipher
-                            .compound_index(
-                                &CompoundIndex::new(index),
-                                attr,
-                                Some(format!("{}#{}", T::type_name(), index_name)),
-                                term_length,
-                            )
-                            .map_err(SealError::CryptoError)
-                            .map(|result| (index_name, result))
+                        let term = cipher.compound_index(
+                            &CompoundIndex::new(index),
+                            attr,
+                            Some(format!("{}#{}", T::type_name(), index_name)),
+                            term_length,
+                        )?;
+
+                        Ok::<_, SealError>((index_name, term))
                     })
             })
             .map(|index_term| match index_term {
@@ -138,16 +137,16 @@ impl<T> Sealer<T> {
             .enumerate()
             .take(MAX_TERMS_PER_INDEX)
             .map(|(i, (index_name, term))| {
-                Sealed(
+                Ok(Sealed(
                     table_entry
                         .clone()
                         .set_term(hex::encode(term))
                         // TODO: HMAC the sort key, too (users#index_name#pk)
-                        .set_sk(format!("{}#{}#{}", &sk, index_name, i)),
-                )
+                        .set_sk(hmac(&format!("{}#{}#{}", &sk, index_name, i), &cipher)?),
+                ))
             })
-            .chain(once(Sealed(table_entry.clone())))
-            .collect();
+            .chain(once(Ok(Sealed(table_entry.clone()))))
+            .collect::<Result<_, SealError>>()?;
 
         Ok((PrimaryKeyParts { pk, sk }, table_entries))
     }
diff --git a/src/encrypted_table/mod.rs b/src/encrypted_table/mod.rs
@@ -45,6 +45,8 @@ pub enum PutError {
     Seal(#[from] SealError),
     #[error("CryptoError: {0}")]
     Crypto(#[from] CryptoError),
+    #[error("Encryption Error: {0}")]
+    Encryption(#[from] EncryptionError),
 }
 
 #[derive(Error, Debug)]
@@ -123,11 +125,11 @@ impl EncryptedTable {
         let PrimaryKeyParts { mut pk, mut sk } = k.into().into_parts::<T>();
 
         if T::is_partition_key_encrypted() {
-            pk = encrypt_partition_key(&pk, &self.cipher)?;
+            pk = hmac(&pk, &self.cipher)?;
         }
 
         if T::is_sort_key_encrypted() {
-            sk = encrypt_partition_key(&sk, &self.cipher)?;
+            sk = hmac(&sk, &self.cipher)?;
         }
 
         Ok(PrimaryKeyParts { pk, sk })
@@ -164,9 +166,13 @@ impl EncryptedTable {
     ) -> Result<(), DeleteError> {
         let PrimaryKeyParts { pk, sk } = self.get_primary_key_parts::<E>(k)?;
 
-        let sk_to_delete = all_index_keys::<E>(&sk).into_iter().chain([sk]);
+        let sk_to_delete = all_index_keys::<E>(&sk)
+            .into_iter()
+            .map(|x| hmac(&x, &self.cipher))
+            .chain([Ok(sk)])
+            .collect::<Result<Vec<_>, _>>()?;
 
-        let transact_items = sk_to_delete.map(|sk| {
+        let transact_items = sk_to_delete.into_iter().map(|sk| {
             TransactWriteItem::builder()
                 .delete(
                     Delete::builder()
@@ -220,6 +226,8 @@ impl EncryptedTable {
         }
 
         for index_sk in all_index_keys::<T>(&sk) {
+            let index_sk = hmac(&index_sk, &self.cipher)?;
+
             if seen_sk.contains(&index_sk) {
                 continue;
             }

Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ pub(crate) fn all_index_keys<E: Searchable + Encryptable>(sort_key: &str) -> Vec`
`56`	`56`	`.collect()`
`57`	`57`	`}`
`58`	`58`
`59`		`-pub(crate) fn encrypt_partition_key<C>(`
	`59`	`+pub(crate) fn hmac<C>(`
`60`	`60`	`value: &str,`
`61`	`61`	`cipher: &Encryption<C>,`
`62`	`62`	`) -> Result<String, EncryptionError>`