diff --git a/Cargo.lock b/Cargo.lock index 06f4e1f9..d4499d08 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -95,6 +95,12 @@ version = "1.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b3d1d046238990b9cf5bcde22a3fb3584ee5cf65fb2765f454ed428c7a0063da" +[[package]] +name = "arrayref" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76a2e8124351fda1ef8aaaa3bbd7ebbcb486bbcd4225aca0aa0d84bb2db8fecb" + [[package]] name = "arrayvec" version = "0.7.4" @@ -121,6 +127,15 @@ dependencies = [ "syn 2.0.74", ] +[[package]] +name = "atomic" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d818003e740b63afc82337e3160717f4f63078720a810b7b903e70a5d1d2994" +dependencies = [ + "bytemuck", +] + [[package]] name = "autocfg" version = "1.3.0" @@ -519,6 +534,19 @@ dependencies = [ "wyz", ] +[[package]] +name = "blake3" +version = "1.5.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d82033247fd8e890df8f740e407ad4d038debb9eb1f40533fffb32e7d17dc6f7" +dependencies = [ + "arrayref", + "arrayvec", + "cc", + "cfg-if", + "constant_time_eq", +] + [[package]] name = "block-buffer" version = "0.10.4" @@ -596,6 +624,12 @@ dependencies = [ "syn 1.0.109", ] +[[package]] +name = "bytemuck" +version = "1.18.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94bbb0ad554ad961ddc5da507a12a29b14e4ae5bda06b19f575a3e6079d2e2ae" + [[package]] name = "byteorder" version = "1.5.0" @@ -620,9 +654,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.11" +version = "1.1.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5fb8dd288a69fc53a1996d7ecfbf4a20d59065bff137ce7e56bbd620de191189" +checksum = "2e80e3b6a3ab07840e1cae9b0666a63970dc28e8ed5ffbcdacbfc760c281bfc1" dependencies = [ "shlex", ] @@ -675,15 +709,16 @@ dependencies = [ [[package]] name = "cipherstash-client" -version = "0.12.2" +version = "0.12.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be4cc8962801aa6aef9984480054a6e9bface7461f0a84ed0a96e513a9d8bb31" +checksum = "0c3edf8625fefa8a3cbf9d034faac4c57772b529a1e2636e93bab7f7d016b179" dependencies = [ "aes-gcm-siv", "anyhow", "async-mutex", "async-trait", "base64 0.22.1", + "blake3", "cfg-if", "chrono", "cipherstash-core", @@ -704,6 +739,7 @@ dependencies = [ "reqwest", "reqwest-middleware", "reqwest-retry", + "rust-stemmers", "rust_decimal", "serde", "serde_cbor", @@ -721,9 +757,9 @@ dependencies = [ [[package]] name = "cipherstash-config" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aae72221ec05789b85580ad39142833b847c1119d1bab27a0fc26945103b44b8" +checksum = "dc8e9746b51e9731ab262ed4dbfc859555b0396a2120ebf81de193eca4bdf61f" dependencies = [ "serde", "thiserror", @@ -746,7 +782,7 @@ dependencies = [ [[package]] name = "cipherstash-dynamodb" -version = "0.8.1" +version = "0.8.2" dependencies = [ "async-trait", "aws-config", @@ -804,6 +840,12 @@ dependencies = [ "digest", ] +[[package]] +name = "constant_time_eq" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7c74b8349d32d297c9134b8c88677813a227df8f779daa29bfc29c183fe3dca6" + [[package]] name = "core-foundation" version = "0.9.4" @@ -849,6 +891,40 @@ dependencies = [ "cipher 0.4.4", ] +[[package]] +name = "darling" +version = "0.20.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f63b86c8a8826a49b8c21f08a2d07338eec8d900540f8630dc76284be802989" +dependencies = [ + "darling_core", + "darling_macro", +] + +[[package]] +name = "darling_core" +version = "0.20.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "95133861a8032aaea082871032f5815eb9e98cef03fa916ab4500513994df9e5" +dependencies = [ + "fnv", + "ident_case", + "proc-macro2", + "quote", + "syn 2.0.74", +] + +[[package]] +name = "darling_macro" +version = "0.20.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d336a2a514f6ccccaa3e09b02d41d35330c07ddf03a62165fcec10bb561c7806" +dependencies = [ + "darling_core", + "quote", + "syn 2.0.74", +] + [[package]] name = "dashmap" version = "5.5.3" @@ -880,6 +956,12 @@ dependencies = [ "powerfmt", ] +[[package]] +name = "deunicode" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "339544cc9e2c4dc3fc7149fd630c5f22263a4fdf18a98afd0075784968b5cf00" + [[package]] name = "digest" version = "0.10.7" @@ -911,6 +993,18 @@ dependencies = [ "winapi", ] +[[package]] +name = "dummy" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1cac124e13ae9aa56acc4241f8c8207501d93afdd8d8e62f0c1f2e12f6508c65" +dependencies = [ + "darling", + "proc-macro2", + "quote", + "syn 2.0.74", +] + [[package]] name = "either" version = "1.13.0" @@ -952,6 +1046,18 @@ version = "2.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0" +[[package]] +name = "fake" +version = "2.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d391ba4af7f1d93f01fcf7b2f29e2bc9348e109dfdbf4dcbdc51dfa38dab0b6" +dependencies = [ + "deunicode", + "dummy", + "rand", + "uuid", +] + [[package]] name = "fastrand" version = "2.1.0" @@ -1377,6 +1483,12 @@ dependencies = [ "cc", ] +[[package]] +name = "ident_case" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" + [[package]] name = "idna" version = "0.5.0" @@ -1518,6 +1630,16 @@ dependencies = [ "regex-automata 0.1.10", ] +[[package]] +name = "md-5" +version = "0.10.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d89e7ee0cfbedfc4da3340218492196241d89eefb6dab27de5df917a6d2e78cf" +dependencies = [ + "cfg-if", + "digest", +] + [[package]] name = "memchr" version = "2.7.4" @@ -2115,9 +2237,9 @@ dependencies = [ [[package]] name = "recipher" -version = "0.1.1" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8dec46185f56dadb8c4cdfa7f919b30c68eb925f354c9dd4f5388ff88feda119" +checksum = "ca5a23c61ec6a3c09ad85d91c3f0f2da5037c56e6d8846fca9b3797958d51c48" dependencies = [ "aes", "async-trait", @@ -2351,6 +2473,16 @@ dependencies = [ "syn 1.0.109", ] +[[package]] +name = "rust-stemmers" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e46a2036019fdb888131db7a4c847a1063a7493f971ed94ea82c67eada63ca54" +dependencies = [ + "serde", + "serde_derive", +] + [[package]] name = "rust_decimal" version = "1.35.0" @@ -3270,7 +3402,9 @@ version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "81dfa00651efa65069b0b6b651f4aaa31ba9e3c3ce0137aaad053604ee7e0314" dependencies = [ + "atomic", "getrandom", + "md-5", "serde", "sha1_smol", ] @@ -3737,13 +3871,15 @@ dependencies = [ [[package]] name = "zerokms-protocol" -version = "0.2.2" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0f3f5dee0d8836fd77c924392e964bf5a780cf45a48cb2e27ef77aea88718ac" +checksum = "a4d4d9c063d8cb3904a3a622501d46e09491905bfbe42ec9d85a77af796b35d5" dependencies = [ "async-trait", "base64 0.22.1", "cipherstash-config", + "fake", + "rand", "serde", "static_assertions", "thiserror", diff --git a/Cargo.toml b/Cargo.toml index 042eb3c8..18eac95e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -6,14 +6,14 @@ repository = "https://github.com/cipherstash/cipherstash-dynamodb" documentation = "https://docs.rs/cipherstash-dynamodb" readme = "README.md" description = "CipherStash SDK for searchable, in-use encryption for DynamoDB" -version = "0.8.1" +version = "0.8.2" edition = "2021" authors = ["CipherStash "] keywords = ["cryptography", "security", "databases", "encryption", "dynamodb"] categories = ["cryptography", "database"] [dependencies] -cipherstash-client = { version = "0.12" } +cipherstash-client = { version = ">=0.12.4" } cipherstash-dynamodb-derive = { version = "0.8", path = "cipherstash-dynamodb-derive" } aws-sdk-dynamodb = "1.3.0" diff --git a/src/crypto/attrs/flattened_encrypted_attributes.rs b/src/crypto/attrs/flattened_encrypted_attributes.rs index 9acfe4fd..d38299dd 100644 --- a/src/crypto/attrs/flattened_encrypted_attributes.rs +++ b/src/crypto/attrs/flattened_encrypted_attributes.rs @@ -5,8 +5,8 @@ use crate::{ }; use cipherstash_client::{ credentials::{service_credentials::ServiceToken, Credentials}, - encryption::{Encryption, EncryptionError}, - zero_kms::EncryptedRecord, + encryption::Encryption, + zerokms::EncryptedRecord, }; use itertools::Itertools; @@ -61,7 +61,7 @@ impl FlattenedEncryptedAttributes { record .to_vec() .map(|data| (FlattenedAttrName::parse(&record.descriptor), data)) - .map_err(EncryptionError::from) + .map_err(|_| SealError::AssertionFailed("Decryption failed".to_string())) }) .fold_ok( Ok(TableAttributes::new()), diff --git a/src/crypto/mod.rs b/src/crypto/mod.rs index 3329aca7..64923215 100644 --- a/src/crypto/mod.rs +++ b/src/crypto/mod.rs @@ -13,7 +13,7 @@ use cipherstash_client::{ compound_indexer::{CompoundIndex, ExactIndex}, Encryption, EncryptionError, Plaintext, TypeParseError, }, - vitur_client::DecryptError, + zerokms::Error as ZeroKmsError, }; use miette::Diagnostic; use std::borrow::Cow; @@ -49,10 +49,11 @@ pub enum SealError { // Note that we don't expose the specific error type here // so as to avoid leaking any information - #[error("Encryption failed")] + #[error(transparent)] EncryptionError(#[from] EncryptionError), - #[error("Decryption failed")] - DecryptionError(#[from] DecryptError), + + #[error(transparent)] + ZeroKmsError(#[from] ZeroKmsError), } #[derive(Error, Debug)] diff --git a/src/encrypted_table/mod.rs b/src/encrypted_table/mod.rs index d368c24d..b0ef10c8 100644 --- a/src/encrypted_table/mod.rs +++ b/src/encrypted_table/mod.rs @@ -18,16 +18,15 @@ use crate::{ }; use aws_sdk_dynamodb::types::{AttributeValue, Delete, Put, TransactWriteItem}; use cipherstash_client::{ - config::{ - console_config::ConsoleConfig, cts_config::CtsConfig, zero_kms_config::ZeroKMSConfig, - }, + config::{console_config::ConsoleConfig, cts_config::CtsConfig}, credentials::{ auto_refresh::AutoRefresh, service_credentials::{ServiceCredentials, ServiceToken}, Credentials, }, encryption::Encryption, - zero_kms::ZeroKMS, + zerokms::ZeroKMS, + ZeroKMSConfig, }; use log::info; use std::{ @@ -73,26 +72,26 @@ impl EncryptedTable { let cts_config = CtsConfig::builder().with_env().build()?; - let zero_kms_config = ZeroKMSConfig::builder() + let zerokms_config = ZeroKMSConfig::builder() .decryption_log(true) .with_env() .console_config(&console_config) .cts_config(&cts_config) .build_with_client_key()?; - let zero_kms_client = ZeroKMS::new_with_client_key( - &zero_kms_config.base_url(), - AutoRefresh::new(zero_kms_config.credentials()), - zero_kms_config.decryption_log_path().as_deref(), - zero_kms_config.client_key(), + let zerokms_client = ZeroKMS::new_with_client_key( + &zerokms_config.base_url(), + AutoRefresh::new(zerokms_config.credentials()), + zerokms_config.decryption_log_path().as_deref(), + zerokms_config.client_key(), ); info!("Fetching dataset config..."); - let dataset_config = zero_kms_client.load_dataset_config().await?; + let dataset_config = zerokms_client.load_dataset_config().await?; let cipher = Box::new(Encryption::new( dataset_config.index_root_key, - zero_kms_client, + zerokms_client, )); info!("Ready!"); diff --git a/src/encrypted_table/table_attribute.rs b/src/encrypted_table/table_attribute.rs index 390ca5da..87f659db 100644 --- a/src/encrypted_table/table_attribute.rs +++ b/src/encrypted_table/table_attribute.rs @@ -1,6 +1,6 @@ use super::{ReadConversionError, SealError}; use aws_sdk_dynamodb::{primitives::Blob, types::AttributeValue}; -use cipherstash_client::zero_kms::EncryptedRecord; +use cipherstash_client::zerokms::EncryptedRecord; use std::{ collections::{BTreeMap, HashMap}, str::FromStr, @@ -42,7 +42,7 @@ impl TableAttribute { ) -> Result { if let TableAttribute::Bytes(s) = self { EncryptedRecord::from_slice(&s[..]) - .map_err(SealError::from) + .map_err(|_| SealError::AssertionFailed("Could not parse EncryptedRecord".to_string())) .and_then(|record| { if record.descriptor == descriptor { Ok(record) diff --git a/src/errors/mod.rs b/src/errors/mod.rs index 06b592ca..d51c525f 100644 --- a/src/errors/mod.rs +++ b/src/errors/mod.rs @@ -9,7 +9,7 @@ pub use crate::{ }; pub use cipherstash_client::{ - config::errors::ConfigError, encryption::EncryptionError, zero_kms::errors::LoadConfigError, + config::errors::ConfigError, encryption::EncryptionError, zerokms::Error as ZeroKmsError, }; pub use aws_sdk_dynamodb::error::BuildError; @@ -97,8 +97,8 @@ pub trait DynamoError: std::error::Error + Sized {} pub enum InitError { #[error("ConfigError: {0}")] Config(#[from] ConfigError), - #[error("LoadConfigError: {0}")] - LoadConfig(#[from] LoadConfigError), + #[error(transparent)] + ZeroKmsError(#[from] ZeroKmsError), } /// The [`enum@Error`] type abstracts all errors returned by `cipherstash-dynamodb` for easy use with the `?` operator. diff --git a/tests/ui/public_api.rs b/tests/ui/public_api.rs index 1d781548..b11afc79 100644 --- a/tests/ui/public_api.rs +++ b/tests/ui/public_api.rs @@ -13,7 +13,7 @@ use cipherstash_dynamodb::traits::TryFromPlaintext; // Error Dependencies use cipherstash_dynamodb::errors::{ - BuildError, ConfigError, EncryptionError, LoadConfigError, SealError, WriteConversionError, + BuildError, ConfigError, EncryptionError, SealError, WriteConversionError, }; // Encrypted Table