Update JSON schemas to reflect current implementation in Proxy

CDThomas · CDThomas · commit e6e03abf88c7 · 2024-11-15T09:09:55.000+11:00
This change updates the JSON schemas to reflect the data structures currently
implemented in Proxy.

`cs_encrypted_v1.schema.json` has been split into three separate schemas:
1. Plaintext
2. Encrypted for storage
3. Encrypted for query
diff --git a/sql/schemas/cs_encrypted_query_v1.schema.json b/sql/schemas/cs_encrypted_query_v1.schema.json
@@ -0,0 +1,94 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "description": "The EQL encrypted JSON payload used for queries.",
+  "type": "object",
+  "properties": {
+    "k": {
+      "title": "kind",
+      "type": "string",
+      "enum": ["qm", "qo", "qu", "qsv", "qsvs"]
+    }
+  },
+  "oneOf": [
+    {
+      "description": "match query",
+      "properties": {
+        "k": {
+          "const": "qm"
+        },
+        "m": {
+          "title": "match index",
+          "type": "array",
+          "minItems": 1,
+          "items": {
+            "type": "number"
+          }
+        }
+      },
+      "required": ["m"]
+    },
+    {
+      "description": "ore query",
+      "properties": {
+        "k": {
+          "const": "qo"
+        },
+        "o": {
+          "title": "ore index",
+          "type": "array",
+          "minItems": 1,
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "required": ["o"]
+    },
+    {
+      "description": "unique query",
+      "properties": {
+        "k": {
+          "const": "qu"
+        },
+        "u": {
+          "title": "unique index",
+          "type": "string"
+        }
+      },
+      "required": ["u"]
+    },
+    {
+      "description": "Structed Encryption vector query",
+      "properties": {
+        "k": {
+          "const": "qsv"
+        },
+        "sv": {
+          "type": "array",
+          "items": {
+            "type": "array",
+            "items": {
+              "type": "string",
+              "minItems": 2,
+              "maxItems": 2
+            }
+          }
+        }
+      },
+      "required": ["sv"]
+    },
+    {
+      "description": "Structed Encryption vector selector query",
+      "properties": {
+        "k": {
+          "const": "qsvs"
+        },
+        "svs": {
+          "type": "string"
+        }
+      },
+      "required": ["svs"]
+    }
+  ],
+  "required": ["k"]
+}
diff --git a/sql/schemas/cs_encrypted_storage_v1.schema.json b/sql/schemas/cs_encrypted_storage_v1.schema.json
@@ -0,0 +1,88 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "description": "The EQL encrypted JSON payload used for storage.",
+  "type": "object",
+  "properties": {
+    "v": {
+      "title": "Schema version",
+      "type": "integer"
+    },
+    "k": {
+      "title": "kind",
+      "type": "string",
+      "enum": ["ct", "sv"]
+    },
+    "i": {
+      "title": "ident",
+      "type": "object",
+      "properties": {
+        "t": {
+          "title": "table",
+          "type": "string",
+          "pattern": "^[a-zA-Z_]{1}[0-9a-zA-Z_]*$"
+        },
+        "c": {
+          "title": "column",
+          "type": "string",
+          "pattern": "^[a-zA-Z_]{1}[0-9a-zA-Z_]*$"
+        }
+      },
+      "required": ["t", "c"]
+    }
+  },
+  "oneOf": [
+    {
+      "properties": {
+        "k": {
+          "const": "ct"
+        },
+        "c": {
+          "title": "ciphertext",
+          "type": "string"
+        },
+        "u": {
+          "title": "unique index",
+          "type": "string"
+        },
+        "o": {
+          "title": "ore index",
+          "type": "array",
+          "minItems": 1,
+          "items": {
+            "type": "string"
+          }
+        },
+        "m": {
+          "title": "match index",
+          "type": "array",
+          "minItems": 1,
+          "items": {
+            "type": "number"
+          }
+        }
+      },
+      "required": ["c"]
+    },
+    {
+      "properties": {
+        "k": {
+          "const": "sv"
+        },
+        "sv": {
+          "title": "Structured Encryption vector",
+          "type": "array",
+          "items": {
+            "type": "array",
+            "items": {
+              "type": "string",
+              "minItems": 3,
+              "maxItems": 3
+            }
+          }
+        }
+      },
+      "required": ["sv"]
+    }
+  ],
+  "required": ["v", "k", "i"]
+}
diff --git a/sql/schemas/cs_encrypted_v1.schema.json b/sql/schemas/cs_encrypted_v1.schema.json
diff --git a/sql/schemas/cs_plaintext_v1.schema.json b/sql/schemas/cs_plaintext_v1.schema.json
@@ -0,0 +1,44 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "description": "The EQL plaintext JSON payload sent by a client (such as an application) to CipherStash Proxy.",
+  "type": "object",
+  "properties": {
+    "v": {
+      "title": "Schema version",
+      "type": "integer"
+    },
+    "k": {
+      "title": "kind",
+      "type": "string",
+      "const": "pt"
+    },
+    "i": {
+      "title": "ident",
+      "type": "object",
+      "properties": {
+        "t": {
+          "title": "table",
+          "type": "string",
+          "pattern": "^[a-zA-Z_]{1}[0-9a-zA-Z_]*$"
+        },
+        "c": {
+          "title": "column",
+          "type": "string",
+          "pattern": "^[a-zA-Z_]{1}[0-9a-zA-Z_]*$"
+        }
+      },
+      "required": ["t", "c"]
+    },
+    "p": {
+      "title": "plaintext",
+      "type": "string"
+    },
+    "q": {
+      "title": "for query",
+      "description": "Specifies that the plaintext should be encrypted for a specific query operation. If null, source encryption and encryption for all indexes will be performed.",
+      "type": "string",
+      "enum": ["match", "ore", "unique", "ste_vec", "ejson_path"]
+    }
+  },
+  "required": ["v", "k", "i", "p"]
+}
