Enable indexing on eql_v2_encrypted columns without needing function helpers #118
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,61 @@ | ||
| -- REQUIRE: src/schema.sql | ||
| -- REQUIRE: src/blake3/types.sql | ||
| -- REQUIRE: src/blake3/functions.sql | ||
|
|
||
|
|
||
| CREATE FUNCTION eql_v2.compare_blake3(a eql_v2_encrypted, b eql_v2_encrypted) | ||
| RETURNS integer | ||
| IMMUTABLE STRICT PARALLEL SAFE | ||
| AS $$ | ||
| DECLARE | ||
| a_term eql_v2.blake3; | ||
| b_term eql_v2.blake3; | ||
| BEGIN | ||
|
|
||
| IF a IS NULL AND b IS NULL THEN | ||
| RETURN 0; | ||
| END IF; | ||
|
|
||
| IF a IS NULL THEN | ||
| RETURN -1; | ||
| END IF; | ||
|
|
||
| IF b IS NULL THEN | ||
| RETURN 1; | ||
| END IF; | ||
|
|
||
| IF eql_v2.has_blake3(a) THEN | ||
| a_term = eql_v2.blake3(a); | ||
| END IF; | ||
|
|
||
| IF eql_v2.has_blake3(b) THEN | ||
| b_term = eql_v2.blake3(b); | ||
| END IF; | ||
|
|
||
| IF a_term IS NULL AND b_term IS NULL THEN | ||
| RETURN 0; | ||
| END IF; | ||
|
|
||
| IF a_term IS NULL THEN | ||
| RETURN -1; | ||
| END IF; | ||
|
|
||
| IF b_term IS NULL THEN | ||
| RETURN 1; | ||
| END IF; | ||
|
|
||
| -- Using the underlying text type comparison | ||
| IF a_term = b_term THEN | ||
| RETURN 0; | ||
| END IF; | ||
|
|
||
| IF a_term < b_term THEN | ||
| RETURN -1; | ||
| END IF; | ||
|
|
||
| IF a_term > b_term THEN | ||
| RETURN 1; | ||
| END IF; | ||
|
|
||
| END; | ||
| $$ LANGUAGE plpgsql; | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| \set ON_ERROR_STOP on | ||
|
|
||
| DO $$ | ||
| DECLARE | ||
| a eql_v2_encrypted; | ||
| b eql_v2_encrypted; | ||
| c eql_v2_encrypted; | ||
| BEGIN | ||
| a := create_encrypted_json(1, 'b3'); | ||
| b := create_encrypted_json(2, 'b3'); | ||
| c := create_encrypted_json(3, 'b3'); | ||
|
|
||
| ASSERT eql_v2.compare_blake3(a, a) = 0; | ||
| ASSERT eql_v2.compare_blake3(a, b) = -1; | ||
| ASSERT eql_v2.compare_blake3(a, c) = -1; | ||
|
|
||
| ASSERT eql_v2.compare_blake3(b, b) = 0; | ||
| ASSERT eql_v2.compare_blake3(b, a) = 1; | ||
| ASSERT eql_v2.compare_blake3(b, c) = -1; | ||
|
|
||
| ASSERT eql_v2.compare_blake3(c, c) = 0; | ||
| ASSERT eql_v2.compare_blake3(c, b) = 1; | ||
| ASSERT eql_v2.compare_blake3(c, a) = 1; | ||
| END; | ||
| $$ LANGUAGE plpgsql; | ||
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| -- REQUIRE: src/schema.sql | ||
| -- REQUIRE: src/encrypted/types.sql | ||
|
|
||
| -- | ||
| -- Compare two eql_v2_encrypted values as literal jsonb values | ||
| -- Used as a fallback when no suitable search term is available | ||
| -- | ||
| CREATE FUNCTION eql_v2.compare_literal(a eql_v2_encrypted, b eql_v2_encrypted) | ||
| RETURNS integer | ||
| IMMUTABLE STRICT PARALLEL SAFE | ||
| AS $$ | ||
| DECLARE | ||
| a_data jsonb; | ||
| b_data jsonb; | ||
| BEGIN | ||
|
|
||
| IF a IS NULL AND b IS NULL THEN | ||
| RETURN 0; | ||
| END IF; | ||
|
|
||
| IF a IS NULL THEN | ||
| RETURN -1; | ||
| END IF; | ||
|
|
||
| IF b IS NULL THEN | ||
| RETURN 1; | ||
| END IF; | ||
|
|
||
| a_data := a.data; | ||
| b_data := b.data; | ||
|
|
||
| IF a_data < b_data THEN | ||
| RETURN -1; | ||
| END IF; | ||
|
|
||
| IF a_data > b_data THEN | ||
| RETURN 1; | ||
| END IF; | ||
|
|
||
| RETURN 0; | ||
| END; | ||
| $$ LANGUAGE plpgsql; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,61 @@ | ||
| -- REQUIRE: src/schema.sql | ||
| -- REQUIRE: src/hmac_256/types.sql | ||
| -- REQUIRE: src/hmac_256/functions.sql | ||
|
|
||
|
|
||
| CREATE FUNCTION eql_v2.compare_hmac_256(a eql_v2_encrypted, b eql_v2_encrypted) | ||
|
There was a problem hiding this comment. What's the difference between this and blake3? There was a problem hiding this comment. The types are different, although both resolve to text. There was a problem hiding this comment. Sorry I mean what do we use them for? HMAC and Blake are essentially the same thing. There was a problem hiding this comment. @coderdan Blake3 is used in the SteVec implementation. I've followed the There was a problem hiding this comment. Naming was discussed here https://discourse.cipherstash.com/t/eql-json-fields-should-be-named-after-their-search-term-algorithm/441 And in slack. |
||
| RETURNS integer | ||
| IMMUTABLE STRICT PARALLEL SAFE | ||
| AS $$ | ||
| DECLARE | ||
| a_term eql_v2.hmac_256; | ||
| b_term eql_v2.hmac_256; | ||
| BEGIN | ||
|
|
||
| IF a IS NULL AND b IS NULL THEN | ||
| RETURN 0; | ||
| END IF; | ||
|
|
||
| IF a IS NULL THEN | ||
| RETURN -1; | ||
| END IF; | ||
|
|
||
| IF b IS NULL THEN | ||
| RETURN 1; | ||
| END IF; | ||
|
|
||
| IF eql_v2.has_hmac_256(a) THEN | ||
| a_term = eql_v2.hmac_256(a); | ||
| END IF; | ||
|
|
||
| IF eql_v2.has_hmac_256(b) THEN | ||
| b_term = eql_v2.hmac_256(b); | ||
| END IF; | ||
|
|
||
| IF a_term IS NULL AND b_term IS NULL THEN | ||
| RETURN 0; | ||
| END IF; | ||
|
|
||
| IF a_term IS NULL THEN | ||
| RETURN -1; | ||
| END IF; | ||
|
|
||
| IF b_term IS NULL THEN | ||
| RETURN 1; | ||
| END IF; | ||
|
|
||
| -- Using the underlying text type comparison | ||
| IF a_term = b_term THEN | ||
| RETURN 0; | ||
| END IF; | ||
|
|
||
| IF a_term < b_term THEN | ||
| RETURN -1; | ||
| END IF; | ||
|
|
||
| IF a_term > b_term THEN | ||
| RETURN 1; | ||
| END IF; | ||
|
|
||
| END; | ||
| $$ LANGUAGE plpgsql; | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| \set ON_ERROR_STOP on | ||
|
|
||
| DO $$ | ||
| DECLARE | ||
| a eql_v2_encrypted; | ||
| b eql_v2_encrypted; | ||
| c eql_v2_encrypted; | ||
| BEGIN | ||
| a := create_encrypted_json(1, 'hm'); | ||
| b := create_encrypted_json(2, 'hm'); | ||
| c := create_encrypted_json(3, 'hm'); | ||
|
|
||
| ASSERT eql_v2.compare_hmac_256(a, a) = 0; | ||
| ASSERT eql_v2.compare_hmac_256(a, b) = -1; | ||
| ASSERT eql_v2.compare_hmac_256(a, c) = -1; | ||
|
|
||
| ASSERT eql_v2.compare_hmac_256(b, b) = 0; | ||
| ASSERT eql_v2.compare_hmac_256(b, a) = 1; | ||
| ASSERT eql_v2.compare_hmac_256(b, c) = -1; | ||
|
|
||
| ASSERT eql_v2.compare_hmac_256(c, c) = 0; | ||
| ASSERT eql_v2.compare_hmac_256(c, b) = 1; | ||
| ASSERT eql_v2.compare_hmac_256(c, a) = 1; | ||
| END; | ||
| $$ LANGUAGE plpgsql; | ||
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| \set ON_ERROR_STOP on | ||
|
|
||
| SELECT create_table_with_encrypted(); | ||
| SELECT seed_encrypted_json(); | ||
|
|
||
|
|
||
| -- ======================================================================== | ||
|
|
||
|
|
||
| -- ------------------------------------------------------------------------ | ||
| -- ------------------------------------------------------------------------ | ||
| -- | ||
| -- ore_cllw_u64_8 less than or equal to <= | ||
| -- | ||
| -- Test data is in form '{"hello": "{one | two | three}", "n": {10 | 20 | 30} }' | ||
| -- | ||
| -- Paths | ||
| -- $ -> bca213de9ccce676fa849ff9c4807963 | ||
| -- $.hello -> a7cea93975ed8c01f861ccb6bd082784 | ||
| -- $.n -> 2517068c0d1f9d4d41d2c666211f785e | ||
| -- | ||
| -- | ||
| DO $$ | ||
| DECLARE | ||
| sv eql_v2_encrypted; | ||
| term eql_v2_encrypted; | ||
| BEGIN | ||
|
|
||
| -- This extracts the data associated with the field from the test eql_v2_encrypted | ||
| -- json n: 10 | ||
| sv := get_numeric_ste_vec_20()::eql_v2_encrypted; | ||
| -- extract the term at $.n returned as eql_v2_encrypted | ||
| term := sv->'2517068c0d1f9d4d41d2c666211f785e'::text; | ||
|
|
||
| -- -- -- -- $.n | ||
| PERFORM assert_result( | ||
| format('eql_v2_encrypted <= eql_v2_encrypted with ore_cllw_u64_8 index term'), | ||
| format('SELECT e FROM encrypted WHERE (e->''2517068c0d1f9d4d41d2c666211f785e''::text) <= %L::eql_v2_encrypted', term)); | ||
|
|
||
| PERFORM assert_count( | ||
| format('eql_v2_encrypted <= eql_v2_encrypted with ore index term'), | ||
| format('SELECT e FROM encrypted WHERE e->''2517068c0d1f9d4d41d2c666211f785e''::text <= %L::eql_v2_encrypted', term), | ||
| 2); | ||
|
|
||
| -- Check the $.hello path | ||
| -- Returned encrypted does not have ore_cllw_u64_8 | ||
| -- Falls back to jsonb literal comparison | ||
| PERFORM assert_no_result( | ||
| format('eql_v2_encrypted <= eql_v2_encrypted with ore index term'), | ||
| format('SELECT e FROM encrypted WHERE e->''a7cea93975ed8c01f861ccb6bd082784''::text <= %L::eql_v2_encrypted', term)); | ||
|
|
||
| END; | ||
| $$ LANGUAGE plpgsql; | ||
|
|
||
|
|
||
|
|
||
| SELECT drop_table_with_encrypted(); |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.