diff --git a/sql/015-operators-eq.sql b/sql/015-operators-eq.sql new file mode 100644 index 00000000..5b79543e --- /dev/null +++ b/sql/015-operators-eq.sql @@ -0,0 +1,525 @@ +-- Operators for unique comparisons of cs_encrypted_v1 types +-- +-- Support for the following comparisons: +-- +-- cs_encrypted_v1 = cs_encrypted_v1 +-- cs_encrypted_v1 <> cs_encrypted_v1 +-- cs_encrypted_v1 = jsonb +-- cs_encrypted_v1 <> jsonb +-- cs_encrypted_v1 = text +-- cs_encrypted_v1 <> text +-- + +DROP OPERATOR IF EXISTS = (cs_encrypted_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_eq_v1(a cs_encrypted_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_eq_v1(a cs_encrypted_v1, b cs_encrypted_v1) + RETURNS boolean + IMMUTABLE STRICT PARALLEL SAFE +AS $$ + DECLARE + u boolean; + o boolean; + BEGIN + BEGIN + u := (SELECT cs_unique_v1(a) = cs_unique_v1(b)); + EXCEPTION WHEN OTHERS THEN + u := false; + END; + + BEGIN + o := (SELECT cs_ore_64_8_v1(a) = cs_ore_64_8_v1(b)); + EXCEPTION WHEN OTHERS THEN + o := false; + END; + + RETURN u OR o; + END; +$$ LANGUAGE plpgsql; + + +CREATE OPERATOR = ( + PROCEDURE="cs_encrypted_eq_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=cs_encrypted_v1, + NEGATOR = <>, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + +DROP OPERATOR IF EXISTS = (cs_encrypted_v1, jsonb); +DROP FUNCTION IF EXISTS cs_encrypted_eq_v1(a cs_encrypted_v1, b jsonb); + +CREATE FUNCTION cs_encrypted_eq_v1(a cs_encrypted_v1, b jsonb) + RETURNS boolean + IMMUTABLE STRICT PARALLEL SAFE +AS $$ + DECLARE + u boolean; + o boolean; + BEGIN + BEGIN + u := (SELECT cs_unique_v1(a) = cs_unique_v1(b)); + EXCEPTION WHEN OTHERS THEN + u := false; + END; + + BEGIN + o := (SELECT cs_ore_64_8_v1(a) = cs_ore_64_8_v1(b)); + EXCEPTION WHEN OTHERS THEN + o := false; + END; + + RETURN u OR o; + END; +$$ LANGUAGE plpgsql; + +CREATE OPERATOR = ( + PROCEDURE="cs_encrypted_eq_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=jsonb, + NEGATOR = <>, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + + +DROP OPERATOR IF EXISTS = (jsonb, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_eq_v1(a jsonb, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_eq_v1(a jsonb, b cs_encrypted_v1) + RETURNS boolean + IMMUTABLE STRICT PARALLEL SAFE +AS $$ + DECLARE + u boolean; + o boolean; + BEGIN + BEGIN + u := (SELECT cs_unique_v1(a) = cs_unique_v1(b)); + EXCEPTION WHEN OTHERS THEN + u := false; + END; + + BEGIN + o := (SELECT cs_ore_64_8_v1(a) = cs_ore_64_8_v1(b)); + EXCEPTION WHEN OTHERS THEN + o := false; + END; + + RETURN u OR o; + END; +$$ LANGUAGE plpgsql; + + +CREATE OPERATOR = ( + PROCEDURE="cs_encrypted_eq_v1", + LEFTARG=jsonb, + RIGHTARG=cs_encrypted_v1, + NEGATOR = <>, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + + +DROP OPERATOR IF EXISTS = (cs_encrypted_v1, cs_unique_index_v1); +DROP FUNCTION IF EXISTS cs_encrypted_eq_v1(a cs_encrypted_v1, b cs_unique_index_v1); + +CREATE FUNCTION cs_encrypted_eq_v1(a cs_encrypted_v1, b cs_unique_index_v1) + RETURNS boolean + IMMUTABLE STRICT PARALLEL SAFE +AS $$ + DECLARE + u boolean; + BEGIN + BEGIN + u := (SELECT cs_unique_v1(a) = b); + EXCEPTION WHEN OTHERS THEN + u := false; + END; + + RETURN u; + END; +$$ LANGUAGE plpgsql; + + +CREATE OPERATOR = ( + PROCEDURE="cs_encrypted_eq_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=cs_unique_index_v1, + NEGATOR = <>, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + +DROP OPERATOR IF EXISTS = (cs_unique_index_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_eq_v1(a cs_unique_index_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_eq_v1(a cs_unique_index_v1, b cs_encrypted_v1) + RETURNS boolean + IMMUTABLE STRICT PARALLEL SAFE +AS $$ + DECLARE + u boolean; + BEGIN + BEGIN + u := (SELECT a = cs_unique_v1(b)); + EXCEPTION WHEN OTHERS THEN + u := false; + END; + + RETURN u; + END; +$$ LANGUAGE plpgsql; + + +CREATE OPERATOR =( + PROCEDURE="cs_encrypted_eq_v1", + LEFTARG=cs_unique_index_v1, + RIGHTARG=cs_encrypted_v1, + NEGATOR = <>, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + + + +DROP OPERATOR IF EXISTS = (cs_encrypted_v1, ore_64_8_v1); +DROP FUNCTION IF EXISTS cs_encrypted_eq_v1(a cs_encrypted_v1, b ore_64_8_v1); + +CREATE FUNCTION cs_encrypted_eq_v1(a cs_encrypted_v1, b ore_64_8_v1) + RETURNS boolean + IMMUTABLE STRICT PARALLEL SAFE +AS $$ + DECLARE + o boolean; + BEGIN + + BEGIN + o := (SELECT cs_ore_64_8_v1(a) = b); + EXCEPTION WHEN OTHERS THEN + o := false; + END; + + RETURN o; + END; +$$ LANGUAGE plpgsql; + + +CREATE OPERATOR = ( + PROCEDURE="cs_encrypted_eq_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=ore_64_8_v1, + NEGATOR = <>, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + +DROP OPERATOR IF EXISTS = (ore_64_8_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_eq_v1(a ore_64_8_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_eq_v1(a ore_64_8_v1, b cs_encrypted_v1) + RETURNS boolean + IMMUTABLE STRICT PARALLEL SAFE +AS $$ + DECLARE + o boolean; + BEGIN + + BEGIN + o := (SELECT a = cs_ore_64_8_v1(b)); + EXCEPTION WHEN OTHERS THEN + o := false; + END; + + RETURN o; + END; +$$ LANGUAGE plpgsql; + + +CREATE OPERATOR =( + PROCEDURE="cs_encrypted_eq_v1", + LEFTARG=ore_64_8_v1, + RIGHTARG=cs_encrypted_v1, + NEGATOR = <>, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + + + +--- ------------------------------------------------------------ + +DROP OPERATOR IF EXISTS <> (cs_encrypted_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_neq_v1(a cs_encrypted_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_neq_v1(a cs_encrypted_v1, b cs_encrypted_v1) + RETURNS boolean + IMMUTABLE STRICT PARALLEL SAFE +AS $$ + DECLARE + u boolean; + o boolean; + BEGIN + BEGIN + u := (SELECT cs_unique_v1(a) <> cs_unique_v1(b)); + EXCEPTION WHEN OTHERS THEN + u := false; + END; + + BEGIN + o := (SELECT cs_ore_64_8_v1(a) <> cs_ore_64_8_v1(b)); + EXCEPTION WHEN OTHERS THEN + o := false; + END; + + RETURN u OR o; + END; +$$ LANGUAGE plpgsql; + +CREATE OPERATOR <> ( + PROCEDURE="cs_encrypted_neq_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=cs_encrypted_v1, + NEGATOR = =, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + + +DROP OPERATOR IF EXISTS <> (cs_encrypted_v1, jsonb); +DROP FUNCTION IF EXISTS cs_encrypted_neq_v1(a cs_encrypted_v1, b jsonb); + +CREATE FUNCTION cs_encrypted_neq_v1(a cs_encrypted_v1, b jsonb) + RETURNS boolean + IMMUTABLE STRICT PARALLEL SAFE +AS $$ + DECLARE + u boolean; + o boolean; + BEGIN + BEGIN + u := (SELECT cs_unique_v1(a) <> cs_unique_v1(b)); + EXCEPTION WHEN OTHERS THEN + u := false; + END; + + BEGIN + o := (SELECT cs_ore_64_8_v1(a) <> cs_ore_64_8_v1(b)); + EXCEPTION WHEN OTHERS THEN + o := false; + END; + + RETURN u OR o; + END; +$$ LANGUAGE plpgsql; + +CREATE OPERATOR <> ( + PROCEDURE="cs_encrypted_neq_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=jsonb, + NEGATOR = =, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + + +DROP OPERATOR IF EXISTS <> (jsonb, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_neq_v1(a jsonb, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_neq_v1(a jsonb, b cs_encrypted_v1) + RETURNS boolean + IMMUTABLE STRICT PARALLEL SAFE +AS $$ + DECLARE + u boolean; + o boolean; + BEGIN + BEGIN + u := (SELECT cs_unique_v1(a) <> cs_unique_v1(b)); + EXCEPTION WHEN OTHERS THEN + u := false; + END; + + BEGIN + o := (SELECT cs_ore_64_8_v1(a) <> cs_ore_64_8_v1(b)); + EXCEPTION WHEN OTHERS THEN + o := false; + END; + + RETURN u OR o; + END; +$$ LANGUAGE plpgsql; + +CREATE OPERATOR <> ( + PROCEDURE="cs_encrypted_neq_v1", + LEFTARG=jsonb, + RIGHTARG=cs_encrypted_v1, + NEGATOR = =, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + + +DROP OPERATOR IF EXISTS <> (cs_encrypted_v1, cs_unique_index_v1); +DROP FUNCTION IF EXISTS cs_encrypted_neq_v1(a cs_encrypted_v1, b cs_unique_index_v1); + +-- +-- Compare the cs_unique_index_v1 or return FALSE +-- cs_unique_index_v1 cannot be ore_64_8_v1 +-- +CREATE FUNCTION cs_encrypted_neq_v1(a cs_encrypted_v1, b cs_unique_index_v1) + RETURNS boolean + IMMUTABLE STRICT PARALLEL SAFE +AS $$ + DECLARE + u boolean; + BEGIN + BEGIN + u := (SELECT cs_unique_v1(a) <> b); + EXCEPTION WHEN OTHERS THEN + u := false; + END; + + RETURN u; + END; +$$ LANGUAGE plpgsql; + + +CREATE OPERATOR <> ( + PROCEDURE="cs_encrypted_neq_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=cs_unique_index_v1, + NEGATOR = =, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + + +-- +-- Compare the cs_unique_index_v1 or return FALSE +-- cs_unique_index_v1 cannot be ore_64_8_v1 +-- +DROP OPERATOR IF EXISTS <> (cs_unique_index_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_neq_v1(a cs_unique_index_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_neq_v1(a cs_unique_index_v1, b cs_encrypted_v1) + RETURNS boolean + IMMUTABLE STRICT PARALLEL SAFE +AS $$ + DECLARE + u boolean; + BEGIN + BEGIN + u := (SELECT a <> cs_unique_v1(b)); + EXCEPTION WHEN OTHERS THEN + u := false; + END; + + RETURN u; + END; +$$ LANGUAGE plpgsql; + + +CREATE OPERATOR <> ( + PROCEDURE="cs_encrypted_neq_v1", + LEFTARG=cs_unique_index_v1, + RIGHTARG=cs_encrypted_v1, + NEGATOR = =, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + + + + +DROP OPERATOR IF EXISTS <> (cs_encrypted_v1, ore_64_8_v1); +DROP FUNCTION IF EXISTS cs_encrypted_neq_v1(a cs_encrypted_v1, b ore_64_8_v1); + +CREATE FUNCTION cs_encrypted_neq_v1(a cs_encrypted_v1, b ore_64_8_v1) + RETURNS boolean + IMMUTABLE STRICT PARALLEL SAFE +AS $$ + DECLARE + o boolean; + BEGIN + BEGIN + o := (SELECT cs_ore_64_8_v1(a) <> b); + EXCEPTION WHEN OTHERS THEN + o := false; + END; + + RETURN o; + END; +$$ LANGUAGE plpgsql; + +CREATE OPERATOR <> ( + PROCEDURE="cs_encrypted_neq_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=ore_64_8_v1, + NEGATOR = =, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + + +DROP OPERATOR IF EXISTS <> (ore_64_8_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_neq_v1(a ore_64_8_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_neq_v1(a ore_64_8_v1, b cs_encrypted_v1) + RETURNS boolean + IMMUTABLE STRICT PARALLEL SAFE +AS $$ + DECLARE + o boolean; + BEGIN + + BEGIN + o := (SELECT a <> cs_ore_64_8_v1(b)); + EXCEPTION WHEN OTHERS THEN + o := false; + END; + + RETURN o; + END; +$$ LANGUAGE plpgsql; + +CREATE OPERATOR <> ( + PROCEDURE="cs_encrypted_neq_v1", + LEFTARG=ore_64_8_v1, + RIGHTARG=cs_encrypted_v1, + NEGATOR = =, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + + + diff --git a/sql/015-operators-unique.sql b/sql/015-operators-unique.sql deleted file mode 100644 index 1111692e..00000000 --- a/sql/015-operators-unique.sql +++ /dev/null @@ -1,210 +0,0 @@ --- Operators for unique comparisons of cs_encrypted_v1 types --- --- Support for the following comparisons: --- --- cs_encrypted_v1 = cs_encrypted_v1 --- cs_encrypted_v1 <> cs_encrypted_v1 --- cs_encrypted_v1 = jsonb --- cs_encrypted_v1 <> jsonb --- cs_encrypted_v1 = text --- cs_encrypted_v1 <> text --- - -DROP OPERATOR IF EXISTS = (cs_encrypted_v1, cs_encrypted_v1); -DROP FUNCTION IF EXISTS cs_encrypted_eq_v1(a cs_encrypted_v1, b cs_encrypted_v1); - -CREATE FUNCTION cs_encrypted_eq_v1(a cs_encrypted_v1, b cs_encrypted_v1) -RETURNS boolean AS $$ - SELECT cs_unique_v1(a) = cs_unique_v1(b); -$$ LANGUAGE SQL; - -CREATE OPERATOR = ( - PROCEDURE="cs_encrypted_eq_v1", - LEFTARG=cs_encrypted_v1, - RIGHTARG=cs_encrypted_v1, - NEGATOR = <>, - RESTRICT = eqsel, - JOIN = eqjoinsel, - HASHES, - MERGES -); - -DROP OPERATOR IF EXISTS = (cs_encrypted_v1, jsonb); -DROP FUNCTION IF EXISTS cs_encrypted_eq_v1(a cs_encrypted_v1, b jsonb); - -CREATE FUNCTION cs_encrypted_eq_v1(a cs_encrypted_v1, b jsonb) -RETURNS boolean AS $$ - SELECT cs_unique_v1(a) = cs_unique_v1(b); -$$ LANGUAGE SQL; - -CREATE OPERATOR = ( - PROCEDURE="cs_encrypted_eq_v1", - LEFTARG=cs_encrypted_v1, - RIGHTARG=jsonb, - NEGATOR = <>, - RESTRICT = eqsel, - JOIN = eqjoinsel, - HASHES, - MERGES -); - -DROP OPERATOR IF EXISTS = (jsonb, cs_encrypted_v1); -DROP FUNCTION IF EXISTS cs_encrypted_eq_v1(a jsonb, b cs_encrypted_v1); - -CREATE FUNCTION cs_encrypted_eq_v1(a jsonb, b cs_encrypted_v1) -RETURNS boolean AS $$ - SELECT cs_unique_v1(a) = cs_unique_v1(b); -$$ LANGUAGE SQL; - -CREATE OPERATOR = ( - PROCEDURE="cs_encrypted_eq_v1", - LEFTARG=jsonb, - RIGHTARG=cs_encrypted_v1, - NEGATOR = <>, - RESTRICT = eqsel, - JOIN = eqjoinsel, - HASHES, - MERGES -); - - -DROP OPERATOR IF EXISTS = (cs_encrypted_v1, cs_unique_index_v1); -DROP FUNCTION IF EXISTS cs_encrypted_eq_v1(a cs_encrypted_v1, b cs_unique_index_v1); - -CREATE FUNCTION cs_encrypted_eq_v1(a cs_encrypted_v1, b cs_unique_index_v1) -RETURNS boolean AS $$ - SELECT cs_unique_v1(a) = b; -$$ LANGUAGE SQL; - -CREATE OPERATOR = ( - PROCEDURE="cs_encrypted_eq_v1", - LEFTARG=cs_encrypted_v1, - RIGHTARG=cs_unique_index_v1, - NEGATOR = <>, - RESTRICT = eqsel, - JOIN = eqjoinsel, - HASHES, - MERGES -); - -DROP OPERATOR IF EXISTS = (cs_unique_index_v1, cs_encrypted_v1); -DROP FUNCTION IF EXISTS cs_encrypted_eq_v1(a cs_unique_index_v1, b cs_encrypted_v1); - -CREATE FUNCTION cs_encrypted_eq_v1(a cs_unique_index_v1, b cs_encrypted_v1) -RETURNS boolean AS $$ - SELECT a = cs_unique_v1(b); -$$ LANGUAGE SQL; - -CREATE OPERATOR =( - PROCEDURE="cs_encrypted_eq_v1", - LEFTARG=cs_unique_index_v1, - RIGHTARG=cs_encrypted_v1, - NEGATOR = <>, - RESTRICT = eqsel, - JOIN = eqjoinsel, - HASHES, - MERGES -); - - - ---- ------------------------------------------------------------ - -DROP OPERATOR IF EXISTS <> (cs_encrypted_v1, cs_encrypted_v1); -DROP FUNCTION IF EXISTS cs_encrypted_neq_v1(a cs_encrypted_v1, b cs_encrypted_v1); - -CREATE FUNCTION cs_encrypted_neq_v1(a cs_encrypted_v1, b cs_encrypted_v1) -RETURNS boolean AS $$ - SELECT cs_unique_v1(a) <> cs_unique_v1(b); -$$ LANGUAGE SQL; - -CREATE OPERATOR <> ( - PROCEDURE="cs_encrypted_neq_v1", - LEFTARG=cs_encrypted_v1, - RIGHTARG=cs_encrypted_v1, - NEGATOR = =, - RESTRICT = eqsel, - JOIN = eqjoinsel, - HASHES, - MERGES -); - - -DROP OPERATOR IF EXISTS <> (cs_encrypted_v1, jsonb); -DROP FUNCTION IF EXISTS cs_encrypted_neq_v1(a cs_encrypted_v1, b jsonb); - -CREATE FUNCTION cs_encrypted_neq_v1(a cs_encrypted_v1, b jsonb) -RETURNS boolean AS $$ - SELECT cs_unique_v1(a) <> cs_unique_v1(b); -$$ LANGUAGE SQL; - -CREATE OPERATOR <> ( - PROCEDURE="cs_encrypted_neq_v1", - LEFTARG=cs_encrypted_v1, - RIGHTARG=jsonb, - NEGATOR = =, - RESTRICT = eqsel, - JOIN = eqjoinsel, - HASHES, - MERGES -); - - -DROP OPERATOR IF EXISTS <> (jsonb, cs_encrypted_v1); -DROP FUNCTION IF EXISTS cs_encrypted_neq_v1(a jsonb, b cs_encrypted_v1); - -CREATE FUNCTION cs_encrypted_neq_v1(a jsonb, b cs_encrypted_v1) -RETURNS boolean AS $$ - SELECT cs_unique_v1(a) <> cs_unique_v1(b); -$$ LANGUAGE SQL; - -CREATE OPERATOR <> ( - PROCEDURE="cs_encrypted_neq_v1", - LEFTARG=jsonb, - RIGHTARG=cs_encrypted_v1, - NEGATOR = =, - RESTRICT = eqsel, - JOIN = eqjoinsel, - HASHES, - MERGES -); - - -DROP OPERATOR IF EXISTS <> (cs_encrypted_v1, cs_unique_index_v1); -DROP FUNCTION IF EXISTS cs_encrypted_neq_v1(a cs_encrypted_v1, b cs_unique_index_v1); - -CREATE FUNCTION cs_encrypted_neq_v1(a cs_encrypted_v1, b cs_unique_index_v1) -RETURNS boolean AS $$ - SELECT cs_unique_v1(a) <> b; -$$ LANGUAGE SQL; - -CREATE OPERATOR <> ( - PROCEDURE="cs_encrypted_neq_v1", - LEFTARG=cs_encrypted_v1, - RIGHTARG=cs_unique_index_v1, - NEGATOR = =, - RESTRICT = eqsel, - JOIN = eqjoinsel, - HASHES, - MERGES -); - - -DROP OPERATOR IF EXISTS <> (cs_unique_index_v1, cs_encrypted_v1); -DROP FUNCTION IF EXISTS cs_encrypted_neq_v1(a cs_unique_index_v1, b cs_encrypted_v1); - -CREATE FUNCTION cs_encrypted_neq_v1(a cs_unique_index_v1, b cs_encrypted_v1) -RETURNS boolean AS $$ - SELECT a <> cs_unique_v1(b); -$$ LANGUAGE SQL; - -CREATE OPERATOR <> ( - PROCEDURE="cs_encrypted_neq_v1", - LEFTARG=cs_unique_index_v1, - RIGHTARG=cs_encrypted_v1, - NEGATOR = =, - RESTRICT = eqsel, - JOIN = eqjoinsel, - HASHES, - MERGES -); diff --git a/sql/016-operators-match.sql b/sql/016-operators-match.sql index 717aadef..68ba4a95 100644 --- a/sql/016-operators-match.sql +++ b/sql/016-operators-match.sql @@ -45,7 +45,27 @@ CREATE OPERATOR @>( ); --- ------------------------------------------------------------------------------------ + +DROP OPERATOR IF EXISTS @> (cs_match_index_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_contains_v1(a cs_match_index_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_contains_v1(a cs_match_index_v1, b cs_encrypted_v1) +RETURNS boolean AS $$ + SELECT a @> cs_match_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR @>( + PROCEDURE="cs_encrypted_contains_v1", + LEFTARG=cs_match_index_v1, + RIGHTARG=cs_encrypted_v1, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + + +----------------------------------------------------------------------------- DROP OPERATOR IF EXISTS <@ (cs_encrypted_v1, cs_encrypted_v1); @@ -103,3 +123,8 @@ CREATE OPERATOR <@ ( HASHES, MERGES ); + + +----------------------------------------------------------------------------------------- + + diff --git a/sql/017-operators-ore.sql b/sql/017-operators-ore.sql new file mode 100644 index 00000000..f8c3c9de --- /dev/null +++ b/sql/017-operators-ore.sql @@ -0,0 +1,419 @@ +-- Operators for match comparisons of cs_encrypted_v1 types +-- +-- Support for the following comparisons: +-- +-- cs_encrypted_v1 > >= < <= cs_encrypted_v1 +-- cs_encrypted_v1 > jsonb +-- cs_encrypted_v1 > ore_64_8_v1 +-- + +DROP OPERATOR IF EXISTS > (cs_encrypted_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_gt_v1(a cs_encrypted_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_gt_v1(a cs_encrypted_v1, b cs_encrypted_v1) +RETURNS boolean AS $$ + SELECT cs_ore_64_8_v1(a) > cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR >( + PROCEDURE="cs_encrypted_ore_64_8_v1_gt_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=cs_encrypted_v1, + COMMUTATOR = <, + NEGATOR = <=, + RESTRICT = scalargtsel, + JOIN = scalargtjoinsel +); + + +DROP OPERATOR IF EXISTS > (cs_encrypted_v1, jsonb); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_gt_v1(a cs_encrypted_v1, b jsonb); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_gt_v1(a cs_encrypted_v1, b jsonb) +RETURNS boolean AS $$ + SELECT cs_ore_64_8_v1(a) > cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR >( + PROCEDURE="cs_encrypted_ore_64_8_v1_gt_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=jsonb, + COMMUTATOR = <, + NEGATOR = <=, + RESTRICT = scalargtsel, + JOIN = scalargtjoinsel +); + + +DROP OPERATOR IF EXISTS > (cs_encrypted_v1, ore_64_8_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_gt_v1(a cs_encrypted_v1, b ore_64_8_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_gt_v1(a cs_encrypted_v1, b ore_64_8_v1) +RETURNS boolean AS $$ + SELECT cs_ore_64_8_v1(a) > b; +$$ LANGUAGE SQL; + +CREATE OPERATOR >( + PROCEDURE="cs_encrypted_ore_64_8_v1_gt_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=ore_64_8_v1, + COMMUTATOR = <, + NEGATOR = <=, + RESTRICT = scalargtsel, + JOIN = scalargtjoinsel +); + + + +DROP OPERATOR IF EXISTS > (jsonb, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_gt_v1(a jsonb, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_gt_v1(a jsonb, b cs_encrypted_v1) +RETURNS boolean AS $$ + SELECT cs_ore_64_8_v1(a) > cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR >( + PROCEDURE="cs_encrypted_ore_64_8_v1_gt_v1", + LEFTARG=jsonb, + RIGHTARG=cs_encrypted_v1, + COMMUTATOR = <, + NEGATOR = <=, + RESTRICT = scalargtsel, + JOIN = scalargtjoinsel +); + + +DROP OPERATOR IF EXISTS > (ore_64_8_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_gt_v1(a ore_64_8_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_gt_v1(a ore_64_8_v1, b cs_encrypted_v1) +RETURNS boolean AS $$ + SELECT a > cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR >( + PROCEDURE="cs_encrypted_ore_64_8_v1_gt_v1", + LEFTARG=ore_64_8_v1, + RIGHTARG=cs_encrypted_v1, + COMMUTATOR = <, + NEGATOR = <=, + RESTRICT = scalargtsel, + JOIN = scalargtjoinsel +); + + +----------------------------------------------------------------------------------------- +-- LT + + +DROP OPERATOR IF EXISTS < (cs_encrypted_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_lt_v1(a cs_encrypted_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_lt_v1(a cs_encrypted_v1, b cs_encrypted_v1) +RETURNS boolean AS $$ + SELECT cs_ore_64_8_v1(a) < cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR <( + PROCEDURE="cs_encrypted_ore_64_8_v1_lt_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=cs_encrypted_v1, + COMMUTATOR = >, + NEGATOR = >=, + RESTRICT = scalarltsel, + JOIN = scalarltjoinsel +); + + +DROP OPERATOR IF EXISTS < (cs_encrypted_v1, jsonb); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_lt_v1(a cs_encrypted_v1, b jsonb); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_lt_v1(a cs_encrypted_v1, b jsonb) +RETURNS boolean AS $$ + SELECT cs_ore_64_8_v1(a) < cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR <( + PROCEDURE="cs_encrypted_ore_64_8_v1_lt_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=jsonb, + COMMUTATOR = >, + NEGATOR = >=, + RESTRICT = scalarltsel, + JOIN = scalarltjoinsel +); + + +DROP OPERATOR IF EXISTS < (jsonb, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_lt_v1(a jsonb, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_lt_v1(a jsonb, b cs_encrypted_v1) +RETURNS boolean AS $$ + SELECT cs_ore_64_8_v1(a) < cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR <( + PROCEDURE="cs_encrypted_ore_64_8_v1_lt_v1", + LEFTARG=jsonb, + RIGHTARG=cs_encrypted_v1, + COMMUTATOR = >, + NEGATOR = >=, + RESTRICT = scalarltsel, + JOIN = scalarltjoinsel +); + + + +DROP OPERATOR IF EXISTS <(cs_encrypted_v1, ore_64_8_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_lt_v1(a cs_encrypted_v1, b ore_64_8_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_lt_v1(a cs_encrypted_v1, b ore_64_8_v1) +RETURNS boolean AS $$ + SELECT cs_ore_64_8_v1(a) < b; +$$ LANGUAGE SQL; + +CREATE OPERATOR <( + PROCEDURE="cs_encrypted_ore_64_8_v1_lt_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=ore_64_8_v1, + COMMUTATOR = >, + NEGATOR = >=, + RESTRICT = scalarltsel, + JOIN = scalarltjoinsel +); + + +DROP OPERATOR IF EXISTS <(ore_64_8_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_lt_v1(a ore_64_8_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_lt_v1(a ore_64_8_v1, b cs_encrypted_v1) +RETURNS boolean AS $$ + SELECT a < cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR <( + PROCEDURE="cs_encrypted_ore_64_8_v1_lt_v1", + LEFTARG=ore_64_8_v1, + RIGHTARG=cs_encrypted_v1, + COMMUTATOR = >, + NEGATOR = >=, + RESTRICT = scalarltsel, + JOIN = scalarltjoinsel +); + + +----------------------------------------------------------------------------------------- + + +DROP OPERATOR IF EXISTS >=(cs_encrypted_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_gte_v1(a cs_encrypted_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_gte_v1(a cs_encrypted_v1, b cs_encrypted_v1) +RETURNS boolean AS $$ + SELECT cs_ore_64_8_v1(a) >= cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR >=( + PROCEDURE="cs_encrypted_ore_64_8_v1_gte_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=cs_encrypted_v1, + COMMUTATOR = <=, + NEGATOR = <, + RESTRICT = scalarlesel, + JOIN = scalarlejoinsel +); + + +DROP OPERATOR IF EXISTS >= (cs_encrypted_v1, jsonb); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_gte_v1(a cs_encrypted_v1, b jsonb); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_gte_v1(a cs_encrypted_v1, b jsonb) +RETURNS boolean AS $$ + SELECT cs_ore_64_8_v1(a) >= cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR >=( + PROCEDURE="cs_encrypted_ore_64_8_v1_gte_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=jsonb, + COMMUTATOR = <=, + NEGATOR = <, + RESTRICT = scalarlesel, + JOIN = scalarlejoinsel +); + + +DROP OPERATOR IF EXISTS >= (cs_encrypted_v1, ore_64_8_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_gte_v1(a cs_encrypted_v1, b ore_64_8_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_gte_v1(a cs_encrypted_v1, b ore_64_8_v1) +RETURNS boolean AS $$ + SELECT cs_ore_64_8_v1(a) >= b; +$$ LANGUAGE SQL; + +CREATE OPERATOR >=( + PROCEDURE="cs_encrypted_ore_64_8_v1_gte_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=ore_64_8_v1, + COMMUTATOR = <=, + NEGATOR = <, + RESTRICT = scalarlesel, + JOIN = scalarlejoinsel +); + + +DROP OPERATOR IF EXISTS >= (jsonb, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_gte_v1(a jsonb, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_gte_v1(a jsonb, b cs_encrypted_v1) +RETURNS boolean AS $$ + SELECT cs_ore_64_8_v1(a) >= cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR >=( + PROCEDURE="cs_encrypted_ore_64_8_v1_gte_v1", + LEFTARG=jsonb, + RIGHTARG=cs_encrypted_v1, + COMMUTATOR = <=, + NEGATOR = <, + RESTRICT = scalarlesel, + JOIN = scalarlejoinsel +); + + +DROP OPERATOR IF EXISTS >=(ore_64_8_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_gte_v1(a ore_64_8_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_gte_v1(a ore_64_8_v1, b cs_encrypted_v1) +RETURNS boolean AS $$ + SELECT a >= cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR >=( + PROCEDURE="cs_encrypted_ore_64_8_v1_gte_v1", + LEFTARG=ore_64_8_v1, + RIGHTARG=cs_encrypted_v1, + COMMUTATOR = <=, + NEGATOR = <, + RESTRICT = scalarlesel, + JOIN = scalarlejoinsel +); + + +----------------------------------------------------------------------------------------- + + +DROP OPERATOR IF EXISTS <= (cs_encrypted_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_lte_v1(a cs_encrypted_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_lte_v1(a cs_encrypted_v1, b cs_encrypted_v1) +RETURNS boolean AS $$ + SELECT cs_ore_64_8_v1(a) <= cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR <=( + PROCEDURE="cs_encrypted_ore_64_8_v1_lte_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=cs_encrypted_v1, + COMMUTATOR = >=, + NEGATOR = >, + RESTRICT = scalarlesel, + JOIN = scalarlejoinsel +); + + +DROP OPERATOR IF EXISTS <= (cs_encrypted_v1, jsonb); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_lte_v1(a cs_encrypted_v1, b jsonb); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_lte_v1(a cs_encrypted_v1, b jsonb) +RETURNS boolean AS $$ + SELECT cs_ore_64_8_v1(a) <= cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR <=( + PROCEDURE="cs_encrypted_ore_64_8_v1_lte_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=jsonb, + COMMUTATOR = >=, + NEGATOR = >, + RESTRICT = scalarlesel, + JOIN = scalarlejoinsel +); + + +DROP OPERATOR IF EXISTS <= (jsonb, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_lte_v1(a jsonb, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_lte_v1(a jsonb, b cs_encrypted_v1) +RETURNS boolean AS $$ + SELECT cs_ore_64_8_v1(a) <= cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR <=( + PROCEDURE="cs_encrypted_ore_64_8_v1_lte_v1", + LEFTARG=jsonb, + RIGHTARG=cs_encrypted_v1, + COMMUTATOR = >=, + NEGATOR = >, + RESTRICT = scalarlesel, + JOIN = scalarlejoinsel +); + + +DROP OPERATOR IF EXISTS <= (cs_encrypted_v1, ore_64_8_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_lte_v1(a cs_encrypted_v1, b ore_64_8_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_lte_v1(a cs_encrypted_v1, b ore_64_8_v1) +RETURNS boolean AS $$ + SELECT cs_ore_64_8_v1(a) <= b; +$$ LANGUAGE SQL; + +CREATE OPERATOR <=( + PROCEDURE="cs_encrypted_ore_64_8_v1_lte_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=ore_64_8_v1, + COMMUTATOR = >=, + NEGATOR = >, + RESTRICT = scalarlesel, + JOIN = scalarlejoinsel +); + + +DROP OPERATOR IF EXISTS <= (ore_64_8_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_lte_v1(a ore_64_8_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_lte_v1(a ore_64_8_v1, b cs_encrypted_v1) +RETURNS boolean AS $$ + SELECT a <= cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR <=( + PROCEDURE="cs_encrypted_ore_64_8_v1_lte_v1", + LEFTARG=ore_64_8_v1, + RIGHTARG=cs_encrypted_v1, + COMMUTATOR = >=, + NEGATOR = >, + RESTRICT = scalarlesel, + JOIN = scalarlejoinsel +); + +----------------------------------------------------------------------------------------- + + + +DROP OPERATOR FAMILY IF EXISTS cs_encrypted_ore_64_8_v1_btree_ops_v1 USING btree; + +CREATE OPERATOR FAMILY cs_encrypted_ore_64_8_v1_btree_ops_v1 USING btree; + + +DROP OPERATOR CLASS IF EXISTS ore_64_8_v1_btree_ops USING btree; + +CREATE OPERATOR CLASS cs_encrypted_ore_64_8_v1_btree_ops_v1 DEFAULT FOR TYPE cs_encrypted_v1 USING btree FAMILY cs_encrypted_ore_64_8_v1_btree_ops_v1 AS + OPERATOR 1 <, + OPERATOR 2 <=, + OPERATOR 3 =, + OPERATOR 4 >=, + OPERATOR 5 >; + + diff --git a/sql/666-drop-operators.sql b/sql/666-drop-operators.sql new file mode 100644 index 00000000..f0a11c63 --- /dev/null +++ b/sql/666-drop-operators.sql @@ -0,0 +1,57 @@ +DROP OPERATOR IF EXISTS @> (cs_encrypted_v1, cs_encrypted_v1); + +DROP OPERATOR IF EXISTS @> (cs_encrypted_v1, cs_match_index_v1); +DROP OPERATOR IF EXISTS @> (cs_match_index_v1, cs_encrypted_v1); + +DROP OPERATOR IF EXISTS <@ (cs_encrypted_v1, cs_encrypted_v1); + +DROP OPERATOR IF EXISTS <@ (cs_encrypted_v1, cs_match_index_v1); +DROP OPERATOR IF EXISTS <@ (cs_match_index_v1, cs_encrypted_v1); + + +DROP OPERATOR IF EXISTS <= (ore_64_8_v1, cs_encrypted_v1); +DROP OPERATOR IF EXISTS <= (cs_encrypted_v1, ore_64_8_v1); +DROP OPERATOR IF EXISTS <= (jsonb, cs_encrypted_v1); +DROP OPERATOR IF EXISTS <= (cs_encrypted_v1, jsonb); +DROP OPERATOR IF EXISTS <= (cs_encrypted_v1, cs_encrypted_v1); + +DROP OPERATOR IF EXISTS >=(ore_64_8_v1, cs_encrypted_v1); +DROP OPERATOR IF EXISTS >= (jsonb, cs_encrypted_v1); +DROP OPERATOR IF EXISTS >= (cs_encrypted_v1, ore_64_8_v1); +DROP OPERATOR IF EXISTS >= (cs_encrypted_v1, jsonb); +DROP OPERATOR IF EXISTS >=(cs_encrypted_v1, cs_encrypted_v1); + +DROP OPERATOR IF EXISTS <(ore_64_8_v1, cs_encrypted_v1); +DROP OPERATOR IF EXISTS <(cs_encrypted_v1, ore_64_8_v1); +DROP OPERATOR IF EXISTS < (jsonb, cs_encrypted_v1); +DROP OPERATOR IF EXISTS < (cs_encrypted_v1, jsonb); +DROP OPERATOR IF EXISTS < (cs_encrypted_v1, cs_encrypted_v1); + +DROP OPERATOR IF EXISTS > (ore_64_8_v1, cs_encrypted_v1); +DROP OPERATOR IF EXISTS > (jsonb, cs_encrypted_v1); +DROP OPERATOR IF EXISTS > (cs_encrypted_v1, ore_64_8_v1); +DROP OPERATOR IF EXISTS > (cs_encrypted_v1, jsonb); +DROP OPERATOR IF EXISTS > (cs_encrypted_v1, cs_encrypted_v1); + + +DROP OPERATOR IF EXISTS = (cs_encrypted_v1, cs_encrypted_v1); + +DROP OPERATOR IF EXISTS = (cs_encrypted_v1, jsonb); +DROP OPERATOR IF EXISTS = (jsonb, cs_encrypted_v1); + +DROP OPERATOR IF EXISTS = (cs_encrypted_v1, cs_unique_index_v1); +DROP OPERATOR IF EXISTS = (cs_unique_index_v1, cs_encrypted_v1); + +DROP OPERATOR IF EXISTS = (cs_encrypted_v1, ore_64_8_v1); +DROP OPERATOR IF EXISTS = (ore_64_8_v1, cs_encrypted_v1); + +DROP OPERATOR IF EXISTS <> (cs_encrypted_v1, cs_encrypted_v1); + +DROP OPERATOR IF EXISTS <> (cs_encrypted_v1, jsonb); +DROP OPERATOR IF EXISTS <> (jsonb, cs_encrypted_v1); + +DROP OPERATOR IF EXISTS <> (cs_encrypted_v1, cs_unique_index_v1); +DROP OPERATOR IF EXISTS <> (cs_unique_index_v1, cs_encrypted_v1); + +DROP OPERATOR IF EXISTS <> (ore_64_8_v1, cs_encrypted_v1); +DROP OPERATOR IF EXISTS <> (cs_encrypted_v1, ore_64_8_v1); diff --git a/tasks/build.sh b/tasks/build.sh index a8c5975f..7a8fa334 100755 --- a/tasks/build.sh +++ b/tasks/build.sh @@ -34,7 +34,10 @@ cat sql/666-drop_types.sql >> release/cipherstash-encrypt-tmp-drop-uninstall.sql # Build cipherstash-encrypt-uninstall.sql # prepend the drops to the main sql file +cat sql/666-drop-operators.sql >> release/cipherstash-encrypt-uninstall.sql cat release/cipherstash-encrypt-tmp-drop-uninstall.sql >> release/cipherstash-encrypt-uninstall.sql + + # uninstall renames configuration table cat sql/666-rename_configuration_table.sql >> release/cipherstash-encrypt-uninstall.sql diff --git a/tasks/test.sh b/tasks/test.sh index 0db783c2..175b1cb3 100755 --- a/tasks/test.sh +++ b/tasks/test.sh @@ -41,7 +41,9 @@ run_test tests/core.sql run_test tests/core-functions.sql run_test tests/config.sql run_test tests/encryptindex.sql -run_test tests/operators.sql +run_test tests/operators-eq.sql +run_test tests/operators-match.sql +run_test tests/operators-ore.sql echo echo '###############################################' diff --git a/tests/operators-eq.sql b/tests/operators-eq.sql new file mode 100644 index 00000000..ad51ee54 --- /dev/null +++ b/tests/operators-eq.sql @@ -0,0 +1,267 @@ +-- Create a table with a plaintext column +DROP TABLE IF EXISTS users; +CREATE TABLE users +( + id bigint GENERATED ALWAYS AS IDENTITY, + name_encrypted cs_encrypted_v1, + PRIMARY KEY(id) +); + + +INSERT INTO users (name_encrypted) VALUES ( + '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "u": "unique-text" + }'::jsonb +); + + + +-- UNIQUE eq = OPERATORS +DO $$ + BEGIN + -- SANITY CHECK + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_unique_v1(name_encrypted) = cs_unique_v1('{"u":"unique-text"}'))); + + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE name_encrypted = '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "u": "unique-text" + }'::jsonb + )); + + -- cs_encrypted_v1 = jsonb + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE name_encrypted = '{"u": "unique-text"}'::jsonb + )); + + -- jsonb = cs_encrypted_v1 + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE '{"u": "unique-text"}'::jsonb = name_encrypted + )); + + -- cs_encrypted_v1 = text + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted = 'unique-text'::text)); + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted = 'unique-text'::cs_unique_index_v1)); + + -- text = cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE 'unique-text'::text = name_encrypted)); + + -- cs_encrypted_v1 = cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted = '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "u": "unique-text" + }'::cs_encrypted_v1)); + + END; +$$ LANGUAGE plpgsql; + + +-- UNIQUE inequality <> OPERATORS +DO $$ + BEGIN + -- SANITY CHECK + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_unique_v1(name_encrypted) != cs_unique_v1('{"u":"random-text"}'))); + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_unique_v1(name_encrypted) <> cs_unique_v1('{"u":"random-text"}'))); + + -- cs_encrypted_v1 = jsonb + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted != '{"u":"random-text"}'::jsonb)); + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted <> '{"u":"random-text"}'::jsonb)); + + -- cs_encrypted_v1 = text + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted != 'random-text'::text)); + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted <> 'random-text'::text)); + + -- cs_encrypted_v1 = cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted != '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "u": "random-text" + }'::cs_encrypted_v1)); + + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted <> '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "u": "random-text" + }'::cs_encrypted_v1)); + + + END; +$$ LANGUAGE plpgsql; + + +TRUNCATE TABLE users; + +-- +-- Example ORE values are generated from an array in the form `vec![0, 1, 2, 3, 4, 5]`; +-- +-- JSON values are JSON escaped on top of a PostgreSQL escaped Record +-- +-- PostgreSQL value is ("{""(\\""\\\\\\\\x000102030405\\"")""}") +-- +-- +INSERT INTO users (name_encrypted) VALUES ( + '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\\\\"\")\"\"}\")" + }'::jsonb +); + +-- ORE eq = OPERATORS +DO $$ + DECLARE + ore_cs_encrypted cs_encrypted_v1; + ore_json jsonb; + ore_record text; + BEGIN + ore_cs_encrypted := '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\\\\"\")\"\"}\")" + }'; + + ore_json := '{"o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\\\\"\")\"\"}\")"}'; + + + ore_record = '("{""(\\""\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\"")""}")'; + + -- SANITY CHECK + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_ore_64_8_v1(name_encrypted) = cs_ore_64_8_v1(ore_json))); + + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE name_encrypted = ore_cs_encrypted::jsonb + )); + + -- -- cs_encrypted_v1 = jsonb + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE name_encrypted = ore_json::jsonb + )); + + -- -- jsonb = cs_encrypted_v1 + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE ore_json::jsonb = name_encrypted + )); + + -- -- cs_encrypted_v1 = ore_64_8_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted = ore_record::ore_64_8_v1)); + + -- -- -- ore_64_8_v1 = cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE ore_record::ore_64_8_v1 = name_encrypted)); + + -- -- -- cs_encrypted_v1 = cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted = ore_cs_encrypted::cs_encrypted_v1)); + + END; +$$ LANGUAGE plpgsql; + +TRUNCATE TABLE users; + +INSERT INTO users (name_encrypted) VALUES ( + '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\\\\"\")\"\"}\")" + }'::jsonb +); + +-- ORE eq = OPERATORS +DO $$ + DECLARE + ore_cs_encrypted cs_encrypted_v1; + ore_json jsonb; + ore_record text; + BEGIN + ore_cs_encrypted := '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x1212121212125932e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd8011f94b49eaa5fa5a60e1e2adccde4185a7d6c7f83088500b677f897d4ffc276016d614708488f407c01bd3ccf2be653269062cb97f8945a621d049277d19b1c248611f25d047038928d2efeb4323c402af4c19288c7b36911dc06639af5bb34367519b66c1f525bbd3828c12067c9c579aeeb4fb3ae0918125dc1dad5fd518019a5ae67894ce1a7f7bed1a591ba8edda2fdf4cd403761fd981fb1ea5eb0bf806f919350ee60cac16d0a39a491a4d79301781f95ea3870aea82e9946053537360b2fb415b18b61aed0af81d461ad6b923f10c0df79daddc4e279ff543a282bb3a37f9fa03238348b3dac51a453b04bced1f5bd318ddd829bdfe5f37abdbeda730e21441b818302f3c5c2c4d5657accfca4c53d7a80eb3db43946d38965be5f796b\\\\\"\")\"\"}\")" + }'; + + ore_json := '{"o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x1212121212125932e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd8011f94b49eaa5fa5a60e1e2adccde4185a7d6c7f83088500b677f897d4ffc276016d614708488f407c01bd3ccf2be653269062cb97f8945a621d049277d19b1c248611f25d047038928d2efeb4323c402af4c19288c7b36911dc06639af5bb34367519b66c1f525bbd3828c12067c9c579aeeb4fb3ae0918125dc1dad5fd518019a5ae67894ce1a7f7bed1a591ba8edda2fdf4cd403761fd981fb1ea5eb0bf806f919350ee60cac16d0a39a491a4d79301781f95ea3870aea82e9946053537360b2fb415b18b61aed0af81d461ad6b923f10c0df79daddc4e279ff543a282bb3a37f9fa03238348b3dac51a453b04bced1f5bd318ddd829bdfe5f37abdbeda730e21441b818302f3c5c2c4d5657accfca4c53d7a80eb3db43946d38965be5f796b\\\\\"\")\"\"}\")"}'; + + + ore_record = '("{""(\\""\\\\\\\\x1212121212125932e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd8011f94b49eaa5fa5a60e1e2adccde4185a7d6c7f83088500b677f897d4ffc276016d614708488f407c01bd3ccf2be653269062cb97f8945a621d049277d19b1c248611f25d047038928d2efeb4323c402af4c19288c7b36911dc06639af5bb34367519b66c1f525bbd3828c12067c9c579aeeb4fb3ae0918125dc1dad5fd518019a5ae67894ce1a7f7bed1a591ba8edda2fdf4cd403761fd981fb1ea5eb0bf806f919350ee60cac16d0a39a491a4d79301781f95ea3870aea82e9946053537360b2fb415b18b61aed0af81d461ad6b923f10c0df79daddc4e279ff543a282bb3a37f9fa03238348b3dac51a453b04bced1f5bd318ddd829bdfe5f37abdbeda730e21441b818302f3c5c2c4d5657accfca4c53d7a80eb3db43946d38965be5f796b\\"")""}")'; + + -- SANITY CHECK + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_ore_64_8_v1(name_encrypted) <> cs_ore_64_8_v1(ore_json))); + + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE name_encrypted <> ore_cs_encrypted::jsonb + )); + + -- -- -- cs_encrypted_v1 <> jsonb + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE name_encrypted <> ore_json::jsonb + )); + + -- -- -- jsonb <> cs_encrypted_v1 + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE ore_json::jsonb <> name_encrypted + )); + + -- -- -- cs_encrypted_v1 <> ore_64_8_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted <> ore_record::ore_64_8_v1)); + + -- -- -- -- ore_64_8_v1 <> cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE ore_record::ore_64_8_v1 <> name_encrypted)); + + -- -- -- -- cs_encrypted_v1 <> cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted <> ore_cs_encrypted::cs_encrypted_v1)); + + END; +$$ LANGUAGE plpgsql; + diff --git a/tests/operators-match.sql b/tests/operators-match.sql new file mode 100644 index 00000000..b7ddf333 --- /dev/null +++ b/tests/operators-match.sql @@ -0,0 +1,90 @@ +\set ON_ERROR_STOP on + + +-- Create a table with a plaintext column +DROP TABLE IF EXISTS users; +CREATE TABLE users +( + id bigint GENERATED ALWAYS AS IDENTITY, + name_encrypted cs_encrypted_v1, + PRIMARY KEY(id) +); + +TRUNCATE TABLE users; + +INSERT INTO users (name_encrypted) VALUES ( + '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "u": "unique-text", + "o": ["a"] + }'::jsonb +); + + + +-- MATCH @> OPERATORS +DO $$ + BEGIN + -- SANITY CHECK + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_match_v1(name_encrypted) @> cs_match_v1('{"m":[1,2]}'))); + + -- cs_encrypted_v1 = jsonb + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted @> '{"m":[1,2]}'::jsonb)); + + -- cs_encrypted_v1 = text + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted @> ARRAY[1,2]::smallint[])); + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted @> ARRAY[1,2]::cs_match_index_v1)); + + -- cs_encrypted_v1 = cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted @> '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2] + }'::cs_encrypted_v1)); + + END; +$$ LANGUAGE plpgsql; + + + +-- MATCH <@ OPERATORS +DO $$ + BEGIN + -- SANITY CHECK + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_match_v1('{"m":[1,2]}') <@ cs_match_v1(name_encrypted))); + + -- cs_encrypted_v1 = jsonb + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE '{"m":[1,2]}'::jsonb <@ name_encrypted)); + + -- cs_encrypted_v1 = text + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE ARRAY[1,2]::smallint[] <@ name_encrypted)); + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE ARRAY[1,2]::cs_match_index_v1 <@ name_encrypted)); + + -- cs_encrypted_v1 = cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2] + }'::cs_encrypted_v1 <@ name_encrypted)); + + END; +$$ LANGUAGE plpgsql; + + diff --git a/tests/operators-ore.sql b/tests/operators-ore.sql new file mode 100644 index 00000000..0494c559 --- /dev/null +++ b/tests/operators-ore.sql @@ -0,0 +1,288 @@ +\set ON_ERROR_STOP on + + +-- Create a table with a plaintext column +DROP TABLE IF EXISTS users; +CREATE TABLE users +( + id bigint GENERATED ALWAYS AS IDENTITY, + name_encrypted cs_encrypted_v1, + PRIMARY KEY(id) +); + +TRUNCATE TABLE users; + + +TRUNCATE TABLE users; + +-- User with "LOW" value +INSERT INTO users (name_encrypted) VALUES ( + '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\\\\"\")\"\"}\")" + }'::jsonb +); + +-- ORE eq < OPERATORS +DO $$ + DECLARE + ore_cs_encrypted cs_encrypted_v1; + ore_json jsonb; + ore_record text; + BEGIN + ore_cs_encrypted := '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x1212121212125932e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd8011f94b49eaa5fa5a60e1e2adccde4185a7d6c7f83088500b677f897d4ffc276016d614708488f407c01bd3ccf2be653269062cb97f8945a621d049277d19b1c248611f25d047038928d2efeb4323c402af4c19288c7b36911dc06639af5bb34367519b66c1f525bbd3828c12067c9c579aeeb4fb3ae0918125dc1dad5fd518019a5ae67894ce1a7f7bed1a591ba8edda2fdf4cd403761fd981fb1ea5eb0bf806f919350ee60cac16d0a39a491a4d79301781f95ea3870aea82e9946053537360b2fb415b18b61aed0af81d461ad6b923f10c0df79daddc4e279ff543a282bb3a37f9fa03238348b3dac51a453b04bced1f5bd318ddd829bdfe5f37abdbeda730e21441b818302f3c5c2c4d5657accfca4c53d7a80eb3db43946d38965be5f796b\\\\\"\")\"\"}\")" + }'; + + ore_json := '{"o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x1212121212125932e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd8011f94b49eaa5fa5a60e1e2adccde4185a7d6c7f83088500b677f897d4ffc276016d614708488f407c01bd3ccf2be653269062cb97f8945a621d049277d19b1c248611f25d047038928d2efeb4323c402af4c19288c7b36911dc06639af5bb34367519b66c1f525bbd3828c12067c9c579aeeb4fb3ae0918125dc1dad5fd518019a5ae67894ce1a7f7bed1a591ba8edda2fdf4cd403761fd981fb1ea5eb0bf806f919350ee60cac16d0a39a491a4d79301781f95ea3870aea82e9946053537360b2fb415b18b61aed0af81d461ad6b923f10c0df79daddc4e279ff543a282bb3a37f9fa03238348b3dac51a453b04bced1f5bd318ddd829bdfe5f37abdbeda730e21441b818302f3c5c2c4d5657accfca4c53d7a80eb3db43946d38965be5f796b\\\\\"\")\"\"}\")"}'; + + ore_record = '("{""(\\""\\\\\\\\x1212121212125932e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd8011f94b49eaa5fa5a60e1e2adccde4185a7d6c7f83088500b677f897d4ffc276016d614708488f407c01bd3ccf2be653269062cb97f8945a621d049277d19b1c248611f25d047038928d2efeb4323c402af4c19288c7b36911dc06639af5bb34367519b66c1f525bbd3828c12067c9c579aeeb4fb3ae0918125dc1dad5fd518019a5ae67894ce1a7f7bed1a591ba8edda2fdf4cd403761fd981fb1ea5eb0bf806f919350ee60cac16d0a39a491a4d79301781f95ea3870aea82e9946053537360b2fb415b18b61aed0af81d461ad6b923f10c0df79daddc4e279ff543a282bb3a37f9fa03238348b3dac51a453b04bced1f5bd318ddd829bdfe5f37abdbeda730e21441b818302f3c5c2c4d5657accfca4c53d7a80eb3db43946d38965be5f796b\\"")""}")'; + + + -- SANITY CHECK + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_ore_64_8_v1(name_encrypted) < cs_ore_64_8_v1(ore_json))); + + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE name_encrypted < ore_cs_encrypted::jsonb + )); + + -- -- -- cs_encrypted_v1 < jsonb + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE name_encrypted < ore_json::jsonb + )); + + -- -- -- jsonb < cs_encrypted_v1 + -- genrating ORE data for tests is fiddly, hence the IS FALSE here + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE (ore_json::jsonb < name_encrypted) IS FALSE + )); + + -- -- -- -- cs_encrypted_v1 < ore_64_8_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted < ore_record::ore_64_8_v1)); + + -- -- -- -- -- ore_64_8_v1 < cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE (ore_record::ore_64_8_v1 < name_encrypted) IS FALSE)); + + -- -- -- -- cs_encrypted_v1 <> cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted < ore_cs_encrypted::cs_encrypted_v1)); + + END; +$$ LANGUAGE plpgsql; + + + +-- ORE eq <= OPERATORS +DO $$ + DECLARE + ore_cs_encrypted cs_encrypted_v1; + ore_json jsonb; + ore_record text; + BEGIN + ore_cs_encrypted := '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x1212121212125932e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd8011f94b49eaa5fa5a60e1e2adccde4185a7d6c7f83088500b677f897d4ffc276016d614708488f407c01bd3ccf2be653269062cb97f8945a621d049277d19b1c248611f25d047038928d2efeb4323c402af4c19288c7b36911dc06639af5bb34367519b66c1f525bbd3828c12067c9c579aeeb4fb3ae0918125dc1dad5fd518019a5ae67894ce1a7f7bed1a591ba8edda2fdf4cd403761fd981fb1ea5eb0bf806f919350ee60cac16d0a39a491a4d79301781f95ea3870aea82e9946053537360b2fb415b18b61aed0af81d461ad6b923f10c0df79daddc4e279ff543a282bb3a37f9fa03238348b3dac51a453b04bced1f5bd318ddd829bdfe5f37abdbeda730e21441b818302f3c5c2c4d5657accfca4c53d7a80eb3db43946d38965be5f796b\\\\\"\")\"\"}\")" + }'; + + ore_json := '{"o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x1212121212125932e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd8011f94b49eaa5fa5a60e1e2adccde4185a7d6c7f83088500b677f897d4ffc276016d614708488f407c01bd3ccf2be653269062cb97f8945a621d049277d19b1c248611f25d047038928d2efeb4323c402af4c19288c7b36911dc06639af5bb34367519b66c1f525bbd3828c12067c9c579aeeb4fb3ae0918125dc1dad5fd518019a5ae67894ce1a7f7bed1a591ba8edda2fdf4cd403761fd981fb1ea5eb0bf806f919350ee60cac16d0a39a491a4d79301781f95ea3870aea82e9946053537360b2fb415b18b61aed0af81d461ad6b923f10c0df79daddc4e279ff543a282bb3a37f9fa03238348b3dac51a453b04bced1f5bd318ddd829bdfe5f37abdbeda730e21441b818302f3c5c2c4d5657accfca4c53d7a80eb3db43946d38965be5f796b\\\\\"\")\"\"}\")"}'; + + ore_record = '("{""(\\""\\\\\\\\x1212121212125932e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd8011f94b49eaa5fa5a60e1e2adccde4185a7d6c7f83088500b677f897d4ffc276016d614708488f407c01bd3ccf2be653269062cb97f8945a621d049277d19b1c248611f25d047038928d2efeb4323c402af4c19288c7b36911dc06639af5bb34367519b66c1f525bbd3828c12067c9c579aeeb4fb3ae0918125dc1dad5fd518019a5ae67894ce1a7f7bed1a591ba8edda2fdf4cd403761fd981fb1ea5eb0bf806f919350ee60cac16d0a39a491a4d79301781f95ea3870aea82e9946053537360b2fb415b18b61aed0af81d461ad6b923f10c0df79daddc4e279ff543a282bb3a37f9fa03238348b3dac51a453b04bced1f5bd318ddd829bdfe5f37abdbeda730e21441b818302f3c5c2c4d5657accfca4c53d7a80eb3db43946d38965be5f796b\\"")""}")'; + + + -- SANITY CHECK + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_ore_64_8_v1(name_encrypted) <= cs_ore_64_8_v1(ore_json))); + + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE name_encrypted <= ore_cs_encrypted::jsonb + )); + + -- -- -- cs_encrypted_v1 <= jsonb + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE name_encrypted <= ore_json::jsonb + )); + + -- -- -- jsonb <= cs_encrypted_v1 + -- genrating ORE data for tests is fiddly, hence the IS FALSE here + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE (ore_json::jsonb <= name_encrypted) IS FALSE + )); + + -- -- -- -- cs_encrypted_v1 <= ore_64_8_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted <= ore_record::ore_64_8_v1)); + + -- -- -- -- -- ore_64_8_v1 <= cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE (ore_record::ore_64_8_v1 <= name_encrypted) IS FALSE)); + + -- -- -- -- cs_encrypted_v1 <= cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted <= ore_cs_encrypted::cs_encrypted_v1)); + + END; +$$ LANGUAGE plpgsql; + + + +-- User with "HIGH" value +INSERT INTO users (name_encrypted) VALUES ( + '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x1212121212125932e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd8011f94b49eaa5fa5a60e1e2adccde4185a7d6c7f83088500b677f897d4ffc276016d614708488f407c01bd3ccf2be653269062cb97f8945a621d049277d19b1c248611f25d047038928d2efeb4323c402af4c19288c7b36911dc06639af5bb34367519b66c1f525bbd3828c12067c9c579aeeb4fb3ae0918125dc1dad5fd518019a5ae67894ce1a7f7bed1a591ba8edda2fdf4cd403761fd981fb1ea5eb0bf806f919350ee60cac16d0a39a491a4d79301781f95ea3870aea82e9946053537360b2fb415b18b61aed0af81d461ad6b923f10c0df79daddc4e279ff543a282bb3a37f9fa03238348b3dac51a453b04bced1f5bd318ddd829bdfe5f37abdbeda730e21441b818302f3c5c2c4d5657accfca4c53d7a80eb3db43946d38965be5f796b\\\\\"\")\"\"}\")" + }'::jsonb +); + + + +-- ORE eq < OPERATORS +DO $$ + DECLARE + ore_cs_encrypted cs_encrypted_v1; + ore_json jsonb; + ore_record text; + BEGIN + ore_cs_encrypted := '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\\\\"\")\"\"}\")" + }'; + + ore_json := '{"o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\\\\"\")\"\"}\")"}'; + + + ore_record = '("{""(\\""\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\"")""}")'; + + -- SANITY CHECK + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_ore_64_8_v1(name_encrypted) > cs_ore_64_8_v1(ore_json))); + + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE name_encrypted > ore_cs_encrypted::jsonb + )); + + -- -- -- cs_encrypted_v1 > jsonb + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE name_encrypted > ore_json::jsonb + )); + + -- -- -- jsonb > cs_encrypted_v1 + -- genrating ORE data for tests is fiddly, hence the IS FALSE here + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE (ore_json::jsonb > name_encrypted) IS FALSE + )); + + -- -- -- -- cs_encrypted_v1 > ore_64_8_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted > ore_record::ore_64_8_v1)); + + -- -- -- -- -- ore_64_8_v1 > cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE (ore_record::ore_64_8_v1 > name_encrypted) IS FALSE)); + + -- -- -- -- cs_encrypted_v1 >> cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted > ore_cs_encrypted::cs_encrypted_v1)); + + END; +$$ LANGUAGE plpgsql; + + + + +-- User with "HIGH" value +INSERT INTO users (name_encrypted) VALUES ( + '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x1212121212125932e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd8011f94b49eaa5fa5a60e1e2adccde4185a7d6c7f83088500b677f897d4ffc276016d614708488f407c01bd3ccf2be653269062cb97f8945a621d049277d19b1c248611f25d047038928d2efeb4323c402af4c19288c7b36911dc06639af5bb34367519b66c1f525bbd3828c12067c9c579aeeb4fb3ae0918125dc1dad5fd518019a5ae67894ce1a7f7bed1a591ba8edda2fdf4cd403761fd981fb1ea5eb0bf806f919350ee60cac16d0a39a491a4d79301781f95ea3870aea82e9946053537360b2fb415b18b61aed0af81d461ad6b923f10c0df79daddc4e279ff543a282bb3a37f9fa03238348b3dac51a453b04bced1f5bd318ddd829bdfe5f37abdbeda730e21441b818302f3c5c2c4d5657accfca4c53d7a80eb3db43946d38965be5f796b\\\\\"\")\"\"}\")" + }'::jsonb +); + + + +-- ORE eq >= OPERATORS +DO $$ + DECLARE + ore_cs_encrypted cs_encrypted_v1; + ore_json jsonb; + ore_record text; + BEGIN + ore_cs_encrypted := '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\\\\"\")\"\"}\")" + }'; + + ore_json := '{"o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\\\\"\")\"\"}\")"}'; + + + ore_record = '("{""(\\""\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\"")""}")'; + + -- SANITY CHECK + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_ore_64_8_v1(name_encrypted) >= cs_ore_64_8_v1(ore_json))); + + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE name_encrypted >= ore_cs_encrypted::jsonb + )); + + -- -- -- cs_encrypted_v1 >= jsonb + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE name_encrypted >= ore_json::jsonb + )); + + -- -- -- jsonb >= cs_encrypted_v1 + -- genrating ORE data for tests is fiddly, hence the IS FALSE here + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE (ore_json::jsonb >= name_encrypted) IS FALSE + )); + + -- -- -- -- cs_encrypted_v1 >= ore_64_8_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted >= ore_record::ore_64_8_v1)); + + -- -- -- -- -- ore_64_8_v1 >= cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE (ore_record::ore_64_8_v1 >= name_encrypted) IS FALSE)); + + -- -- -- -- cs_encrypted_v1 >= cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted >= ore_cs_encrypted::cs_encrypted_v1)); + + END; +$$ LANGUAGE plpgsql; diff --git a/tests/operators.sql b/tests/operators.sql deleted file mode 100644 index 45bc51f1..00000000 --- a/tests/operators.sql +++ /dev/null @@ -1,185 +0,0 @@ -\set ON_ERROR_STOP on - - --- Create a table with a plaintext column -DROP TABLE IF EXISTS users; -CREATE TABLE users -( - id bigint GENERATED ALWAYS AS IDENTITY, - name_encrypted cs_encrypted_v1, - PRIMARY KEY(id) -); - -TRUNCATE TABLE users; - -INSERT INTO users (name_encrypted) VALUES ( - '{ - "v": 1, - "k": "ct", - "c": "ciphertext", - "i": { - "t": "users", - "c": "name" - }, - "m": [1, 2, 3], - "u": "unique-text", - "o": ["a"] - }'::jsonb -); - - - --- MATCH @> OPERATORS -DO $$ - BEGIN - -- SANITY CHECK FOR UNIQUE payloads - ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_match_v1(name_encrypted) @> cs_match_v1('{"m":[1,2]}'))); - - -- cs_encrypted_v1 = jsonb - ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted @> '{"m":[1,2]}'::jsonb)); - - -- cs_encrypted_v1 = text - ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted @> ARRAY[1,2]::smallint[])); - ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted @> ARRAY[1,2]::cs_match_index_v1)); - - -- cs_encrypted_v1 = cs_encrypted_v1 - ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted @> '{ - "v": 1, - "k": "ct", - "c": "ciphertext", - "i": { - "t": "users", - "c": "name" - }, - "m": [1, 2] - }'::cs_encrypted_v1)); - - END; -$$ LANGUAGE plpgsql; - - - --- MATCH <@ OPERATORS -DO $$ - BEGIN - -- SANITY CHECK FOR UNIQUE payloads - ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_match_v1('{"m":[1,2]}') <@ cs_match_v1(name_encrypted))); - - -- cs_encrypted_v1 = jsonb - ASSERT (SELECT EXISTS (SELECT id FROM users WHERE '{"m":[1,2]}'::jsonb <@ name_encrypted)); - - -- cs_encrypted_v1 = text - ASSERT (SELECT EXISTS (SELECT id FROM users WHERE ARRAY[1,2]::smallint[] <@ name_encrypted)); - ASSERT (SELECT EXISTS (SELECT id FROM users WHERE ARRAY[1,2]::cs_match_index_v1 <@ name_encrypted)); - - -- cs_encrypted_v1 = cs_encrypted_v1 - ASSERT (SELECT EXISTS (SELECT id FROM users WHERE '{ - "v": 1, - "k": "ct", - "c": "ciphertext", - "i": { - "t": "users", - "c": "name" - }, - "m": [1, 2] - }'::cs_encrypted_v1 <@ name_encrypted)); - - END; -$$ LANGUAGE plpgsql; - - - --- UNIQUE eq = OPERATORS -DO $$ - BEGIN - -- SANITY CHECK FOR UNIQUE payloads - ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_unique_v1(name_encrypted) = cs_unique_v1('{"u":"unique-text"}'))); - - ASSERT (SELECT EXISTS ( - SELECT id FROM users WHERE name_encrypted = '{ - "v": 1, - "k": "ct", - "c": "ciphertext", - "i": { - "t": "users", - "c": "name" - }, - "u": "unique-text" - }'::jsonb - )); - - -- cs_encrypted_v1 = jsonb - ASSERT (SELECT EXISTS ( - SELECT id FROM users WHERE name_encrypted = '{"u": "unique-text"}'::jsonb - )); - - -- jsonb = cs_encrypted_v1 - ASSERT (SELECT EXISTS ( - SELECT id FROM users WHERE '{"u": "unique-text"}'::jsonb = name_encrypted - )); - - -- cs_encrypted_v1 = text - ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted = 'unique-text'::text)); - ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted = 'unique-text'::cs_unique_index_v1)); - - -- text = cs_encrypted_v1 - ASSERT (SELECT EXISTS (SELECT id FROM users WHERE 'unique-text'::text = name_encrypted)); - - -- cs_encrypted_v1 = cs_encrypted_v1 - ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted = '{ - "v": 1, - "k": "ct", - "c": "ciphertext", - "i": { - "t": "users", - "c": "name" - }, - "u": "unique-text" - }'::cs_encrypted_v1)); - - END; -$$ LANGUAGE plpgsql; - --- UNIQUE inequality <> OPERATORS -DO $$ - BEGIN - -- SANITY CHECK FOR UNIQUE payloads - ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_unique_v1(name_encrypted) != cs_unique_v1('{"u":"random-text"}'))); - ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_unique_v1(name_encrypted) <> cs_unique_v1('{"u":"random-text"}'))); - - -- cs_encrypted_v1 = jsonb - ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted != '{"u":"random-text"}'::jsonb)); - ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted <> '{"u":"random-text"}'::jsonb)); - - -- -- cs_encrypted_v1 = text - -- ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted != 'random-text'::text)); - -- ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted <> 'random-text'::text)); - - -- -- cs_encrypted_v1 = cs_encrypted_v1 - -- ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted != '{ - -- "v": 1, - -- "k": "ct", - -- "c": "ciphertext", - -- "i": { - -- "t": "users", - -- "c": "name" - -- }, - -- "u": "random-text" - -- }'::cs_encrypted_v1)); - -- ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted <> '{ - -- "v": 1, - -- "k": "ct", - -- "c": "ciphertext", - -- "i": { - -- "t": "users", - -- "c": "name" - -- }, - -- "u": "random-text" - -- }'::cs_encrypted_v1)); - - - - END; -$$ LANGUAGE plpgsql; - -