diff --git a/sql/000-ore.sql b/sql/000-ore.sql index 55da7028..b5c81940 100644 --- a/sql/000-ore.sql +++ b/sql/000-ore.sql @@ -1,10 +1,16 @@ CREATE EXTENSION IF NOT EXISTS pgcrypto; -CREATE DOMAIN ore_64_8_index_v1 AS bytea[]; +CREATE TYPE ore_64_8_v1_term AS ( + bytes bytea +); + +CREATE TYPE ore_64_8_v1 AS ( + terms ore_64_8_v1_term[] +); -DROP FUNCTION IF EXISTS compare_ore_64_8_v1_term(a bytea, b bytea); +DROP FUNCTION IF EXISTS compare_ore_64_8_v1_term(a ore_64_8_v1_term, b ore_64_8_v1_term); -CREATE FUNCTION compare_ore_64_8_v1_term(a bytea, b bytea) returns integer AS $$ +CREATE FUNCTION compare_ore_64_8_v1_term(a ore_64_8_v1_term, b ore_64_8_v1_term) returns integer AS $$ DECLARE eq boolean := true; unequal_block smallint := 0; @@ -29,7 +35,7 @@ CREATE FUNCTION compare_ore_64_8_v1_term(a bytea, b bytea) returns integer AS $$ RETURN 1; END IF; - IF bit_length(a) != bit_length(b) THEN + IF bit_length(a.bytes) != bit_length(b.bytes) THEN RAISE EXCEPTION 'Ciphertexts are different lengths'; END IF; @@ -41,8 +47,8 @@ CREATE FUNCTION compare_ore_64_8_v1_term(a bytea, b bytea) returns integer AS $$ -- * We are not worrying about timing attacks here; don't fret about -- the OR or !=. IF - substr(a, 1 + block, 1) != substr(b, 1 + block, 1) - OR substr(a, 9 + left_block_size * block, left_block_size) != substr(b, 9 + left_block_size * BLOCK, left_block_size) + substr(a.bytes, 1 + block, 1) != substr(b.bytes, 1 + block, 1) + OR substr(a.bytes, 9 + left_block_size * block, left_block_size) != substr(b.bytes, 9 + left_block_size * BLOCK, left_block_size) THEN -- set the first unequal block we find IF eq THEN @@ -57,20 +63,20 @@ CREATE FUNCTION compare_ore_64_8_v1_term(a bytea, b bytea) returns integer AS $$ END IF; -- Hash key is the IV from the right CT of b - hash_key := substr(b, right_offset + 1, 16); + hash_key := substr(b.bytes, right_offset + 1, 16); -- first right block is at right offset + nonce_size (ordinally indexed) - target_block := substr(b, right_offset + 17 + (unequal_block * right_block_size), right_block_size); + target_block := substr(b.bytes, right_offset + 17 + (unequal_block * right_block_size), right_block_size); indicator := ( get_bit( encrypt( - substr(a, 9 + (left_block_size * unequal_block), left_block_size), + substr(a.bytes, 9 + (left_block_size * unequal_block), left_block_size), hash_key, 'aes-ecb' ), 0 - ) + get_bit(target_block, get_byte(a, unequal_block))) % 2; + ) + get_bit(target_block, get_byte(a.bytes, unequal_block))) % 2; IF indicator = 1 THEN RETURN 1::integer; @@ -81,6 +87,144 @@ CREATE FUNCTION compare_ore_64_8_v1_term(a bytea, b bytea) returns integer AS $$ $$ LANGUAGE plpgsql; +DROP FUNCTION IF EXISTS ore_64_8_v1_term_eq(a ore_64_8_v1_term, b ore_64_8_v1_term); + +CREATE FUNCTION ore_64_8_v1_term_eq(a ore_64_8_v1_term, b ore_64_8_v1_term) +RETURNS boolean AS $$ + SELECT compare_ore_64_8_v1_term(a, b) = 0 +$$ LANGUAGE SQL; + + +DROP FUNCTION IF EXISTS ore_64_8_v1_term_neq(a ore_64_8_v1_term, b ore_64_8_v1_term); + +CREATE FUNCTION ore_64_8_v1_term_neq(a ore_64_8_v1_term, b ore_64_8_v1_term) +RETURNS boolean AS $$ + SELECT compare_ore_64_8_v1_term(a, b) <> 0 +$$ LANGUAGE SQL; + + +DROP FUNCTION IF EXISTS ore_64_8_v1_term_lt(a ore_64_8_v1_term, b ore_64_8_v1_term); + +CREATE FUNCTION ore_64_8_v1_term_lt(a ore_64_8_v1_term, b ore_64_8_v1_term) +RETURNS boolean AS $$ + SELECT compare_ore_64_8_v1_term(a, b) = -1 +$$ LANGUAGE SQL; + + +DROP FUNCTION IF EXISTS ore_64_8_v1_term_lte(a ore_64_8_v1_term, b ore_64_8_v1_term); + +CREATE FUNCTION ore_64_8_v1_term_lte(a ore_64_8_v1_term, b ore_64_8_v1_term) +RETURNS boolean AS $$ + SELECT compare_ore_64_8_v1_term(a, b) != 1 +$$ LANGUAGE SQL; + + +DROP FUNCTION IF EXISTS ore_64_8_v1_term_gt(a ore_64_8_v1_term, b ore_64_8_v1_term); + +CREATE FUNCTION ore_64_8_v1_term_gt(a ore_64_8_v1_term, b ore_64_8_v1_term) +RETURNS boolean AS $$ + SELECT compare_ore_64_8_v1_term(a, b) = 1 +$$ LANGUAGE SQL; + + +DROP FUNCTION IF EXISTS ore_64_8_v1_term_gte(a ore_64_8_v1_term, b ore_64_8_v1_term); + +CREATE FUNCTION ore_64_8_v1_term_gte(a ore_64_8_v1_term, b ore_64_8_v1_term) +RETURNS boolean AS $$ + SELECT compare_ore_64_8_v1_term(a, b) != -1 +$$ LANGUAGE SQL; + + +DROP OPERATOR IF EXISTS = (ore_64_8_v1_term, ore_64_8_v1_term); + +CREATE OPERATOR = ( + PROCEDURE="ore_64_8_v1_term_eq", + LEFTARG=ore_64_8_v1_term, + RIGHTARG=ore_64_8_v1_term, + NEGATOR = <>, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + + +DROP OPERATOR IF EXISTS <> (ore_64_8_v1_term, ore_64_8_v1_term); + +CREATE OPERATOR <> ( + PROCEDURE="ore_64_8_v1_term_neq", + LEFTARG=ore_64_8_v1_term, + RIGHTARG=ore_64_8_v1_term, + NEGATOR = =, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + +DROP OPERATOR IF EXISTS > (ore_64_8_v1_term, ore_64_8_v1_term); + +CREATE OPERATOR > ( + PROCEDURE="ore_64_8_v1_term_gt", + LEFTARG=ore_64_8_v1_term, + RIGHTARG=ore_64_8_v1_term, + COMMUTATOR = <, + NEGATOR = <=, + RESTRICT = scalargtsel, + JOIN = scalargtjoinsel +); + +DROP OPERATOR IF EXISTS < (ore_64_8_v1_term, ore_64_8_v1_term); + +CREATE OPERATOR < ( + PROCEDURE="ore_64_8_v1_term_lt", + LEFTARG=ore_64_8_v1_term, + RIGHTARG=ore_64_8_v1_term, + COMMUTATOR = >, + NEGATOR = >=, + RESTRICT = scalarltsel, + JOIN = scalarltjoinsel +); + +DROP OPERATOR IF EXISTS <= (ore_64_8_v1_term, ore_64_8_v1_term); + +CREATE OPERATOR <= ( + PROCEDURE="ore_64_8_v1_term_lte", + LEFTARG=ore_64_8_v1_term, + RIGHTARG=ore_64_8_v1_term, + COMMUTATOR = >=, + NEGATOR = >, + RESTRICT = scalarlesel, + JOIN = scalarlejoinsel +); + +DROP OPERATOR IF EXISTS >= (ore_64_8_v1_term, ore_64_8_v1_term); + +CREATE OPERATOR >= ( + PROCEDURE="ore_64_8_v1_term_gte", + LEFTARG=ore_64_8_v1_term, + RIGHTARG=ore_64_8_v1_term, + COMMUTATOR = <=, + NEGATOR = <, + RESTRICT = scalarlesel, + JOIN = scalarlejoinsel +); + +DROP OPERATOR FAMILY IF EXISTS ore_64_8_v1_term_btree_ops USING btree; + +CREATE OPERATOR FAMILY ore_64_8_v1_term_btree_ops USING btree; + + +DROP OPERATOR CLASS IF EXISTS ore_64_8_v1_term_btree_ops USING btree; + +CREATE OPERATOR CLASS ore_64_8_v1_term_btree_ops DEFAULT FOR TYPE ore_64_8_v1_term USING btree FAMILY ore_64_8_v1_term_btree_ops AS + OPERATOR 1 <, + OPERATOR 2 <=, + OPERATOR 3 =, + OPERATOR 4 >=, + OPERATOR 5 >, + FUNCTION 1 compare_ore_64_8_v1_term(a ore_64_8_v1_term, b ore_64_8_v1_term); + -- Compare the "head" of each array and recurse if necessary -- This function assumes an empty string is "less than" everything else -- so if a is empty we return -1, if be is empty and a isn't, we return 1. @@ -88,9 +232,9 @@ $$ LANGUAGE plpgsql; -- doesn't always make sense but it's here for completeness. -- If both are non-empty, we compare the first element. If they are equal -- we need to consider the next block so we recurse, otherwise we return the comparison result. -DROP FUNCTION IF EXISTS compare_ore_array(a ore_64_8_index_v1, b ore_64_8_index_v1); +DROP FUNCTION IF EXISTS compare_ore_array(a ore_64_8_v1_term[], b ore_64_8_v1_term[]); -CREATE FUNCTION compare_ore_array(a ore_64_8_index_v1, b ore_64_8_index_v1) +CREATE FUNCTION compare_ore_array(a ore_64_8_v1_term[], b ore_64_8_v1_term[]) RETURNS integer AS $$ DECLARE cmp_result integer; @@ -98,17 +242,14 @@ RETURNS integer AS $$ IF (array_length(a, 1) = 0 OR a IS NULL) AND (array_length(b, 1) = 0 OR b IS NULL) THEN RETURN 0; END IF; - IF array_length(a, 1) = 0 OR a IS NULL THEN RETURN -1; END IF; - IF array_length(b, 1) = 0 OR a IS NULL THEN RETURN 1; END IF; cmp_result := compare_ore_64_8_v1_term(a[1], b[1]); - IF cmp_result = 0 THEN -- Removes the first element in the array, and calls this fn again to compare the next element/s in the array. RETURN compare_ore_array(a[2:array_length(a,1)], b[2:array_length(b,1)]); @@ -119,73 +260,73 @@ RETURNS integer AS $$ $$ LANGUAGE plpgsql; -- This function uses lexicographic comparison -DROP FUNCTION IF EXISTS compare_ore_64_8_v1(a ore_64_8_index_v1, b ore_64_8_index_v1); +DROP FUNCTION IF EXISTS compare_ore_64_8_v1(a ore_64_8_v1, b ore_64_8_v1); -CREATE FUNCTION compare_ore_64_8_v1(a ore_64_8_index_v1, b ore_64_8_index_v1) +CREATE FUNCTION compare_ore_64_8_v1(a ore_64_8_v1, b ore_64_8_v1) RETURNS integer AS $$ + DECLARE + cmp_result integer; BEGIN -- Recursively compare blocks bailing as soon as we can make a decision - RETURN compare_ore_array(a, b); + RETURN compare_ore_array(a.terms, b.terms); END $$ LANGUAGE plpgsql; -DROP FUNCTION IF EXISTS ore_64_8_v1_eq(a ore_64_8_index_v1, b ore_64_8_index_v1); +DROP FUNCTION IF EXISTS ore_64_8_v1_eq(a ore_64_8_v1, b ore_64_8_v1); -CREATE FUNCTION ore_64_8_v1_eq(a ore_64_8_index_v1, b ore_64_8_index_v1) +CREATE FUNCTION ore_64_8_v1_eq(a ore_64_8_v1, b ore_64_8_v1) RETURNS boolean AS $$ SELECT compare_ore_64_8_v1(a, b) = 0 $$ LANGUAGE SQL; -DROP FUNCTION IF EXISTS ore_64_8_v1_neq(a ore_64_8_index_v1, b ore_64_8_index_v1); +DROP FUNCTION IF EXISTS ore_64_8_v1_neq(a ore_64_8_v1, b ore_64_8_v1); -CREATE FUNCTION ore_64_8_v1_neq(a ore_64_8_index_v1, b ore_64_8_index_v1) +CREATE FUNCTION ore_64_8_v1_neq(a ore_64_8_v1, b ore_64_8_v1) RETURNS boolean AS $$ SELECT compare_ore_64_8_v1(a, b) <> 0 $$ LANGUAGE SQL; -DROP FUNCTION IF EXISTS ore_64_8_v1_lt(a ore_64_8_index_v1, b ore_64_8_index_v1); +DROP FUNCTION IF EXISTS ore_64_8_v1_lt(a ore_64_8_v1, b ore_64_8_v1); -CREATE FUNCTION ore_64_8_v1_lt(a ore_64_8_index_v1, b ore_64_8_index_v1) +CREATE FUNCTION ore_64_8_v1_lt(a ore_64_8_v1, b ore_64_8_v1) RETURNS boolean AS $$ SELECT compare_ore_64_8_v1(a, b) = -1 $$ LANGUAGE SQL; -DROP FUNCTION IF EXISTS ore_64_8_v1_lte(a ore_64_8_index_v1, b ore_64_8_index_v1); +DROP FUNCTION IF EXISTS ore_64_8_v1_lte(a ore_64_8_v1, b ore_64_8_v1); -CREATE FUNCTION ore_64_8_v1_lte(a ore_64_8_index_v1, b ore_64_8_index_v1) +CREATE FUNCTION ore_64_8_v1_lte(a ore_64_8_v1, b ore_64_8_v1) RETURNS boolean AS $$ SELECT compare_ore_64_8_v1(a, b) != 1 $$ LANGUAGE SQL; -DROP FUNCTION IF EXISTS ore_64_8_v1_gt(a ore_64_8_index_v1, b ore_64_8_index_v1); +DROP FUNCTION IF EXISTS ore_64_8_v1_gt(a ore_64_8_v1, b ore_64_8_v1); -CREATE FUNCTION ore_64_8_v1_gt(a ore_64_8_index_v1, b ore_64_8_index_v1) +CREATE FUNCTION ore_64_8_v1_gt(a ore_64_8_v1, b ore_64_8_v1) RETURNS boolean AS $$ - BEGIN - SELECT compare_ore_64_8_v1(a, b) = 1; - END; -$$ LANGUAGE plpgsql; + SELECT compare_ore_64_8_v1(a, b) = 1 +$$ LANGUAGE SQL; -DROP FUNCTION IF EXISTS ore_64_8_v1_gte(a ore_64_8_index_v1, b ore_64_8_index_v1); +DROP FUNCTION IF EXISTS ore_64_8_v1_gte(a ore_64_8_v1, b ore_64_8_v1); -CREATE FUNCTION ore_64_8_v1_gte(a ore_64_8_index_v1, b ore_64_8_index_v1) +CREATE FUNCTION ore_64_8_v1_gte(a ore_64_8_v1, b ore_64_8_v1) RETURNS boolean AS $$ SELECT compare_ore_64_8_v1(a, b) != -1 $$ LANGUAGE SQL; -DROP OPERATOR IF EXISTS = (ore_64_8_index_v1, ore_64_8_index_v1); +DROP OPERATOR IF EXISTS = (ore_64_8_v1, ore_64_8_v1); CREATE OPERATOR = ( PROCEDURE="ore_64_8_v1_eq", - LEFTARG=ore_64_8_index_v1, - RIGHTARG=ore_64_8_index_v1, + LEFTARG=ore_64_8_v1, + RIGHTARG=ore_64_8_v1, NEGATOR = <>, RESTRICT = eqsel, JOIN = eqjoinsel, @@ -194,12 +335,12 @@ CREATE OPERATOR = ( ); -DROP OPERATOR IF EXISTS <> (ore_64_8_index_v1, ore_64_8_index_v1); +DROP OPERATOR IF EXISTS <> (ore_64_8_v1, ore_64_8_v1); CREATE OPERATOR <> ( PROCEDURE="ore_64_8_v1_neq", - LEFTARG=ore_64_8_index_v1, - RIGHTARG=ore_64_8_index_v1, + LEFTARG=ore_64_8_v1, + RIGHTARG=ore_64_8_v1, NEGATOR = =, RESTRICT = eqsel, JOIN = eqjoinsel, @@ -207,12 +348,12 @@ CREATE OPERATOR <> ( MERGES ); -DROP OPERATOR IF EXISTS > (ore_64_8_index_v1, ore_64_8_index_v1); +DROP OPERATOR IF EXISTS > (ore_64_8_v1, ore_64_8_v1); CREATE OPERATOR > ( PROCEDURE="ore_64_8_v1_gt", - LEFTARG=ore_64_8_index_v1, - RIGHTARG=ore_64_8_index_v1, + LEFTARG=ore_64_8_v1, + RIGHTARG=ore_64_8_v1, COMMUTATOR = <, NEGATOR = <=, RESTRICT = scalargtsel, @@ -220,12 +361,12 @@ CREATE OPERATOR > ( ); -DROP OPERATOR IF EXISTS < (ore_64_8_index_v1, ore_64_8_index_v1); +DROP OPERATOR IF EXISTS < (ore_64_8_v1, ore_64_8_v1); CREATE OPERATOR < ( PROCEDURE="ore_64_8_v1_lt", - LEFTARG=ore_64_8_index_v1, - RIGHTARG=ore_64_8_index_v1, + LEFTARG=ore_64_8_v1, + RIGHTARG=ore_64_8_v1, COMMUTATOR = >, NEGATOR = >=, RESTRICT = scalarltsel, @@ -233,12 +374,12 @@ CREATE OPERATOR < ( ); -DROP OPERATOR IF EXISTS <= (ore_64_8_index_v1, ore_64_8_index_v1); +DROP OPERATOR IF EXISTS <= (ore_64_8_v1, ore_64_8_v1); CREATE OPERATOR <= ( PROCEDURE="ore_64_8_v1_lte", - LEFTARG=ore_64_8_index_v1, - RIGHTARG=ore_64_8_index_v1, + LEFTARG=ore_64_8_v1, + RIGHTARG=ore_64_8_v1, COMMUTATOR = >=, NEGATOR = >, RESTRICT = scalarlesel, @@ -246,12 +387,12 @@ CREATE OPERATOR <= ( ); -DROP OPERATOR IF EXISTS >= (ore_64_8_index_v1, ore_64_8_index_v1); +DROP OPERATOR IF EXISTS >= (ore_64_8_v1, ore_64_8_v1); CREATE OPERATOR >= ( PROCEDURE="ore_64_8_v1_gte", - LEFTARG=ore_64_8_index_v1, - RIGHTARG=ore_64_8_index_v1, + LEFTARG=ore_64_8_v1, + RIGHTARG=ore_64_8_v1, COMMUTATOR = <=, NEGATOR = <, RESTRICT = scalarlesel, @@ -266,10 +407,10 @@ CREATE OPERATOR FAMILY ore_64_8_v1_btree_ops USING btree; DROP OPERATOR CLASS IF EXISTS ore_64_8_v1_btree_ops USING btree; -CREATE OPERATOR CLASS ore_64_8_v1_btree_ops DEFAULT FOR TYPE ore_64_8_index_v1 USING btree FAMILY ore_64_8_v1_btree_ops AS +CREATE OPERATOR CLASS ore_64_8_v1_btree_ops DEFAULT FOR TYPE ore_64_8_v1 USING btree FAMILY ore_64_8_v1_btree_ops AS OPERATOR 1 <, OPERATOR 2 <=, OPERATOR 3 =, OPERATOR 4 >=, OPERATOR 5 >, - FUNCTION 1 compare_ore_64_8_v1(a ore_64_8_index_v1, b ore_64_8_index_v1); + FUNCTION 1 compare_ore_64_8_v1(a ore_64_8_v1, b ore_64_8_v1); diff --git a/sql/011-core-functions.sql b/sql/011-core-functions.sql index 88215a9d..003e6991 100644 --- a/sql/011-core-functions.sql +++ b/sql/011-core-functions.sql @@ -1,6 +1,6 @@ DROP FUNCTION IF EXISTS cs_ciphertext_v1_v0_0(val jsonb); -CREATE FUNCTION cs_ciphertext_v1(val jsonb) +CREATE FUNCTION cs_ciphertext_v1_v0_0(val jsonb) RETURNS text IMMUTABLE STRICT PARALLEL SAFE AS $$ @@ -13,13 +13,30 @@ AS $$ $$ LANGUAGE plpgsql; ------------------------------------------------------------------------------ +DROP FUNCTION IF EXISTS cs_ciphertext_v1_v0(val jsonb); + +CREATE FUNCTION cs_ciphertext_v1_v0(val jsonb) + RETURNS text + LANGUAGE sql IMMUTABLE STRICT PARALLEL SAFE +BEGIN ATOMIC + RETURN cs_ciphertext_v1_v0_0(val); +END; + + +DROP FUNCTION IF EXISTS cs_ciphertext_v1(val jsonb); + +CREATE FUNCTION cs_ciphertext_v1(val jsonb) + RETURNS text + LANGUAGE sql IMMUTABLE STRICT PARALLEL SAFE +BEGIN ATOMIC + RETURN cs_ciphertext_v1_v0_0(val); +END; -- extracts match index from an emcrypted column -DROP FUNCTION IF EXISTS cs_match_v1(val jsonb); +DROP FUNCTION IF EXISTS cs_match_v1_v0_0(val jsonb); -CREATE FUNCTION cs_match_v1(val jsonb) +CREATE FUNCTION cs_match_v1_v0_0(val jsonb) RETURNS cs_match_index_v1 IMMUTABLE STRICT PARALLEL SAFE AS $$ @@ -31,13 +48,31 @@ AS $$ END; $$ LANGUAGE plpgsql; ------------------------------------------------------------------------------ + +DROP FUNCTION IF EXISTS cs_match_v1_v0(val jsonb); + +CREATE FUNCTION cs_match_v1_v0(val jsonb) + RETURNS cs_match_index_v1 + LANGUAGE sql IMMUTABLE STRICT PARALLEL SAFE +BEGIN ATOMIC + RETURN cs_match_v1_v0_0(val); +END; + + +DROP FUNCTION IF EXISTS cs_match_v1(val jsonb); + +CREATE FUNCTION cs_match_v1(val jsonb) + RETURNS cs_match_index_v1 + LANGUAGE sql IMMUTABLE STRICT PARALLEL SAFE +BEGIN ATOMIC + RETURN cs_match_v1_v0_0(val); +END; -- extracts unique index from an encrypted column -DROP FUNCTION IF EXISTS cs_unique_v1(val jsonb); +DROP FUNCTION IF EXISTS cs_unique_v1_v0_0(val jsonb); -CREATE FUNCTION cs_unique_v1(val jsonb) +CREATE FUNCTION cs_unique_v1_v0_0(val jsonb) RETURNS cs_unique_index_v1 IMMUTABLE STRICT PARALLEL SAFE AS $$ @@ -50,12 +85,29 @@ AS $$ $$ LANGUAGE plpgsql; ------------------------------------------------------------------------------ +DROP FUNCTION IF EXISTS cs_unique_v1_v0(val jsonb); + +CREATE FUNCTION cs_unique_v1_v0(val jsonb) + RETURNS cs_unique_index_v1 + LANGUAGE sql IMMUTABLE STRICT PARALLEL SAFE +BEGIN ATOMIC + RETURN cs_unique_v1_v0_0(val); +END; + + +DROP FUNCTION IF EXISTS cs_unique_v1(val jsonb); + +CREATE FUNCTION cs_unique_v1(val jsonb) + RETURNS cs_unique_index_v1 + LANGUAGE sql IMMUTABLE STRICT PARALLEL SAFE +BEGIN ATOMIC + RETURN cs_unique_v1_v0_0(val); +END; -- extracts json ste_vec index from an encrypted column -DROP FUNCTION IF EXISTS cs_ste_vec_v1(val jsonb); +DROP FUNCTION IF EXISTS cs_ste_vec_v1_v0_0(val jsonb); -CREATE FUNCTION cs_ste_vec_v1(val jsonb) +CREATE FUNCTION cs_ste_vec_v1_v0_0(val jsonb) RETURNS cs_ste_vec_index_v1 IMMUTABLE STRICT PARALLEL SAFE AS $$ @@ -67,34 +119,77 @@ AS $$ END; $$ LANGUAGE plpgsql; ------------------------------------------------------------------------------ +DROP FUNCTION IF EXISTS cs_ste_vec_v1_v0(val jsonb); -DROP FUNCTION IF EXISTS jsonb_array_to_bytea_array(val jsonb); +CREATE FUNCTION cs_ste_vec_v1_v0(val jsonb) + RETURNS cs_ste_vec_index_v1 + LANGUAGE sql IMMUTABLE STRICT PARALLEL SAFE +BEGIN ATOMIC + RETURN cs_ste_vec_v1_v0_0(val); +END; -CREATE FUNCTION jsonb_array_to_bytea_array(val jsonb) -RETURNS bytea[] AS $$ - SELECT array_agg(decode(value::text, 'hex')) - FROM jsonb_array_elements_text(val) AS value; -$$ LANGUAGE sql; +DROP FUNCTION IF EXISTS cs_ste_vec_v1(val jsonb); -DROP FUNCTION IF EXISTS cs_ore_64_8_v1(val jsonb); +CREATE FUNCTION cs_ste_vec_v1(val jsonb) + RETURNS cs_ste_vec_index_v1 + LANGUAGE sql IMMUTABLE STRICT PARALLEL SAFE +BEGIN ATOMIC + RETURN cs_ste_vec_v1_v0_0(val); +END; -CREATE FUNCTION cs_ore_64_8_v1(val jsonb) - RETURNS ore_64_8_index_v1 + +-- casts text to ore_64_8_v1_term (bytea) +DROP FUNCTION IF EXISTS _cs_text_to_ore_64_8_v1_term_v1_0(t text); + +CREATE FUNCTION _cs_text_to_ore_64_8_v1_term_v1_0(t text) + RETURNS ore_64_8_v1_term + LANGUAGE sql IMMUTABLE STRICT PARALLEL SAFE +BEGIN ATOMIC + RETURN t::bytea; +END; + +-- cast to cleanup ore_64_8_v1 extraction +DROP CAST IF EXISTS (text AS ore_64_8_v1_term); + +CREATE CAST (text AS ore_64_8_v1_term) + WITH FUNCTION _cs_text_to_ore_64_8_v1_term_v1_0(text) AS IMPLICIT; + + +-- extracts ore index from an encrypted column +DROP FUNCTION IF EXISTS cs_ore_64_8_v1_v0_0(val jsonb); + +CREATE FUNCTION cs_ore_64_8_v1_v0_0(val jsonb) + RETURNS ore_64_8_v1 IMMUTABLE STRICT PARALLEL SAFE AS $$ BEGIN IF val ? 'o' THEN - RETURN jsonb_array_to_bytea_array(val->'o'); + RETURN (val->>'o')::ore_64_8_v1; END IF; RAISE 'Expected an ore index (o) value in json: %', val; END; $$ LANGUAGE plpgsql; ------------------------------------------------------------------------------ +DROP FUNCTION IF EXISTS cs_ore_64_8_v1_v0(val jsonb); + +CREATE FUNCTION cs_ore_64_8_v1_v0(val jsonb) + RETURNS ore_64_8_v1 + LANGUAGE sql IMMUTABLE STRICT PARALLEL SAFE +BEGIN ATOMIC + RETURN cs_ore_64_8_v1_v0_0(val); +END; + +DROP FUNCTION IF EXISTS cs_ore_64_8_v1(val jsonb); + +CREATE FUNCTION cs_ore_64_8_v1(val jsonb) + RETURNS ore_64_8_v1 + LANGUAGE sql IMMUTABLE STRICT PARALLEL SAFE +BEGIN ATOMIC + RETURN cs_ore_64_8_v1_v0_0(val); +END; DROP FUNCTION IF EXISTS _cs_first_grouped_value(jsonb, jsonb); diff --git a/sql/015-operators-eq.sql b/sql/015-operators-eq.sql index d898f31b..5b79543e 100644 --- a/sql/015-operators-eq.sql +++ b/sql/015-operators-eq.sql @@ -28,7 +28,7 @@ AS $$ END; BEGIN - o := (SELECT cs_encrypted_ore_64_8_compare_v1(a, b) = 0); + o := (SELECT cs_ore_64_8_v1(a) = cs_ore_64_8_v1(b)); EXCEPTION WHEN OTHERS THEN o := false; END; @@ -67,7 +67,7 @@ AS $$ END; BEGIN - o := (SELECT cs_encrypted_ore_64_8_compare_v1(a, b) = 0); + o := (SELECT cs_ore_64_8_v1(a) = cs_ore_64_8_v1(b)); EXCEPTION WHEN OTHERS THEN o := false; END; @@ -106,7 +106,7 @@ AS $$ END; BEGIN - o := (SELECT cs_encrypted_ore_64_8_compare_v1(a, b) = 0); + o := (SELECT cs_ore_64_8_v1(a) = cs_ore_64_8_v1(b)); EXCEPTION WHEN OTHERS THEN o := false; END; @@ -193,8 +193,76 @@ CREATE OPERATOR =( ); ---- ------------------------------------------------------------ +DROP OPERATOR IF EXISTS = (cs_encrypted_v1, ore_64_8_v1); +DROP FUNCTION IF EXISTS cs_encrypted_eq_v1(a cs_encrypted_v1, b ore_64_8_v1); + +CREATE FUNCTION cs_encrypted_eq_v1(a cs_encrypted_v1, b ore_64_8_v1) + RETURNS boolean + IMMUTABLE STRICT PARALLEL SAFE +AS $$ + DECLARE + o boolean; + BEGIN + + BEGIN + o := (SELECT cs_ore_64_8_v1(a) = b); + EXCEPTION WHEN OTHERS THEN + o := false; + END; + + RETURN o; + END; +$$ LANGUAGE plpgsql; + + +CREATE OPERATOR = ( + PROCEDURE="cs_encrypted_eq_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=ore_64_8_v1, + NEGATOR = <>, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + +DROP OPERATOR IF EXISTS = (ore_64_8_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_eq_v1(a ore_64_8_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_eq_v1(a ore_64_8_v1, b cs_encrypted_v1) + RETURNS boolean + IMMUTABLE STRICT PARALLEL SAFE +AS $$ + DECLARE + o boolean; + BEGIN + + BEGIN + o := (SELECT a = cs_ore_64_8_v1(b)); + EXCEPTION WHEN OTHERS THEN + o := false; + END; + + RETURN o; + END; +$$ LANGUAGE plpgsql; + + +CREATE OPERATOR =( + PROCEDURE="cs_encrypted_eq_v1", + LEFTARG=ore_64_8_v1, + RIGHTARG=cs_encrypted_v1, + NEGATOR = <>, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + + + +--- ------------------------------------------------------------ DROP OPERATOR IF EXISTS <> (cs_encrypted_v1, cs_encrypted_v1); DROP FUNCTION IF EXISTS cs_encrypted_neq_v1(a cs_encrypted_v1, b cs_encrypted_v1); @@ -214,7 +282,7 @@ AS $$ END; BEGIN - o := (SELECT cs_encrypted_ore_64_8_compare_v1(a, b) <> 0); + o := (SELECT cs_ore_64_8_v1(a) <> cs_ore_64_8_v1(b)); EXCEPTION WHEN OTHERS THEN o := false; END; @@ -253,7 +321,7 @@ AS $$ END; BEGIN - o := (SELECT cs_encrypted_ore_64_8_compare_v1(a, b) <> 0); + o := (SELECT cs_ore_64_8_v1(a) <> cs_ore_64_8_v1(b)); EXCEPTION WHEN OTHERS THEN o := false; END; @@ -292,7 +360,7 @@ AS $$ END; BEGIN - o := (SELECT cs_encrypted_ore_64_8_compare_v1(a, b) <> 0); + o := (SELECT cs_ore_64_8_v1(a) <> cs_ore_64_8_v1(b)); EXCEPTION WHEN OTHERS THEN o := false; END; @@ -387,3 +455,71 @@ CREATE OPERATOR <> ( ); + + +DROP OPERATOR IF EXISTS <> (cs_encrypted_v1, ore_64_8_v1); +DROP FUNCTION IF EXISTS cs_encrypted_neq_v1(a cs_encrypted_v1, b ore_64_8_v1); + +CREATE FUNCTION cs_encrypted_neq_v1(a cs_encrypted_v1, b ore_64_8_v1) + RETURNS boolean + IMMUTABLE STRICT PARALLEL SAFE +AS $$ + DECLARE + o boolean; + BEGIN + BEGIN + o := (SELECT cs_ore_64_8_v1(a) <> b); + EXCEPTION WHEN OTHERS THEN + o := false; + END; + + RETURN o; + END; +$$ LANGUAGE plpgsql; + +CREATE OPERATOR <> ( + PROCEDURE="cs_encrypted_neq_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=ore_64_8_v1, + NEGATOR = =, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + + +DROP OPERATOR IF EXISTS <> (ore_64_8_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_neq_v1(a ore_64_8_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_neq_v1(a ore_64_8_v1, b cs_encrypted_v1) + RETURNS boolean + IMMUTABLE STRICT PARALLEL SAFE +AS $$ + DECLARE + o boolean; + BEGIN + + BEGIN + o := (SELECT a <> cs_ore_64_8_v1(b)); + EXCEPTION WHEN OTHERS THEN + o := false; + END; + + RETURN o; + END; +$$ LANGUAGE plpgsql; + +CREATE OPERATOR <> ( + PROCEDURE="cs_encrypted_neq_v1", + LEFTARG=ore_64_8_v1, + RIGHTARG=cs_encrypted_v1, + NEGATOR = =, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + + + diff --git a/sql/017-operators-ore.sql b/sql/017-operators-ore.sql index ba59de5c..400a683f 100644 --- a/sql/017-operators-ore.sql +++ b/sql/017-operators-ore.sql @@ -7,43 +7,13 @@ -- cs_encrypted_v1 > ore_64_8_v1 -- -DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_compare_v1(a cs_encrypted_v1, b cs_encrypted_v1); - -CREATE FUNCTION cs_encrypted_ore_64_8_compare_v1(a cs_encrypted_v1, b cs_encrypted_v1) - RETURNS integer AS $$ - SELECT cs_encrypted_ore_64_8_compare_v1(a::jsonb, b::jsonb) -$$ LANGUAGE sql; - - -DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_compare_v1(a jsonb, b jsonb); - -CREATE FUNCTION cs_encrypted_ore_64_8_compare_v1(a jsonb, b jsonb) - RETURNS integer AS $$ - DECLARE - a_ore ore_64_8_index_v1; - b_ore ore_64_8_index_v1; - result integer; - BEGIN - - SELECT cs_ore_64_8_v1(a) INTO a_ore; - SELECT cs_ore_64_8_v1(b) INTO b_ore; - - SELECT compare_ore_64_8_v1(a_ore, b_ore) INTO result; - - RETURN result; - END; -$$ LANGUAGE plpgsql; - ------------------------------------------------------------------------------------------ - - DROP OPERATOR IF EXISTS > (cs_encrypted_v1, cs_encrypted_v1); DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_gt_v1(a cs_encrypted_v1, b cs_encrypted_v1); CREATE FUNCTION cs_encrypted_ore_64_8_v1_gt_v1(a cs_encrypted_v1, b cs_encrypted_v1) RETURNS boolean AS $$ - SELECT cs_encrypted_ore_64_8_compare_v1(a, b) = 1 -$$ LANGUAGE sql; + SELECT cs_ore_64_8_v1(a) > cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; CREATE OPERATOR >( PROCEDURE="cs_encrypted_ore_64_8_v1_gt_v1", @@ -61,8 +31,8 @@ DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_gt_v1(a cs_encrypted_v1, b json CREATE FUNCTION cs_encrypted_ore_64_8_v1_gt_v1(a cs_encrypted_v1, b jsonb) RETURNS boolean AS $$ - SELECT cs_encrypted_ore_64_8_compare_v1(a, b) = 1 -$$ LANGUAGE sql; + SELECT cs_ore_64_8_v1(a) > cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; CREATE OPERATOR >( PROCEDURE="cs_encrypted_ore_64_8_v1_gt_v1", @@ -75,14 +45,33 @@ CREATE OPERATOR >( ); +DROP OPERATOR IF EXISTS > (cs_encrypted_v1, ore_64_8_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_gt_v1(a cs_encrypted_v1, b ore_64_8_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_gt_v1(a cs_encrypted_v1, b ore_64_8_v1) +RETURNS boolean AS $$ + SELECT cs_ore_64_8_v1(a) > b; +$$ LANGUAGE SQL; + +CREATE OPERATOR >( + PROCEDURE="cs_encrypted_ore_64_8_v1_gt_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=ore_64_8_v1, + COMMUTATOR = <, + NEGATOR = <=, + RESTRICT = scalargtsel, + JOIN = scalargtjoinsel +); + + DROP OPERATOR IF EXISTS > (jsonb, cs_encrypted_v1); DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_gt_v1(a jsonb, b cs_encrypted_v1); CREATE FUNCTION cs_encrypted_ore_64_8_v1_gt_v1(a jsonb, b cs_encrypted_v1) RETURNS boolean AS $$ - SELECT cs_encrypted_ore_64_8_compare_v1(a, b) = 1 -$$ LANGUAGE sql; + SELECT cs_ore_64_8_v1(a) > cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; CREATE OPERATOR >( PROCEDURE="cs_encrypted_ore_64_8_v1_gt_v1", @@ -95,6 +84,25 @@ CREATE OPERATOR >( ); +DROP OPERATOR IF EXISTS > (ore_64_8_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_gt_v1(a ore_64_8_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_gt_v1(a ore_64_8_v1, b cs_encrypted_v1) +RETURNS boolean AS $$ + SELECT a > cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR >( + PROCEDURE="cs_encrypted_ore_64_8_v1_gt_v1", + LEFTARG=ore_64_8_v1, + RIGHTARG=cs_encrypted_v1, + COMMUTATOR = <, + NEGATOR = <=, + RESTRICT = scalargtsel, + JOIN = scalargtjoinsel +); + + ----------------------------------------------------------------------------------------- -- LT @@ -104,13 +112,8 @@ DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_lt_v1(a cs_encrypted_v1, b cs_e CREATE FUNCTION cs_encrypted_ore_64_8_v1_lt_v1(a cs_encrypted_v1, b cs_encrypted_v1) RETURNS boolean AS $$ - DECLARE - result integer; - BEGIN - SELECT cs_encrypted_ore_64_8_compare_v1(a, b) INTO result; - RETURN result = -1; - END; -$$ LANGUAGE plpgsql; + SELECT cs_ore_64_8_v1(a) < cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; CREATE OPERATOR <( PROCEDURE="cs_encrypted_ore_64_8_v1_lt_v1", @@ -128,8 +131,8 @@ DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_lt_v1(a cs_encrypted_v1, b json CREATE FUNCTION cs_encrypted_ore_64_8_v1_lt_v1(a cs_encrypted_v1, b jsonb) RETURNS boolean AS $$ - SELECT cs_encrypted_ore_64_8_compare_v1(a, b) = -1 -$$ LANGUAGE sql; + SELECT cs_ore_64_8_v1(a) < cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; CREATE OPERATOR <( PROCEDURE="cs_encrypted_ore_64_8_v1_lt_v1", @@ -147,8 +150,8 @@ DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_lt_v1(a jsonb, b cs_encrypted_v CREATE FUNCTION cs_encrypted_ore_64_8_v1_lt_v1(a jsonb, b cs_encrypted_v1) RETURNS boolean AS $$ - SELECT cs_encrypted_ore_64_8_compare_v1(a, b) = -1 -$$ LANGUAGE sql; + SELECT cs_ore_64_8_v1(a) < cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; CREATE OPERATOR <( PROCEDURE="cs_encrypted_ore_64_8_v1_lt_v1", @@ -162,6 +165,44 @@ CREATE OPERATOR <( +DROP OPERATOR IF EXISTS <(cs_encrypted_v1, ore_64_8_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_lt_v1(a cs_encrypted_v1, b ore_64_8_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_lt_v1(a cs_encrypted_v1, b ore_64_8_v1) +RETURNS boolean AS $$ + SELECT cs_ore_64_8_v1(a) < b; +$$ LANGUAGE SQL; + +CREATE OPERATOR <( + PROCEDURE="cs_encrypted_ore_64_8_v1_lt_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=ore_64_8_v1, + COMMUTATOR = >, + NEGATOR = >=, + RESTRICT = scalarltsel, + JOIN = scalarltjoinsel +); + + +DROP OPERATOR IF EXISTS <(ore_64_8_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_lt_v1(a ore_64_8_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_lt_v1(a ore_64_8_v1, b cs_encrypted_v1) +RETURNS boolean AS $$ + SELECT a < cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR <( + PROCEDURE="cs_encrypted_ore_64_8_v1_lt_v1", + LEFTARG=ore_64_8_v1, + RIGHTARG=cs_encrypted_v1, + COMMUTATOR = >, + NEGATOR = >=, + RESTRICT = scalarltsel, + JOIN = scalarltjoinsel +); + + ----------------------------------------------------------------------------------------- @@ -170,8 +211,8 @@ DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_gte_v1(a cs_encrypted_v1, b cs_ CREATE FUNCTION cs_encrypted_ore_64_8_v1_gte_v1(a cs_encrypted_v1, b cs_encrypted_v1) RETURNS boolean AS $$ - SELECT cs_encrypted_ore_64_8_compare_v1(a, b) != -1 -$$ LANGUAGE sql; + SELECT cs_ore_64_8_v1(a) >= cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; CREATE OPERATOR >=( PROCEDURE="cs_encrypted_ore_64_8_v1_gte_v1", @@ -189,8 +230,8 @@ DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_gte_v1(a cs_encrypted_v1, b jso CREATE FUNCTION cs_encrypted_ore_64_8_v1_gte_v1(a cs_encrypted_v1, b jsonb) RETURNS boolean AS $$ - SELECT cs_encrypted_ore_64_8_compare_v1(a, b) != -1; -$$ LANGUAGE sql; + SELECT cs_ore_64_8_v1(a) >= cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; CREATE OPERATOR >=( PROCEDURE="cs_encrypted_ore_64_8_v1_gte_v1", @@ -203,14 +244,32 @@ CREATE OPERATOR >=( ); +DROP OPERATOR IF EXISTS >= (cs_encrypted_v1, ore_64_8_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_gte_v1(a cs_encrypted_v1, b ore_64_8_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_gte_v1(a cs_encrypted_v1, b ore_64_8_v1) +RETURNS boolean AS $$ + SELECT cs_ore_64_8_v1(a) >= b; +$$ LANGUAGE SQL; + +CREATE OPERATOR >=( + PROCEDURE="cs_encrypted_ore_64_8_v1_gte_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=ore_64_8_v1, + COMMUTATOR = <=, + NEGATOR = <, + RESTRICT = scalarlesel, + JOIN = scalarlejoinsel +); + DROP OPERATOR IF EXISTS >= (jsonb, cs_encrypted_v1); DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_gte_v1(a jsonb, b cs_encrypted_v1); CREATE FUNCTION cs_encrypted_ore_64_8_v1_gte_v1(a jsonb, b cs_encrypted_v1) RETURNS boolean AS $$ - SELECT cs_encrypted_ore_64_8_compare_v1(a, b) != -1 -$$ LANGUAGE sql; + SELECT cs_ore_64_8_v1(a) >= cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; CREATE OPERATOR >=( PROCEDURE="cs_encrypted_ore_64_8_v1_gte_v1", @@ -223,6 +282,25 @@ CREATE OPERATOR >=( ); +DROP OPERATOR IF EXISTS >=(ore_64_8_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_gte_v1(a ore_64_8_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_gte_v1(a ore_64_8_v1, b cs_encrypted_v1) +RETURNS boolean AS $$ + SELECT a >= cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR >=( + PROCEDURE="cs_encrypted_ore_64_8_v1_gte_v1", + LEFTARG=ore_64_8_v1, + RIGHTARG=cs_encrypted_v1, + COMMUTATOR = <=, + NEGATOR = <, + RESTRICT = scalarlesel, + JOIN = scalarlejoinsel +); + + ----------------------------------------------------------------------------------------- @@ -231,8 +309,8 @@ DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_lte_v1(a cs_encrypted_v1, b cs_ CREATE FUNCTION cs_encrypted_ore_64_8_v1_lte_v1(a cs_encrypted_v1, b cs_encrypted_v1) RETURNS boolean AS $$ - SELECT cs_encrypted_ore_64_8_compare_v1(a, b) != 1 -$$ LANGUAGE sql; + SELECT cs_ore_64_8_v1(a) <= cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; CREATE OPERATOR <=( PROCEDURE="cs_encrypted_ore_64_8_v1_lte_v1", @@ -250,8 +328,8 @@ DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_lte_v1(a cs_encrypted_v1, b jso CREATE FUNCTION cs_encrypted_ore_64_8_v1_lte_v1(a cs_encrypted_v1, b jsonb) RETURNS boolean AS $$ - SELECT cs_encrypted_ore_64_8_compare_v1(a, b) != 1 -$$ LANGUAGE sql; + SELECT cs_ore_64_8_v1(a) <= cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; CREATE OPERATOR <=( PROCEDURE="cs_encrypted_ore_64_8_v1_lte_v1", @@ -269,8 +347,8 @@ DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_lte_v1(a jsonb, b cs_encrypted_ CREATE FUNCTION cs_encrypted_ore_64_8_v1_lte_v1(a jsonb, b cs_encrypted_v1) RETURNS boolean AS $$ - SELECT cs_encrypted_ore_64_8_compare_v1(a, b) != 1 -$$ LANGUAGE sql; + SELECT cs_ore_64_8_v1(a) <= cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; CREATE OPERATOR <=( PROCEDURE="cs_encrypted_ore_64_8_v1_lte_v1", @@ -283,6 +361,66 @@ CREATE OPERATOR <=( ); +DROP OPERATOR IF EXISTS <= (cs_encrypted_v1, ore_64_8_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_lte_v1(a cs_encrypted_v1, b ore_64_8_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_lte_v1(a cs_encrypted_v1, b ore_64_8_v1) +RETURNS boolean AS $$ + SELECT cs_ore_64_8_v1(a) <= b; +$$ LANGUAGE SQL; + +CREATE OPERATOR <=( + PROCEDURE="cs_encrypted_ore_64_8_v1_lte_v1", + LEFTARG=cs_encrypted_v1, + RIGHTARG=ore_64_8_v1, + COMMUTATOR = >=, + NEGATOR = >, + RESTRICT = scalarlesel, + JOIN = scalarlejoinsel +); + + +DROP OPERATOR IF EXISTS <= (ore_64_8_v1, cs_encrypted_v1); +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_v1_lte_v1(a ore_64_8_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_v1_lte_v1(a ore_64_8_v1, b cs_encrypted_v1) +RETURNS boolean AS $$ + SELECT a <= cs_ore_64_8_v1(b); +$$ LANGUAGE SQL; + +CREATE OPERATOR <=( + PROCEDURE="cs_encrypted_ore_64_8_v1_lte_v1", + LEFTARG=ore_64_8_v1, + RIGHTARG=cs_encrypted_v1, + COMMUTATOR = >=, + NEGATOR = >, + RESTRICT = scalarlesel, + JOIN = scalarlejoinsel +); + + +----------------------------------------------------------------------------------------- + + +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_compare(a cs_encrypted_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_compare(a cs_encrypted_v1, b cs_encrypted_v1) + RETURNS integer AS $$ + BEGIN + RETURN compare_ore_64_8_v1(cs_ore_64_8_v1(a), cs_ore_64_8_v1(b)); + END; +$$ LANGUAGE plpgsql; + +DROP FUNCTION IF EXISTS cs_encrypted_ore_64_8_compare(a cs_encrypted_v1, b cs_encrypted_v1); + +CREATE FUNCTION cs_encrypted_ore_64_8_compare(a cs_encrypted_v1, b jsonb) + RETURNS integer AS $$ + BEGIN + RETURN compare_ore_64_8_v1(cs_ore_64_8_v1(a), cs_ore_64_8_v1(jsonb)); + END; +$$ LANGUAGE plpgsql; + + ----------------------------------------------------------------------------------------- @@ -290,7 +428,8 @@ DROP OPERATOR FAMILY IF EXISTS cs_encrypted_ore_64_8_v1_btree_ops_v1 USING btree CREATE OPERATOR FAMILY cs_encrypted_ore_64_8_v1_btree_ops_v1 USING btree; -DROP OPERATOR CLASS IF EXISTS cs_encrypted_ore_64_8_v1_btree_ops_v1 USING btree; + +DROP OPERATOR CLASS IF EXISTS ore_64_8_v1_btree_ops USING btree; CREATE OPERATOR CLASS cs_encrypted_ore_64_8_v1_btree_ops_v1 DEFAULT FOR TYPE cs_encrypted_v1 USING btree @@ -300,4 +439,4 @@ FOR TYPE cs_encrypted_v1 USING btree OPERATOR 3 =, OPERATOR 4 >=, OPERATOR 5 >, - FUNCTION 1 cs_encrypted_ore_64_8_compare_v1(a cs_encrypted_v1, b cs_encrypted_v1); + FUNCTION 1 cs_encrypted_ore_64_8_compare(a cs_encrypted_v1, b cs_encrypted_v1); diff --git a/sql/666-drop-operators.sql b/sql/666-drop-operators.sql index a620567c..8bd9fe3a 100644 --- a/sql/666-drop-operators.sql +++ b/sql/666-drop-operators.sql @@ -1,6 +1,5 @@ -DROP OPERATOR FAMILY IF EXISTS cs_encrypted_ore_64_8_v1_btree_ops_v1 USING btree CASCADE; -DROP OPERATOR CLASS IF EXISTS cs_encrypted_ore_64_8_v1_btree_ops_v1 USING btree CASCADE; - +DROP OPERATOR FAMILY IF EXISTS cs_encrypted_ore_64_8_v1_btree_ops_v1 USING btree; +DROP OPERATOR CLASS IF EXISTS ore_64_8_v1_btree_ops USING btree; DROP OPERATOR IF EXISTS @> (cs_encrypted_v1, cs_encrypted_v1); DROP OPERATOR IF EXISTS @> (cs_encrypted_v1, cs_match_index_v1); DROP OPERATOR IF EXISTS @> (cs_match_index_v1, cs_encrypted_v1); @@ -9,19 +8,27 @@ DROP OPERATOR IF EXISTS <@ (cs_encrypted_v1, cs_encrypted_v1); DROP OPERATOR IF EXISTS <@ (cs_encrypted_v1, cs_match_index_v1); DROP OPERATOR IF EXISTS <@ (cs_match_index_v1, cs_encrypted_v1); +DROP OPERATOR IF EXISTS <= (ore_64_8_v1, cs_encrypted_v1); +DROP OPERATOR IF EXISTS <= (cs_encrypted_v1, ore_64_8_v1); DROP OPERATOR IF EXISTS <= (jsonb, cs_encrypted_v1); DROP OPERATOR IF EXISTS <= (cs_encrypted_v1, jsonb); DROP OPERATOR IF EXISTS <= (cs_encrypted_v1, cs_encrypted_v1); +DROP OPERATOR IF EXISTS >= (ore_64_8_v1, cs_encrypted_v1); DROP OPERATOR IF EXISTS >= (jsonb, cs_encrypted_v1); +DROP OPERATOR IF EXISTS >= (cs_encrypted_v1, ore_64_8_v1); DROP OPERATOR IF EXISTS >= (cs_encrypted_v1, jsonb); DROP OPERATOR IF EXISTS >= (cs_encrypted_v1, cs_encrypted_v1); +DROP OPERATOR IF EXISTS < (ore_64_8_v1, cs_encrypted_v1); +DROP OPERATOR IF EXISTS < (cs_encrypted_v1, ore_64_8_v1); DROP OPERATOR IF EXISTS < (jsonb, cs_encrypted_v1); DROP OPERATOR IF EXISTS < (cs_encrypted_v1, jsonb); DROP OPERATOR IF EXISTS < (cs_encrypted_v1, cs_encrypted_v1); +DROP OPERATOR IF EXISTS > (ore_64_8_v1, cs_encrypted_v1); DROP OPERATOR IF EXISTS > (jsonb, cs_encrypted_v1); +DROP OPERATOR IF EXISTS > (cs_encrypted_v1, ore_64_8_v1); DROP OPERATOR IF EXISTS > (cs_encrypted_v1, jsonb); DROP OPERATOR IF EXISTS > (cs_encrypted_v1, cs_encrypted_v1); @@ -30,9 +37,13 @@ DROP OPERATOR IF EXISTS = (cs_encrypted_v1, jsonb); DROP OPERATOR IF EXISTS = (jsonb, cs_encrypted_v1); DROP OPERATOR IF EXISTS = (cs_encrypted_v1, cs_unique_index_v1); DROP OPERATOR IF EXISTS = (cs_unique_index_v1, cs_encrypted_v1); +DROP OPERATOR IF EXISTS = (cs_encrypted_v1, ore_64_8_v1); +DROP OPERATOR IF EXISTS = (ore_64_8_v1, cs_encrypted_v1); DROP OPERATOR IF EXISTS <> (cs_encrypted_v1, cs_encrypted_v1); DROP OPERATOR IF EXISTS <> (cs_encrypted_v1, jsonb); DROP OPERATOR IF EXISTS <> (jsonb, cs_encrypted_v1); DROP OPERATOR IF EXISTS <> (cs_encrypted_v1, cs_unique_index_v1); DROP OPERATOR IF EXISTS <> (cs_unique_index_v1, cs_encrypted_v1); +DROP OPERATOR IF EXISTS <> (ore_64_8_v1, cs_encrypted_v1); +DROP OPERATOR IF EXISTS <> (cs_encrypted_v1, ore_64_8_v1); diff --git a/sql/666-drop-types.sql b/sql/666-drop_types.sql similarity index 78% rename from sql/666-drop-types.sql rename to sql/666-drop_types.sql index db559e9d..8de0cb64 100644 --- a/sql/666-drop-types.sql +++ b/sql/666-drop_types.sql @@ -1,5 +1,6 @@ -- ANYTHING THAT NEEDS TO BE DROPPED LAST -DROP TYPE IF EXISTS ore_64_8_index_v1; +DROP TYPE IF EXISTS ore_64_8_v1; +DROP TYPE IF EXISTS ore_64_8_v1_term; DROP TYPE IF EXISTS cs_ste_vec_index_v1; DROP TYPE IF EXISTS cs_ste_vec_v1_entry; DROP TYPE IF EXISTS ore_cllw_8_v1; diff --git a/sql/database-extensions/postgresql/install.sql b/sql/database-extensions/postgresql/install.sql new file mode 100644 index 00000000..9f2a6617 --- /dev/null +++ b/sql/database-extensions/postgresql/install.sql @@ -0,0 +1,317 @@ +CREATE EXTENSION IF NOT EXISTS pgcrypto; + +CREATE TYPE ore_64_8_v1_term AS ( + bytes bytea +); + +CREATE TYPE ore_64_8_v1 AS ( + terms ore_64_8_v1_term[] +); + +CREATE OR REPLACE FUNCTION compare_ore_64_8_v1_term(a ore_64_8_v1_term, b ore_64_8_v1_term) returns integer AS $$ + DECLARE + eq boolean := true; + unequal_block smallint := 0; + hash_key bytea; + target_block bytea; + + left_block_size CONSTANT smallint := 16; + right_block_size CONSTANT smallint := 32; + right_offset CONSTANT smallint := 136; -- 8 * 17 + + indicator smallint := 0; + BEGIN + IF a IS NULL AND b IS NULL THEN + RETURN 0; + END IF; + + IF a IS NULL THEN + RETURN -1; + END IF; + + IF b IS NULL THEN + RETURN 1; + END IF; + + IF bit_length(a.bytes) != bit_length(b.bytes) THEN + RAISE EXCEPTION 'Ciphertexts are different lengths'; + END IF; + + FOR block IN 0..7 LOOP + -- Compare each PRP (byte from the first 8 bytes) and PRF block (8 byte + -- chunks of the rest of the value). + -- NOTE: + -- * Substr is ordinally indexed (hence 1 and not 0, and 9 and not 8). + -- * We are not worrying about timing attacks here; don't fret about + -- the OR or !=. + IF + substr(a.bytes, 1 + block, 1) != substr(b.bytes, 1 + block, 1) + OR substr(a.bytes, 9 + left_block_size * block, left_block_size) != substr(b.bytes, 9 + left_block_size * BLOCK, left_block_size) + THEN + -- set the first unequal block we find + IF eq THEN + unequal_block := block; + END IF; + eq = false; + END IF; + END LOOP; + + IF eq THEN + RETURN 0::integer; + END IF; + + -- Hash key is the IV from the right CT of b + hash_key := substr(b.bytes, right_offset + 1, 16); + + -- first right block is at right offset + nonce_size (ordinally indexed) + target_block := substr(b.bytes, right_offset + 17 + (unequal_block * right_block_size), right_block_size); + + indicator := ( + get_bit( + encrypt( + substr(a.bytes, 9 + (left_block_size * unequal_block), left_block_size), + hash_key, + 'aes-ecb' + ), + 0 + ) + get_bit(target_block, get_byte(a.bytes, unequal_block))) % 2; + + IF indicator = 1 THEN + RETURN 1::integer; + ELSE + RETURN -1::integer; + END IF; + END; +$$ LANGUAGE plpgsql; + + +CREATE OR REPLACE FUNCTION ore_64_8_v1_term_eq(a ore_64_8_v1_term, b ore_64_8_v1_term) RETURNS boolean AS $$ + SELECT compare_ore_64_8_v1_term(a, b) = 0 +$$ LANGUAGE SQL; + +CREATE OR REPLACE FUNCTION ore_64_8_v1_term_neq(a ore_64_8_v1_term, b ore_64_8_v1_term) RETURNS boolean AS $$ + SELECT compare_ore_64_8_v1_term(a, b) <> 0 +$$ LANGUAGE SQL; + +CREATE OR REPLACE FUNCTION ore_64_8_v1_term_lt(a ore_64_8_v1_term, b ore_64_8_v1_term) RETURNS boolean AS $$ + SELECT compare_ore_64_8_v1_term(a, b) = -1 +$$ LANGUAGE SQL; + +CREATE OR REPLACE FUNCTION ore_64_8_v1_term_lte(a ore_64_8_v1_term, b ore_64_8_v1_term) RETURNS boolean AS $$ + SELECT compare_ore_64_8_v1_term(a, b) != 1 +$$ LANGUAGE SQL; + +CREATE OR REPLACE FUNCTION ore_64_8_v1_term_gt(a ore_64_8_v1_term, b ore_64_8_v1_term) RETURNS boolean AS $$ + SELECT compare_ore_64_8_v1_term(a, b) = 1 +$$ LANGUAGE SQL; + +CREATE OR REPLACE FUNCTION ore_64_8_v1_term_gte(a ore_64_8_v1_term, b ore_64_8_v1_term) RETURNS boolean AS $$ + SELECT compare_ore_64_8_v1_term(a, b) != -1 +$$ LANGUAGE SQL; + +CREATE OPERATOR = ( + PROCEDURE="ore_64_8_v1_term_eq", + LEFTARG=ore_64_8_v1_term, + RIGHTARG=ore_64_8_v1_term, + NEGATOR = <>, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + +CREATE OPERATOR <> ( + PROCEDURE="ore_64_8_v1_term_neq", + LEFTARG=ore_64_8_v1_term, + RIGHTARG=ore_64_8_v1_term, + NEGATOR = =, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + +CREATE OPERATOR > ( + PROCEDURE="ore_64_8_v1_term_gt", + LEFTARG=ore_64_8_v1_term, + RIGHTARG=ore_64_8_v1_term, + COMMUTATOR = <, + NEGATOR = <=, + RESTRICT = scalargtsel, + JOIN = scalargtjoinsel +); + +CREATE OPERATOR < ( + PROCEDURE="ore_64_8_v1_term_lt", + LEFTARG=ore_64_8_v1_term, + RIGHTARG=ore_64_8_v1_term, + COMMUTATOR = >, + NEGATOR = >=, + RESTRICT = scalarltsel, + JOIN = scalarltjoinsel +); + +CREATE OPERATOR <= ( + PROCEDURE="ore_64_8_v1_term_lte", + LEFTARG=ore_64_8_v1_term, + RIGHTARG=ore_64_8_v1_term, + COMMUTATOR = >=, + NEGATOR = >, + RESTRICT = scalarlesel, + JOIN = scalarlejoinsel +); + +CREATE OPERATOR >= ( + PROCEDURE="ore_64_8_v1_term_gte", + LEFTARG=ore_64_8_v1_term, + RIGHTARG=ore_64_8_v1_term, + COMMUTATOR = <=, + NEGATOR = <, + RESTRICT = scalarlesel, + JOIN = scalarlejoinsel +); + +CREATE OPERATOR FAMILY ore_64_8_v1_term_btree_ops USING btree; +CREATE OPERATOR CLASS ore_64_8_v1_term_btree_ops DEFAULT FOR TYPE ore_64_8_v1_term USING btree FAMILY ore_64_8_v1_term_btree_ops AS + OPERATOR 1 <, + OPERATOR 2 <=, + OPERATOR 3 =, + OPERATOR 4 >=, + OPERATOR 5 >, + FUNCTION 1 compare_ore_64_8_v1_term(a ore_64_8_v1_term, b ore_64_8_v1_term); + +-- Compare the "head" of each array and recurse if necessary +-- This function assumes an empty string is "less than" everything else +-- so if a is empty we return -1, if be is empty and a isn't, we return 1. +-- If both are empty we return 0. This cases probably isn't necessary as equality +-- doesn't always make sense but it's here for completeness. +-- If both are non-empty, we compare the first element. If they are equal +-- we need to consider the next block so we recurse, otherwise we return the comparison result. +CREATE OR REPLACE FUNCTION compare_ore_array(a ore_64_8_v1_term[], b ore_64_8_v1_term[]) returns integer AS $$ + DECLARE + cmp_result integer; + BEGIN + IF (array_length(a, 1) = 0 OR a IS NULL) AND (array_length(b, 1) = 0 OR b IS NULL) THEN + RETURN 0; + END IF; + IF array_length(a, 1) = 0 OR a IS NULL THEN + RETURN -1; + END IF; + IF array_length(b, 1) = 0 OR a IS NULL THEN + RETURN 1; + END IF; + + cmp_result := compare_ore_64_8_v1_term(a[1], b[1]); + IF cmp_result = 0 THEN + -- Removes the first element in the array, and calls this fn again to compare the next element/s in the array. + RETURN compare_ore_array(a[2:array_length(a,1)], b[2:array_length(b,1)]); + END IF; + + RETURN cmp_result; + END +$$ LANGUAGE plpgsql; + +-- This function uses lexicographic comparison +CREATE OR REPLACE FUNCTION compare_ore_64_8_v1(a ore_64_8_v1, b ore_64_8_v1) returns integer AS $$ + DECLARE + cmp_result integer; + BEGIN + -- Recursively compare blocks bailing as soon as we can make a decision + RETURN compare_ore_array(a.terms, b.terms); + END +$$ LANGUAGE plpgsql; + +CREATE OR REPLACE FUNCTION ore_64_8_v1_eq(a ore_64_8_v1, b ore_64_8_v1) RETURNS boolean AS $$ + SELECT compare_ore_64_8_v1(a, b) = 0 +$$ LANGUAGE SQL; + +CREATE OR REPLACE FUNCTION ore_64_8_v1_neq(a ore_64_8_v1, b ore_64_8_v1) RETURNS boolean AS $$ + SELECT compare_ore_64_8_v1(a, b) <> 0 +$$ LANGUAGE SQL; + +CREATE OR REPLACE FUNCTION ore_64_8_v1_lt(a ore_64_8_v1, b ore_64_8_v1) RETURNS boolean AS $$ + SELECT compare_ore_64_8_v1(a, b) = -1 +$$ LANGUAGE SQL; + +CREATE OR REPLACE FUNCTION ore_64_8_v1_lte(a ore_64_8_v1, b ore_64_8_v1) RETURNS boolean AS $$ + SELECT compare_ore_64_8_v1(a, b) != 1 +$$ LANGUAGE SQL; + +CREATE OR REPLACE FUNCTION ore_64_8_v1_gt(a ore_64_8_v1, b ore_64_8_v1) RETURNS boolean AS $$ + SELECT compare_ore_64_8_v1(a, b) = 1 +$$ LANGUAGE SQL; + +CREATE OR REPLACE FUNCTION ore_64_8_v1_gte(a ore_64_8_v1, b ore_64_8_v1) RETURNS boolean AS $$ + SELECT compare_ore_64_8_v1(a, b) != -1 +$$ LANGUAGE SQL; + +CREATE OPERATOR = ( + PROCEDURE="ore_64_8_v1_eq", + LEFTARG=ore_64_8_v1, + RIGHTARG=ore_64_8_v1, + NEGATOR = <>, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + +CREATE OPERATOR <> ( + PROCEDURE="ore_64_8_v1_neq", + LEFTARG=ore_64_8_v1, + RIGHTARG=ore_64_8_v1, + NEGATOR = =, + RESTRICT = eqsel, + JOIN = eqjoinsel, + HASHES, + MERGES +); + +CREATE OPERATOR > ( + PROCEDURE="ore_64_8_v1_gt", + LEFTARG=ore_64_8_v1, + RIGHTARG=ore_64_8_v1, + COMMUTATOR = <, + NEGATOR = <=, + RESTRICT = scalargtsel, + JOIN = scalargtjoinsel +); + +CREATE OPERATOR < ( + PROCEDURE="ore_64_8_v1_lt", + LEFTARG=ore_64_8_v1, + RIGHTARG=ore_64_8_v1, + COMMUTATOR = >, + NEGATOR = >=, + RESTRICT = scalarltsel, + JOIN = scalarltjoinsel +); + +CREATE OPERATOR <= ( + PROCEDURE="ore_64_8_v1_lte", + LEFTARG=ore_64_8_v1, + RIGHTARG=ore_64_8_v1, + COMMUTATOR = >=, + NEGATOR = >, + RESTRICT = scalarlesel, + JOIN = scalarlejoinsel +); + +CREATE OPERATOR >= ( + PROCEDURE="ore_64_8_v1_gte", + LEFTARG=ore_64_8_v1, + RIGHTARG=ore_64_8_v1, + COMMUTATOR = <=, + NEGATOR = <, + RESTRICT = scalarlesel, + JOIN = scalarlejoinsel +); + +CREATE OPERATOR FAMILY ore_64_8_v1_btree_ops USING btree; +CREATE OPERATOR CLASS ore_64_8_v1_btree_ops DEFAULT FOR TYPE ore_64_8_v1 USING btree FAMILY ore_64_8_v1_btree_ops AS + OPERATOR 1 <, + OPERATOR 2 <=, + OPERATOR 3 =, + OPERATOR 4 >=, + OPERATOR 5 >, + FUNCTION 1 compare_ore_64_8_v1(a ore_64_8_v1, b ore_64_8_v1); diff --git a/sql/database-extensions/postgresql/uninstall.sql b/sql/database-extensions/postgresql/uninstall.sql new file mode 100644 index 00000000..453ae68b --- /dev/null +++ b/sql/database-extensions/postgresql/uninstall.sql @@ -0,0 +1,20 @@ +-- TODO: what happens if we try to uninstall a type which is in use? +DROP OPERATOR IF EXISTS = (ore_64_8_v1_term, ore_64_8_v1_term) CASCADE; +DROP OPERATOR IF EXISTS <> (ore_64_8_v1_term, ore_64_8_v1_term) CASCADE; +DROP OPERATOR IF EXISTS > (ore_64_8_v1_term, ore_64_8_v1_term) CASCADE; +DROP OPERATOR IF EXISTS < (ore_64_8_v1_term, ore_64_8_v1_term) CASCADE; +DROP OPERATOR IF EXISTS <= (ore_64_8_v1_term, ore_64_8_v1_term) CASCADE; +DROP OPERATOR IF EXISTS >= (ore_64_8_v1_term, ore_64_8_v1_term) CASCADE; +DROP OPERATOR CLASS IF EXISTS ore_64_8_v1_term_btree_ops USING btree CASCADE; +DROP OPERATOR FAMILY IF EXISTS ore_64_8_v1_term_btree_ops USING btree CASCADE; +DROP TYPE IF EXISTS ore_64_8_v1_term CASCADE; + +DROP OPERATOR IF EXISTS = (ore_64_8_v1, ore_64_8_v1) CASCADE; +DROP OPERATOR IF EXISTS <> (ore_64_8_v1, ore_64_8_v1) CASCADE; +DROP OPERATOR IF EXISTS > (ore_64_8_v1, ore_64_8_v1) CASCADE; +DROP OPERATOR IF EXISTS < (ore_64_8_v1, ore_64_8_v1) CASCADE; +DROP OPERATOR IF EXISTS <= (ore_64_8_v1, ore_64_8_v1) CASCADE; +DROP OPERATOR IF EXISTS >= (ore_64_8_v1, ore_64_8_v1) CASCADE; +DROP OPERATOR CLASS IF EXISTS ore_64_8_v1_btree_ops USING btree CASCADE; +DROP OPERATOR FAMILY IF EXISTS ore_64_8_v1_btree_ops USING btree CASCADE; +DROP TYPE IF EXISTS ore_64_8_v1 CASCADE; diff --git a/tasks/build.sh b/tasks/build.sh index 529d4d1e..09adaed5 100755 --- a/tasks/build.sh +++ b/tasks/build.sh @@ -13,40 +13,39 @@ mkdir -p release rm -f release/cipherstash-encrypt-uninstall.sql rm -f release/cipherstash-encrypt.sql - - -# ======================================================== -# Drop all operators first -cat sql/666-drop-operators.sql > release/cipherstash-encrypt-tmp-drop.sql - -# Collect all the drops into a single file +# Collect all the drops # In reverse order (tac) so that we drop the constraints before the tables -grep -h -E '^(DROP|ALTER DOMAIN [^ ]+ DROP CONSTRAINT)' sql/0*-*.sql | tac >> release/cipherstash-encrypt-tmp-drop.sql +grep -h -E '^(DROP)' sql/0*-*.sql | tac > release/cipherstash-encrypt-tmp-drop-install.sql +# types are always last +cat sql/666-drop_types.sql >> release/cipherstash-encrypt-tmp-drop-install.sql -# Drop types last -cat sql/666-drop-types.sql >> release/cipherstash-encrypt-tmp-drop.sql +# Build cipherstash-encrypt.sql +# drop everything first +cat sql/666-drop-operators.sql > release/cipherstash-encrypt.sql +cat release/cipherstash-encrypt-tmp-drop-install.sql >> release/cipherstash-encrypt.sql +# cat the rest of the sql files +cat sql/0*-*.sql >> release/cipherstash-encrypt.sql -# ======================================================== -# Create cipherstash-encrypt.sql -# Drop everything first -cat release/cipherstash-encrypt-tmp-drop.sql >> release/cipherstash-encrypt.sql +# Collect all the drops +# In reverse order (tac) so that we drop the constraints before the tables +grep -h -E '^(DROP|ALTER DOMAIN [^ ]+ DROP CONSTRAINT)' sql/0*-*.sql | tac > release/cipherstash-encrypt-tmp-drop-uninstall.sql +# types are always last +cat sql/666-drop_types.sql >> release/cipherstash-encrypt-tmp-drop-uninstall.sql -# Cat all the files -cat sql/0*-*.sql >> release/cipherstash-encrypt.sql +# Build cipherstash-encrypt-uninstall.sql +# prepend the drops to the main sql file +cat sql/666-drop-operators.sql >> release/cipherstash-encrypt-uninstall.sql +cat release/cipherstash-encrypt-tmp-drop-uninstall.sql >> release/cipherstash-encrypt-uninstall.sql -# ======================================================== -# Create uninstall -cat release/cipherstash-encrypt-tmp-drop.sql >> release/cipherstash-encrypt-uninstall.sql -# Adding configuration table rename +# uninstall renames configuration table cat sql/666-rename_configuration_table.sql >> release/cipherstash-encrypt-uninstall.sql - -# ======================================================== -# remove the tmp drop file -rm release/cipherstash-encrypt-tmp-drop.sql +# remove the drop file +rm release/cipherstash-encrypt-tmp-drop-install.sql +rm release/cipherstash-encrypt-tmp-drop-uninstall.sql set +x echo diff --git a/tasks/test.sh b/tasks/test.sh index 1393637d..175b1cb3 100755 --- a/tasks/test.sh +++ b/tasks/test.sh @@ -44,7 +44,6 @@ run_test tests/encryptindex.sql run_test tests/operators-eq.sql run_test tests/operators-match.sql run_test tests/operators-ore.sql -run_test tests/operators-ore-order.sql echo echo '###############################################' diff --git a/tests/core-functions.sql b/tests/core-functions.sql index 7e0c4ac2..792a7e3a 100644 --- a/tests/core-functions.sql +++ b/tests/core-functions.sql @@ -6,7 +6,7 @@ DO $$ ASSERT (SELECT EXISTS (SELECT cs_unique_v1('{"u": "u"}'::jsonb))); ASSERT (SELECT EXISTS (SELECT cs_match_v1('{"m": []}'::jsonb))); ASSERT (SELECT EXISTS (SELECT cs_ste_vec_v1('{"sv": [[]]}'::jsonb))); - ASSERT (SELECT EXISTS (SELECT cs_ore_64_8_v1('{"o": []}'::jsonb))); + ASSERT (SELECT EXISTS (SELECT cs_ore_64_8_v1('{"o": "()"}'::jsonb))); END; $$ LANGUAGE plpgsql; @@ -14,7 +14,7 @@ $$ LANGUAGE plpgsql; DO $$ BEGIN -- sanity check - PERFORM cs_ore_64_8_v1('{"o": []}'::jsonb); + PERFORM cs_ore_64_8_v1('{"o": "()"}'::jsonb); BEGIN PERFORM cs_ore_64_8_v1('{}'::jsonb); diff --git a/tests/operators-eq.sql b/tests/operators-eq.sql index 8a1ae803..ad51ee54 100644 --- a/tests/operators-eq.sql +++ b/tests/operators-eq.sql @@ -1,28 +1,37 @@ -\set ON_ERROR_STOP on - -DROP TABLE IF EXISTS encrypted; -CREATE TABLE encrypted +-- Create a table with a plaintext column +DROP TABLE IF EXISTS users; +CREATE TABLE users ( - id bigint, - encrypted_int2 cs_encrypted_v1, + id bigint GENERATED ALWAYS AS IDENTITY, + name_encrypted cs_encrypted_v1, PRIMARY KEY(id) ); -INSERT INTO encrypted (id, encrypted_int2) VALUES (99, '{"c": "99", "i": {"table": "encrypted", "column": "encrypted_int2"}, "k": "ct", "u": "unique-99", "o": ["121212121212594be28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd80132248f0640e89761a123fad8155748d764f347a29e059758575a770618ab6f82d06bad973c3fb62505d9749f4f8483c8d607c61bae7c75ef09add6d91b728449726534e65379f7b3442d2a4aa2b8c3cdb90311b53dc333bbf6b213949a8990b4300473985f60c09c6a91ac963c802e319c28bafc2be66eceb3f1924081724e44d173de2091251d1ea69ec827b94ea5ab63436f0701dd2bf299e1a66a22c4b44b32b88620949736e088bc3ec6e7974426e4b392ecece0e88a7acaf510322d1726da6bc9580dad3c8717619051c220d8654a35eb7fa0a6de4be0456522054f124bbb0bdda4bc177b35a6ca20bd996f3a3499ffd00c93d4705cc4bc05f428541c3adcc36f0b9b9aebc61a88cd4bad8f034dd4a483de9bd3291e4bee06449083c83e"], "v": 1}'); -INSERT INTO encrypted (id, encrypted_int2) VALUES (1, '{"c": "1", "i": {"table": "encrypted", "column": "encrypted_int2"}, "k": "ct", "u": "unique-1", "o": ["121212121212597ee28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801f6e268e7ba5a049613d57b000f03353a911cce15580808b5a5437e7fe5f4a303847b14979a77af448fac6f39255ec13a949c2378520af48d8e5562957fb84d5f0be62ff2cc4cb4c6de243df329c676af2a0581eb40cd20b63910213afab3fdd6dfe5dc727e051e917428f5d4bca5ccda5bda99f911abffd9e3fec8019c15dad79c485192eabfb16a91af1fa88cf196123c2a6ca46069bb468281b00294bb55e2a6adae2e6549d781d6beb4b5ae35b00eef0701678c1769551eff36ed1060571707244172d212d3e5f457333003f9f4c34e42e2fe7d1cd3367a701500fe0050cbda5d59363dd5a633fb2e067ccbc1db5c33ad25c1e96a62e774ee5672247b5856f48d88ad186e58492e891f32967139ec6fab5290f0f7d0fd6b9538b0669d1597"], "v": 1}'); + +INSERT INTO users (name_encrypted) VALUES ( + '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "u": "unique-text" + }'::jsonb +); -- UNIQUE eq = OPERATORS DO $$ BEGIN - - -- SANITY CHECK - ASSERT (SELECT EXISTS (SELECT id FROM encrypted WHERE cs_unique_v1(encrypted_int2) = cs_unique_v1('{"u":"unique-99"}'))); + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_unique_v1(name_encrypted) = cs_unique_v1('{"u":"unique-text"}'))); ASSERT (SELECT EXISTS ( - SELECT id FROM encrypted WHERE encrypted_int2 = '{ + SELECT id FROM users WHERE name_encrypted = '{ "v": 1, "k": "ct", "c": "ciphertext", @@ -30,29 +39,29 @@ DO $$ "t": "users", "c": "name" }, - "u": "unique-1" + "u": "unique-text" }'::jsonb )); -- cs_encrypted_v1 = jsonb ASSERT (SELECT EXISTS ( - SELECT id FROM encrypted WHERE encrypted_int2 = '{"u": "unique-1"}'::jsonb + SELECT id FROM users WHERE name_encrypted = '{"u": "unique-text"}'::jsonb )); -- jsonb = cs_encrypted_v1 ASSERT (SELECT EXISTS ( - SELECT id FROM encrypted WHERE '{"u": "unique-99"}'::jsonb = encrypted_int2 + SELECT id FROM users WHERE '{"u": "unique-text"}'::jsonb = name_encrypted )); -- cs_encrypted_v1 = text - ASSERT (SELECT EXISTS (SELECT id FROM encrypted WHERE encrypted_int2 = 'unique-1'::text)); - ASSERT (SELECT EXISTS (SELECT id FROM encrypted WHERE encrypted_int2 = 'unique-99'::cs_unique_index_v1)); + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted = 'unique-text'::text)); + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted = 'unique-text'::cs_unique_index_v1)); -- text = cs_encrypted_v1 - ASSERT (SELECT EXISTS (SELECT id FROM encrypted WHERE 'unique-1'::text = encrypted_int2)); + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE 'unique-text'::text = name_encrypted)); -- cs_encrypted_v1 = cs_encrypted_v1 - ASSERT (SELECT EXISTS (SELECT id FROM encrypted WHERE encrypted_int2 = '{ + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted = '{ "v": 1, "k": "ct", "c": "ciphertext", @@ -60,7 +69,7 @@ DO $$ "t": "users", "c": "name" }, - "u": "unique-99" + "u": "unique-text" }'::cs_encrypted_v1)); END; @@ -71,19 +80,19 @@ $$ LANGUAGE plpgsql; DO $$ BEGIN -- SANITY CHECK - ASSERT (SELECT EXISTS (SELECT id FROM encrypted WHERE cs_unique_v1(encrypted_int2) != cs_unique_v1('{"u":"random-text"}'))); - ASSERT (SELECT EXISTS (SELECT id FROM encrypted WHERE cs_unique_v1(encrypted_int2) <> cs_unique_v1('{"u":"random-text"}'))); + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_unique_v1(name_encrypted) != cs_unique_v1('{"u":"random-text"}'))); + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_unique_v1(name_encrypted) <> cs_unique_v1('{"u":"random-text"}'))); -- cs_encrypted_v1 = jsonb - ASSERT (SELECT EXISTS (SELECT id FROM encrypted WHERE encrypted_int2 != '{"u":"random-text"}'::jsonb)); - ASSERT (SELECT EXISTS (SELECT id FROM encrypted WHERE encrypted_int2 <> '{"u":"random-text"}'::jsonb)); + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted != '{"u":"random-text"}'::jsonb)); + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted <> '{"u":"random-text"}'::jsonb)); -- cs_encrypted_v1 = text - ASSERT (SELECT EXISTS (SELECT id FROM encrypted WHERE encrypted_int2 != 'random-text'::text)); - ASSERT (SELECT EXISTS (SELECT id FROM encrypted WHERE encrypted_int2 <> 'random-text'::text)); + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted != 'random-text'::text)); + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted <> 'random-text'::text)); -- cs_encrypted_v1 = cs_encrypted_v1 - ASSERT (SELECT EXISTS (SELECT id FROM encrypted WHERE encrypted_int2 != '{ + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted != '{ "v": 1, "k": "ct", "c": "ciphertext", @@ -94,7 +103,7 @@ DO $$ "u": "random-text" }'::cs_encrypted_v1)); - ASSERT (SELECT EXISTS (SELECT id FROM encrypted WHERE encrypted_int2 <> '{ + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted <> '{ "v": 1, "k": "ct", "c": "ciphertext", @@ -110,79 +119,149 @@ DO $$ $$ LANGUAGE plpgsql; +TRUNCATE TABLE users; + +-- +-- Example ORE values are generated from an array in the form `vec![0, 1, 2, 3, 4, 5]`; +-- +-- JSON values are JSON escaped on top of a PostgreSQL escaped Record +-- +-- PostgreSQL value is ("{""(\\""\\\\\\\\x000102030405\\"")""}") +-- +-- +INSERT INTO users (name_encrypted) VALUES ( + '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\\\\"\")\"\"}\")" + }'::jsonb +); -- ORE eq = OPERATORS DO $$ DECLARE - ore_cs_encrypted_99 cs_encrypted_v1; - ore_cs_encrypted_1 cs_encrypted_v1; - ore_json_1 jsonb; + ore_cs_encrypted cs_encrypted_v1; + ore_json jsonb; + ore_record text; BEGIN - ore_cs_encrypted_99 := '{"c": "mBbLe860@9!clJM`8VX}ip6ro6vMw{Dq=G8?vJ-CE`5o0g0Pv0hQuJcV39Iw$K9)4TCQzV|J#$hgIUyEYJyfuHY>a*_OoEFWo~0~d2n=PWM64+bTYs", "i": {"table": "encrypted", "column": "encrypted_int2"}, "k": "ct", "u": "unique-99", "o": ["121212121212594be28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd80132248f0640e89761a123fad8155748d764f347a29e059758575a770618ab6f82d06bad973c3fb62505d9749f4f8483c8d607c61bae7c75ef09add6d91b728449726534e65379f7b3442d2a4aa2b8c3cdb90311b53dc333bbf6b213949a8990b4300473985f60c09c6a91ac963c802e319c28bafc2be66eceb3f1924081724e44d173de2091251d1ea69ec827b94ea5ab63436f0701dd2bf299e1a66a22c4b44b32b88620949736e088bc3ec6e7974426e4b392ecece0e88a7acaf510322d1726da6bc9580dad3c8717619051c220d8654a35eb7fa0a6de4be0456522054f124bbb0bdda4bc177b35a6ca20bd996f3a3499ffd00c93d4705cc4bc05f428541c3adcc36f0b9b9aebc61a88cd4bad8f034dd4a483de9bd3291e4bee06449083c83e"], "u": "c787c0331d81d7609e828bab7b973ba88c95de0539d1a1d378b4d5cc73c3b875", "v": 1}'; + ore_cs_encrypted := '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\\\\"\")\"\"}\")" + }'; - ore_cs_encrypted_1 := '{"c": "1", "i": {"table": "encrypted", "column": "encrypted_int2"}, "k": "ct", "u": "unique-1", "o": ["121212121212597ee28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801f6e268e7ba5a049613d57b000f03353a911cce15580808b5a5437e7fe5f4a303847b14979a77af448fac6f39255ec13a949c2378520af48d8e5562957fb84d5f0be62ff2cc4cb4c6de243df329c676af2a0581eb40cd20b63910213afab3fdd6dfe5dc727e051e917428f5d4bca5ccda5bda99f911abffd9e3fec8019c15dad79c485192eabfb16a91af1fa88cf196123c2a6ca46069bb468281b00294bb55e2a6adae2e6549d781d6beb4b5ae35b00eef0701678c1769551eff36ed1060571707244172d212d3e5f457333003f9f4c34e42e2fe7d1cd3367a701500fe0050cbda5d59363dd5a633fb2e067ccbc1db5c33ad25c1e96a62e774ee5672247b5856f48d88ad186e58492e891f32967139ec6fab5290f0f7d0fd6b9538b0669d1597"], "u": "fd80b0e733ed4ff9fe71434b9474ae434863eb01ceff77d73736ac6600334de3", "v": 1}'; + ore_json := '{"o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\\\\"\")\"\"}\")"}'; - ore_json_1 := '{"o": ["121212121212597ee28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801f6e268e7ba5a049613d57b000f03353a911cce15580808b5a5437e7fe5f4a303847b14979a77af448fac6f39255ec13a949c2378520af48d8e5562957fb84d5f0be62ff2cc4cb4c6de243df329c676af2a0581eb40cd20b63910213afab3fdd6dfe5dc727e051e917428f5d4bca5ccda5bda99f911abffd9e3fec8019c15dad79c485192eabfb16a91af1fa88cf196123c2a6ca46069bb468281b00294bb55e2a6adae2e6549d781d6beb4b5ae35b00eef0701678c1769551eff36ed1060571707244172d212d3e5f457333003f9f4c34e42e2fe7d1cd3367a701500fe0050cbda5d59363dd5a633fb2e067ccbc1db5c33ad25c1e96a62e774ee5672247b5856f48d88ad186e58492e891f32967139ec6fab5290f0f7d0fd6b9538b0669d1597"]}'; + ore_record = '("{""(\\""\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\"")""}")'; -- SANITY CHECK - ASSERT (SELECT EXISTS (SELECT id FROM encrypted WHERE cs_ore_64_8_v1(encrypted_int2) = cs_ore_64_8_v1(ore_json_1))); + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_ore_64_8_v1(name_encrypted) = cs_ore_64_8_v1(ore_json))); ASSERT (SELECT EXISTS ( - SELECT id FROM encrypted WHERE encrypted_int2 = ore_cs_encrypted_99::jsonb + SELECT id FROM users WHERE name_encrypted = ore_cs_encrypted::jsonb )); -- -- cs_encrypted_v1 = jsonb ASSERT (SELECT EXISTS ( - SELECT id FROM encrypted WHERE encrypted_int2 = ore_json_1::jsonb + SELECT id FROM users WHERE name_encrypted = ore_json::jsonb )); -- -- jsonb = cs_encrypted_v1 ASSERT (SELECT EXISTS ( - SELECT id FROM encrypted WHERE ore_json_1::jsonb = encrypted_int2 + SELECT id FROM users WHERE ore_json::jsonb = name_encrypted )); + -- -- cs_encrypted_v1 = ore_64_8_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted = ore_record::ore_64_8_v1)); + + -- -- -- ore_64_8_v1 = cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE ore_record::ore_64_8_v1 = name_encrypted)); + -- -- -- cs_encrypted_v1 = cs_encrypted_v1 - ASSERT (SELECT EXISTS (SELECT id FROM encrypted WHERE encrypted_int2 = ore_cs_encrypted_1::cs_encrypted_v1)); + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted = ore_cs_encrypted::cs_encrypted_v1)); END; $$ LANGUAGE plpgsql; +TRUNCATE TABLE users; + +INSERT INTO users (name_encrypted) VALUES ( + '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\\\\"\")\"\"}\")" + }'::jsonb +); - --- ORE eq <> OPERATORS +-- ORE eq = OPERATORS DO $$ DECLARE - ore_cs_encrypted_99 cs_encrypted_v1; - ore_cs_encrypted_1 cs_encrypted_v1; - ore_json_1 jsonb; + ore_cs_encrypted cs_encrypted_v1; + ore_json jsonb; + ore_record text; BEGIN - ore_cs_encrypted_99 := '{"c": "mBbLe860@9!clJM`8VX}ip6ro6vMw{Dq=G8?vJ-CE`5o0g0Pv0hQuJcV39Iw$K9)4TCQzV|J#$hgIUyEYJyfuHY>a*_OoEFWo~0~d2n=PWM64+bTYs", "i": {"table": "encrypted", "column": "encrypted_int2"}, "k": "ct", "u": "unique-99", "o": ["121212121212594be28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd80132248f0640e89761a123fad8155748d764f347a29e059758575a770618ab6f82d06bad973c3fb62505d9749f4f8483c8d607c61bae7c75ef09add6d91b728449726534e65379f7b3442d2a4aa2b8c3cdb90311b53dc333bbf6b213949a8990b4300473985f60c09c6a91ac963c802e319c28bafc2be66eceb3f1924081724e44d173de2091251d1ea69ec827b94ea5ab63436f0701dd2bf299e1a66a22c4b44b32b88620949736e088bc3ec6e7974426e4b392ecece0e88a7acaf510322d1726da6bc9580dad3c8717619051c220d8654a35eb7fa0a6de4be0456522054f124bbb0bdda4bc177b35a6ca20bd996f3a3499ffd00c93d4705cc4bc05f428541c3adcc36f0b9b9aebc61a88cd4bad8f034dd4a483de9bd3291e4bee06449083c83e"], "u": "c787c0331d81d7609e828bab7b973ba88c95de0539d1a1d378b4d5cc73c3b875", "v": 1}'; + ore_cs_encrypted := '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x1212121212125932e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd8011f94b49eaa5fa5a60e1e2adccde4185a7d6c7f83088500b677f897d4ffc276016d614708488f407c01bd3ccf2be653269062cb97f8945a621d049277d19b1c248611f25d047038928d2efeb4323c402af4c19288c7b36911dc06639af5bb34367519b66c1f525bbd3828c12067c9c579aeeb4fb3ae0918125dc1dad5fd518019a5ae67894ce1a7f7bed1a591ba8edda2fdf4cd403761fd981fb1ea5eb0bf806f919350ee60cac16d0a39a491a4d79301781f95ea3870aea82e9946053537360b2fb415b18b61aed0af81d461ad6b923f10c0df79daddc4e279ff543a282bb3a37f9fa03238348b3dac51a453b04bced1f5bd318ddd829bdfe5f37abdbeda730e21441b818302f3c5c2c4d5657accfca4c53d7a80eb3db43946d38965be5f796b\\\\\"\")\"\"}\")" + }'; - ore_cs_encrypted_1 := '{"c": "1", "i": {"table": "encrypted", "column": "encrypted_int2"}, "k": "ct", "u": "unique-1", "o": ["121212121212597ee28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801f6e268e7ba5a049613d57b000f03353a911cce15580808b5a5437e7fe5f4a303847b14979a77af448fac6f39255ec13a949c2378520af48d8e5562957fb84d5f0be62ff2cc4cb4c6de243df329c676af2a0581eb40cd20b63910213afab3fdd6dfe5dc727e051e917428f5d4bca5ccda5bda99f911abffd9e3fec8019c15dad79c485192eabfb16a91af1fa88cf196123c2a6ca46069bb468281b00294bb55e2a6adae2e6549d781d6beb4b5ae35b00eef0701678c1769551eff36ed1060571707244172d212d3e5f457333003f9f4c34e42e2fe7d1cd3367a701500fe0050cbda5d59363dd5a633fb2e067ccbc1db5c33ad25c1e96a62e774ee5672247b5856f48d88ad186e58492e891f32967139ec6fab5290f0f7d0fd6b9538b0669d1597"], "u": "fd80b0e733ed4ff9fe71434b9474ae434863eb01ceff77d73736ac6600334de3", "v": 1}'; + ore_json := '{"o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x1212121212125932e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd8011f94b49eaa5fa5a60e1e2adccde4185a7d6c7f83088500b677f897d4ffc276016d614708488f407c01bd3ccf2be653269062cb97f8945a621d049277d19b1c248611f25d047038928d2efeb4323c402af4c19288c7b36911dc06639af5bb34367519b66c1f525bbd3828c12067c9c579aeeb4fb3ae0918125dc1dad5fd518019a5ae67894ce1a7f7bed1a591ba8edda2fdf4cd403761fd981fb1ea5eb0bf806f919350ee60cac16d0a39a491a4d79301781f95ea3870aea82e9946053537360b2fb415b18b61aed0af81d461ad6b923f10c0df79daddc4e279ff543a282bb3a37f9fa03238348b3dac51a453b04bced1f5bd318ddd829bdfe5f37abdbeda730e21441b818302f3c5c2c4d5657accfca4c53d7a80eb3db43946d38965be5f796b\\\\\"\")\"\"}\")"}'; - ore_json_1 := '{"o": ["121212121212597ee28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801f6e268e7ba5a049613d57b000f03353a911cce15580808b5a5437e7fe5f4a303847b14979a77af448fac6f39255ec13a949c2378520af48d8e5562957fb84d5f0be62ff2cc4cb4c6de243df329c676af2a0581eb40cd20b63910213afab3fdd6dfe5dc727e051e917428f5d4bca5ccda5bda99f911abffd9e3fec8019c15dad79c485192eabfb16a91af1fa88cf196123c2a6ca46069bb468281b00294bb55e2a6adae2e6549d781d6beb4b5ae35b00eef0701678c1769551eff36ed1060571707244172d212d3e5f457333003f9f4c34e42e2fe7d1cd3367a701500fe0050cbda5d59363dd5a633fb2e067ccbc1db5c33ad25c1e96a62e774ee5672247b5856f48d88ad186e58492e891f32967139ec6fab5290f0f7d0fd6b9538b0669d1597"]}'; + ore_record = '("{""(\\""\\\\\\\\x1212121212125932e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd8011f94b49eaa5fa5a60e1e2adccde4185a7d6c7f83088500b677f897d4ffc276016d614708488f407c01bd3ccf2be653269062cb97f8945a621d049277d19b1c248611f25d047038928d2efeb4323c402af4c19288c7b36911dc06639af5bb34367519b66c1f525bbd3828c12067c9c579aeeb4fb3ae0918125dc1dad5fd518019a5ae67894ce1a7f7bed1a591ba8edda2fdf4cd403761fd981fb1ea5eb0bf806f919350ee60cac16d0a39a491a4d79301781f95ea3870aea82e9946053537360b2fb415b18b61aed0af81d461ad6b923f10c0df79daddc4e279ff543a282bb3a37f9fa03238348b3dac51a453b04bced1f5bd318ddd829bdfe5f37abdbeda730e21441b818302f3c5c2c4d5657accfca4c53d7a80eb3db43946d38965be5f796b\\"")""}")'; -- SANITY CHECK - ASSERT (SELECT EXISTS (SELECT id FROM encrypted WHERE cs_ore_64_8_v1(encrypted_int2) <> cs_ore_64_8_v1(ore_json_1))); + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_ore_64_8_v1(name_encrypted) <> cs_ore_64_8_v1(ore_json))); ASSERT (SELECT EXISTS ( - SELECT id FROM encrypted WHERE encrypted_int2 <> ore_cs_encrypted_99::jsonb + SELECT id FROM users WHERE name_encrypted <> ore_cs_encrypted::jsonb )); - -- -- cs_encrypted_v1 = jsonb + -- -- -- cs_encrypted_v1 <> jsonb ASSERT (SELECT EXISTS ( - SELECT id FROM encrypted WHERE encrypted_int2 <> ore_json_1::jsonb + SELECT id FROM users WHERE name_encrypted <> ore_json::jsonb )); - -- -- jsonb = cs_encrypted_v1 + -- -- -- jsonb <> cs_encrypted_v1 ASSERT (SELECT EXISTS ( - SELECT id FROM encrypted WHERE ore_json_1::jsonb <> encrypted_int2 + SELECT id FROM users WHERE ore_json::jsonb <> name_encrypted )); - -- -- -- cs_encrypted_v1 = cs_encrypted_v1 - ASSERT (SELECT EXISTS (SELECT id FROM encrypted WHERE encrypted_int2 <> ore_cs_encrypted_1::cs_encrypted_v1)); + -- -- -- cs_encrypted_v1 <> ore_64_8_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted <> ore_record::ore_64_8_v1)); + + -- -- -- -- ore_64_8_v1 <> cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE ore_record::ore_64_8_v1 <> name_encrypted)); + + -- -- -- -- cs_encrypted_v1 <> cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted <> ore_cs_encrypted::cs_encrypted_v1)); END; $$ LANGUAGE plpgsql; + diff --git a/tests/operators-ore-order.sql b/tests/operators-ore-order.sql deleted file mode 100644 index 02fa32b8..00000000 --- a/tests/operators-ore-order.sql +++ /dev/null @@ -1,132 +0,0 @@ -\set ON_ERROR_STOP on - -DROP TABLE IF EXISTS encrypted; -CREATE TABLE encrypted -( - id bigint, - encrypted_int2 cs_encrypted_v1, - PRIMARY KEY(id) -); - -CREATE index ON encrypted (encrypted_int2 cs_encrypted_ore_64_8_v1_btree_ops_v1); - --- The value of encrypted_int2 == id -INSERT INTO encrypted (id, encrypted_int2) VALUES (99,'{"c": "99", "i": {"table": "encrypted", "column": "encrypted_int2"}, "k": "ct", "m": null, "o": ["121212121212594be28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd80132248f0640e89761a123fad8155748d764f347a29e059758575a770618ab6f82d06bad973c3fb62505d9749f4f8483c8d607c61bae7c75ef09add6d91b728449726534e65379f7b3442d2a4aa2b8c3cdb90311b53dc333bbf6b213949a8990b4300473985f60c09c6a91ac963c802e319c28bafc2be66eceb3f1924081724e44d173de2091251d1ea69ec827b94ea5ab63436f0701dd2bf299e1a66a22c4b44b32b88620949736e088bc3ec6e7974426e4b392ecece0e88a7acaf510322d1726da6bc9580dad3c8717619051c220d8654a35eb7fa0a6de4be0456522054f124bbb0bdda4bc177b35a6ca20bd996f3a3499ffd00c93d4705cc4bc05f428541c3adcc36f0b9b9aebc61a88cd4bad8f034dd4a483de9bd3291e4bee06449083c83e"], "u": "c787c0331d81d7609e828bab7b973ba88c95de0539d1a1d378b4d5cc73c3b875", "v": 1}'); -INSERT INTO encrypted (id, encrypted_int2) VALUES (5, '{"c": "5", "i": {"table": "encrypted", "column": "encrypted_int2"}, "k": "ct", "m": null, "o": ["121212121212591fe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801d7a2a8638edc950e921074126382a46da05655a5205c0d5196dec740f50d1fcfa8221cd9aa78fc7b6f276f0131f9a02734b0c3dba6ac1ce512718d8f31ec80caa7a1c3c852c67a5d22890bfd6e7099572fa9cd9dcafeae9c3ce4fb60a4cbe22174ff7f2a5d345215fb748524dcaad2e615e8922ae59280463d7b35821dfefe8821fbec700de11832019654aa521b043e15b242ac711f2552ee879b03f15e55bbf0e6a79e9c86f0c6067baf78ed84a7ffae447cb01157ffa9556e81fad25aaf1686f6e9a989f2c5f24d0011c3e86d7abf14ea16005bda2d59d803f5a609fa035ef072475a8cc5645490f3de2253fe4d4ebcd4825d48108f0f485c6b0f7c5ca963c9d3d4bd6e2d86163a26aff609fe2bb59b0da6ff623958179591d1ee62226a50"], "u": "cdd6248063d3431f3fe010c5728954fd62cbf42b0c515a9991bd4fc673604e26", "v": 1}'); -INSERT INTO encrypted (id, encrypted_int2) VALUES (6, '{"c": "6", "i": {"table": "encrypted", "column": "encrypted_int2"}, "k": "ct", "m": null, "o": ["121212121212599de28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801a6afd969a465c445ab35c15e7ef11eba3b65e765e52eb048019b0c2aec77012d71fff7b3d18b5b28e8cfce2901a2858b7aab627e07e69bb46c1503226ade5b0f8b77f21458d2cc1bcf99dd05da127be1c8cfc5323a18b6d53ba0715b5898a43cf1b05520d8957340d34ad49f778ff78afe974ba973c2460cdfd79ce9599915f4c95ec22f93231110bb3131aa7601a26589abd32f41845a977747163113a9395a82b3cee1f316bbe586b42e14130c870d6c731d0e499ecea7a1ef3f38fc7ef8ad43b52cf8dd7cf5723ddbfa1404717d0a0e63ef7be577b5a551aafcd9c28ecdef1cb2011cf468a1fff72b72264be1a6cc26d16a08e0bd0007ff0d09527f503e97c56f16e1efbf94c7318390c9e27eb92683a63ade0864376257a81d1cf9a97c73"], "u": "a97ec70e9e4cc5c6888f1f809ec4fa551aff8633d76cfb26bb20997d4d50ca91", "v": 1}'); -INSERT INTO encrypted (id, encrypted_int2) VALUES (7, '{"c": "7", "i": {"table": "encrypted", "column": "encrypted_int2"}, "k": "ct", "m": null, "o": ["1212121212125948e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801a901168d92ea2d7df254becc59888cf41530bacb77fa8c9aabe64574c246875cebd0c3ac7c8041d791d3091ba3b7083931be986a31d3c251479a2911c634aa1028f30852e6e213380a70a1c57bafe4467cbdd131e171c1136e2f8d144c8cd7a354edb93fe4f140b2e5a7c2d7ccfb2b77328d946ce2acbd6ddbfe50b81d2e1d4c5eacc3853876ae12ec4128332ff594c01309d32451d7a71913452476f1bb5af7b280bcb5bfa98e3c1a3d0e50ce58938b3c1fad0225ec051266ea8ac597a332313d023cc8b39732768e83feaca0ebe47c64684b192893e983c7be31489e86f3c99e76131e9e73c5733c4d79091f6182f9a4bc5b26ecf1dd8faa8124be2b87cfa7a589257aa63ac67f9d5046fc3be4feafc1f187dfa8fdb249110890aacdfdd53a"], "u": "28f3ec44eae678f9d0d8238c0b3a01a146d56ccc4c1125f0373d394c4e1e95f4", "v": 1}'); -INSERT INTO encrypted (id, encrypted_int2) VALUES (8, '{"c": "8", "i": {"table": "encrypted", "column": "encrypted_int2"}, "k": "ct", "m": null, "o": ["121212121212594ee28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801783caa0b75f5aa4c005b423d7518fd4ba385e489dabd945f2894e79a6109660602d6044ebff087093acc682aeadc5e303917d328f350b20396d48a115d0db162ea4dbf0b7f83acdaf576c06edf52168a8deb8e5458c5521a45d148ad5dfc8cb8f50e0943b2041918834d84daedac15d1d88e5cb3b0cbcd731c2fcad75719a5a81a6f7a423dd27c5d00fd7ad215d06e0b34969358486e8ecd089d5d4c614b56cd47e21ee0d07adf8c6a3770f21e239ca367cd97d4168054d3b8e09fdc7da862fa021aeb21929837959cc89c091fe4c7d42c4873edef63f0adad04abdcc1ac5e4c9c8622293c6c8399085f92a6f5cf037043ccac1f69b8626d0453dda0098b45aae708b99ef44edf3c41f6509e407f76756266260c40e5080fcc8719f1e2ffea46"], "u": "9e80a31275db9e5ebc9a254864971cdef2ca68b0047712d3d106d86516bcfc6a", "v": 1}'); -INSERT INTO encrypted (id, encrypted_int2) VALUES (9, '{"c": "9", "i": {"table": "encrypted", "column": "encrypted_int2"}, "k": "ct", "m": null, "o": ["12121212121259dae28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801357205e56d3cf91febac317b17108335156373777c7a0474b8bf8f3ca4a05681debfa5ca3c19c4d272209cf423f0414911cf80c4f5da0480e6865f0929c55deda9ed42f859be162e6f307552fa56ae91bb6a197222910d78847204e53df19046c99a5cd8282748a10fc73e04dd162296c3a2bf90d293c56277c2949cca4535f75ab268725c6614cdeb6f828eea6ed428acb3ec935e6793908217044ff3062d6194f79040a43d3951ed5786682672754e0cdd044a2d6f3ac0c02c9ac45917dca0ded737028f84a058799181a750d1f60e7f77ef31cf476ffa1c9ab25c5f02924814b5cb9bf3e59c2469de963e6253f4c80db37304b32c719615669fcc2b394782addf37041e1e31eafb6000ec5ec3d1ff87167eefef767ae5cee9cc593664f48c"], "u": "94ec6ec3b6a8acb4d1b94f0c3a4a7c6359b11ce5d8fd01a7e4474e5e7a0cca8b", "v": 1}'); -INSERT INTO encrypted (id, encrypted_int2) VALUES (1, '{"c": "1", "i": {"table": "encrypted", "column": "encrypted_int2"}, "k": "ct", "m": null, "o": ["121212121212597ee28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801f6e268e7ba5a049613d57b000f03353a911cce15580808b5a5437e7fe5f4a303847b14979a77af448fac6f39255ec13a949c2378520af48d8e5562957fb84d5f0be62ff2cc4cb4c6de243df329c676af2a0581eb40cd20b63910213afab3fdd6dfe5dc727e051e917428f5d4bca5ccda5bda99f911abffd9e3fec8019c15dad79c485192eabfb16a91af1fa88cf196123c2a6ca46069bb468281b00294bb55e2a6adae2e6549d781d6beb4b5ae35b00eef0701678c1769551eff36ed1060571707244172d212d3e5f457333003f9f4c34e42e2fe7d1cd3367a701500fe0050cbda5d59363dd5a633fb2e067ccbc1db5c33ad25c1e96a62e774ee5672247b5856f48d88ad186e58492e891f32967139ec6fab5290f0f7d0fd6b9538b0669d1597"], "u": "fd80b0e733ed4ff9fe71434b9474ae434863eb01ceff77d73736ac6600334de3", "v": 1}'); - - -DO $$ - DECLARE - ore_cs_encrypted_high cs_encrypted_v1; - ore_cs_encrypted_low cs_encrypted_v1; - ore_json_high jsonb; - ore_json_low jsonb; - result_id integer; - BEGIN - ore_cs_encrypted_high := '{"c": "99", "i": {"table": "encrypted", "column": "encrypted_int2"}, "k": "ct", "m": null, "o": ["121212121212594be28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd80132248f0640e89761a123fad8155748d764f347a29e059758575a770618ab6f82d06bad973c3fb62505d9749f4f8483c8d607c61bae7c75ef09add6d91b728449726534e65379f7b3442d2a4aa2b8c3cdb90311b53dc333bbf6b213949a8990b4300473985f60c09c6a91ac963c802e319c28bafc2be66eceb3f1924081724e44d173de2091251d1ea69ec827b94ea5ab63436f0701dd2bf299e1a66a22c4b44b32b88620949736e088bc3ec6e7974426e4b392ecece0e88a7acaf510322d1726da6bc9580dad3c8717619051c220d8654a35eb7fa0a6de4be0456522054f124bbb0bdda4bc177b35a6ca20bd996f3a3499ffd00c93d4705cc4bc05f428541c3adcc36f0b9b9aebc61a88cd4bad8f034dd4a483de9bd3291e4bee06449083c83e"], "u": "c787c0331d81d7609e828bab7b973ba88c95de0539d1a1d378b4d5cc73c3b875", "v": 1}'; - ore_cs_encrypted_low := '{"c": "1", "i": {"table": "encrypted", "column": "encrypted_int2"}, "k": "ct", "m": null, "o": ["121212121212597ee28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801f6e268e7ba5a049613d57b000f03353a911cce15580808b5a5437e7fe5f4a303847b14979a77af448fac6f39255ec13a949c2378520af48d8e5562957fb84d5f0be62ff2cc4cb4c6de243df329c676af2a0581eb40cd20b63910213afab3fdd6dfe5dc727e051e917428f5d4bca5ccda5bda99f911abffd9e3fec8019c15dad79c485192eabfb16a91af1fa88cf196123c2a6ca46069bb468281b00294bb55e2a6adae2e6549d781d6beb4b5ae35b00eef0701678c1769551eff36ed1060571707244172d212d3e5f457333003f9f4c34e42e2fe7d1cd3367a701500fe0050cbda5d59363dd5a633fb2e067ccbc1db5c33ad25c1e96a62e774ee5672247b5856f48d88ad186e58492e891f32967139ec6fab5290f0f7d0fd6b9538b0669d1597"], "u": "fd80b0e733ed4ff9fe71434b9474ae434863eb01ceff77d73736ac6600334de3", "v": 1}'; - - ore_json_high := '{"o": ["121212121212594be28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd80132248f0640e89761a123fad8155748d764f347a29e059758575a770618ab6f82d06bad973c3fb62505d9749f4f8483c8d607c61bae7c75ef09add6d91b728449726534e65379f7b3442d2a4aa2b8c3cdb90311b53dc333bbf6b213949a8990b4300473985f60c09c6a91ac963c802e319c28bafc2be66eceb3f1924081724e44d173de2091251d1ea69ec827b94ea5ab63436f0701dd2bf299e1a66a22c4b44b32b88620949736e088bc3ec6e7974426e4b392ecece0e88a7acaf510322d1726da6bc9580dad3c8717619051c220d8654a35eb7fa0a6de4be0456522054f124bbb0bdda4bc177b35a6ca20bd996f3a3499ffd00c93d4705cc4bc05f428541c3adcc36f0b9b9aebc61a88cd4bad8f034dd4a483de9bd3291e4bee06449083c83e"]}'; - ore_json_low := '{"o": ["121212121212597ee28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801f6e268e7ba5a049613d57b000f03353a911cce15580808b5a5437e7fe5f4a303847b14979a77af448fac6f39255ec13a949c2378520af48d8e5562957fb84d5f0be62ff2cc4cb4c6de243df329c676af2a0581eb40cd20b63910213afab3fdd6dfe5dc727e051e917428f5d4bca5ccda5bda99f911abffd9e3fec8019c15dad79c485192eabfb16a91af1fa88cf196123c2a6ca46069bb468281b00294bb55e2a6adae2e6549d781d6beb4b5ae35b00eef0701678c1769551eff36ed1060571707244172d212d3e5f457333003f9f4c34e42e2fe7d1cd3367a701500fe0050cbda5d59363dd5a633fb2e067ccbc1db5c33ad25c1e96a62e774ee5672247b5856f48d88ad186e58492e891f32967139ec6fab5290f0f7d0fd6b9538b0669d1597"]}'; - - - -- ------------------------------------------------------------------------------------------------ - - -- DESC - SELECT id FROM encrypted ORDER BY encrypted_int2 DESC LIMIT 1 - INTO result_id; - ASSERT result_id = 99; - - SELECT id FROM encrypted ORDER BY encrypted_int2 DESC LIMIT 1 OFFSET 1 - INTO result_id; - ASSERT result_id = 9; - - SELECT id FROM encrypted ORDER BY encrypted_int2 DESC LIMIT 1 OFFSET 2 - INTO result_id; - ASSERT result_id = 8; - - SELECT id FROM encrypted ORDER BY encrypted_int2 DESC LIMIT 1 OFFSET 3 - INTO result_id; - ASSERT result_id = 7; - - SELECT id FROM encrypted ORDER BY encrypted_int2 DESC LIMIT 1 OFFSET 4 - INTO result_id; - ASSERT result_id = 6; - - SELECT id FROM encrypted ORDER BY encrypted_int2 DESC LIMIT 1 OFFSET 5 - INTO result_id; - ASSERT result_id = 5; - - SELECT id FROM encrypted ORDER BY encrypted_int2 DESC LIMIT 1 OFFSET 6 - INTO result_id; - ASSERT result_id = 1; - - -- ASC - - SELECT id FROM encrypted ORDER BY encrypted_int2 ASC LIMIT 1 - INTO result_id; - ASSERT result_id = 1; - - SELECT id FROM encrypted ORDER BY encrypted_int2 ASC LIMIT 1 OFFSET 1 - INTO result_id; - ASSERT result_id = 5; - - SELECT id FROM encrypted ORDER BY encrypted_int2 ASC LIMIT 1 OFFSET 2 - INTO result_id; - ASSERT result_id = 6; - - SELECT id FROM encrypted ORDER BY encrypted_int2 ASC LIMIT 1 OFFSET 3 - INTO result_id; - ASSERT result_id = 7; - - SELECT id FROM encrypted ORDER BY encrypted_int2 ASC LIMIT 1 OFFSET 4 - INTO result_id; - ASSERT result_id = 8; - - SELECT id FROM encrypted ORDER BY encrypted_int2 ASC LIMIT 1 OFFSET 5 - INTO result_id; - ASSERT result_id = 9; - - SELECT id FROM encrypted ORDER BY encrypted_int2 ASC LIMIT 1 OFFSET 6 - INTO result_id; - ASSERT result_id = 99; - - - - SELECT id FROM encrypted - WHERE encrypted_int2 < ore_cs_encrypted_high - ORDER BY encrypted_int2 DESC LIMIT 1 - INTO result_id; - - ASSERT result_id = 9; - - SELECT id FROM encrypted - WHERE encrypted_int2 < ore_cs_encrypted_high - ORDER BY encrypted_int2 ASC LIMIT 1 - INTO result_id; - ASSERT result_id = 1; - - - SELECT id FROM encrypted - WHERE encrypted_int2 > ore_cs_encrypted_low - ORDER BY encrypted_int2 ASC LIMIT 1 - INTO result_id; - ASSERT result_id = 5; - - - SELECT id FROM encrypted - WHERE encrypted_int2 > ore_cs_encrypted_low - ORDER BY encrypted_int2 DESC LIMIT 1 - INTO result_id; - ASSERT result_id = 99; - - END; -$$ LANGUAGE plpgsql; - - -DROP TABLE IF EXISTS encrypted CASCADE; \ No newline at end of file diff --git a/tests/operators-ore.sql b/tests/operators-ore.sql index 18d58aa1..0494c559 100644 --- a/tests/operators-ore.sql +++ b/tests/operators-ore.sql @@ -1,159 +1,288 @@ \set ON_ERROR_STOP on -DROP TABLE IF EXISTS encrypted; -CREATE TABLE encrypted + +-- Create a table with a plaintext column +DROP TABLE IF EXISTS users; +CREATE TABLE users ( - id bigint, - encrypted_int2 cs_encrypted_v1, + id bigint GENERATED ALWAYS AS IDENTITY, + name_encrypted cs_encrypted_v1, PRIMARY KEY(id) ); --- The value of encrypted_int2 == id -INSERT INTO encrypted (id, encrypted_int2) VALUES (99, '{"c": "mBbLe860@9!clJM`8VX}ip6ro6vMw{Dq=G8?vJ-CE`5o0g0Pv0hQuJcV39Iw$K9)4TCQzV|J#$hgIUyEYJyfuHY>a*_OoEFWo~0~d2n=PWM64+bTYs", "i": {"table": "encrypted", "column": "encrypted_int2"}, "k": "ct", "m": null, "o": ["121212121212594be28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd80132248f0640e89761a123fad8155748d764f347a29e059758575a770618ab6f82d06bad973c3fb62505d9749f4f8483c8d607c61bae7c75ef09add6d91b728449726534e65379f7b3442d2a4aa2b8c3cdb90311b53dc333bbf6b213949a8990b4300473985f60c09c6a91ac963c802e319c28bafc2be66eceb3f1924081724e44d173de2091251d1ea69ec827b94ea5ab63436f0701dd2bf299e1a66a22c4b44b32b88620949736e088bc3ec6e7974426e4b392ecece0e88a7acaf510322d1726da6bc9580dad3c8717619051c220d8654a35eb7fa0a6de4be0456522054f124bbb0bdda4bc177b35a6ca20bd996f3a3499ffd00c93d4705cc4bc05f428541c3adcc36f0b9b9aebc61a88cd4bad8f034dd4a483de9bd3291e4bee06449083c83e"], "u": "c787c0331d81d7609e828bab7b973ba88c95de0539d1a1d378b4d5cc73c3b875", "v": 1}'); -INSERT INTO encrypted (id, encrypted_int2) VALUES (5, '{"c": "mBbLon>=7ftt`=*S&jse$4dOf6yJvdxSqSRPpFtGPlBHkz6(wFqQoGnB5@)Ov#bUqy)1tr`#7noWJgfu~pkXjCBx%`R~Qw6gyWo~0~d2n=PWM64+bTYs", "i": {"table": "encrypted", "column": "encrypted_int2"}, "k": "ct", "m": null, "o": ["1212121212125948e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801a901168d92ea2d7df254becc59888cf41530bacb77fa8c9aabe64574c246875cebd0c3ac7c8041d791d3091ba3b7083931be986a31d3c251479a2911c634aa1028f30852e6e213380a70a1c57bafe4467cbdd131e171c1136e2f8d144c8cd7a354edb93fe4f140b2e5a7c2d7ccfb2b77328d946ce2acbd6ddbfe50b81d2e1d4c5eacc3853876ae12ec4128332ff594c01309d32451d7a71913452476f1bb5af7b280bcb5bfa98e3c1a3d0e50ce58938b3c1fad0225ec051266ea8ac597a332313d023cc8b39732768e83feaca0ebe47c64684b192893e983c7be31489e86f3c99e76131e9e73c5733c4d79091f6182f9a4bc5b26ecf1dd8faa8124be2b87cfa7a589257aa63ac67f9d5046fc3be4feafc1f187dfa8fdb249110890aacdfdd53a"], "u": "28f3ec44eae678f9d0d8238c0b3a01a146d56ccc4c1125f0373d394c4e1e95f4", "v": 1}'); -INSERT INTO encrypted (id, encrypted_int2) VALUES (8, '{"c": "mBbJZ8KCF-%TLAttT!Kh)Bdx>6d*;f`!dvyxG>#+vD}RNtB2Us7sMbp(TSJniNkU`Hw$%;-2y!lE0z+OHrVk@cwi^L!sbglQ5m2>-BW9ogbyZjyIgeGg|W?{2@LgnyccSYi>kTA6xiNKsfTW>4X{HWg#UqTOMZ'o') AS elem(value); +-- User with "LOW" value +INSERT INTO users (name_encrypted) VALUES ( + '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\\\\"\")\"\"}\")" + }'::jsonb +); --- ORE LT < AND GT > OPERATORS +-- ORE eq < OPERATORS DO $$ DECLARE - ore_cs_encrypted_high cs_encrypted_v1; - ore_cs_encrypted_low cs_encrypted_v1; - ore_json_high jsonb; - ore_json_low jsonb; - row_count integer; + ore_cs_encrypted cs_encrypted_v1; + ore_json jsonb; + ore_record text; BEGIN - ore_cs_encrypted_high := '{"c": "mBbLe860@9!clJM`8VX}ip6ro6vMw{Dq=G8?vJ-CE`5o0g0Pv0hQuJcV39Iw$K9)4TCQzV|J#$hgIUyEYJyfuHY>a*_OoEFWo~0~d2n=PWM64+bTYs", "i": {"table": "encrypted", "column": "encrypted_int2"}, "k": "ct", "m": null, "o": ["121212121212594be28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd80132248f0640e89761a123fad8155748d764f347a29e059758575a770618ab6f82d06bad973c3fb62505d9749f4f8483c8d607c61bae7c75ef09add6d91b728449726534e65379f7b3442d2a4aa2b8c3cdb90311b53dc333bbf6b213949a8990b4300473985f60c09c6a91ac963c802e319c28bafc2be66eceb3f1924081724e44d173de2091251d1ea69ec827b94ea5ab63436f0701dd2bf299e1a66a22c4b44b32b88620949736e088bc3ec6e7974426e4b392ecece0e88a7acaf510322d1726da6bc9580dad3c8717619051c220d8654a35eb7fa0a6de4be0456522054f124bbb0bdda4bc177b35a6ca20bd996f3a3499ffd00c93d4705cc4bc05f428541c3adcc36f0b9b9aebc61a88cd4bad8f034dd4a483de9bd3291e4bee06449083c83e"], "u": "c787c0331d81d7609e828bab7b973ba88c95de0539d1a1d378b4d5cc73c3b875", "v": 1}'; - ore_cs_encrypted_low := '{"c": "mBbK6IM@r}>@LgnyccSYi>kTA6xiNKsfTW>4X{HWg#UqTOMZ cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted < ore_cs_encrypted::cs_encrypted_v1)); + + END; +$$ LANGUAGE plpgsql; - ASSERT row_count = 6; - -- -- cs_encrypted_v1 > cs_encrypted_v1 - SELECT - COUNT(id) - FROM encrypted WHERE encrypted_int2 > ore_cs_encrypted_low - INTO row_count; - ASSERT row_count = 6; - -- -- cs_encrypted_v1 > jsonb - SELECT - COUNT(id) - FROM encrypted WHERE encrypted_int2 > ore_json_low - INTO row_count; +-- ORE eq <= OPERATORS +DO $$ + DECLARE + ore_cs_encrypted cs_encrypted_v1; + ore_json jsonb; + ore_record text; + BEGIN + ore_cs_encrypted := '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x1212121212125932e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd8011f94b49eaa5fa5a60e1e2adccde4185a7d6c7f83088500b677f897d4ffc276016d614708488f407c01bd3ccf2be653269062cb97f8945a621d049277d19b1c248611f25d047038928d2efeb4323c402af4c19288c7b36911dc06639af5bb34367519b66c1f525bbd3828c12067c9c579aeeb4fb3ae0918125dc1dad5fd518019a5ae67894ce1a7f7bed1a591ba8edda2fdf4cd403761fd981fb1ea5eb0bf806f919350ee60cac16d0a39a491a4d79301781f95ea3870aea82e9946053537360b2fb415b18b61aed0af81d461ad6b923f10c0df79daddc4e279ff543a282bb3a37f9fa03238348b3dac51a453b04bced1f5bd318ddd829bdfe5f37abdbeda730e21441b818302f3c5c2c4d5657accfca4c53d7a80eb3db43946d38965be5f796b\\\\\"\")\"\"}\")" + }'; - ASSERT row_count = 6; + ore_json := '{"o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x1212121212125932e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd8011f94b49eaa5fa5a60e1e2adccde4185a7d6c7f83088500b677f897d4ffc276016d614708488f407c01bd3ccf2be653269062cb97f8945a621d049277d19b1c248611f25d047038928d2efeb4323c402af4c19288c7b36911dc06639af5bb34367519b66c1f525bbd3828c12067c9c579aeeb4fb3ae0918125dc1dad5fd518019a5ae67894ce1a7f7bed1a591ba8edda2fdf4cd403761fd981fb1ea5eb0bf806f919350ee60cac16d0a39a491a4d79301781f95ea3870aea82e9946053537360b2fb415b18b61aed0af81d461ad6b923f10c0df79daddc4e279ff543a282bb3a37f9fa03238348b3dac51a453b04bced1f5bd318ddd829bdfe5f37abdbeda730e21441b818302f3c5c2c4d5657accfca4c53d7a80eb3db43946d38965be5f796b\\\\\"\")\"\"}\")"}'; - -- -- jsonb > cs_encrypted_v1 - SELECT - COUNT(id) - FROM encrypted WHERE ore_json_low > encrypted_int2 - INTO row_count; + ore_record = '("{""(\\""\\\\\\\\x1212121212125932e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd8011f94b49eaa5fa5a60e1e2adccde4185a7d6c7f83088500b677f897d4ffc276016d614708488f407c01bd3ccf2be653269062cb97f8945a621d049277d19b1c248611f25d047038928d2efeb4323c402af4c19288c7b36911dc06639af5bb34367519b66c1f525bbd3828c12067c9c579aeeb4fb3ae0918125dc1dad5fd518019a5ae67894ce1a7f7bed1a591ba8edda2fdf4cd403761fd981fb1ea5eb0bf806f919350ee60cac16d0a39a491a4d79301781f95ea3870aea82e9946053537360b2fb415b18b61aed0af81d461ad6b923f10c0df79daddc4e279ff543a282bb3a37f9fa03238348b3dac51a453b04bced1f5bd318ddd829bdfe5f37abdbeda730e21441b818302f3c5c2c4d5657accfca4c53d7a80eb3db43946d38965be5f796b\\"")""}")'; - ASSERT row_count = 0; + -- SANITY CHECK + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_ore_64_8_v1(name_encrypted) <= cs_ore_64_8_v1(ore_json))); + + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE name_encrypted <= ore_cs_encrypted::jsonb + )); + + -- -- -- cs_encrypted_v1 <= jsonb + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE name_encrypted <= ore_json::jsonb + )); + + -- -- -- jsonb <= cs_encrypted_v1 + -- genrating ORE data for tests is fiddly, hence the IS FALSE here + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE (ore_json::jsonb <= name_encrypted) IS FALSE + )); + + -- -- -- -- cs_encrypted_v1 <= ore_64_8_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted <= ore_record::ore_64_8_v1)); + + -- -- -- -- -- ore_64_8_v1 <= cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE (ore_record::ore_64_8_v1 <= name_encrypted) IS FALSE)); + + -- -- -- -- cs_encrypted_v1 <= cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted <= ore_cs_encrypted::cs_encrypted_v1)); END; $$ LANGUAGE plpgsql; --- ORE LTE <= AND GTE >= OPERATORS + +-- User with "HIGH" value +INSERT INTO users (name_encrypted) VALUES ( + '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x1212121212125932e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd8011f94b49eaa5fa5a60e1e2adccde4185a7d6c7f83088500b677f897d4ffc276016d614708488f407c01bd3ccf2be653269062cb97f8945a621d049277d19b1c248611f25d047038928d2efeb4323c402af4c19288c7b36911dc06639af5bb34367519b66c1f525bbd3828c12067c9c579aeeb4fb3ae0918125dc1dad5fd518019a5ae67894ce1a7f7bed1a591ba8edda2fdf4cd403761fd981fb1ea5eb0bf806f919350ee60cac16d0a39a491a4d79301781f95ea3870aea82e9946053537360b2fb415b18b61aed0af81d461ad6b923f10c0df79daddc4e279ff543a282bb3a37f9fa03238348b3dac51a453b04bced1f5bd318ddd829bdfe5f37abdbeda730e21441b818302f3c5c2c4d5657accfca4c53d7a80eb3db43946d38965be5f796b\\\\\"\")\"\"}\")" + }'::jsonb +); + + + +-- ORE eq < OPERATORS DO $$ DECLARE - ore_cs_encrypted_high cs_encrypted_v1; - ore_cs_encrypted_low cs_encrypted_v1; - ore_json_high jsonb; - ore_json_low jsonb; - row_count integer; + ore_cs_encrypted cs_encrypted_v1; + ore_json jsonb; + ore_record text; BEGIN - ore_cs_encrypted_high := '{"c": "mBbLe860@9!clJM`8VX}ip6ro6vMw{Dq=G8?vJ-CE`5o0g0Pv0hQuJcV39Iw$K9)4TCQzV|J#$hgIUyEYJyfuHY>a*_OoEFWo~0~d2n=PWM64+bTYs", "i": {"table": "encrypted", "column": "encrypted_int2"}, "k": "ct", "m": null, "o": ["121212121212594be28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd80132248f0640e89761a123fad8155748d764f347a29e059758575a770618ab6f82d06bad973c3fb62505d9749f4f8483c8d607c61bae7c75ef09add6d91b728449726534e65379f7b3442d2a4aa2b8c3cdb90311b53dc333bbf6b213949a8990b4300473985f60c09c6a91ac963c802e319c28bafc2be66eceb3f1924081724e44d173de2091251d1ea69ec827b94ea5ab63436f0701dd2bf299e1a66a22c4b44b32b88620949736e088bc3ec6e7974426e4b392ecece0e88a7acaf510322d1726da6bc9580dad3c8717619051c220d8654a35eb7fa0a6de4be0456522054f124bbb0bdda4bc177b35a6ca20bd996f3a3499ffd00c93d4705cc4bc05f428541c3adcc36f0b9b9aebc61a88cd4bad8f034dd4a483de9bd3291e4bee06449083c83e"], "u": "c787c0331d81d7609e828bab7b973ba88c95de0539d1a1d378b4d5cc73c3b875", "v": 1}'; - ore_cs_encrypted_low := '{"c": "mBbK6IM@r}>@LgnyccSYi>kTA6xiNKsfTW>4X{HWg#UqTOMZ cs_ore_64_8_v1(ore_json))); - -- -- jsonb < cs_encrypted_v1 - SELECT - COUNT(id) - FROM encrypted WHERE encrypted_int2 <= ore_json_low - INTO row_count; + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE name_encrypted > ore_cs_encrypted::jsonb + )); - ASSERT row_count = 1; + -- -- -- cs_encrypted_v1 > jsonb + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE name_encrypted > ore_json::jsonb + )); + -- -- -- jsonb > cs_encrypted_v1 + -- genrating ORE data for tests is fiddly, hence the IS FALSE here + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE (ore_json::jsonb > name_encrypted) IS FALSE + )); - -- -- cs_encrypted_v1 >= cs_encrypted_v1 - SELECT - COUNT(id) - FROM encrypted WHERE encrypted_int2 >= ore_cs_encrypted_low - INTO row_count; - ASSERT row_count = 7; + -- -- -- -- cs_encrypted_v1 > ore_64_8_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted > ore_record::ore_64_8_v1)); - -- -- cs_encrypted_v1 > jsonb - SELECT - COUNT(id) - FROM encrypted WHERE encrypted_int2 >= ore_json_high - INTO row_count; + -- -- -- -- -- ore_64_8_v1 > cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE (ore_record::ore_64_8_v1 > name_encrypted) IS FALSE)); - ASSERT row_count = 1; + -- -- -- -- cs_encrypted_v1 >> cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted > ore_cs_encrypted::cs_encrypted_v1)); - -- -- jsonb >= cs_encrypted_v1 - SELECT - COUNT(id) - FROM encrypted WHERE ore_json_low >= encrypted_int2 - INTO row_count; + END; +$$ LANGUAGE plpgsql; + + + + +-- User with "HIGH" value +INSERT INTO users (name_encrypted) VALUES ( + '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x1212121212125932e28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd8011f94b49eaa5fa5a60e1e2adccde4185a7d6c7f83088500b677f897d4ffc276016d614708488f407c01bd3ccf2be653269062cb97f8945a621d049277d19b1c248611f25d047038928d2efeb4323c402af4c19288c7b36911dc06639af5bb34367519b66c1f525bbd3828c12067c9c579aeeb4fb3ae0918125dc1dad5fd518019a5ae67894ce1a7f7bed1a591ba8edda2fdf4cd403761fd981fb1ea5eb0bf806f919350ee60cac16d0a39a491a4d79301781f95ea3870aea82e9946053537360b2fb415b18b61aed0af81d461ad6b923f10c0df79daddc4e279ff543a282bb3a37f9fa03238348b3dac51a453b04bced1f5bd318ddd829bdfe5f37abdbeda730e21441b818302f3c5c2c4d5657accfca4c53d7a80eb3db43946d38965be5f796b\\\\\"\")\"\"}\")" + }'::jsonb +); + + + +-- ORE eq >= OPERATORS +DO $$ + DECLARE + ore_cs_encrypted cs_encrypted_v1; + ore_json jsonb; + ore_record text; + BEGIN + ore_cs_encrypted := '{ + "v": 1, + "k": "ct", + "c": "ciphertext", + "i": { + "t": "users", + "c": "name" + }, + "m": [1, 2, 3], + "o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\\\\"\")\"\"}\")" + }'; + + ore_json := '{"o":"(\"{\"\"(\\\\\"\"\\\\\\\\\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\\\\"\")\"\"}\")"}'; + + + ore_record = '("{""(\\""\\\\\\\\x12121212121259bfe28282d03415e7714fccd69eb7eb476c70743e485e20331f59cbc1c848dcdeda716f351eb20588c406a7df5fb8917ebf816739aa1414ac3b8498e493bf0badea5c9fdb3cc34da8b152b995957591880c523beb1d3f12487c38d18f62dd26209a727674e5a5fe3a3e3037860839afd801ff4a28b714e4cde8df10625dce72602fdbdcc53d515857f1119f5912804ce09c6cf6c2d37393a27a465134523b512664582f834e15003b7216cb668480bc3e7d1c069f2572ece7c848b9eb9a28b4e62bfc2b97c93e61b2054154e621c5bbb7bed37de3d7c343bd3dbcf7b4af20128c961351bf55910a855f08a8587c2059a5f05ca8d7a082e695b3dd4ff3ce86694d4fe98972220eea1ab90f5de493ef3a502b74a569f103ee2897ebc9ae9b16a17e7be67415ee830519beb3058ffc1c1eb0e574d66c8b365919f27eb00aa7bce475d7bdaad4ed800f8fc3d626e0eb842e312b0cc22a1ccf89847ebb2cd0a6e18aec21bd2deeec1c47301fc687f7f764bb882b50f553c246a6da5816b78b3530119ea68b08a8403a90e063e58502670563bd4d\\"")""}")'; + + -- SANITY CHECK + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE cs_ore_64_8_v1(name_encrypted) >= cs_ore_64_8_v1(ore_json))); - ASSERT row_count = 1; + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE name_encrypted >= ore_cs_encrypted::jsonb + )); + -- -- -- cs_encrypted_v1 >= jsonb + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE name_encrypted >= ore_json::jsonb + )); + + -- -- -- jsonb >= cs_encrypted_v1 + -- genrating ORE data for tests is fiddly, hence the IS FALSE here + ASSERT (SELECT EXISTS ( + SELECT id FROM users WHERE (ore_json::jsonb >= name_encrypted) IS FALSE + )); + + -- -- -- -- cs_encrypted_v1 >= ore_64_8_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted >= ore_record::ore_64_8_v1)); + + -- -- -- -- -- ore_64_8_v1 >= cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE (ore_record::ore_64_8_v1 >= name_encrypted) IS FALSE)); + + -- -- -- -- cs_encrypted_v1 >= cs_encrypted_v1 + ASSERT (SELECT EXISTS (SELECT id FROM users WHERE name_encrypted >= ore_cs_encrypted::cs_encrypted_v1)); END; $$ LANGUAGE plpgsql; -