diff --git a/docs/getting-started/schema-example.sql b/docs/getting-started/schema-example.sql index e1627419..a5089811 100644 --- a/docs/getting-started/schema-example.sql +++ b/docs/getting-started/schema-example.sql @@ -9,35 +9,35 @@ CREATE TABLE users ( encrypted_salary eql_v2_encrypted ); -SELECT cs_add_index_v1( +SELECT eql_v2.add_search_config( 'users', 'encrypted_email', 'unique', 'text' ); -SELECT cs_add_index_v1( +SELECT eql_v2.add_search_config( 'users', 'encrypted_email', 'match', 'text' ); -SELECT cs_add_index_v1( +SELECT eql_v2.add_search_config( 'users', 'encrypted_email', 'ore', 'text' ); -SELECT cs_add_index_v1( +SELECT eql_v2.add_search_config( 'users', 'encrypted_salary', 'ore', 'int' ); -SELECT cs_add_index_v1( +SELECT eql_v2.add_search_config( 'users', 'encrypted_dob', 'ore', diff --git a/docs/how-to.md b/docs/how-to.md index 0f8954e5..5ec502ac 100644 --- a/docs/how-to.md +++ b/docs/how-to.md @@ -189,7 +189,7 @@ In the previous step we created a table with an encrypted column, but without an Now you can add an encrypted index for that encrypted column: ```sql -SELECT cs_add_index_v1( +SELECT eql_v2.add_search_config( 'users', 'email', 'unique', @@ -204,14 +204,14 @@ This statement adds a `unique` index for the `email` column in the `users` table There are two other types of encrypted indexes you can use on `text` data: ```sql -SELECT cs_add_index_v1( +SELECT eql_v2.add_search_config( 'users', 'email', 'match', 'text' ); -SELECT cs_add_index_v1( +SELECT eql_v2.add_search_config( 'users', 'email', 'ore', diff --git a/mise.toml b/mise.toml index dcc62cbc..255e71b5 100644 --- a/mise.toml +++ b/mise.toml @@ -24,7 +24,7 @@ CS_PROXY__HOST = "proxy" # Misc DOCKER_CLI_HINTS = "false" # Please don't show us What's Next. -CS_EQL_VERSION = "eql-2.0.0" +CS_EQL_VERSION = "eql-2.0.1" [tools] "cargo:cargo-binstall" = "latest" diff --git a/packages/cipherstash-proxy/src/encrypt/mod.rs b/packages/cipherstash-proxy/src/encrypt/mod.rs index 826c3998..83896c23 100644 --- a/packages/cipherstash-proxy/src/encrypt/mod.rs +++ b/packages/cipherstash-proxy/src/encrypt/mod.rs @@ -291,12 +291,12 @@ fn to_eql_encrypted( body: EqlEncryptedBody { ciphertext, indexes: EqlEncryptedIndexes { - match_index, - ore_index, - unique_index, - blake3_index, - ore_cclw_fixed_index, - ore_cclw_var_index, + bloom_filter: match_index, + ore_block_u64_8_256: ore_index, + hmac_256: unique_index, + blake3: blake3_index, + ore_cllw_u64_8: ore_cclw_fixed_index, + ore_cllw_var_8: ore_cclw_var_index, selector, ste_vec_index: None, }, @@ -319,17 +319,17 @@ fn to_eql_encrypted( let indexes = match term { EncryptedSteVecTerm::Mac(bytes) => EqlEncryptedIndexes { selector: Some(hex::encode(tokenized_selector.as_bytes())), - blake3_index: Some(hex::encode(bytes)), + blake3: Some(hex::encode(bytes)), ..Default::default() }, EncryptedSteVecTerm::OreFixed(ore) => EqlEncryptedIndexes { selector: Some(hex::encode(tokenized_selector.as_bytes())), - ore_cclw_fixed_index: Some(hex::encode(&ore)), + ore_cllw_u64_8: Some(hex::encode(&ore)), ..Default::default() }, EncryptedSteVecTerm::OreVariable(ore) => EqlEncryptedIndexes { selector: Some(hex::encode(tokenized_selector.as_bytes())), - ore_cclw_var_index: Some(hex::encode(&ore)), + ore_cllw_var_8: Some(hex::encode(&ore)), ..Default::default() }, }; @@ -351,12 +351,12 @@ fn to_eql_encrypted( body: EqlEncryptedBody { ciphertext: ciphertext.clone(), indexes: EqlEncryptedIndexes { - match_index: None, - ore_index: None, - unique_index: None, - blake3_index: None, - ore_cclw_fixed_index: None, - ore_cclw_var_index: None, + bloom_filter: None, + ore_block_u64_8_256: None, + hmac_256: None, + blake3: None, + ore_cllw_u64_8: None, + ore_cllw_var_8: None, selector: None, ste_vec_index: Some(ste_vec_index), }, diff --git a/packages/cipherstash-proxy/src/eql/mod.rs b/packages/cipherstash-proxy/src/eql/mod.rs index e5ef20ea..222847ef 100644 --- a/packages/cipherstash-proxy/src/eql/mod.rs +++ b/packages/cipherstash-proxy/src/eql/mod.rs @@ -85,25 +85,32 @@ pub struct EqlEncryptedBody { pub(crate) is_array_item: Option, } +/// +/// EqlEncryptedIndexes +/// - null values should not be serialized +/// - the null carries through to the database as this is the EQL JSON format #[derive(Debug, Deserialize, Serialize, Default)] pub struct EqlEncryptedIndexes { - #[serde(rename = "o", skip_serializing_if = "Option::is_none")] - pub(crate) ore_index: Option>, - #[serde(rename = "m", skip_serializing_if = "Option::is_none")] - pub(crate) match_index: Option>, - #[serde(rename = "u", skip_serializing_if = "Option::is_none")] - pub(crate) unique_index: Option, + #[serde(rename = "ob", skip_serializing_if = "Option::is_none")] + pub(crate) ore_block_u64_8_256: Option>, + + #[serde(rename = "bf", skip_serializing_if = "Option::is_none")] + pub(crate) bloom_filter: Option>, + + #[serde(rename = "hm", skip_serializing_if = "Option::is_none")] + pub(crate) hmac_256: Option, #[serde(rename = "s", skip_serializing_if = "Option::is_none")] pub(crate) selector: Option, - #[serde(rename = "b", skip_serializing_if = "Option::is_none")] - pub(crate) blake3_index: Option, + #[serde(rename = "b3", skip_serializing_if = "Option::is_none")] + pub(crate) blake3: Option, #[serde(rename = "ocf", skip_serializing_if = "Option::is_none")] - pub(crate) ore_cclw_fixed_index: Option, + pub(crate) ore_cllw_u64_8: Option, + #[serde(rename = "ocv", skip_serializing_if = "Option::is_none")] - pub(crate) ore_cclw_var_index: Option, + pub(crate) ore_cllw_var_8: Option, #[serde(rename = "sv", skip_serializing_if = "Option::is_none")] pub(crate) ste_vec_index: Option>, @@ -157,13 +164,13 @@ mod tests { dataset_id: Some(Uuid::new_v4()), }, indexes: EqlEncryptedIndexes { - ore_index: None, - match_index: None, - unique_index: None, - blake3_index: None, + ore_block_u64_8_256: None, + bloom_filter: None, + hmac_256: None, + blake3: None, selector: None, - ore_cclw_fixed_index: None, - ore_cclw_var_index: None, + ore_cllw_u64_8: None, + ore_cllw_var_8: None, ste_vec_index: None, }, is_array_item: None, diff --git a/packages/eql-mapper/src/lib.rs b/packages/eql-mapper/src/lib.rs index be1a0e46..40adcc80 100644 --- a/packages/eql-mapper/src/lib.rs +++ b/packages/eql-mapper/src/lib.rs @@ -1352,7 +1352,7 @@ mod test { match typed.transform(HashMap::new()) { Ok(statement) => assert_eq!( statement.to_string(), - "SELECT eql_v2.grouped_value(email) AS email FROM users GROUP BY eql_v2.ore_64_8_v2(email)".to_string() + "SELECT eql_v2.grouped_value(email) AS email FROM users GROUP BY eql_v2.ore_block_u64_8_256(email)".to_string() ), Err(err) => panic!("transformation failed: {err}"), } diff --git a/packages/eql-mapper/src/transformation_rules/group_by_eql_col.rs b/packages/eql-mapper/src/transformation_rules/group_by_eql_col.rs index 78c2f1d6..717b00d1 100644 --- a/packages/eql-mapper/src/transformation_rules/group_by_eql_col.rs +++ b/packages/eql-mapper/src/transformation_rules/group_by_eql_col.rs @@ -40,7 +40,10 @@ impl<'ast> TransformationRule<'ast> for GroupByEqlCol<'ast> { *target_node = helpers::wrap_in_1_arg_function( transformed_expr, - ObjectName(vec![Ident::new("eql_v2"), Ident::new("ore_64_8_v2")]), + ObjectName(vec![ + Ident::new("eql_v2"), + Ident::new("ore_block_u64_8_256"), + ]), ); return Ok(true); diff --git a/packages/eql-mapper/src/transformation_rules/wrap_eql_cols_in_order_by_with_ore_fn.rs b/packages/eql-mapper/src/transformation_rules/wrap_eql_cols_in_order_by_with_ore_fn.rs index f899a84f..2cabb1d7 100644 --- a/packages/eql-mapper/src/transformation_rules/wrap_eql_cols_in_order_by_with_ore_fn.rs +++ b/packages/eql-mapper/src/transformation_rules/wrap_eql_cols_in_order_by_with_ore_fn.rs @@ -54,7 +54,10 @@ impl<'ast> TransformationRule<'ast> for WrapEqlColsInOrderByWithOreFn<'ast> { target_node.expr = wrap_in_1_arg_function( expr_to_wrap, - ObjectName(vec![Ident::new("eql_v2"), Ident::new("ore_64_8_v2")]), + ObjectName(vec![ + Ident::new("eql_v2"), + Ident::new("ore_block_u64_8_256"), + ]), ); return Ok(true); diff --git a/tests/sql/schema.sql b/tests/sql/schema.sql index b23cbf74..5109135f 100644 --- a/tests/sql/schema.sql +++ b/tests/sql/schema.sql @@ -31,77 +31,77 @@ CREATE TABLE unconfigured ( PRIMARY KEY(id) ); -SELECT eql_v2.add_index( +SELECT eql_v2.add_search_config( 'encrypted', 'encrypted_text', 'unique', 'text' ); -SELECT eql_v2.add_index( +SELECT eql_v2.add_search_config( 'encrypted', 'encrypted_text', 'match', 'text' ); -SELECT eql_v2.add_index( +SELECT eql_v2.add_search_config( 'encrypted', 'encrypted_text', 'ore', 'text' ); -SELECT eql_v2.add_index( +SELECT eql_v2.add_search_config( 'encrypted', 'encrypted_bool', 'unique', 'boolean' ); -SELECT eql_v2.add_index( +SELECT eql_v2.add_search_config( 'encrypted', 'encrypted_bool', 'ore', 'boolean' ); -SELECT eql_v2.add_index( +SELECT eql_v2.add_search_config( 'encrypted', 'encrypted_int2', 'unique', 'small_int' ); -SELECT eql_v2.add_index( +SELECT eql_v2.add_search_config( 'encrypted', 'encrypted_int2', 'ore', 'small_int' ); -SELECT eql_v2.add_index( +SELECT eql_v2.add_search_config( 'encrypted', 'encrypted_int4', 'unique', 'int' ); -SELECT eql_v2.add_index( +SELECT eql_v2.add_search_config( 'encrypted', 'encrypted_int4', 'ore', 'int' ); -SELECT eql_v2.add_index( +SELECT eql_v2.add_search_config( 'encrypted', 'encrypted_int8', 'unique', 'big_int' ); -SELECT eql_v2.add_index( +SELECT eql_v2.add_search_config( 'encrypted', 'encrypted_int8', 'ore', @@ -109,35 +109,35 @@ SELECT eql_v2.add_index( ); -SELECT eql_v2.add_index( +SELECT eql_v2.add_search_config( 'encrypted', 'encrypted_float8', 'unique', 'double' ); -SELECT eql_v2.add_index( +SELECT eql_v2.add_search_config( 'encrypted', 'encrypted_float8', 'ore', 'double' ); -SELECT eql_v2.add_index( +SELECT eql_v2.add_search_config( 'encrypted', 'encrypted_date', 'unique', 'date' ); -SELECT eql_v2.add_index( +SELECT eql_v2.add_search_config( 'encrypted', 'encrypted_date', 'ore', 'date' ); -SELECT eql_v2.add_index( +SELECT eql_v2.add_search_config( 'encrypted', 'encrypted_jsonb', 'ste_vec',