Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type HashDecryptStore ¶
type HashDecryptStore interface {
keystore.HmacKeyStore
keystore.DataEncryptorKeyStore
}
HashDecryptStore that used by HashQuery
type HashQuery ¶
type HashQuery struct {
// contains filtered or unexported fields
}
HashQuery calculate hmac for data inside AcraStruct and change WHERE conditions to support searchable encryption
func NewHashQuery ¶
func NewHashQuery(keystore HashDecryptStore, schemaStore config.TableSchemaStore, processor base.ExtendedDataProcessor) *HashQuery
NewHashQuery return HashQuery with coder for postgresql
func (*HashQuery) OnBind ¶
func (encryptor *HashQuery) OnBind(ctx context.Context, parseResult *pg_query.ParseResult, values []base.BoundValue) ([]base.BoundValue, bool, error)
OnBind processes bound values for prepared statements.
Searchable encryption rewrites WHERE clauses with equality comparisons like this:
WHERE column = 'value' ===> WHERE substring(column, 1, <HMAC_size>) = <HMAC('value')>
If the query is a parameterized prepared query then OnQuery() rewriting yields this:
WHERE column = $1 ===> WHERE substring(column, 1, <HMAC_size>) = $1
and actual "value" is passed via parameters, visible here in OnBind(). If that's the case, HMAC computation should be performed for relevant values.
func (*HashQuery) OnQuery ¶
func (encryptor *HashQuery) OnQuery(ctx context.Context, query postgresql.OnQueryObject) (postgresql.OnQueryObject, bool, error)
OnQuery processes query text before database sees it.
Searchable encryption rewrites WHERE clauses with equality comparisons like this:
WHERE column = 'value' ===> WHERE substring(column, 1, <HMAC_size>) = <HMAC('value')>
If the query is a parameterized prepared query then OnQuery() rewriting yields this:
WHERE column = $1 ===> WHERE substring(column, 1, <HMAC_size>) = $1
and actual "value" is passed via parameters later. See OnBind() for details.
Source Files