Documentation ¶
Index ¶
- type HashDecryptStore
- type HashQuery
- func (encryptor *HashQuery) ID() string
- func (encryptor *HashQuery) OnBind(ctx context.Context, statement sqlparser.Statement, values []base.BoundValue) ([]base.BoundValue, bool, error)
- func (encryptor *HashQuery) OnQuery(ctx context.Context, query base.OnQueryObject) (base.OnQueryObject, bool, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type HashDecryptStore ¶
type HashDecryptStore interface { keystore.HmacKeyStore keystore.DataEncryptorKeyStore }
HashDecryptStore that used by HashQuery
type HashQuery ¶
type HashQuery struct {
// contains filtered or unexported fields
}
HashQuery calculate hmac for data inside AcraStruct and change WHERE conditions to support searchable encryption
func NewMysqlHashQuery ¶
func NewMysqlHashQuery(keystore HashDecryptStore, schemaStore config.TableSchemaStore, processor base.ExtendedDataProcessor) *HashQuery
NewMysqlHashQuery return HashQuery with coder for mysql
func NewPostgresqlHashQuery ¶
func NewPostgresqlHashQuery(keystore HashDecryptStore, schemaStore config.TableSchemaStore, processor base.ExtendedDataProcessor) *HashQuery
NewPostgresqlHashQuery return HashQuery with coder for postgresql
func (*HashQuery) OnBind ¶
func (encryptor *HashQuery) OnBind(ctx context.Context, statement sqlparser.Statement, values []base.BoundValue) ([]base.BoundValue, bool, error)
OnBind processes bound values for prepared statements.
Searchable encryption rewrites WHERE clauses with equality comparisons like this:
WHERE column = 'value' ===> WHERE substring(column, 1, <HMAC_size>) = <HMAC('value')>
If the query is a parameterized prepared query then OnQuery() rewriting yields this:
WHERE column = $1 ===> WHERE substring(column, 1, <HMAC_size>) = $1
and actual "value" is passed via parameters, visible here in OnBind(). If that's the case, HMAC computation should be performed for relevant values.
func (*HashQuery) OnQuery ¶
func (encryptor *HashQuery) OnQuery(ctx context.Context, query base.OnQueryObject) (base.OnQueryObject, bool, error)
OnQuery processes query text before database sees it.
Searchable encryption rewrites WHERE clauses with equality comparisons like this:
WHERE column = 'value' ===> WHERE substring(column, 1, <HMAC_size>) = <HMAC('value')>
If the query is a parameterized prepared query then OnQuery() rewriting yields this:
WHERE column = $1 ===> WHERE substring(column, 1, <HMAC_size>) = $1
and actual "value" is passed via parameters later. See OnBind() for details.