You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by da...@apache.org on 2020/04/09 16:28:21 UTC

[couchdb] branch davisp-aegis updated (6180fc9 -> 30d0953)

This is an automated email from the ASF dual-hosted git repository.

davisp pushed a change to branch davisp-aegis
in repository https://gitbox.apache.org/repos/asf/couchdb.git.


    from 6180fc9  Example aegis API usage
     new 464ca64  Add helper for not_found
     new 30d0953  Encrypt secondary index values

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 src/aegis/src/aegis.erl                 |  3 +++
 src/couch_views/src/couch_views_fdb.erl | 20 +++++++++++---------
 2 files changed, 14 insertions(+), 9 deletions(-)

[couchdb] 02/02: Encrypt secondary index values

Posted by da...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

davisp pushed a commit to branch davisp-aegis
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit 30d09532eb68aa133c4b0175c78a78e07b52965a
Author: Paul J. Davis <pa...@gmail.com>
AuthorDate: Thu Apr 9 11:27:50 2020 -0500

    Encrypt secondary index values
---
 src/couch_views/src/couch_views_fdb.erl | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/src/couch_views/src/couch_views_fdb.erl b/src/couch_views/src/couch_views_fdb.erl
index 3b008d4..3ee0cdb 100644
--- a/src/couch_views/src/couch_views_fdb.erl
+++ b/src/couch_views/src/couch_views_fdb.erl
@@ -70,7 +70,7 @@ get_creation_vs(TxDb, Sig) ->
         tx := Tx
     } = TxDb,
     Key = creation_vs_key(TxDb, Sig),
-    case erlfdb:wait(erlfdb:get(Tx, Key)) of
+    case aegis:decrypt(TxDb, Key, erlfdb:wait(erlfdb:get(Tx, Key))) of
         not_found ->
             not_found;
         EK ->
@@ -87,7 +87,7 @@ get_build_status(TxDb, #mrst{sig = Sig}) ->
         tx := Tx
     } = TxDb,
     Key = build_status_key(TxDb, Sig),
-    erlfdb:wait(erlfdb:get(Tx, Key)).
+    aegis:decrypt(TxDb, Key, erlfdb:wait(erlfdb:get(Tx, Key))).
 
 
 set_build_status(TxDb, #mrst{sig = Sig}, State) ->
@@ -96,7 +96,7 @@ set_build_status(TxDb, #mrst{sig = Sig}, State) ->
     } = TxDb,
 
     Key = build_status_key(TxDb, Sig),
-    ok = erlfdb:set(Tx, Key, State).
+    ok = erlfdb:set(Tx, Key, aegis:encrypt(Db, Key, State)).
 
 
 % View Build Sequence Access
@@ -109,7 +109,8 @@ get_update_seq(TxDb, #mrst{sig = Sig}) ->
         db_prefix := DbPrefix
     } = TxDb,
 
-    case erlfdb:wait(erlfdb:get(Tx, seq_key(DbPrefix, Sig))) of
+    Key = seq_key(DbPrefix, Sig),
+    case aegis:decrypt(TxDb, Key, erlfdb:wait(erlfdb:get(Tx, Key))) of
         not_found -> <<>>;
         UpdateSeq -> UpdateSeq
     end.
@@ -120,7 +121,8 @@ set_update_seq(TxDb, Sig, Seq) ->
         tx := Tx,
         db_prefix := DbPrefix
     } = TxDb,
-    ok = erlfdb:set(Tx, seq_key(DbPrefix, Sig), Seq).
+    Key = seq_key(DbPrefix, Sig),
+    ok = erlfdb:set(Tx, Key, aegis:encrypt(TxDb, Key, Seq)).
 
 
 get_row_count(TxDb, #mrst{sig = Sig}, ViewId) ->
@@ -158,7 +160,7 @@ fold_map_idx(TxDb, Sig, ViewId, Options, Callback, Acc0) ->
         callback => Callback,
         acc => Acc0
         },
-    Fun = fun fold_fwd/2,
+    Fun = aegis:wrap_fold_fun(TxDb, fun fold_fwd/2),
 
     #{
         acc := Acc1
@@ -283,7 +285,7 @@ update_id_idx(TxDb, Sig, ViewId, DocId, NewRows, KVSize) ->
 
     Key = id_idx_key(DbPrefix, Sig, DocId, ViewId),
     Val = couch_views_encoding:encode([length(NewRows), KVSize, Unique]),
-    ok = erlfdb:set(Tx, Key, Val).
+    ok = erlfdb:set(Tx, Key, aegis:encrypt(TxDb, Key, Val)).
 
 
 update_map_idx(TxDb, Sig, ViewId, DocId, ExistingKeys, NewRows) ->
@@ -303,7 +305,7 @@ update_map_idx(TxDb, Sig, ViewId, DocId, ExistingKeys, NewRows) ->
     lists:foreach(fun({DupeId, Key1, Key2, EV}) ->
         KK = map_idx_key(MapIdxPrefix, {Key1, DocId}, DupeId),
         Val = erlfdb_tuple:pack({Key2, EV}),
-        ok = erlfdb:set(Tx, KK, Val)
+        ok = erlfdb:set(Tx, KK, aegis:ecnrypt(TxDb, KK, Val))
     end, KVsToAdd).
 
 
@@ -318,7 +320,7 @@ get_view_keys(TxDb, Sig, DocId) ->
                 erlfdb_tuple:unpack(K, DbPrefix),
         [TotalKeys, TotalSize, UniqueKeys] = couch_views_encoding:decode(V),
         {ViewId, TotalKeys, TotalSize, UniqueKeys}
-    end, erlfdb:get_range(Tx, Start, End, [])).
+    end, aegis:decrypt(TxDb, erlfdb:get_range(Tx, Start, End, []))).
 
 
 update_row_count(TxDb, Sig, ViewId, Increment) ->

[couchdb] 01/02: Add helper for not_found

Posted by da...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

davisp pushed a commit to branch davisp-aegis
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit 464ca64193fbcebae1fe194f2e0726a33619e9a7
Author: Paul J. Davis <pa...@gmail.com>
AuthorDate: Thu Apr 9 11:27:40 2020 -0500

    Add helper for not_found
---
 src/aegis/src/aegis.erl | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/aegis/src/aegis.erl b/src/aegis/src/aegis.erl
index 9b4778d..b27f32a 100644
--- a/src/aegis/src/aegis.erl
+++ b/src/aegis/src/aegis.erl
@@ -89,6 +89,9 @@ encrypt(#{} = Db, Key, Value) ->
     <<1:8, CipherTag:128, CipherText/binary>>.
 
 
+decrypt(#{} = Db, Key, not_found) ->
+    not_found;
+
 decrypt(#{} = Db, Key, Value) when is_binary(Key), is_binary(Value) ->
     #{
         aegis_ctx = Ctx,