Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[draft] Refactor tce #66

Closed
wants to merge 15 commits into from
Closed

[draft] Refactor tce #66

wants to merge 15 commits into from

Conversation

ioguix
Copy link
Collaborator

@ioguix ioguix commented Jan 5, 2023

This is some code review and refactoring of the tce related code in pgsodium.

Changes:

  • add a full script extension to ease dev, audit and review
  • refactor the encryption triggers
  • refactor how the decryption views are generated
  • rename some functions and triggers

TODO:

  • add lots of TAP tests to check the extension objects created by both the full script extension and the incremental one
  • the incremental extension script need to be resynched
  • should the encryption trigger be security definer and deprecate crypto_aead_det_encrypt(bytea, bytea, uuid, bytea) or should it invoke crypto_aead_det_encrypt(bytea, bytea, uuid, bytea) (which is security definer)?

It fixes #55

@ioguix
Create v3.1.5 extension full SQL script
d6aafd2
@ioguix
Remove useless pgsodium.encrypted_columns
9abb536
@ioguix
Remove some useless vars
a4486ea
@ioguix
Spacing and indent
9d3803f
@ioguix
Set version to 3.2.0
93c696a
@ioguix
Merge branch 'main' into full_ext_script
df43228 
Resolv conflic about versions
@ioguix
merge 3.1.5 in 3.2.0
22f8adb
@ioguix
first functional refactored version
c094564
@ioguix
Fix
295a00f
@ioguix
Move fetching key meta data in its own func
c00a27d
@ioguix
Fix row visibility when calling create_key() from with an INSERT
ef63b3e 
The create_key() function is calling itself to create a new
parent_key when inserting a raw_key without existing parent_key
to encrypt it.
During the encryption trigger call, the newly created key was not
visible from SPI query to gather its meta datas, even though the
parent_key command is finished before the trigger fires.

This visibility mechanism is explained in this page:
https://www.postgresql.org/docs/current/spi-visibility.html
@ioguix
Fix compilation error with versions < 15
0e9c21a
@ioguix
Fix handling pgsodium.debug GUC in v13
7a9af14
@ioguix
Fix pgsodium_crypto_auth_hmacsha256_verify strictiness
73f4da8
@ioguix
Merge remote-tracking branch 'origin/main' into refactor_tce
c0d4028
@michelp michelp marked this pull request as draft January 5, 2023 16:10
@nik-ewf nik-ewf mentioned this pull request Feb 6, 2023
Open
@ioguix ioguix closed this Jun 21, 2023
@ioguix ioguix deleted the refactor_tce branch June 21, 2023 16:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

TCE: triggers recreated twice per column
1 participant
@ioguix