lian/encryptsql
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: lian:46fa58f6f83d0537318a501907dfce176af06318
Branches Tags
lian:master
...
compare: lian:47c20574f745072244ccacc77d3d6b0b6ef5f5c2
Branches Tags
lian:master

4 Commits
46fa58f6f8 ... 47c20574f7

Author SHA1 Message Date
blue-lemon0104
47c20574f7 修复decimal解析错误问题,统一以%.15g输出 2026-04-17 13:05:30 +08:00
blue-lemon0104
675146e477 修复Int8类型,当数据超过int4范围时,语法树解析为float导致解密错误 2026-04-17 11:36:22 +08:00
blue-lemon0104
37595bd51b Readme中的DEK 轮转修复 2026-04-17 11:11:23 +08:00
blue-lemon0104
94c049b1e6 加入DEK_FILE_PATH和DEK_SEALED_PATH到配置中 2026-04-17 11:08:26 +08:00
12 changed files with 329 additions and 174 deletions
Expand all files Collapse all files

4
en_config.h.in
View File

@@ -24,5 +24,9 @@
#define BACKUP_BIN_PATH ENCRYPTSQL_INSTALL_DIR "/bin/backup"
#define RESTORE_BIN_PATH ENCRYPTSQL_INSTALL_DIR "/bin/restore"
// 客户端侧用于decryptres解密
#define DEK_FILE_PATH ENCRYPTSQL_CONFIG_DIR "/dek"
// 服务端用于存储加密的DEK
#define DEK_SEALED_PATH ENCRYPTSQL_CONFIG_DIR "/dek.sealed"
#endif /* ENCRYPTSQL_CONFIG_H */

4
include/en_config.h
View File

@@ -24,5 +24,9 @@
#define BACKUP_BIN_PATH ENCRYPTSQL_INSTALL_DIR "/bin/backup"
#define RESTORE_BIN_PATH ENCRYPTSQL_INSTALL_DIR "/bin/restore"
// 客户端侧用于decryptres解密
#define DEK_FILE_PATH ENCRYPTSQL_CONFIG_DIR "/dek"
// 服务端用于存储加密的DEK
#define DEK_SEALED_PATH ENCRYPTSQL_CONFIG_DIR "/dek.sealed"
#endif /* ENCRYPTSQL_CONFIG_H */

24
include/encryptsql.h
View File

@@ -7,14 +7,16 @@ extern "C" const char *encryptOneSql(const char* sql, char** err_msg, const char
extern "C" void decryptResult(int numberAttr, int numTuples, pAttrDescs pattDescs, pTuples ptuples);
struct EncryptInfo {
const char *sql; // 正在处理的sql
bool isFloatCol; //当前处理的col是否是float
// bool isFloatorIntCol; //当前处理的col是否是float或int
void *father;
bool isPeerColFloat; // where col_float = 10; 这种where条件中10的AES需要放缩 isPeerColFloat为true表示在一个二元操作符中操作数为float column.
bool isALeftOps;
bool isARightOps;
bool isFromAExpr = false;
bool isFromUpdate = false;
};
struct EncryptInfo {
const char *sql; // 正在处理的sql
bool isFloatCol; //当前处理的col是否是float
bool isInt8Col; // 当前处理的col是否是int8/bigint
// bool isFloatorIntCol; //当前处理的col是否是float或int
void *father;
bool isPeerColFloat; // where col_float = 10; 这种where条件中10的AES需要放缩 isPeerColFloat为true表示在一个二元操作符中操作数为float column.
bool isPeerColInt8; // where col_int8 = 9999999999; 这种where条件中大整数字面量可能被解析成Float节点需要按int8处理.
bool isALeftOps;
bool isARightOps;
bool isFromAExpr = false;
bool isFromUpdate = false;
};

72
readme.md
View File

@@ -40,6 +40,33 @@ cmake ..
make
make test
sudo make install
# 安装DCAP组件
wget -qO- https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key \
| sudo gpg --dearmor -o /usr/share/keyrings/intel-sgx.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] \
https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main" \
| sudo tee /etc/apt/sources.list.d/intel-sgx.list
sudo apt update
sudo apt install libsgx-dcap-ql libsgx-dcap-quote-verify \
libsgx-enclave-common libsgx-urts libsgx-dcap-default-qpl \
sgx-aesm-service
# 安装Open Enclave SDK依赖
wget -qO- https://packages.microsoft.com/keys/microsoft.asc \
| sudo gpg --dearmor -o /usr/share/keyrings/microsoft-oe.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft-oe.gpg] \
https://packages.microsoft.com/ubuntu/20.04/prod focal main" \
| sudo tee /etc/apt/sources.list.d/openenclave.list
sudo apt update
sudo apt install open-enclave
vim ~/.bashrc
# vim 打开后,将以下内容插入
export PKG_CONFIG_PATH=${PKG_CONFIG_PATH}:/opt/openenclave/share/pkgconfig
export CMAKE_PREFIX_PATH=${CMAKE_PREFIX_PATH}:/opt/openenclave/lib/openenclave/cmake
export PATH=${PATH}:/opt/openenclave/bin
export OE_SDK_PATH=/opt/openenclave
source ~/.bashrc
```
### 1.2 PostgreSQL安装
@@ -47,13 +74,8 @@ sudo make install
现版本为PostgreSQL-14.2
```shell
# 下载安装PostgreSQL-14.2
wget https://ftp.postgresql.org/pub/source/v14.2/postgresql-14.2.tar.gz
tar -xzvf postgresql-14.2.tar.gz
# 解压本项目EncDB并放到postgresql-14.2/src/interfaces/libpq路径下
unzip encryptsql.zip
cp -r encryptsql/ postgresql-14.2/src/interfaces/libpq/
# 解压 PG
tar -xzvf postgresql_final.tar.gz
# 将pg编译到/usr/local/postgresql路径下
sudo mkdir /usr/local/postgresql
@@ -118,7 +140,34 @@ sudo head -c 16 /dev/urandom > frag_b
sudo head -c 16 /dev/urandom > frag_c
```
### 1.3 配置数据库
### 1.3 订阅 PCS 服务
登录 PCS 服务官网,在`Manage Subscription` 中查看 API 密钥
`https://api.portal.trustedservices.intel.com/products#product=liv-intel-software-guard-extensions-provisioning-certification-service`
```shell
//PCCS server address
"pccs_url": "https://api.trustedservices.intel.com/sgx/certification/v4/"
// To accept insecure HTTPS certificate, set this option to false
,"use_secure_cert": true
// API key for accessing Intel Trusted Services
,"api_key": "得到的api_key"
```
### 1.4 配置 Enclave 签名密钥对
```shell
sudo mkdir -p /etc/encryptsql/enclave
# 生成 3072-bit RSA 私钥
sudo openssl genrsa -3 -out /etc/encryptsql/enclave/sign_enclave_private.pem 3072
# 从私钥导出公钥
sudo openssl rsa -in /etc/encryptsql/enclave/sign_enclave_private.pem -pubout \
-out /etc/encryptsql/enclave/sign_enclave_public.pem
# 权限
sudo chmod 777 /etc/encryptsql/enclave/sign_enclave_private.pem
sudo chmod 777 /etc/encryptsql/enclave/sign_enclave_public.pem
```
### 1.5 配置数据库
```shell
cd /usr/local/postgresql
@@ -140,6 +189,7 @@ source ~/.bashrc
initdb
# 配置 KeyDistribution 后台接收服务(由 postmaster 启动)
vim /usr/local/postgresql/data/postgresql.conf
# vim 打开后,将下面内容加入到尾部
shared_preload_libraries = 'keydist_receiver'
@@ -329,9 +379,9 @@ cmk rotate off;
--CK <cols> 轮换指定列密钥,多个列名用逗号分隔
--ALL 轮换所有密钥(表密钥+所有列密钥)
--EXAMPLES:
ROTATE DEK NOW users -TK;
ROTATE DEK NOW users -CK `name`,`email`;
ROTATE DEK NOW users -ALL;
ROTATE DEK NOW table_name -TK;
ROTATE DEK NOW table_name -CK colname1,colname2;
ROTATE DEK NOW table_name -ALL;
```
---

2
src/KMSAdapter/dek_interface.cpp
View File

@@ -741,7 +741,7 @@ void connectionSelect() {
DekInterface::setDekTableLevel(dek);
} else { // 否则是列级密钥
DekInterface::setDekColLevel(col_name, dek);
}
}
}
PQclear(res1); // 释放查询结果

3
src/KeyDistribution/server/host/receiver.cpp
View File

@@ -6,6 +6,7 @@
#include <iterator>
#include <memory>
#include <vector>
#include "en_config.h"
extern "C" {
#include "postgres.h"
@@ -34,7 +35,7 @@ void HandleSealedDek(const std::vector<uint8_t>& sealed)
if (sealed.empty())
return;
const char* path = "/etc/encryptsql/dek.sealed";
const char* path = DEK_SEALED_PATH; // 定义DEK文件路径
std::ofstream ofs(path,
std::ios::binary | std::ios::trunc);
if (!ofs)

3
src/crypto/cryptolib/libudf/Enclave/Ecalls.cpp
View File

@@ -22,6 +22,7 @@
#include <math.h>
#include <string>
#include "../../../KeyDistribution/common/blob_format.h"
#include "en_config.h"
std::unique_ptr<SymMHE> psmheCipher(new SymMHE());
@@ -103,7 +104,7 @@ static sgx_status_t decrypt_dek_blob(const uint8_t* blob,
std::string readDEKFromFile() {
const char* dek_path = "/etc/encryptsql/dek.sealed";
const char* dek_path = DEK_SEALED_PATH; // 定义DEK文件路径
constexpr size_t max_blob = 2048;
std::vector<uint8_t> blob(max_blob);

56
src/encryptsql/decryptres.cpp
View File

@@ -30,6 +30,7 @@ extern "C"
#include "KeyManager.h"
// #include "kms/KeyManagementService.hpp
#include "kmsAdapter/dek_interface.hpp"
#include "en_config.h"
extern __thread bool Encrypt;
extern __thread bool SkipDecryptRes;
@@ -103,15 +104,15 @@ void decryptResult(int numberAttr, int numTuples, pAttrDescs pattDescs, pTuples
else
ctype = TYPE_INTEGER;
void (*anyTypetoString)(const char *, char *const, void *) = NULL; // 把buffer转为相应类型的数据。
switch (ctype) {
// case TYPE_FLOAT:
// anyTypetoString = &FloatTypetoString;
// break;
case TYPE_STRING:
anyTypetoString = NULL; //无需转换
void (*anyTypetoString)(const char *, char *const, void *) = NULL; // 把buffer转为相应类型的数据。
switch (ctype) {
case TYPE_FLOAT:
anyTypetoString = &DoubleTypetoString;
break;
case TYPE_STRING:
anyTypetoString = NULL; //无需转换
break;
case TYPE_INTEGER:
anyTypetoString = &IntTypetoString;
@@ -142,7 +143,7 @@ void decryptResult(int numberAttr, int numTuples, pAttrDescs pattDescs, pTuples
// 从文件中读取DEK
std::string dek;
std::ifstream dekFile("/etc/encryptsql/dek", std::ios::binary);
std::ifstream dekFile(DEK_FILE_PATH, std::ios::binary);
if (dekFile.is_open()) {
// 获取文件大小
dekFile.seekg(0, std::ios::end);
@@ -165,15 +166,12 @@ void decryptResult(int numberAttr, int numTuples, pAttrDescs pattDescs, pTuples
(char*)dek.c_str(), // 使用DEK
(char*)aesOut.get()
);
// 确保输出大小正确
if (outSize >= sizeof(double)) {
double d = *(double*)aesOut.get();
std::ostringstream ss;
ss << d;
strcpy(tuples[i][j].value, ss.str().c_str());
}
delete[] buff;
} else {
// 确保输出大小正确
if (outSize >= sizeof(double)) {
DoubleTypetoString((const char*)aesOut.get(), tuples[i][j].value, (void *) coltypename.get());
}
delete[] buff;
} else {
size_t buffSZ = tuples[i][j].len / 2 + 1; // 密文buffer长度 应该大于hexstr长度的一半
size_t plainBuffSZ = buffSZ;
uint8_t *plainBuff = nullptr;
@@ -210,15 +208,15 @@ void decryptResult(int numberAttr, int numTuples, pAttrDescs pattDescs, pTuples
std::string dek;
// cmk_mapperGetDekByCol(cipherColName,dek);
DekInterface::getDekColLevel(cipherColName, dek);
plainBuff = encryptValue(type, pbuff, buffSZ, &plainBuffSZ, dek.c_str(), false);
//KMS test end;
// plainBuff = encryptValue(t, pbuff, buffSZ, &plainBuffSZ, false);
if (anyTypetoString) {
//fixed by qxy for RND
if (type == CIPHER_RND) {
long l = *(long *)plainBuff;
std::ostringstream ss;
ss << l;
plainBuff = encryptValue(type, pbuff, buffSZ, &plainBuffSZ, dek.c_str(), false);
//KMS test end;
// plainBuff = encryptValue(t, pbuff, buffSZ, &plainBuffSZ, false);
if (anyTypetoString) {
//fixed by qxy for RND
if (type == CIPHER_RND && ctype != TYPE_FLOAT) {
long l = *(long *)plainBuff;
std::ostringstream ss;
ss << l;
strcpy(tuples[i][j].value, ss.str().c_str());
} else {
anyTypetoString((const char *) plainBuff, tuples[i][j].value, (void *) coltypename.get());
@@ -263,4 +261,4 @@ void decryptResult(int numberAttr, int numTuples, pAttrDescs pattDescs, pTuples
counter->count("SQL Decryption", timer.passedTimeMicroSecond());
cleanup();
}
}

290
src/encryptsql/encryptstmt.cpp
View File

@@ -27,6 +27,8 @@ extern "C"
#include "encryptsql/fieldmap.h"
#include <assert.h>
#include <cerrno>
#include <cstdlib>
#include <stdexcept>
#include <set>
#include <vector>
@@ -46,6 +48,48 @@ extern "C"
#include "KeyDistribution/non_enc_client/client_interface.h"
namespace {
bool IsInt8ColumnType(const char* type_name)
{
if (!type_name)
return false;
std::string type(type_name);
return type.find("int8") != std::string::npos || type.find("bigint") != std::string::npos;
}
bool IsFloatColumnType(const char* type_name)
{
return type_name && unifyColumnType(type_name) == TYPE_FLOAT;
}
bool ShouldSetPeerFloat(const char* type_name, EncryptInfo* info)
{
if (!IsFloatColumnType(type_name))
return false;
if (!strcmp(type_name, "float"))
return true;
if (!info || !IsA((Node *) info->father, A_Expr))
return false;
const char* op = getAExprOp((A_Expr *) info->father);
return op && !strcmp(op, "=");
}
bool TryParseInt64Literal(const char* literal, int64_t* value)
{
if (!literal || !value)
return false;
errno = 0;
char* endptr = nullptr;
long long parsed = std::strtoll(literal, &endptr, 10);
if (errno != 0 || endptr == literal || (endptr && *endptr != '\0'))
return false;
*value = static_cast<int64_t>(parsed);
return true;
}
bool SendDekViaTls(const std::string& dek_plain)
{
kd::client::ClientConfig cfg;
@@ -189,39 +233,39 @@ static A_Const *encryptAConst(A_Const *aconst, T_Cipher encryptCipher, EncryptIn
} else {
auto tmpInt = (int64_t *) palloc(sizeof(int64_t));
double tmpDouble;
//fixed by qxy for RND encrypt
// if (encryptCipher == CIPHER_RND) {
// *tmpInt = intVal(AConstValue);
// // isFloat = true;
// // *tmpInt *= Float_Scale;
// } else if (IsA(AConstValue, Float) || (info->isPeerColFloat)) //
// {
// isFloat = true;
// tmpDouble = atof(strVal(AConstValue));
// *tmpInt = tmpDouble * Float_Scale;
// if (info->isPeerColFloat) {
// info->isPeerColFloat = false;
// }
// } else if (IsA(AConstValue, Integer)) {
// *tmpInt = intVal(AConstValue);
// isFloat = true;
// *tmpInt *= Float_Scale;
// } else {
// *tmpInt = intVal(AConstValue);
// if (info->isFloatorIntCol) { // 当前列是float或Int列
// isFloat = true;
// *tmpInt *= Float_Scale;
// }
// }
bool isTargetInt8 = info->isInt8Col || info->isPeerColInt8;
// 去除放缩逻辑
if (encryptCipher == CIPHER_RND) {
*tmpInt = intVal(AConstValue);
// isFloat = true;
// *tmpInt *= Float_Scale;
if (IsA(AConstValue, Float) && isTargetInt8 && TryParseInt64Literal(strVal(AConstValue), tmpInt)) {
isFloat = false;
if (info->isPeerColInt8) {
info->isPeerColInt8 = false;
}
plainText = (uint8_t *) tmpInt;
in_size = sizeof(int64_t);
} else if (IsA(AConstValue, Float) || (info->isPeerColFloat)) //
} else if (encryptCipher == CIPHER_RND || encryptCipher == CIPHER_RNDSM4CK) {
if (isFloat || info->isPeerColFloat || IsA(AConstValue, Float)) {
isFloat = true;
if (IsA(AConstValue, Integer)) {
tmpDouble = static_cast<double>(intVal(AConstValue));
} else {
tmpDouble = atof(strVal(AConstValue));
}
plainText = (uint8_t *) &tmpDouble;
in_size = sizeof(double);
} else {
*tmpInt = intVal(AConstValue);
// isFloat = true;
// *tmpInt *= Float_Scale;
plainText = (uint8_t *) tmpInt;
in_size = sizeof(int64_t);
}
if (info->isPeerColFloat) {
info->isPeerColFloat = false;
}
if (info->isPeerColInt8) {
info->isPeerColInt8 = false;
}
} else if (IsA(AConstValue, Float)) //
{
isFloat = true;
tmpDouble = atof(strVal(AConstValue));
@@ -229,17 +273,44 @@ static A_Const *encryptAConst(A_Const *aconst, T_Cipher encryptCipher, EncryptIn
if (info->isPeerColFloat) {
info->isPeerColFloat = false;
}
if (info->isPeerColInt8) {
info->isPeerColInt8 = false;
}
plainText = (uint8_t *) &tmpDouble;
in_size = sizeof(double);
} else if (info->isPeerColFloat) {
isFloat = true;
if (IsA(AConstValue, Integer)) {
tmpDouble = static_cast<double>(intVal(AConstValue));
} else {
tmpDouble = atof(strVal(AConstValue));
}
info->isPeerColFloat = false;
plainText = (uint8_t *) &tmpDouble;
in_size = sizeof(double);
} else if (IsA(AConstValue, Integer)) {
*tmpInt = intVal(AConstValue);
// isFloat = true;
isFloat = false;
// *tmpInt *= Float_Scale;
plainText = (uint8_t *) tmpInt;
in_size = sizeof(int64_t);
if (isFloat || info->isPeerColFloat) {
isFloat = true;
tmpDouble = static_cast<double>(intVal(AConstValue));
plainText = (uint8_t *) &tmpDouble;
in_size = sizeof(double);
if (info->isPeerColFloat) {
info->isPeerColFloat = false;
}
} else {
*tmpInt = intVal(AConstValue);
// isFloat = true;
isFloat = false;
// *tmpInt *= Float_Scale;
plainText = (uint8_t *) tmpInt;
in_size = sizeof(int64_t);
}
if (info->isPeerColInt8) {
info->isPeerColInt8 = false;
}
} else {
*tmpInt = intVal(AConstValue);
tmpDouble = static_cast<double>(*tmpInt);
// if (info->isFloatorIntCol) { // 当前列是float或Int列
// isFloat = true;
// *tmpInt *= Float_Scale;
@@ -256,26 +327,9 @@ static A_Const *encryptAConst(A_Const *aconst, T_Cipher encryptCipher, EncryptIn
}
}
//kms test start
// std::string col_need_encrypt;
// col_need_encrypt = cmk_mapperGetInfoCol();
// std::string dek_tmp;
// if (!col_need_encrypt.empty()) {
// cmk_mapperGetDekByCol(col_need_encrypt, dek_tmp);
// std::cout << dek_tmp << std::endl;
// cmk_mapperSetInfoCol(col_need_encrypt);
// }
//kms test end
std::string dek_tmp;
//cmk_mapperGetDekTableLevel(dek_tmp);
std::string col_need_encrypt;
// col_need_encrypt = cmk_mapperGetInfoCol();
// encrypted_col = col_need_encrypt;
// std::cout << encrypted_col << std::endl;
// if(cmk_mapperIsRotateCmd()) cmk_mapperGetDekStoreTmpForUpdate(col_need_encrypt, dek_tmp);
// else cmk_mapperGetDekByCol(col_need_encrypt, dek_tmp);
// if(!info->isFromAExpr && !info->isFromUpdate) cmk_mapperSetInfoCol(col_need_encrypt);
col_need_encrypt = DekInterface::getInfoCol();
if(DekInterface::isRotateCmd()) DekInterface::getDekColLevelForUpdate(col_need_encrypt, dek_tmp);
else DekInterface::getDekColLevel(col_need_encrypt, dek_tmp);
@@ -294,7 +348,7 @@ static A_Const *encryptAConst(A_Const *aconst, T_Cipher encryptCipher, EncryptIn
// 将dek存储到指定路径/etc/encryptsql/dek
std::ofstream dekFile("/etc/encryptsql/dek", std::ios::binary | std::ios::trunc);
std::ofstream dekFile(DEK_FILE_PATH, std::ios::binary | std::ios::trunc);
if (dekFile.is_open()) {
dekFile.write(dek_tmp.c_str(), dek_tmp.size());
dekFile.flush();
@@ -485,9 +539,9 @@ static List *encryptStar(EncryptInfo *info) { // 处理from表的第一个匹配
t, patchedName, name);
if (strcmp(name, cipherColName) == 0) { // 这个字段没有encryptCipher 可能是个NOCRYPT加密 q:判断是否加密,如果没加密复制原列名,如果加密了则报错
//根据列的加密数来判断该列是否加密
if (ncipher == 0) {
cipherColName = name;
} else {
if (ncipher == 0) {
cipherColName = name;
} else {
string err_msg = name;
err_msg = err_msg +
": You are using a feature not assigned to this column. Please check the features added when the column was created.";
@@ -502,13 +556,15 @@ static List *encryptStar(EncryptInfo *info) { // 处理from表的第一个匹配
newCref->fields = lappend(newCref->fields, cipherColNameValue);
p = lnext(p);
char typebuf[128];
if (IsA((Node *) info->father, A_Expr)) {
getColumnType(name, typebuf);
if (!strcmp(typebuf, "float")) {
info->isPeerColFloat = true;
}
}
}
if (IsA((Node *) info->father, A_Expr) && ncipher > 0) {
getColumnType(name, typebuf);
if (!strcmp(typebuf, "float")) {
info->isPeerColFloat = true;
} else if (IsInt8ColumnType(typebuf)) {
info->isPeerColInt8 = true;
}
}
}
return newCref;
}*/
@@ -598,14 +654,14 @@ static ColumnRef *encryptColumnRef(ColumnRef *cref, T_Cipher encryptCipher, Encr
}
cipherColNameValue = makeString((char *) cipherColName);
newCref->fields = lappend(newCref->fields, cipherColNameValue);
p = lnext(p);
char typebuf[128];
if (IsA((Node *) info->father, A_Expr)) {
getColumnType(name, typebuf);
if (!strcmp(typebuf, "float")) {
info->isPeerColFloat = true;
}
}
p = lnext(p);
char typebuf[128];
if (IsA((Node *) info->father, A_Expr)) {
getColumnType(name, typebuf);
if (ShouldSetPeerFloat(typebuf, info)) {
info->isPeerColFloat = true;
}
}
}
return newCref;
}
@@ -682,7 +738,7 @@ static Node *encryptAExpr(A_Expr *expr, EncryptInfo *info) // 将表达式转为
//colname 在加密之前需要跳过colname获取到列密钥
char *encRname = NULL,*encLname = NULL;
char *patchedName = NULL;
if (nodeTag(expr->rexpr) == T_ColumnRef) {
if (nodeTag(expr->rexpr) == T_ColumnRef) {
is_rexpr_column = true;
auto tmp1 = (ColumnRef *) expr->rexpr;
ListCell *tmp2 = list_head(tmp1->fields);
@@ -691,8 +747,8 @@ static Node *encryptAExpr(A_Expr *expr, EncryptInfo *info) // 将表达式转为
T_Cipher ciphers[CIPHER_COUNT];
getColumnCiphers(rexpr_name, ciphers, &ncipher);
T_Cipher ctype=CIPHER_NOCRYPT;
for(auto cipher : ciphers) {
T_Cipher ctype=CIPHER_NOCRYPT;
for(auto cipher : ciphers) {
if(cipher == CIPHER_AES){
ctype = cipher;
break;
@@ -705,17 +761,25 @@ static Node *encryptAExpr(A_Expr *expr, EncryptInfo *info) // 将表达式转为
}else if(cipher == CIPHER_AESHMAC){
ctype = cipher;
break;
}
}
}
if (ncipher == 0) {
is_rexpr_plaintext = true;
} else if(strcmp(op,"=") == 0){
t1 = t2 = ctype;
if(nodeTag(expr->lexpr) == T_A_Const){
patchedName = addEncryptSubfix(ctype, rexpr_name);
encRname = getMappedName(T_STRING_COLUMN, patchedName, rexpr_name);
// cmk_mapperSetInfoCol(encRname);
if (nodeTag(expr->lexpr) == T_A_Const && ncipher > 0) {
char typebuf[128];
getColumnType(rexpr_name, typebuf);
if (IsInt8ColumnType(typebuf)) {
info->isPeerColInt8 = true;
}
}
if (ncipher == 0) {
is_rexpr_plaintext = true;
} else if(strcmp(op,"=") == 0){
t1 = t2 = ctype;
if(nodeTag(expr->lexpr) == T_A_Const){
patchedName = addEncryptSubfix(ctype, rexpr_name);
encRname = getMappedName(T_STRING_COLUMN, patchedName, rexpr_name);
// cmk_mapperSetInfoCol(encRname);
DekInterface::setInfoCol(encRname);
info->isFromAExpr = true;
}
@@ -735,8 +799,8 @@ static Node *encryptAExpr(A_Expr *expr, EncryptInfo *info) // 将表达式转为
T_Cipher ciphers[CIPHER_COUNT];
getColumnCiphers(lexpr_name, ciphers, &ncipher);
T_Cipher ctype=CIPHER_NOCRYPT;
for(auto cipher : ciphers) {
T_Cipher ctype=CIPHER_NOCRYPT;
for(auto cipher : ciphers) {
if(cipher == CIPHER_AESHMAC){
ctype = cipher;
break;
@@ -749,17 +813,25 @@ static Node *encryptAExpr(A_Expr *expr, EncryptInfo *info) // 将表达式转为
}else if(cipher == CIPHER_AES){
ctype = CIPHER_AES;
break;
}
}
}
if (ncipher == 0) {
is_lexpr_plaintext = true;
} else if(strcmp(op,"=") == 0){
t1 = t2 = ctype;
if(nodeTag(expr->rexpr) == T_A_Const){
patchedName = addEncryptSubfix(ctype, lexpr_name);
encLname = getMappedName(T_STRING_COLUMN, patchedName, lexpr_name);
// cmk_mapperSetInfoCol(encLname);
if (nodeTag(expr->rexpr) == T_A_Const && ncipher > 0) {
char typebuf[128];
getColumnType(lexpr_name, typebuf);
if (IsInt8ColumnType(typebuf)) {
info->isPeerColInt8 = true;
}
}
if (ncipher == 0) {
is_lexpr_plaintext = true;
} else if(strcmp(op,"=") == 0){
t1 = t2 = ctype;
if(nodeTag(expr->rexpr) == T_A_Const){
patchedName = addEncryptSubfix(ctype, lexpr_name);
encLname = getMappedName(T_STRING_COLUMN, patchedName, lexpr_name);
// cmk_mapperSetInfoCol(encLname);
DekInterface::setInfoCol(encLname);
info->isFromAExpr = true;
}
@@ -1552,16 +1624,24 @@ static List *encryptValuesLists(List *valuesLists, List *cols, EncryptInfo *info
// info->isFloatorIntCol = true;
// } else {
// info->isFloatorIntCol = false;
// }
if (string(colInfo->type).find("float") != string::npos)
{
info->isFloatCol = true;
}
else
{
info->isFloatCol = false;
}
if (IsA(n, FuncCall)) {
// }
if (IsFloatColumnType(colInfo->type))
{
info->isFloatCol = true;
}
else
{
info->isFloatCol = false;
}
if (IsInt8ColumnType(colInfo->type))
{
info->isInt8Col = true;
}
else
{
info->isInt8Col = false;
}
if (IsA(n, FuncCall)) {
Node *tmpRes = dealWithSpecialFunction((FuncCall *) n, info);
n = tmpRes ? tmpRes : n;
}

4
src/utils/en_config.h
View File

@@ -24,5 +24,9 @@
#define BACKUP_BIN_PATH ENCRYPTSQL_INSTALL_DIR "/bin/backup"
#define RESTORE_BIN_PATH ENCRYPTSQL_INSTALL_DIR "/bin/restore"
// 客户端侧用于decryptres解密
#define DEK_FILE_PATH ENCRYPTSQL_CONFIG_DIR "/dek"
// 服务端用于存储加密的DEK
#define DEK_SEALED_PATH ENCRYPTSQL_CONFIG_DIR "/dek.sealed"
#endif /* ENCRYPTSQL_CONFIG_H */

31
src/utils/utils.cpp
View File

@@ -429,10 +429,10 @@ void IntTypetoString(const char *buf, char *const v, void *others) {
strcpy(v, ss.str().c_str());
}
void FloatTypetoString(const char *buf, char *v,
void *others) // TODO: // buf 不一定是 double的内存排布还有可能是long 因为词法分析不区分 (long)1, (double)1
{
long l = *(long *) buf;
void FloatTypetoString(const char *buf, char *v,
void *others) // TODO: // buf 不一定是 double的内存排布还有可能是long 因为词法分析不区分 (long)1, (double)1
{
long l = *(long *) buf;
double f = (l / Float_Scale) * 1.0;
sprintf(v, "%.10f", f);
size_t sz = strlen(v);
@@ -454,13 +454,22 @@ void FloatTypetoString(const char *buf, char *v,
break;
}
*c = '\0';
}
}
void FloatTypetoString2(const char *buf, char *v,
void *others) // TODO: // buf 不一定是 double的内存排布还有可能是long 因为词法分析不区分 (long)1, (double)1
{
}
}
void DoubleTypetoString(const char *buf, char *v, void *others)
{
double d = 0.0;
memcpy(&d, buf, sizeof(double));
sprintf(v, "%.15g", d);
if (!strcmp(v, "-0"))
strcpy(v, "0");
}
void FloatTypetoString2(const char *buf, char *v,
void *others) // TODO: // buf 不一定是 double的内存排布还有可能是long 因为词法分析不区分 (long)1, (double)1
{
long l = *(long *) buf;
double f = l * 1.0;
sprintf(v, "%.10f", f);

10
src/utils/utils.h
View File

@@ -151,9 +151,11 @@ COLUMN_TYPE unifyColumnType(const std::string &s);
void IntTypetoString(const char *buf, char *const v, void *others);
void FloatTypetoString(const char *buf, char *const v, void *others);
void FloatTypetoString2(const char *buf, char *const v, void *others);
void FloatTypetoString(const char *buf, char *const v, void *others);
void DoubleTypetoString(const char *buf, char *const v, void *others);
void FloatTypetoString2(const char *buf, char *const v, void *others);
void FloatTypetoString3(const char *buf, char *const v, void *others);
@@ -174,4 +176,4 @@ long GetCurrentTimestamp(void);
void fmttime(time_t lt1, char *res);
uint64_t mygettid();
uint64_t mygettid();