diff options
author | Paul J. Davis <paul.joseph.davis@gmail.com> | 2020-04-09 11:38:18 -0500 |
---|---|---|
committer | Paul J. Davis <paul.joseph.davis@gmail.com> | 2020-04-09 11:38:18 -0500 |
commit | 515cffa96a4b420c4647cdf4d70a2104c8fa7f70 (patch) | |
tree | 246e356ad7648aa7fd2c379574b255c4e7a767ea | |
parent | 30d09532eb68aa133c4b0175c78a78e07b52965a (diff) | |
download | couchdb-515cffa96a4b420c4647cdf4d70a2104c8fa7f70.tar.gz |
Make crypto configurablearchive/davisp-aegisdavisp-aegis
-rwxr-xr-x | configure | 1 | ||||
-rw-r--r-- | src/couch/rebar.config.script | 11 | ||||
-rw-r--r-- | src/couch_views/src/couch_views_fdb.erl | 14 | ||||
-rw-r--r-- | src/fabric/include/fabric2.hrl | 15 | ||||
-rw-r--r-- | src/fabric/src/fabric2_fdb.erl | 28 |
5 files changed, 47 insertions, 22 deletions
@@ -241,6 +241,7 @@ cat > $rootdir/config.erl << EOF {with_curl, $WITH_CURL}. {with_proper, $WITH_PROPER}. {erlang_md5, $ERLANG_MD5}. +{crypto_module, "$CRYPTO_MODULE"}. {spidermonkey_version, "$SM_VSN"}. EOF diff --git a/src/couch/rebar.config.script b/src/couch/rebar.config.script index 91e24d99e..7aba7d9fd 100644 --- a/src/couch/rebar.config.script +++ b/src/couch/rebar.config.script @@ -92,6 +92,15 @@ MD5Config = case lists:keyfind(erlang_md5, 1, CouchConfig) of [] end, +CryptoConfig = case lists:keyfind(crypto_module, 1, CouchConfig) of + {crypto_module, ""} -> + []; + {crypto_module, ModName} -> + [{d, 'CRYPTO_MODULE', list_to_atom(ModName)}]; + _ -> + [] +end, + ProperConfig = case code:lib_dir(proper) of {error, bad_name} -> []; _ -> [{d, 'WITH_PROPER'}] @@ -223,7 +232,7 @@ AddConfig = [ {d, 'COUCHDB_VERSION', Version}, {d, 'COUCHDB_GIT_SHA', GitSha}, {i, "../"} - ] ++ MD5Config ++ ProperConfig}, + ] ++ MD5Config ++ CryptoConfig ++ ProperConfig}, {port_env, PortEnvOverrides}, {eunit_compile_opts, PlatformDefines} ]. diff --git a/src/couch_views/src/couch_views_fdb.erl b/src/couch_views/src/couch_views_fdb.erl index 3ee0cdb02..d8b1c8c7d 100644 --- a/src/couch_views/src/couch_views_fdb.erl +++ b/src/couch_views/src/couch_views_fdb.erl @@ -70,7 +70,7 @@ get_creation_vs(TxDb, Sig) -> tx := Tx } = TxDb, Key = creation_vs_key(TxDb, Sig), - case aegis:decrypt(TxDb, Key, erlfdb:wait(erlfdb:get(Tx, Key))) of + case ?DECRYPT(TxDb, Key, erlfdb:wait(erlfdb:get(Tx, Key))) of not_found -> not_found; EK -> @@ -87,7 +87,7 @@ get_build_status(TxDb, #mrst{sig = Sig}) -> tx := Tx } = TxDb, Key = build_status_key(TxDb, Sig), - aegis:decrypt(TxDb, Key, erlfdb:wait(erlfdb:get(Tx, Key))). + ?DECRYPT(TxDb, Key, erlfdb:wait(erlfdb:get(Tx, Key))). set_build_status(TxDb, #mrst{sig = Sig}, State) -> @@ -96,7 +96,7 @@ set_build_status(TxDb, #mrst{sig = Sig}, State) -> } = TxDb, Key = build_status_key(TxDb, Sig), - ok = erlfdb:set(Tx, Key, aegis:encrypt(Db, Key, State)). + ok = erlfdb:set(Tx, Key, ?ENCRYPT(Db, Key, State)). % View Build Sequence Access @@ -110,7 +110,7 @@ get_update_seq(TxDb, #mrst{sig = Sig}) -> } = TxDb, Key = seq_key(DbPrefix, Sig), - case aegis:decrypt(TxDb, Key, erlfdb:wait(erlfdb:get(Tx, Key))) of + case ?DECRYPT(TxDb, Key, erlfdb:wait(erlfdb:get(Tx, Key))) of not_found -> <<>>; UpdateSeq -> UpdateSeq end. @@ -122,7 +122,7 @@ set_update_seq(TxDb, Sig, Seq) -> db_prefix := DbPrefix } = TxDb, Key = seq_key(DbPrefix, Sig), - ok = erlfdb:set(Tx, Key, aegis:encrypt(TxDb, Key, Seq)). + ok = erlfdb:set(Tx, Key, ?ENCRYPT(TxDb, Key, Seq)). get_row_count(TxDb, #mrst{sig = Sig}, ViewId) -> @@ -285,7 +285,7 @@ update_id_idx(TxDb, Sig, ViewId, DocId, NewRows, KVSize) -> Key = id_idx_key(DbPrefix, Sig, DocId, ViewId), Val = couch_views_encoding:encode([length(NewRows), KVSize, Unique]), - ok = erlfdb:set(Tx, Key, aegis:encrypt(TxDb, Key, Val)). + ok = erlfdb:set(Tx, Key, ?ENCRYPT(TxDb, Key, Val)). update_map_idx(TxDb, Sig, ViewId, DocId, ExistingKeys, NewRows) -> @@ -320,7 +320,7 @@ get_view_keys(TxDb, Sig, DocId) -> erlfdb_tuple:unpack(K, DbPrefix), [TotalKeys, TotalSize, UniqueKeys] = couch_views_encoding:decode(V), {ViewId, TotalKeys, TotalSize, UniqueKeys} - end, aegis:decrypt(TxDb, erlfdb:get_range(Tx, Start, End, []))). + end, ?CRYPTO:decrypt(TxDb, erlfdb:get_range(Tx, Start, End, []))). update_row_count(TxDb, Sig, ViewId, Increment) -> diff --git a/src/fabric/include/fabric2.hrl b/src/fabric/include/fabric2.hrl index 0c0757567..6468ffb8d 100644 --- a/src/fabric/include/fabric2.hrl +++ b/src/fabric/include/fabric2.hrl @@ -42,6 +42,21 @@ -define(DB_SEARCH, 27). +-ifdef(CRYPTO_MODULE). +-define(?ENCRYPT_CREATE(Db), ?CRYPTO_MODULE:create(Db)). +-define(?ENCRYPT_OPEN(Db), ?CRYPTO_MODULE:open(Db)). +-define(?ENCRYPT(Db, Key, Value), ?CRYPTO_MODULE:encrypt(Db, Key, Value)). +-define(?DECRYPT(Db, Key, Value), ?CRYPTO_MODULE:decrupt(Db, Key, Value)). +-define(?DECRYPT(Db, Object), ?CRYPTO_MODULE:decrypt(Db, Object)). +-else. +-define(?ENCRYPT_CREATE(Db), Db). +-define(?ENCRYPT_OPEN(Db), Db). +-define(?ENCRYPT(Db, Key, Value), Value). +-define(?DECRYPT(Db, Key, Value), Value). +-define(?DECRYPT(Db, Object), Object). +-endif. + + % Versions % 0 - Initial implementation diff --git a/src/fabric/src/fabric2_fdb.erl b/src/fabric/src/fabric2_fdb.erl index 9259d9c77..0586d653e 100644 --- a/src/fabric/src/fabric2_fdb.erl +++ b/src/fabric/src/fabric2_fdb.erl @@ -236,7 +236,7 @@ create(#{} = Db0, Options) -> db_options => Options1 }, - aegis:create(Db2). + ?CRYPTO_CREATE(Db2). open(#{} = Db0, Options) -> @@ -281,7 +281,7 @@ open(#{} = Db0, Options) -> }, Db3 = load_config(Db2), - Db4 = aegis:open(Db3), + Db4 = ?CRYPTO_OPEN(Db3), case {UUID, Db4} of {undefined, _} -> ok; @@ -545,7 +545,7 @@ get_all_revs(#{} = Db, DocId) -> Key = erlfdb_tuple:unpack(K, DbPrefix), Val = erlfdb_tuple:unpack(V), fdb_to_revinfo(Key, Val) - end, aegis:decrypt(Db, erlfdb:wait(Future))) + end, ?DECRYPT(Db, erlfdb:wait(Future))) end). @@ -596,7 +596,7 @@ get_non_deleted_rev(#{} = Db, DocId, RevId) -> not_found -> not_found; Val -> - Decrypted = aegis:decrypt(Db, Key, Value), + Decrypted = ?DECRYPT(Db, Key, Value), fdb_to_revinfo(BaseKey, erlfdb_tuple:unpack(Decrypted)) end. @@ -650,11 +650,11 @@ get_local_doc(#{} = Db0, <<?LOCAL_DOC_PREFIX, _/binary>> = DocId) -> } = Db = ensure_current(Db0), Key = erlfdb_tuple:pack({?DB_LOCAL_DOCS, DocId}, DbPrefix), - Rev = aegis:decrypt(Db, Key, erlfdb:wait(erlfdb:get(Tx, Key))), + Rev = ?DECRYPT(Db, Key, erlfdb:wait(erlfdb:get(Tx, Key))), Prefix = erlfdb_tuple:pack({?DB_LOCAL_DOC_BODIES, DocId}, DbPrefix), Future = erlfdb:get_range_startswith(Tx, Prefix), - {_, Chunks} = lists:unzip(aegis:decrypt(Db, erlfdb:wait(Future))), + {_, Chunks} = lists:unzip(?DECRYPT(Db, erlfdb:wait(Future))), fdb_to_local_doc(Db, DocId, Rev, Chunks). @@ -747,7 +747,7 @@ write_doc(#{} = Db0, Doc, NewWinner0, OldWinner, ToUpdate, ToRemove) -> lists:foreach(fun(RI0) -> RI = RI0#{winner := false}, {K, V, undefined} = revinfo_to_fdb(Tx, DbPrefix, DocId, RI), - ok = erlfdb:set(Tx, K, aegis:encrypt(Db, K, V)) + ok = erlfdb:set(Tx, K, ?ENCRYPT(Db, K, V)) end, ToUpdate), lists:foreach(fun(RI0) -> @@ -785,7 +785,7 @@ write_doc(#{} = Db0, Doc, NewWinner0, OldWinner, ToUpdate, ToRemove) -> _ -> ADKey = erlfdb_tuple:pack({?DB_ALL_DOCS, DocId}, DbPrefix), ADVal = erlfdb_tuple:pack(NewRevId), - ok = erlfdb:set(Tx, ADKey, aegis:encrypt(Db, ADKey, ADVal)) + ok = erlfdb:set(Tx, ADKey, ?ENCRYPT(Db, ADKey, ADVal)) end, % _changes @@ -860,7 +860,7 @@ write_local_doc(#{} = Db0, Doc) -> {LDocKey, LDocVal, NewSize, Rows} = local_doc_to_fdb(Db, Doc), - PrevVsn = aegis:decrypt(Db, LDocKey, erlfdb:wait(erlfdb:get(Tx, LDocKey))), + PrevVsn = ?DECRYPT(Db, LDocKey, erlfdb:wait(erlfdb:get(Tx, LDocKey))), {WasDeleted, PrevSize} = case PrevVsn of <<255, RevBin/binary>> -> case erlfdb_tuple:unpack(RevBin) of @@ -880,12 +880,12 @@ write_local_doc(#{} = Db0, Doc) -> erlfdb:clear(Tx, LDocKey), erlfdb:clear_range_startswith(Tx, BPrefix); false -> - erlfdb:set(Tx, LDocKey, aegis:encrypt(Db, LDocKey, LDocVal)), + erlfdb:set(Tx, LDocKey, ?ENCRYPT(Db, LDocKey, LDocVal)), % Make sure to clear the whole range, in case there was a larger % document body there before. erlfdb:clear_range_startswith(Tx, BPrefix), lists:foreach(fun({K, V}) -> - erlfdb:set(Tx, K, aegis:encrypt(Db, K, V)) + erlfdb:set(Tx, K, ?ENCRYPT(Db, K, V)) end, Rows) end, @@ -914,7 +914,7 @@ read_attachment(#{} = Db, DocId, AttId) -> not_found -> throw({not_found, missing}); KVs -> - {_, Chunks} = lists:unzip(aegis:decrypt(Db, KVs)), + {_, Chunks} = lists:unzip(?DECRYPT(Db, KVs)), iolist_to_binary(Chunks) end. @@ -929,11 +929,11 @@ write_attachment(#{} = Db, DocId, Data) when is_binary(Data) -> Chunks = chunkify_binary(Data), IdKey = erlfdb_tuple:pack({?DB_ATT_NAMES, DocId, AttId}, DbPrefix), - ok = erlfdb:set(Tx, IdKey, aegis:encrypt(Db, IdKey, <<>>)), + ok = erlfdb:set(Tx, IdKey, ?ENCRYPT(Db, IdKey, <<>>)), lists:foldl(fun(Chunk, ChunkId) -> AttKey = erlfdb_tuple:pack({?DB_ATTS, DocId, AttId, ChunkId}, DbPrefix), - ok = erlfdb:set(Tx, AttKey, aegis:encrypt(Db, AttKey, Chunk)), + ok = erlfdb:set(Tx, AttKey, ?ENCRYPT(Db, AttKey, Chunk)), ChunkId + 1 end, 0, Chunks), {ok, AttId}. |