summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul J. Davis <paul.joseph.davis@gmail.com>2020-04-09 11:38:18 -0500
committerPaul J. Davis <paul.joseph.davis@gmail.com>2020-04-09 11:38:18 -0500
commit515cffa96a4b420c4647cdf4d70a2104c8fa7f70 (patch)
tree246e356ad7648aa7fd2c379574b255c4e7a767ea
parent30d09532eb68aa133c4b0175c78a78e07b52965a (diff)
downloadcouchdb-515cffa96a4b420c4647cdf4d70a2104c8fa7f70.tar.gz
Make crypto configurablearchive/davisp-aegisdavisp-aegis
-rwxr-xr-xconfigure1
-rw-r--r--src/couch/rebar.config.script11
-rw-r--r--src/couch_views/src/couch_views_fdb.erl14
-rw-r--r--src/fabric/include/fabric2.hrl15
-rw-r--r--src/fabric/src/fabric2_fdb.erl28
5 files changed, 47 insertions, 22 deletions
diff --git a/configure b/configure
index 38e62e317..150fcd499 100755
--- a/configure
+++ b/configure
@@ -241,6 +241,7 @@ cat > $rootdir/config.erl << EOF
{with_curl, $WITH_CURL}.
{with_proper, $WITH_PROPER}.
{erlang_md5, $ERLANG_MD5}.
+{crypto_module, "$CRYPTO_MODULE"}.
{spidermonkey_version, "$SM_VSN"}.
EOF
diff --git a/src/couch/rebar.config.script b/src/couch/rebar.config.script
index 91e24d99e..7aba7d9fd 100644
--- a/src/couch/rebar.config.script
+++ b/src/couch/rebar.config.script
@@ -92,6 +92,15 @@ MD5Config = case lists:keyfind(erlang_md5, 1, CouchConfig) of
[]
end,
+CryptoConfig = case lists:keyfind(crypto_module, 1, CouchConfig) of
+ {crypto_module, ""} ->
+ [];
+ {crypto_module, ModName} ->
+ [{d, 'CRYPTO_MODULE', list_to_atom(ModName)}];
+ _ ->
+ []
+end,
+
ProperConfig = case code:lib_dir(proper) of
{error, bad_name} -> [];
_ -> [{d, 'WITH_PROPER'}]
@@ -223,7 +232,7 @@ AddConfig = [
{d, 'COUCHDB_VERSION', Version},
{d, 'COUCHDB_GIT_SHA', GitSha},
{i, "../"}
- ] ++ MD5Config ++ ProperConfig},
+ ] ++ MD5Config ++ CryptoConfig ++ ProperConfig},
{port_env, PortEnvOverrides},
{eunit_compile_opts, PlatformDefines}
].
diff --git a/src/couch_views/src/couch_views_fdb.erl b/src/couch_views/src/couch_views_fdb.erl
index 3ee0cdb02..d8b1c8c7d 100644
--- a/src/couch_views/src/couch_views_fdb.erl
+++ b/src/couch_views/src/couch_views_fdb.erl
@@ -70,7 +70,7 @@ get_creation_vs(TxDb, Sig) ->
tx := Tx
} = TxDb,
Key = creation_vs_key(TxDb, Sig),
- case aegis:decrypt(TxDb, Key, erlfdb:wait(erlfdb:get(Tx, Key))) of
+ case ?DECRYPT(TxDb, Key, erlfdb:wait(erlfdb:get(Tx, Key))) of
not_found ->
not_found;
EK ->
@@ -87,7 +87,7 @@ get_build_status(TxDb, #mrst{sig = Sig}) ->
tx := Tx
} = TxDb,
Key = build_status_key(TxDb, Sig),
- aegis:decrypt(TxDb, Key, erlfdb:wait(erlfdb:get(Tx, Key))).
+ ?DECRYPT(TxDb, Key, erlfdb:wait(erlfdb:get(Tx, Key))).
set_build_status(TxDb, #mrst{sig = Sig}, State) ->
@@ -96,7 +96,7 @@ set_build_status(TxDb, #mrst{sig = Sig}, State) ->
} = TxDb,
Key = build_status_key(TxDb, Sig),
- ok = erlfdb:set(Tx, Key, aegis:encrypt(Db, Key, State)).
+ ok = erlfdb:set(Tx, Key, ?ENCRYPT(Db, Key, State)).
% View Build Sequence Access
@@ -110,7 +110,7 @@ get_update_seq(TxDb, #mrst{sig = Sig}) ->
} = TxDb,
Key = seq_key(DbPrefix, Sig),
- case aegis:decrypt(TxDb, Key, erlfdb:wait(erlfdb:get(Tx, Key))) of
+ case ?DECRYPT(TxDb, Key, erlfdb:wait(erlfdb:get(Tx, Key))) of
not_found -> <<>>;
UpdateSeq -> UpdateSeq
end.
@@ -122,7 +122,7 @@ set_update_seq(TxDb, Sig, Seq) ->
db_prefix := DbPrefix
} = TxDb,
Key = seq_key(DbPrefix, Sig),
- ok = erlfdb:set(Tx, Key, aegis:encrypt(TxDb, Key, Seq)).
+ ok = erlfdb:set(Tx, Key, ?ENCRYPT(TxDb, Key, Seq)).
get_row_count(TxDb, #mrst{sig = Sig}, ViewId) ->
@@ -285,7 +285,7 @@ update_id_idx(TxDb, Sig, ViewId, DocId, NewRows, KVSize) ->
Key = id_idx_key(DbPrefix, Sig, DocId, ViewId),
Val = couch_views_encoding:encode([length(NewRows), KVSize, Unique]),
- ok = erlfdb:set(Tx, Key, aegis:encrypt(TxDb, Key, Val)).
+ ok = erlfdb:set(Tx, Key, ?ENCRYPT(TxDb, Key, Val)).
update_map_idx(TxDb, Sig, ViewId, DocId, ExistingKeys, NewRows) ->
@@ -320,7 +320,7 @@ get_view_keys(TxDb, Sig, DocId) ->
erlfdb_tuple:unpack(K, DbPrefix),
[TotalKeys, TotalSize, UniqueKeys] = couch_views_encoding:decode(V),
{ViewId, TotalKeys, TotalSize, UniqueKeys}
- end, aegis:decrypt(TxDb, erlfdb:get_range(Tx, Start, End, []))).
+ end, ?CRYPTO:decrypt(TxDb, erlfdb:get_range(Tx, Start, End, []))).
update_row_count(TxDb, Sig, ViewId, Increment) ->
diff --git a/src/fabric/include/fabric2.hrl b/src/fabric/include/fabric2.hrl
index 0c0757567..6468ffb8d 100644
--- a/src/fabric/include/fabric2.hrl
+++ b/src/fabric/include/fabric2.hrl
@@ -42,6 +42,21 @@
-define(DB_SEARCH, 27).
+-ifdef(CRYPTO_MODULE).
+-define(?ENCRYPT_CREATE(Db), ?CRYPTO_MODULE:create(Db)).
+-define(?ENCRYPT_OPEN(Db), ?CRYPTO_MODULE:open(Db)).
+-define(?ENCRYPT(Db, Key, Value), ?CRYPTO_MODULE:encrypt(Db, Key, Value)).
+-define(?DECRYPT(Db, Key, Value), ?CRYPTO_MODULE:decrupt(Db, Key, Value)).
+-define(?DECRYPT(Db, Object), ?CRYPTO_MODULE:decrypt(Db, Object)).
+-else.
+-define(?ENCRYPT_CREATE(Db), Db).
+-define(?ENCRYPT_OPEN(Db), Db).
+-define(?ENCRYPT(Db, Key, Value), Value).
+-define(?DECRYPT(Db, Key, Value), Value).
+-define(?DECRYPT(Db, Object), Object).
+-endif.
+
+
% Versions
% 0 - Initial implementation
diff --git a/src/fabric/src/fabric2_fdb.erl b/src/fabric/src/fabric2_fdb.erl
index 9259d9c77..0586d653e 100644
--- a/src/fabric/src/fabric2_fdb.erl
+++ b/src/fabric/src/fabric2_fdb.erl
@@ -236,7 +236,7 @@ create(#{} = Db0, Options) ->
db_options => Options1
},
- aegis:create(Db2).
+ ?CRYPTO_CREATE(Db2).
open(#{} = Db0, Options) ->
@@ -281,7 +281,7 @@ open(#{} = Db0, Options) ->
},
Db3 = load_config(Db2),
- Db4 = aegis:open(Db3),
+ Db4 = ?CRYPTO_OPEN(Db3),
case {UUID, Db4} of
{undefined, _} -> ok;
@@ -545,7 +545,7 @@ get_all_revs(#{} = Db, DocId) ->
Key = erlfdb_tuple:unpack(K, DbPrefix),
Val = erlfdb_tuple:unpack(V),
fdb_to_revinfo(Key, Val)
- end, aegis:decrypt(Db, erlfdb:wait(Future)))
+ end, ?DECRYPT(Db, erlfdb:wait(Future)))
end).
@@ -596,7 +596,7 @@ get_non_deleted_rev(#{} = Db, DocId, RevId) ->
not_found ->
not_found;
Val ->
- Decrypted = aegis:decrypt(Db, Key, Value),
+ Decrypted = ?DECRYPT(Db, Key, Value),
fdb_to_revinfo(BaseKey, erlfdb_tuple:unpack(Decrypted))
end.
@@ -650,11 +650,11 @@ get_local_doc(#{} = Db0, <<?LOCAL_DOC_PREFIX, _/binary>> = DocId) ->
} = Db = ensure_current(Db0),
Key = erlfdb_tuple:pack({?DB_LOCAL_DOCS, DocId}, DbPrefix),
- Rev = aegis:decrypt(Db, Key, erlfdb:wait(erlfdb:get(Tx, Key))),
+ Rev = ?DECRYPT(Db, Key, erlfdb:wait(erlfdb:get(Tx, Key))),
Prefix = erlfdb_tuple:pack({?DB_LOCAL_DOC_BODIES, DocId}, DbPrefix),
Future = erlfdb:get_range_startswith(Tx, Prefix),
- {_, Chunks} = lists:unzip(aegis:decrypt(Db, erlfdb:wait(Future))),
+ {_, Chunks} = lists:unzip(?DECRYPT(Db, erlfdb:wait(Future))),
fdb_to_local_doc(Db, DocId, Rev, Chunks).
@@ -747,7 +747,7 @@ write_doc(#{} = Db0, Doc, NewWinner0, OldWinner, ToUpdate, ToRemove) ->
lists:foreach(fun(RI0) ->
RI = RI0#{winner := false},
{K, V, undefined} = revinfo_to_fdb(Tx, DbPrefix, DocId, RI),
- ok = erlfdb:set(Tx, K, aegis:encrypt(Db, K, V))
+ ok = erlfdb:set(Tx, K, ?ENCRYPT(Db, K, V))
end, ToUpdate),
lists:foreach(fun(RI0) ->
@@ -785,7 +785,7 @@ write_doc(#{} = Db0, Doc, NewWinner0, OldWinner, ToUpdate, ToRemove) ->
_ ->
ADKey = erlfdb_tuple:pack({?DB_ALL_DOCS, DocId}, DbPrefix),
ADVal = erlfdb_tuple:pack(NewRevId),
- ok = erlfdb:set(Tx, ADKey, aegis:encrypt(Db, ADKey, ADVal))
+ ok = erlfdb:set(Tx, ADKey, ?ENCRYPT(Db, ADKey, ADVal))
end,
% _changes
@@ -860,7 +860,7 @@ write_local_doc(#{} = Db0, Doc) ->
{LDocKey, LDocVal, NewSize, Rows} = local_doc_to_fdb(Db, Doc),
- PrevVsn = aegis:decrypt(Db, LDocKey, erlfdb:wait(erlfdb:get(Tx, LDocKey))),
+ PrevVsn = ?DECRYPT(Db, LDocKey, erlfdb:wait(erlfdb:get(Tx, LDocKey))),
{WasDeleted, PrevSize} = case PrevVsn of
<<255, RevBin/binary>> ->
case erlfdb_tuple:unpack(RevBin) of
@@ -880,12 +880,12 @@ write_local_doc(#{} = Db0, Doc) ->
erlfdb:clear(Tx, LDocKey),
erlfdb:clear_range_startswith(Tx, BPrefix);
false ->
- erlfdb:set(Tx, LDocKey, aegis:encrypt(Db, LDocKey, LDocVal)),
+ erlfdb:set(Tx, LDocKey, ?ENCRYPT(Db, LDocKey, LDocVal)),
% Make sure to clear the whole range, in case there was a larger
% document body there before.
erlfdb:clear_range_startswith(Tx, BPrefix),
lists:foreach(fun({K, V}) ->
- erlfdb:set(Tx, K, aegis:encrypt(Db, K, V))
+ erlfdb:set(Tx, K, ?ENCRYPT(Db, K, V))
end, Rows)
end,
@@ -914,7 +914,7 @@ read_attachment(#{} = Db, DocId, AttId) ->
not_found ->
throw({not_found, missing});
KVs ->
- {_, Chunks} = lists:unzip(aegis:decrypt(Db, KVs)),
+ {_, Chunks} = lists:unzip(?DECRYPT(Db, KVs)),
iolist_to_binary(Chunks)
end.
@@ -929,11 +929,11 @@ write_attachment(#{} = Db, DocId, Data) when is_binary(Data) ->
Chunks = chunkify_binary(Data),
IdKey = erlfdb_tuple:pack({?DB_ATT_NAMES, DocId, AttId}, DbPrefix),
- ok = erlfdb:set(Tx, IdKey, aegis:encrypt(Db, IdKey, <<>>)),
+ ok = erlfdb:set(Tx, IdKey, ?ENCRYPT(Db, IdKey, <<>>)),
lists:foldl(fun(Chunk, ChunkId) ->
AttKey = erlfdb_tuple:pack({?DB_ATTS, DocId, AttId, ChunkId}, DbPrefix),
- ok = erlfdb:set(Tx, AttKey, aegis:encrypt(Db, AttKey, Chunk)),
+ ok = erlfdb:set(Tx, AttKey, ?ENCRYPT(Db, AttKey, Chunk)),
ChunkId + 1
end, 0, Chunks),
{ok, AttId}.