noth/surrealpatch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add global datastore encryption

Browse source
This commit is contained in:
Tobie Morgan Hitchcock 2016-07-18 23:00:01 +01:00
parent fd09bebedc
commit e1f1031cc7
9 changed files with 54 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
kvs/boltdb/ds.go
View file

@ -22,6 +22,7 @@ import (
type DS struct {
db *bolt.DB
ck []byte
}
func (ds *DS) Txn(writable bool) (txn kvs.TX, err error) {

2
kvs/boltdb/main.go
View file

@ -42,6 +42,6 @@ func New(opts *cnf.Options) (ds kvs.DS, err error) {
return nil
})
return &DS{db: db}, err
return &DS{db: db, ck: opts.DB.Key}, err
}

16
kvs/boltdb/tx.go
View file

@ -158,6 +158,11 @@ func (tx *TX) Put(key, val []byte) (err error) {
return
}
if val, err = cryp.Encrypt(tx.ds.ck, val); err != nil {
err = &kvs.CKError{err}
return
}
if val, err = cryp.Encrypt(tx.ck, val); err != nil {
err = &kvs.CKError{err}
return
@ -195,6 +200,11 @@ func (tx *TX) CPut(key, val, exp []byte) (err error) {
return
}
if val, err = cryp.Encrypt(tx.ds.ck, val); err != nil {
err = &kvs.CKError{err}
return
}
if val, err = cryp.Encrypt(tx.ck, val); err != nil {
err = &kvs.CKError{err}
return
@ -355,6 +365,12 @@ func get(tx *TX, key, val []byte) (kv *KV, err error) {
return
}
kv.val, err = cryp.Decrypt(tx.ds.ck, kv.val)
if err != nil {
err = &kvs.CKError{err}
return
}
kv.val, err = snap.Decode(kv.val)
if err != nil {
err = &kvs.DBError{err}

1
kvs/mysql/ds.go
View file

@ -22,6 +22,7 @@ import (
type DS struct {
db *sql.DB
ck []byte
}
func (ds *DS) Txn(writable bool) (txn kvs.TX, err error) {

2
kvs/mysql/main.go
View file

@ -36,6 +36,6 @@ func New(opts *cnf.Options) (ds kvs.DS, err error) {
db, err = sql.Open("mysql", path)
return &DS{db: db}, err
return &DS{db: db, ck: opts.DB.Key}, err
}

16
kvs/mysql/tx.go
View file

@ -186,6 +186,11 @@ func (tx *TX) Put(key, val []byte) (err error) {
return
}
if val, err = cryp.Encrypt(tx.ds.ck, val); err != nil {
err = &kvs.CKError{err}
return
}
if val, err = cryp.Encrypt(tx.ck, val); err != nil {
err = &kvs.CKError{err}
return
@ -218,6 +223,11 @@ func (tx *TX) CPut(key, val, exp []byte) (err error) {
return
}
if val, err = cryp.Encrypt(tx.ds.ck, val); err != nil {
err = &kvs.CKError{err}
return
}
if val, err = cryp.Encrypt(tx.ck, val); err != nil {
err = &kvs.CKError{err}
return
@ -336,6 +346,12 @@ func get(tx *TX, key, val []byte) (kv *KV, err error) {
return
}
kv.val, err = cryp.Decrypt(tx.ds.ck, kv.val)
if err != nil {
err = &kvs.CKError{err}
return
}
kv.val, err = snap.Decode(kv.val)
if err != nil {
err = &kvs.DBError{err}

1
kvs/pgsql/ds.go
View file

@ -22,6 +22,7 @@ import (
type DS struct {
db *sql.DB
ck []byte
}
func (ds *DS) Txn(writable bool) (txn kvs.TX, err error) {

2
kvs/pgsql/main.go
View file

@ -36,6 +36,6 @@ func New(opts *cnf.Options) (ds kvs.DS, err error) {
db, err = sql.Open("postgres", path)
return &DS{db: db}, err
return &DS{db: db, ck: opts.DB.Key}, err
}

16
kvs/pgsql/tx.go
View file

@ -186,6 +186,11 @@ func (tx *TX) Put(key, val []byte) (err error) {
return
}
if val, err = cryp.Encrypt(tx.ds.ck, val); err != nil {
err = &kvs.CKError{err}
return
}
if val, err = cryp.Encrypt(tx.ck, val); err != nil {
err = &kvs.CKError{err}
return
@ -218,6 +223,11 @@ func (tx *TX) CPut(key, val, exp []byte) (err error) {
return
}
if val, err = cryp.Encrypt(tx.ds.ck, val); err != nil {
err = &kvs.CKError{err}
return
}
if val, err = cryp.Encrypt(tx.ck, val); err != nil {
err = &kvs.CKError{err}
return
@ -336,6 +346,12 @@ func get(tx *TX, key, val []byte) (kv *KV, err error) {
return
}
kv.val, err = cryp.Decrypt(tx.ds.ck, kv.val)
if err != nil {
err = &kvs.CKError{err}
return
}
kv.val, err = snap.Decode(kv.val)
if err != nil {
err = &kvs.DBError{err}