cipherstash
diff --git a/‎src/blake3/functions.sql
+40 b/‎src/blake3/functions.sql
+40
diff --git a/‎src/blake3/types.sql
+4 b/‎src/blake3/types.sql
+4
diff --git a/‎src/common.sql
+48 b/‎src/common.sql
+48
diff --git a/‎src/encrypted/functions.sql
+12 b/‎src/encrypted/functions.sql
+12
diff --git a/‎src/jsonb/functions.sql
+64 b/‎src/jsonb/functions.sql
+64
diff --git a/‎src/match/functions_test.sql
+3 b/‎src/match/functions_test.sql
+3
diff --git a/‎src/operators/->.sql
+30-55 b/‎src/operators/->.sql
+30-55
diff --git a/‎src/operators/->>.sql
+26-19 b/‎src/operators/->>.sql
+26-19
@@ -0,0 +1,40 @@
+-- REQUIRE: src/schema.sql
+-- REQUIRE: src/mac/types.sql
+
+
+-- extracts ste_vec index from a jsonb value
+DROP FUNCTION IF EXISTS  eql_v1.blake3(val jsonb);
+
+-- extracts blake3 index from a jsonb value
+DROP FUNCTION IF EXISTS  eql_v1.blake3(val jsonb);
+
+CREATE FUNCTION eql_v1.blake3(val jsonb)
+  RETURNS eql_v1.blake3
+  IMMUTABLE STRICT PARALLEL SAFE
+AS $$
+	BEGIN
+
+    IF NOT (val ? 'b') NULL THEN
+        RAISE 'Expected a blake3 index (b) value in json: %', val;
+    END IF;
+
+    IF val->>'b' IS NULL THEN
+      RETURN NULL;
+    END IF;
+
+    RETURN val->>'b';
+  END;
+$$ LANGUAGE plpgsql;
+
+
+-- extracts blake3 index from an eql_v1_encrypted value
+DROP FUNCTION IF EXISTS  eql_v1.blake3(val eql_v1_encrypted);
+
+CREATE FUNCTION eql_v1.blake3(val eql_v1_encrypted)
+  RETURNS eql_v1.blake3
+  IMMUTABLE STRICT PARALLEL SAFE
+AS $$
+  BEGIN
+    RETURN (SELECT eql_v1.blake3(val.data));
+  END;
+$$ LANGUAGE plpgsql;
@@ -0,0 +1,4 @@
+-- REQUIRE: src/schema.sql
+
+DROP DOMAIN IF EXISTS eql_v1.blake3;
+CREATE DOMAIN eql_v1.blake3 AS text;
@@ -2,6 +2,54 @@
 -- REQUIRE: src/schema.sql
 
 
+-- Constant time comparison of 2 bytea values
+DROP FUNCTION IF EXISTS eql_v1.bytea_eq(a bytea, b bytea);
+
+CREATE FUNCTION eql_v1.bytea_eq(a bytea, b bytea) RETURNS boolean AS $$
+DECLARE
+    result boolean;
+    differing bytea;
+BEGIN
+
+    -- Check if the bytea values are the same length
+    IF LENGTH(a) != LENGTH(b) THEN
+        RETURN false;
+    END IF;
+
+    -- Compare each byte in the bytea values
+    result := true;
+    FOR i IN 1..LENGTH(a) LOOP
+        IF SUBSTRING(a FROM i FOR 1) != SUBSTRING(b FROM i FOR 1) THEN
+            result := result AND false;
+        END IF;
+    END LOOP;
+
+    RETURN result;
+END;
+$$ LANGUAGE plpgsql;
+
+
+DROP FUNCTION IF EXISTS eql_v1.jsonb_array_to_bytea_array(val jsonb);
+
+-- Casts a jsonb array of hex-encoded strings to an array of bytea.
+CREATE FUNCTION eql_v1.jsonb_array_to_bytea_array(val jsonb)
+RETURNS bytea[] AS $$
+DECLARE
+  terms_arr bytea[];
+BEGIN
+  IF jsonb_typeof(val) = 'null' THEN
+    RETURN NULL;
+  END IF;
+
+  SELECT array_agg(decode(value::text, 'hex')::bytea)
+    INTO terms_arr
+  FROM jsonb_array_elements_text(val) AS value;
+
+  RETURN terms_arr;
+END;
+$$ LANGUAGE plpgsql;
+
+
 
 --
 -- Convenience function to log a message
 
@@ -18,6 +18,18 @@ AS $$
   END;
 $$ LANGUAGE plpgsql;
 
+DROP FUNCTION IF EXISTS eql_v1.ciphertext(val eql_v1_encrypted);
+
+CREATE FUNCTION eql_v1.ciphertext(val eql_v1_encrypted)
+  RETURNS text
+  IMMUTABLE STRICT PARALLEL SAFE
+AS $$
+	BEGIN
+    RETURN eql_v1.ciphertext(val.data);
+  END;
+$$ LANGUAGE plpgsql;
+
+
 
 DROP FUNCTION IF EXISTS eql_v1.to_jsonb(val eql_v1_encrypted);
 
 
@@ -0,0 +1,64 @@
+-- REQUIRE: src/schema.sql
+-- REQUIRE: src/ore-cllw/types.sql
+
+
+--
+-- TODO not sure about the wrapping here
+--      should there be an error?
+CREATE FUNCTION eql_v1.ste_vec(val jsonb)
+  RETURNS jsonb
+  IMMUTABLE STRICT PARALLEL SAFE
+AS $$
+	BEGIN
+    IF val ? 'sv' THEN
+      RETURN val->'sv';
+    ELSE
+      RETURN jsonb_build_array(val);
+    END IF;
+    -- RAISE 'Expected a structured vec index (sv) value in json: %', val;
+  END;
+$$ LANGUAGE plpgsql;
+
+
+-- extracts ste_vec index from an eql_v1_encrypted value
+DROP FUNCTION IF EXISTS  eql_v1.ste_vec(val eql_v1_encrypted);
+
+CREATE FUNCTION eql_v1.ste_vec(val eql_v1_encrypted)
+  RETURNS jsonb
+  IMMUTABLE STRICT PARALLEL SAFE
+AS $$
+  BEGIN
+    RETURN (SELECT eql_v1.ste_vec(val.data));
+  END;
+$$ LANGUAGE plpgsql;
+
+
+
+
+DROP FUNCTION IF EXISTS  eql_v1.selector(val jsonb);
+
+CREATE FUNCTION eql_v1.selector(val jsonb)
+  RETURNS text
+  IMMUTABLE STRICT PARALLEL SAFE
+AS $$
+	BEGIN
+    IF val ? 's' THEN
+      RETURN val->>'s';
+    END IF;
+    RAISE 'Expected a selector index (s) value in json: %', val;
+  END;
+$$ LANGUAGE plpgsql;
+
+
+-- extracts ste_vec index from an eql_v1_encrypted value
+DROP FUNCTION IF EXISTS  eql_v1.selector(val eql_v1_encrypted);
+
+CREATE FUNCTION eql_v1.selector(val eql_v1_encrypted)
+  RETURNS text
+  IMMUTABLE STRICT PARALLEL SAFE
+AS $$
+  BEGIN
+    RETURN (SELECT eql_v1.selector(val.data));
+  END;
+$$ LANGUAGE plpgsql;
+
@@ -2,6 +2,9 @@
 
 DO $$
   BEGIN
+
+
+
     PERFORM assert_result(
         'Extract match index term from encrypted',
         'SELECT eql_v1.match(''{"m": []}''::jsonb)');
 
@@ -1,35 +1,48 @@
 
+-- REQUIRE: src/schema.sql
 -- REQUIRE: src/encrypted/types.sql
 -- REQUIRE: src/encrypted/functions.sql
 
 
-
+--
+-- The -> operator returns an encrypted matching the selector
+-- Encypted JSON is a StructredVec.
+-- The index term is an array of encrypteds each with ciphertext, selector and an ore cllw index term
+--   {
+--     "sv": [ {"c": "", "s": "", "oc": "" } ]
+--   }
+--
 DROP OPERATOR IF EXISTS -> (eql_v1_encrypted, text);
+
 DROP FUNCTION IF EXISTS eql_v1."->"(e eql_v1_encrypted, selector text);
 
---
--- Returns
---
 CREATE FUNCTION eql_v1."->"(e eql_v1_encrypted, selector text)
   RETURNS eql_v1_encrypted
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
-  -- DECLARE
-  --   j jsonb;
-  --   found: text;
-  --   ignored: text;
+  DECLARE
+    vec jsonb;
+    found text;
+    ignored text;
 	BEGIN
+   -- Parent StructuredVec data
+    vec := eql_v1.ste_vec(e.data);
 
-    -- j := e->'j';
-    -- PERFORM eql_v1.log(j);
+    RETURN (
+      SELECT ROW(elem)
+        FROM jsonb_array_elements(vec) AS elem
+        WHERE eql_v1.selector(elem) = selector
+        LIMIT 1
+    );
 
-    -- FOR i IN 1..jsonb_array_length(j, 1) LOOP
-    -- --     -- The ELSE part is to help ensure constant time operation.
-    -- --     -- The result is thrown away.
-    --     IF j[i]->'s' = selector THEN
-    --       found := j[i]->'c';
+    --
+    -- Constant time version
+    --
+    -- FOR i IN 0..jsonb_array_length(vec) LOOP
+    --     IF vec->i->>'s' = selector THEN
+    --       found := eql_v1.ciphertext(vec->i);
     --     ELSE
-    --       ignored := j[i]->'c';
+    --       ignored := eql_v1.ciphertext(vec->i);
     --     END IF;
     -- END LOOP;
 
@@ -39,52 +52,14 @@ AS $$
     --   RETURN NULL;
     -- END IF;
 
-    RETURN (
-      SELECT elem::eql_v1_encrypted
-        FROM jsonb_array_elements(e.data->'j') AS elem
-        WHERE elem->>'s' = selector
-        LIMIT 1
-    );
-
   END;
 $$ LANGUAGE plpgsql;
 
 
+
 CREATE OPERATOR ->(
   FUNCTION=eql_v1."->",
   LEFTARG=eql_v1_encrypted,
   RIGHTARG=text
 );
 
-
---   ste_vec_index := eql_v1.ste_vec(col);
-
---   IF ste_vec_index IS NULL THEN
---     RETURN NULL;
---   END IF;
-
---   target_selector := selector->>'svs';
-
---   FOR i IN 1..array_length(ste_vec_index.entries, 1) LOOP
---       -- The ELSE part is to help ensure constant time operation.
---       -- The result is thrown away.
---       IF ste_vec_index.entries[i].tokenized_selector = target_selector THEN
---         found := ste_vec_index.entries[i].ciphertext;
---       ELSE
---         ignored := ste_vec_index.entries[i].ciphertext;
---       END IF;
---   END LOOP;
-
---   IF found IS NOT NULL THEN
---     RETURN jsonb_build_object(
---       'k', 'ct',
---       'c', found,
---       'o', NULL,
---       'm', NULL,
---       'u', NULL,
---       'i', col->'i',
---       'v', 1
---     );
---   ELSE
---     RETURN NULL;
---   END IF;
@@ -1,8 +1,8 @@
+-- REQUIRE: src/schema.sql
 -- REQUIRE: src/encrypted/types.sql
 -- REQUIRE: src/encrypted/functions.sql
 
 
-
 DROP OPERATOR IF EXISTS ->> (eql_v1_encrypted, text);
 DROP FUNCTION IF EXISTS eql_v1."->>"(e eql_v1_encrypted, selector text);
 
@@ -11,22 +11,34 @@ CREATE FUNCTION eql_v1."->>"(e eql_v1_encrypted, selector text)
   IMMUTABLE STRICT PARALLEL SAFE
 AS $$
   DECLARE
-    j jsonb;
+    vec jsonb;
     found text;
     ignored text;
 	BEGIN
-    -- j := e.data->'j';
-    -- -- PERFORM eql_v1.log(j::text);
-    -- PERFORM eql_v1.log('jsonb_array_length(j)');
-    -- PERFORM eql_v1.log(jsonb_array_length(j)::text);
-
-    -- FOR i IN 0..jsonb_array_length(j) LOOP
-    --     -- The ELSE part is to help ensure constant time operation.
-    --     -- The result is thrown away.
-    --     IF j[i]->>'s' = selector THEN
-    --       found := eql_v1.ciphertext(j->i);
+   -- Parent StructuredVec data
+    vec := eql_v1.ste_vec(e.data);
+
+    -- IF e.data ? 'sv' THEN
+    -- vec := eql_v1.ste_vec(e.data);
+    -- ELSE
+    --   vec := jsonb_build_array(e.data);
+    -- END IF;
+
+    RETURN (
+      SELECT elem::text
+        FROM jsonb_array_elements(vec) AS elem
+        WHERE eql_v1.selector(elem) = selector
+        LIMIT 1
+    );
+
+    --
+    -- Constant time version
+    --
+    -- FOR i IN 0..jsonb_array_length(vec) LOOP
+    --     IF vec->i->>'s' = selector THEN
+    --       found := eql_v1.ciphertext(vec->i);
     --     ELSE
-    --       ignored := eql_v1.ciphertext(j->i);
+    --       ignored := eql_v1.ciphertext(vec->i);
     --     END IF;
     -- END LOOP;
 
@@ -35,12 +47,7 @@ AS $$
     -- ELSE
     --   RETURN NULL;
     -- END IF;
-    RETURN (
-      SELECT eql_v1.ciphertext(elem)
-        FROM jsonb_array_elements(e.data->'j') AS elem
-        WHERE elem->>'s' = selector
-        LIMIT 1
-    );
+
   END;
 $$ LANGUAGE plpgsql;