Merge pull request #35 from ccfelius/vectorized

Fixed iv with duckdb rand func and seed for reproducability

src/core/functions/scalar/encrypt_vectorized.cpp

@@ -29,17 +29,20 @@ namespace simple_encryption {
 
 namespace core {
 
-uint8_t MaskCipher(uint8_t cipher, uint64_t *plaintext_bytes){
-  // todo; insert nullability
+uint8_t MaskCipher(uint8_t cipher, uint64_t *plaintext_bytes, bool is_null){
     const uint64_t prime = 10251357202697351;
     auto random_val = *plaintext_bytes * prime;
 
     // mask the first 8 bits by shifting and cast to uint8_t
     uint8_t masked_cipher = static_cast<uint8_t>((random_val) >> 56);
-    uint8_t result = cipher ^ masked_cipher;
 
-    // return XOR'ed cipher
-    return result;
+    if (is_null) {
+      cipher |= 0x80;  // set first bit to 1
+    } else {
+      cipher &= 0x7F;  // Clear the first bit
+    }
+
+    return cipher ^ masked_cipher;
 }
 
 LogicalType CreateEncryptionStruct() {
@@ -91,8 +94,8 @@ void EncryptVectorized(T *input_vector, uint64_t size, ExpressionState &state, V
   auto cipher_vec_data = FlatVector::GetData<uint8_t>(*cipher_vec);
 
   // set nonce
-  nonce_hi_data[0] = 999;
-  nonce_lo_data[0] = 111;
+  nonce_hi_data[0] = vcrypt_state->iv[0];
+  nonce_lo_data[0] = vcrypt_state->iv[1];
 
   // result vector is a dict vector containing encrypted data
   auto &blob = children[4];
@@ -110,7 +113,6 @@ void EncryptVectorized(T *input_vector, uint64_t size, ExpressionState &state, V
       reinterpret_cast<const_data_ptr_t>(vcrypt_state->iv), 16, key);
 
   // todo; create separate function for strings
-  // we encrypt the whole vector in once
   auto to_process = size;
   auto total_size = sizeof(T) * size;
   uint32_t batch_size;
@@ -163,8 +165,8 @@ void EncryptVectorized(T *input_vector, uint64_t size, ExpressionState &state, V
       blob_sel.set_index(index, batch_nr);
       // cipher contains the (masked) position in the block
       // to calculate the offset: plain_cipher * sizeof(T)
-      // todo; nullable
-      cipher_vec_data[index] = MaskCipher(j, &plaintext_bytes);
+      // todo; fix the is_null
+      cipher_vec_data[index] = MaskCipher(j, &plaintext_bytes, false);
       // counter is used to identify the delta of the nonce
       counter_vec_data[index] = batch_nr;
 

src/include/simple_encryption_state.hpp

@@ -2,6 +2,7 @@
 
 #include "duckdb.hpp"
 #include "duckdb/common/encryption_state.hpp"
+#include "duckdb/common/random_engine.hpp"
 
 namespace duckdb {
 

src/simple_encryption_state.cpp

@@ -19,6 +19,10 @@ shared_ptr<EncryptionUtil> GetEncryptionUtil(ClientContext &context_p) {
   }
 }
 
+uint32_t GenerateRandom(RandomEngine *engine) {
+  return engine->NextRandomInteger();
+}
+
 SimpleEncryptionState::SimpleEncryptionState(shared_ptr<ClientContext> context)
     : context_p(context) {
 
@@ -28,15 +32,15 @@ SimpleEncryptionState::SimpleEncryptionState(shared_ptr<ClientContext> context)
   // set pointer to encryption primitives (mbedtls or openssl)
   encryption_state = GetEncryptionUtil(*new_conn)->CreateEncryptionState();
 
-  // allocate encryption buffer
-  // maybe do this in a better way (i.e. use buffer manager?)
-  // do this in local state and resize etc.
-  buffer_p = static_cast<uint8_t *>(duckdb_malloc(MAX_BUFFER_SIZE));
+  // initialize IV with random data
+  // for now, fixed seed
+  RandomEngine random_engine(1);
 
-  // clear the iv
-  iv[0] = iv[1] = 0;
+  iv[0] = (static_cast<uint64_t>(GenerateRandom(&random_engine)) << 32) | GenerateRandom(&random_engine);
+  iv[1] = GenerateRandom(&random_engine);
 
   // Create a new table containing encryption metadata (nonce, tag)
+  // this is used for later
   auto query = new_conn->Query(
       "CREATE TABLE IF NOT EXISTS __simple_encryption_internal ("
       "nonce VARCHAR, "