cipherstash · fimac · Oct 18, 2024 · Oct 18, 2024
diff --git a/release/cipherstash-encrypt-dsl.sql b/release/cipherstash-encrypt-dsl.sql
@@ -14,6 +14,8 @@ DROP FUNCTION IF EXISTS cs_ore_64_8_v1_v0_0;
 
 DROP FUNCTION IF EXISTS _cs_text_to_ore_64_8_v1_term_v1_0;
 
+DROP FUNCTION IF EXISTS cs_check_encrypted_v1;
+
 DROP DOMAIN IF EXISTS cs_match_index_v1;
 DROP DOMAIN IF EXISTS cs_unique_index_v1;
 
@@ -38,21 +40,28 @@ BEGIN ATOMIC
   RETURN (val->>'k' = 'ct' AND val ? 'c') AND NOT val ? 'p';
 END;
 
+CREATE FUNCTION cs_check_encrypted_v1(val jsonb)
+  RETURNS BOOLEAN
+LANGUAGE sql IMMUTABLE STRICT PARALLEL SAFE
+BEGIN ATOMIC
+    RETURN (
+          -- version and source are required
+      val ?& array['v'] AND
+
+      -- table and column
+      val->'i' ?& array['t', 'c'] AND
+
+      -- plaintext or ciphertext for kind
+      _cs_encrypted_check_kind(val)
+    );
+END;
 
 -- drop and reset the check constraint
 ALTER DOMAIN cs_encrypted_v1 DROP CONSTRAINT IF EXISTS cs_encrypted_v1_check;
 
 ALTER DOMAIN cs_encrypted_v1
   ADD CONSTRAINT cs_encrypted_v1_check CHECK (
-    -- version and source are required
-    VALUE ?& array['v'] AND
-
-    -- table and column
-    VALUE->'i' ?& array['t', 'c'] AND
-
-    -- plaintext or ciphertext for kind
-    _cs_encrypted_check_kind(VALUE)
-
+   cs_check_encrypted_v1(VALUE)
 );
 
 CREATE OR REPLACE FUNCTION cs_ciphertext_v1_v0_0(col jsonb)

diff --git a/sql/dsl-core.sql b/sql/dsl-core.sql
@@ -14,6 +14,8 @@ DROP FUNCTION IF EXISTS cs_ore_64_8_v1_v0_0;
 
 DROP FUNCTION IF EXISTS _cs_text_to_ore_64_8_v1_term_v1_0;
 
+DROP FUNCTION IF EXISTS cs_check_encrypted_v1;
+
 DROP DOMAIN IF EXISTS cs_match_index_v1;
 DROP DOMAIN IF EXISTS cs_unique_index_v1;
 
@@ -38,21 +40,28 @@ BEGIN ATOMIC
   RETURN (val->>'k' = 'ct' AND val ? 'c') AND NOT val ? 'p';
 END;
 
+CREATE FUNCTION cs_check_encrypted_v1(val jsonb)
+  RETURNS BOOLEAN
+LANGUAGE sql IMMUTABLE STRICT PARALLEL SAFE
+BEGIN ATOMIC
+    RETURN (
+          -- version and source are required
+      val ?& array['v'] AND
+
+      -- table and column
+      val->'i' ?& array['t', 'c'] AND
+
+      -- plaintext or ciphertext for kind
+      _cs_encrypted_check_kind(val)
+    );
+END;
 
 -- drop and reset the check constraint
 ALTER DOMAIN cs_encrypted_v1 DROP CONSTRAINT IF EXISTS cs_encrypted_v1_check;
 
 ALTER DOMAIN cs_encrypted_v1
   ADD CONSTRAINT cs_encrypted_v1_check CHECK (
-    -- version and source are required
-    VALUE ?& array['v'] AND
-
-    -- table and column
-    VALUE->'i' ?& array['t', 'c'] AND
-
-    -- plaintext or ciphertext for kind
-    _cs_encrypted_check_kind(VALUE)
-
+   cs_check_encrypted_v1(VALUE)
 );
 
 CREATE OR REPLACE FUNCTION cs_ciphertext_v1_v0_0(col jsonb)