libmongocrypt-helper 1.11.0.0.1001 → 1.13.2.0.1001

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (598) hide show
  1. checksums.yaml +4 -4
  2. data/ext/libmongocrypt/libmongocrypt/CHANGELOG.md +27 -1
  3. data/ext/libmongocrypt/libmongocrypt/CMakeLists.txt +13 -2
  4. data/ext/libmongocrypt/libmongocrypt/CODEOWNERS +1 -7
  5. data/ext/libmongocrypt/libmongocrypt/CONTRIBUTING.md +14 -0
  6. data/ext/libmongocrypt/libmongocrypt/Earthfile +49 -50
  7. data/ext/libmongocrypt/libmongocrypt/README.md +39 -23
  8. data/ext/libmongocrypt/libmongocrypt/bindings/cs/README.md +4 -67
  9. data/ext/libmongocrypt/libmongocrypt/bindings/python/CHANGELOG.rst +14 -1
  10. data/ext/libmongocrypt/libmongocrypt/bindings/python/README.rst +1 -1
  11. data/ext/libmongocrypt/libmongocrypt/bindings/python/libmongocrypt-version.txt +1 -1
  12. data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/state_machine.py +1 -1
  13. data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binding.py +39 -7
  14. data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/mongocrypt.py +32 -0
  15. data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/version.py +1 -1
  16. data/ext/libmongocrypt/libmongocrypt/bindings/python/pyproject.toml +1 -0
  17. data/ext/libmongocrypt/libmongocrypt/bindings/python/release.sh +1 -1
  18. data/ext/libmongocrypt/libmongocrypt/bindings/python/sbom.json +10 -9
  19. data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/compact/success/encrypted-field-config-map.json +0 -1
  20. data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/encrypted-field-config-map.json +0 -2
  21. data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_mongocrypt.py +13 -12
  22. data/ext/libmongocrypt/libmongocrypt/cmake/FetchMongoC.cmake +4 -2
  23. data/ext/libmongocrypt/libmongocrypt/cmake/ImportBSON.cmake +1 -1
  24. data/ext/libmongocrypt/libmongocrypt/doc/releasing.md +37 -40
  25. data/ext/libmongocrypt/libmongocrypt/etc/cyclonedx.sbom.json +10 -9
  26. data/ext/libmongocrypt/libmongocrypt/etc/format.sh +0 -2
  27. data/ext/libmongocrypt/libmongocrypt/etc/libbson-remove-GCC-diagnostic-in-functions.patch +158 -0
  28. data/ext/libmongocrypt/libmongocrypt/etc/libbson-remove-GCC-diagnostic-pragma.patch +3 -3
  29. data/ext/libmongocrypt/libmongocrypt/etc/purls.txt +1 -1
  30. data/ext/libmongocrypt/libmongocrypt/integrating.md +51 -13
  31. data/ext/libmongocrypt/libmongocrypt/kms-message/README.md +1 -1
  32. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_crypto_windows.c +2 -2
  33. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message/kms_response_parser.h +3 -0
  34. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message.c +1 -1
  35. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message_private.h +2 -2
  36. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request.c +3 -3
  37. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_response_parser.c +8 -0
  38. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kmip_reader_writer.c +5 -5
  39. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_assert.h +25 -8
  40. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_azure_online.c +2 -2
  41. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_gcp_online.c +3 -3
  42. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_request.c +12 -10
  43. data/ext/libmongocrypt/libmongocrypt/src/mc-cmp-private.h +137 -0
  44. data/ext/libmongocrypt/libmongocrypt/src/mc-efc-private.h +5 -0
  45. data/ext/libmongocrypt/libmongocrypt/src/mc-efc.c +35 -1
  46. data/ext/libmongocrypt/libmongocrypt/src/mc-fle-blob-subtype-private.h +5 -2
  47. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder-private.h +99 -0
  48. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder.c +226 -2
  49. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-v2.c +0 -1
  50. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload.c +0 -1
  51. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private-v2.h +5 -0
  52. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private-v2.h +39 -0
  53. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-v2.c +165 -1
  54. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload.c +0 -1
  55. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-private-v2.h +183 -60
  56. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-v2.c +498 -115
  57. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds-private.h +10 -0
  58. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-tag-and-encrypted-metadata-block-private.h +49 -0
  59. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-tag-and-encrypted-metadata-block.c +98 -0
  60. data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation.c +3 -2
  61. data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding.c +2 -1
  62. data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-generator.template.h +2 -2
  63. data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover.c +1 -0
  64. data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts-private.h +6 -1
  65. data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts.c +2 -1
  66. data/ext/libmongocrypt/libmongocrypt/src/mc-schema-broker-private.h +126 -0
  67. data/ext/libmongocrypt/libmongocrypt/src/mc-schema-broker.c +1075 -0
  68. data/ext/libmongocrypt/libmongocrypt/src/mc-str-encode-string-sets-private.h +95 -0
  69. data/ext/libmongocrypt/libmongocrypt/src/mc-str-encode-string-sets.c +304 -0
  70. data/ext/libmongocrypt/libmongocrypt/src/mc-text-search-str-encode-private.h +45 -0
  71. data/ext/libmongocrypt/libmongocrypt/src/mc-text-search-str-encode.c +248 -0
  72. data/ext/libmongocrypt/libmongocrypt/src/mc-tokens-private.h +112 -2
  73. data/ext/libmongocrypt/libmongocrypt/src/mc-tokens.c +166 -2
  74. data/ext/libmongocrypt/libmongocrypt/src/mlib/windows-lean.h +2 -0
  75. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer-private.h +11 -0
  76. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer.c +36 -3
  77. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-collinfo.c +1 -1
  78. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-key.c +1 -1
  79. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-private.h +2 -2
  80. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache.c +1 -1
  81. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ciphertext.c +1 -1
  82. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-datakey.c +2 -1
  83. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-decrypt.c +8 -4
  84. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-encrypt.c +429 -858
  85. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-private.h +55 -19
  86. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx.c +13 -10
  87. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker.c +15 -0
  88. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-private.h +9 -0
  89. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key.c +6 -2
  90. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx-private.h +6 -0
  91. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx.c +174 -0
  92. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-log.c +0 -1
  93. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking-private.h +4 -0
  94. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking.c +518 -524
  95. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts-private.h +0 -4
  96. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts.c +1 -1
  97. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-private.h +8 -12
  98. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-traverse-util.c +1 -1
  99. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-util.c +3 -1
  100. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.c +25 -9
  101. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.h +65 -6
  102. data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_dll.c +3 -1
  103. data/ext/libmongocrypt/libmongocrypt/src/unicode/case-fold-map.c +1434 -0
  104. data/ext/libmongocrypt/libmongocrypt/src/unicode/diacritic-fold-map.c +2884 -0
  105. data/ext/libmongocrypt/libmongocrypt/src/unicode/fold.c +139 -0
  106. data/ext/libmongocrypt/libmongocrypt/src/unicode/fold.h +58 -0
  107. data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/payload.json +2 -2
  108. data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/missing-key-id/collinfo.json +1 -0
  109. data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/no-fields/collinfo.json +1 -0
  110. data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/collinfo.json +1 -0
  111. data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/collinfo.json +1 -1
  112. data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/encrypted-payload-range-v2.json +20 -21
  113. data/ext/libmongocrypt/libmongocrypt/test/data/compact/missing-key-id/collinfo.json +2 -2
  114. data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-fields/collinfo.json +1 -1
  115. data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/collinfo.json +1 -1
  116. data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/collinfo.json +1 -1
  117. data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-field-config-map.json +0 -1
  118. data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload-range-v2.json +20 -21
  119. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/cmd-to-mongocryptd.json +1 -2
  120. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/collinfo.json +2 -2
  121. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/encrypted-payload.json +2 -3
  122. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/mongocryptd-reply.json +1 -2
  123. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/cmd-to-mongocryptd.json +1 -2
  124. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/collinfo.json +2 -2
  125. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/encrypted-payload.json +2 -3
  126. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/mongocryptd-reply.json +1 -2
  127. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/cmd-to-mongocryptd.json +1 -2
  128. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/collinfo.json +2 -2
  129. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/mongocryptd-reply.json +1 -2
  130. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_fle1/collinfo.json +2 -1
  131. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-extraField.json +0 -1
  132. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-missingKeyId.json +0 -1
  133. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField-badVersionSet.json +23 -0
  134. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField-goodVersionSet.json +23 -0
  135. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField.json +0 -1
  136. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields-badVersionSet.json +48 -0
  137. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields-goodVersionSet.json +48 -0
  138. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields.json +47 -0
  139. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-twoFields.json +0 -1
  140. data/ext/libmongocrypt/libmongocrypt/test/data/encrypted-field-config-map.json +1 -3
  141. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1DeterministicEncryptedValue.json +8 -0
  142. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1EncryptionPlaceholder.json +8 -0
  143. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1RandomEncryptedValue.json +8 -0
  144. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2EncryptionPlaceholder.json +8 -0
  145. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2EqualityIndexedValueV2.json +8 -0
  146. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2FindEqualityPayloadV2.json +8 -0
  147. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedEqualityEncryptedValue.json +8 -0
  148. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedEqualityEncryptedValueV2.json +8 -0
  149. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedRangeEncryptedValue.json +8 -0
  150. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedRangeEncryptedValueV2.json +8 -0
  151. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayload-with-edges-V2.json +8 -0
  152. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayload-with-edges.json +8 -0
  153. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-explicit/insert-indexed.json → explicit-decrypt/FLE2InsertUpdatePayload.json} +1 -1
  154. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayloadV2.json +8 -0
  155. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2RangeIndexedValueV2.json +8 -0
  156. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2UnindexedEncryptedValue.json +8 -0
  157. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2UnindexedEncryptedValueV2.json +8 -0
  158. data/ext/libmongocrypt/libmongocrypt/test/data/find-with-encryptionInformation.json +0 -1
  159. data/ext/libmongocrypt/libmongocrypt/test/data/fle1-explain/with-csfle/collinfo.json +2 -1
  160. data/ext/libmongocrypt/libmongocrypt/test/data/fle1-explain/with-mongocryptd/collinfo.json +2 -1
  161. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-collinfo.json +26 -0
  162. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd-mongocryptd-reply.json +51 -0
  163. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd-to-mongocryptd.json +45 -0
  164. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd.json +18 -0
  165. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/int32/encrypted-field-map.json → fle2-bad-str-encode-version/bad-encrypted-field-config-map.json} +7 -12
  166. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-bad-str-encode-version}/encrypted-payload.json +4 -4
  167. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/cmd-to-mongocryptd.json +1 -2
  168. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/encrypted-field-config-map.json +1 -2
  169. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/cmd-to-mongocryptd.json +44 -0
  170. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/cmd.json +17 -0
  171. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-equality/encrypted-field-map.json → fle2-create-encrypted-collection/encrypted-field-config-map.json} +9 -8
  172. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/encrypted-payload.json +17 -0
  173. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/mongocryptd-reply.json +50 -0
  174. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/cmd-to-mongocryptd.json +45 -0
  175. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/mongocryptd-reply.json +51 -0
  176. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json +46 -0
  177. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd.json +18 -0
  178. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json +25 -0
  179. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-payload.json +18 -0
  180. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json +52 -0
  181. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/collinfo.json +1 -1
  182. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-field-config-map.json +0 -1
  183. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-payload-v2.json +57 -59
  184. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/mongocryptd-reply.json +63 -64
  185. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/collinfo.json +1 -1
  186. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-field-config-map.json +0 -1
  187. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-payload-v2.json +64 -66
  188. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/mongocryptd-reply.json +69 -70
  189. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/collinfo.json +1 -1
  190. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/encrypted-payload.json +1 -2
  191. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/cmd-to-mongocryptd.json +1 -2
  192. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/collinfo.json +2 -2
  193. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/encrypted-payload.json +2 -3
  194. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/mongocryptd-reply.json +1 -2
  195. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/cmd-to-mongocryptd.json +0 -1
  196. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/cmd-to-mongod.json +0 -1
  197. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/reply-from-mongocryptd.json +0 -1
  198. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/encrypted-field-map.json +0 -1
  199. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/cmd.json +9 -0
  200. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/double → fle2-insert-text-search}/encrypted-field-map.json +10 -9
  201. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/encrypted-payload.json +47 -0
  202. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/mongocryptd-reply.json +55 -0
  203. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/date → fle2-insert-text-search-with-str-encode-version}/encrypted-field-map.json +12 -10
  204. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search-with-str-encode-version/encrypted-payload.json +47 -0
  205. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search-with-str-encode-version/mongocryptd-reply.json +55 -0
  206. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-v2-with-str-encode-version/cmd.json +9 -0
  207. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-v2-with-str-encode-version}/encrypted-field-map.json +2 -2
  208. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-v2-with-str-encode-version/encrypted-payload.json +40 -0
  209. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-v2-with-str-encode-version}/mongocryptd-reply.json +2 -2
  210. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/cmd-to-mongocryptd.json +55 -0
  211. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/cmd.json +22 -0
  212. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/encrypted-field-config-map.json +29 -0
  213. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/encrypted-payload.json +23 -0
  214. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/mongocryptd-reply.json +61 -0
  215. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json +56 -0
  216. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd.json +23 -0
  217. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json +30 -0
  218. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-payload.json +23 -0
  219. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json +62 -0
  220. data/ext/libmongocrypt/libmongocrypt/test/data/iev-v2/FLECrudTest-insertOneRangeV2.json +9 -1
  221. data/ext/libmongocrypt/libmongocrypt/test/data/iev-v2/FLECrudTest-insertOneText.json +20 -0
  222. data/ext/libmongocrypt/libmongocrypt/test/data/iev-v2/FLECrudTest-insertOneTextLarge.json +930 -0
  223. data/ext/libmongocrypt/libmongocrypt/test/data/iev-v2/FLECrudTest-insertOneV2.json +1 -0
  224. data/ext/libmongocrypt/libmongocrypt/test/data/kms-tests.json +4 -4
  225. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/cmd-to-mongocryptd.json +60 -0
  226. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/cmd.json +14 -0
  227. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/collInfo-c1.json +39 -0
  228. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/collInfo-c2.json +39 -0
  229. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-facet/cmd.json +20 -0
  230. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-mismatch/cmd.json +14 -0
  231. data/ext/libmongocrypt/libmongocrypt/{bindings/cs/MongoDB.Libmongocrypt.Test/test/example/collection-info.json → test/data/lookup/csfle-mismatch/collInfo-c1.json} +12 -10
  232. data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/src/test/resources/collection-info.json → test/data/lookup/csfle-mismatch/collInfo-c3.json} +13 -11
  233. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-nested/cmd.json +24 -0
  234. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/cmd-to-mongocryptd.json +60 -0
  235. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/cmd.json +14 -0
  236. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/schemaMap.json +40 -0
  237. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/cmd-to-mongocryptd.json +60 -0
  238. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/cmd.json +14 -0
  239. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/collInfo-c1.json +39 -0
  240. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/schemaMap.json +21 -0
  241. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/cmd-to-mongocryptd.json +34 -0
  242. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/cmd.json +14 -0
  243. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/collInfo-c1.json +39 -0
  244. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/cmd-to-mongocryptd.json +49 -0
  245. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/cmd.json +14 -0
  246. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/collInfo-c1.json +39 -0
  247. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/collInfo-c2.json +29 -0
  248. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/reply-from-mongocryptd.json +18 -0
  249. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-unionWith/cmd.json +21 -0
  250. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/cmd.json +14 -0
  251. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/collInfo-c1.json +39 -0
  252. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/collInfo-v1.json +11 -0
  253. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd-to-mongocryptd.json +65 -0
  254. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd-to-mongod.json +26 -0
  255. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd.json +19 -0
  256. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/collInfo-c1.json +39 -0
  257. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/collInfo-c2.json +39 -0
  258. data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/src/test/resources/keys/ABCDEFAB123498761234123456789012-local-document.json → test/data/lookup/mixed/csfle/csfle/key-doc.json} +4 -4
  259. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/reply-from-mongocryptd.json +33 -0
  260. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd-to-mongocryptd.json +47 -0
  261. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd-to-mongod.json +26 -0
  262. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd.json +19 -0
  263. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/collInfo-c1.json +39 -0
  264. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/collInfo-c2.json +17 -0
  265. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/key-doc.json +30 -0
  266. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/reply-from-mongocryptd.json +33 -0
  267. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/cmd-to-mongocryptd.json +70 -0
  268. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/cmd.json +19 -0
  269. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/collInfo-c1.json +39 -0
  270. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/collInfo-c2.json +42 -0
  271. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd-to-mongocryptd.json +47 -0
  272. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd-to-mongod.json +26 -0
  273. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd.json +19 -0
  274. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/collInfo-c1.json +17 -0
  275. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/collInfo-c2.json +39 -0
  276. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/key-doc.json +30 -0
  277. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/reply-from-mongocryptd.json +33 -0
  278. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd-to-mongocryptd.json +29 -0
  279. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd-to-mongod.json +19 -0
  280. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd.json +19 -0
  281. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/collInfo-c1.json +17 -0
  282. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/collInfo-c2.json +17 -0
  283. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/reply-from-mongocryptd.json +26 -0
  284. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd-to-mongocryptd.json +53 -0
  285. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd-to-mongod.json +58 -0
  286. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd.json +19 -0
  287. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/collInfo-c1.json +17 -0
  288. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/collInfo-c2.json +42 -0
  289. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/key-doc.json +30 -0
  290. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/reply-from-mongocryptd.json +65 -0
  291. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/cmd-to-mongocryptd.json +70 -0
  292. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/cmd.json +19 -0
  293. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/collInfo-c1.json +42 -0
  294. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/collInfo-c2.json +39 -0
  295. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd-to-mongocryptd.json +53 -0
  296. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd-to-mongod.json +56 -0
  297. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd.json +19 -0
  298. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/collInfo-c1.json +42 -0
  299. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/collInfo-c2.json +17 -0
  300. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/key-doc.json +30 -0
  301. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/reply-from-mongocryptd.json +63 -0
  302. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd-to-mongocryptd.json +66 -0
  303. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd-to-mongod.json +71 -0
  304. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd.json +19 -0
  305. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/collInfo-c1.json +42 -0
  306. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/collInfo-c2.json +42 -0
  307. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/key-doc.json +30 -0
  308. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/reply-from-mongocryptd.json +78 -0
  309. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd-to-mongocryptd.json +61 -0
  310. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd-to-mongod.json +14 -0
  311. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd.json +14 -0
  312. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/collInfo-c1.json +42 -0
  313. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/collInfo-c2.json +42 -0
  314. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/reply-from-mongocryptd.json +68 -0
  315. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd-to-mongocryptd.json +66 -0
  316. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd-to-mongod.json +71 -0
  317. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd.json +19 -0
  318. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/collInfo-c1.json +42 -0
  319. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert-unindexed/encrypted-field-map.json → lookup/qe-encryptedFieldsMap/encryptedFieldsMap.json} +6 -7
  320. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/key-doc.json +30 -0
  321. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/reply-from-mongocryptd.json +78 -0
  322. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd-to-mongocryptd.json +46 -0
  323. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd-to-mongod.json +53 -0
  324. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd.json +19 -0
  325. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/collInfo-c1.json +42 -0
  326. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/key-doc.json +30 -0
  327. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/reply-from-mongocryptd.json +58 -0
  328. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd-to-mongocryptd.json +66 -0
  329. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd-to-mongod.json +75 -0
  330. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd.json +19 -0
  331. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/collInfo-c1.json +42 -0
  332. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/collInfo-c2.json +42 -0
  333. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/key-doc.json +30 -0
  334. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/reply-from-mongocryptd.json +78 -0
  335. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-create/mongocryptd-ismaster.json → mongocryptd-ismaster-17.json} +1 -1
  336. data/ext/libmongocrypt/libmongocrypt/test/data/mongocryptd-ismaster-26.json +12 -0
  337. data/ext/libmongocrypt/libmongocrypt/test/data/multikey/command.json +7 -0
  338. data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/src/test/resources/key-document.json → test/data/multikey/key-document-a.json} +18 -19
  339. data/ext/libmongocrypt/libmongocrypt/test/data/multikey/key-document-b.json +37 -0
  340. data/ext/libmongocrypt/libmongocrypt/test/data/multikey/mongocryptd_reply.json +34 -0
  341. data/ext/libmongocrypt/libmongocrypt/test/data/multikey/schema_map.json +35 -0
  342. data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/src/test/resources/kms-reply.txt → test/data/rmd/kms-decrypt-reply-429.txt} +1 -1
  343. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-encryptedFields.json +42 -0
  344. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-encryptedFields2.json +42 -0
  345. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-jsonSchema.json +43 -0
  346. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-noSchema.json +21 -0
  347. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/create-with-jsonSchema.json +24 -0
  348. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFields.json +20 -0
  349. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFields2.json +20 -0
  350. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFieldsMap.json +42 -0
  351. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/jsonSchema.json +19 -0
  352. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/jsonSchema2.json +19 -0
  353. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/schemaMap.json +40 -0
  354. data/ext/libmongocrypt/libmongocrypt/test/data/tokens/mc.json +28 -2
  355. data/ext/libmongocrypt/libmongocrypt/test/data/tokens/server.json +28 -2
  356. data/ext/libmongocrypt/libmongocrypt/test/example-state-machine.c +1 -1
  357. data/ext/libmongocrypt/libmongocrypt/test/test-mc-cmp.c +304 -0
  358. data/ext/libmongocrypt/libmongocrypt/test/test-mc-efc.c +70 -0
  359. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-encryption-placeholder.c +468 -0
  360. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-equality-payload-v2.c +20 -1
  361. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iev-v2.c +370 -22
  362. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iev.c +1 -1
  363. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup-v2.c +25 -1
  364. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup.c +24 -1
  365. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-uev.c +2 -2
  366. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-rfds.c +2 -2
  367. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-tag-and-encrypted-metadata-block.c +91 -0
  368. data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-edge-generation.c +6 -7
  369. data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-encoding.c +32 -33
  370. data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-mincover.c +68 -75
  371. data/ext/libmongocrypt/libmongocrypt/test/test-mc-rangeopts.c +2 -2
  372. data/ext/libmongocrypt/libmongocrypt/test/test-mc-schema-broker.c +1124 -0
  373. data/ext/libmongocrypt/libmongocrypt/test/test-mc-text-search-str-encode.c +1207 -0
  374. data/ext/libmongocrypt/libmongocrypt/test/test-mc-tokens.c +144 -37
  375. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.c +13 -14
  376. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.h +2 -2
  377. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert.h +21 -4
  378. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-buffer.c +25 -0
  379. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cache.c +3 -20
  380. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-hooks.c +57 -46
  381. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto.c +37 -7
  382. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-csfle-lib.c +21 -0
  383. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-decrypt.c +226 -146
  384. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-encrypt.c +1529 -1197
  385. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-rewrap-many-datakey.c +79 -0
  386. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-datakey.c +160 -0
  387. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kek.c +3 -3
  388. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-key-cache.c +7 -7
  389. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kms-responses.c +6 -5
  390. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-marking.c +750 -110
  391. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.c +143 -33
  392. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.h +39 -4
  393. data/ext/libmongocrypt/libmongocrypt/test/test-unicode-fold.c +97 -0
  394. data/lib/libmongocrypt_helper/version.rb +2 -2
  395. metadata +233 -225
  396. data/ext/libmongocrypt/libmongocrypt/bindings/cs/CMakeLists.txt +0 -17
  397. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Driver.snk +0 -0
  398. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/AssemblyInfo.cs +0 -4
  399. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Binary.cs +0 -145
  400. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/BinarySafeHandle.cs +0 -60
  401. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CheckableSafeHandle.cs +0 -46
  402. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CipherCallbacks.cs +0 -168
  403. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/ContextSafeHandle.cs +0 -48
  404. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CryptClient.cs +0 -257
  405. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CryptClientFactory.cs +0 -138
  406. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CryptContext.cs +0 -214
  407. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CryptException.cs +0 -37
  408. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CryptOptions.cs +0 -67
  409. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/HashCallback.cs +0 -59
  410. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/HmacShaCallbacks.cs +0 -96
  411. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/IStatus.cs +0 -26
  412. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/KmsCredentials.cs +0 -53
  413. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/KmsKeyId.cs +0 -91
  414. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/KmsRequest.cs +0 -125
  415. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/KmsRequestCollection.cs +0 -60
  416. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Library.cs +0 -684
  417. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/LibraryLoader.cs +0 -289
  418. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/LibraryLoadingException.cs +0 -34
  419. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/License.txt +0 -14
  420. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/LogLevel.cs +0 -26
  421. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/MongoCryptSafeHandle.cs +0 -48
  422. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/MongoDB.Libmongocrypt.csproj +0 -107
  423. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/MongoDB.Libmongocrypt.ruleset +0 -85
  424. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/MongoDB.Libmongocrypt.targets +0 -21
  425. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/OperatingSystemHelper.cs +0 -59
  426. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Package.include.template.csproj +0 -38
  427. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/PinnedBinary.cs +0 -49
  428. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/SecureRandomCallback.cs +0 -51
  429. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/SigningRSAESPKCSCallback.cs +0 -74
  430. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Status.cs +0 -94
  431. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/StatusSafeHandle.cs +0 -60
  432. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/StyleCop.ruleset +0 -11
  433. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/stylecop.json +0 -8
  434. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Example/MongoDB.Libmongocrypt.Example.csproj +0 -23
  435. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Example/Package.include.template.csproj +0 -11
  436. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Example/Program.cs +0 -442
  437. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/BasicTests.cs +0 -748
  438. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/BsonUtil.cs +0 -82
  439. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/CallbackUtils.cs +0 -37
  440. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/CipherCallbacksTests.cs +0 -46
  441. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/HashCallbackTests.cs +0 -37
  442. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/HmacShaCallbacksTests.cs +0 -37
  443. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/MongoDB.Libmongocrypt.Test.csproj +0 -37
  444. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/Package.include.template.csproj +0 -23
  445. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/SigningRSAESPKCSCallbackTests.cs +0 -64
  446. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/test/example/command-reply.json +0 -13
  447. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/test/example/encrypted-command-reply.json +0 -16
  448. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/test/example/encrypted-command.json +0 -11
  449. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/test/example/encrypted-value.json +0 -6
  450. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/test/example/key-document.json +0 -36
  451. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/test/example/key-filter.json +0 -19
  452. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/test/example/list-collections-filter.json +0 -3
  453. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/test/example/mongocryptd-command.json +0 -22
  454. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/xunit.runner.json +0 -6
  455. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test32/BasicTests.cs +0 -54
  456. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test32/MongoDB.Libmongocrypt.Test32.csproj +0 -44
  457. data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test32/Package.include.template.csproj +0 -23
  458. data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.cake +0 -215
  459. data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.config +0 -3
  460. data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.ps1 +0 -275
  461. data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.sh +0 -77
  462. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/README.md +0 -36
  463. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/build.gradle.kts +0 -28
  464. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/java/com/mongodb/crypt/benchmark/BenchmarkRunner.java +0 -217
  465. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/resources/keyDocument.json +0 -24
  466. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/build.gradle.kts +0 -354
  467. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.jar +0 -0
  468. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.properties +0 -5
  469. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew +0 -234
  470. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew.bat +0 -89
  471. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/settings.gradle.kts +0 -1
  472. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/BinaryHolder.java +0 -45
  473. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPI.java +0 -1165
  474. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPIHelper.java +0 -96
  475. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CipherCallback.java +0 -92
  476. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/DisposableMemory.java +0 -31
  477. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/JULLogger.java +0 -130
  478. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/Logger.java +0 -144
  479. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/Loggers.java +0 -50
  480. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MacCallback.java +0 -60
  481. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MessageDigestCallback.java +0 -55
  482. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoAwsKmsProviderOptions.java +0 -104
  483. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCrypt.java +0 -100
  484. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptContext.java +0 -137
  485. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptContextImpl.java +0 -164
  486. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptException.java +0 -67
  487. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptImpl.java +0 -423
  488. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptOptions.java +0 -284
  489. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCrypts.java +0 -38
  490. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoDataKeyOptions.java +0 -125
  491. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoExplicitEncryptOptions.java +0 -227
  492. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoKeyDecryptor.java +0 -76
  493. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoKeyDecryptorImpl.java +0 -105
  494. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoLocalKmsProviderOptions.java +0 -83
  495. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoRewrapManyDataKeyOptions.java +0 -104
  496. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SLF4JLogger.java +0 -110
  497. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SecureRandomCallback.java +0 -51
  498. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SigningRSAESPKCSCallback.java +0 -76
  499. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/package-info.java +0 -18
  500. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/jni-config.json +0 -180
  501. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/reflect-config.json +0 -134
  502. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/java/com/mongodb/crypt/capi/MongoCryptTest.java +0 -389
  503. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/command-reply.json +0 -13
  504. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/command.json +0 -6
  505. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-command-reply.json +0 -16
  506. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-command.json +0 -11
  507. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-value.json +0 -6
  508. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/encrypted-payload.json +0 -26
  509. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/key-filter.json +0 -19
  510. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/rangeopts.json +0 -14
  511. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/value-to-encrypt.json +0 -20
  512. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/json-schema.json +0 -15
  513. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/key-filter-keyAltName.json +0 -14
  514. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/key-filter.json +0 -19
  515. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/list-collections-filter.json +0 -3
  516. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/mongocryptd-command.json +0 -22
  517. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/mongocryptd-reply.json +0 -18
  518. data/ext/libmongocrypt/libmongocrypt/etc/silk-create-asset-group.sh +0 -70
  519. data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/jsonSchema/cmd.json +0 -20
  520. data/ext/libmongocrypt/libmongocrypt/test/data/collection-info-no-schema.json +0 -19
  521. data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/encrypted-field-config-map.json +0 -47
  522. data/ext/libmongocrypt/libmongocrypt/test/data/fle1-collMod/insert/cmd.json +0 -8
  523. data/ext/libmongocrypt/libmongocrypt/test/data/fle1-collMod/insert/collinfo.json +0 -9
  524. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/ismaster-to-mongocryptd.json +0 -3
  525. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-payload.json +0 -91
  526. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-payload.json +0 -98
  527. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/find-indexed-contentionFactor1.json +0 -8
  528. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/insert-indexed-contentionFactor1.json +0 -8
  529. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/insert-indexed-same-user-and-index-key.json +0 -8
  530. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/cmd.json +0 -6
  531. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/encrypted-payload.json +0 -41
  532. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/mongocryptd-reply.json +0 -19
  533. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/cmd.json +0 -10
  534. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/encrypted-payload.json +0 -42
  535. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/mongocryptd-reply.json +0 -50
  536. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/cmd.json +0 -6
  537. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/encrypted-field-map.json +0 -28
  538. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/encrypted-payload.json +0 -42
  539. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/mongocryptd-reply.json +0 -50
  540. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/cmd.json +0 -6
  541. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/encrypted-field-map.json +0 -31
  542. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/encrypted-payload.json +0 -51
  543. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/mongocryptd-reply.json +0 -59
  544. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/cmd.json +0 -8
  545. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/encrypted-payload.json +0 -42
  546. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/mongocryptd-reply.json +0 -50
  547. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/cmd.json +0 -8
  548. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/encrypted-field-map.json +0 -31
  549. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/encrypted-payload.json +0 -45
  550. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/mongocryptd-reply.json +0 -53
  551. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/cmd.json +0 -8
  552. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/encrypted-payload.json +0 -42
  553. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/mongocryptd-reply.json +0 -50
  554. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/cmd.json +0 -8
  555. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/encrypted-field-map.json +0 -28
  556. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/encrypted-payload.json +0 -42
  557. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/mongocryptd-reply.json +0 -50
  558. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double/encrypted-payload.json +0 -26
  559. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double-precision/encrypted-payload.json +0 -26
  560. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32/encrypted-payload.json +0 -26
  561. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-nominmax/encrypted-payload-v2.json +0 -26
  562. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-openinterval/encrypted-payload.json +0 -16
  563. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/cmd.json +0 -13
  564. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/encrypted-field-map.json +0 -28
  565. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/encrypted-payload.json +0 -45
  566. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/mongocryptd-reply.json +0 -53
  567. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/cmd.json +0 -9
  568. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/encrypted-field-map.json +0 -28
  569. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/encrypted-payload.json +0 -45
  570. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/mongocryptd-reply.json +0 -53
  571. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/cmd.json +0 -9
  572. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/encrypted-field-map.json +0 -31
  573. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/encrypted-payload.json +0 -54
  574. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/mongocryptd-reply.json +0 -62
  575. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/cmd.json +0 -11
  576. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/encrypted-field-map.json +0 -28
  577. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/encrypted-payload.json +0 -45
  578. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/mongocryptd-reply.json +0 -53
  579. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/cmd.json +0 -11
  580. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/encrypted-field-map.json +0 -31
  581. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/encrypted-payload.json +0 -48
  582. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/mongocryptd-reply.json +0 -56
  583. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/encrypted-payload.json +0 -45
  584. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/mongocryptd-reply.json +0 -53
  585. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/cmd.json +0 -11
  586. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/encrypted-field-map.json +0 -28
  587. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/encrypted-payload.json +0 -45
  588. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/mongocryptd-reply.json +0 -53
  589. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double/encrypted-payload.json +0 -8
  590. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double-precision/encrypted-payload.json +0 -8
  591. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/int32-nominmax/encrypted-payload-v2.json +0 -8
  592. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/sparsity-2/encrypted-payload.json +0 -8
  593. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/cmd.json +0 -9
  594. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/encrypted-payload.json +0 -14
  595. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/mongocryptd-reply.json +0 -46
  596. data/ext/libmongocrypt/libmongocrypt/test/data/schema.json +0 -19
  597. /data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-explicit/find-indexed.json → explicit-decrypt/FLE2FindEqualityPayload.json} +0 -0
  598. /data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-text-search-with-str-encode-version}/cmd.json +0 -0
@@ -14,6 +14,7 @@
14
14
  * limitations under the License.
15
15
  */
16
16
 
17
+ #include "bson/bson.h"
17
18
  #include "mc-fle-blob-subtype-private.h"
18
19
  #include "mc-fle2-encryption-placeholder-private.h"
19
20
  #include "mc-fle2-find-equality-payload-private-v2.h"
@@ -28,6 +29,8 @@
28
29
  #include "mc-range-edge-generation-private.h"
29
30
  #include "mc-range-encoding-private.h"
30
31
  #include "mc-range-mincover-private.h"
32
+ #include "mc-str-encode-string-sets-private.h"
33
+ #include "mc-text-search-str-encode-private.h"
31
34
  #include "mc-tokens-private.h"
32
35
  #include "mongocrypt-buffer-private.h"
33
36
  #include "mongocrypt-ciphertext-private.h"
@@ -268,10 +271,121 @@ void _mongocrypt_marking_cleanup(_mongocrypt_marking_t *marking) {
268
271
 
269
272
  DERIVE_TOKEN_IMPL(EDC)
270
273
  DERIVE_TOKEN_IMPL(ESC)
271
- DERIVE_TOKEN_IMPL(ECC)
272
274
 
273
275
  #undef DERIVE_TOKEN_IMPL
274
276
 
277
+ /**
278
+ * Calculates:
279
+ * E?CToken = HMAC(collectionLevel1Token, n)
280
+ * E?CText<T>Token = HMAC(E?CToken, t)
281
+ * E?CText<T>DerivedFromDataTokenAndContentionFactorToken = HMAC(HMAC(E?CText<T>Token, v) cf)
282
+ *
283
+ * E?C = EDC|ESC
284
+ * n = 1 for EDC, 2 for ESC
285
+ * <T> = Exact|Substring|Suffix|Prefix
286
+ * t = 1 for Exact, 2 for Substring, 3 for Suffix, 4 for Prefix
287
+ * cf = contentionFactor
288
+ *
289
+ * E?CText<T>DerivedFromDataTokenAndContentionFactorToken is saved to out.
290
+ * Note that {out} is initialized even on failure.
291
+ */
292
+ #define DERIVE_TEXT_SEARCH_TOKEN_IMPL(Name, Type) \
293
+ static bool _fle2_derive_##Name##Text##Type##_token(_mongocrypt_crypto_t *crypto, \
294
+ _mongocrypt_buffer_t *out, \
295
+ const mc_CollectionsLevel1Token_t *level1Token, \
296
+ const _mongocrypt_buffer_t *value, \
297
+ int64_t contentionFactor, \
298
+ mongocrypt_status_t *status) { \
299
+ BSON_ASSERT_PARAM(crypto); \
300
+ BSON_ASSERT_PARAM(out); \
301
+ BSON_ASSERT_PARAM(level1Token); \
302
+ BSON_ASSERT_PARAM(value); \
303
+ BSON_ASSERT(contentionFactor >= 0); \
304
+ \
305
+ _mongocrypt_buffer_init(out); \
306
+ \
307
+ mc_##Name##Token_t *token = mc_##Name##Token_new(crypto, level1Token, status); \
308
+ if (!token) { \
309
+ return false; \
310
+ } \
311
+ mc_##Name##Text##Type##Token_t *textToken = mc_##Name##Text##Type##Token_new(crypto, token, status); \
312
+ mc_##Name##Token_destroy(token); \
313
+ if (!textToken) { \
314
+ return false; \
315
+ } \
316
+ mc_##Name##Text##Type##DerivedFromDataTokenAndContentionFactorToken_t *fromDataAndContentionFactor = \
317
+ mc_##Name##Text##Type##DerivedFromDataTokenAndContentionFactorToken_new(crypto, \
318
+ textToken, \
319
+ value, \
320
+ (uint64_t)contentionFactor, \
321
+ status); \
322
+ mc_##Name##Text##Type##Token_destroy(textToken); \
323
+ if (!fromDataAndContentionFactor) { \
324
+ return false; \
325
+ } \
326
+ _mongocrypt_buffer_copy_to( \
327
+ mc_##Name##Text##Type##DerivedFromDataTokenAndContentionFactorToken_get(fromDataAndContentionFactor), \
328
+ out); \
329
+ mc_##Name##Text##Type##DerivedFromDataTokenAndContentionFactorToken_destroy(fromDataAndContentionFactor); \
330
+ return true; \
331
+ }
332
+
333
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(EDC, Exact)
334
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(ESC, Exact)
335
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(EDC, Substring)
336
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(ESC, Substring)
337
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(EDC, Suffix)
338
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(ESC, Suffix)
339
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(EDC, Prefix)
340
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(ESC, Prefix)
341
+ #undef DERIVE_TEXT_SEARCH_TOKEN_IMPL
342
+
343
+ /**
344
+ * Calculates:
345
+ * ServerText<T>Token = HMAC(collectionLevel1Token, t)
346
+ * ServerText<T>DerivedFromDataToken = HMAC(ServerText<T>Token, v)
347
+ *
348
+ * <T> = Exact|Substring|Suffix|Prefix
349
+ * t = 1 for Exact, 2 for Substring, 3 for Suffix, 4 for Prefix
350
+ *
351
+ * ServerText<T>DerivedFromDataToken is saved to out.
352
+ * Note that {out} is initialized even on failure.
353
+ */
354
+ #define DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Type) \
355
+ static bool _fle2_derive_serverText##Type##DerivedFromDataToken( \
356
+ _mongocrypt_crypto_t *crypto, \
357
+ _mongocrypt_buffer_t *out, \
358
+ const mc_ServerTokenDerivationLevel1Token_t *level1Token, \
359
+ const _mongocrypt_buffer_t *value, \
360
+ mongocrypt_status_t *status) { \
361
+ BSON_ASSERT_PARAM(crypto); \
362
+ BSON_ASSERT_PARAM(out); \
363
+ BSON_ASSERT_PARAM(level1Token); \
364
+ BSON_ASSERT_PARAM(value); \
365
+ BSON_ASSERT_PARAM(status); \
366
+ \
367
+ _mongocrypt_buffer_init(out); \
368
+ mc_ServerText##Type##Token_t *token = mc_ServerText##Type##Token_new(crypto, level1Token, status); \
369
+ if (!token) { \
370
+ return false; \
371
+ } \
372
+ mc_ServerText##Type##DerivedFromDataToken_t *dataToken = \
373
+ mc_ServerText##Type##DerivedFromDataToken_new(crypto, token, value, status); \
374
+ mc_ServerText##Type##Token_destroy(token); \
375
+ if (!dataToken) { \
376
+ return false; \
377
+ } \
378
+ _mongocrypt_buffer_copy_to(mc_ServerText##Type##DerivedFromDataToken_get(dataToken), out); \
379
+ mc_ServerText##Type##DerivedFromDataToken_destroy(dataToken); \
380
+ return true; \
381
+ }
382
+
383
+ DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Exact)
384
+ DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Substring)
385
+ DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Suffix)
386
+ DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Prefix)
387
+ #undef DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL
388
+
275
389
  static bool _fle2_derive_serverDerivedFromDataToken(_mongocrypt_crypto_t *crypto,
276
390
  _mongocrypt_buffer_t *out,
277
391
  const mc_ServerTokenDerivationLevel1Token_t *level1Token,
@@ -460,7 +574,8 @@ static void _FLE2EncryptedPayloadCommon_cleanup(_FLE2EncryptedPayloadCommon_t *c
460
574
  _mongocrypt_buffer_cleanup(&common->escDerivedToken);
461
575
  _mongocrypt_buffer_cleanup(&common->eccDerivedToken);
462
576
  _mongocrypt_buffer_cleanup(&common->serverDerivedFromDataToken);
463
- memset(common, 0, sizeof(*common));
577
+ // Zero out memory so `_FLE2EncryptedPayloadCommon_cleanup` is safe to call twice.
578
+ *common = (_FLE2EncryptedPayloadCommon_t){{0}};
464
579
  }
465
580
 
466
581
  // _get_tokenKey returns the tokenKey identified by indexKeyId.
@@ -513,7 +628,6 @@ static bool _mongocrypt_fle2_placeholder_common(_mongocrypt_key_broker_t *kb,
513
628
  BSON_ASSERT_PARAM(value);
514
629
 
515
630
  _mongocrypt_crypto_t *crypto = kb->crypt->crypto;
516
- _mongocrypt_buffer_t indexKey = {0};
517
631
  *ret = (_FLE2EncryptedPayloadCommon_t){{0}};
518
632
 
519
633
  if (!_get_tokenKey(kb, indexKeyId, &ret->tokenKey, status)) {
@@ -552,191 +666,25 @@ static bool _mongocrypt_fle2_placeholder_common(_mongocrypt_key_broker_t *kb,
552
666
  goto fail;
553
667
  }
554
668
 
555
- if (kb->crypt->opts.use_fle2_v2) {
556
- /* FLE2v2 */
557
- ret->serverTokenDerivationLevel1Token = mc_ServerTokenDerivationLevel1Token_new(crypto, &ret->tokenKey, status);
558
- if (!ret->serverTokenDerivationLevel1Token) {
559
- CLIENT_ERR("unable to derive serverTokenDerivationLevel1Token");
560
- goto fail;
561
- }
562
-
563
- if (!_fle2_derive_serverDerivedFromDataToken(crypto,
564
- &ret->serverDerivedFromDataToken,
565
- ret->serverTokenDerivationLevel1Token,
566
- value,
567
- status)) {
568
- goto fail;
569
- }
570
- } else {
571
- /* FLE2v1 */
572
- if (!_fle2_derive_ECC_token(crypto,
573
- &ret->eccDerivedToken,
574
- ret->collectionsLevel1Token,
575
- value,
576
- useContentionFactor,
577
- contentionFactor,
578
- status)) {
579
- goto fail;
580
- }
581
- }
582
-
583
- _mongocrypt_buffer_cleanup(&indexKey);
584
- return true;
585
-
586
- fail:
587
- _FLE2EncryptedPayloadCommon_cleanup(ret);
588
- _mongocrypt_buffer_cleanup(&indexKey);
589
- return false;
590
- }
591
-
592
- // Shared implementation for insert/update and insert/update ForRange (v1)
593
- static bool _mongocrypt_fle2_placeholder_to_insert_update_common_v1(_mongocrypt_key_broker_t *kb,
594
- mc_FLE2InsertUpdatePayload_t *out,
595
- int64_t *contentionFactor,
596
- _FLE2EncryptedPayloadCommon_t *common,
597
- const mc_FLE2EncryptionPlaceholder_t *placeholder,
598
- bson_iter_t *value_iter,
599
- mongocrypt_status_t *status) {
600
- BSON_ASSERT_PARAM(kb);
601
- BSON_ASSERT_PARAM(out);
602
- BSON_ASSERT_PARAM(common);
603
- BSON_ASSERT_PARAM(placeholder);
604
- BSON_ASSERT_PARAM(value_iter);
605
- BSON_ASSERT(kb->crypt);
606
- BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
607
- BSON_ASSERT(kb->crypt->opts.use_range_v2 == false);
608
- BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT);
609
-
610
- _mongocrypt_crypto_t *crypto = kb->crypt->crypto;
611
- _mongocrypt_buffer_t value = {0};
612
- bool res = false;
613
-
614
- *contentionFactor = 0;
615
- if (placeholder->maxContentionFactor > 0) {
616
- /* Choose a random contentionFactor in the inclusive range [0,
617
- * placeholder->maxContentionFactor] */
618
- if (!_mongocrypt_random_int64(crypto, placeholder->maxContentionFactor + 1, contentionFactor, status)) {
619
- goto fail;
620
- }
621
- }
622
-
623
- _mongocrypt_buffer_from_iter(&value, value_iter);
624
- if (!_mongocrypt_fle2_placeholder_common(kb,
625
- common,
626
- &placeholder->index_key_id,
627
- &value,
628
- true, /* derive tokens using contentionFactor */
629
- *contentionFactor,
630
- status)) {
669
+ ret->serverTokenDerivationLevel1Token = mc_ServerTokenDerivationLevel1Token_new(crypto, &ret->tokenKey, status);
670
+ if (!ret->serverTokenDerivationLevel1Token) {
671
+ CLIENT_ERR("unable to derive serverTokenDerivationLevel1Token");
631
672
  goto fail;
632
673
  }
633
674
 
634
- // d := EDCDerivedToken
635
- _mongocrypt_buffer_steal(&out->edcDerivedToken, &common->edcDerivedToken);
636
- // s := ESCDerivedToken
637
- _mongocrypt_buffer_steal(&out->escDerivedToken, &common->escDerivedToken);
638
- // c := ECCDerivedToken
639
- _mongocrypt_buffer_steal(&out->eccDerivedToken, &common->eccDerivedToken);
640
-
641
- // p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor ||
642
- // ECCDerivedFromDataTokenAndContentionFactor)
643
- if (!_fle2_derive_encrypted_token(crypto,
644
- &out->encryptedTokens,
645
- false, // Can't use range V2 with FLE V1
646
- common->collectionsLevel1Token,
647
- &out->escDerivedToken,
648
- &out->eccDerivedToken,
649
- (mc_optional_bool_t){0}, // Unset is_leaf as it's not used in V1
650
- status)) {
675
+ if (!_fle2_derive_serverDerivedFromDataToken(crypto,
676
+ &ret->serverDerivedFromDataToken,
677
+ ret->serverTokenDerivationLevel1Token,
678
+ value,
679
+ status)) {
651
680
  goto fail;
652
681
  }
653
682
 
654
- _mongocrypt_buffer_copy_to(&placeholder->index_key_id,
655
- &out->indexKeyId); // u
656
- out->valueType = bson_iter_type(value_iter); // t
657
-
658
- // v := UserKeyId + EncryptCTRAEAD(UserKey, value)
659
- {
660
- _mongocrypt_buffer_t ciphertext = {0};
661
- if (!_fle2_placeholder_aes_aead_encrypt(kb,
662
- _mcFLE2AEADAlgorithm(),
663
- &ciphertext,
664
- &placeholder->user_key_id,
665
- &value,
666
- status)) {
667
- goto fail;
668
- }
669
- const _mongocrypt_buffer_t v[2] = {placeholder->user_key_id, ciphertext};
670
- const bool ok = _mongocrypt_buffer_concat(&out->value, v, 2);
671
- _mongocrypt_buffer_cleanup(&ciphertext);
672
- if (!ok) {
673
- goto fail;
674
- }
675
- }
676
-
677
- // e := ServerDataEncryptionLevel1Token
678
- _mongocrypt_buffer_copy_to(mc_ServerDataEncryptionLevel1Token_get(common->serverDataEncryptionLevel1Token),
679
- &out->serverEncryptionToken);
680
-
681
- res = true;
682
- fail:
683
- _mongocrypt_buffer_cleanup(&value);
684
- return res;
685
- }
686
-
687
- /**
688
- * Payload subtype 4: FLE2InsertUpdatePayload
689
- *
690
- * {d: EDC, s: ESC, c: ECC,
691
- * p: encToken, u: indexKeyId, t: type,
692
- * v: value, e: serverToken}
693
- */
694
- static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertext_v1(_mongocrypt_key_broker_t *kb,
695
- _mongocrypt_marking_t *marking,
696
- _mongocrypt_ciphertext_t *ciphertext,
697
- mongocrypt_status_t *status) {
698
- BSON_ASSERT_PARAM(kb);
699
- BSON_ASSERT_PARAM(marking);
700
- BSON_ASSERT_PARAM(ciphertext);
701
- BSON_ASSERT_PARAM(status);
702
- BSON_ASSERT(kb->crypt);
703
- BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
704
- BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
705
- BSON_ASSERT(marking->fle2.algorithm == MONGOCRYPT_FLE2_ALGORITHM_EQUALITY);
706
-
707
- mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
708
- _FLE2EncryptedPayloadCommon_t common = {{0}};
709
- mc_FLE2InsertUpdatePayload_t payload;
710
- mc_FLE2InsertUpdatePayload_init(&payload);
711
- bool res = false;
712
-
713
- int64_t contentionFactor = 0; /* ignored */
714
- if (!_mongocrypt_fle2_placeholder_to_insert_update_common_v1(kb,
715
- &payload,
716
- &contentionFactor,
717
- &common,
718
- placeholder,
719
- &placeholder->v_iter,
720
- status)) {
721
- goto fail;
722
- }
723
-
724
- {
725
- bson_t out;
726
- bson_init(&out);
727
- mc_FLE2InsertUpdatePayload_serialize(&payload, &out);
728
- _mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
729
- }
730
- // Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
731
- // not used for FLE2InsertUpdatePayload.
732
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayload;
683
+ return true;
733
684
 
734
- res = true;
735
685
  fail:
736
- mc_FLE2InsertUpdatePayload_cleanup(&payload);
737
- _FLE2EncryptedPayloadCommon_cleanup(&common);
738
-
739
- return res;
686
+ _FLE2EncryptedPayloadCommon_cleanup(ret);
687
+ return false;
740
688
  }
741
689
 
742
690
  // Shared implementation for insert/update and insert/update ForRange (v2)
@@ -752,7 +700,6 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_common(_mongocrypt_key
752
700
  BSON_ASSERT_PARAM(placeholder);
753
701
  BSON_ASSERT_PARAM(value_iter);
754
702
  BSON_ASSERT(kb->crypt);
755
- BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == true);
756
703
  BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT);
757
704
 
758
705
  _mongocrypt_crypto_t *crypto = kb->crypt->crypto;
@@ -838,8 +785,6 @@ fail:
838
785
 
839
786
  /**
840
787
  * Payload subtype 11: FLE2InsertUpdatePayloadV2
841
- * Delegates to ..._insert_update_ciphertext_v1 for subtype 4
842
- * when crypt.opts.use_fle2_v2 == false
843
788
  *
844
789
  * {d: EDC, s: ESC, p: encToken,
845
790
  * u: indexKeyId, t: valueType, v: value,
@@ -856,10 +801,6 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertext(_mongocrypt
856
801
  BSON_ASSERT(kb->crypt);
857
802
  BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
858
803
 
859
- if (!kb->crypt->opts.use_fle2_v2) {
860
- return _mongocrypt_fle2_placeholder_to_insert_update_ciphertext_v1(kb, marking, ciphertext, status);
861
- }
862
-
863
804
  mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
864
805
  _FLE2EncryptedPayloadCommon_t common = {{0}};
865
806
  mc_FLE2InsertUpdatePayloadV2_t payload;
@@ -976,55 +917,51 @@ get_edges(mc_FLE2RangeInsertSpec_t *insertSpec, size_t sparsity, mongocrypt_stat
976
917
  }
977
918
 
978
919
  /**
979
- * Payload subtype 4: FLE2InsertUpdatePayload for range updates
920
+ * Payload subtype 11: FLE2InsertUpdatePayloadV2 for range updates
980
921
  *
981
- * {d: EDC, s: ESC, c: ECC,
982
- * p: encToken, u: indexKeyId, t: type,
983
- * v: value, e: serverToken,
984
- * g: [{d: EDC, s: ESC, c: ECC, p: encToken},
985
- * {d: EDC, s: ESC, c: ECC, p: encToken},
922
+ * {d: EDC, s: ESC, p: encToken,
923
+ * u: indexKeyId, t: valueType, v: value,
924
+ * e: serverToken, l: serverDerivedFromDataToken,
925
+ * k: contentionFactor,
926
+ * g: [{d: EDC, s: ESC, l: serverDerivedFromDataToken, p: encToken},
927
+ * {d: EDC, s: ESC, l: serverDerivedFromDataToken, p: encToken},
986
928
  * ...]}
987
929
  */
988
- static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(_mongocrypt_key_broker_t *kb,
989
- _mongocrypt_marking_t *marking,
990
- _mongocrypt_ciphertext_t *ciphertext,
991
- mongocrypt_status_t *status) {
930
+ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange(_mongocrypt_key_broker_t *kb,
931
+ _mongocrypt_marking_t *marking,
932
+ _mongocrypt_ciphertext_t *ciphertext,
933
+ mongocrypt_status_t *status) {
992
934
  BSON_ASSERT_PARAM(kb);
993
935
  BSON_ASSERT_PARAM(marking);
994
936
  BSON_ASSERT_PARAM(ciphertext);
995
- BSON_ASSERT_PARAM(status);
996
937
  BSON_ASSERT(kb->crypt);
997
- BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
998
- BSON_ASSERT(kb->crypt->opts.use_range_v2 == false);
999
938
  BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
1000
- BSON_ASSERT(marking->fle2.algorithm == MONGOCRYPT_FLE2_ALGORITHM_RANGE);
939
+ const bool use_range_v2 = kb->crypt->opts.use_range_v2;
1001
940
 
1002
941
  mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
1003
942
  _FLE2EncryptedPayloadCommon_t common = {{0}};
1004
- mc_FLE2InsertUpdatePayload_t payload;
1005
- mc_FLE2InsertUpdatePayload_init(&payload);
943
+ mc_FLE2InsertUpdatePayloadV2_t payload;
944
+ mc_FLE2InsertUpdatePayloadV2_init(&payload);
1006
945
  bool res = false;
1007
946
  mc_edges_t *edges = NULL;
1008
947
 
1009
948
  // Parse the value ("v"), min ("min"), and max ("max") from
1010
949
  // FLE2EncryptionPlaceholder for range insert.
1011
950
  mc_FLE2RangeInsertSpec_t insertSpec;
1012
- if (!mc_FLE2RangeInsertSpec_parse(&insertSpec, &placeholder->v_iter, kb->crypt->opts.use_range_v2, status)) {
951
+ if (!mc_FLE2RangeInsertSpec_parse(&insertSpec, &placeholder->v_iter, use_range_v2, status)) {
1013
952
  goto fail;
1014
953
  }
1015
954
 
1016
- int64_t contentionFactor = 0;
1017
- if (!_mongocrypt_fle2_placeholder_to_insert_update_common_v1(kb,
1018
- &payload,
1019
- &contentionFactor,
1020
- &common,
1021
- &marking->fle2,
1022
- &insertSpec.v,
1023
- status)) {
955
+ if (!_mongocrypt_fle2_placeholder_to_insert_update_common(kb,
956
+ &payload,
957
+ &common,
958
+ &marking->fle2,
959
+ &insertSpec.v,
960
+ status)) {
1024
961
  goto fail;
1025
962
  }
1026
963
 
1027
- // g:= array<EdgeTokenSet>
964
+ // g:= array<EdgeTokenSetV2>
1028
965
  {
1029
966
  BSON_ASSERT(placeholder->sparsity >= 0 && (uint64_t)placeholder->sparsity <= (uint64_t)SIZE_MAX);
1030
967
  edges = get_edges(&insertSpec, (size_t)placeholder->sparsity, status, kb->crypt->opts.use_range_v2);
@@ -1036,10 +973,11 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(
1036
973
  // Create an EdgeTokenSet from each edge.
1037
974
  bool loop_ok = false;
1038
975
  const char *edge = mc_edges_get(edges, i);
976
+ bool is_leaf = mc_edges_is_leaf(edges, edge);
1039
977
  _mongocrypt_buffer_t edge_buf = {0};
1040
978
  _FLE2EncryptedPayloadCommon_t edge_tokens = {{0}};
1041
979
  _mongocrypt_buffer_t encryptedTokens = {0};
1042
- mc_EdgeTokenSet_t etc = {{0}};
980
+ mc_EdgeTokenSetV2_t etc = {{0}};
1043
981
 
1044
982
  if (!_mongocrypt_buffer_from_string(&edge_buf, edge)) {
1045
983
  CLIENT_ERR("failed to copy edge to buffer");
@@ -1051,27 +989,29 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(
1051
989
  &placeholder->index_key_id,
1052
990
  &edge_buf,
1053
991
  true, /* derive tokens using contentionFactor */
1054
- contentionFactor,
992
+ payload.contentionFactor,
1055
993
  status)) {
1056
994
  goto fail_loop;
1057
995
  }
996
+ BSON_ASSERT(edge_tokens.eccDerivedToken.data == NULL);
1058
997
 
1059
998
  // d := EDCDerivedToken
1060
999
  _mongocrypt_buffer_steal(&etc.edcDerivedToken, &edge_tokens.edcDerivedToken);
1061
1000
  // s := ESCDerivedToken
1062
1001
  _mongocrypt_buffer_steal(&etc.escDerivedToken, &edge_tokens.escDerivedToken);
1063
- // c := ECCDerivedToken
1064
- _mongocrypt_buffer_steal(&etc.eccDerivedToken, &edge_tokens.eccDerivedToken);
1065
1002
 
1066
- // p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor ||
1067
- // ECCDerivedFromDataTokenAndContentionFactor)
1003
+ // l := serverDerivedFromDataToken
1004
+ _mongocrypt_buffer_steal(&etc.serverDerivedFromDataToken, &edge_tokens.serverDerivedFromDataToken);
1005
+
1006
+ // p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor)
1007
+ // Or in Range V2: p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor || isLeaf)
1068
1008
  if (!_fle2_derive_encrypted_token(kb->crypt->crypto,
1069
1009
  &etc.encryptedTokens,
1070
- false, // Range V2 is incompatible with FLE V1
1010
+ kb->crypt->opts.use_range_v2,
1071
1011
  edge_tokens.collectionsLevel1Token,
1072
1012
  &etc.escDerivedToken,
1073
- &etc.eccDerivedToken,
1074
- (mc_optional_bool_t){0}, // Dummy value for isLeaf, unused in FLE V1
1013
+ NULL, // ecc unsed in FLE2v2
1014
+ OPT_BOOL(is_leaf),
1075
1015
  status)) {
1076
1016
  goto fail_loop;
1077
1017
  }
@@ -1089,242 +1029,432 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(
1089
1029
  }
1090
1030
  }
1091
1031
 
1032
+ // Include "range" payload fields introduced in SERVER-91889.
1033
+ payload.sparsity = OPT_I64(placeholder->sparsity);
1034
+ payload.precision = insertSpec.precision;
1035
+ payload.trimFactor = OPT_I32(mc_edges_get_used_trimFactor(edges));
1036
+ bson_value_copy(bson_iter_value(&insertSpec.min), &payload.indexMin);
1037
+ bson_value_copy(bson_iter_value(&insertSpec.max), &payload.indexMax);
1038
+
1092
1039
  {
1093
1040
  bson_t out;
1094
1041
  bson_init(&out);
1095
- mc_FLE2InsertUpdatePayload_serializeForRange(&payload, &out);
1042
+ mc_FLE2InsertUpdatePayloadV2_serializeForRange(&payload, &out, use_range_v2);
1096
1043
  _mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
1097
1044
  }
1098
1045
  // Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
1099
- // not used for FLE2InsertUpdatePayload.
1100
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayload;
1046
+ // not used for FLE2InsertUpdatePayloadV2.
1047
+ ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayloadV2;
1101
1048
 
1102
1049
  res = true;
1103
1050
  fail:
1104
1051
  mc_edges_destroy(edges);
1105
- mc_FLE2InsertUpdatePayload_cleanup(&payload);
1052
+ mc_FLE2InsertUpdatePayloadV2_cleanup(&payload);
1106
1053
  _FLE2EncryptedPayloadCommon_cleanup(&common);
1107
1054
 
1108
1055
  return res;
1109
1056
  }
1110
1057
 
1111
1058
  /**
1112
- * Payload subtype 11: FLE2InsertUpdatePayloadV2 for range updates
1113
- * Delegates to ..._insert_update_ciphertextForRange_v1 for subtype 4
1114
- * when crypt.opts.use_fle2_v2 == false
1059
+ * Sets up a mc_Text<T>TokenSet_t type by generating its member tokens:
1060
+ * - edcDerivedToken = HMAC(HMAC(HMAC(EDCToken, t), v), cf)
1061
+ * - escDerivedToken = HMAC(HMAC(HMAC(ESCToken, t), v), cf)
1062
+ * - serverDerivedFromDataToken = HMAC(HMAC(ServerLevel1Token, t), v)
1063
+ * and the encrypted token:
1064
+ * - encryptedTokens = EncryptCTR(ECOCToken, escDerivedToken)
1115
1065
  *
1116
- * {d: EDC, s: ESC, p: encToken,
1117
- * u: indexKeyId, t: valueType, v: value,
1118
- * e: serverToken, l: serverDerivedFromDataToken,
1119
- * k: contentionFactor,
1120
- * g: [{d: EDC, s: ESC, l: serverDerivedFromDataToken, p: encToken},
1121
- * {d: EDC, s: ESC, l: serverDerivedFromDataToken, p: encToken},
1122
- * ...]}
1066
+ * <T> = Exact|Substring|Suffix|Prefix
1067
+ * t = 1 for Exact, 2 for Substring, 3 for Suffix, 4 for Prefix
1068
+ * cf = contentionFactor
1069
+ * EDC/ESC/ECOCToken are derived from {collLevel1Token}
1123
1070
  */
1124
- static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange(_mongocrypt_key_broker_t *kb,
1125
- _mongocrypt_marking_t *marking,
1126
- _mongocrypt_ciphertext_t *ciphertext,
1127
- mongocrypt_status_t *status) {
1128
- BSON_ASSERT_PARAM(kb);
1129
- BSON_ASSERT_PARAM(marking);
1130
- BSON_ASSERT_PARAM(ciphertext);
1131
- BSON_ASSERT(kb->crypt);
1132
- BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
1133
- const bool use_range_v2 = kb->crypt->opts.use_range_v2;
1134
-
1135
- if (!kb->crypt->opts.use_fle2_v2) {
1136
- return _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(kb, marking, ciphertext, status);
1071
+ #define GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Type) \
1072
+ static bool _fle2_generate_Text##Type##TokenSet(_mongocrypt_key_broker_t *kb, \
1073
+ mc_Text##Type##TokenSet_t *out, \
1074
+ const _mongocrypt_buffer_t *value, \
1075
+ int64_t contentionFactor, \
1076
+ const mc_CollectionsLevel1Token_t *collLevel1Token, \
1077
+ const mc_ServerTokenDerivationLevel1Token_t *serverLevel1Token, \
1078
+ mongocrypt_status_t *status) { \
1079
+ BSON_ASSERT_PARAM(kb); \
1080
+ BSON_ASSERT_PARAM(kb->crypt); \
1081
+ BSON_ASSERT_PARAM(out); \
1082
+ BSON_ASSERT_PARAM(value); \
1083
+ BSON_ASSERT_PARAM(collLevel1Token); \
1084
+ BSON_ASSERT_PARAM(serverLevel1Token); \
1085
+ \
1086
+ if (!_fle2_derive_EDCText##Type##_token(kb->crypt->crypto, \
1087
+ &out->edcDerivedToken, \
1088
+ collLevel1Token, \
1089
+ value, \
1090
+ contentionFactor, \
1091
+ status)) { \
1092
+ return false; \
1093
+ } \
1094
+ if (!_fle2_derive_ESCText##Type##_token(kb->crypt->crypto, \
1095
+ &out->escDerivedToken, \
1096
+ collLevel1Token, \
1097
+ value, \
1098
+ contentionFactor, \
1099
+ status)) { \
1100
+ return false; \
1101
+ } \
1102
+ if (!_fle2_derive_serverText##Type##DerivedFromDataToken(kb->crypt->crypto, \
1103
+ &out->serverDerivedFromDataToken, \
1104
+ serverLevel1Token, \
1105
+ value, \
1106
+ status)) { \
1107
+ return false; \
1108
+ } \
1109
+ if (!_fle2_derive_encrypted_token(kb->crypt->crypto, \
1110
+ &out->encryptedTokens, \
1111
+ false, \
1112
+ collLevel1Token, \
1113
+ &out->escDerivedToken, \
1114
+ NULL, \
1115
+ (mc_optional_bool_t){0}, \
1116
+ status)) { \
1117
+ return false; \
1118
+ } \
1119
+ return true; \
1137
1120
  }
1121
+ GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Exact);
1122
+ GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Substring)
1123
+ GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Suffix)
1124
+ GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Prefix)
1125
+ #undef GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL
1126
+
1127
+ static bool _fle2_generate_TextSearchTokenSets(_mongocrypt_key_broker_t *kb,
1128
+ mc_FLE2InsertUpdatePayloadV2_t *payload,
1129
+ const _mongocrypt_buffer_t *indexKeyId,
1130
+ const mc_FLE2TextSearchInsertSpec_t *spec,
1131
+ int64_t contentionFactor,
1132
+ mongocrypt_status_t *status) {
1133
+ BSON_ASSERT_PARAM(kb);
1134
+ BSON_ASSERT_PARAM(payload);
1135
+ BSON_ASSERT_PARAM(indexKeyId);
1136
+ BSON_ASSERT_PARAM(spec);
1138
1137
 
1139
- mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
1138
+ _mongocrypt_crypto_t *crypto = kb->crypt->crypto;
1139
+ mc_TextSearchTokenSets_t *tsts = &payload->textSearchTokenSets.tsts;
1140
1140
  _FLE2EncryptedPayloadCommon_t common = {{0}};
1141
- mc_FLE2InsertUpdatePayloadV2_t payload;
1142
- mc_FLE2InsertUpdatePayloadV2_init(&payload);
1143
1141
  bool res = false;
1144
- mc_edges_t *edges = NULL;
1145
1142
 
1146
- // Parse the value ("v"), min ("min"), and max ("max") from
1147
- // FLE2EncryptionPlaceholder for range insert.
1148
- mc_FLE2RangeInsertSpec_t insertSpec;
1149
- if (!mc_FLE2RangeInsertSpec_parse(&insertSpec, &placeholder->v_iter, use_range_v2, status)) {
1143
+ mc_str_encode_sets_t *encodeSets = mc_text_search_str_encode(spec, status);
1144
+ if (!encodeSets) {
1150
1145
  goto fail;
1151
1146
  }
1152
1147
 
1153
- if (!_mongocrypt_fle2_placeholder_to_insert_update_common(kb,
1154
- &payload,
1155
- &common,
1156
- &marking->fle2,
1157
- &insertSpec.v,
1158
- status)) {
1148
+ // Start the token derivations
1149
+ if (!_get_tokenKey(kb, indexKeyId, &common.tokenKey, status)) {
1159
1150
  goto fail;
1160
1151
  }
1161
1152
 
1162
- // g:= array<EdgeTokenSetV2>
1153
+ common.collectionsLevel1Token = mc_CollectionsLevel1Token_new(crypto, &common.tokenKey, status);
1154
+ if (!common.collectionsLevel1Token) {
1155
+ CLIENT_ERR("unable to derive collectionLevel1Token");
1156
+ goto fail;
1157
+ }
1158
+
1159
+ common.serverTokenDerivationLevel1Token = mc_ServerTokenDerivationLevel1Token_new(crypto, &common.tokenKey, status);
1160
+ if (!common.serverTokenDerivationLevel1Token) {
1161
+ CLIENT_ERR("unable to derive serverTokenDerivationLevel1Token");
1162
+ goto fail;
1163
+ }
1164
+
1165
+ // Generate exact token set singleton
1163
1166
  {
1164
- BSON_ASSERT(placeholder->sparsity >= 0 && (uint64_t)placeholder->sparsity <= (uint64_t)SIZE_MAX);
1165
- edges = get_edges(&insertSpec, (size_t)placeholder->sparsity, status, kb->crypt->opts.use_range_v2);
1166
- if (!edges) {
1167
+ _mongocrypt_buffer_t asBsonValue;
1168
+ _mongocrypt_buffer_init(&asBsonValue);
1169
+ BSON_ASSERT(encodeSets->exact.len < INT_MAX);
1170
+ _mongocrypt_buffer_copy_from_string_as_bson_value(&asBsonValue,
1171
+ (const char *)encodeSets->exact.data,
1172
+ (int)encodeSets->exact.len);
1173
+ if (!_fle2_generate_TextExactTokenSet(kb,
1174
+ &tsts->exact,
1175
+ &asBsonValue,
1176
+ contentionFactor,
1177
+ common.collectionsLevel1Token,
1178
+ common.serverTokenDerivationLevel1Token,
1179
+ status)) {
1180
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1167
1181
  goto fail;
1168
1182
  }
1183
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1184
+ }
1169
1185
 
1170
- for (size_t i = 0; i < mc_edges_len(edges); ++i) {
1171
- // Create an EdgeTokenSet from each edge.
1172
- bool loop_ok = false;
1173
- const char *edge = mc_edges_get(edges, i);
1174
- bool is_leaf = mc_edges_is_leaf(edges, edge);
1175
- _mongocrypt_buffer_t edge_buf = {0};
1176
- _FLE2EncryptedPayloadCommon_t edge_tokens = {{0}};
1177
- _mongocrypt_buffer_t encryptedTokens = {0};
1178
- mc_EdgeTokenSetV2_t etc = {{0}};
1186
+ const char *substring;
1187
+ uint32_t bytelen;
1188
+ uint32_t appendCount;
1189
+
1190
+ // Generate array of substring token sets
1191
+ if (encodeSets->substring_set) {
1192
+ mc_substring_set_iter_t set_itr;
1193
+ mc_substring_set_iter_init(&set_itr, encodeSets->substring_set);
1194
+
1195
+ while (mc_substring_set_iter_next(&set_itr, &substring, &bytelen, &appendCount)) {
1196
+ BSON_ASSERT(appendCount > 0);
1197
+ BSON_ASSERT(bytelen < INT_MAX);
1198
+
1199
+ mc_TextSubstringTokenSet_t tset = {{0}};
1200
+
1201
+ _mongocrypt_buffer_t asBsonValue;
1202
+ _mongocrypt_buffer_init(&asBsonValue);
1203
+ _mongocrypt_buffer_copy_from_string_as_bson_value(&asBsonValue, substring, (int)bytelen);
1179
1204
 
1180
- if (!_mongocrypt_buffer_from_string(&edge_buf, edge)) {
1181
- CLIENT_ERR("failed to copy edge to buffer");
1182
- goto fail_loop;
1205
+ if (!_fle2_generate_TextSubstringTokenSet(kb,
1206
+ &tset,
1207
+ &asBsonValue,
1208
+ contentionFactor,
1209
+ common.collectionsLevel1Token,
1210
+ common.serverTokenDerivationLevel1Token,
1211
+ status)) {
1212
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1213
+ mc_TextSubstringTokenSet_cleanup(&tset);
1214
+ goto fail;
1183
1215
  }
1216
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1184
1217
 
1185
- if (!_mongocrypt_fle2_placeholder_common(kb,
1186
- &edge_tokens,
1187
- &placeholder->index_key_id,
1188
- &edge_buf,
1189
- true, /* derive tokens using contentionFactor */
1190
- payload.contentionFactor,
1191
- status)) {
1192
- goto fail_loop;
1218
+ if (appendCount > 1) {
1219
+ mc_TextSubstringTokenSet_t tset_copy;
1220
+ mc_TextSubstringTokenSet_shallow_copy(&tset, &tset_copy);
1221
+ for (; appendCount > 1; appendCount--) {
1222
+ _mc_array_append_val(&tsts->substringArray, tset_copy);
1223
+ }
1193
1224
  }
1194
- BSON_ASSERT(edge_tokens.eccDerivedToken.data == NULL);
1225
+ _mc_array_append_val(&tsts->substringArray, tset); // array now owns tset
1226
+ }
1227
+ }
1195
1228
 
1196
- // d := EDCDerivedToken
1197
- _mongocrypt_buffer_steal(&etc.edcDerivedToken, &edge_tokens.edcDerivedToken);
1198
- // s := ESCDerivedToken
1199
- _mongocrypt_buffer_steal(&etc.escDerivedToken, &edge_tokens.escDerivedToken);
1229
+ // Generate array of suffix token sets
1230
+ if (encodeSets->suffix_set) {
1231
+ mc_affix_set_iter_t set_itr;
1232
+ mc_affix_set_iter_init(&set_itr, encodeSets->suffix_set);
1200
1233
 
1201
- // l := serverDerivedFromDataToken
1202
- _mongocrypt_buffer_steal(&etc.serverDerivedFromDataToken, &edge_tokens.serverDerivedFromDataToken);
1234
+ while (mc_affix_set_iter_next(&set_itr, &substring, &bytelen, &appendCount)) {
1235
+ BSON_ASSERT(appendCount > 0);
1236
+ BSON_ASSERT(bytelen < INT_MAX);
1203
1237
 
1204
- // p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor)
1205
- // Or in Range V2: p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor || isLeaf)
1206
- if (!_fle2_derive_encrypted_token(kb->crypt->crypto,
1207
- &etc.encryptedTokens,
1208
- kb->crypt->opts.use_range_v2,
1209
- edge_tokens.collectionsLevel1Token,
1210
- &etc.escDerivedToken,
1211
- NULL, // ecc unsed in FLE2v2
1212
- OPT_BOOL(is_leaf),
1213
- status)) {
1214
- goto fail_loop;
1215
- }
1238
+ mc_TextSuffixTokenSet_t tset = {{0}};
1239
+ mc_TextSuffixTokenSet_init(&tset);
1216
1240
 
1217
- _mc_array_append_val(&payload.edgeTokenSetArray, etc);
1241
+ _mongocrypt_buffer_t asBsonValue;
1242
+ _mongocrypt_buffer_init(&asBsonValue);
1243
+ _mongocrypt_buffer_copy_from_string_as_bson_value(&asBsonValue, substring, (int)bytelen);
1218
1244
 
1219
- loop_ok = true;
1220
- fail_loop:
1221
- _mongocrypt_buffer_cleanup(&encryptedTokens);
1222
- _FLE2EncryptedPayloadCommon_cleanup(&edge_tokens);
1223
- _mongocrypt_buffer_cleanup(&edge_buf);
1224
- if (!loop_ok) {
1245
+ if (!_fle2_generate_TextSuffixTokenSet(kb,
1246
+ &tset,
1247
+ &asBsonValue,
1248
+ contentionFactor,
1249
+ common.collectionsLevel1Token,
1250
+ common.serverTokenDerivationLevel1Token,
1251
+ status)) {
1252
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1253
+ mc_TextSuffixTokenSet_cleanup(&tset);
1225
1254
  goto fail;
1226
1255
  }
1256
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1257
+
1258
+ if (appendCount > 1) {
1259
+ mc_TextSuffixTokenSet_t tset_copy;
1260
+ mc_TextSuffixTokenSet_shallow_copy(&tset, &tset_copy);
1261
+ for (; appendCount > 1; appendCount--) {
1262
+ _mc_array_append_val(&tsts->suffixArray, tset_copy);
1263
+ }
1264
+ }
1265
+ _mc_array_append_val(&tsts->suffixArray, tset); // array now owns tset
1227
1266
  }
1228
1267
  }
1229
1268
 
1230
- // Include "range" payload fields introduced in SERVER-91889.
1231
- payload.sparsity = OPT_I64(placeholder->sparsity);
1232
- payload.precision = insertSpec.precision;
1233
- payload.trimFactor = OPT_I32(mc_edges_get_used_trimFactor(edges));
1234
- bson_value_copy(bson_iter_value(&insertSpec.min), &payload.indexMin);
1235
- bson_value_copy(bson_iter_value(&insertSpec.max), &payload.indexMax);
1269
+ // Generate array of prefix token sets
1270
+ if (encodeSets->prefix_set) {
1271
+ mc_affix_set_iter_t set_itr;
1272
+ mc_affix_set_iter_init(&set_itr, encodeSets->prefix_set);
1236
1273
 
1237
- {
1238
- bson_t out;
1239
- bson_init(&out);
1240
- mc_FLE2InsertUpdatePayloadV2_serializeForRange(&payload, &out, use_range_v2);
1241
- _mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
1242
- }
1243
- // Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
1244
- // not used for FLE2InsertUpdatePayloadV2.
1245
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayloadV2;
1274
+ while (mc_affix_set_iter_next(&set_itr, &substring, &bytelen, &appendCount)) {
1275
+ BSON_ASSERT(appendCount > 0);
1276
+ BSON_ASSERT(bytelen < INT_MAX);
1277
+
1278
+ mc_TextPrefixTokenSet_t tset = {{0}};
1279
+ mc_TextPrefixTokenSet_init(&tset);
1280
+
1281
+ _mongocrypt_buffer_t asBsonValue;
1282
+ _mongocrypt_buffer_init(&asBsonValue);
1283
+ _mongocrypt_buffer_copy_from_string_as_bson_value(&asBsonValue, substring, (int)bytelen);
1284
+
1285
+ if (!_fle2_generate_TextPrefixTokenSet(kb,
1286
+ &tset,
1287
+ &asBsonValue,
1288
+ contentionFactor,
1289
+ common.collectionsLevel1Token,
1290
+ common.serverTokenDerivationLevel1Token,
1291
+ status)) {
1292
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1293
+ mc_TextPrefixTokenSet_cleanup(&tset);
1294
+ goto fail;
1295
+ }
1296
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1246
1297
 
1298
+ if (appendCount > 1) {
1299
+ mc_TextPrefixTokenSet_t tset_copy;
1300
+ mc_TextPrefixTokenSet_shallow_copy(&tset, &tset_copy);
1301
+ for (; appendCount > 1; appendCount--) {
1302
+ _mc_array_append_val(&tsts->prefixArray, tset_copy); // array now owns tset_copy
1303
+ }
1304
+ }
1305
+ _mc_array_append_val(&tsts->prefixArray, tset); // moves ownership of tset
1306
+ }
1307
+ }
1308
+ payload->textSearchTokenSets.set = true;
1247
1309
  res = true;
1248
1310
  fail:
1249
- mc_edges_destroy(edges);
1250
- mc_FLE2InsertUpdatePayloadV2_cleanup(&payload);
1251
1311
  _FLE2EncryptedPayloadCommon_cleanup(&common);
1252
-
1312
+ mc_str_encode_sets_destroy(encodeSets);
1253
1313
  return res;
1254
1314
  }
1255
1315
 
1256
1316
  /**
1257
- * Payload subtype 5: FLE2FindEqualityPayload
1317
+ * Payload subtype 11: FLE2InsertUpdatePayloadV2 for text search inserts/updates
1258
1318
  *
1259
- * {d: EDC, s: ESC, c: ECC, e: serverToken, cm: maxContentionFactor}
1319
+ * {v: value, u: indexKeyId, t: valueType, k: contentionFactor, e: serverToken,
1320
+ * b: { e: {d: EDC_exact, s: ESC_exact, l: svrDFDToken_exact, p: encToken_exact},
1321
+ * s: [{d: EDC_substr, s: ESC_substr, l: svrDFDToken_substr, p: encToken_substr}, ...]
1322
+ * u: [{d: EDC_suffix, s: ESC_suffix, l: svrDFDToken_suffix, p: encToken_suffix}, ...]
1323
+ * p: [{d: EDC_prefix, s: ESC_prefix, l: svrDFDToken_prefix, p: encToken_prefix}, ...]
1324
+ * },
1325
+ * d: bogusToken, s: bogusToken, l: bogusToken, p: bogusCiphertext
1326
+ * }
1260
1327
  */
1261
- static bool _mongocrypt_fle2_placeholder_to_find_ciphertext_v1(_mongocrypt_key_broker_t *kb,
1262
- _mongocrypt_marking_t *marking,
1263
- _mongocrypt_ciphertext_t *ciphertext,
1264
- mongocrypt_status_t *status) {
1328
+ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForTextSearch(_mongocrypt_key_broker_t *kb,
1329
+ _mongocrypt_marking_t *marking,
1330
+ _mongocrypt_ciphertext_t *ciphertext,
1331
+ mongocrypt_status_t *status) {
1265
1332
  BSON_ASSERT_PARAM(kb);
1266
1333
  BSON_ASSERT_PARAM(marking);
1267
1334
  BSON_ASSERT_PARAM(ciphertext);
1335
+ BSON_ASSERT(kb->crypt);
1336
+ BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
1337
+
1338
+ mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
1339
+ BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT);
1340
+ BSON_ASSERT(placeholder->algorithm == MONGOCRYPT_FLE2_ALGORITHM_TEXT_SEARCH);
1268
1341
 
1269
1342
  _FLE2EncryptedPayloadCommon_t common = {{0}};
1343
+ mc_FLE2InsertUpdatePayloadV2_t payload;
1344
+ mc_FLE2InsertUpdatePayloadV2_init(&payload);
1345
+
1270
1346
  _mongocrypt_buffer_t value = {0};
1271
- mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
1272
- mc_FLE2FindEqualityPayload_t payload;
1273
1347
  bool res = false;
1274
1348
 
1275
- BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
1276
- BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
1277
- BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND);
1278
- _mongocrypt_buffer_init(&value);
1279
- mc_FLE2FindEqualityPayload_init(&payload);
1349
+ mc_FLE2TextSearchInsertSpec_t insertSpec;
1350
+ if (!mc_FLE2TextSearchInsertSpec_parse(&insertSpec, &placeholder->v_iter, status)) {
1351
+ goto fail;
1352
+ }
1280
1353
 
1281
- _mongocrypt_buffer_from_iter(&value, &placeholder->v_iter);
1354
+ // t
1355
+ payload.valueType = BSON_TYPE_UTF8;
1356
+
1357
+ // k
1358
+ payload.contentionFactor = 0;
1359
+ if (placeholder->maxContentionFactor > 0) {
1360
+ /* Choose a random contentionFactor in the inclusive range [0,
1361
+ * placeholder->maxContentionFactor] */
1362
+ if (!_mongocrypt_random_int64(kb->crypt->crypto,
1363
+ placeholder->maxContentionFactor + 1,
1364
+ &payload.contentionFactor,
1365
+ status)) {
1366
+ goto fail;
1367
+ }
1368
+ }
1282
1369
 
1370
+ // u
1371
+ _mongocrypt_buffer_copy_to(&placeholder->index_key_id, &payload.indexKeyId);
1372
+
1373
+ _mongocrypt_buffer_from_iter(&value, &insertSpec.v_iter);
1283
1374
  if (!_mongocrypt_fle2_placeholder_common(kb,
1284
1375
  &common,
1285
1376
  &placeholder->index_key_id,
1286
1377
  &value,
1287
- false, /* derive tokens without contentionFactor */
1288
- placeholder->maxContentionFactor, /* ignored */
1378
+ true, /* derive tokens using contentionFactor */
1379
+ payload.contentionFactor,
1289
1380
  status)) {
1290
1381
  goto fail;
1291
1382
  }
1292
1383
 
1293
- // d := EDCDerivedToken
1294
- _mongocrypt_buffer_steal(&payload.edcDerivedToken, &common.edcDerivedToken);
1295
- // s := ESCDerivedToken
1296
- _mongocrypt_buffer_steal(&payload.escDerivedToken, &common.escDerivedToken);
1297
- // c := ECCDerivedToken
1298
- _mongocrypt_buffer_steal(&payload.eccDerivedToken, &common.eccDerivedToken);
1384
+ // (d, s, l) are never used for text search, so just set these to bogus buffers of
1385
+ // correct length.
1386
+ BSON_ASSERT(_mongocrypt_buffer_steal_from_data_and_size(&payload.edcDerivedToken,
1387
+ bson_malloc0(MONGOCRYPT_HMAC_SHA256_LEN),
1388
+ MONGOCRYPT_HMAC_SHA256_LEN));
1389
+ _mongocrypt_buffer_copy_to(&payload.edcDerivedToken, &payload.escDerivedToken);
1390
+ _mongocrypt_buffer_copy_to(&payload.edcDerivedToken, &payload.serverDerivedFromDataToken);
1391
+
1392
+ // p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor)
1393
+ // Since p is never used for text search, this just sets p to a bogus ciphertext of
1394
+ // the correct length.
1395
+ if (!_fle2_derive_encrypted_token(kb->crypt->crypto,
1396
+ &payload.encryptedTokens,
1397
+ false,
1398
+ common.collectionsLevel1Token,
1399
+ &payload.escDerivedToken, // bogus
1400
+ NULL, // unused in FLE2v2
1401
+ (mc_optional_bool_t){0},
1402
+ status)) {
1403
+ goto fail;
1404
+ }
1299
1405
 
1406
+ // v := UserKeyId + EncryptCBCAEAD(UserKey, value)
1407
+ {
1408
+ _mongocrypt_buffer_t ciphertext = {0};
1409
+ if (!_fle2_placeholder_aes_aead_encrypt(kb,
1410
+ _mcFLE2v2AEADAlgorithm(),
1411
+ &ciphertext,
1412
+ &placeholder->user_key_id,
1413
+ &value,
1414
+ status)) {
1415
+ goto fail;
1416
+ }
1417
+ const _mongocrypt_buffer_t v[2] = {placeholder->user_key_id, ciphertext};
1418
+ const bool ok = _mongocrypt_buffer_concat(&payload.value, v, 2);
1419
+ _mongocrypt_buffer_cleanup(&ciphertext);
1420
+ if (!ok) {
1421
+ goto fail;
1422
+ }
1423
+ }
1300
1424
  // e := ServerDataEncryptionLevel1Token
1301
1425
  _mongocrypt_buffer_copy_to(mc_ServerDataEncryptionLevel1Token_get(common.serverDataEncryptionLevel1Token),
1302
1426
  &payload.serverEncryptionToken);
1303
1427
 
1304
- payload.maxContentionFactor = placeholder->maxContentionFactor;
1428
+ // b
1429
+ if (!_fle2_generate_TextSearchTokenSets(kb,
1430
+ &payload,
1431
+ &placeholder->index_key_id,
1432
+ &insertSpec,
1433
+ payload.contentionFactor,
1434
+ status)) {
1435
+ goto fail;
1436
+ }
1305
1437
 
1306
1438
  {
1307
1439
  bson_t out;
1308
1440
  bson_init(&out);
1309
- mc_FLE2FindEqualityPayload_serialize(&payload, &out);
1441
+ mc_FLE2InsertUpdatePayloadV2_serializeForTextSearch(&payload, &out);
1310
1442
  _mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
1311
1443
  }
1312
1444
  // Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
1313
- // not used for FLE2FindEqualityPayload.
1314
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2FindEqualityPayload;
1445
+ // not used for FLE2InsertUpdatePayloadV2.
1446
+ ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayloadV2;
1315
1447
 
1316
1448
  res = true;
1317
1449
  fail:
1318
- mc_FLE2FindEqualityPayload_cleanup(&payload);
1450
+ mc_FLE2InsertUpdatePayloadV2_cleanup(&payload);
1319
1451
  _mongocrypt_buffer_cleanup(&value);
1320
1452
  _FLE2EncryptedPayloadCommon_cleanup(&common);
1321
-
1322
1453
  return res;
1323
1454
  }
1324
1455
 
1325
1456
  /**
1326
1457
  * Payload subtype 12: FLE2FindEqualityPayloadV2
1327
- * Delegates to ..._find_ciphertext_v1 when crypt->opts.use_fle2_v2 == false.
1328
1458
  *
1329
1459
  * {d: EDC, s: ESC, l: serverDerivedFromDataToken, cm: maxContentionFactor}
1330
1460
  */
@@ -1336,10 +1466,6 @@ static bool _mongocrypt_fle2_placeholder_to_find_ciphertext(_mongocrypt_key_brok
1336
1466
  BSON_ASSERT_PARAM(marking);
1337
1467
  BSON_ASSERT_PARAM(ciphertext);
1338
1468
 
1339
- if (kb->crypt->opts.use_fle2_v2 == false) {
1340
- return _mongocrypt_fle2_placeholder_to_find_ciphertext_v1(kb, marking, ciphertext, status);
1341
- }
1342
-
1343
1469
  _FLE2EncryptedPayloadCommon_t common = {{0}};
1344
1470
  _mongocrypt_buffer_t value = {0};
1345
1471
  mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
@@ -1568,145 +1694,8 @@ mc_mincover_t *mc_get_mincover_from_FLE2RangeFindSpec(mc_FLE2RangeFindSpec_t *fi
1568
1694
  }
1569
1695
  }
1570
1696
 
1571
- /**
1572
- * Payload subtype 10: FLE2FindRangePayload
1573
- *
1574
- * {e: serverToken, cm: maxContentionFactor,
1575
- * g: [{d: EDC, s: ESC, c: ECC}, ...]}
1576
- */
1577
- static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(_mongocrypt_key_broker_t *kb,
1578
- _mongocrypt_marking_t *marking,
1579
- _mongocrypt_ciphertext_t *ciphertext,
1580
- mongocrypt_status_t *status) {
1581
- BSON_ASSERT_PARAM(kb);
1582
- BSON_ASSERT_PARAM(marking);
1583
- BSON_ASSERT_PARAM(ciphertext);
1584
- BSON_ASSERT(kb->crypt);
1585
-
1586
- const bool use_range_v2 = kb->crypt->opts.use_range_v2;
1587
- _mongocrypt_crypto_t *crypto = kb->crypt->crypto;
1588
- mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
1589
- mc_FLE2FindRangePayload_t payload;
1590
- bool res = false;
1591
- mc_mincover_t *mincover = NULL;
1592
- _mongocrypt_buffer_t tokenKey = {0};
1593
-
1594
- BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
1595
- BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
1596
- BSON_ASSERT(placeholder);
1597
- BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND);
1598
- BSON_ASSERT(placeholder->algorithm == MONGOCRYPT_FLE2_ALGORITHM_RANGE);
1599
- mc_FLE2FindRangePayload_init(&payload);
1600
-
1601
- // Parse the query bounds and index bounds from FLE2EncryptionPlaceholder for
1602
- // range find.
1603
- mc_FLE2RangeFindSpec_t findSpec;
1604
- if (!mc_FLE2RangeFindSpec_parse(&findSpec, &placeholder->v_iter, use_range_v2, status)) {
1605
- goto fail;
1606
- }
1607
-
1608
- if (findSpec.edgesInfo.set) {
1609
- // cm := Queryable Encryption max contentionFactor
1610
- payload.payload.value.maxContentionFactor = placeholder->maxContentionFactor;
1611
-
1612
- // e := ServerDataEncryptionLevel1Token
1613
- {
1614
- if (!_get_tokenKey(kb, &placeholder->index_key_id, &tokenKey, status)) {
1615
- goto fail;
1616
- }
1617
-
1618
- mc_ServerDataEncryptionLevel1Token_t *serverToken =
1619
- mc_ServerDataEncryptionLevel1Token_new(crypto, &tokenKey, status);
1620
- if (!serverToken) {
1621
- goto fail;
1622
- }
1623
- _mongocrypt_buffer_copy_to(mc_ServerDataEncryptionLevel1Token_get(serverToken),
1624
- &payload.payload.value.serverEncryptionToken);
1625
- mc_ServerDataEncryptionLevel1Token_destroy(serverToken);
1626
- }
1627
-
1628
- // g:= array<EdgeFindTokenSet>
1629
- {
1630
- BSON_ASSERT(placeholder->sparsity >= 0 && (uint64_t)placeholder->sparsity <= (uint64_t)SIZE_MAX);
1631
- mincover =
1632
- mc_get_mincover_from_FLE2RangeFindSpec(&findSpec, (size_t)placeholder->sparsity, status, use_range_v2);
1633
- if (!mincover) {
1634
- goto fail;
1635
- }
1636
-
1637
- for (size_t i = 0; i < mc_mincover_len(mincover); i++) {
1638
- // Create a EdgeFindTokenSet from each edge.
1639
- bool loop_ok = false;
1640
- const char *edge = mc_mincover_get(mincover, i);
1641
- _mongocrypt_buffer_t edge_buf = {0};
1642
- _FLE2EncryptedPayloadCommon_t edge_tokens = {{0}};
1643
- mc_EdgeFindTokenSet_t eftc = {{0}};
1644
-
1645
- if (!_mongocrypt_buffer_from_string(&edge_buf, edge)) {
1646
- CLIENT_ERR("failed to copy edge to buffer");
1647
- goto fail_loop;
1648
- }
1649
-
1650
- if (!_mongocrypt_fle2_placeholder_common(kb,
1651
- &edge_tokens,
1652
- &placeholder->index_key_id,
1653
- &edge_buf,
1654
- false, /* derive tokens using contentionFactor */
1655
- placeholder->maxContentionFactor, /* ignored */
1656
- status)) {
1657
- goto fail_loop;
1658
- }
1659
-
1660
- // d := EDCDerivedToken
1661
- _mongocrypt_buffer_steal(&eftc.edcDerivedToken, &edge_tokens.edcDerivedToken);
1662
- // s := ESCDerivedToken
1663
- _mongocrypt_buffer_steal(&eftc.escDerivedToken, &edge_tokens.escDerivedToken);
1664
- // c := ECCDerivedToken
1665
- _mongocrypt_buffer_steal(&eftc.eccDerivedToken, &edge_tokens.eccDerivedToken);
1666
-
1667
- _mc_array_append_val(&payload.payload.value.edgeFindTokenSetArray, eftc);
1668
-
1669
- loop_ok = true;
1670
- fail_loop:
1671
- _FLE2EncryptedPayloadCommon_cleanup(&edge_tokens);
1672
- _mongocrypt_buffer_cleanup(&edge_buf);
1673
- if (!loop_ok) {
1674
- goto fail;
1675
- }
1676
- }
1677
- }
1678
- payload.payload.set = true;
1679
- }
1680
-
1681
- payload.payloadId = findSpec.payloadId;
1682
- payload.firstOperator = findSpec.firstOperator;
1683
- payload.secondOperator = findSpec.secondOperator;
1684
-
1685
- // Serialize.
1686
- {
1687
- bson_t out = BSON_INITIALIZER;
1688
- mc_FLE2FindRangePayload_serialize(&payload, &out);
1689
- _mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
1690
- }
1691
- _mongocrypt_buffer_steal(&ciphertext->key_id, &placeholder->index_key_id);
1692
-
1693
- // Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
1694
- // not used for FLE2FindRangePayload.
1695
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2FindRangePayload;
1696
-
1697
- res = true;
1698
- fail:
1699
- mc_mincover_destroy(mincover);
1700
- mc_FLE2FindRangePayload_cleanup(&payload);
1701
- _mongocrypt_buffer_cleanup(&tokenKey);
1702
-
1703
- return res;
1704
- }
1705
-
1706
1697
  /**
1707
1698
  * Payload subtype 13: FLE2FindRangePayloadV2
1708
- * Delegates to ..._find_ciphertextForRange_v1
1709
- * when crypt->opts.use_fle2_v2 is false
1710
1699
  *
1711
1700
  * {cm: maxContentionFactor,
1712
1701
  * g: [{d: EDC, s: ESC, l: serverDerivedFromDataToken}, ...]}
@@ -1719,10 +1708,6 @@ static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange(_mongocrypt_
1719
1708
  BSON_ASSERT_PARAM(marking);
1720
1709
  BSON_ASSERT_PARAM(ciphertext);
1721
1710
 
1722
- if (kb->crypt->opts.use_fle2_v2 == false) {
1723
- return _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(kb, marking, ciphertext, status);
1724
- }
1725
-
1726
1711
  const bool use_range_v2 = kb->crypt->opts.use_range_v2;
1727
1712
  mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
1728
1713
  mc_FLE2FindRangePayloadV2_t payload;
@@ -1835,6 +1820,15 @@ fail:
1835
1820
  return res;
1836
1821
  }
1837
1822
 
1823
+ static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForTextSearch(_mongocrypt_key_broker_t *kb,
1824
+ _mongocrypt_marking_t *marking,
1825
+ _mongocrypt_ciphertext_t *ciphertext,
1826
+ mongocrypt_status_t *status) {
1827
+ // TODO MONGOCRYPT-761 implement find support for text search fields
1828
+ CLIENT_ERR("Text search find is not yet supported");
1829
+ return false;
1830
+ }
1831
+
1838
1832
  static bool _mongocrypt_fle2_placeholder_to_FLE2UnindexedEncryptedValue(_mongocrypt_key_broker_t *kb,
1839
1833
  _mongocrypt_marking_t *marking,
1840
1834
  _mongocrypt_ciphertext_t *ciphertext,
@@ -1859,25 +1853,14 @@ static bool _mongocrypt_fle2_placeholder_to_FLE2UnindexedEncryptedValue(_mongocr
1859
1853
  }
1860
1854
 
1861
1855
  BSON_ASSERT(kb->crypt);
1862
- if (kb->crypt->opts.use_fle2_v2) {
1863
- res = mc_FLE2UnindexedEncryptedValueV2_encrypt(kb->crypt->crypto,
1864
- &placeholder->user_key_id,
1865
- bson_iter_type(&placeholder->v_iter),
1866
- &plaintext,
1867
- &user_key,
1868
- &ciphertext->data,
1869
- status);
1870
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2UnindexedEncryptedValueV2;
1871
- } else {
1872
- res = mc_FLE2UnindexedEncryptedValue_encrypt(kb->crypt->crypto,
1873
- &placeholder->user_key_id,
1874
- bson_iter_type(&placeholder->v_iter),
1875
- &plaintext,
1876
- &user_key,
1877
- &ciphertext->data,
1878
- status);
1879
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2UnindexedEncryptedValue;
1880
- }
1856
+ res = mc_FLE2UnindexedEncryptedValueV2_encrypt(kb->crypt->crypto,
1857
+ &placeholder->user_key_id,
1858
+ bson_iter_type(&placeholder->v_iter),
1859
+ &plaintext,
1860
+ &user_key,
1861
+ &ciphertext->data,
1862
+ status);
1863
+ ciphertext->blob_subtype = MC_SUBTYPE_FLE2UnindexedEncryptedValueV2;
1881
1864
 
1882
1865
  if (!res) {
1883
1866
  goto fail;
@@ -2058,6 +2041,17 @@ bool _mongocrypt_marking_to_ciphertext(void *ctx,
2058
2041
  return _mongocrypt_fle2_placeholder_to_find_ciphertext(kb, marking, ciphertext, status);
2059
2042
  default: CLIENT_ERR("unexpected fle2 type: %d", (int)marking->fle2.type); return false;
2060
2043
  }
2044
+ case MONGOCRYPT_FLE2_ALGORITHM_TEXT_SEARCH:
2045
+ switch (marking->fle2.type) {
2046
+ case MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT:
2047
+ return _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForTextSearch(kb,
2048
+ marking,
2049
+ ciphertext,
2050
+ status);
2051
+ case MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND:
2052
+ return _mongocrypt_fle2_placeholder_to_find_ciphertextForTextSearch(kb, marking, ciphertext, status);
2053
+ default: CLIENT_ERR("unexpected fle2 type: %d", (int)marking->fle2.type); return false;
2054
+ }
2061
2055
  default: CLIENT_ERR("unexpected algorithm: %d", (int)marking->algorithm); return false;
2062
2056
  }
2063
2057
  case MONGOCRYPT_MARKING_FLE1_BY_ID: