libmongocrypt-helper 1.12.0.0.1001 → 1.13.2.0.1001

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (491) hide show
  1. checksums.yaml +4 -4
  2. data/ext/libmongocrypt/libmongocrypt/CHANGELOG.md +19 -0
  3. data/ext/libmongocrypt/libmongocrypt/CMakeLists.txt +10 -0
  4. data/ext/libmongocrypt/libmongocrypt/CODEOWNERS +1 -4
  5. data/ext/libmongocrypt/libmongocrypt/CONTRIBUTING.md +14 -0
  6. data/ext/libmongocrypt/libmongocrypt/Earthfile +49 -50
  7. data/ext/libmongocrypt/libmongocrypt/README.md +8 -17
  8. data/ext/libmongocrypt/libmongocrypt/bindings/python/CHANGELOG.rst +6 -0
  9. data/ext/libmongocrypt/libmongocrypt/bindings/python/README.rst +1 -1
  10. data/ext/libmongocrypt/libmongocrypt/bindings/python/libmongocrypt-version.txt +1 -1
  11. data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binding.py +39 -1
  12. data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/mongocrypt.py +32 -0
  13. data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/version.py +1 -1
  14. data/ext/libmongocrypt/libmongocrypt/bindings/python/release.sh +1 -1
  15. data/ext/libmongocrypt/libmongocrypt/bindings/python/sbom.json +8 -8
  16. data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/compact/success/encrypted-field-config-map.json +0 -1
  17. data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/encrypted-field-config-map.json +0 -2
  18. data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_mongocrypt.py +11 -11
  19. data/ext/libmongocrypt/libmongocrypt/cmake/FetchMongoC.cmake +4 -2
  20. data/ext/libmongocrypt/libmongocrypt/cmake/ImportBSON.cmake +3 -5
  21. data/ext/libmongocrypt/libmongocrypt/doc/releasing.md +14 -27
  22. data/ext/libmongocrypt/libmongocrypt/etc/cyclonedx.sbom.json +9 -9
  23. data/ext/libmongocrypt/libmongocrypt/etc/format.sh +0 -2
  24. data/ext/libmongocrypt/libmongocrypt/etc/libbson-remove-GCC-diagnostic-in-functions.patch +158 -0
  25. data/ext/libmongocrypt/libmongocrypt/etc/libbson-remove-GCC-diagnostic-pragma.patch +3 -3
  26. data/ext/libmongocrypt/libmongocrypt/etc/purls.txt +1 -1
  27. data/ext/libmongocrypt/libmongocrypt/integrating.md +42 -11
  28. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_crypto_windows.c +2 -2
  29. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message.c +1 -1
  30. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message_private.h +2 -2
  31. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request.c +3 -3
  32. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kmip_reader_writer.c +5 -5
  33. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_assert.h +25 -8
  34. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_azure_online.c +2 -2
  35. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_gcp_online.c +3 -3
  36. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_request.c +12 -10
  37. data/ext/libmongocrypt/libmongocrypt/src/mc-efc-private.h +5 -0
  38. data/ext/libmongocrypt/libmongocrypt/src/mc-efc.c +35 -1
  39. data/ext/libmongocrypt/libmongocrypt/src/mc-fle-blob-subtype-private.h +4 -1
  40. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder-private.h +79 -0
  41. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder.c +226 -2
  42. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-v2.c +0 -1
  43. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload.c +0 -1
  44. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private-v2.h +34 -0
  45. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-v2.c +165 -1
  46. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload.c +0 -1
  47. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-private-v2.h +105 -7
  48. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-v2.c +381 -70
  49. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-tag-and-encrypted-metadata-block-private.h +7 -2
  50. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-tag-and-encrypted-metadata-block.c +17 -0
  51. data/ext/libmongocrypt/libmongocrypt/src/mc-schema-broker-private.h +126 -0
  52. data/ext/libmongocrypt/libmongocrypt/src/mc-schema-broker.c +1075 -0
  53. data/ext/libmongocrypt/libmongocrypt/src/mc-str-encode-string-sets-private.h +95 -0
  54. data/ext/libmongocrypt/libmongocrypt/src/mc-str-encode-string-sets.c +304 -0
  55. data/ext/libmongocrypt/libmongocrypt/src/mc-text-search-str-encode-private.h +45 -0
  56. data/ext/libmongocrypt/libmongocrypt/src/mc-text-search-str-encode.c +248 -0
  57. data/ext/libmongocrypt/libmongocrypt/src/mc-tokens-private.h +112 -2
  58. data/ext/libmongocrypt/libmongocrypt/src/mc-tokens.c +166 -2
  59. data/ext/libmongocrypt/libmongocrypt/src/mlib/windows-lean.h +2 -0
  60. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer-private.h +11 -0
  61. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer.c +36 -3
  62. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-decrypt.c +8 -4
  63. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-encrypt.c +430 -857
  64. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-private.h +5 -19
  65. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx.c +1 -1
  66. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking.c +516 -523
  67. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts-private.h +0 -4
  68. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-private.h +7 -12
  69. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-traverse-util.c +1 -1
  70. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-util.c +3 -1
  71. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.c +6 -9
  72. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.h +17 -0
  73. data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_dll.c +3 -1
  74. data/ext/libmongocrypt/libmongocrypt/src/unicode/case-fold-map.c +1434 -0
  75. data/ext/libmongocrypt/libmongocrypt/src/unicode/diacritic-fold-map.c +2884 -0
  76. data/ext/libmongocrypt/libmongocrypt/src/unicode/fold.c +139 -0
  77. data/ext/libmongocrypt/libmongocrypt/src/unicode/fold.h +58 -0
  78. data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/payload.json +2 -2
  79. data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/missing-key-id/collinfo.json +1 -0
  80. data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/no-fields/collinfo.json +1 -0
  81. data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/collinfo.json +1 -0
  82. data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/collinfo.json +1 -1
  83. data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/encrypted-payload-range-v2.json +20 -21
  84. data/ext/libmongocrypt/libmongocrypt/test/data/compact/missing-key-id/collinfo.json +2 -2
  85. data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-fields/collinfo.json +1 -1
  86. data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/collinfo.json +1 -1
  87. data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/collinfo.json +1 -1
  88. data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-field-config-map.json +0 -1
  89. data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload-range-v2.json +20 -21
  90. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/cmd-to-mongocryptd.json +1 -2
  91. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/collinfo.json +2 -2
  92. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/encrypted-payload.json +2 -3
  93. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/mongocryptd-reply.json +1 -2
  94. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/cmd-to-mongocryptd.json +1 -2
  95. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/collinfo.json +2 -2
  96. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/encrypted-payload.json +2 -3
  97. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/mongocryptd-reply.json +1 -2
  98. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/cmd-to-mongocryptd.json +1 -2
  99. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/collinfo.json +2 -2
  100. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/mongocryptd-reply.json +1 -2
  101. data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_fle1/collinfo.json +2 -1
  102. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-extraField.json +0 -1
  103. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-missingKeyId.json +0 -1
  104. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField-badVersionSet.json +23 -0
  105. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField-goodVersionSet.json +23 -0
  106. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField.json +0 -1
  107. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields-badVersionSet.json +48 -0
  108. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields-goodVersionSet.json +48 -0
  109. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields.json +47 -0
  110. data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-twoFields.json +0 -1
  111. data/ext/libmongocrypt/libmongocrypt/test/data/encrypted-field-config-map.json +1 -3
  112. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1DeterministicEncryptedValue.json +8 -0
  113. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1EncryptionPlaceholder.json +8 -0
  114. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1RandomEncryptedValue.json +8 -0
  115. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2EncryptionPlaceholder.json +8 -0
  116. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2EqualityIndexedValueV2.json +8 -0
  117. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2FindEqualityPayloadV2.json +8 -0
  118. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedEqualityEncryptedValue.json +8 -0
  119. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedEqualityEncryptedValueV2.json +8 -0
  120. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedRangeEncryptedValue.json +8 -0
  121. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedRangeEncryptedValueV2.json +8 -0
  122. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayload-with-edges-V2.json +8 -0
  123. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayload-with-edges.json +8 -0
  124. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-explicit/insert-indexed.json → explicit-decrypt/FLE2InsertUpdatePayload.json} +1 -1
  125. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayloadV2.json +8 -0
  126. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2RangeIndexedValueV2.json +8 -0
  127. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2UnindexedEncryptedValue.json +8 -0
  128. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2UnindexedEncryptedValueV2.json +8 -0
  129. data/ext/libmongocrypt/libmongocrypt/test/data/find-with-encryptionInformation.json +0 -1
  130. data/ext/libmongocrypt/libmongocrypt/test/data/fle1-explain/with-csfle/collinfo.json +2 -1
  131. data/ext/libmongocrypt/libmongocrypt/test/data/fle1-explain/with-mongocryptd/collinfo.json +2 -1
  132. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-collinfo.json +26 -0
  133. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd-mongocryptd-reply.json +51 -0
  134. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd-to-mongocryptd.json +45 -0
  135. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd.json +18 -0
  136. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/int32/encrypted-field-map.json → fle2-bad-str-encode-version/bad-encrypted-field-config-map.json} +7 -12
  137. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-bad-str-encode-version}/encrypted-payload.json +4 -4
  138. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/cmd-to-mongocryptd.json +1 -2
  139. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/encrypted-field-config-map.json +1 -2
  140. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/cmd-to-mongocryptd.json +44 -0
  141. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/cmd.json +17 -0
  142. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-equality/encrypted-field-map.json → fle2-create-encrypted-collection/encrypted-field-config-map.json} +9 -8
  143. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/encrypted-payload.json +17 -0
  144. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/mongocryptd-reply.json +50 -0
  145. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/cmd-to-mongocryptd.json +45 -0
  146. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/mongocryptd-reply.json +51 -0
  147. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json +46 -0
  148. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd.json +18 -0
  149. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json +25 -0
  150. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-payload.json +18 -0
  151. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json +52 -0
  152. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/collinfo.json +1 -1
  153. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-field-config-map.json +0 -1
  154. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-payload-v2.json +57 -59
  155. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/mongocryptd-reply.json +63 -64
  156. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/collinfo.json +1 -1
  157. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-field-config-map.json +0 -1
  158. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-payload-v2.json +64 -66
  159. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/mongocryptd-reply.json +69 -70
  160. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/collinfo.json +1 -1
  161. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/encrypted-payload.json +1 -2
  162. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/cmd-to-mongocryptd.json +1 -2
  163. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/collinfo.json +2 -2
  164. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/encrypted-payload.json +2 -3
  165. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/mongocryptd-reply.json +1 -2
  166. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/cmd-to-mongocryptd.json +0 -1
  167. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/cmd-to-mongod.json +0 -1
  168. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/reply-from-mongocryptd.json +0 -1
  169. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/encrypted-field-map.json +0 -1
  170. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/cmd.json +9 -0
  171. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/date → fle2-insert-text-search}/encrypted-field-map.json +10 -9
  172. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/encrypted-payload.json +47 -0
  173. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/mongocryptd-reply.json +55 -0
  174. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/double → fle2-insert-text-search-with-str-encode-version}/encrypted-field-map.json +12 -10
  175. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search-with-str-encode-version/encrypted-payload.json +47 -0
  176. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search-with-str-encode-version/mongocryptd-reply.json +55 -0
  177. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-v2-with-str-encode-version/cmd.json +9 -0
  178. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-v2-with-str-encode-version}/encrypted-field-map.json +2 -2
  179. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-v2-with-str-encode-version/encrypted-payload.json +40 -0
  180. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-v2-with-str-encode-version}/mongocryptd-reply.json +2 -2
  181. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/cmd-to-mongocryptd.json +55 -0
  182. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/cmd.json +22 -0
  183. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/encrypted-field-config-map.json +29 -0
  184. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/encrypted-payload.json +23 -0
  185. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/mongocryptd-reply.json +61 -0
  186. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json +56 -0
  187. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd.json +23 -0
  188. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json +30 -0
  189. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-payload.json +23 -0
  190. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json +62 -0
  191. data/ext/libmongocrypt/libmongocrypt/test/data/iev-v2/FLECrudTest-insertOneText.json +20 -0
  192. data/ext/libmongocrypt/libmongocrypt/test/data/iev-v2/FLECrudTest-insertOneTextLarge.json +930 -0
  193. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/cmd-to-mongocryptd.json +60 -0
  194. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/cmd.json +14 -0
  195. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/collInfo-c1.json +39 -0
  196. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/collInfo-c2.json +39 -0
  197. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-facet/cmd.json +20 -0
  198. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-mismatch/cmd.json +14 -0
  199. data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/src/test/resources/collection-info.json → test/data/lookup/csfle-mismatch/collInfo-c1.json} +13 -11
  200. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-mismatch/collInfo-c3.json +39 -0
  201. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-nested/cmd.json +24 -0
  202. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/cmd-to-mongocryptd.json +60 -0
  203. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/cmd.json +14 -0
  204. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/schemaMap.json +40 -0
  205. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/cmd-to-mongocryptd.json +60 -0
  206. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/cmd.json +14 -0
  207. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/collInfo-c1.json +39 -0
  208. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/schemaMap.json +21 -0
  209. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/cmd-to-mongocryptd.json +34 -0
  210. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/cmd.json +14 -0
  211. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/collInfo-c1.json +39 -0
  212. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/cmd-to-mongocryptd.json +49 -0
  213. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/cmd.json +14 -0
  214. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/collInfo-c1.json +39 -0
  215. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/collInfo-c2.json +29 -0
  216. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/reply-from-mongocryptd.json +18 -0
  217. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-unionWith/cmd.json +21 -0
  218. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/cmd.json +14 -0
  219. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/collInfo-c1.json +39 -0
  220. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/collInfo-v1.json +11 -0
  221. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd-to-mongocryptd.json +65 -0
  222. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd-to-mongod.json +26 -0
  223. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd.json +19 -0
  224. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/collInfo-c1.json +39 -0
  225. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/collInfo-c2.json +39 -0
  226. data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/src/test/resources/keys/ABCDEFAB123498761234123456789012-local-document.json → test/data/lookup/mixed/csfle/csfle/key-doc.json} +4 -4
  227. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/reply-from-mongocryptd.json +33 -0
  228. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd-to-mongocryptd.json +47 -0
  229. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd-to-mongod.json +26 -0
  230. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd.json +19 -0
  231. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/collInfo-c1.json +39 -0
  232. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/collInfo-c2.json +17 -0
  233. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/key-doc.json +30 -0
  234. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/reply-from-mongocryptd.json +33 -0
  235. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/cmd-to-mongocryptd.json +70 -0
  236. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/cmd.json +19 -0
  237. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/collInfo-c1.json +39 -0
  238. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/collInfo-c2.json +42 -0
  239. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd-to-mongocryptd.json +47 -0
  240. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd-to-mongod.json +26 -0
  241. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd.json +19 -0
  242. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/collInfo-c1.json +17 -0
  243. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/collInfo-c2.json +39 -0
  244. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/key-doc.json +30 -0
  245. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/reply-from-mongocryptd.json +33 -0
  246. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd-to-mongocryptd.json +29 -0
  247. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd-to-mongod.json +19 -0
  248. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd.json +19 -0
  249. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/collInfo-c1.json +17 -0
  250. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/collInfo-c2.json +17 -0
  251. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/reply-from-mongocryptd.json +26 -0
  252. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd-to-mongocryptd.json +53 -0
  253. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd-to-mongod.json +58 -0
  254. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd.json +19 -0
  255. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/collInfo-c1.json +17 -0
  256. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/collInfo-c2.json +42 -0
  257. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/key-doc.json +30 -0
  258. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/reply-from-mongocryptd.json +65 -0
  259. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/cmd-to-mongocryptd.json +70 -0
  260. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/cmd.json +19 -0
  261. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/collInfo-c1.json +42 -0
  262. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/collInfo-c2.json +39 -0
  263. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd-to-mongocryptd.json +53 -0
  264. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd-to-mongod.json +56 -0
  265. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd.json +19 -0
  266. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/collInfo-c1.json +42 -0
  267. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/collInfo-c2.json +17 -0
  268. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/key-doc.json +30 -0
  269. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/reply-from-mongocryptd.json +63 -0
  270. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd-to-mongocryptd.json +66 -0
  271. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd-to-mongod.json +71 -0
  272. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd.json +19 -0
  273. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/collInfo-c1.json +42 -0
  274. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/collInfo-c2.json +42 -0
  275. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/key-doc.json +30 -0
  276. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/reply-from-mongocryptd.json +78 -0
  277. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd-to-mongocryptd.json +61 -0
  278. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd-to-mongod.json +14 -0
  279. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd.json +14 -0
  280. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/collInfo-c1.json +42 -0
  281. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/collInfo-c2.json +42 -0
  282. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/reply-from-mongocryptd.json +68 -0
  283. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd-to-mongocryptd.json +66 -0
  284. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd-to-mongod.json +71 -0
  285. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd.json +19 -0
  286. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/collInfo-c1.json +42 -0
  287. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert-unindexed/encrypted-field-map.json → lookup/qe-encryptedFieldsMap/encryptedFieldsMap.json} +6 -7
  288. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/key-doc.json +30 -0
  289. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/reply-from-mongocryptd.json +78 -0
  290. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd-to-mongocryptd.json +46 -0
  291. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd-to-mongod.json +53 -0
  292. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd.json +19 -0
  293. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/collInfo-c1.json +42 -0
  294. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/key-doc.json +30 -0
  295. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/reply-from-mongocryptd.json +58 -0
  296. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd-to-mongocryptd.json +66 -0
  297. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd-to-mongod.json +75 -0
  298. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd.json +19 -0
  299. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/collInfo-c1.json +42 -0
  300. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/collInfo-c2.json +42 -0
  301. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/key-doc.json +30 -0
  302. data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/reply-from-mongocryptd.json +78 -0
  303. data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-create/mongocryptd-ismaster.json → mongocryptd-ismaster-17.json} +1 -1
  304. data/ext/libmongocrypt/libmongocrypt/test/data/mongocryptd-ismaster-26.json +12 -0
  305. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-encryptedFields.json +42 -0
  306. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-encryptedFields2.json +42 -0
  307. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-jsonSchema.json +43 -0
  308. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-noSchema.json +21 -0
  309. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/create-with-jsonSchema.json +24 -0
  310. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFields.json +20 -0
  311. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFields2.json +20 -0
  312. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFieldsMap.json +42 -0
  313. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/jsonSchema.json +19 -0
  314. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/jsonSchema2.json +19 -0
  315. data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/schemaMap.json +40 -0
  316. data/ext/libmongocrypt/libmongocrypt/test/data/tokens/mc.json +28 -2
  317. data/ext/libmongocrypt/libmongocrypt/test/data/tokens/server.json +28 -2
  318. data/ext/libmongocrypt/libmongocrypt/test/test-mc-efc.c +70 -0
  319. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-encryption-placeholder.c +468 -0
  320. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-equality-payload-v2.c +20 -1
  321. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iev-v2.c +286 -24
  322. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iev.c +1 -1
  323. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup-v2.c +23 -1
  324. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup.c +24 -1
  325. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-uev.c +2 -2
  326. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-rfds.c +2 -2
  327. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-tag-and-encrypted-metadata-block.c +36 -1
  328. data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-edge-generation.c +6 -7
  329. data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-encoding.c +32 -33
  330. data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-mincover.c +58 -66
  331. data/ext/libmongocrypt/libmongocrypt/test/test-mc-rangeopts.c +2 -2
  332. data/ext/libmongocrypt/libmongocrypt/test/test-mc-schema-broker.c +1124 -0
  333. data/ext/libmongocrypt/libmongocrypt/test/test-mc-text-search-str-encode.c +1207 -0
  334. data/ext/libmongocrypt/libmongocrypt/test/test-mc-tokens.c +144 -37
  335. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.c +13 -14
  336. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert.h +21 -4
  337. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-buffer.c +25 -0
  338. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cache.c +3 -2
  339. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-hooks.c +1 -1
  340. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto.c +37 -7
  341. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-csfle-lib.c +21 -0
  342. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-decrypt.c +226 -146
  343. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-encrypt.c +1330 -1200
  344. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kek.c +1 -1
  345. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-key-cache.c +6 -6
  346. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kms-responses.c +2 -2
  347. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-marking.c +744 -106
  348. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.c +119 -33
  349. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.h +27 -4
  350. data/ext/libmongocrypt/libmongocrypt/test/test-unicode-fold.c +97 -0
  351. data/lib/libmongocrypt_helper/version.rb +2 -2
  352. metadata +207 -157
  353. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/README.md +0 -36
  354. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/build.gradle.kts +0 -28
  355. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/java/com/mongodb/crypt/benchmark/BenchmarkRunner.java +0 -217
  356. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/resources/keyDocument.json +0 -24
  357. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/build.gradle.kts +0 -354
  358. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.jar +0 -0
  359. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.properties +0 -5
  360. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew +0 -234
  361. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew.bat +0 -89
  362. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/settings.gradle.kts +0 -1
  363. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/BinaryHolder.java +0 -45
  364. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPI.java +0 -1165
  365. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPIHelper.java +0 -96
  366. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CipherCallback.java +0 -92
  367. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/DisposableMemory.java +0 -31
  368. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/JULLogger.java +0 -130
  369. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/Logger.java +0 -144
  370. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/Loggers.java +0 -50
  371. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MacCallback.java +0 -60
  372. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MessageDigestCallback.java +0 -55
  373. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoAwsKmsProviderOptions.java +0 -104
  374. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCrypt.java +0 -100
  375. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptContext.java +0 -137
  376. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptContextImpl.java +0 -164
  377. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptException.java +0 -67
  378. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptImpl.java +0 -423
  379. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptOptions.java +0 -284
  380. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCrypts.java +0 -38
  381. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoDataKeyOptions.java +0 -125
  382. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoExplicitEncryptOptions.java +0 -227
  383. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoKeyDecryptor.java +0 -76
  384. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoKeyDecryptorImpl.java +0 -105
  385. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoLocalKmsProviderOptions.java +0 -83
  386. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoRewrapManyDataKeyOptions.java +0 -104
  387. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SLF4JLogger.java +0 -110
  388. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SecureRandomCallback.java +0 -51
  389. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SigningRSAESPKCSCallback.java +0 -76
  390. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/package-info.java +0 -18
  391. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/jni-config.json +0 -180
  392. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/reflect-config.json +0 -134
  393. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/java/com/mongodb/crypt/capi/MongoCryptTest.java +0 -389
  394. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/command-reply.json +0 -13
  395. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/command.json +0 -6
  396. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-command-reply.json +0 -16
  397. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-command.json +0 -11
  398. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-value.json +0 -6
  399. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/encrypted-payload.json +0 -26
  400. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/key-filter.json +0 -19
  401. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/rangeopts.json +0 -14
  402. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/value-to-encrypt.json +0 -20
  403. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/json-schema.json +0 -15
  404. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/key-document.json +0 -36
  405. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/key-filter-keyAltName.json +0 -14
  406. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/key-filter.json +0 -19
  407. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/kms-reply.txt +0 -6
  408. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/list-collections-filter.json +0 -3
  409. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/mongocryptd-command.json +0 -22
  410. data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/mongocryptd-reply.json +0 -18
  411. data/ext/libmongocrypt/libmongocrypt/etc/silk-create-asset-group.sh +0 -70
  412. data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/jsonSchema/cmd.json +0 -20
  413. data/ext/libmongocrypt/libmongocrypt/test/data/collection-info-no-schema.json +0 -19
  414. data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/encrypted-field-config-map.json +0 -47
  415. data/ext/libmongocrypt/libmongocrypt/test/data/fle1-collMod/insert/cmd.json +0 -8
  416. data/ext/libmongocrypt/libmongocrypt/test/data/fle1-collMod/insert/collinfo.json +0 -9
  417. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/ismaster-to-mongocryptd.json +0 -3
  418. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-payload.json +0 -91
  419. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-payload.json +0 -98
  420. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/find-indexed-contentionFactor1.json +0 -8
  421. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/insert-indexed-contentionFactor1.json +0 -8
  422. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/insert-indexed-same-user-and-index-key.json +0 -8
  423. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/cmd.json +0 -6
  424. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/encrypted-payload.json +0 -41
  425. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/mongocryptd-reply.json +0 -19
  426. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/cmd.json +0 -10
  427. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/encrypted-payload.json +0 -42
  428. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/mongocryptd-reply.json +0 -50
  429. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/cmd.json +0 -6
  430. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/encrypted-field-map.json +0 -28
  431. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/encrypted-payload.json +0 -42
  432. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/mongocryptd-reply.json +0 -50
  433. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/cmd.json +0 -6
  434. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/encrypted-field-map.json +0 -31
  435. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/encrypted-payload.json +0 -51
  436. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/mongocryptd-reply.json +0 -59
  437. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/cmd.json +0 -8
  438. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/encrypted-payload.json +0 -42
  439. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/mongocryptd-reply.json +0 -50
  440. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/cmd.json +0 -8
  441. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/encrypted-field-map.json +0 -31
  442. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/encrypted-payload.json +0 -45
  443. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/mongocryptd-reply.json +0 -53
  444. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/cmd.json +0 -8
  445. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/encrypted-payload.json +0 -42
  446. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/mongocryptd-reply.json +0 -50
  447. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/cmd.json +0 -8
  448. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/encrypted-field-map.json +0 -28
  449. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/encrypted-payload.json +0 -42
  450. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/mongocryptd-reply.json +0 -50
  451. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double/encrypted-payload.json +0 -26
  452. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double-precision/encrypted-payload.json +0 -26
  453. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32/encrypted-payload.json +0 -26
  454. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-nominmax/encrypted-payload-v2.json +0 -26
  455. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-openinterval/encrypted-payload.json +0 -16
  456. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/cmd.json +0 -13
  457. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/encrypted-field-map.json +0 -28
  458. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/encrypted-payload.json +0 -45
  459. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/mongocryptd-reply.json +0 -53
  460. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/cmd.json +0 -9
  461. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/encrypted-field-map.json +0 -28
  462. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/encrypted-payload.json +0 -45
  463. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/mongocryptd-reply.json +0 -53
  464. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/cmd.json +0 -9
  465. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/encrypted-field-map.json +0 -31
  466. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/encrypted-payload.json +0 -54
  467. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/mongocryptd-reply.json +0 -62
  468. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/cmd.json +0 -11
  469. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/encrypted-field-map.json +0 -28
  470. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/encrypted-payload.json +0 -45
  471. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/mongocryptd-reply.json +0 -53
  472. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/cmd.json +0 -11
  473. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/encrypted-field-map.json +0 -31
  474. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/encrypted-payload.json +0 -48
  475. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/mongocryptd-reply.json +0 -56
  476. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/encrypted-payload.json +0 -45
  477. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/mongocryptd-reply.json +0 -53
  478. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/cmd.json +0 -11
  479. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/encrypted-field-map.json +0 -28
  480. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/encrypted-payload.json +0 -45
  481. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/mongocryptd-reply.json +0 -53
  482. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double/encrypted-payload.json +0 -8
  483. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double-precision/encrypted-payload.json +0 -8
  484. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/int32-nominmax/encrypted-payload-v2.json +0 -8
  485. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/sparsity-2/encrypted-payload.json +0 -8
  486. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/cmd.json +0 -9
  487. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/encrypted-payload.json +0 -14
  488. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/mongocryptd-reply.json +0 -46
  489. data/ext/libmongocrypt/libmongocrypt/test/data/schema.json +0 -19
  490. /data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-explicit/find-indexed.json → explicit-decrypt/FLE2FindEqualityPayload.json} +0 -0
  491. /data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-text-search-with-str-encode-version}/cmd.json +0 -0
@@ -14,6 +14,7 @@
14
14
  * limitations under the License.
15
15
  */
16
16
 
17
+ #include "bson/bson.h"
17
18
  #include "mc-fle-blob-subtype-private.h"
18
19
  #include "mc-fle2-encryption-placeholder-private.h"
19
20
  #include "mc-fle2-find-equality-payload-private-v2.h"
@@ -28,6 +29,8 @@
28
29
  #include "mc-range-edge-generation-private.h"
29
30
  #include "mc-range-encoding-private.h"
30
31
  #include "mc-range-mincover-private.h"
32
+ #include "mc-str-encode-string-sets-private.h"
33
+ #include "mc-text-search-str-encode-private.h"
31
34
  #include "mc-tokens-private.h"
32
35
  #include "mongocrypt-buffer-private.h"
33
36
  #include "mongocrypt-ciphertext-private.h"
@@ -268,10 +271,121 @@ void _mongocrypt_marking_cleanup(_mongocrypt_marking_t *marking) {
268
271
 
269
272
  DERIVE_TOKEN_IMPL(EDC)
270
273
  DERIVE_TOKEN_IMPL(ESC)
271
- DERIVE_TOKEN_IMPL(ECC)
272
274
 
273
275
  #undef DERIVE_TOKEN_IMPL
274
276
 
277
+ /**
278
+ * Calculates:
279
+ * E?CToken = HMAC(collectionLevel1Token, n)
280
+ * E?CText<T>Token = HMAC(E?CToken, t)
281
+ * E?CText<T>DerivedFromDataTokenAndContentionFactorToken = HMAC(HMAC(E?CText<T>Token, v) cf)
282
+ *
283
+ * E?C = EDC|ESC
284
+ * n = 1 for EDC, 2 for ESC
285
+ * <T> = Exact|Substring|Suffix|Prefix
286
+ * t = 1 for Exact, 2 for Substring, 3 for Suffix, 4 for Prefix
287
+ * cf = contentionFactor
288
+ *
289
+ * E?CText<T>DerivedFromDataTokenAndContentionFactorToken is saved to out.
290
+ * Note that {out} is initialized even on failure.
291
+ */
292
+ #define DERIVE_TEXT_SEARCH_TOKEN_IMPL(Name, Type) \
293
+ static bool _fle2_derive_##Name##Text##Type##_token(_mongocrypt_crypto_t *crypto, \
294
+ _mongocrypt_buffer_t *out, \
295
+ const mc_CollectionsLevel1Token_t *level1Token, \
296
+ const _mongocrypt_buffer_t *value, \
297
+ int64_t contentionFactor, \
298
+ mongocrypt_status_t *status) { \
299
+ BSON_ASSERT_PARAM(crypto); \
300
+ BSON_ASSERT_PARAM(out); \
301
+ BSON_ASSERT_PARAM(level1Token); \
302
+ BSON_ASSERT_PARAM(value); \
303
+ BSON_ASSERT(contentionFactor >= 0); \
304
+ \
305
+ _mongocrypt_buffer_init(out); \
306
+ \
307
+ mc_##Name##Token_t *token = mc_##Name##Token_new(crypto, level1Token, status); \
308
+ if (!token) { \
309
+ return false; \
310
+ } \
311
+ mc_##Name##Text##Type##Token_t *textToken = mc_##Name##Text##Type##Token_new(crypto, token, status); \
312
+ mc_##Name##Token_destroy(token); \
313
+ if (!textToken) { \
314
+ return false; \
315
+ } \
316
+ mc_##Name##Text##Type##DerivedFromDataTokenAndContentionFactorToken_t *fromDataAndContentionFactor = \
317
+ mc_##Name##Text##Type##DerivedFromDataTokenAndContentionFactorToken_new(crypto, \
318
+ textToken, \
319
+ value, \
320
+ (uint64_t)contentionFactor, \
321
+ status); \
322
+ mc_##Name##Text##Type##Token_destroy(textToken); \
323
+ if (!fromDataAndContentionFactor) { \
324
+ return false; \
325
+ } \
326
+ _mongocrypt_buffer_copy_to( \
327
+ mc_##Name##Text##Type##DerivedFromDataTokenAndContentionFactorToken_get(fromDataAndContentionFactor), \
328
+ out); \
329
+ mc_##Name##Text##Type##DerivedFromDataTokenAndContentionFactorToken_destroy(fromDataAndContentionFactor); \
330
+ return true; \
331
+ }
332
+
333
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(EDC, Exact)
334
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(ESC, Exact)
335
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(EDC, Substring)
336
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(ESC, Substring)
337
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(EDC, Suffix)
338
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(ESC, Suffix)
339
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(EDC, Prefix)
340
+ DERIVE_TEXT_SEARCH_TOKEN_IMPL(ESC, Prefix)
341
+ #undef DERIVE_TEXT_SEARCH_TOKEN_IMPL
342
+
343
+ /**
344
+ * Calculates:
345
+ * ServerText<T>Token = HMAC(collectionLevel1Token, t)
346
+ * ServerText<T>DerivedFromDataToken = HMAC(ServerText<T>Token, v)
347
+ *
348
+ * <T> = Exact|Substring|Suffix|Prefix
349
+ * t = 1 for Exact, 2 for Substring, 3 for Suffix, 4 for Prefix
350
+ *
351
+ * ServerText<T>DerivedFromDataToken is saved to out.
352
+ * Note that {out} is initialized even on failure.
353
+ */
354
+ #define DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Type) \
355
+ static bool _fle2_derive_serverText##Type##DerivedFromDataToken( \
356
+ _mongocrypt_crypto_t *crypto, \
357
+ _mongocrypt_buffer_t *out, \
358
+ const mc_ServerTokenDerivationLevel1Token_t *level1Token, \
359
+ const _mongocrypt_buffer_t *value, \
360
+ mongocrypt_status_t *status) { \
361
+ BSON_ASSERT_PARAM(crypto); \
362
+ BSON_ASSERT_PARAM(out); \
363
+ BSON_ASSERT_PARAM(level1Token); \
364
+ BSON_ASSERT_PARAM(value); \
365
+ BSON_ASSERT_PARAM(status); \
366
+ \
367
+ _mongocrypt_buffer_init(out); \
368
+ mc_ServerText##Type##Token_t *token = mc_ServerText##Type##Token_new(crypto, level1Token, status); \
369
+ if (!token) { \
370
+ return false; \
371
+ } \
372
+ mc_ServerText##Type##DerivedFromDataToken_t *dataToken = \
373
+ mc_ServerText##Type##DerivedFromDataToken_new(crypto, token, value, status); \
374
+ mc_ServerText##Type##Token_destroy(token); \
375
+ if (!dataToken) { \
376
+ return false; \
377
+ } \
378
+ _mongocrypt_buffer_copy_to(mc_ServerText##Type##DerivedFromDataToken_get(dataToken), out); \
379
+ mc_ServerText##Type##DerivedFromDataToken_destroy(dataToken); \
380
+ return true; \
381
+ }
382
+
383
+ DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Exact)
384
+ DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Substring)
385
+ DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Suffix)
386
+ DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Prefix)
387
+ #undef DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL
388
+
275
389
  static bool _fle2_derive_serverDerivedFromDataToken(_mongocrypt_crypto_t *crypto,
276
390
  _mongocrypt_buffer_t *out,
277
391
  const mc_ServerTokenDerivationLevel1Token_t *level1Token,
@@ -514,7 +628,6 @@ static bool _mongocrypt_fle2_placeholder_common(_mongocrypt_key_broker_t *kb,
514
628
  BSON_ASSERT_PARAM(value);
515
629
 
516
630
  _mongocrypt_crypto_t *crypto = kb->crypt->crypto;
517
- _mongocrypt_buffer_t indexKey = {0};
518
631
  *ret = (_FLE2EncryptedPayloadCommon_t){{0}};
519
632
 
520
633
  if (!_get_tokenKey(kb, indexKeyId, &ret->tokenKey, status)) {
@@ -553,191 +666,25 @@ static bool _mongocrypt_fle2_placeholder_common(_mongocrypt_key_broker_t *kb,
553
666
  goto fail;
554
667
  }
555
668
 
556
- if (kb->crypt->opts.use_fle2_v2) {
557
- /* FLE2v2 */
558
- ret->serverTokenDerivationLevel1Token = mc_ServerTokenDerivationLevel1Token_new(crypto, &ret->tokenKey, status);
559
- if (!ret->serverTokenDerivationLevel1Token) {
560
- CLIENT_ERR("unable to derive serverTokenDerivationLevel1Token");
561
- goto fail;
562
- }
563
-
564
- if (!_fle2_derive_serverDerivedFromDataToken(crypto,
565
- &ret->serverDerivedFromDataToken,
566
- ret->serverTokenDerivationLevel1Token,
567
- value,
568
- status)) {
569
- goto fail;
570
- }
571
- } else {
572
- /* FLE2v1 */
573
- if (!_fle2_derive_ECC_token(crypto,
574
- &ret->eccDerivedToken,
575
- ret->collectionsLevel1Token,
576
- value,
577
- useContentionFactor,
578
- contentionFactor,
579
- status)) {
580
- goto fail;
581
- }
582
- }
583
-
584
- _mongocrypt_buffer_cleanup(&indexKey);
585
- return true;
586
-
587
- fail:
588
- _FLE2EncryptedPayloadCommon_cleanup(ret);
589
- _mongocrypt_buffer_cleanup(&indexKey);
590
- return false;
591
- }
592
-
593
- // Shared implementation for insert/update and insert/update ForRange (v1)
594
- static bool _mongocrypt_fle2_placeholder_to_insert_update_common_v1(_mongocrypt_key_broker_t *kb,
595
- mc_FLE2InsertUpdatePayload_t *out,
596
- int64_t *contentionFactor,
597
- _FLE2EncryptedPayloadCommon_t *common,
598
- const mc_FLE2EncryptionPlaceholder_t *placeholder,
599
- bson_iter_t *value_iter,
600
- mongocrypt_status_t *status) {
601
- BSON_ASSERT_PARAM(kb);
602
- BSON_ASSERT_PARAM(out);
603
- BSON_ASSERT_PARAM(common);
604
- BSON_ASSERT_PARAM(placeholder);
605
- BSON_ASSERT_PARAM(value_iter);
606
- BSON_ASSERT(kb->crypt);
607
- BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
608
- BSON_ASSERT(kb->crypt->opts.use_range_v2 == false);
609
- BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT);
610
-
611
- _mongocrypt_crypto_t *crypto = kb->crypt->crypto;
612
- _mongocrypt_buffer_t value = {0};
613
- bool res = false;
614
-
615
- *contentionFactor = 0;
616
- if (placeholder->maxContentionFactor > 0) {
617
- /* Choose a random contentionFactor in the inclusive range [0,
618
- * placeholder->maxContentionFactor] */
619
- if (!_mongocrypt_random_int64(crypto, placeholder->maxContentionFactor + 1, contentionFactor, status)) {
620
- goto fail;
621
- }
622
- }
623
-
624
- _mongocrypt_buffer_from_iter(&value, value_iter);
625
- if (!_mongocrypt_fle2_placeholder_common(kb,
626
- common,
627
- &placeholder->index_key_id,
628
- &value,
629
- true, /* derive tokens using contentionFactor */
630
- *contentionFactor,
631
- status)) {
669
+ ret->serverTokenDerivationLevel1Token = mc_ServerTokenDerivationLevel1Token_new(crypto, &ret->tokenKey, status);
670
+ if (!ret->serverTokenDerivationLevel1Token) {
671
+ CLIENT_ERR("unable to derive serverTokenDerivationLevel1Token");
632
672
  goto fail;
633
673
  }
634
674
 
635
- // d := EDCDerivedToken
636
- _mongocrypt_buffer_steal(&out->edcDerivedToken, &common->edcDerivedToken);
637
- // s := ESCDerivedToken
638
- _mongocrypt_buffer_steal(&out->escDerivedToken, &common->escDerivedToken);
639
- // c := ECCDerivedToken
640
- _mongocrypt_buffer_steal(&out->eccDerivedToken, &common->eccDerivedToken);
641
-
642
- // p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor ||
643
- // ECCDerivedFromDataTokenAndContentionFactor)
644
- if (!_fle2_derive_encrypted_token(crypto,
645
- &out->encryptedTokens,
646
- false, // Can't use range V2 with FLE V1
647
- common->collectionsLevel1Token,
648
- &out->escDerivedToken,
649
- &out->eccDerivedToken,
650
- (mc_optional_bool_t){0}, // Unset is_leaf as it's not used in V1
651
- status)) {
675
+ if (!_fle2_derive_serverDerivedFromDataToken(crypto,
676
+ &ret->serverDerivedFromDataToken,
677
+ ret->serverTokenDerivationLevel1Token,
678
+ value,
679
+ status)) {
652
680
  goto fail;
653
681
  }
654
682
 
655
- _mongocrypt_buffer_copy_to(&placeholder->index_key_id,
656
- &out->indexKeyId); // u
657
- out->valueType = bson_iter_type(value_iter); // t
658
-
659
- // v := UserKeyId + EncryptCTRAEAD(UserKey, value)
660
- {
661
- _mongocrypt_buffer_t ciphertext = {0};
662
- if (!_fle2_placeholder_aes_aead_encrypt(kb,
663
- _mcFLE2AEADAlgorithm(),
664
- &ciphertext,
665
- &placeholder->user_key_id,
666
- &value,
667
- status)) {
668
- goto fail;
669
- }
670
- const _mongocrypt_buffer_t v[2] = {placeholder->user_key_id, ciphertext};
671
- const bool ok = _mongocrypt_buffer_concat(&out->value, v, 2);
672
- _mongocrypt_buffer_cleanup(&ciphertext);
673
- if (!ok) {
674
- goto fail;
675
- }
676
- }
677
-
678
- // e := ServerDataEncryptionLevel1Token
679
- _mongocrypt_buffer_copy_to(mc_ServerDataEncryptionLevel1Token_get(common->serverDataEncryptionLevel1Token),
680
- &out->serverEncryptionToken);
681
-
682
- res = true;
683
- fail:
684
- _mongocrypt_buffer_cleanup(&value);
685
- return res;
686
- }
687
-
688
- /**
689
- * Payload subtype 4: FLE2InsertUpdatePayload
690
- *
691
- * {d: EDC, s: ESC, c: ECC,
692
- * p: encToken, u: indexKeyId, t: type,
693
- * v: value, e: serverToken}
694
- */
695
- static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertext_v1(_mongocrypt_key_broker_t *kb,
696
- _mongocrypt_marking_t *marking,
697
- _mongocrypt_ciphertext_t *ciphertext,
698
- mongocrypt_status_t *status) {
699
- BSON_ASSERT_PARAM(kb);
700
- BSON_ASSERT_PARAM(marking);
701
- BSON_ASSERT_PARAM(ciphertext);
702
- BSON_ASSERT_PARAM(status);
703
- BSON_ASSERT(kb->crypt);
704
- BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
705
- BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
706
- BSON_ASSERT(marking->fle2.algorithm == MONGOCRYPT_FLE2_ALGORITHM_EQUALITY);
707
-
708
- mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
709
- _FLE2EncryptedPayloadCommon_t common = {{0}};
710
- mc_FLE2InsertUpdatePayload_t payload;
711
- mc_FLE2InsertUpdatePayload_init(&payload);
712
- bool res = false;
713
-
714
- int64_t contentionFactor = 0; /* ignored */
715
- if (!_mongocrypt_fle2_placeholder_to_insert_update_common_v1(kb,
716
- &payload,
717
- &contentionFactor,
718
- &common,
719
- placeholder,
720
- &placeholder->v_iter,
721
- status)) {
722
- goto fail;
723
- }
724
-
725
- {
726
- bson_t out;
727
- bson_init(&out);
728
- mc_FLE2InsertUpdatePayload_serialize(&payload, &out);
729
- _mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
730
- }
731
- // Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
732
- // not used for FLE2InsertUpdatePayload.
733
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayload;
683
+ return true;
734
684
 
735
- res = true;
736
685
  fail:
737
- mc_FLE2InsertUpdatePayload_cleanup(&payload);
738
- _FLE2EncryptedPayloadCommon_cleanup(&common);
739
-
740
- return res;
686
+ _FLE2EncryptedPayloadCommon_cleanup(ret);
687
+ return false;
741
688
  }
742
689
 
743
690
  // Shared implementation for insert/update and insert/update ForRange (v2)
@@ -753,7 +700,6 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_common(_mongocrypt_key
753
700
  BSON_ASSERT_PARAM(placeholder);
754
701
  BSON_ASSERT_PARAM(value_iter);
755
702
  BSON_ASSERT(kb->crypt);
756
- BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == true);
757
703
  BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT);
758
704
 
759
705
  _mongocrypt_crypto_t *crypto = kb->crypt->crypto;
@@ -839,8 +785,6 @@ fail:
839
785
 
840
786
  /**
841
787
  * Payload subtype 11: FLE2InsertUpdatePayloadV2
842
- * Delegates to ..._insert_update_ciphertext_v1 for subtype 4
843
- * when crypt.opts.use_fle2_v2 == false
844
788
  *
845
789
  * {d: EDC, s: ESC, p: encToken,
846
790
  * u: indexKeyId, t: valueType, v: value,
@@ -857,10 +801,6 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertext(_mongocrypt
857
801
  BSON_ASSERT(kb->crypt);
858
802
  BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
859
803
 
860
- if (!kb->crypt->opts.use_fle2_v2) {
861
- return _mongocrypt_fle2_placeholder_to_insert_update_ciphertext_v1(kb, marking, ciphertext, status);
862
- }
863
-
864
804
  mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
865
805
  _FLE2EncryptedPayloadCommon_t common = {{0}};
866
806
  mc_FLE2InsertUpdatePayloadV2_t payload;
@@ -977,55 +917,51 @@ get_edges(mc_FLE2RangeInsertSpec_t *insertSpec, size_t sparsity, mongocrypt_stat
977
917
  }
978
918
 
979
919
  /**
980
- * Payload subtype 4: FLE2InsertUpdatePayload for range updates
920
+ * Payload subtype 11: FLE2InsertUpdatePayloadV2 for range updates
981
921
  *
982
- * {d: EDC, s: ESC, c: ECC,
983
- * p: encToken, u: indexKeyId, t: type,
984
- * v: value, e: serverToken,
985
- * g: [{d: EDC, s: ESC, c: ECC, p: encToken},
986
- * {d: EDC, s: ESC, c: ECC, p: encToken},
922
+ * {d: EDC, s: ESC, p: encToken,
923
+ * u: indexKeyId, t: valueType, v: value,
924
+ * e: serverToken, l: serverDerivedFromDataToken,
925
+ * k: contentionFactor,
926
+ * g: [{d: EDC, s: ESC, l: serverDerivedFromDataToken, p: encToken},
927
+ * {d: EDC, s: ESC, l: serverDerivedFromDataToken, p: encToken},
987
928
  * ...]}
988
929
  */
989
- static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(_mongocrypt_key_broker_t *kb,
990
- _mongocrypt_marking_t *marking,
991
- _mongocrypt_ciphertext_t *ciphertext,
992
- mongocrypt_status_t *status) {
930
+ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange(_mongocrypt_key_broker_t *kb,
931
+ _mongocrypt_marking_t *marking,
932
+ _mongocrypt_ciphertext_t *ciphertext,
933
+ mongocrypt_status_t *status) {
993
934
  BSON_ASSERT_PARAM(kb);
994
935
  BSON_ASSERT_PARAM(marking);
995
936
  BSON_ASSERT_PARAM(ciphertext);
996
- BSON_ASSERT_PARAM(status);
997
937
  BSON_ASSERT(kb->crypt);
998
- BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
999
- BSON_ASSERT(kb->crypt->opts.use_range_v2 == false);
1000
938
  BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
1001
- BSON_ASSERT(marking->fle2.algorithm == MONGOCRYPT_FLE2_ALGORITHM_RANGE);
939
+ const bool use_range_v2 = kb->crypt->opts.use_range_v2;
1002
940
 
1003
941
  mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
1004
942
  _FLE2EncryptedPayloadCommon_t common = {{0}};
1005
- mc_FLE2InsertUpdatePayload_t payload;
1006
- mc_FLE2InsertUpdatePayload_init(&payload);
943
+ mc_FLE2InsertUpdatePayloadV2_t payload;
944
+ mc_FLE2InsertUpdatePayloadV2_init(&payload);
1007
945
  bool res = false;
1008
946
  mc_edges_t *edges = NULL;
1009
947
 
1010
948
  // Parse the value ("v"), min ("min"), and max ("max") from
1011
949
  // FLE2EncryptionPlaceholder for range insert.
1012
950
  mc_FLE2RangeInsertSpec_t insertSpec;
1013
- if (!mc_FLE2RangeInsertSpec_parse(&insertSpec, &placeholder->v_iter, kb->crypt->opts.use_range_v2, status)) {
951
+ if (!mc_FLE2RangeInsertSpec_parse(&insertSpec, &placeholder->v_iter, use_range_v2, status)) {
1014
952
  goto fail;
1015
953
  }
1016
954
 
1017
- int64_t contentionFactor = 0;
1018
- if (!_mongocrypt_fle2_placeholder_to_insert_update_common_v1(kb,
1019
- &payload,
1020
- &contentionFactor,
1021
- &common,
1022
- &marking->fle2,
1023
- &insertSpec.v,
1024
- status)) {
955
+ if (!_mongocrypt_fle2_placeholder_to_insert_update_common(kb,
956
+ &payload,
957
+ &common,
958
+ &marking->fle2,
959
+ &insertSpec.v,
960
+ status)) {
1025
961
  goto fail;
1026
962
  }
1027
963
 
1028
- // g:= array<EdgeTokenSet>
964
+ // g:= array<EdgeTokenSetV2>
1029
965
  {
1030
966
  BSON_ASSERT(placeholder->sparsity >= 0 && (uint64_t)placeholder->sparsity <= (uint64_t)SIZE_MAX);
1031
967
  edges = get_edges(&insertSpec, (size_t)placeholder->sparsity, status, kb->crypt->opts.use_range_v2);
@@ -1037,10 +973,11 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(
1037
973
  // Create an EdgeTokenSet from each edge.
1038
974
  bool loop_ok = false;
1039
975
  const char *edge = mc_edges_get(edges, i);
976
+ bool is_leaf = mc_edges_is_leaf(edges, edge);
1040
977
  _mongocrypt_buffer_t edge_buf = {0};
1041
978
  _FLE2EncryptedPayloadCommon_t edge_tokens = {{0}};
1042
979
  _mongocrypt_buffer_t encryptedTokens = {0};
1043
- mc_EdgeTokenSet_t etc = {{0}};
980
+ mc_EdgeTokenSetV2_t etc = {{0}};
1044
981
 
1045
982
  if (!_mongocrypt_buffer_from_string(&edge_buf, edge)) {
1046
983
  CLIENT_ERR("failed to copy edge to buffer");
@@ -1052,27 +989,29 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(
1052
989
  &placeholder->index_key_id,
1053
990
  &edge_buf,
1054
991
  true, /* derive tokens using contentionFactor */
1055
- contentionFactor,
992
+ payload.contentionFactor,
1056
993
  status)) {
1057
994
  goto fail_loop;
1058
995
  }
996
+ BSON_ASSERT(edge_tokens.eccDerivedToken.data == NULL);
1059
997
 
1060
998
  // d := EDCDerivedToken
1061
999
  _mongocrypt_buffer_steal(&etc.edcDerivedToken, &edge_tokens.edcDerivedToken);
1062
1000
  // s := ESCDerivedToken
1063
1001
  _mongocrypt_buffer_steal(&etc.escDerivedToken, &edge_tokens.escDerivedToken);
1064
- // c := ECCDerivedToken
1065
- _mongocrypt_buffer_steal(&etc.eccDerivedToken, &edge_tokens.eccDerivedToken);
1066
1002
 
1067
- // p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor ||
1068
- // ECCDerivedFromDataTokenAndContentionFactor)
1003
+ // l := serverDerivedFromDataToken
1004
+ _mongocrypt_buffer_steal(&etc.serverDerivedFromDataToken, &edge_tokens.serverDerivedFromDataToken);
1005
+
1006
+ // p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor)
1007
+ // Or in Range V2: p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor || isLeaf)
1069
1008
  if (!_fle2_derive_encrypted_token(kb->crypt->crypto,
1070
1009
  &etc.encryptedTokens,
1071
- false, // Range V2 is incompatible with FLE V1
1010
+ kb->crypt->opts.use_range_v2,
1072
1011
  edge_tokens.collectionsLevel1Token,
1073
1012
  &etc.escDerivedToken,
1074
- &etc.eccDerivedToken,
1075
- (mc_optional_bool_t){0}, // Dummy value for isLeaf, unused in FLE V1
1013
+ NULL, // ecc unsed in FLE2v2
1014
+ OPT_BOOL(is_leaf),
1076
1015
  status)) {
1077
1016
  goto fail_loop;
1078
1017
  }
@@ -1090,242 +1029,432 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(
1090
1029
  }
1091
1030
  }
1092
1031
 
1032
+ // Include "range" payload fields introduced in SERVER-91889.
1033
+ payload.sparsity = OPT_I64(placeholder->sparsity);
1034
+ payload.precision = insertSpec.precision;
1035
+ payload.trimFactor = OPT_I32(mc_edges_get_used_trimFactor(edges));
1036
+ bson_value_copy(bson_iter_value(&insertSpec.min), &payload.indexMin);
1037
+ bson_value_copy(bson_iter_value(&insertSpec.max), &payload.indexMax);
1038
+
1093
1039
  {
1094
1040
  bson_t out;
1095
1041
  bson_init(&out);
1096
- mc_FLE2InsertUpdatePayload_serializeForRange(&payload, &out);
1042
+ mc_FLE2InsertUpdatePayloadV2_serializeForRange(&payload, &out, use_range_v2);
1097
1043
  _mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
1098
1044
  }
1099
1045
  // Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
1100
- // not used for FLE2InsertUpdatePayload.
1101
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayload;
1046
+ // not used for FLE2InsertUpdatePayloadV2.
1047
+ ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayloadV2;
1102
1048
 
1103
1049
  res = true;
1104
1050
  fail:
1105
1051
  mc_edges_destroy(edges);
1106
- mc_FLE2InsertUpdatePayload_cleanup(&payload);
1052
+ mc_FLE2InsertUpdatePayloadV2_cleanup(&payload);
1107
1053
  _FLE2EncryptedPayloadCommon_cleanup(&common);
1108
1054
 
1109
1055
  return res;
1110
1056
  }
1111
1057
 
1112
1058
  /**
1113
- * Payload subtype 11: FLE2InsertUpdatePayloadV2 for range updates
1114
- * Delegates to ..._insert_update_ciphertextForRange_v1 for subtype 4
1115
- * when crypt.opts.use_fle2_v2 == false
1059
+ * Sets up a mc_Text<T>TokenSet_t type by generating its member tokens:
1060
+ * - edcDerivedToken = HMAC(HMAC(HMAC(EDCToken, t), v), cf)
1061
+ * - escDerivedToken = HMAC(HMAC(HMAC(ESCToken, t), v), cf)
1062
+ * - serverDerivedFromDataToken = HMAC(HMAC(ServerLevel1Token, t), v)
1063
+ * and the encrypted token:
1064
+ * - encryptedTokens = EncryptCTR(ECOCToken, escDerivedToken)
1116
1065
  *
1117
- * {d: EDC, s: ESC, p: encToken,
1118
- * u: indexKeyId, t: valueType, v: value,
1119
- * e: serverToken, l: serverDerivedFromDataToken,
1120
- * k: contentionFactor,
1121
- * g: [{d: EDC, s: ESC, l: serverDerivedFromDataToken, p: encToken},
1122
- * {d: EDC, s: ESC, l: serverDerivedFromDataToken, p: encToken},
1123
- * ...]}
1066
+ * <T> = Exact|Substring|Suffix|Prefix
1067
+ * t = 1 for Exact, 2 for Substring, 3 for Suffix, 4 for Prefix
1068
+ * cf = contentionFactor
1069
+ * EDC/ESC/ECOCToken are derived from {collLevel1Token}
1124
1070
  */
1125
- static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange(_mongocrypt_key_broker_t *kb,
1126
- _mongocrypt_marking_t *marking,
1127
- _mongocrypt_ciphertext_t *ciphertext,
1128
- mongocrypt_status_t *status) {
1129
- BSON_ASSERT_PARAM(kb);
1130
- BSON_ASSERT_PARAM(marking);
1131
- BSON_ASSERT_PARAM(ciphertext);
1132
- BSON_ASSERT(kb->crypt);
1133
- BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
1134
- const bool use_range_v2 = kb->crypt->opts.use_range_v2;
1135
-
1136
- if (!kb->crypt->opts.use_fle2_v2) {
1137
- return _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(kb, marking, ciphertext, status);
1071
+ #define GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Type) \
1072
+ static bool _fle2_generate_Text##Type##TokenSet(_mongocrypt_key_broker_t *kb, \
1073
+ mc_Text##Type##TokenSet_t *out, \
1074
+ const _mongocrypt_buffer_t *value, \
1075
+ int64_t contentionFactor, \
1076
+ const mc_CollectionsLevel1Token_t *collLevel1Token, \
1077
+ const mc_ServerTokenDerivationLevel1Token_t *serverLevel1Token, \
1078
+ mongocrypt_status_t *status) { \
1079
+ BSON_ASSERT_PARAM(kb); \
1080
+ BSON_ASSERT_PARAM(kb->crypt); \
1081
+ BSON_ASSERT_PARAM(out); \
1082
+ BSON_ASSERT_PARAM(value); \
1083
+ BSON_ASSERT_PARAM(collLevel1Token); \
1084
+ BSON_ASSERT_PARAM(serverLevel1Token); \
1085
+ \
1086
+ if (!_fle2_derive_EDCText##Type##_token(kb->crypt->crypto, \
1087
+ &out->edcDerivedToken, \
1088
+ collLevel1Token, \
1089
+ value, \
1090
+ contentionFactor, \
1091
+ status)) { \
1092
+ return false; \
1093
+ } \
1094
+ if (!_fle2_derive_ESCText##Type##_token(kb->crypt->crypto, \
1095
+ &out->escDerivedToken, \
1096
+ collLevel1Token, \
1097
+ value, \
1098
+ contentionFactor, \
1099
+ status)) { \
1100
+ return false; \
1101
+ } \
1102
+ if (!_fle2_derive_serverText##Type##DerivedFromDataToken(kb->crypt->crypto, \
1103
+ &out->serverDerivedFromDataToken, \
1104
+ serverLevel1Token, \
1105
+ value, \
1106
+ status)) { \
1107
+ return false; \
1108
+ } \
1109
+ if (!_fle2_derive_encrypted_token(kb->crypt->crypto, \
1110
+ &out->encryptedTokens, \
1111
+ false, \
1112
+ collLevel1Token, \
1113
+ &out->escDerivedToken, \
1114
+ NULL, \
1115
+ (mc_optional_bool_t){0}, \
1116
+ status)) { \
1117
+ return false; \
1118
+ } \
1119
+ return true; \
1138
1120
  }
1121
+ GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Exact);
1122
+ GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Substring)
1123
+ GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Suffix)
1124
+ GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Prefix)
1125
+ #undef GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL
1126
+
1127
+ static bool _fle2_generate_TextSearchTokenSets(_mongocrypt_key_broker_t *kb,
1128
+ mc_FLE2InsertUpdatePayloadV2_t *payload,
1129
+ const _mongocrypt_buffer_t *indexKeyId,
1130
+ const mc_FLE2TextSearchInsertSpec_t *spec,
1131
+ int64_t contentionFactor,
1132
+ mongocrypt_status_t *status) {
1133
+ BSON_ASSERT_PARAM(kb);
1134
+ BSON_ASSERT_PARAM(payload);
1135
+ BSON_ASSERT_PARAM(indexKeyId);
1136
+ BSON_ASSERT_PARAM(spec);
1139
1137
 
1140
- mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
1138
+ _mongocrypt_crypto_t *crypto = kb->crypt->crypto;
1139
+ mc_TextSearchTokenSets_t *tsts = &payload->textSearchTokenSets.tsts;
1141
1140
  _FLE2EncryptedPayloadCommon_t common = {{0}};
1142
- mc_FLE2InsertUpdatePayloadV2_t payload;
1143
- mc_FLE2InsertUpdatePayloadV2_init(&payload);
1144
1141
  bool res = false;
1145
- mc_edges_t *edges = NULL;
1146
1142
 
1147
- // Parse the value ("v"), min ("min"), and max ("max") from
1148
- // FLE2EncryptionPlaceholder for range insert.
1149
- mc_FLE2RangeInsertSpec_t insertSpec;
1150
- if (!mc_FLE2RangeInsertSpec_parse(&insertSpec, &placeholder->v_iter, use_range_v2, status)) {
1143
+ mc_str_encode_sets_t *encodeSets = mc_text_search_str_encode(spec, status);
1144
+ if (!encodeSets) {
1151
1145
  goto fail;
1152
1146
  }
1153
1147
 
1154
- if (!_mongocrypt_fle2_placeholder_to_insert_update_common(kb,
1155
- &payload,
1156
- &common,
1157
- &marking->fle2,
1158
- &insertSpec.v,
1159
- status)) {
1148
+ // Start the token derivations
1149
+ if (!_get_tokenKey(kb, indexKeyId, &common.tokenKey, status)) {
1160
1150
  goto fail;
1161
1151
  }
1162
1152
 
1163
- // g:= array<EdgeTokenSetV2>
1153
+ common.collectionsLevel1Token = mc_CollectionsLevel1Token_new(crypto, &common.tokenKey, status);
1154
+ if (!common.collectionsLevel1Token) {
1155
+ CLIENT_ERR("unable to derive collectionLevel1Token");
1156
+ goto fail;
1157
+ }
1158
+
1159
+ common.serverTokenDerivationLevel1Token = mc_ServerTokenDerivationLevel1Token_new(crypto, &common.tokenKey, status);
1160
+ if (!common.serverTokenDerivationLevel1Token) {
1161
+ CLIENT_ERR("unable to derive serverTokenDerivationLevel1Token");
1162
+ goto fail;
1163
+ }
1164
+
1165
+ // Generate exact token set singleton
1164
1166
  {
1165
- BSON_ASSERT(placeholder->sparsity >= 0 && (uint64_t)placeholder->sparsity <= (uint64_t)SIZE_MAX);
1166
- edges = get_edges(&insertSpec, (size_t)placeholder->sparsity, status, kb->crypt->opts.use_range_v2);
1167
- if (!edges) {
1167
+ _mongocrypt_buffer_t asBsonValue;
1168
+ _mongocrypt_buffer_init(&asBsonValue);
1169
+ BSON_ASSERT(encodeSets->exact.len < INT_MAX);
1170
+ _mongocrypt_buffer_copy_from_string_as_bson_value(&asBsonValue,
1171
+ (const char *)encodeSets->exact.data,
1172
+ (int)encodeSets->exact.len);
1173
+ if (!_fle2_generate_TextExactTokenSet(kb,
1174
+ &tsts->exact,
1175
+ &asBsonValue,
1176
+ contentionFactor,
1177
+ common.collectionsLevel1Token,
1178
+ common.serverTokenDerivationLevel1Token,
1179
+ status)) {
1180
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1168
1181
  goto fail;
1169
1182
  }
1183
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1184
+ }
1170
1185
 
1171
- for (size_t i = 0; i < mc_edges_len(edges); ++i) {
1172
- // Create an EdgeTokenSet from each edge.
1173
- bool loop_ok = false;
1174
- const char *edge = mc_edges_get(edges, i);
1175
- bool is_leaf = mc_edges_is_leaf(edges, edge);
1176
- _mongocrypt_buffer_t edge_buf = {0};
1177
- _FLE2EncryptedPayloadCommon_t edge_tokens = {{0}};
1178
- _mongocrypt_buffer_t encryptedTokens = {0};
1179
- mc_EdgeTokenSetV2_t etc = {{0}};
1186
+ const char *substring;
1187
+ uint32_t bytelen;
1188
+ uint32_t appendCount;
1189
+
1190
+ // Generate array of substring token sets
1191
+ if (encodeSets->substring_set) {
1192
+ mc_substring_set_iter_t set_itr;
1193
+ mc_substring_set_iter_init(&set_itr, encodeSets->substring_set);
1194
+
1195
+ while (mc_substring_set_iter_next(&set_itr, &substring, &bytelen, &appendCount)) {
1196
+ BSON_ASSERT(appendCount > 0);
1197
+ BSON_ASSERT(bytelen < INT_MAX);
1198
+
1199
+ mc_TextSubstringTokenSet_t tset = {{0}};
1200
+
1201
+ _mongocrypt_buffer_t asBsonValue;
1202
+ _mongocrypt_buffer_init(&asBsonValue);
1203
+ _mongocrypt_buffer_copy_from_string_as_bson_value(&asBsonValue, substring, (int)bytelen);
1180
1204
 
1181
- if (!_mongocrypt_buffer_from_string(&edge_buf, edge)) {
1182
- CLIENT_ERR("failed to copy edge to buffer");
1183
- goto fail_loop;
1205
+ if (!_fle2_generate_TextSubstringTokenSet(kb,
1206
+ &tset,
1207
+ &asBsonValue,
1208
+ contentionFactor,
1209
+ common.collectionsLevel1Token,
1210
+ common.serverTokenDerivationLevel1Token,
1211
+ status)) {
1212
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1213
+ mc_TextSubstringTokenSet_cleanup(&tset);
1214
+ goto fail;
1184
1215
  }
1216
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1185
1217
 
1186
- if (!_mongocrypt_fle2_placeholder_common(kb,
1187
- &edge_tokens,
1188
- &placeholder->index_key_id,
1189
- &edge_buf,
1190
- true, /* derive tokens using contentionFactor */
1191
- payload.contentionFactor,
1192
- status)) {
1193
- goto fail_loop;
1218
+ if (appendCount > 1) {
1219
+ mc_TextSubstringTokenSet_t tset_copy;
1220
+ mc_TextSubstringTokenSet_shallow_copy(&tset, &tset_copy);
1221
+ for (; appendCount > 1; appendCount--) {
1222
+ _mc_array_append_val(&tsts->substringArray, tset_copy);
1223
+ }
1194
1224
  }
1195
- BSON_ASSERT(edge_tokens.eccDerivedToken.data == NULL);
1225
+ _mc_array_append_val(&tsts->substringArray, tset); // array now owns tset
1226
+ }
1227
+ }
1196
1228
 
1197
- // d := EDCDerivedToken
1198
- _mongocrypt_buffer_steal(&etc.edcDerivedToken, &edge_tokens.edcDerivedToken);
1199
- // s := ESCDerivedToken
1200
- _mongocrypt_buffer_steal(&etc.escDerivedToken, &edge_tokens.escDerivedToken);
1229
+ // Generate array of suffix token sets
1230
+ if (encodeSets->suffix_set) {
1231
+ mc_affix_set_iter_t set_itr;
1232
+ mc_affix_set_iter_init(&set_itr, encodeSets->suffix_set);
1201
1233
 
1202
- // l := serverDerivedFromDataToken
1203
- _mongocrypt_buffer_steal(&etc.serverDerivedFromDataToken, &edge_tokens.serverDerivedFromDataToken);
1234
+ while (mc_affix_set_iter_next(&set_itr, &substring, &bytelen, &appendCount)) {
1235
+ BSON_ASSERT(appendCount > 0);
1236
+ BSON_ASSERT(bytelen < INT_MAX);
1204
1237
 
1205
- // p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor)
1206
- // Or in Range V2: p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor || isLeaf)
1207
- if (!_fle2_derive_encrypted_token(kb->crypt->crypto,
1208
- &etc.encryptedTokens,
1209
- kb->crypt->opts.use_range_v2,
1210
- edge_tokens.collectionsLevel1Token,
1211
- &etc.escDerivedToken,
1212
- NULL, // ecc unsed in FLE2v2
1213
- OPT_BOOL(is_leaf),
1214
- status)) {
1215
- goto fail_loop;
1216
- }
1238
+ mc_TextSuffixTokenSet_t tset = {{0}};
1239
+ mc_TextSuffixTokenSet_init(&tset);
1217
1240
 
1218
- _mc_array_append_val(&payload.edgeTokenSetArray, etc);
1241
+ _mongocrypt_buffer_t asBsonValue;
1242
+ _mongocrypt_buffer_init(&asBsonValue);
1243
+ _mongocrypt_buffer_copy_from_string_as_bson_value(&asBsonValue, substring, (int)bytelen);
1219
1244
 
1220
- loop_ok = true;
1221
- fail_loop:
1222
- _mongocrypt_buffer_cleanup(&encryptedTokens);
1223
- _FLE2EncryptedPayloadCommon_cleanup(&edge_tokens);
1224
- _mongocrypt_buffer_cleanup(&edge_buf);
1225
- if (!loop_ok) {
1245
+ if (!_fle2_generate_TextSuffixTokenSet(kb,
1246
+ &tset,
1247
+ &asBsonValue,
1248
+ contentionFactor,
1249
+ common.collectionsLevel1Token,
1250
+ common.serverTokenDerivationLevel1Token,
1251
+ status)) {
1252
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1253
+ mc_TextSuffixTokenSet_cleanup(&tset);
1226
1254
  goto fail;
1227
1255
  }
1256
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1257
+
1258
+ if (appendCount > 1) {
1259
+ mc_TextSuffixTokenSet_t tset_copy;
1260
+ mc_TextSuffixTokenSet_shallow_copy(&tset, &tset_copy);
1261
+ for (; appendCount > 1; appendCount--) {
1262
+ _mc_array_append_val(&tsts->suffixArray, tset_copy);
1263
+ }
1264
+ }
1265
+ _mc_array_append_val(&tsts->suffixArray, tset); // array now owns tset
1228
1266
  }
1229
1267
  }
1230
1268
 
1231
- // Include "range" payload fields introduced in SERVER-91889.
1232
- payload.sparsity = OPT_I64(placeholder->sparsity);
1233
- payload.precision = insertSpec.precision;
1234
- payload.trimFactor = OPT_I32(mc_edges_get_used_trimFactor(edges));
1235
- bson_value_copy(bson_iter_value(&insertSpec.min), &payload.indexMin);
1236
- bson_value_copy(bson_iter_value(&insertSpec.max), &payload.indexMax);
1269
+ // Generate array of prefix token sets
1270
+ if (encodeSets->prefix_set) {
1271
+ mc_affix_set_iter_t set_itr;
1272
+ mc_affix_set_iter_init(&set_itr, encodeSets->prefix_set);
1237
1273
 
1238
- {
1239
- bson_t out;
1240
- bson_init(&out);
1241
- mc_FLE2InsertUpdatePayloadV2_serializeForRange(&payload, &out, use_range_v2);
1242
- _mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
1243
- }
1244
- // Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
1245
- // not used for FLE2InsertUpdatePayloadV2.
1246
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayloadV2;
1274
+ while (mc_affix_set_iter_next(&set_itr, &substring, &bytelen, &appendCount)) {
1275
+ BSON_ASSERT(appendCount > 0);
1276
+ BSON_ASSERT(bytelen < INT_MAX);
1277
+
1278
+ mc_TextPrefixTokenSet_t tset = {{0}};
1279
+ mc_TextPrefixTokenSet_init(&tset);
1280
+
1281
+ _mongocrypt_buffer_t asBsonValue;
1282
+ _mongocrypt_buffer_init(&asBsonValue);
1283
+ _mongocrypt_buffer_copy_from_string_as_bson_value(&asBsonValue, substring, (int)bytelen);
1284
+
1285
+ if (!_fle2_generate_TextPrefixTokenSet(kb,
1286
+ &tset,
1287
+ &asBsonValue,
1288
+ contentionFactor,
1289
+ common.collectionsLevel1Token,
1290
+ common.serverTokenDerivationLevel1Token,
1291
+ status)) {
1292
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1293
+ mc_TextPrefixTokenSet_cleanup(&tset);
1294
+ goto fail;
1295
+ }
1296
+ _mongocrypt_buffer_cleanup(&asBsonValue);
1247
1297
 
1298
+ if (appendCount > 1) {
1299
+ mc_TextPrefixTokenSet_t tset_copy;
1300
+ mc_TextPrefixTokenSet_shallow_copy(&tset, &tset_copy);
1301
+ for (; appendCount > 1; appendCount--) {
1302
+ _mc_array_append_val(&tsts->prefixArray, tset_copy); // array now owns tset_copy
1303
+ }
1304
+ }
1305
+ _mc_array_append_val(&tsts->prefixArray, tset); // moves ownership of tset
1306
+ }
1307
+ }
1308
+ payload->textSearchTokenSets.set = true;
1248
1309
  res = true;
1249
1310
  fail:
1250
- mc_edges_destroy(edges);
1251
- mc_FLE2InsertUpdatePayloadV2_cleanup(&payload);
1252
1311
  _FLE2EncryptedPayloadCommon_cleanup(&common);
1253
-
1312
+ mc_str_encode_sets_destroy(encodeSets);
1254
1313
  return res;
1255
1314
  }
1256
1315
 
1257
1316
  /**
1258
- * Payload subtype 5: FLE2FindEqualityPayload
1317
+ * Payload subtype 11: FLE2InsertUpdatePayloadV2 for text search inserts/updates
1259
1318
  *
1260
- * {d: EDC, s: ESC, c: ECC, e: serverToken, cm: maxContentionFactor}
1319
+ * {v: value, u: indexKeyId, t: valueType, k: contentionFactor, e: serverToken,
1320
+ * b: { e: {d: EDC_exact, s: ESC_exact, l: svrDFDToken_exact, p: encToken_exact},
1321
+ * s: [{d: EDC_substr, s: ESC_substr, l: svrDFDToken_substr, p: encToken_substr}, ...]
1322
+ * u: [{d: EDC_suffix, s: ESC_suffix, l: svrDFDToken_suffix, p: encToken_suffix}, ...]
1323
+ * p: [{d: EDC_prefix, s: ESC_prefix, l: svrDFDToken_prefix, p: encToken_prefix}, ...]
1324
+ * },
1325
+ * d: bogusToken, s: bogusToken, l: bogusToken, p: bogusCiphertext
1326
+ * }
1261
1327
  */
1262
- static bool _mongocrypt_fle2_placeholder_to_find_ciphertext_v1(_mongocrypt_key_broker_t *kb,
1263
- _mongocrypt_marking_t *marking,
1264
- _mongocrypt_ciphertext_t *ciphertext,
1265
- mongocrypt_status_t *status) {
1328
+ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForTextSearch(_mongocrypt_key_broker_t *kb,
1329
+ _mongocrypt_marking_t *marking,
1330
+ _mongocrypt_ciphertext_t *ciphertext,
1331
+ mongocrypt_status_t *status) {
1266
1332
  BSON_ASSERT_PARAM(kb);
1267
1333
  BSON_ASSERT_PARAM(marking);
1268
1334
  BSON_ASSERT_PARAM(ciphertext);
1335
+ BSON_ASSERT(kb->crypt);
1336
+ BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
1337
+
1338
+ mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
1339
+ BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT);
1340
+ BSON_ASSERT(placeholder->algorithm == MONGOCRYPT_FLE2_ALGORITHM_TEXT_SEARCH);
1269
1341
 
1270
1342
  _FLE2EncryptedPayloadCommon_t common = {{0}};
1343
+ mc_FLE2InsertUpdatePayloadV2_t payload;
1344
+ mc_FLE2InsertUpdatePayloadV2_init(&payload);
1345
+
1271
1346
  _mongocrypt_buffer_t value = {0};
1272
- mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
1273
- mc_FLE2FindEqualityPayload_t payload;
1274
1347
  bool res = false;
1275
1348
 
1276
- BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
1277
- BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
1278
- BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND);
1279
- _mongocrypt_buffer_init(&value);
1280
- mc_FLE2FindEqualityPayload_init(&payload);
1349
+ mc_FLE2TextSearchInsertSpec_t insertSpec;
1350
+ if (!mc_FLE2TextSearchInsertSpec_parse(&insertSpec, &placeholder->v_iter, status)) {
1351
+ goto fail;
1352
+ }
1281
1353
 
1282
- _mongocrypt_buffer_from_iter(&value, &placeholder->v_iter);
1354
+ // t
1355
+ payload.valueType = BSON_TYPE_UTF8;
1356
+
1357
+ // k
1358
+ payload.contentionFactor = 0;
1359
+ if (placeholder->maxContentionFactor > 0) {
1360
+ /* Choose a random contentionFactor in the inclusive range [0,
1361
+ * placeholder->maxContentionFactor] */
1362
+ if (!_mongocrypt_random_int64(kb->crypt->crypto,
1363
+ placeholder->maxContentionFactor + 1,
1364
+ &payload.contentionFactor,
1365
+ status)) {
1366
+ goto fail;
1367
+ }
1368
+ }
1283
1369
 
1370
+ // u
1371
+ _mongocrypt_buffer_copy_to(&placeholder->index_key_id, &payload.indexKeyId);
1372
+
1373
+ _mongocrypt_buffer_from_iter(&value, &insertSpec.v_iter);
1284
1374
  if (!_mongocrypt_fle2_placeholder_common(kb,
1285
1375
  &common,
1286
1376
  &placeholder->index_key_id,
1287
1377
  &value,
1288
- false, /* derive tokens without contentionFactor */
1289
- placeholder->maxContentionFactor, /* ignored */
1378
+ true, /* derive tokens using contentionFactor */
1379
+ payload.contentionFactor,
1290
1380
  status)) {
1291
1381
  goto fail;
1292
1382
  }
1293
1383
 
1294
- // d := EDCDerivedToken
1295
- _mongocrypt_buffer_steal(&payload.edcDerivedToken, &common.edcDerivedToken);
1296
- // s := ESCDerivedToken
1297
- _mongocrypt_buffer_steal(&payload.escDerivedToken, &common.escDerivedToken);
1298
- // c := ECCDerivedToken
1299
- _mongocrypt_buffer_steal(&payload.eccDerivedToken, &common.eccDerivedToken);
1384
+ // (d, s, l) are never used for text search, so just set these to bogus buffers of
1385
+ // correct length.
1386
+ BSON_ASSERT(_mongocrypt_buffer_steal_from_data_and_size(&payload.edcDerivedToken,
1387
+ bson_malloc0(MONGOCRYPT_HMAC_SHA256_LEN),
1388
+ MONGOCRYPT_HMAC_SHA256_LEN));
1389
+ _mongocrypt_buffer_copy_to(&payload.edcDerivedToken, &payload.escDerivedToken);
1390
+ _mongocrypt_buffer_copy_to(&payload.edcDerivedToken, &payload.serverDerivedFromDataToken);
1391
+
1392
+ // p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor)
1393
+ // Since p is never used for text search, this just sets p to a bogus ciphertext of
1394
+ // the correct length.
1395
+ if (!_fle2_derive_encrypted_token(kb->crypt->crypto,
1396
+ &payload.encryptedTokens,
1397
+ false,
1398
+ common.collectionsLevel1Token,
1399
+ &payload.escDerivedToken, // bogus
1400
+ NULL, // unused in FLE2v2
1401
+ (mc_optional_bool_t){0},
1402
+ status)) {
1403
+ goto fail;
1404
+ }
1300
1405
 
1406
+ // v := UserKeyId + EncryptCBCAEAD(UserKey, value)
1407
+ {
1408
+ _mongocrypt_buffer_t ciphertext = {0};
1409
+ if (!_fle2_placeholder_aes_aead_encrypt(kb,
1410
+ _mcFLE2v2AEADAlgorithm(),
1411
+ &ciphertext,
1412
+ &placeholder->user_key_id,
1413
+ &value,
1414
+ status)) {
1415
+ goto fail;
1416
+ }
1417
+ const _mongocrypt_buffer_t v[2] = {placeholder->user_key_id, ciphertext};
1418
+ const bool ok = _mongocrypt_buffer_concat(&payload.value, v, 2);
1419
+ _mongocrypt_buffer_cleanup(&ciphertext);
1420
+ if (!ok) {
1421
+ goto fail;
1422
+ }
1423
+ }
1301
1424
  // e := ServerDataEncryptionLevel1Token
1302
1425
  _mongocrypt_buffer_copy_to(mc_ServerDataEncryptionLevel1Token_get(common.serverDataEncryptionLevel1Token),
1303
1426
  &payload.serverEncryptionToken);
1304
1427
 
1305
- payload.maxContentionFactor = placeholder->maxContentionFactor;
1428
+ // b
1429
+ if (!_fle2_generate_TextSearchTokenSets(kb,
1430
+ &payload,
1431
+ &placeholder->index_key_id,
1432
+ &insertSpec,
1433
+ payload.contentionFactor,
1434
+ status)) {
1435
+ goto fail;
1436
+ }
1306
1437
 
1307
1438
  {
1308
1439
  bson_t out;
1309
1440
  bson_init(&out);
1310
- mc_FLE2FindEqualityPayload_serialize(&payload, &out);
1441
+ mc_FLE2InsertUpdatePayloadV2_serializeForTextSearch(&payload, &out);
1311
1442
  _mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
1312
1443
  }
1313
1444
  // Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
1314
- // not used for FLE2FindEqualityPayload.
1315
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2FindEqualityPayload;
1445
+ // not used for FLE2InsertUpdatePayloadV2.
1446
+ ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayloadV2;
1316
1447
 
1317
1448
  res = true;
1318
1449
  fail:
1319
- mc_FLE2FindEqualityPayload_cleanup(&payload);
1450
+ mc_FLE2InsertUpdatePayloadV2_cleanup(&payload);
1320
1451
  _mongocrypt_buffer_cleanup(&value);
1321
1452
  _FLE2EncryptedPayloadCommon_cleanup(&common);
1322
-
1323
1453
  return res;
1324
1454
  }
1325
1455
 
1326
1456
  /**
1327
1457
  * Payload subtype 12: FLE2FindEqualityPayloadV2
1328
- * Delegates to ..._find_ciphertext_v1 when crypt->opts.use_fle2_v2 == false.
1329
1458
  *
1330
1459
  * {d: EDC, s: ESC, l: serverDerivedFromDataToken, cm: maxContentionFactor}
1331
1460
  */
@@ -1337,10 +1466,6 @@ static bool _mongocrypt_fle2_placeholder_to_find_ciphertext(_mongocrypt_key_brok
1337
1466
  BSON_ASSERT_PARAM(marking);
1338
1467
  BSON_ASSERT_PARAM(ciphertext);
1339
1468
 
1340
- if (kb->crypt->opts.use_fle2_v2 == false) {
1341
- return _mongocrypt_fle2_placeholder_to_find_ciphertext_v1(kb, marking, ciphertext, status);
1342
- }
1343
-
1344
1469
  _FLE2EncryptedPayloadCommon_t common = {{0}};
1345
1470
  _mongocrypt_buffer_t value = {0};
1346
1471
  mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
@@ -1569,145 +1694,8 @@ mc_mincover_t *mc_get_mincover_from_FLE2RangeFindSpec(mc_FLE2RangeFindSpec_t *fi
1569
1694
  }
1570
1695
  }
1571
1696
 
1572
- /**
1573
- * Payload subtype 10: FLE2FindRangePayload
1574
- *
1575
- * {e: serverToken, cm: maxContentionFactor,
1576
- * g: [{d: EDC, s: ESC, c: ECC}, ...]}
1577
- */
1578
- static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(_mongocrypt_key_broker_t *kb,
1579
- _mongocrypt_marking_t *marking,
1580
- _mongocrypt_ciphertext_t *ciphertext,
1581
- mongocrypt_status_t *status) {
1582
- BSON_ASSERT_PARAM(kb);
1583
- BSON_ASSERT_PARAM(marking);
1584
- BSON_ASSERT_PARAM(ciphertext);
1585
- BSON_ASSERT(kb->crypt);
1586
-
1587
- const bool use_range_v2 = kb->crypt->opts.use_range_v2;
1588
- _mongocrypt_crypto_t *crypto = kb->crypt->crypto;
1589
- mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
1590
- mc_FLE2FindRangePayload_t payload;
1591
- bool res = false;
1592
- mc_mincover_t *mincover = NULL;
1593
- _mongocrypt_buffer_t tokenKey = {0};
1594
-
1595
- BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
1596
- BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
1597
- BSON_ASSERT(placeholder);
1598
- BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND);
1599
- BSON_ASSERT(placeholder->algorithm == MONGOCRYPT_FLE2_ALGORITHM_RANGE);
1600
- mc_FLE2FindRangePayload_init(&payload);
1601
-
1602
- // Parse the query bounds and index bounds from FLE2EncryptionPlaceholder for
1603
- // range find.
1604
- mc_FLE2RangeFindSpec_t findSpec;
1605
- if (!mc_FLE2RangeFindSpec_parse(&findSpec, &placeholder->v_iter, use_range_v2, status)) {
1606
- goto fail;
1607
- }
1608
-
1609
- if (findSpec.edgesInfo.set) {
1610
- // cm := Queryable Encryption max contentionFactor
1611
- payload.payload.value.maxContentionFactor = placeholder->maxContentionFactor;
1612
-
1613
- // e := ServerDataEncryptionLevel1Token
1614
- {
1615
- if (!_get_tokenKey(kb, &placeholder->index_key_id, &tokenKey, status)) {
1616
- goto fail;
1617
- }
1618
-
1619
- mc_ServerDataEncryptionLevel1Token_t *serverToken =
1620
- mc_ServerDataEncryptionLevel1Token_new(crypto, &tokenKey, status);
1621
- if (!serverToken) {
1622
- goto fail;
1623
- }
1624
- _mongocrypt_buffer_copy_to(mc_ServerDataEncryptionLevel1Token_get(serverToken),
1625
- &payload.payload.value.serverEncryptionToken);
1626
- mc_ServerDataEncryptionLevel1Token_destroy(serverToken);
1627
- }
1628
-
1629
- // g:= array<EdgeFindTokenSet>
1630
- {
1631
- BSON_ASSERT(placeholder->sparsity >= 0 && (uint64_t)placeholder->sparsity <= (uint64_t)SIZE_MAX);
1632
- mincover =
1633
- mc_get_mincover_from_FLE2RangeFindSpec(&findSpec, (size_t)placeholder->sparsity, status, use_range_v2);
1634
- if (!mincover) {
1635
- goto fail;
1636
- }
1637
-
1638
- for (size_t i = 0; i < mc_mincover_len(mincover); i++) {
1639
- // Create a EdgeFindTokenSet from each edge.
1640
- bool loop_ok = false;
1641
- const char *edge = mc_mincover_get(mincover, i);
1642
- _mongocrypt_buffer_t edge_buf = {0};
1643
- _FLE2EncryptedPayloadCommon_t edge_tokens = {{0}};
1644
- mc_EdgeFindTokenSet_t eftc = {{0}};
1645
-
1646
- if (!_mongocrypt_buffer_from_string(&edge_buf, edge)) {
1647
- CLIENT_ERR("failed to copy edge to buffer");
1648
- goto fail_loop;
1649
- }
1650
-
1651
- if (!_mongocrypt_fle2_placeholder_common(kb,
1652
- &edge_tokens,
1653
- &placeholder->index_key_id,
1654
- &edge_buf,
1655
- false, /* derive tokens using contentionFactor */
1656
- placeholder->maxContentionFactor, /* ignored */
1657
- status)) {
1658
- goto fail_loop;
1659
- }
1660
-
1661
- // d := EDCDerivedToken
1662
- _mongocrypt_buffer_steal(&eftc.edcDerivedToken, &edge_tokens.edcDerivedToken);
1663
- // s := ESCDerivedToken
1664
- _mongocrypt_buffer_steal(&eftc.escDerivedToken, &edge_tokens.escDerivedToken);
1665
- // c := ECCDerivedToken
1666
- _mongocrypt_buffer_steal(&eftc.eccDerivedToken, &edge_tokens.eccDerivedToken);
1667
-
1668
- _mc_array_append_val(&payload.payload.value.edgeFindTokenSetArray, eftc);
1669
-
1670
- loop_ok = true;
1671
- fail_loop:
1672
- _FLE2EncryptedPayloadCommon_cleanup(&edge_tokens);
1673
- _mongocrypt_buffer_cleanup(&edge_buf);
1674
- if (!loop_ok) {
1675
- goto fail;
1676
- }
1677
- }
1678
- }
1679
- payload.payload.set = true;
1680
- }
1681
-
1682
- payload.payloadId = findSpec.payloadId;
1683
- payload.firstOperator = findSpec.firstOperator;
1684
- payload.secondOperator = findSpec.secondOperator;
1685
-
1686
- // Serialize.
1687
- {
1688
- bson_t out = BSON_INITIALIZER;
1689
- mc_FLE2FindRangePayload_serialize(&payload, &out);
1690
- _mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
1691
- }
1692
- _mongocrypt_buffer_steal(&ciphertext->key_id, &placeholder->index_key_id);
1693
-
1694
- // Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
1695
- // not used for FLE2FindRangePayload.
1696
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2FindRangePayload;
1697
-
1698
- res = true;
1699
- fail:
1700
- mc_mincover_destroy(mincover);
1701
- mc_FLE2FindRangePayload_cleanup(&payload);
1702
- _mongocrypt_buffer_cleanup(&tokenKey);
1703
-
1704
- return res;
1705
- }
1706
-
1707
1697
  /**
1708
1698
  * Payload subtype 13: FLE2FindRangePayloadV2
1709
- * Delegates to ..._find_ciphertextForRange_v1
1710
- * when crypt->opts.use_fle2_v2 is false
1711
1699
  *
1712
1700
  * {cm: maxContentionFactor,
1713
1701
  * g: [{d: EDC, s: ESC, l: serverDerivedFromDataToken}, ...]}
@@ -1720,10 +1708,6 @@ static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange(_mongocrypt_
1720
1708
  BSON_ASSERT_PARAM(marking);
1721
1709
  BSON_ASSERT_PARAM(ciphertext);
1722
1710
 
1723
- if (kb->crypt->opts.use_fle2_v2 == false) {
1724
- return _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(kb, marking, ciphertext, status);
1725
- }
1726
-
1727
1711
  const bool use_range_v2 = kb->crypt->opts.use_range_v2;
1728
1712
  mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
1729
1713
  mc_FLE2FindRangePayloadV2_t payload;
@@ -1836,6 +1820,15 @@ fail:
1836
1820
  return res;
1837
1821
  }
1838
1822
 
1823
+ static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForTextSearch(_mongocrypt_key_broker_t *kb,
1824
+ _mongocrypt_marking_t *marking,
1825
+ _mongocrypt_ciphertext_t *ciphertext,
1826
+ mongocrypt_status_t *status) {
1827
+ // TODO MONGOCRYPT-761 implement find support for text search fields
1828
+ CLIENT_ERR("Text search find is not yet supported");
1829
+ return false;
1830
+ }
1831
+
1839
1832
  static bool _mongocrypt_fle2_placeholder_to_FLE2UnindexedEncryptedValue(_mongocrypt_key_broker_t *kb,
1840
1833
  _mongocrypt_marking_t *marking,
1841
1834
  _mongocrypt_ciphertext_t *ciphertext,
@@ -1860,25 +1853,14 @@ static bool _mongocrypt_fle2_placeholder_to_FLE2UnindexedEncryptedValue(_mongocr
1860
1853
  }
1861
1854
 
1862
1855
  BSON_ASSERT(kb->crypt);
1863
- if (kb->crypt->opts.use_fle2_v2) {
1864
- res = mc_FLE2UnindexedEncryptedValueV2_encrypt(kb->crypt->crypto,
1865
- &placeholder->user_key_id,
1866
- bson_iter_type(&placeholder->v_iter),
1867
- &plaintext,
1868
- &user_key,
1869
- &ciphertext->data,
1870
- status);
1871
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2UnindexedEncryptedValueV2;
1872
- } else {
1873
- res = mc_FLE2UnindexedEncryptedValue_encrypt(kb->crypt->crypto,
1874
- &placeholder->user_key_id,
1875
- bson_iter_type(&placeholder->v_iter),
1876
- &plaintext,
1877
- &user_key,
1878
- &ciphertext->data,
1879
- status);
1880
- ciphertext->blob_subtype = MC_SUBTYPE_FLE2UnindexedEncryptedValue;
1881
- }
1856
+ res = mc_FLE2UnindexedEncryptedValueV2_encrypt(kb->crypt->crypto,
1857
+ &placeholder->user_key_id,
1858
+ bson_iter_type(&placeholder->v_iter),
1859
+ &plaintext,
1860
+ &user_key,
1861
+ &ciphertext->data,
1862
+ status);
1863
+ ciphertext->blob_subtype = MC_SUBTYPE_FLE2UnindexedEncryptedValueV2;
1882
1864
 
1883
1865
  if (!res) {
1884
1866
  goto fail;
@@ -2059,6 +2041,17 @@ bool _mongocrypt_marking_to_ciphertext(void *ctx,
2059
2041
  return _mongocrypt_fle2_placeholder_to_find_ciphertext(kb, marking, ciphertext, status);
2060
2042
  default: CLIENT_ERR("unexpected fle2 type: %d", (int)marking->fle2.type); return false;
2061
2043
  }
2044
+ case MONGOCRYPT_FLE2_ALGORITHM_TEXT_SEARCH:
2045
+ switch (marking->fle2.type) {
2046
+ case MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT:
2047
+ return _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForTextSearch(kb,
2048
+ marking,
2049
+ ciphertext,
2050
+ status);
2051
+ case MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND:
2052
+ return _mongocrypt_fle2_placeholder_to_find_ciphertextForTextSearch(kb, marking, ciphertext, status);
2053
+ default: CLIENT_ERR("unexpected fle2 type: %d", (int)marking->fle2.type); return false;
2054
+ }
2062
2055
  default: CLIENT_ERR("unexpected algorithm: %d", (int)marking->algorithm); return false;
2063
2056
  }
2064
2057
  case MONGOCRYPT_MARKING_FLE1_BY_ID: