libmongocrypt-helper 1.12.0.0.1001 → 1.13.2.0.1001
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/ext/libmongocrypt/libmongocrypt/CHANGELOG.md +19 -0
- data/ext/libmongocrypt/libmongocrypt/CMakeLists.txt +10 -0
- data/ext/libmongocrypt/libmongocrypt/CODEOWNERS +1 -4
- data/ext/libmongocrypt/libmongocrypt/CONTRIBUTING.md +14 -0
- data/ext/libmongocrypt/libmongocrypt/Earthfile +49 -50
- data/ext/libmongocrypt/libmongocrypt/README.md +8 -17
- data/ext/libmongocrypt/libmongocrypt/bindings/python/CHANGELOG.rst +6 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/README.rst +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/libmongocrypt-version.txt +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binding.py +39 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/mongocrypt.py +32 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/version.py +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/release.sh +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/sbom.json +8 -8
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/compact/success/encrypted-field-config-map.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/encrypted-field-config-map.json +0 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_mongocrypt.py +11 -11
- data/ext/libmongocrypt/libmongocrypt/cmake/FetchMongoC.cmake +4 -2
- data/ext/libmongocrypt/libmongocrypt/cmake/ImportBSON.cmake +3 -5
- data/ext/libmongocrypt/libmongocrypt/doc/releasing.md +14 -27
- data/ext/libmongocrypt/libmongocrypt/etc/cyclonedx.sbom.json +9 -9
- data/ext/libmongocrypt/libmongocrypt/etc/format.sh +0 -2
- data/ext/libmongocrypt/libmongocrypt/etc/libbson-remove-GCC-diagnostic-in-functions.patch +158 -0
- data/ext/libmongocrypt/libmongocrypt/etc/libbson-remove-GCC-diagnostic-pragma.patch +3 -3
- data/ext/libmongocrypt/libmongocrypt/etc/purls.txt +1 -1
- data/ext/libmongocrypt/libmongocrypt/integrating.md +42 -11
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_crypto_windows.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message_private.h +2 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request.c +3 -3
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kmip_reader_writer.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_assert.h +25 -8
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_azure_online.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_gcp_online.c +3 -3
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_request.c +12 -10
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc-private.h +5 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc.c +35 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle-blob-subtype-private.h +4 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder-private.h +79 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder.c +226 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-v2.c +0 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload.c +0 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private-v2.h +34 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-v2.c +165 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload.c +0 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-private-v2.h +105 -7
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-v2.c +381 -70
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-tag-and-encrypted-metadata-block-private.h +7 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-tag-and-encrypted-metadata-block.c +17 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-schema-broker-private.h +126 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-schema-broker.c +1075 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-str-encode-string-sets-private.h +95 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-str-encode-string-sets.c +304 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-text-search-str-encode-private.h +45 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-text-search-str-encode.c +248 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens-private.h +112 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens.c +166 -2
- data/ext/libmongocrypt/libmongocrypt/src/mlib/windows-lean.h +2 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer-private.h +11 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer.c +36 -3
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-decrypt.c +8 -4
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-encrypt.c +430 -857
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-private.h +5 -19
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking.c +516 -523
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts-private.h +0 -4
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-private.h +7 -12
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-traverse-util.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-util.c +3 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.c +6 -9
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.h +17 -0
- data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_dll.c +3 -1
- data/ext/libmongocrypt/libmongocrypt/src/unicode/case-fold-map.c +1434 -0
- data/ext/libmongocrypt/libmongocrypt/src/unicode/diacritic-fold-map.c +2884 -0
- data/ext/libmongocrypt/libmongocrypt/src/unicode/fold.c +139 -0
- data/ext/libmongocrypt/libmongocrypt/src/unicode/fold.h +58 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/payload.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/missing-key-id/collinfo.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/no-fields/collinfo.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/collinfo.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/encrypted-payload-range-v2.json +20 -21
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/missing-key-id/collinfo.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-fields/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-field-config-map.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload-range-v2.json +20 -21
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/cmd-to-mongocryptd.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/collinfo.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/encrypted-payload.json +2 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/mongocryptd-reply.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/cmd-to-mongocryptd.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/collinfo.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/encrypted-payload.json +2 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/mongocryptd-reply.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/cmd-to-mongocryptd.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/collinfo.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/mongocryptd-reply.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_fle1/collinfo.json +2 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-extraField.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-missingKeyId.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField-badVersionSet.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField-goodVersionSet.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields-badVersionSet.json +48 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields-goodVersionSet.json +48 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-twoFields.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/encrypted-field-config-map.json +1 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1DeterministicEncryptedValue.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1EncryptionPlaceholder.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1RandomEncryptedValue.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2EncryptionPlaceholder.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2EqualityIndexedValueV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2FindEqualityPayloadV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedEqualityEncryptedValue.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedEqualityEncryptedValueV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedRangeEncryptedValue.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedRangeEncryptedValueV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayload-with-edges-V2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayload-with-edges.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-explicit/insert-indexed.json → explicit-decrypt/FLE2InsertUpdatePayload.json} +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayloadV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2RangeIndexedValueV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2UnindexedEncryptedValue.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2UnindexedEncryptedValueV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/find-with-encryptionInformation.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle1-explain/with-csfle/collinfo.json +2 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle1-explain/with-mongocryptd/collinfo.json +2 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-collinfo.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd-mongocryptd-reply.json +51 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd-to-mongocryptd.json +45 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd.json +18 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/int32/encrypted-field-map.json → fle2-bad-str-encode-version/bad-encrypted-field-config-map.json} +7 -12
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-bad-str-encode-version}/encrypted-payload.json +4 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/cmd-to-mongocryptd.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/encrypted-field-config-map.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/cmd-to-mongocryptd.json +44 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/cmd.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-equality/encrypted-field-map.json → fle2-create-encrypted-collection/encrypted-field-config-map.json} +9 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/encrypted-payload.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/mongocryptd-reply.json +50 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/cmd-to-mongocryptd.json +45 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/mongocryptd-reply.json +51 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json +46 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd.json +18 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json +25 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-payload.json +18 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json +52 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-field-config-map.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-payload-v2.json +57 -59
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/mongocryptd-reply.json +63 -64
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-field-config-map.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-payload-v2.json +64 -66
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/mongocryptd-reply.json +69 -70
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/encrypted-payload.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/cmd-to-mongocryptd.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/collinfo.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/encrypted-payload.json +2 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/mongocryptd-reply.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/cmd-to-mongocryptd.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/cmd-to-mongod.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/reply-from-mongocryptd.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/encrypted-field-map.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/cmd.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/date → fle2-insert-text-search}/encrypted-field-map.json +10 -9
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/encrypted-payload.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/mongocryptd-reply.json +55 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/double → fle2-insert-text-search-with-str-encode-version}/encrypted-field-map.json +12 -10
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search-with-str-encode-version/encrypted-payload.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search-with-str-encode-version/mongocryptd-reply.json +55 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-v2-with-str-encode-version/cmd.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-v2-with-str-encode-version}/encrypted-field-map.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-v2-with-str-encode-version/encrypted-payload.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-v2-with-str-encode-version}/mongocryptd-reply.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/cmd-to-mongocryptd.json +55 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/cmd.json +22 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/encrypted-field-config-map.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/encrypted-payload.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/mongocryptd-reply.json +61 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json +56 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-payload.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json +62 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/iev-v2/FLECrudTest-insertOneText.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/iev-v2/FLECrudTest-insertOneTextLarge.json +930 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/cmd-to-mongocryptd.json +60 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/collInfo-c2.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-facet/cmd.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-mismatch/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/src/test/resources/collection-info.json → test/data/lookup/csfle-mismatch/collInfo-c1.json} +13 -11
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-mismatch/collInfo-c3.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-nested/cmd.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/cmd-to-mongocryptd.json +60 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/schemaMap.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/cmd-to-mongocryptd.json +60 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/schemaMap.json +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/cmd-to-mongocryptd.json +34 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/cmd-to-mongocryptd.json +49 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/collInfo-c2.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/reply-from-mongocryptd.json +18 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-unionWith/cmd.json +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/collInfo-v1.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd-to-mongocryptd.json +65 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd-to-mongod.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/collInfo-c2.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/src/test/resources/keys/ABCDEFAB123498761234123456789012-local-document.json → test/data/lookup/mixed/csfle/csfle/key-doc.json} +4 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/reply-from-mongocryptd.json +33 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd-to-mongocryptd.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd-to-mongod.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/collInfo-c2.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/reply-from-mongocryptd.json +33 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/cmd-to-mongocryptd.json +70 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/collInfo-c2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd-to-mongocryptd.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd-to-mongod.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/collInfo-c1.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/collInfo-c2.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/reply-from-mongocryptd.json +33 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd-to-mongocryptd.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd-to-mongod.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/collInfo-c1.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/collInfo-c2.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/reply-from-mongocryptd.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd-to-mongocryptd.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd-to-mongod.json +58 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/collInfo-c1.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/collInfo-c2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/reply-from-mongocryptd.json +65 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/cmd-to-mongocryptd.json +70 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/collInfo-c2.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd-to-mongocryptd.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd-to-mongod.json +56 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/collInfo-c2.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/reply-from-mongocryptd.json +63 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd-to-mongocryptd.json +66 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd-to-mongod.json +71 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/collInfo-c2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/reply-from-mongocryptd.json +78 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd-to-mongocryptd.json +61 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd-to-mongod.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/collInfo-c2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/reply-from-mongocryptd.json +68 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd-to-mongocryptd.json +66 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd-to-mongod.json +71 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert-unindexed/encrypted-field-map.json → lookup/qe-encryptedFieldsMap/encryptedFieldsMap.json} +6 -7
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/reply-from-mongocryptd.json +78 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd-to-mongocryptd.json +46 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd-to-mongod.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/reply-from-mongocryptd.json +58 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd-to-mongocryptd.json +66 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd-to-mongod.json +75 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/collInfo-c2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/reply-from-mongocryptd.json +78 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-create/mongocryptd-ismaster.json → mongocryptd-ismaster-17.json} +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/mongocryptd-ismaster-26.json +12 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-encryptedFields.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-encryptedFields2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-jsonSchema.json +43 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-noSchema.json +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/create-with-jsonSchema.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFields.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFields2.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFieldsMap.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/jsonSchema.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/jsonSchema2.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/schemaMap.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/mc.json +28 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/server.json +28 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-efc.c +70 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-encryption-placeholder.c +468 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-equality-payload-v2.c +20 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iev-v2.c +286 -24
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iev.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup-v2.c +23 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup.c +24 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-uev.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-rfds.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-tag-and-encrypted-metadata-block.c +36 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-edge-generation.c +6 -7
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-encoding.c +32 -33
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-mincover.c +58 -66
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-rangeopts.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-schema-broker.c +1124 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-text-search-str-encode.c +1207 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-tokens.c +144 -37
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.c +13 -14
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert.h +21 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-buffer.c +25 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cache.c +3 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-hooks.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto.c +37 -7
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-csfle-lib.c +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-decrypt.c +226 -146
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-encrypt.c +1330 -1200
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kek.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-key-cache.c +6 -6
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kms-responses.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-marking.c +744 -106
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.c +119 -33
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.h +27 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-unicode-fold.c +97 -0
- data/lib/libmongocrypt_helper/version.rb +2 -2
- metadata +207 -157
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/README.md +0 -36
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/build.gradle.kts +0 -28
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/java/com/mongodb/crypt/benchmark/BenchmarkRunner.java +0 -217
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/resources/keyDocument.json +0 -24
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/build.gradle.kts +0 -354
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.jar +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.properties +0 -5
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew +0 -234
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew.bat +0 -89
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/settings.gradle.kts +0 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/BinaryHolder.java +0 -45
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPI.java +0 -1165
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPIHelper.java +0 -96
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CipherCallback.java +0 -92
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/DisposableMemory.java +0 -31
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/JULLogger.java +0 -130
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/Logger.java +0 -144
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/Loggers.java +0 -50
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MacCallback.java +0 -60
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MessageDigestCallback.java +0 -55
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoAwsKmsProviderOptions.java +0 -104
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCrypt.java +0 -100
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptContext.java +0 -137
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptContextImpl.java +0 -164
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptException.java +0 -67
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptImpl.java +0 -423
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptOptions.java +0 -284
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCrypts.java +0 -38
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoDataKeyOptions.java +0 -125
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoExplicitEncryptOptions.java +0 -227
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoKeyDecryptor.java +0 -76
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoKeyDecryptorImpl.java +0 -105
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoLocalKmsProviderOptions.java +0 -83
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoRewrapManyDataKeyOptions.java +0 -104
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SLF4JLogger.java +0 -110
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SecureRandomCallback.java +0 -51
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SigningRSAESPKCSCallback.java +0 -76
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/package-info.java +0 -18
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/jni-config.json +0 -180
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/reflect-config.json +0 -134
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/java/com/mongodb/crypt/capi/MongoCryptTest.java +0 -389
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/command-reply.json +0 -13
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/command.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-command-reply.json +0 -16
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-command.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-value.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/encrypted-payload.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/key-filter.json +0 -19
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/rangeopts.json +0 -14
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/value-to-encrypt.json +0 -20
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/json-schema.json +0 -15
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/key-document.json +0 -36
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/key-filter-keyAltName.json +0 -14
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/key-filter.json +0 -19
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/kms-reply.txt +0 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/list-collections-filter.json +0 -3
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/mongocryptd-command.json +0 -22
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/mongocryptd-reply.json +0 -18
- data/ext/libmongocrypt/libmongocrypt/etc/silk-create-asset-group.sh +0 -70
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/jsonSchema/cmd.json +0 -20
- data/ext/libmongocrypt/libmongocrypt/test/data/collection-info-no-schema.json +0 -19
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/encrypted-field-config-map.json +0 -47
- data/ext/libmongocrypt/libmongocrypt/test/data/fle1-collMod/insert/cmd.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle1-collMod/insert/collinfo.json +0 -9
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/ismaster-to-mongocryptd.json +0 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-payload.json +0 -91
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-payload.json +0 -98
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/find-indexed-contentionFactor1.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/insert-indexed-contentionFactor1.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/insert-indexed-same-user-and-index-key.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/cmd.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/encrypted-payload.json +0 -41
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/mongocryptd-reply.json +0 -19
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/cmd.json +0 -10
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/encrypted-payload.json +0 -42
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/mongocryptd-reply.json +0 -50
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/cmd.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/encrypted-payload.json +0 -42
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/mongocryptd-reply.json +0 -50
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/cmd.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/encrypted-field-map.json +0 -31
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/encrypted-payload.json +0 -51
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/mongocryptd-reply.json +0 -59
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/cmd.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/encrypted-payload.json +0 -42
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/mongocryptd-reply.json +0 -50
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/cmd.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/encrypted-field-map.json +0 -31
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/cmd.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/encrypted-payload.json +0 -42
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/mongocryptd-reply.json +0 -50
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/cmd.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/encrypted-payload.json +0 -42
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/mongocryptd-reply.json +0 -50
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double/encrypted-payload.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double-precision/encrypted-payload.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32/encrypted-payload.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-nominmax/encrypted-payload-v2.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-openinterval/encrypted-payload.json +0 -16
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/cmd.json +0 -13
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/cmd.json +0 -9
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/cmd.json +0 -9
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/encrypted-field-map.json +0 -31
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/encrypted-payload.json +0 -54
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/mongocryptd-reply.json +0 -62
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/cmd.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/cmd.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/encrypted-field-map.json +0 -31
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/encrypted-payload.json +0 -48
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/mongocryptd-reply.json +0 -56
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/cmd.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double/encrypted-payload.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double-precision/encrypted-payload.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/int32-nominmax/encrypted-payload-v2.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/sparsity-2/encrypted-payload.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/cmd.json +0 -9
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/encrypted-payload.json +0 -14
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/mongocryptd-reply.json +0 -46
- data/ext/libmongocrypt/libmongocrypt/test/data/schema.json +0 -19
- /data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-explicit/find-indexed.json → explicit-decrypt/FLE2FindEqualityPayload.json} +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-text-search-with-str-encode-version}/cmd.json +0 -0
@@ -14,6 +14,7 @@
|
|
14
14
|
* limitations under the License.
|
15
15
|
*/
|
16
16
|
|
17
|
+
#include "bson/bson.h"
|
17
18
|
#include "mc-fle-blob-subtype-private.h"
|
18
19
|
#include "mc-fle2-encryption-placeholder-private.h"
|
19
20
|
#include "mc-fle2-find-equality-payload-private-v2.h"
|
@@ -28,6 +29,8 @@
|
|
28
29
|
#include "mc-range-edge-generation-private.h"
|
29
30
|
#include "mc-range-encoding-private.h"
|
30
31
|
#include "mc-range-mincover-private.h"
|
32
|
+
#include "mc-str-encode-string-sets-private.h"
|
33
|
+
#include "mc-text-search-str-encode-private.h"
|
31
34
|
#include "mc-tokens-private.h"
|
32
35
|
#include "mongocrypt-buffer-private.h"
|
33
36
|
#include "mongocrypt-ciphertext-private.h"
|
@@ -268,10 +271,121 @@ void _mongocrypt_marking_cleanup(_mongocrypt_marking_t *marking) {
|
|
268
271
|
|
269
272
|
DERIVE_TOKEN_IMPL(EDC)
|
270
273
|
DERIVE_TOKEN_IMPL(ESC)
|
271
|
-
DERIVE_TOKEN_IMPL(ECC)
|
272
274
|
|
273
275
|
#undef DERIVE_TOKEN_IMPL
|
274
276
|
|
277
|
+
/**
|
278
|
+
* Calculates:
|
279
|
+
* E?CToken = HMAC(collectionLevel1Token, n)
|
280
|
+
* E?CText<T>Token = HMAC(E?CToken, t)
|
281
|
+
* E?CText<T>DerivedFromDataTokenAndContentionFactorToken = HMAC(HMAC(E?CText<T>Token, v) cf)
|
282
|
+
*
|
283
|
+
* E?C = EDC|ESC
|
284
|
+
* n = 1 for EDC, 2 for ESC
|
285
|
+
* <T> = Exact|Substring|Suffix|Prefix
|
286
|
+
* t = 1 for Exact, 2 for Substring, 3 for Suffix, 4 for Prefix
|
287
|
+
* cf = contentionFactor
|
288
|
+
*
|
289
|
+
* E?CText<T>DerivedFromDataTokenAndContentionFactorToken is saved to out.
|
290
|
+
* Note that {out} is initialized even on failure.
|
291
|
+
*/
|
292
|
+
#define DERIVE_TEXT_SEARCH_TOKEN_IMPL(Name, Type) \
|
293
|
+
static bool _fle2_derive_##Name##Text##Type##_token(_mongocrypt_crypto_t *crypto, \
|
294
|
+
_mongocrypt_buffer_t *out, \
|
295
|
+
const mc_CollectionsLevel1Token_t *level1Token, \
|
296
|
+
const _mongocrypt_buffer_t *value, \
|
297
|
+
int64_t contentionFactor, \
|
298
|
+
mongocrypt_status_t *status) { \
|
299
|
+
BSON_ASSERT_PARAM(crypto); \
|
300
|
+
BSON_ASSERT_PARAM(out); \
|
301
|
+
BSON_ASSERT_PARAM(level1Token); \
|
302
|
+
BSON_ASSERT_PARAM(value); \
|
303
|
+
BSON_ASSERT(contentionFactor >= 0); \
|
304
|
+
\
|
305
|
+
_mongocrypt_buffer_init(out); \
|
306
|
+
\
|
307
|
+
mc_##Name##Token_t *token = mc_##Name##Token_new(crypto, level1Token, status); \
|
308
|
+
if (!token) { \
|
309
|
+
return false; \
|
310
|
+
} \
|
311
|
+
mc_##Name##Text##Type##Token_t *textToken = mc_##Name##Text##Type##Token_new(crypto, token, status); \
|
312
|
+
mc_##Name##Token_destroy(token); \
|
313
|
+
if (!textToken) { \
|
314
|
+
return false; \
|
315
|
+
} \
|
316
|
+
mc_##Name##Text##Type##DerivedFromDataTokenAndContentionFactorToken_t *fromDataAndContentionFactor = \
|
317
|
+
mc_##Name##Text##Type##DerivedFromDataTokenAndContentionFactorToken_new(crypto, \
|
318
|
+
textToken, \
|
319
|
+
value, \
|
320
|
+
(uint64_t)contentionFactor, \
|
321
|
+
status); \
|
322
|
+
mc_##Name##Text##Type##Token_destroy(textToken); \
|
323
|
+
if (!fromDataAndContentionFactor) { \
|
324
|
+
return false; \
|
325
|
+
} \
|
326
|
+
_mongocrypt_buffer_copy_to( \
|
327
|
+
mc_##Name##Text##Type##DerivedFromDataTokenAndContentionFactorToken_get(fromDataAndContentionFactor), \
|
328
|
+
out); \
|
329
|
+
mc_##Name##Text##Type##DerivedFromDataTokenAndContentionFactorToken_destroy(fromDataAndContentionFactor); \
|
330
|
+
return true; \
|
331
|
+
}
|
332
|
+
|
333
|
+
DERIVE_TEXT_SEARCH_TOKEN_IMPL(EDC, Exact)
|
334
|
+
DERIVE_TEXT_SEARCH_TOKEN_IMPL(ESC, Exact)
|
335
|
+
DERIVE_TEXT_SEARCH_TOKEN_IMPL(EDC, Substring)
|
336
|
+
DERIVE_TEXT_SEARCH_TOKEN_IMPL(ESC, Substring)
|
337
|
+
DERIVE_TEXT_SEARCH_TOKEN_IMPL(EDC, Suffix)
|
338
|
+
DERIVE_TEXT_SEARCH_TOKEN_IMPL(ESC, Suffix)
|
339
|
+
DERIVE_TEXT_SEARCH_TOKEN_IMPL(EDC, Prefix)
|
340
|
+
DERIVE_TEXT_SEARCH_TOKEN_IMPL(ESC, Prefix)
|
341
|
+
#undef DERIVE_TEXT_SEARCH_TOKEN_IMPL
|
342
|
+
|
343
|
+
/**
|
344
|
+
* Calculates:
|
345
|
+
* ServerText<T>Token = HMAC(collectionLevel1Token, t)
|
346
|
+
* ServerText<T>DerivedFromDataToken = HMAC(ServerText<T>Token, v)
|
347
|
+
*
|
348
|
+
* <T> = Exact|Substring|Suffix|Prefix
|
349
|
+
* t = 1 for Exact, 2 for Substring, 3 for Suffix, 4 for Prefix
|
350
|
+
*
|
351
|
+
* ServerText<T>DerivedFromDataToken is saved to out.
|
352
|
+
* Note that {out} is initialized even on failure.
|
353
|
+
*/
|
354
|
+
#define DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Type) \
|
355
|
+
static bool _fle2_derive_serverText##Type##DerivedFromDataToken( \
|
356
|
+
_mongocrypt_crypto_t *crypto, \
|
357
|
+
_mongocrypt_buffer_t *out, \
|
358
|
+
const mc_ServerTokenDerivationLevel1Token_t *level1Token, \
|
359
|
+
const _mongocrypt_buffer_t *value, \
|
360
|
+
mongocrypt_status_t *status) { \
|
361
|
+
BSON_ASSERT_PARAM(crypto); \
|
362
|
+
BSON_ASSERT_PARAM(out); \
|
363
|
+
BSON_ASSERT_PARAM(level1Token); \
|
364
|
+
BSON_ASSERT_PARAM(value); \
|
365
|
+
BSON_ASSERT_PARAM(status); \
|
366
|
+
\
|
367
|
+
_mongocrypt_buffer_init(out); \
|
368
|
+
mc_ServerText##Type##Token_t *token = mc_ServerText##Type##Token_new(crypto, level1Token, status); \
|
369
|
+
if (!token) { \
|
370
|
+
return false; \
|
371
|
+
} \
|
372
|
+
mc_ServerText##Type##DerivedFromDataToken_t *dataToken = \
|
373
|
+
mc_ServerText##Type##DerivedFromDataToken_new(crypto, token, value, status); \
|
374
|
+
mc_ServerText##Type##Token_destroy(token); \
|
375
|
+
if (!dataToken) { \
|
376
|
+
return false; \
|
377
|
+
} \
|
378
|
+
_mongocrypt_buffer_copy_to(mc_ServerText##Type##DerivedFromDataToken_get(dataToken), out); \
|
379
|
+
mc_ServerText##Type##DerivedFromDataToken_destroy(dataToken); \
|
380
|
+
return true; \
|
381
|
+
}
|
382
|
+
|
383
|
+
DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Exact)
|
384
|
+
DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Substring)
|
385
|
+
DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Suffix)
|
386
|
+
DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Prefix)
|
387
|
+
#undef DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL
|
388
|
+
|
275
389
|
static bool _fle2_derive_serverDerivedFromDataToken(_mongocrypt_crypto_t *crypto,
|
276
390
|
_mongocrypt_buffer_t *out,
|
277
391
|
const mc_ServerTokenDerivationLevel1Token_t *level1Token,
|
@@ -514,7 +628,6 @@ static bool _mongocrypt_fle2_placeholder_common(_mongocrypt_key_broker_t *kb,
|
|
514
628
|
BSON_ASSERT_PARAM(value);
|
515
629
|
|
516
630
|
_mongocrypt_crypto_t *crypto = kb->crypt->crypto;
|
517
|
-
_mongocrypt_buffer_t indexKey = {0};
|
518
631
|
*ret = (_FLE2EncryptedPayloadCommon_t){{0}};
|
519
632
|
|
520
633
|
if (!_get_tokenKey(kb, indexKeyId, &ret->tokenKey, status)) {
|
@@ -553,191 +666,25 @@ static bool _mongocrypt_fle2_placeholder_common(_mongocrypt_key_broker_t *kb,
|
|
553
666
|
goto fail;
|
554
667
|
}
|
555
668
|
|
556
|
-
|
557
|
-
|
558
|
-
|
559
|
-
if (!ret->serverTokenDerivationLevel1Token) {
|
560
|
-
CLIENT_ERR("unable to derive serverTokenDerivationLevel1Token");
|
561
|
-
goto fail;
|
562
|
-
}
|
563
|
-
|
564
|
-
if (!_fle2_derive_serverDerivedFromDataToken(crypto,
|
565
|
-
&ret->serverDerivedFromDataToken,
|
566
|
-
ret->serverTokenDerivationLevel1Token,
|
567
|
-
value,
|
568
|
-
status)) {
|
569
|
-
goto fail;
|
570
|
-
}
|
571
|
-
} else {
|
572
|
-
/* FLE2v1 */
|
573
|
-
if (!_fle2_derive_ECC_token(crypto,
|
574
|
-
&ret->eccDerivedToken,
|
575
|
-
ret->collectionsLevel1Token,
|
576
|
-
value,
|
577
|
-
useContentionFactor,
|
578
|
-
contentionFactor,
|
579
|
-
status)) {
|
580
|
-
goto fail;
|
581
|
-
}
|
582
|
-
}
|
583
|
-
|
584
|
-
_mongocrypt_buffer_cleanup(&indexKey);
|
585
|
-
return true;
|
586
|
-
|
587
|
-
fail:
|
588
|
-
_FLE2EncryptedPayloadCommon_cleanup(ret);
|
589
|
-
_mongocrypt_buffer_cleanup(&indexKey);
|
590
|
-
return false;
|
591
|
-
}
|
592
|
-
|
593
|
-
// Shared implementation for insert/update and insert/update ForRange (v1)
|
594
|
-
static bool _mongocrypt_fle2_placeholder_to_insert_update_common_v1(_mongocrypt_key_broker_t *kb,
|
595
|
-
mc_FLE2InsertUpdatePayload_t *out,
|
596
|
-
int64_t *contentionFactor,
|
597
|
-
_FLE2EncryptedPayloadCommon_t *common,
|
598
|
-
const mc_FLE2EncryptionPlaceholder_t *placeholder,
|
599
|
-
bson_iter_t *value_iter,
|
600
|
-
mongocrypt_status_t *status) {
|
601
|
-
BSON_ASSERT_PARAM(kb);
|
602
|
-
BSON_ASSERT_PARAM(out);
|
603
|
-
BSON_ASSERT_PARAM(common);
|
604
|
-
BSON_ASSERT_PARAM(placeholder);
|
605
|
-
BSON_ASSERT_PARAM(value_iter);
|
606
|
-
BSON_ASSERT(kb->crypt);
|
607
|
-
BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
|
608
|
-
BSON_ASSERT(kb->crypt->opts.use_range_v2 == false);
|
609
|
-
BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT);
|
610
|
-
|
611
|
-
_mongocrypt_crypto_t *crypto = kb->crypt->crypto;
|
612
|
-
_mongocrypt_buffer_t value = {0};
|
613
|
-
bool res = false;
|
614
|
-
|
615
|
-
*contentionFactor = 0;
|
616
|
-
if (placeholder->maxContentionFactor > 0) {
|
617
|
-
/* Choose a random contentionFactor in the inclusive range [0,
|
618
|
-
* placeholder->maxContentionFactor] */
|
619
|
-
if (!_mongocrypt_random_int64(crypto, placeholder->maxContentionFactor + 1, contentionFactor, status)) {
|
620
|
-
goto fail;
|
621
|
-
}
|
622
|
-
}
|
623
|
-
|
624
|
-
_mongocrypt_buffer_from_iter(&value, value_iter);
|
625
|
-
if (!_mongocrypt_fle2_placeholder_common(kb,
|
626
|
-
common,
|
627
|
-
&placeholder->index_key_id,
|
628
|
-
&value,
|
629
|
-
true, /* derive tokens using contentionFactor */
|
630
|
-
*contentionFactor,
|
631
|
-
status)) {
|
669
|
+
ret->serverTokenDerivationLevel1Token = mc_ServerTokenDerivationLevel1Token_new(crypto, &ret->tokenKey, status);
|
670
|
+
if (!ret->serverTokenDerivationLevel1Token) {
|
671
|
+
CLIENT_ERR("unable to derive serverTokenDerivationLevel1Token");
|
632
672
|
goto fail;
|
633
673
|
}
|
634
674
|
|
635
|
-
|
636
|
-
|
637
|
-
|
638
|
-
|
639
|
-
|
640
|
-
_mongocrypt_buffer_steal(&out->eccDerivedToken, &common->eccDerivedToken);
|
641
|
-
|
642
|
-
// p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor ||
|
643
|
-
// ECCDerivedFromDataTokenAndContentionFactor)
|
644
|
-
if (!_fle2_derive_encrypted_token(crypto,
|
645
|
-
&out->encryptedTokens,
|
646
|
-
false, // Can't use range V2 with FLE V1
|
647
|
-
common->collectionsLevel1Token,
|
648
|
-
&out->escDerivedToken,
|
649
|
-
&out->eccDerivedToken,
|
650
|
-
(mc_optional_bool_t){0}, // Unset is_leaf as it's not used in V1
|
651
|
-
status)) {
|
675
|
+
if (!_fle2_derive_serverDerivedFromDataToken(crypto,
|
676
|
+
&ret->serverDerivedFromDataToken,
|
677
|
+
ret->serverTokenDerivationLevel1Token,
|
678
|
+
value,
|
679
|
+
status)) {
|
652
680
|
goto fail;
|
653
681
|
}
|
654
682
|
|
655
|
-
|
656
|
-
&out->indexKeyId); // u
|
657
|
-
out->valueType = bson_iter_type(value_iter); // t
|
658
|
-
|
659
|
-
// v := UserKeyId + EncryptCTRAEAD(UserKey, value)
|
660
|
-
{
|
661
|
-
_mongocrypt_buffer_t ciphertext = {0};
|
662
|
-
if (!_fle2_placeholder_aes_aead_encrypt(kb,
|
663
|
-
_mcFLE2AEADAlgorithm(),
|
664
|
-
&ciphertext,
|
665
|
-
&placeholder->user_key_id,
|
666
|
-
&value,
|
667
|
-
status)) {
|
668
|
-
goto fail;
|
669
|
-
}
|
670
|
-
const _mongocrypt_buffer_t v[2] = {placeholder->user_key_id, ciphertext};
|
671
|
-
const bool ok = _mongocrypt_buffer_concat(&out->value, v, 2);
|
672
|
-
_mongocrypt_buffer_cleanup(&ciphertext);
|
673
|
-
if (!ok) {
|
674
|
-
goto fail;
|
675
|
-
}
|
676
|
-
}
|
677
|
-
|
678
|
-
// e := ServerDataEncryptionLevel1Token
|
679
|
-
_mongocrypt_buffer_copy_to(mc_ServerDataEncryptionLevel1Token_get(common->serverDataEncryptionLevel1Token),
|
680
|
-
&out->serverEncryptionToken);
|
681
|
-
|
682
|
-
res = true;
|
683
|
-
fail:
|
684
|
-
_mongocrypt_buffer_cleanup(&value);
|
685
|
-
return res;
|
686
|
-
}
|
687
|
-
|
688
|
-
/**
|
689
|
-
* Payload subtype 4: FLE2InsertUpdatePayload
|
690
|
-
*
|
691
|
-
* {d: EDC, s: ESC, c: ECC,
|
692
|
-
* p: encToken, u: indexKeyId, t: type,
|
693
|
-
* v: value, e: serverToken}
|
694
|
-
*/
|
695
|
-
static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertext_v1(_mongocrypt_key_broker_t *kb,
|
696
|
-
_mongocrypt_marking_t *marking,
|
697
|
-
_mongocrypt_ciphertext_t *ciphertext,
|
698
|
-
mongocrypt_status_t *status) {
|
699
|
-
BSON_ASSERT_PARAM(kb);
|
700
|
-
BSON_ASSERT_PARAM(marking);
|
701
|
-
BSON_ASSERT_PARAM(ciphertext);
|
702
|
-
BSON_ASSERT_PARAM(status);
|
703
|
-
BSON_ASSERT(kb->crypt);
|
704
|
-
BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
|
705
|
-
BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
|
706
|
-
BSON_ASSERT(marking->fle2.algorithm == MONGOCRYPT_FLE2_ALGORITHM_EQUALITY);
|
707
|
-
|
708
|
-
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
|
709
|
-
_FLE2EncryptedPayloadCommon_t common = {{0}};
|
710
|
-
mc_FLE2InsertUpdatePayload_t payload;
|
711
|
-
mc_FLE2InsertUpdatePayload_init(&payload);
|
712
|
-
bool res = false;
|
713
|
-
|
714
|
-
int64_t contentionFactor = 0; /* ignored */
|
715
|
-
if (!_mongocrypt_fle2_placeholder_to_insert_update_common_v1(kb,
|
716
|
-
&payload,
|
717
|
-
&contentionFactor,
|
718
|
-
&common,
|
719
|
-
placeholder,
|
720
|
-
&placeholder->v_iter,
|
721
|
-
status)) {
|
722
|
-
goto fail;
|
723
|
-
}
|
724
|
-
|
725
|
-
{
|
726
|
-
bson_t out;
|
727
|
-
bson_init(&out);
|
728
|
-
mc_FLE2InsertUpdatePayload_serialize(&payload, &out);
|
729
|
-
_mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
|
730
|
-
}
|
731
|
-
// Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
|
732
|
-
// not used for FLE2InsertUpdatePayload.
|
733
|
-
ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayload;
|
683
|
+
return true;
|
734
684
|
|
735
|
-
res = true;
|
736
685
|
fail:
|
737
|
-
|
738
|
-
|
739
|
-
|
740
|
-
return res;
|
686
|
+
_FLE2EncryptedPayloadCommon_cleanup(ret);
|
687
|
+
return false;
|
741
688
|
}
|
742
689
|
|
743
690
|
// Shared implementation for insert/update and insert/update ForRange (v2)
|
@@ -753,7 +700,6 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_common(_mongocrypt_key
|
|
753
700
|
BSON_ASSERT_PARAM(placeholder);
|
754
701
|
BSON_ASSERT_PARAM(value_iter);
|
755
702
|
BSON_ASSERT(kb->crypt);
|
756
|
-
BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == true);
|
757
703
|
BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT);
|
758
704
|
|
759
705
|
_mongocrypt_crypto_t *crypto = kb->crypt->crypto;
|
@@ -839,8 +785,6 @@ fail:
|
|
839
785
|
|
840
786
|
/**
|
841
787
|
* Payload subtype 11: FLE2InsertUpdatePayloadV2
|
842
|
-
* Delegates to ..._insert_update_ciphertext_v1 for subtype 4
|
843
|
-
* when crypt.opts.use_fle2_v2 == false
|
844
788
|
*
|
845
789
|
* {d: EDC, s: ESC, p: encToken,
|
846
790
|
* u: indexKeyId, t: valueType, v: value,
|
@@ -857,10 +801,6 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertext(_mongocrypt
|
|
857
801
|
BSON_ASSERT(kb->crypt);
|
858
802
|
BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
|
859
803
|
|
860
|
-
if (!kb->crypt->opts.use_fle2_v2) {
|
861
|
-
return _mongocrypt_fle2_placeholder_to_insert_update_ciphertext_v1(kb, marking, ciphertext, status);
|
862
|
-
}
|
863
|
-
|
864
804
|
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
|
865
805
|
_FLE2EncryptedPayloadCommon_t common = {{0}};
|
866
806
|
mc_FLE2InsertUpdatePayloadV2_t payload;
|
@@ -977,55 +917,51 @@ get_edges(mc_FLE2RangeInsertSpec_t *insertSpec, size_t sparsity, mongocrypt_stat
|
|
977
917
|
}
|
978
918
|
|
979
919
|
/**
|
980
|
-
* Payload subtype
|
920
|
+
* Payload subtype 11: FLE2InsertUpdatePayloadV2 for range updates
|
981
921
|
*
|
982
|
-
* {d: EDC, s: ESC,
|
983
|
-
*
|
984
|
-
*
|
985
|
-
*
|
986
|
-
*
|
922
|
+
* {d: EDC, s: ESC, p: encToken,
|
923
|
+
* u: indexKeyId, t: valueType, v: value,
|
924
|
+
* e: serverToken, l: serverDerivedFromDataToken,
|
925
|
+
* k: contentionFactor,
|
926
|
+
* g: [{d: EDC, s: ESC, l: serverDerivedFromDataToken, p: encToken},
|
927
|
+
* {d: EDC, s: ESC, l: serverDerivedFromDataToken, p: encToken},
|
987
928
|
* ...]}
|
988
929
|
*/
|
989
|
-
static bool
|
990
|
-
|
991
|
-
|
992
|
-
|
930
|
+
static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange(_mongocrypt_key_broker_t *kb,
|
931
|
+
_mongocrypt_marking_t *marking,
|
932
|
+
_mongocrypt_ciphertext_t *ciphertext,
|
933
|
+
mongocrypt_status_t *status) {
|
993
934
|
BSON_ASSERT_PARAM(kb);
|
994
935
|
BSON_ASSERT_PARAM(marking);
|
995
936
|
BSON_ASSERT_PARAM(ciphertext);
|
996
|
-
BSON_ASSERT_PARAM(status);
|
997
937
|
BSON_ASSERT(kb->crypt);
|
998
|
-
BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
|
999
|
-
BSON_ASSERT(kb->crypt->opts.use_range_v2 == false);
|
1000
938
|
BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
|
1001
|
-
|
939
|
+
const bool use_range_v2 = kb->crypt->opts.use_range_v2;
|
1002
940
|
|
1003
941
|
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
|
1004
942
|
_FLE2EncryptedPayloadCommon_t common = {{0}};
|
1005
|
-
|
1006
|
-
|
943
|
+
mc_FLE2InsertUpdatePayloadV2_t payload;
|
944
|
+
mc_FLE2InsertUpdatePayloadV2_init(&payload);
|
1007
945
|
bool res = false;
|
1008
946
|
mc_edges_t *edges = NULL;
|
1009
947
|
|
1010
948
|
// Parse the value ("v"), min ("min"), and max ("max") from
|
1011
949
|
// FLE2EncryptionPlaceholder for range insert.
|
1012
950
|
mc_FLE2RangeInsertSpec_t insertSpec;
|
1013
|
-
if (!mc_FLE2RangeInsertSpec_parse(&insertSpec, &placeholder->v_iter,
|
951
|
+
if (!mc_FLE2RangeInsertSpec_parse(&insertSpec, &placeholder->v_iter, use_range_v2, status)) {
|
1014
952
|
goto fail;
|
1015
953
|
}
|
1016
954
|
|
1017
|
-
|
1018
|
-
|
1019
|
-
|
1020
|
-
|
1021
|
-
|
1022
|
-
|
1023
|
-
&insertSpec.v,
|
1024
|
-
status)) {
|
955
|
+
if (!_mongocrypt_fle2_placeholder_to_insert_update_common(kb,
|
956
|
+
&payload,
|
957
|
+
&common,
|
958
|
+
&marking->fle2,
|
959
|
+
&insertSpec.v,
|
960
|
+
status)) {
|
1025
961
|
goto fail;
|
1026
962
|
}
|
1027
963
|
|
1028
|
-
// g:= array<
|
964
|
+
// g:= array<EdgeTokenSetV2>
|
1029
965
|
{
|
1030
966
|
BSON_ASSERT(placeholder->sparsity >= 0 && (uint64_t)placeholder->sparsity <= (uint64_t)SIZE_MAX);
|
1031
967
|
edges = get_edges(&insertSpec, (size_t)placeholder->sparsity, status, kb->crypt->opts.use_range_v2);
|
@@ -1037,10 +973,11 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(
|
|
1037
973
|
// Create an EdgeTokenSet from each edge.
|
1038
974
|
bool loop_ok = false;
|
1039
975
|
const char *edge = mc_edges_get(edges, i);
|
976
|
+
bool is_leaf = mc_edges_is_leaf(edges, edge);
|
1040
977
|
_mongocrypt_buffer_t edge_buf = {0};
|
1041
978
|
_FLE2EncryptedPayloadCommon_t edge_tokens = {{0}};
|
1042
979
|
_mongocrypt_buffer_t encryptedTokens = {0};
|
1043
|
-
|
980
|
+
mc_EdgeTokenSetV2_t etc = {{0}};
|
1044
981
|
|
1045
982
|
if (!_mongocrypt_buffer_from_string(&edge_buf, edge)) {
|
1046
983
|
CLIENT_ERR("failed to copy edge to buffer");
|
@@ -1052,27 +989,29 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(
|
|
1052
989
|
&placeholder->index_key_id,
|
1053
990
|
&edge_buf,
|
1054
991
|
true, /* derive tokens using contentionFactor */
|
1055
|
-
contentionFactor,
|
992
|
+
payload.contentionFactor,
|
1056
993
|
status)) {
|
1057
994
|
goto fail_loop;
|
1058
995
|
}
|
996
|
+
BSON_ASSERT(edge_tokens.eccDerivedToken.data == NULL);
|
1059
997
|
|
1060
998
|
// d := EDCDerivedToken
|
1061
999
|
_mongocrypt_buffer_steal(&etc.edcDerivedToken, &edge_tokens.edcDerivedToken);
|
1062
1000
|
// s := ESCDerivedToken
|
1063
1001
|
_mongocrypt_buffer_steal(&etc.escDerivedToken, &edge_tokens.escDerivedToken);
|
1064
|
-
// c := ECCDerivedToken
|
1065
|
-
_mongocrypt_buffer_steal(&etc.eccDerivedToken, &edge_tokens.eccDerivedToken);
|
1066
1002
|
|
1067
|
-
//
|
1068
|
-
|
1003
|
+
// l := serverDerivedFromDataToken
|
1004
|
+
_mongocrypt_buffer_steal(&etc.serverDerivedFromDataToken, &edge_tokens.serverDerivedFromDataToken);
|
1005
|
+
|
1006
|
+
// p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor)
|
1007
|
+
// Or in Range V2: p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor || isLeaf)
|
1069
1008
|
if (!_fle2_derive_encrypted_token(kb->crypt->crypto,
|
1070
1009
|
&etc.encryptedTokens,
|
1071
|
-
|
1010
|
+
kb->crypt->opts.use_range_v2,
|
1072
1011
|
edge_tokens.collectionsLevel1Token,
|
1073
1012
|
&etc.escDerivedToken,
|
1074
|
-
|
1075
|
-
(
|
1013
|
+
NULL, // ecc unsed in FLE2v2
|
1014
|
+
OPT_BOOL(is_leaf),
|
1076
1015
|
status)) {
|
1077
1016
|
goto fail_loop;
|
1078
1017
|
}
|
@@ -1090,242 +1029,432 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(
|
|
1090
1029
|
}
|
1091
1030
|
}
|
1092
1031
|
|
1032
|
+
// Include "range" payload fields introduced in SERVER-91889.
|
1033
|
+
payload.sparsity = OPT_I64(placeholder->sparsity);
|
1034
|
+
payload.precision = insertSpec.precision;
|
1035
|
+
payload.trimFactor = OPT_I32(mc_edges_get_used_trimFactor(edges));
|
1036
|
+
bson_value_copy(bson_iter_value(&insertSpec.min), &payload.indexMin);
|
1037
|
+
bson_value_copy(bson_iter_value(&insertSpec.max), &payload.indexMax);
|
1038
|
+
|
1093
1039
|
{
|
1094
1040
|
bson_t out;
|
1095
1041
|
bson_init(&out);
|
1096
|
-
|
1042
|
+
mc_FLE2InsertUpdatePayloadV2_serializeForRange(&payload, &out, use_range_v2);
|
1097
1043
|
_mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
|
1098
1044
|
}
|
1099
1045
|
// Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
|
1100
|
-
// not used for
|
1101
|
-
ciphertext->blob_subtype =
|
1046
|
+
// not used for FLE2InsertUpdatePayloadV2.
|
1047
|
+
ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayloadV2;
|
1102
1048
|
|
1103
1049
|
res = true;
|
1104
1050
|
fail:
|
1105
1051
|
mc_edges_destroy(edges);
|
1106
|
-
|
1052
|
+
mc_FLE2InsertUpdatePayloadV2_cleanup(&payload);
|
1107
1053
|
_FLE2EncryptedPayloadCommon_cleanup(&common);
|
1108
1054
|
|
1109
1055
|
return res;
|
1110
1056
|
}
|
1111
1057
|
|
1112
1058
|
/**
|
1113
|
-
*
|
1114
|
-
*
|
1115
|
-
*
|
1059
|
+
* Sets up a mc_Text<T>TokenSet_t type by generating its member tokens:
|
1060
|
+
* - edcDerivedToken = HMAC(HMAC(HMAC(EDCToken, t), v), cf)
|
1061
|
+
* - escDerivedToken = HMAC(HMAC(HMAC(ESCToken, t), v), cf)
|
1062
|
+
* - serverDerivedFromDataToken = HMAC(HMAC(ServerLevel1Token, t), v)
|
1063
|
+
* and the encrypted token:
|
1064
|
+
* - encryptedTokens = EncryptCTR(ECOCToken, escDerivedToken)
|
1116
1065
|
*
|
1117
|
-
*
|
1118
|
-
*
|
1119
|
-
*
|
1120
|
-
*
|
1121
|
-
* g: [{d: EDC, s: ESC, l: serverDerivedFromDataToken, p: encToken},
|
1122
|
-
* {d: EDC, s: ESC, l: serverDerivedFromDataToken, p: encToken},
|
1123
|
-
* ...]}
|
1066
|
+
* <T> = Exact|Substring|Suffix|Prefix
|
1067
|
+
* t = 1 for Exact, 2 for Substring, 3 for Suffix, 4 for Prefix
|
1068
|
+
* cf = contentionFactor
|
1069
|
+
* EDC/ESC/ECOCToken are derived from {collLevel1Token}
|
1124
1070
|
*/
|
1125
|
-
|
1126
|
-
|
1127
|
-
|
1128
|
-
|
1129
|
-
|
1130
|
-
|
1131
|
-
|
1132
|
-
|
1133
|
-
|
1134
|
-
|
1135
|
-
|
1136
|
-
|
1137
|
-
|
1071
|
+
#define GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Type) \
|
1072
|
+
static bool _fle2_generate_Text##Type##TokenSet(_mongocrypt_key_broker_t *kb, \
|
1073
|
+
mc_Text##Type##TokenSet_t *out, \
|
1074
|
+
const _mongocrypt_buffer_t *value, \
|
1075
|
+
int64_t contentionFactor, \
|
1076
|
+
const mc_CollectionsLevel1Token_t *collLevel1Token, \
|
1077
|
+
const mc_ServerTokenDerivationLevel1Token_t *serverLevel1Token, \
|
1078
|
+
mongocrypt_status_t *status) { \
|
1079
|
+
BSON_ASSERT_PARAM(kb); \
|
1080
|
+
BSON_ASSERT_PARAM(kb->crypt); \
|
1081
|
+
BSON_ASSERT_PARAM(out); \
|
1082
|
+
BSON_ASSERT_PARAM(value); \
|
1083
|
+
BSON_ASSERT_PARAM(collLevel1Token); \
|
1084
|
+
BSON_ASSERT_PARAM(serverLevel1Token); \
|
1085
|
+
\
|
1086
|
+
if (!_fle2_derive_EDCText##Type##_token(kb->crypt->crypto, \
|
1087
|
+
&out->edcDerivedToken, \
|
1088
|
+
collLevel1Token, \
|
1089
|
+
value, \
|
1090
|
+
contentionFactor, \
|
1091
|
+
status)) { \
|
1092
|
+
return false; \
|
1093
|
+
} \
|
1094
|
+
if (!_fle2_derive_ESCText##Type##_token(kb->crypt->crypto, \
|
1095
|
+
&out->escDerivedToken, \
|
1096
|
+
collLevel1Token, \
|
1097
|
+
value, \
|
1098
|
+
contentionFactor, \
|
1099
|
+
status)) { \
|
1100
|
+
return false; \
|
1101
|
+
} \
|
1102
|
+
if (!_fle2_derive_serverText##Type##DerivedFromDataToken(kb->crypt->crypto, \
|
1103
|
+
&out->serverDerivedFromDataToken, \
|
1104
|
+
serverLevel1Token, \
|
1105
|
+
value, \
|
1106
|
+
status)) { \
|
1107
|
+
return false; \
|
1108
|
+
} \
|
1109
|
+
if (!_fle2_derive_encrypted_token(kb->crypt->crypto, \
|
1110
|
+
&out->encryptedTokens, \
|
1111
|
+
false, \
|
1112
|
+
collLevel1Token, \
|
1113
|
+
&out->escDerivedToken, \
|
1114
|
+
NULL, \
|
1115
|
+
(mc_optional_bool_t){0}, \
|
1116
|
+
status)) { \
|
1117
|
+
return false; \
|
1118
|
+
} \
|
1119
|
+
return true; \
|
1138
1120
|
}
|
1121
|
+
GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Exact);
|
1122
|
+
GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Substring)
|
1123
|
+
GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Suffix)
|
1124
|
+
GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Prefix)
|
1125
|
+
#undef GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL
|
1126
|
+
|
1127
|
+
static bool _fle2_generate_TextSearchTokenSets(_mongocrypt_key_broker_t *kb,
|
1128
|
+
mc_FLE2InsertUpdatePayloadV2_t *payload,
|
1129
|
+
const _mongocrypt_buffer_t *indexKeyId,
|
1130
|
+
const mc_FLE2TextSearchInsertSpec_t *spec,
|
1131
|
+
int64_t contentionFactor,
|
1132
|
+
mongocrypt_status_t *status) {
|
1133
|
+
BSON_ASSERT_PARAM(kb);
|
1134
|
+
BSON_ASSERT_PARAM(payload);
|
1135
|
+
BSON_ASSERT_PARAM(indexKeyId);
|
1136
|
+
BSON_ASSERT_PARAM(spec);
|
1139
1137
|
|
1140
|
-
|
1138
|
+
_mongocrypt_crypto_t *crypto = kb->crypt->crypto;
|
1139
|
+
mc_TextSearchTokenSets_t *tsts = &payload->textSearchTokenSets.tsts;
|
1141
1140
|
_FLE2EncryptedPayloadCommon_t common = {{0}};
|
1142
|
-
mc_FLE2InsertUpdatePayloadV2_t payload;
|
1143
|
-
mc_FLE2InsertUpdatePayloadV2_init(&payload);
|
1144
1141
|
bool res = false;
|
1145
|
-
mc_edges_t *edges = NULL;
|
1146
1142
|
|
1147
|
-
|
1148
|
-
|
1149
|
-
mc_FLE2RangeInsertSpec_t insertSpec;
|
1150
|
-
if (!mc_FLE2RangeInsertSpec_parse(&insertSpec, &placeholder->v_iter, use_range_v2, status)) {
|
1143
|
+
mc_str_encode_sets_t *encodeSets = mc_text_search_str_encode(spec, status);
|
1144
|
+
if (!encodeSets) {
|
1151
1145
|
goto fail;
|
1152
1146
|
}
|
1153
1147
|
|
1154
|
-
|
1155
|
-
|
1156
|
-
&common,
|
1157
|
-
&marking->fle2,
|
1158
|
-
&insertSpec.v,
|
1159
|
-
status)) {
|
1148
|
+
// Start the token derivations
|
1149
|
+
if (!_get_tokenKey(kb, indexKeyId, &common.tokenKey, status)) {
|
1160
1150
|
goto fail;
|
1161
1151
|
}
|
1162
1152
|
|
1163
|
-
|
1153
|
+
common.collectionsLevel1Token = mc_CollectionsLevel1Token_new(crypto, &common.tokenKey, status);
|
1154
|
+
if (!common.collectionsLevel1Token) {
|
1155
|
+
CLIENT_ERR("unable to derive collectionLevel1Token");
|
1156
|
+
goto fail;
|
1157
|
+
}
|
1158
|
+
|
1159
|
+
common.serverTokenDerivationLevel1Token = mc_ServerTokenDerivationLevel1Token_new(crypto, &common.tokenKey, status);
|
1160
|
+
if (!common.serverTokenDerivationLevel1Token) {
|
1161
|
+
CLIENT_ERR("unable to derive serverTokenDerivationLevel1Token");
|
1162
|
+
goto fail;
|
1163
|
+
}
|
1164
|
+
|
1165
|
+
// Generate exact token set singleton
|
1164
1166
|
{
|
1165
|
-
|
1166
|
-
|
1167
|
-
|
1167
|
+
_mongocrypt_buffer_t asBsonValue;
|
1168
|
+
_mongocrypt_buffer_init(&asBsonValue);
|
1169
|
+
BSON_ASSERT(encodeSets->exact.len < INT_MAX);
|
1170
|
+
_mongocrypt_buffer_copy_from_string_as_bson_value(&asBsonValue,
|
1171
|
+
(const char *)encodeSets->exact.data,
|
1172
|
+
(int)encodeSets->exact.len);
|
1173
|
+
if (!_fle2_generate_TextExactTokenSet(kb,
|
1174
|
+
&tsts->exact,
|
1175
|
+
&asBsonValue,
|
1176
|
+
contentionFactor,
|
1177
|
+
common.collectionsLevel1Token,
|
1178
|
+
common.serverTokenDerivationLevel1Token,
|
1179
|
+
status)) {
|
1180
|
+
_mongocrypt_buffer_cleanup(&asBsonValue);
|
1168
1181
|
goto fail;
|
1169
1182
|
}
|
1183
|
+
_mongocrypt_buffer_cleanup(&asBsonValue);
|
1184
|
+
}
|
1170
1185
|
|
1171
|
-
|
1172
|
-
|
1173
|
-
|
1174
|
-
|
1175
|
-
|
1176
|
-
|
1177
|
-
|
1178
|
-
|
1179
|
-
|
1186
|
+
const char *substring;
|
1187
|
+
uint32_t bytelen;
|
1188
|
+
uint32_t appendCount;
|
1189
|
+
|
1190
|
+
// Generate array of substring token sets
|
1191
|
+
if (encodeSets->substring_set) {
|
1192
|
+
mc_substring_set_iter_t set_itr;
|
1193
|
+
mc_substring_set_iter_init(&set_itr, encodeSets->substring_set);
|
1194
|
+
|
1195
|
+
while (mc_substring_set_iter_next(&set_itr, &substring, &bytelen, &appendCount)) {
|
1196
|
+
BSON_ASSERT(appendCount > 0);
|
1197
|
+
BSON_ASSERT(bytelen < INT_MAX);
|
1198
|
+
|
1199
|
+
mc_TextSubstringTokenSet_t tset = {{0}};
|
1200
|
+
|
1201
|
+
_mongocrypt_buffer_t asBsonValue;
|
1202
|
+
_mongocrypt_buffer_init(&asBsonValue);
|
1203
|
+
_mongocrypt_buffer_copy_from_string_as_bson_value(&asBsonValue, substring, (int)bytelen);
|
1180
1204
|
|
1181
|
-
if (!
|
1182
|
-
|
1183
|
-
|
1205
|
+
if (!_fle2_generate_TextSubstringTokenSet(kb,
|
1206
|
+
&tset,
|
1207
|
+
&asBsonValue,
|
1208
|
+
contentionFactor,
|
1209
|
+
common.collectionsLevel1Token,
|
1210
|
+
common.serverTokenDerivationLevel1Token,
|
1211
|
+
status)) {
|
1212
|
+
_mongocrypt_buffer_cleanup(&asBsonValue);
|
1213
|
+
mc_TextSubstringTokenSet_cleanup(&tset);
|
1214
|
+
goto fail;
|
1184
1215
|
}
|
1216
|
+
_mongocrypt_buffer_cleanup(&asBsonValue);
|
1185
1217
|
|
1186
|
-
if (
|
1187
|
-
|
1188
|
-
|
1189
|
-
|
1190
|
-
|
1191
|
-
|
1192
|
-
status)) {
|
1193
|
-
goto fail_loop;
|
1218
|
+
if (appendCount > 1) {
|
1219
|
+
mc_TextSubstringTokenSet_t tset_copy;
|
1220
|
+
mc_TextSubstringTokenSet_shallow_copy(&tset, &tset_copy);
|
1221
|
+
for (; appendCount > 1; appendCount--) {
|
1222
|
+
_mc_array_append_val(&tsts->substringArray, tset_copy);
|
1223
|
+
}
|
1194
1224
|
}
|
1195
|
-
|
1225
|
+
_mc_array_append_val(&tsts->substringArray, tset); // array now owns tset
|
1226
|
+
}
|
1227
|
+
}
|
1196
1228
|
|
1197
|
-
|
1198
|
-
|
1199
|
-
|
1200
|
-
|
1229
|
+
// Generate array of suffix token sets
|
1230
|
+
if (encodeSets->suffix_set) {
|
1231
|
+
mc_affix_set_iter_t set_itr;
|
1232
|
+
mc_affix_set_iter_init(&set_itr, encodeSets->suffix_set);
|
1201
1233
|
|
1202
|
-
|
1203
|
-
|
1234
|
+
while (mc_affix_set_iter_next(&set_itr, &substring, &bytelen, &appendCount)) {
|
1235
|
+
BSON_ASSERT(appendCount > 0);
|
1236
|
+
BSON_ASSERT(bytelen < INT_MAX);
|
1204
1237
|
|
1205
|
-
|
1206
|
-
|
1207
|
-
if (!_fle2_derive_encrypted_token(kb->crypt->crypto,
|
1208
|
-
&etc.encryptedTokens,
|
1209
|
-
kb->crypt->opts.use_range_v2,
|
1210
|
-
edge_tokens.collectionsLevel1Token,
|
1211
|
-
&etc.escDerivedToken,
|
1212
|
-
NULL, // ecc unsed in FLE2v2
|
1213
|
-
OPT_BOOL(is_leaf),
|
1214
|
-
status)) {
|
1215
|
-
goto fail_loop;
|
1216
|
-
}
|
1238
|
+
mc_TextSuffixTokenSet_t tset = {{0}};
|
1239
|
+
mc_TextSuffixTokenSet_init(&tset);
|
1217
1240
|
|
1218
|
-
|
1241
|
+
_mongocrypt_buffer_t asBsonValue;
|
1242
|
+
_mongocrypt_buffer_init(&asBsonValue);
|
1243
|
+
_mongocrypt_buffer_copy_from_string_as_bson_value(&asBsonValue, substring, (int)bytelen);
|
1219
1244
|
|
1220
|
-
|
1221
|
-
|
1222
|
-
|
1223
|
-
|
1224
|
-
|
1225
|
-
|
1245
|
+
if (!_fle2_generate_TextSuffixTokenSet(kb,
|
1246
|
+
&tset,
|
1247
|
+
&asBsonValue,
|
1248
|
+
contentionFactor,
|
1249
|
+
common.collectionsLevel1Token,
|
1250
|
+
common.serverTokenDerivationLevel1Token,
|
1251
|
+
status)) {
|
1252
|
+
_mongocrypt_buffer_cleanup(&asBsonValue);
|
1253
|
+
mc_TextSuffixTokenSet_cleanup(&tset);
|
1226
1254
|
goto fail;
|
1227
1255
|
}
|
1256
|
+
_mongocrypt_buffer_cleanup(&asBsonValue);
|
1257
|
+
|
1258
|
+
if (appendCount > 1) {
|
1259
|
+
mc_TextSuffixTokenSet_t tset_copy;
|
1260
|
+
mc_TextSuffixTokenSet_shallow_copy(&tset, &tset_copy);
|
1261
|
+
for (; appendCount > 1; appendCount--) {
|
1262
|
+
_mc_array_append_val(&tsts->suffixArray, tset_copy);
|
1263
|
+
}
|
1264
|
+
}
|
1265
|
+
_mc_array_append_val(&tsts->suffixArray, tset); // array now owns tset
|
1228
1266
|
}
|
1229
1267
|
}
|
1230
1268
|
|
1231
|
-
//
|
1232
|
-
|
1233
|
-
|
1234
|
-
|
1235
|
-
bson_value_copy(bson_iter_value(&insertSpec.min), &payload.indexMin);
|
1236
|
-
bson_value_copy(bson_iter_value(&insertSpec.max), &payload.indexMax);
|
1269
|
+
// Generate array of prefix token sets
|
1270
|
+
if (encodeSets->prefix_set) {
|
1271
|
+
mc_affix_set_iter_t set_itr;
|
1272
|
+
mc_affix_set_iter_init(&set_itr, encodeSets->prefix_set);
|
1237
1273
|
|
1238
|
-
|
1239
|
-
|
1240
|
-
|
1241
|
-
|
1242
|
-
|
1243
|
-
|
1244
|
-
|
1245
|
-
|
1246
|
-
|
1274
|
+
while (mc_affix_set_iter_next(&set_itr, &substring, &bytelen, &appendCount)) {
|
1275
|
+
BSON_ASSERT(appendCount > 0);
|
1276
|
+
BSON_ASSERT(bytelen < INT_MAX);
|
1277
|
+
|
1278
|
+
mc_TextPrefixTokenSet_t tset = {{0}};
|
1279
|
+
mc_TextPrefixTokenSet_init(&tset);
|
1280
|
+
|
1281
|
+
_mongocrypt_buffer_t asBsonValue;
|
1282
|
+
_mongocrypt_buffer_init(&asBsonValue);
|
1283
|
+
_mongocrypt_buffer_copy_from_string_as_bson_value(&asBsonValue, substring, (int)bytelen);
|
1284
|
+
|
1285
|
+
if (!_fle2_generate_TextPrefixTokenSet(kb,
|
1286
|
+
&tset,
|
1287
|
+
&asBsonValue,
|
1288
|
+
contentionFactor,
|
1289
|
+
common.collectionsLevel1Token,
|
1290
|
+
common.serverTokenDerivationLevel1Token,
|
1291
|
+
status)) {
|
1292
|
+
_mongocrypt_buffer_cleanup(&asBsonValue);
|
1293
|
+
mc_TextPrefixTokenSet_cleanup(&tset);
|
1294
|
+
goto fail;
|
1295
|
+
}
|
1296
|
+
_mongocrypt_buffer_cleanup(&asBsonValue);
|
1247
1297
|
|
1298
|
+
if (appendCount > 1) {
|
1299
|
+
mc_TextPrefixTokenSet_t tset_copy;
|
1300
|
+
mc_TextPrefixTokenSet_shallow_copy(&tset, &tset_copy);
|
1301
|
+
for (; appendCount > 1; appendCount--) {
|
1302
|
+
_mc_array_append_val(&tsts->prefixArray, tset_copy); // array now owns tset_copy
|
1303
|
+
}
|
1304
|
+
}
|
1305
|
+
_mc_array_append_val(&tsts->prefixArray, tset); // moves ownership of tset
|
1306
|
+
}
|
1307
|
+
}
|
1308
|
+
payload->textSearchTokenSets.set = true;
|
1248
1309
|
res = true;
|
1249
1310
|
fail:
|
1250
|
-
mc_edges_destroy(edges);
|
1251
|
-
mc_FLE2InsertUpdatePayloadV2_cleanup(&payload);
|
1252
1311
|
_FLE2EncryptedPayloadCommon_cleanup(&common);
|
1253
|
-
|
1312
|
+
mc_str_encode_sets_destroy(encodeSets);
|
1254
1313
|
return res;
|
1255
1314
|
}
|
1256
1315
|
|
1257
1316
|
/**
|
1258
|
-
* Payload subtype
|
1317
|
+
* Payload subtype 11: FLE2InsertUpdatePayloadV2 for text search inserts/updates
|
1259
1318
|
*
|
1260
|
-
* {
|
1319
|
+
* {v: value, u: indexKeyId, t: valueType, k: contentionFactor, e: serverToken,
|
1320
|
+
* b: { e: {d: EDC_exact, s: ESC_exact, l: svrDFDToken_exact, p: encToken_exact},
|
1321
|
+
* s: [{d: EDC_substr, s: ESC_substr, l: svrDFDToken_substr, p: encToken_substr}, ...]
|
1322
|
+
* u: [{d: EDC_suffix, s: ESC_suffix, l: svrDFDToken_suffix, p: encToken_suffix}, ...]
|
1323
|
+
* p: [{d: EDC_prefix, s: ESC_prefix, l: svrDFDToken_prefix, p: encToken_prefix}, ...]
|
1324
|
+
* },
|
1325
|
+
* d: bogusToken, s: bogusToken, l: bogusToken, p: bogusCiphertext
|
1326
|
+
* }
|
1261
1327
|
*/
|
1262
|
-
static bool
|
1263
|
-
|
1264
|
-
|
1265
|
-
|
1328
|
+
static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForTextSearch(_mongocrypt_key_broker_t *kb,
|
1329
|
+
_mongocrypt_marking_t *marking,
|
1330
|
+
_mongocrypt_ciphertext_t *ciphertext,
|
1331
|
+
mongocrypt_status_t *status) {
|
1266
1332
|
BSON_ASSERT_PARAM(kb);
|
1267
1333
|
BSON_ASSERT_PARAM(marking);
|
1268
1334
|
BSON_ASSERT_PARAM(ciphertext);
|
1335
|
+
BSON_ASSERT(kb->crypt);
|
1336
|
+
BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
|
1337
|
+
|
1338
|
+
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
|
1339
|
+
BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT);
|
1340
|
+
BSON_ASSERT(placeholder->algorithm == MONGOCRYPT_FLE2_ALGORITHM_TEXT_SEARCH);
|
1269
1341
|
|
1270
1342
|
_FLE2EncryptedPayloadCommon_t common = {{0}};
|
1343
|
+
mc_FLE2InsertUpdatePayloadV2_t payload;
|
1344
|
+
mc_FLE2InsertUpdatePayloadV2_init(&payload);
|
1345
|
+
|
1271
1346
|
_mongocrypt_buffer_t value = {0};
|
1272
|
-
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
|
1273
|
-
mc_FLE2FindEqualityPayload_t payload;
|
1274
1347
|
bool res = false;
|
1275
1348
|
|
1276
|
-
|
1277
|
-
|
1278
|
-
|
1279
|
-
|
1280
|
-
mc_FLE2FindEqualityPayload_init(&payload);
|
1349
|
+
mc_FLE2TextSearchInsertSpec_t insertSpec;
|
1350
|
+
if (!mc_FLE2TextSearchInsertSpec_parse(&insertSpec, &placeholder->v_iter, status)) {
|
1351
|
+
goto fail;
|
1352
|
+
}
|
1281
1353
|
|
1282
|
-
|
1354
|
+
// t
|
1355
|
+
payload.valueType = BSON_TYPE_UTF8;
|
1356
|
+
|
1357
|
+
// k
|
1358
|
+
payload.contentionFactor = 0;
|
1359
|
+
if (placeholder->maxContentionFactor > 0) {
|
1360
|
+
/* Choose a random contentionFactor in the inclusive range [0,
|
1361
|
+
* placeholder->maxContentionFactor] */
|
1362
|
+
if (!_mongocrypt_random_int64(kb->crypt->crypto,
|
1363
|
+
placeholder->maxContentionFactor + 1,
|
1364
|
+
&payload.contentionFactor,
|
1365
|
+
status)) {
|
1366
|
+
goto fail;
|
1367
|
+
}
|
1368
|
+
}
|
1283
1369
|
|
1370
|
+
// u
|
1371
|
+
_mongocrypt_buffer_copy_to(&placeholder->index_key_id, &payload.indexKeyId);
|
1372
|
+
|
1373
|
+
_mongocrypt_buffer_from_iter(&value, &insertSpec.v_iter);
|
1284
1374
|
if (!_mongocrypt_fle2_placeholder_common(kb,
|
1285
1375
|
&common,
|
1286
1376
|
&placeholder->index_key_id,
|
1287
1377
|
&value,
|
1288
|
-
|
1289
|
-
|
1378
|
+
true, /* derive tokens using contentionFactor */
|
1379
|
+
payload.contentionFactor,
|
1290
1380
|
status)) {
|
1291
1381
|
goto fail;
|
1292
1382
|
}
|
1293
1383
|
|
1294
|
-
// d
|
1295
|
-
|
1296
|
-
|
1297
|
-
|
1298
|
-
|
1299
|
-
|
1384
|
+
// (d, s, l) are never used for text search, so just set these to bogus buffers of
|
1385
|
+
// correct length.
|
1386
|
+
BSON_ASSERT(_mongocrypt_buffer_steal_from_data_and_size(&payload.edcDerivedToken,
|
1387
|
+
bson_malloc0(MONGOCRYPT_HMAC_SHA256_LEN),
|
1388
|
+
MONGOCRYPT_HMAC_SHA256_LEN));
|
1389
|
+
_mongocrypt_buffer_copy_to(&payload.edcDerivedToken, &payload.escDerivedToken);
|
1390
|
+
_mongocrypt_buffer_copy_to(&payload.edcDerivedToken, &payload.serverDerivedFromDataToken);
|
1391
|
+
|
1392
|
+
// p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor)
|
1393
|
+
// Since p is never used for text search, this just sets p to a bogus ciphertext of
|
1394
|
+
// the correct length.
|
1395
|
+
if (!_fle2_derive_encrypted_token(kb->crypt->crypto,
|
1396
|
+
&payload.encryptedTokens,
|
1397
|
+
false,
|
1398
|
+
common.collectionsLevel1Token,
|
1399
|
+
&payload.escDerivedToken, // bogus
|
1400
|
+
NULL, // unused in FLE2v2
|
1401
|
+
(mc_optional_bool_t){0},
|
1402
|
+
status)) {
|
1403
|
+
goto fail;
|
1404
|
+
}
|
1300
1405
|
|
1406
|
+
// v := UserKeyId + EncryptCBCAEAD(UserKey, value)
|
1407
|
+
{
|
1408
|
+
_mongocrypt_buffer_t ciphertext = {0};
|
1409
|
+
if (!_fle2_placeholder_aes_aead_encrypt(kb,
|
1410
|
+
_mcFLE2v2AEADAlgorithm(),
|
1411
|
+
&ciphertext,
|
1412
|
+
&placeholder->user_key_id,
|
1413
|
+
&value,
|
1414
|
+
status)) {
|
1415
|
+
goto fail;
|
1416
|
+
}
|
1417
|
+
const _mongocrypt_buffer_t v[2] = {placeholder->user_key_id, ciphertext};
|
1418
|
+
const bool ok = _mongocrypt_buffer_concat(&payload.value, v, 2);
|
1419
|
+
_mongocrypt_buffer_cleanup(&ciphertext);
|
1420
|
+
if (!ok) {
|
1421
|
+
goto fail;
|
1422
|
+
}
|
1423
|
+
}
|
1301
1424
|
// e := ServerDataEncryptionLevel1Token
|
1302
1425
|
_mongocrypt_buffer_copy_to(mc_ServerDataEncryptionLevel1Token_get(common.serverDataEncryptionLevel1Token),
|
1303
1426
|
&payload.serverEncryptionToken);
|
1304
1427
|
|
1305
|
-
|
1428
|
+
// b
|
1429
|
+
if (!_fle2_generate_TextSearchTokenSets(kb,
|
1430
|
+
&payload,
|
1431
|
+
&placeholder->index_key_id,
|
1432
|
+
&insertSpec,
|
1433
|
+
payload.contentionFactor,
|
1434
|
+
status)) {
|
1435
|
+
goto fail;
|
1436
|
+
}
|
1306
1437
|
|
1307
1438
|
{
|
1308
1439
|
bson_t out;
|
1309
1440
|
bson_init(&out);
|
1310
|
-
|
1441
|
+
mc_FLE2InsertUpdatePayloadV2_serializeForTextSearch(&payload, &out);
|
1311
1442
|
_mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
|
1312
1443
|
}
|
1313
1444
|
// Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
|
1314
|
-
// not used for
|
1315
|
-
ciphertext->blob_subtype =
|
1445
|
+
// not used for FLE2InsertUpdatePayloadV2.
|
1446
|
+
ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayloadV2;
|
1316
1447
|
|
1317
1448
|
res = true;
|
1318
1449
|
fail:
|
1319
|
-
|
1450
|
+
mc_FLE2InsertUpdatePayloadV2_cleanup(&payload);
|
1320
1451
|
_mongocrypt_buffer_cleanup(&value);
|
1321
1452
|
_FLE2EncryptedPayloadCommon_cleanup(&common);
|
1322
|
-
|
1323
1453
|
return res;
|
1324
1454
|
}
|
1325
1455
|
|
1326
1456
|
/**
|
1327
1457
|
* Payload subtype 12: FLE2FindEqualityPayloadV2
|
1328
|
-
* Delegates to ..._find_ciphertext_v1 when crypt->opts.use_fle2_v2 == false.
|
1329
1458
|
*
|
1330
1459
|
* {d: EDC, s: ESC, l: serverDerivedFromDataToken, cm: maxContentionFactor}
|
1331
1460
|
*/
|
@@ -1337,10 +1466,6 @@ static bool _mongocrypt_fle2_placeholder_to_find_ciphertext(_mongocrypt_key_brok
|
|
1337
1466
|
BSON_ASSERT_PARAM(marking);
|
1338
1467
|
BSON_ASSERT_PARAM(ciphertext);
|
1339
1468
|
|
1340
|
-
if (kb->crypt->opts.use_fle2_v2 == false) {
|
1341
|
-
return _mongocrypt_fle2_placeholder_to_find_ciphertext_v1(kb, marking, ciphertext, status);
|
1342
|
-
}
|
1343
|
-
|
1344
1469
|
_FLE2EncryptedPayloadCommon_t common = {{0}};
|
1345
1470
|
_mongocrypt_buffer_t value = {0};
|
1346
1471
|
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
|
@@ -1569,145 +1694,8 @@ mc_mincover_t *mc_get_mincover_from_FLE2RangeFindSpec(mc_FLE2RangeFindSpec_t *fi
|
|
1569
1694
|
}
|
1570
1695
|
}
|
1571
1696
|
|
1572
|
-
/**
|
1573
|
-
* Payload subtype 10: FLE2FindRangePayload
|
1574
|
-
*
|
1575
|
-
* {e: serverToken, cm: maxContentionFactor,
|
1576
|
-
* g: [{d: EDC, s: ESC, c: ECC}, ...]}
|
1577
|
-
*/
|
1578
|
-
static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(_mongocrypt_key_broker_t *kb,
|
1579
|
-
_mongocrypt_marking_t *marking,
|
1580
|
-
_mongocrypt_ciphertext_t *ciphertext,
|
1581
|
-
mongocrypt_status_t *status) {
|
1582
|
-
BSON_ASSERT_PARAM(kb);
|
1583
|
-
BSON_ASSERT_PARAM(marking);
|
1584
|
-
BSON_ASSERT_PARAM(ciphertext);
|
1585
|
-
BSON_ASSERT(kb->crypt);
|
1586
|
-
|
1587
|
-
const bool use_range_v2 = kb->crypt->opts.use_range_v2;
|
1588
|
-
_mongocrypt_crypto_t *crypto = kb->crypt->crypto;
|
1589
|
-
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
|
1590
|
-
mc_FLE2FindRangePayload_t payload;
|
1591
|
-
bool res = false;
|
1592
|
-
mc_mincover_t *mincover = NULL;
|
1593
|
-
_mongocrypt_buffer_t tokenKey = {0};
|
1594
|
-
|
1595
|
-
BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
|
1596
|
-
BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
|
1597
|
-
BSON_ASSERT(placeholder);
|
1598
|
-
BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND);
|
1599
|
-
BSON_ASSERT(placeholder->algorithm == MONGOCRYPT_FLE2_ALGORITHM_RANGE);
|
1600
|
-
mc_FLE2FindRangePayload_init(&payload);
|
1601
|
-
|
1602
|
-
// Parse the query bounds and index bounds from FLE2EncryptionPlaceholder for
|
1603
|
-
// range find.
|
1604
|
-
mc_FLE2RangeFindSpec_t findSpec;
|
1605
|
-
if (!mc_FLE2RangeFindSpec_parse(&findSpec, &placeholder->v_iter, use_range_v2, status)) {
|
1606
|
-
goto fail;
|
1607
|
-
}
|
1608
|
-
|
1609
|
-
if (findSpec.edgesInfo.set) {
|
1610
|
-
// cm := Queryable Encryption max contentionFactor
|
1611
|
-
payload.payload.value.maxContentionFactor = placeholder->maxContentionFactor;
|
1612
|
-
|
1613
|
-
// e := ServerDataEncryptionLevel1Token
|
1614
|
-
{
|
1615
|
-
if (!_get_tokenKey(kb, &placeholder->index_key_id, &tokenKey, status)) {
|
1616
|
-
goto fail;
|
1617
|
-
}
|
1618
|
-
|
1619
|
-
mc_ServerDataEncryptionLevel1Token_t *serverToken =
|
1620
|
-
mc_ServerDataEncryptionLevel1Token_new(crypto, &tokenKey, status);
|
1621
|
-
if (!serverToken) {
|
1622
|
-
goto fail;
|
1623
|
-
}
|
1624
|
-
_mongocrypt_buffer_copy_to(mc_ServerDataEncryptionLevel1Token_get(serverToken),
|
1625
|
-
&payload.payload.value.serverEncryptionToken);
|
1626
|
-
mc_ServerDataEncryptionLevel1Token_destroy(serverToken);
|
1627
|
-
}
|
1628
|
-
|
1629
|
-
// g:= array<EdgeFindTokenSet>
|
1630
|
-
{
|
1631
|
-
BSON_ASSERT(placeholder->sparsity >= 0 && (uint64_t)placeholder->sparsity <= (uint64_t)SIZE_MAX);
|
1632
|
-
mincover =
|
1633
|
-
mc_get_mincover_from_FLE2RangeFindSpec(&findSpec, (size_t)placeholder->sparsity, status, use_range_v2);
|
1634
|
-
if (!mincover) {
|
1635
|
-
goto fail;
|
1636
|
-
}
|
1637
|
-
|
1638
|
-
for (size_t i = 0; i < mc_mincover_len(mincover); i++) {
|
1639
|
-
// Create a EdgeFindTokenSet from each edge.
|
1640
|
-
bool loop_ok = false;
|
1641
|
-
const char *edge = mc_mincover_get(mincover, i);
|
1642
|
-
_mongocrypt_buffer_t edge_buf = {0};
|
1643
|
-
_FLE2EncryptedPayloadCommon_t edge_tokens = {{0}};
|
1644
|
-
mc_EdgeFindTokenSet_t eftc = {{0}};
|
1645
|
-
|
1646
|
-
if (!_mongocrypt_buffer_from_string(&edge_buf, edge)) {
|
1647
|
-
CLIENT_ERR("failed to copy edge to buffer");
|
1648
|
-
goto fail_loop;
|
1649
|
-
}
|
1650
|
-
|
1651
|
-
if (!_mongocrypt_fle2_placeholder_common(kb,
|
1652
|
-
&edge_tokens,
|
1653
|
-
&placeholder->index_key_id,
|
1654
|
-
&edge_buf,
|
1655
|
-
false, /* derive tokens using contentionFactor */
|
1656
|
-
placeholder->maxContentionFactor, /* ignored */
|
1657
|
-
status)) {
|
1658
|
-
goto fail_loop;
|
1659
|
-
}
|
1660
|
-
|
1661
|
-
// d := EDCDerivedToken
|
1662
|
-
_mongocrypt_buffer_steal(&eftc.edcDerivedToken, &edge_tokens.edcDerivedToken);
|
1663
|
-
// s := ESCDerivedToken
|
1664
|
-
_mongocrypt_buffer_steal(&eftc.escDerivedToken, &edge_tokens.escDerivedToken);
|
1665
|
-
// c := ECCDerivedToken
|
1666
|
-
_mongocrypt_buffer_steal(&eftc.eccDerivedToken, &edge_tokens.eccDerivedToken);
|
1667
|
-
|
1668
|
-
_mc_array_append_val(&payload.payload.value.edgeFindTokenSetArray, eftc);
|
1669
|
-
|
1670
|
-
loop_ok = true;
|
1671
|
-
fail_loop:
|
1672
|
-
_FLE2EncryptedPayloadCommon_cleanup(&edge_tokens);
|
1673
|
-
_mongocrypt_buffer_cleanup(&edge_buf);
|
1674
|
-
if (!loop_ok) {
|
1675
|
-
goto fail;
|
1676
|
-
}
|
1677
|
-
}
|
1678
|
-
}
|
1679
|
-
payload.payload.set = true;
|
1680
|
-
}
|
1681
|
-
|
1682
|
-
payload.payloadId = findSpec.payloadId;
|
1683
|
-
payload.firstOperator = findSpec.firstOperator;
|
1684
|
-
payload.secondOperator = findSpec.secondOperator;
|
1685
|
-
|
1686
|
-
// Serialize.
|
1687
|
-
{
|
1688
|
-
bson_t out = BSON_INITIALIZER;
|
1689
|
-
mc_FLE2FindRangePayload_serialize(&payload, &out);
|
1690
|
-
_mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
|
1691
|
-
}
|
1692
|
-
_mongocrypt_buffer_steal(&ciphertext->key_id, &placeholder->index_key_id);
|
1693
|
-
|
1694
|
-
// Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
|
1695
|
-
// not used for FLE2FindRangePayload.
|
1696
|
-
ciphertext->blob_subtype = MC_SUBTYPE_FLE2FindRangePayload;
|
1697
|
-
|
1698
|
-
res = true;
|
1699
|
-
fail:
|
1700
|
-
mc_mincover_destroy(mincover);
|
1701
|
-
mc_FLE2FindRangePayload_cleanup(&payload);
|
1702
|
-
_mongocrypt_buffer_cleanup(&tokenKey);
|
1703
|
-
|
1704
|
-
return res;
|
1705
|
-
}
|
1706
|
-
|
1707
1697
|
/**
|
1708
1698
|
* Payload subtype 13: FLE2FindRangePayloadV2
|
1709
|
-
* Delegates to ..._find_ciphertextForRange_v1
|
1710
|
-
* when crypt->opts.use_fle2_v2 is false
|
1711
1699
|
*
|
1712
1700
|
* {cm: maxContentionFactor,
|
1713
1701
|
* g: [{d: EDC, s: ESC, l: serverDerivedFromDataToken}, ...]}
|
@@ -1720,10 +1708,6 @@ static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange(_mongocrypt_
|
|
1720
1708
|
BSON_ASSERT_PARAM(marking);
|
1721
1709
|
BSON_ASSERT_PARAM(ciphertext);
|
1722
1710
|
|
1723
|
-
if (kb->crypt->opts.use_fle2_v2 == false) {
|
1724
|
-
return _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(kb, marking, ciphertext, status);
|
1725
|
-
}
|
1726
|
-
|
1727
1711
|
const bool use_range_v2 = kb->crypt->opts.use_range_v2;
|
1728
1712
|
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
|
1729
1713
|
mc_FLE2FindRangePayloadV2_t payload;
|
@@ -1836,6 +1820,15 @@ fail:
|
|
1836
1820
|
return res;
|
1837
1821
|
}
|
1838
1822
|
|
1823
|
+
static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForTextSearch(_mongocrypt_key_broker_t *kb,
|
1824
|
+
_mongocrypt_marking_t *marking,
|
1825
|
+
_mongocrypt_ciphertext_t *ciphertext,
|
1826
|
+
mongocrypt_status_t *status) {
|
1827
|
+
// TODO MONGOCRYPT-761 implement find support for text search fields
|
1828
|
+
CLIENT_ERR("Text search find is not yet supported");
|
1829
|
+
return false;
|
1830
|
+
}
|
1831
|
+
|
1839
1832
|
static bool _mongocrypt_fle2_placeholder_to_FLE2UnindexedEncryptedValue(_mongocrypt_key_broker_t *kb,
|
1840
1833
|
_mongocrypt_marking_t *marking,
|
1841
1834
|
_mongocrypt_ciphertext_t *ciphertext,
|
@@ -1860,25 +1853,14 @@ static bool _mongocrypt_fle2_placeholder_to_FLE2UnindexedEncryptedValue(_mongocr
|
|
1860
1853
|
}
|
1861
1854
|
|
1862
1855
|
BSON_ASSERT(kb->crypt);
|
1863
|
-
|
1864
|
-
|
1865
|
-
|
1866
|
-
|
1867
|
-
|
1868
|
-
|
1869
|
-
|
1870
|
-
|
1871
|
-
ciphertext->blob_subtype = MC_SUBTYPE_FLE2UnindexedEncryptedValueV2;
|
1872
|
-
} else {
|
1873
|
-
res = mc_FLE2UnindexedEncryptedValue_encrypt(kb->crypt->crypto,
|
1874
|
-
&placeholder->user_key_id,
|
1875
|
-
bson_iter_type(&placeholder->v_iter),
|
1876
|
-
&plaintext,
|
1877
|
-
&user_key,
|
1878
|
-
&ciphertext->data,
|
1879
|
-
status);
|
1880
|
-
ciphertext->blob_subtype = MC_SUBTYPE_FLE2UnindexedEncryptedValue;
|
1881
|
-
}
|
1856
|
+
res = mc_FLE2UnindexedEncryptedValueV2_encrypt(kb->crypt->crypto,
|
1857
|
+
&placeholder->user_key_id,
|
1858
|
+
bson_iter_type(&placeholder->v_iter),
|
1859
|
+
&plaintext,
|
1860
|
+
&user_key,
|
1861
|
+
&ciphertext->data,
|
1862
|
+
status);
|
1863
|
+
ciphertext->blob_subtype = MC_SUBTYPE_FLE2UnindexedEncryptedValueV2;
|
1882
1864
|
|
1883
1865
|
if (!res) {
|
1884
1866
|
goto fail;
|
@@ -2059,6 +2041,17 @@ bool _mongocrypt_marking_to_ciphertext(void *ctx,
|
|
2059
2041
|
return _mongocrypt_fle2_placeholder_to_find_ciphertext(kb, marking, ciphertext, status);
|
2060
2042
|
default: CLIENT_ERR("unexpected fle2 type: %d", (int)marking->fle2.type); return false;
|
2061
2043
|
}
|
2044
|
+
case MONGOCRYPT_FLE2_ALGORITHM_TEXT_SEARCH:
|
2045
|
+
switch (marking->fle2.type) {
|
2046
|
+
case MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT:
|
2047
|
+
return _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForTextSearch(kb,
|
2048
|
+
marking,
|
2049
|
+
ciphertext,
|
2050
|
+
status);
|
2051
|
+
case MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND:
|
2052
|
+
return _mongocrypt_fle2_placeholder_to_find_ciphertextForTextSearch(kb, marking, ciphertext, status);
|
2053
|
+
default: CLIENT_ERR("unexpected fle2 type: %d", (int)marking->fle2.type); return false;
|
2054
|
+
}
|
2062
2055
|
default: CLIENT_ERR("unexpected algorithm: %d", (int)marking->algorithm); return false;
|
2063
2056
|
}
|
2064
2057
|
case MONGOCRYPT_MARKING_FLE1_BY_ID:
|