libmongocrypt-helper 1.8.0.0.1001 → 1.11.0.0.1001
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/libmongocrypt/libmongocrypt/CHANGELOG.md +33 -0
- data/ext/libmongocrypt/libmongocrypt/CMakeLists.txt +12 -1
- data/ext/libmongocrypt/libmongocrypt/CODEOWNERS +1 -4
- data/ext/libmongocrypt/libmongocrypt/Earthfile +151 -3
- data/ext/libmongocrypt/libmongocrypt/README.md +36 -40
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/CMakeLists.txt +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Driver.snk +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/AssemblyInfo.cs +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Binary.cs +16 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CryptClientFactory.cs +8 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Library.cs +10 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/LibraryLoader.cs +81 -44
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/MongoDB.Libmongocrypt.csproj +2 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/MongoDB.Libmongocrypt.Test.csproj +2 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test32/MongoDB.Libmongocrypt.Test32.csproj +2 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/README.md +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.cake +21 -26
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.config +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.sh +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/build.gradle.kts +28 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/java/com/mongodb/crypt/benchmark/BenchmarkRunner.java +217 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/resources/keyDocument.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/build.gradle.kts +21 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.jar +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.properties +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew +154 -108
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew.bat +7 -18
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/settings.gradle.kts +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPI.java +41 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPIHelper.java +5 -5
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CipherCallback.java +27 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptImpl.java +34 -19
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoExplicitEncryptOptions.java +6 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/jni-config.json +180 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/reflect-config.json +134 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/java/com/mongodb/crypt/capi/MongoCryptTest.java +44 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/encrypted-payload.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/rangeopts.json +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/node/README.md +4 -900
- data/ext/libmongocrypt/libmongocrypt/bindings/python/CHANGELOG.rst +60 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/README.rst +41 -20
- data/ext/libmongocrypt/libmongocrypt/bindings/python/RELEASE.rst +6 -24
- data/ext/libmongocrypt/libmongocrypt/bindings/python/build-manylinux-wheel.sh +4 -13
- data/ext/libmongocrypt/libmongocrypt/bindings/python/hatch_build.py +36 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/libmongocrypt-version.txt +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/__init__.py +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/auto_encrypter.py +61 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/credentials.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/explicit_encrypter.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/state_machine.py +149 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/auto_encrypter.py +2 -46
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binary.py +14 -17
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binding.py +107 -61
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/compat.py +6 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/credentials.py +2 -121
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/crypto.py +31 -20
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/errors.py +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/explicit_encrypter.py +2 -233
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/mongocrypt.py +168 -238
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/options.py +265 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/state_machine.py +2 -141
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/auto_encrypter.py +61 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/credentials.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/explicit_encrypter.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/state_machine.py +149 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/version.py +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pyproject.toml +118 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/release.sh +97 -61
- data/ext/libmongocrypt/libmongocrypt/bindings/python/{test-requirements.txt → requirements-test.txt} +4 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/requirements.txt +4 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/sbom.json +76 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/strip_header.py +6 -7
- data/ext/libmongocrypt/libmongocrypt/bindings/python/synchro.py +64 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/__init__.py +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/collection-info.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/command.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/compact/success/encrypted-payload.json +21 -21
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/encrypted-command-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/encrypted-field-config-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-range-explicit-v2/int32/encrypted-payload.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-range-explicit-v2/int32/rangeopts.json +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-rangePreview-explicit/int32/rangeopts.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-rangePreview-explicit/int32/value-to-encrypt.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-document-azure.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-document-gcp.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-document.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-filter.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/list-collections-filter.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/mongocryptd-command.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/schema-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/performance/keyDocument.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/performance/perf_test.py +165 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_binding.py +8 -12
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_crypto.py +9 -11
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_mongocrypt.py +988 -340
- data/ext/libmongocrypt/libmongocrypt/bindings/python/update-sbom.sh +14 -0
- data/ext/libmongocrypt/libmongocrypt/cmake/FetchMongoC.cmake +19 -1
- data/ext/libmongocrypt/libmongocrypt/cmake/ImportBSON.cmake +23 -0
- data/ext/libmongocrypt/libmongocrypt/cmake/IntelDFP.cmake +19 -227
- data/ext/libmongocrypt/libmongocrypt/cmake/Patch.cmake +54 -0
- data/ext/libmongocrypt/libmongocrypt/doc/img/cli-icon.png +0 -0
- data/ext/libmongocrypt/libmongocrypt/doc/img/reference-targets.png +0 -0
- data/ext/libmongocrypt/libmongocrypt/doc/releasing.md +153 -0
- data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version.py +61 -28
- data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version_selftest.sh +73 -0
- data/ext/libmongocrypt/libmongocrypt/etc/cyclonedx.sbom.json +108 -0
- data/ext/libmongocrypt/libmongocrypt/etc/format.sh +1 -1
- data/ext/libmongocrypt/libmongocrypt/etc/libbson-remove-GCC-diagnostic-pragma.patch +27 -0
- data/ext/libmongocrypt/libmongocrypt/etc/mongo-inteldfp-alpine-arm-fix.patch +17 -0
- data/ext/libmongocrypt/libmongocrypt/etc/packager.py +120 -91
- data/ext/libmongocrypt/libmongocrypt/etc/purls.txt +14 -0
- data/ext/libmongocrypt/libmongocrypt/etc/repo_config.yaml +56 -0
- data/ext/libmongocrypt/libmongocrypt/etc/silk-create-asset-group.sh +70 -0
- data/ext/libmongocrypt/libmongocrypt/etc/ssdlc_compliance_report.md +37 -0
- data/ext/libmongocrypt/libmongocrypt/etc/third_party_vulnerabilities.md +42 -0
- data/ext/libmongocrypt/libmongocrypt/integrating.md +18 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/CMakeLists.txt +11 -3
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_gcp_request.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_reader_writer.c +17 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_reader_writer_private.h +6 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_request.c +211 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_response.c +163 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_tag_type_private.h +2 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message/kms_kmip_request.h +17 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message/kms_kmip_response.h +6 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_port.c +3 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request.c +4 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_str.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kmip_reader_writer.c +23 -2
- data/ext/libmongocrypt/libmongocrypt/src/crypto/libcrypto.c +13 -10
- data/ext/libmongocrypt/libmongocrypt/src/mc-dec128.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc-private.h +16 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc.c +94 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder-private.h +15 -5
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder.c +114 -53
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-private-v2.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-private.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-v2.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private-v2.h +21 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private.h +5 -5
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-v2.c +38 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private-v2.h +20 -7
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private.h +8 -8
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-v2.c +89 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-v2.c +3 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev.c +1 -23
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds-private.h +4 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds.c +15 -12
- data/ext/libmongocrypt/libmongocrypt/src/mc-optional-private.h +11 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation-private.h +16 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation.c +64 -22
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding-private.h +23 -4
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding.c +359 -65
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-generator.template.h +26 -14
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-private.h +17 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover.c +31 -13
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts-private.h +16 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts.c +259 -63
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens-private.h +40 -24
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens.c +57 -13
- data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.h +17 -0
- data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.test.cpp +5 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-binary-private.h +0 -5
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer.c +5 -7
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-key.c +1 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-oauth-private.h +16 -18
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-oauth.c +105 -76
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-crypto.c +9 -3
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-datakey.c +170 -89
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-decrypt.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-encrypt.c +505 -124
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-private.h +31 -6
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx.c +81 -13
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-dll-private.h +7 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kek-private.h +5 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kek.c +161 -103
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker-private.h +2 -7
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker.c +191 -69
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx-private.h +50 -15
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx.c +365 -69
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking-private.h +2 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking.c +200 -107
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts-private.h +50 -5
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts.c +591 -15
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-private.h +6 -13
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-util.c +3 -2
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.c +47 -234
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.h +75 -24
- data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_dll.c +18 -2
- data/ext/libmongocrypt/libmongocrypt/src/os_win/os_dll.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/bypassQueryAnalysis/payload.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/jsonSchema/cmd-to-mongocryptd.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/jsonSchema/cmd.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/cmd-to-mongocryptd.json +50 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/cmd.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/collinfo.json +44 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/encrypted-field-map.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/encrypted-payload-pattern.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/mongocryptd-reply.json +62 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/cmd-to-mongocryptd.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/cmd.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/mongocryptd-reply.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/payload.json +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/missing-key-id/collinfo.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/no-fields/collinfo.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/no-fields/encrypted-payload.json +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/cmd.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/collinfo.json +63 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-field-config-map.json +61 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-payload-range-v2.json +37 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-payload.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/cmd.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/collinfo.json +64 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/encrypted-payload-range-v2.json +105 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/encrypted-payload.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/cmd.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/collinfo.json +49 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/encrypted-field-config-map.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/encrypted-payload.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/collinfo.json +15 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-field-config-map.json +10 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload-range-v2.json +104 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload.json +6 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/collinfo.json +4 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/encrypted-payload.json +3 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/kms-azure/decrypt-response.txt +16 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/kms-azure/encrypt-response.txt +16 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/kms-azure/oauth-response.txt +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/cmd.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/encrypted-payload.json +62 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/mongocryptd-reply.json +69 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/cmd.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/encrypted-payload.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/mongocryptd-reply.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_decimal128.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_double.cstruct +8637 -7958
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_int32.cstruct +5522 -1382
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_int64.cstruct +5042 -1262
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_decimal128.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_decimal128_precision.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_double.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_double_precision.cstruct +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_int32.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_int64.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/cmd.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/encrypted-payload.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/mongocryptd-reply.json +58 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/cmd.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-payload.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/mongocryptd-reply.json +45 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32/expected.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32/to-encrypt.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32-defaults/expected.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32-defaults/to-encrypt.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-insert-double/expected.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-insert-int32/expected.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-insert-int32-defaults/expected.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/README.md +7 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/mc.json +9 -5
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/server.json +9 -5
- data/ext/libmongocrypt/libmongocrypt/test/example-state-machine.c +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-gcp-auth.c +8 -8
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-efc.c +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-range-payload-v2.c +43 -3
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup-v2.c +76 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-rfds.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-edge-generation.c +89 -14
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-encoding.c +342 -76
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-mincover.c +94 -12
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-rangeopts.c +205 -7
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-tokens.c +49 -23
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.c +16 -19
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.h +22 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cache-oauth.c +94 -11
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cleanup.c +374 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-compact.c +121 -42
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-hooks.c +134 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-std-hooks.c +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-std-hooks.h +16 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-csfle-lib.c +11 -11
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-decrypt.c +8 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-encrypt.c +922 -92
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-rewrap-many-datakey.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-setopt.c +114 -12
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-datakey.c +14 -9
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kms-ctx.c +424 -3
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-log.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-marking.c +447 -28
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-opts.c +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-traverse-util.c +30 -26
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-util.c +7 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-util.h +3 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.c +66 -14
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.h +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-named-kms-providers.c +2381 -0
- data/ext/libmongocrypt/libmongocrypt/test/util/HELP.autogen +3 -1
- data/ext/libmongocrypt/libmongocrypt/test/util/README.md +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/util/csfle.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/util/make_includes.py +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/util/util.c +38 -3
- data/lib/libmongocrypt_helper/version.rb +2 -2
- metadata +112 -106
- checksums.yaml.gz.sig +0 -0
- data/ext/libmongocrypt/libmongocrypt/VERSION_CURRENT +0 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/cs.sln +0 -79
- data/ext/libmongocrypt/libmongocrypt/bindings/node/CHANGELOG.md +0 -105
- data/ext/libmongocrypt/libmongocrypt/bindings/node/LICENSE +0 -201
- data/ext/libmongocrypt/libmongocrypt/bindings/node/binding.gyp +0 -79
- data/ext/libmongocrypt/libmongocrypt/bindings/node/etc/README.hbs +0 -44
- data/ext/libmongocrypt/libmongocrypt/bindings/node/etc/build-static.sh +0 -36
- data/ext/libmongocrypt/libmongocrypt/bindings/node/index.d.ts +0 -641
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/autoEncrypter.js +0 -420
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/buffer_pool.js +0 -123
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/clientEncryption.js +0 -821
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/common.js +0 -98
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/cryptoCallbacks.js +0 -87
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/errors.js +0 -75
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/index.js +0 -73
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/mongocryptdManager.js +0 -66
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/aws.js +0 -26
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/azure.js +0 -178
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/gcp.js +0 -24
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/index.js +0 -54
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/utils.js +0 -39
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/stateMachine.js +0 -492
- data/ext/libmongocrypt/libmongocrypt/bindings/node/package-lock.json +0 -15302
- data/ext/libmongocrypt/libmongocrypt/bindings/node/package.json +0 -100
- data/ext/libmongocrypt/libmongocrypt/bindings/node/src/mongocrypt.cc +0 -956
- data/ext/libmongocrypt/libmongocrypt/bindings/node/src/mongocrypt.h +0 -114
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/autoEncrypter.test.js +0 -950
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/buffer_pool.test.js +0 -91
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/clientEncryption.test.js +0 -1093
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/common.test.js +0 -94
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/cryptoCallbacks.test.js +0 -240
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/README.md +0 -5
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/cmd.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/collection-info.json +0 -37
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/encrypted-document-nested.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/encrypted-document.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/encryptedFields.json +0 -30
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/key-document.json +0 -32
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/key1-document.json +0 -30
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/mongocryptd-reply.json +0 -18
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/index.test.js +0 -45
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/mongocryptdManager.test.js +0 -48
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/providers/credentialsProvider.test.js +0 -551
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/release.test.js +0 -66
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/requirements.helper.js +0 -51
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/stateMachine.test.js +0 -331
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/tools/chai-addons.js +0 -8
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/tools/mongodb_reporter.js +0 -325
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/types/index.test-d.ts +0 -63
- data/ext/libmongocrypt/libmongocrypt/bindings/python/setup.py +0 -89
- data/ext/libmongocrypt/libmongocrypt/debian/build_snapshot.sh +0 -79
- data/ext/libmongocrypt/libmongocrypt/debian/changelog +0 -105
- data/ext/libmongocrypt/libmongocrypt/debian/compat +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/control +0 -41
- data/ext/libmongocrypt/libmongocrypt/debian/copyright +0 -129
- data/ext/libmongocrypt/libmongocrypt/debian/gbp.conf +0 -23
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt-dev.dirs +0 -2
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt-dev.install +0 -5
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt0.dirs +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt0.install +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/rules +0 -46
- data/ext/libmongocrypt/libmongocrypt/debian/source/format +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/source/lintian-overrides +0 -3
- data/ext/libmongocrypt/libmongocrypt/debian/source/options +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/watch +0 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/mongocryptd-reply.json +0 -72
- data.tar.gz.sig +0 -1
- metadata.gz.sig +0 -0
- /data/ext/libmongocrypt/libmongocrypt/{bindings/node/test/data/kms-decrypt-reply.txt → test/data/kms-aws/decrypt-response.txt} +0 -0
- /data/ext/libmongocrypt/libmongocrypt/{bindings/node/test/data/kms-encrypt-reply.txt → test/data/kms-aws/encrypt-response.txt} +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{gcp-auth → kms-gcp}/decrypt-response.txt +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{gcp-auth → kms-gcp}/encrypt-response.txt +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{gcp-auth → kms-gcp}/oauth-response.txt +0 -0
@@ -16,6 +16,8 @@
|
|
16
16
|
|
17
17
|
#include <mongocrypt-marking-private.h>
|
18
18
|
|
19
|
+
#include "kms_message/kms_b64.h"
|
20
|
+
#include "mongocrypt-crypto-private.h" // MONGOCRYPT_KEY_LEN
|
19
21
|
#include "test-mongocrypt-assert-match-bson.h"
|
20
22
|
#include "test-mongocrypt-crypto-std-hooks.h"
|
21
23
|
#include "test-mongocrypt.h"
|
@@ -350,9 +352,7 @@ static void _test_encrypt_init(_mongocrypt_tester_t *tester) {
|
|
350
352
|
|
351
353
|
/* Empty coll name is an error. */
|
352
354
|
ctx = mongocrypt_ctx_new(crypt);
|
353
|
-
ASSERT_FAILS(mongocrypt_ctx_encrypt_init(ctx, "", -1, TEST_BSON("{'find': ''}")),
|
354
|
-
ctx,
|
355
|
-
"empty collection name on command");
|
355
|
+
ASSERT_FAILS(mongocrypt_ctx_encrypt_init(ctx, "", -1, TEST_BSON("{'find': ''}")), ctx, "invalid db");
|
356
356
|
mongocrypt_ctx_destroy(ctx);
|
357
357
|
|
358
358
|
mongocrypt_destroy(crypt);
|
@@ -660,7 +660,7 @@ static void _test_local_schema(_mongocrypt_tester_t *tester) {
|
|
660
660
|
schema_map = TEST_FILE("./test/data/schema-map.json");
|
661
661
|
ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt);
|
662
662
|
ASSERT_OK(mongocrypt_setopt_schema_map(crypt, schema_map), crypt);
|
663
|
-
ASSERT_OK(
|
663
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
664
664
|
|
665
665
|
/* Schema map has test.test, we should jump right to NEED_MONGO_MARKINGS */
|
666
666
|
ctx = mongocrypt_ctx_new(crypt);
|
@@ -837,7 +837,7 @@ static void _test_encrypt_is_remote_schema(_mongocrypt_tester_t *tester) {
|
|
837
837
|
crypt = mongocrypt_new();
|
838
838
|
ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt);
|
839
839
|
ASSERT_OK(mongocrypt_setopt_schema_map(crypt, TEST_FILE("./test/data/schema-map.json")), crypt);
|
840
|
-
ASSERT_OK(
|
840
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
841
841
|
ctx = mongocrypt_ctx_new(crypt);
|
842
842
|
ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "test", -1, TEST_FILE("./test/example/cmd.json")), ctx);
|
843
843
|
_mongocrypt_tester_run_ctx_to(tester, ctx, MONGOCRYPT_CTX_NEED_MONGO_MARKINGS);
|
@@ -953,12 +953,17 @@ static void _test_encrypt_init_each_cmd(_mongocrypt_tester_t *tester) {
|
|
953
953
|
_init_bypass(tester, "{'killSessions': 1}");
|
954
954
|
_init_bypass(tester, "{'killAllSessionsByPattern': 1}");
|
955
955
|
_init_bypass(tester, "{'refreshSessions': 1}");
|
956
|
+
_init_ok(tester, "{'cleanupStructuredEncryptionData': 'coll'}");
|
956
957
|
_init_ok(tester, "{'compactStructuredEncryptionData': 'coll'}");
|
957
958
|
_init_bypass(tester, "{'hello': 1}");
|
958
959
|
_init_bypass(tester, "{'buildInfo': 1}");
|
959
960
|
_init_bypass(tester, "{'getCmdLineOpts': 1}");
|
960
961
|
_init_bypass(tester, "{'getLog': 1}");
|
961
962
|
_init_ok(tester, "{'collMod': 'coll'}");
|
963
|
+
_init_bypass(tester, "{'listSearchIndexes': 'coll' }");
|
964
|
+
_init_bypass(tester, "{'createSearchIndexes': 'coll' }");
|
965
|
+
_init_bypass(tester, "{'dropSearchIndex': 'coll' }");
|
966
|
+
_init_bypass(tester, "{'updateSearchIndex': 'coll' }");
|
962
967
|
}
|
963
968
|
|
964
969
|
static void _test_encrypt_invalid_siblings(_mongocrypt_tester_t *tester) {
|
@@ -1082,7 +1087,7 @@ void _test_encrypt_empty_aws(_mongocrypt_tester_t *tester) {
|
|
1082
1087
|
|
1083
1088
|
crypt = mongocrypt_new();
|
1084
1089
|
ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "", -1, "", -1), crypt);
|
1085
|
-
ASSERT_OK(
|
1090
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
1086
1091
|
|
1087
1092
|
ctx = mongocrypt_ctx_new(crypt);
|
1088
1093
|
ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_FILE("./test/example/cmd.json")), ctx);
|
@@ -1134,7 +1139,7 @@ static void _test_encrypt_per_ctx_credentials(_mongocrypt_tester_t *tester) {
|
|
1134
1139
|
crypt = mongocrypt_new();
|
1135
1140
|
mongocrypt_setopt_use_need_kms_credentials_state(crypt);
|
1136
1141
|
mongocrypt_setopt_kms_providers(crypt, TEST_BSON("{'aws': {}}"));
|
1137
|
-
ASSERT_OK(
|
1142
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
1138
1143
|
ctx = mongocrypt_ctx_new(crypt);
|
1139
1144
|
ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "test", -1, TEST_FILE("./test/example/cmd.json")), ctx);
|
1140
1145
|
_mongocrypt_tester_run_ctx_to(tester, ctx, MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS);
|
@@ -1167,7 +1172,7 @@ static void _test_encrypt_per_ctx_credentials_given_empty(_mongocrypt_tester_t *
|
|
1167
1172
|
crypt = mongocrypt_new();
|
1168
1173
|
mongocrypt_setopt_use_need_kms_credentials_state(crypt);
|
1169
1174
|
mongocrypt_setopt_kms_providers(crypt, TEST_BSON("{'aws': {}}"));
|
1170
|
-
ASSERT_OK(
|
1175
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
1171
1176
|
ctx = mongocrypt_ctx_new(crypt);
|
1172
1177
|
ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "test", -1, TEST_FILE("./test/example/cmd.json")), ctx);
|
1173
1178
|
_mongocrypt_tester_run_ctx_to(tester, ctx, MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS);
|
@@ -1183,13 +1188,13 @@ static void _test_encrypt_per_ctx_credentials_local(_mongocrypt_tester_t *tester
|
|
1183
1188
|
mongocrypt_ctx_t *ctx;
|
1184
1189
|
/* local_kek is the KEK used to encrypt the keyMaterial in
|
1185
1190
|
* ./test/data/key-document-local.json */
|
1186
|
-
|
1187
|
-
|
1191
|
+
uint8_t local_kek_raw[MONGOCRYPT_KEY_LEN] = {0};
|
1192
|
+
char *local_kek = kms_message_raw_to_b64(local_kek_raw, sizeof(local_kek_raw));
|
1188
1193
|
|
1189
1194
|
crypt = mongocrypt_new();
|
1190
1195
|
mongocrypt_setopt_use_need_kms_credentials_state(crypt);
|
1191
1196
|
mongocrypt_setopt_kms_providers(crypt, TEST_BSON("{'local': {}}"));
|
1192
|
-
ASSERT_OK(
|
1197
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
1193
1198
|
ctx = mongocrypt_ctx_new(crypt);
|
1194
1199
|
ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "test", -1, TEST_FILE("./test/example/cmd.json")), ctx);
|
1195
1200
|
_mongocrypt_tester_run_ctx_to(tester, ctx, MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS);
|
@@ -1204,6 +1209,7 @@ static void _test_encrypt_per_ctx_credentials_local(_mongocrypt_tester_t *tester
|
|
1204
1209
|
|
1205
1210
|
mongocrypt_ctx_destroy(ctx);
|
1206
1211
|
mongocrypt_destroy(crypt);
|
1212
|
+
bson_free(local_kek);
|
1207
1213
|
}
|
1208
1214
|
|
1209
1215
|
static void _test_encrypt_with_aws_session_token(_mongocrypt_tester_t *tester) {
|
@@ -1219,7 +1225,7 @@ static void _test_encrypt_with_aws_session_token(_mongocrypt_tester_t *tester) {
|
|
1219
1225
|
"'accessKeyId': 'myAccessKeyId', "
|
1220
1226
|
"'secretAccessKey': 'mySecretAccessKey'}}")),
|
1221
1227
|
crypt);
|
1222
|
-
ASSERT_OK(
|
1228
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
1223
1229
|
|
1224
1230
|
ctx = mongocrypt_ctx_new(crypt);
|
1225
1231
|
ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "test", -1, TEST_FILE("./test/example/cmd.json")), ctx);
|
@@ -1299,7 +1305,7 @@ static void _test_encrypt_with_encrypted_field_config_map(_mongocrypt_tester_t *
|
|
1299
1305
|
// TODO(MONGOCRYPT-572): This test uses the QEv1 protocol. Update this test for QEv2 or remove. Note: decrypting
|
1300
1306
|
// QEv1 is still supported.
|
1301
1307
|
ASSERT_OK(mongocrypt_setopt_fle2v2(crypt, false), crypt);
|
1302
|
-
ASSERT_OK(
|
1308
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
1303
1309
|
|
1304
1310
|
/* Test encrypting a command on a collection present in the encrypted field
|
1305
1311
|
* config map. */
|
@@ -1345,7 +1351,7 @@ static void _test_encrypt_with_encrypted_field_config_map_bypassed(_mongocrypt_t
|
|
1345
1351
|
mongocrypt_setopt_kms_providers(crypt, TEST_BSON("{'aws': {'accessKeyId': 'foo', 'secretAccessKey': 'bar'}}")),
|
1346
1352
|
crypt);
|
1347
1353
|
ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map(crypt, TEST_BSON("{'db.coll': {'fields': []}}")), crypt);
|
1348
|
-
ASSERT_OK(
|
1354
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
1349
1355
|
|
1350
1356
|
ctx = mongocrypt_ctx_new(crypt);
|
1351
1357
|
/* 'drop' is bypassed. Expect that no 'encryptionInformation' is appended. */
|
@@ -1409,7 +1415,7 @@ static void _test_encrypt_remote_encryptedfields(_mongocrypt_tester_t *tester) {
|
|
1409
1415
|
// TODO(MONGOCRYPT-572): This test uses the QEv1 protocol. Update this test for QEv2 or remove. Note: decrypting
|
1410
1416
|
// QEv1 is still supported.
|
1411
1417
|
ASSERT_OK(mongocrypt_setopt_fle2v2(crypt, false), crypt);
|
1412
|
-
ASSERT_OK(
|
1418
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
1413
1419
|
/* Test success. */
|
1414
1420
|
{
|
1415
1421
|
ctx = mongocrypt_ctx_new(crypt);
|
@@ -1474,7 +1480,7 @@ static void _test_encrypt_remote_encryptedfields(_mongocrypt_tester_t *tester) {
|
|
1474
1480
|
// TODO(MONGOCRYPT-572): This test uses the QEv1 protocol. Update this test for QEv2 or remove. Note: decrypting
|
1475
1481
|
// QEv1 is still supported.
|
1476
1482
|
ASSERT_OK(mongocrypt_setopt_fle2v2(crypt, false), crypt);
|
1477
|
-
ASSERT_OK(
|
1483
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
1478
1484
|
ctx = mongocrypt_ctx_new(crypt);
|
1479
1485
|
ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_FILE("./test/data/fle2-find-explicit/cmd.json")),
|
1480
1486
|
ctx);
|
@@ -1524,7 +1530,7 @@ static void _test_encrypt_with_bypassqueryanalysis(_mongocrypt_tester_t *tester)
|
|
1524
1530
|
// TODO(MONGOCRYPT-572): This test uses the QEv1 protocol. Update this test for QEv2 or remove. Note: decrypting
|
1525
1531
|
// QEv1 is still supported.
|
1526
1532
|
ASSERT_OK(mongocrypt_setopt_fle2v2(crypt, false), crypt);
|
1527
|
-
ASSERT_OK(
|
1533
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
1528
1534
|
|
1529
1535
|
ctx = mongocrypt_ctx_new(crypt);
|
1530
1536
|
ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_FILE("./test/data/fle2-find-explicit/cmd.json")),
|
@@ -1556,7 +1562,7 @@ static void _test_encrypt_with_bypassqueryanalysis(_mongocrypt_tester_t *tester)
|
|
1556
1562
|
// TODO(MONGOCRYPT-572): This test uses the QEv1 protocol. Update this test for QEv2 or remove. Note: decrypting
|
1557
1563
|
// QEv1 is still supported.
|
1558
1564
|
ASSERT_OK(mongocrypt_setopt_fle2v2(crypt, false), crypt);
|
1559
|
-
ASSERT_OK(
|
1565
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
1560
1566
|
|
1561
1567
|
ctx = mongocrypt_ctx_new(crypt);
|
1562
1568
|
ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_FILE("./test/data/fle2-find-explicit/cmd.json")),
|
@@ -1614,7 +1620,7 @@ static void _test_FLE2EncryptionPlaceholder_parse(_mongocrypt_tester_t *tester)
|
|
1614
1620
|
ASSERT_CMPBUF(placeholder.user_key_id, expect_user_key_id);
|
1615
1621
|
_mongocrypt_buffer_cleanup(&expect_user_key_id);
|
1616
1622
|
|
1617
|
-
ASSERT(placeholder.
|
1623
|
+
ASSERT(placeholder.maxContentionFactor == 0);
|
1618
1624
|
|
1619
1625
|
mc_FLE2EncryptionPlaceholder_cleanup(&placeholder);
|
1620
1626
|
_mongocrypt_buffer_cleanup(&buf);
|
@@ -1658,7 +1664,8 @@ static void _test_FLE2EncryptionPlaceholder_range_parse(_mongocrypt_tester_t *te
|
|
1658
1664
|
{
|
1659
1665
|
mc_FLE2RangeInsertSpec_t spec;
|
1660
1666
|
|
1661
|
-
ASSERT_OK_STATUS(mc_FLE2RangeInsertSpec_parse(&spec, &placeholder.v_iter, status),
|
1667
|
+
ASSERT_OK_STATUS(mc_FLE2RangeInsertSpec_parse(&spec, &placeholder.v_iter, false /* use_range_v2 */, status),
|
1668
|
+
status);
|
1662
1669
|
|
1663
1670
|
ASSERT(BSON_ITER_HOLDS_INT32(&spec.v));
|
1664
1671
|
ASSERT_CMPINT32(bson_iter_int32(&spec.v), ==, 123456);
|
@@ -1714,7 +1721,8 @@ static void _test_FLE2EncryptionPlaceholder_range_parse(_mongocrypt_tester_t *te
|
|
1714
1721
|
{
|
1715
1722
|
mc_FLE2RangeFindSpec_t spec;
|
1716
1723
|
|
1717
|
-
ASSERT_OK_STATUS(mc_FLE2RangeFindSpec_parse(&spec, &placeholder.v_iter, status),
|
1724
|
+
ASSERT_OK_STATUS(mc_FLE2RangeFindSpec_parse(&spec, &placeholder.v_iter, false /* use_range_v2 */, status),
|
1725
|
+
status);
|
1718
1726
|
|
1719
1727
|
ASSERT(spec.edgesInfo.set);
|
1720
1728
|
|
@@ -1785,7 +1793,8 @@ static void _test_FLE2EncryptionPlaceholder_range_parse(_mongocrypt_tester_t *te
|
|
1785
1793
|
{
|
1786
1794
|
mc_FLE2RangeFindSpec_t spec;
|
1787
1795
|
|
1788
|
-
ASSERT_OK_STATUS(mc_FLE2RangeFindSpec_parse(&spec, &placeholder.v_iter, status),
|
1796
|
+
ASSERT_OK_STATUS(mc_FLE2RangeFindSpec_parse(&spec, &placeholder.v_iter, false /* use_range_v2 */, status),
|
1797
|
+
status);
|
1789
1798
|
|
1790
1799
|
ASSERT(spec.edgesInfo.set);
|
1791
1800
|
|
@@ -1854,7 +1863,8 @@ static void _test_FLE2EncryptionPlaceholder_range_parse(_mongocrypt_tester_t *te
|
|
1854
1863
|
{
|
1855
1864
|
mc_FLE2RangeInsertSpec_t spec;
|
1856
1865
|
|
1857
|
-
ASSERT_OK_STATUS(mc_FLE2RangeInsertSpec_parse(&spec, &placeholder.v_iter, status),
|
1866
|
+
ASSERT_OK_STATUS(mc_FLE2RangeInsertSpec_parse(&spec, &placeholder.v_iter, false /* use_range_v2 */, status),
|
1867
|
+
status);
|
1858
1868
|
|
1859
1869
|
ASSERT(BSON_ITER_HOLDS_DOUBLE(&spec.v));
|
1860
1870
|
ASSERT_CMPDOUBLE(bson_iter_double(&spec.v), ==, 123.456);
|
@@ -1922,7 +1932,11 @@ static void _test_encrypt_fle2_encryption_placeholder(_mongocrypt_tester_t *test
|
|
1922
1932
|
char pathbuf[2048];
|
1923
1933
|
|
1924
1934
|
#define MAKE_PATH(mypath) \
|
1925
|
-
|
1935
|
+
if (1) { \
|
1936
|
+
int pathbuf_ret = snprintf(pathbuf, sizeof(pathbuf), "./test/data/%s/%s", data_path, mypath); \
|
1937
|
+
ASSERT(pathbuf_ret >= 0 && (size_t)pathbuf_ret < sizeof(pathbuf)); \
|
1938
|
+
} else \
|
1939
|
+
((void)0)
|
1926
1940
|
|
1927
1941
|
if (!_aes_ctr_is_supported_by_os) {
|
1928
1942
|
printf("Common Crypto with no CTR support detected. Skipping.");
|
@@ -1956,7 +1970,7 @@ static void _test_encrypt_fle2_encryption_placeholder(_mongocrypt_tester_t *test
|
|
1956
1970
|
MAKE_PATH("encrypted-field-map.json");
|
1957
1971
|
ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map(crypt, TEST_FILE(pathbuf)), crypt);
|
1958
1972
|
mongocrypt_binary_destroy(localkey);
|
1959
|
-
ASSERT_OK(
|
1973
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
1960
1974
|
}
|
1961
1975
|
|
1962
1976
|
/* Create encryption context. */
|
@@ -2155,7 +2169,7 @@ static void _test_encrypt_fle2_find_range_payload_decimal128_precision(_mongocry
|
|
2155
2169
|
}
|
2156
2170
|
#endif // MONGOCRYPT_HAVE_DECIMAL128_SUPPORT
|
2157
2171
|
|
2158
|
-
static mongocrypt_t *_crypt_with_rng(_test_rng_data_source *rng_source, bool use_v2) {
|
2172
|
+
static mongocrypt_t *_crypt_with_rng(_test_rng_data_source *rng_source, bool use_v2, bool use_range_v2) {
|
2159
2173
|
mongocrypt_t *crypt;
|
2160
2174
|
mongocrypt_binary_t *localkey;
|
2161
2175
|
/* localkey_data is the KEK used to encrypt the keyMaterial
|
@@ -2180,7 +2194,12 @@ static mongocrypt_t *_crypt_with_rng(_test_rng_data_source *rng_source, bool use
|
|
2180
2194
|
// TODO(MONGOCRYPT-572): This test uses the QEv1 protocol. Update this test for QEv2 or remove. Note: decrypting
|
2181
2195
|
// QEv1 is still supported.
|
2182
2196
|
ASSERT_OK(mongocrypt_setopt_fle2v2(crypt, use_v2), crypt);
|
2183
|
-
|
2197
|
+
if (use_range_v2) {
|
2198
|
+
ASSERT_OK(mongocrypt_setopt_use_range_v2(crypt), crypt);
|
2199
|
+
ASSERT_OK(mongocrypt_init(crypt), crypt);
|
2200
|
+
} else {
|
2201
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
2202
|
+
}
|
2184
2203
|
return crypt;
|
2185
2204
|
}
|
2186
2205
|
|
@@ -2200,6 +2219,7 @@ typedef struct {
|
|
2200
2219
|
const char *expect_init_error;
|
2201
2220
|
bool is_expression;
|
2202
2221
|
bool use_v2;
|
2222
|
+
bool use_range_v2;
|
2203
2223
|
} ee_testcase;
|
2204
2224
|
|
2205
2225
|
static void ee_testcase_run(ee_testcase *tc) {
|
@@ -2210,13 +2230,16 @@ static void ee_testcase_run(ee_testcase *tc) {
|
|
2210
2230
|
if (tc->rng_data.buf.len > 0) {
|
2211
2231
|
// Use fixed data for random number generation to produce deterministic
|
2212
2232
|
// results.
|
2213
|
-
crypt = _crypt_with_rng(&tc->rng_data, tc->use_v2);
|
2233
|
+
crypt = _crypt_with_rng(&tc->rng_data, tc->use_v2, tc->use_range_v2);
|
2214
2234
|
} else {
|
2215
2235
|
tester_mongocrypt_flags flags = TESTER_MONGOCRYPT_DEFAULT;
|
2216
2236
|
// TODO(MONGOCRYPT-572): Remove tests cases for QEv1.
|
2217
2237
|
if (!tc->use_v2) {
|
2218
2238
|
flags |= TESTER_MONGOCRYPT_WITH_CRYPT_V1;
|
2219
2239
|
}
|
2240
|
+
if (tc->use_range_v2) {
|
2241
|
+
flags |= TESTER_MONGOCRYPT_WITH_RANGE_V2;
|
2242
|
+
}
|
2220
2243
|
crypt = _mongocrypt_tester_mongocrypt(flags);
|
2221
2244
|
}
|
2222
2245
|
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
@@ -2446,17 +2469,10 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
2446
2469
|
* Second 16 bytes are IV for 'p' field in FLE2InsertUpdatePayload
|
2447
2470
|
* Third 16 bytes are IV for 'v' field in FLE2InsertUpdatePayload
|
2448
2471
|
*/
|
2449
|
-
#ifdef MONGOCRYPT_LITTLE_ENDIAN
|
2450
2472
|
#define RNG_DATA \
|
2451
2473
|
"\x01\x00\x00\x00\x00\x00\x00\x00" \
|
2452
2474
|
"\xc7\x43\xd6\x75\x76\x9e\xa7\x88\xd5\xe5\xc4\x40\xdb\x24\x0d\xf9" \
|
2453
2475
|
"\x4c\xd9\x64\x10\x43\x81\xe6\x61\xfa\x1f\xa0\x5c\x49\x8e\xad\x21"
|
2454
|
-
#else
|
2455
|
-
#define RNG_DATA \
|
2456
|
-
"\x00\x00\x00\x00\x00\x00\x00\x01" \
|
2457
|
-
"\xc7\x43\xd6\x75\x76\x9e\xa7\x88\xd5\xe5\xc4\x40\xdb\x24\x0d\xf9" \
|
2458
|
-
"\x4c\xd9\x64\x10\x43\x81\xe6\x61\xfa\x1f\xa0\x5c\x49\x8e\xad\x21"
|
2459
|
-
#endif /* MONGOCRYPT_LITTLE_ENDIAN */
|
2460
2476
|
uint8_t rng_data[] = RNG_DATA;
|
2461
2477
|
tc.rng_data = (_test_rng_data_source){.buf = {.data = rng_data, .len = sizeof(rng_data) - 1u}};
|
2462
2478
|
#undef RNG_DATA
|
@@ -2479,17 +2495,10 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
2479
2495
|
* Second 16 bytes are IV for 'p' field in FLE2InsertUpdatePayload
|
2480
2496
|
* Third 16 bytes are IV for 'v' field in FLE2InsertUpdatePayload
|
2481
2497
|
*/
|
2482
|
-
#ifdef MONGOCRYPT_LITTLE_ENDIAN
|
2483
2498
|
#define RNG_DATA \
|
2484
2499
|
"\x01\x00\x00\x00\x00\x00\x00\x00" \
|
2485
2500
|
"\xc7\x43\xd6\x75\x76\x9e\xa7\x88\xd5\xe5\xc4\x40\xdb\x24\x0d\xf9" \
|
2486
2501
|
"\x4c\xd9\x64\x10\x43\x81\xe6\x61\xfa\x1f\xa0\x5c\x49\x8e\xad\x21"
|
2487
|
-
#else
|
2488
|
-
#define RNG_DATA \
|
2489
|
-
"\x00\x00\x00\x00\x00\x00\x00\x01" \
|
2490
|
-
"\xc7\x43\xd6\x75\x76\x9e\xa7\x88\xd5\xe5\xc4\x40\xdb\x24\x0d\xf9" \
|
2491
|
-
"\x4c\xd9\x64\x10\x43\x81\xe6\x61\xfa\x1f\xa0\x5c\x49\x8e\xad\x21"
|
2492
|
-
#endif /* MONGOCRYPT_LITTLE_ENDIAN */
|
2493
2502
|
uint8_t rng_data[] = RNG_DATA;
|
2494
2503
|
tc.rng_data = (_test_rng_data_source){.buf = {.data = rng_data, .len = sizeof(rng_data) - 1u}};
|
2495
2504
|
#undef RNG_DATA
|
@@ -2659,7 +2668,7 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
2659
2668
|
#include "./data/fle2-insert-range-explicit/int32/RNG_DATA.h"
|
2660
2669
|
tc.rng_data = (_test_rng_data_source){.buf = {.data = (uint8_t *)RNG_DATA, .len = sizeof(RNG_DATA) - 1}};
|
2661
2670
|
#undef RNG_DATA
|
2662
|
-
tc.algorithm =
|
2671
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
2663
2672
|
tc.user_key_id = &keyABC_id;
|
2664
2673
|
tc.index_key_id = &key123_id;
|
2665
2674
|
tc.contention_factor = OPT_I64(0);
|
@@ -2680,7 +2689,7 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
2680
2689
|
#include "./data/fle2-insert-range-explicit/int32/RNG_DATA.h"
|
2681
2690
|
tc.rng_data = (_test_rng_data_source){.buf = {.data = (uint8_t *)RNG_DATA, .len = sizeof(RNG_DATA) - 1}};
|
2682
2691
|
#undef RNG_DATA
|
2683
|
-
tc.algorithm =
|
2692
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
2684
2693
|
tc.user_key_id = &keyABC_id;
|
2685
2694
|
tc.index_key_id = &key123_id;
|
2686
2695
|
tc.contention_factor = OPT_I64(0);
|
@@ -2702,7 +2711,7 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
2702
2711
|
#include "./data/fle2-insert-range-explicit/sparsity-2/RNG_DATA.h"
|
2703
2712
|
tc.rng_data = (_test_rng_data_source){.buf = {.data = (uint8_t *)RNG_DATA, .len = sizeof(RNG_DATA) - 1}};
|
2704
2713
|
#undef RNG_DATA
|
2705
|
-
tc.algorithm =
|
2714
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
2706
2715
|
tc.user_key_id = &keyABC_id;
|
2707
2716
|
tc.index_key_id = &key123_id;
|
2708
2717
|
tc.contention_factor = OPT_I64(0);
|
@@ -2723,7 +2732,7 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
2723
2732
|
#include "./data/fle2-insert-range-explicit/sparsity-2/RNG_DATA.h"
|
2724
2733
|
tc.rng_data = (_test_rng_data_source){.buf = {.data = (uint8_t *)RNG_DATA, .len = sizeof(RNG_DATA) - 1}};
|
2725
2734
|
#undef RNG_DATA
|
2726
|
-
tc.algorithm =
|
2735
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
2727
2736
|
tc.user_key_id = &keyABC_id;
|
2728
2737
|
tc.index_key_id = &key123_id;
|
2729
2738
|
tc.contention_factor = OPT_I64(0);
|
@@ -2742,11 +2751,11 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
2742
2751
|
{
|
2743
2752
|
ee_testcase tc = {0};
|
2744
2753
|
tc.desc = "algorithm='Range' with query_type='range' with int32";
|
2745
|
-
tc.algorithm =
|
2754
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
2746
2755
|
tc.user_key_id = &keyABC_id;
|
2747
2756
|
tc.index_key_id = &keyABC_id;
|
2748
2757
|
tc.contention_factor = OPT_I64(4);
|
2749
|
-
tc.query_type =
|
2758
|
+
tc.query_type = MONGOCRYPT_QUERY_TYPE_RANGE_STR;
|
2750
2759
|
tc.range_opts = TEST_FILE("./test/data/fle2-find-range-explicit/"
|
2751
2760
|
"int32/rangeopts.json");
|
2752
2761
|
tc.msg = TEST_FILE("./test/data/fle2-find-range-explicit/int32/"
|
@@ -2761,11 +2770,11 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
2761
2770
|
{
|
2762
2771
|
ee_testcase tc = {0};
|
2763
2772
|
tc.desc = "algorithm='Range' with query_type='range' with int32 (v2)";
|
2764
|
-
tc.algorithm =
|
2773
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
2765
2774
|
tc.user_key_id = &keyABC_id;
|
2766
2775
|
tc.index_key_id = &keyABC_id;
|
2767
2776
|
tc.contention_factor = OPT_I64(4);
|
2768
|
-
tc.query_type =
|
2777
|
+
tc.query_type = MONGOCRYPT_QUERY_TYPE_RANGE_STR;
|
2769
2778
|
tc.range_opts = TEST_FILE("./test/data/fle2-find-range-explicit/"
|
2770
2779
|
"int32/rangeopts.json");
|
2771
2780
|
tc.msg = TEST_FILE("./test/data/fle2-find-range-explicit/int32/"
|
@@ -2781,7 +2790,7 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
2781
2790
|
{
|
2782
2791
|
ee_testcase tc = {0};
|
2783
2792
|
tc.desc = "An unsupported range BSON type is an error";
|
2784
|
-
tc.algorithm =
|
2793
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
2785
2794
|
tc.user_key_id = &keyABC_id;
|
2786
2795
|
tc.contention_factor = OPT_I64(0);
|
2787
2796
|
tc.range_opts = TEST_BSON("{'min': 0, 'max': 1, 'sparsity': {'$numberLong': '1'}}");
|
@@ -2794,7 +2803,7 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
2794
2803
|
{
|
2795
2804
|
ee_testcase tc = {0};
|
2796
2805
|
tc.desc = "An unsupported range BSON type is an error (v2)";
|
2797
|
-
tc.algorithm =
|
2806
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
2798
2807
|
tc.user_key_id = &keyABC_id;
|
2799
2808
|
tc.contention_factor = OPT_I64(0);
|
2800
2809
|
tc.range_opts = TEST_BSON("{'min': 0, 'max': 1, 'sparsity': {'$numberLong': '1'}}");
|
@@ -2809,11 +2818,11 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
2809
2818
|
ee_testcase tc = {0};
|
2810
2819
|
tc.desc = "algorithm='Range' with query_type='range' with double with "
|
2811
2820
|
"precision";
|
2812
|
-
tc.algorithm =
|
2821
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
2813
2822
|
tc.user_key_id = &keyABC_id;
|
2814
2823
|
tc.index_key_id = &key123_id;
|
2815
2824
|
tc.contention_factor = OPT_I64(0);
|
2816
|
-
tc.query_type =
|
2825
|
+
tc.query_type = MONGOCRYPT_QUERY_TYPE_RANGE_STR;
|
2817
2826
|
tc.range_opts = TEST_FILE("./test/data/fle2-find-range-explicit/double-precision/"
|
2818
2827
|
"rangeopts.json");
|
2819
2828
|
tc.msg = TEST_FILE("./test/data/fle2-find-range-explicit/"
|
@@ -2830,11 +2839,11 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
2830
2839
|
ee_testcase tc = {0};
|
2831
2840
|
tc.desc = "algorithm='Range' with query_type='range' with double with "
|
2832
2841
|
"precision (v2)";
|
2833
|
-
tc.algorithm =
|
2842
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
2834
2843
|
tc.user_key_id = &keyABC_id;
|
2835
2844
|
tc.index_key_id = &key123_id;
|
2836
2845
|
tc.contention_factor = OPT_I64(0);
|
2837
|
-
tc.query_type =
|
2846
|
+
tc.query_type = MONGOCRYPT_QUERY_TYPE_RANGE_STR;
|
2838
2847
|
tc.range_opts = TEST_FILE("./test/data/fle2-find-range-explicit/double-precision/"
|
2839
2848
|
"rangeopts.json");
|
2840
2849
|
tc.msg = TEST_FILE("./test/data/fle2-find-range-explicit/"
|
@@ -2854,7 +2863,7 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
2854
2863
|
#include "./data/fle2-insert-range-explicit/double-precision/RNG_DATA.h"
|
2855
2864
|
tc.rng_data = (_test_rng_data_source){.buf = {.data = (uint8_t *)RNG_DATA, .len = sizeof(RNG_DATA) - 1}};
|
2856
2865
|
#undef RNG_DATA
|
2857
|
-
tc.algorithm =
|
2866
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
2858
2867
|
tc.user_key_id = &keyABC_id;
|
2859
2868
|
tc.index_key_id = &key123_id;
|
2860
2869
|
tc.contention_factor = OPT_I64(0);
|
@@ -2875,7 +2884,7 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
2875
2884
|
#include "./data/fle2-insert-range-explicit/double-precision/RNG_DATA.h"
|
2876
2885
|
tc.rng_data = (_test_rng_data_source){.buf = {.data = (uint8_t *)RNG_DATA, .len = sizeof(RNG_DATA) - 1}};
|
2877
2886
|
#undef RNG_DATA
|
2878
|
-
tc.algorithm =
|
2887
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
2879
2888
|
tc.user_key_id = &keyABC_id;
|
2880
2889
|
tc.index_key_id = &key123_id;
|
2881
2890
|
tc.contention_factor = OPT_I64(0);
|
@@ -2895,11 +2904,11 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
2895
2904
|
ee_testcase tc = {0};
|
2896
2905
|
tc.desc = "algorithm='Range' with query_type='range' with double without "
|
2897
2906
|
"precision";
|
2898
|
-
tc.algorithm =
|
2907
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
2899
2908
|
tc.user_key_id = &keyABC_id;
|
2900
2909
|
tc.index_key_id = &key123_id;
|
2901
2910
|
tc.contention_factor = OPT_I64(0);
|
2902
|
-
tc.query_type =
|
2911
|
+
tc.query_type = MONGOCRYPT_QUERY_TYPE_RANGE_STR;
|
2903
2912
|
tc.range_opts = TEST_FILE("./test/data/fle2-find-range-explicit/double/"
|
2904
2913
|
"rangeopts.json");
|
2905
2914
|
tc.msg = TEST_FILE("./test/data/fle2-find-range-explicit/double/value-to-encrypt.json");
|
@@ -2914,11 +2923,11 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
2914
2923
|
ee_testcase tc = {0};
|
2915
2924
|
tc.desc = "algorithm='Range' with query_type='range' with double without "
|
2916
2925
|
"precision (v2)";
|
2917
|
-
tc.algorithm =
|
2926
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
2918
2927
|
tc.user_key_id = &keyABC_id;
|
2919
2928
|
tc.index_key_id = &key123_id;
|
2920
2929
|
tc.contention_factor = OPT_I64(0);
|
2921
|
-
tc.query_type =
|
2930
|
+
tc.query_type = MONGOCRYPT_QUERY_TYPE_RANGE_STR;
|
2922
2931
|
tc.range_opts = TEST_FILE("./test/data/fle2-find-range-explicit/double/"
|
2923
2932
|
"rangeopts.json");
|
2924
2933
|
tc.msg = TEST_FILE("./test/data/fle2-find-range-explicit/double/value-to-encrypt.json");
|
@@ -2936,7 +2945,7 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
2936
2945
|
#include "./data/fle2-insert-range-explicit/double/RNG_DATA.h"
|
2937
2946
|
tc.rng_data = (_test_rng_data_source){.buf = {.data = (uint8_t *)RNG_DATA, .len = sizeof(RNG_DATA) - 1}};
|
2938
2947
|
#undef RNG_DATA
|
2939
|
-
tc.algorithm =
|
2948
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
2940
2949
|
tc.user_key_id = &keyABC_id;
|
2941
2950
|
tc.index_key_id = &key123_id;
|
2942
2951
|
tc.contention_factor = OPT_I64(0);
|
@@ -2956,7 +2965,7 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
2956
2965
|
#include "./data/fle2-insert-range-explicit/double/RNG_DATA.h"
|
2957
2966
|
tc.rng_data = (_test_rng_data_source){.buf = {.data = (uint8_t *)RNG_DATA, .len = sizeof(RNG_DATA) - 1}};
|
2958
2967
|
#undef RNG_DATA
|
2959
|
-
tc.algorithm =
|
2968
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
2960
2969
|
tc.user_key_id = &keyABC_id;
|
2961
2970
|
tc.index_key_id = &key123_id;
|
2962
2971
|
tc.contention_factor = OPT_I64(0);
|
@@ -2974,7 +2983,7 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
2974
2983
|
{
|
2975
2984
|
ee_testcase tc = {0};
|
2976
2985
|
tc.desc = "min > max for insert";
|
2977
|
-
tc.algorithm =
|
2986
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
2978
2987
|
tc.user_key_id = &keyABC_id;
|
2979
2988
|
tc.contention_factor = OPT_I64(0);
|
2980
2989
|
tc.range_opts = TEST_BSON("{'min': 1, 'max': 0, 'sparsity': {'$numberLong': '1'}}");
|
@@ -2987,7 +2996,7 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
2987
2996
|
{
|
2988
2997
|
ee_testcase tc = {0};
|
2989
2998
|
tc.desc = "min > max for insert (v2)";
|
2990
|
-
tc.algorithm =
|
2999
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
2991
3000
|
tc.user_key_id = &keyABC_id;
|
2992
3001
|
tc.contention_factor = OPT_I64(0);
|
2993
3002
|
tc.range_opts = TEST_BSON("{'min': 1, 'max': 0, 'sparsity': {'$numberLong': '1'}}");
|
@@ -3001,8 +3010,8 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
3001
3010
|
{
|
3002
3011
|
ee_testcase tc = {0};
|
3003
3012
|
tc.desc = "min > max for find";
|
3004
|
-
tc.algorithm =
|
3005
|
-
tc.query_type =
|
3013
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
3014
|
+
tc.query_type = MONGOCRYPT_QUERY_TYPE_RANGE_STR;
|
3006
3015
|
tc.user_key_id = &keyABC_id;
|
3007
3016
|
tc.contention_factor = OPT_I64(0);
|
3008
3017
|
tc.range_opts = TEST_BSON("{'min': 25, 'max': 24, 'sparsity': {'$numberLong': '1'}}");
|
@@ -3016,8 +3025,8 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
3016
3025
|
{
|
3017
3026
|
ee_testcase tc = {0};
|
3018
3027
|
tc.desc = "min > max for find (v2)";
|
3019
|
-
tc.algorithm =
|
3020
|
-
tc.query_type =
|
3028
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
3029
|
+
tc.query_type = MONGOCRYPT_QUERY_TYPE_RANGE_STR;
|
3021
3030
|
tc.user_key_id = &keyABC_id;
|
3022
3031
|
tc.contention_factor = OPT_I64(0);
|
3023
3032
|
tc.range_opts = TEST_BSON("{'min': 25, 'max': 24, 'sparsity': {'$numberLong': '1'}}");
|
@@ -3031,8 +3040,8 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
3031
3040
|
{
|
3032
3041
|
ee_testcase tc = {0};
|
3033
3042
|
tc.desc = "open interval";
|
3034
|
-
tc.algorithm =
|
3035
|
-
tc.query_type =
|
3043
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
3044
|
+
tc.query_type = MONGOCRYPT_QUERY_TYPE_RANGE_STR;
|
3036
3045
|
tc.user_key_id = &keyABC_id;
|
3037
3046
|
tc.contention_factor = OPT_I64(0);
|
3038
3047
|
tc.range_opts = TEST_FILE("./test/data/fle2-find-range-explicit/"
|
@@ -3049,8 +3058,8 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
3049
3058
|
{
|
3050
3059
|
ee_testcase tc = {0};
|
3051
3060
|
tc.desc = "open interval (v2)";
|
3052
|
-
tc.algorithm =
|
3053
|
-
tc.query_type =
|
3061
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
3062
|
+
tc.query_type = MONGOCRYPT_QUERY_TYPE_RANGE_STR;
|
3054
3063
|
tc.user_key_id = &keyABC_id;
|
3055
3064
|
tc.contention_factor = OPT_I64(0);
|
3056
3065
|
tc.range_opts = TEST_FILE("./test/data/fle2-find-range-explicit/"
|
@@ -3070,7 +3079,7 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
3070
3079
|
{
|
3071
3080
|
ee_testcase tc = {0};
|
3072
3081
|
tc.desc = "min is required to insert int for range";
|
3073
|
-
tc.algorithm =
|
3082
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
3074
3083
|
tc.user_key_id = &keyABC_id;
|
3075
3084
|
tc.contention_factor = OPT_I64(0);
|
3076
3085
|
tc.range_opts = TEST_BSON(RAW_STRING({"max" : {"$numberInt" : "200"}, "sparsity" : {"$numberLong" : "1"}}));
|
@@ -3083,7 +3092,7 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
3083
3092
|
{
|
3084
3093
|
ee_testcase tc = {0};
|
3085
3094
|
tc.desc = "max is required to insert int for range";
|
3086
|
-
tc.algorithm =
|
3095
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
3087
3096
|
tc.user_key_id = &keyABC_id;
|
3088
3097
|
tc.contention_factor = OPT_I64(0);
|
3089
3098
|
tc.range_opts = TEST_BSON(RAW_STRING({"min" : {"$numberInt" : "0"}, "sparsity" : {"$numberLong" : "1"}}));
|
@@ -3096,8 +3105,8 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
3096
3105
|
{
|
3097
3106
|
ee_testcase tc = {0};
|
3098
3107
|
tc.desc = "min is required to find int for range";
|
3099
|
-
tc.algorithm =
|
3100
|
-
tc.query_type =
|
3108
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
3109
|
+
tc.query_type = MONGOCRYPT_QUERY_TYPE_RANGE_STR;
|
3101
3110
|
tc.user_key_id = &keyABC_id;
|
3102
3111
|
tc.contention_factor = OPT_I64(0);
|
3103
3112
|
tc.range_opts = TEST_BSON(RAW_STRING({"max" : {"$numberInt" : "200"}, "sparsity" : {"$numberLong" : "1"}}));
|
@@ -3114,8 +3123,8 @@ static void _test_encrypt_fle2_explicit(_mongocrypt_tester_t *tester) {
|
|
3114
3123
|
{
|
3115
3124
|
ee_testcase tc = {0};
|
3116
3125
|
tc.desc = "max is required to find int for range";
|
3117
|
-
tc.algorithm =
|
3118
|
-
tc.query_type =
|
3126
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
3127
|
+
tc.query_type = MONGOCRYPT_QUERY_TYPE_RANGE_STR;
|
3119
3128
|
tc.user_key_id = &keyABC_id;
|
3120
3129
|
tc.contention_factor = OPT_I64(0);
|
3121
3130
|
tc.range_opts = TEST_BSON(RAW_STRING({"min" : {"$numberInt" : "0"}, "sparsity" : {"$numberLong" : "1"}}));
|
@@ -3148,7 +3157,7 @@ static void _test_encrypt_applies_default_state_collections(_mongocrypt_tester_t
|
|
3148
3157
|
// TODO(MONGOCRYPT-572): This test uses the QEv1 protocol. Update this test for QEv2 or remove. Note: decrypting
|
3149
3158
|
// QEv1 is still supported.
|
3150
3159
|
ASSERT_OK(mongocrypt_setopt_fle2v2(crypt, false), crypt);
|
3151
|
-
ASSERT_OK(
|
3160
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
3152
3161
|
ctx = mongocrypt_ctx_new(crypt);
|
3153
3162
|
ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_BSON("{'find': 'coll'}")), ctx);
|
3154
3163
|
ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS);
|
@@ -3183,7 +3192,7 @@ static void _test_encrypt_applies_default_state_collections(_mongocrypt_tester_t
|
|
3183
3192
|
TEST_BSON("{'db.coll': { 'fields': [], 'escCollection': 'esc', "
|
3184
3193
|
"'eccCollection': 'ecc', 'ecocCollection': 'ecoc'}}")),
|
3185
3194
|
crypt);
|
3186
|
-
ASSERT_OK(
|
3195
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
3187
3196
|
ctx = mongocrypt_ctx_new(crypt);
|
3188
3197
|
ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_BSON("{'find': 'coll'}")), ctx);
|
3189
3198
|
ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS);
|
@@ -3217,7 +3226,7 @@ static void _test_encrypt_applies_default_state_collections(_mongocrypt_tester_t
|
|
3217
3226
|
TEST_BSON("{'fields': [], 'db.coll': {'escCollection': "
|
3218
3227
|
"'esc', 'eccCollection': 'ecc', 'fields': []}}")),
|
3219
3228
|
crypt);
|
3220
|
-
ASSERT_OK(
|
3229
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
3221
3230
|
ctx = mongocrypt_ctx_new(crypt);
|
3222
3231
|
ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_BSON("{'find': 'coll'}")), ctx);
|
3223
3232
|
ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS);
|
@@ -3359,7 +3368,7 @@ static void _test_encrypt_fle2_delete_v1(_mongocrypt_tester_t *tester) {
|
|
3359
3368
|
// decrypting
|
3360
3369
|
// QEv1 is still supported.
|
3361
3370
|
ASSERT_OK(mongocrypt_setopt_fle2v2(crypt, false), crypt);
|
3362
|
-
ASSERT_OK(
|
3371
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
3363
3372
|
}
|
3364
3373
|
|
3365
3374
|
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
@@ -3416,7 +3425,7 @@ static void _test_encrypt_fle2_delete_v1(_mongocrypt_tester_t *tester) {
|
|
3416
3425
|
// decrypting
|
3417
3426
|
// QEv1 is still supported.
|
3418
3427
|
ASSERT_OK(mongocrypt_setopt_fle2v2(crypt, false), crypt);
|
3419
|
-
ASSERT_OK(
|
3428
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
3420
3429
|
}
|
3421
3430
|
|
3422
3431
|
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
@@ -3482,7 +3491,7 @@ static void _test_encrypt_fle2_delete_v1(_mongocrypt_tester_t *tester) {
|
|
3482
3491
|
// decrypting
|
3483
3492
|
// QEv1 is still supported.
|
3484
3493
|
ASSERT_OK(mongocrypt_setopt_fle2v2(crypt, false), crypt);
|
3485
|
-
ASSERT_OK(
|
3494
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
3486
3495
|
}
|
3487
3496
|
|
3488
3497
|
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
@@ -3613,7 +3622,7 @@ static void _test_encrypt_fle2_delete_v2(_mongocrypt_tester_t *tester) {
|
|
3613
3622
|
mongocrypt_binary_destroy(localkey);
|
3614
3623
|
mongocrypt_setopt_bypass_query_analysis(crypt);
|
3615
3624
|
mongocrypt_setopt_fle2v2(crypt, true);
|
3616
|
-
ASSERT_OK(
|
3625
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
3617
3626
|
}
|
3618
3627
|
|
3619
3628
|
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
@@ -3656,7 +3665,7 @@ static void _test_encrypt_fle2_delete_v2(_mongocrypt_tester_t *tester) {
|
|
3656
3665
|
"encrypted-field-config-map.json")),
|
3657
3666
|
crypt);
|
3658
3667
|
mongocrypt_setopt_fle2v2(crypt, true);
|
3659
|
-
ASSERT_OK(
|
3668
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
3660
3669
|
}
|
3661
3670
|
|
3662
3671
|
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
@@ -3715,7 +3724,7 @@ static void _test_encrypt_fle2_delete_v2(_mongocrypt_tester_t *tester) {
|
|
3715
3724
|
crypt);
|
3716
3725
|
mongocrypt_setopt_bypass_query_analysis(crypt);
|
3717
3726
|
mongocrypt_setopt_fle2v2(crypt, true);
|
3718
|
-
ASSERT_OK(
|
3727
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
3719
3728
|
}
|
3720
3729
|
|
3721
3730
|
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
@@ -4315,7 +4324,7 @@ static void _test_fle1_create_with_schema(_mongocrypt_tester_t *tester) {
|
|
4315
4324
|
ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt);
|
4316
4325
|
ASSERT_OK(mongocrypt_setopt_schema_map(crypt, TEST_FILE("./test/data/fle1-create/with-schema/schema-map.json")),
|
4317
4326
|
crypt);
|
4318
|
-
ASSERT_OK(
|
4327
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
4319
4328
|
|
4320
4329
|
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
4321
4330
|
|
@@ -4493,7 +4502,7 @@ static void _test_fle2_create(_mongocrypt_tester_t *tester) {
|
|
4493
4502
|
crypt,
|
4494
4503
|
TEST_FILE("./test/data/fle2-create/encrypted-field-config-map.json")),
|
4495
4504
|
crypt);
|
4496
|
-
ASSERT_OK(
|
4505
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
4497
4506
|
|
4498
4507
|
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
4499
4508
|
|
@@ -4549,7 +4558,7 @@ static void _test_fle2_create_bypass_query_analysis(_mongocrypt_tester_t *tester
|
|
4549
4558
|
TEST_FILE("./test/data/fle2-create/encrypted-field-config-map.json")),
|
4550
4559
|
crypt);
|
4551
4560
|
mongocrypt_setopt_bypass_query_analysis(crypt);
|
4552
|
-
ASSERT_OK(
|
4561
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
4553
4562
|
|
4554
4563
|
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
4555
4564
|
|
@@ -4650,6 +4659,823 @@ static void _test_fle1_collmod_without_jsonSchema(_mongocrypt_tester_t *tester)
|
|
4650
4659
|
mongocrypt_destroy(crypt);
|
4651
4660
|
}
|
4652
4661
|
|
4662
|
+
#define BSON_STR(...) #__VA_ARGS__
|
4663
|
+
|
4664
|
+
static void _test_bulkWrite(_mongocrypt_tester_t *tester) {
|
4665
|
+
if (!_aes_ctr_is_supported_by_os) {
|
4666
|
+
printf("Common Crypto with no CTR support detected. Required by QEv2 encryption. Skipping.");
|
4667
|
+
return;
|
4668
|
+
}
|
4669
|
+
|
4670
|
+
// local_kek is the KEK used to encrypt the keyMaterial in ./test/data/key-document-local.json
|
4671
|
+
uint8_t local_kek_raw[MONGOCRYPT_KEY_LEN] = {0};
|
4672
|
+
char *local_kek = kms_message_raw_to_b64(local_kek_raw, sizeof(local_kek_raw));
|
4673
|
+
|
4674
|
+
// Test initializing bulkWrite commands.
|
4675
|
+
{
|
4676
|
+
mongocrypt_t *crypt = mongocrypt_new();
|
4677
|
+
mongocrypt_setopt_use_need_mongo_collinfo_with_db_state(crypt);
|
4678
|
+
mongocrypt_setopt_kms_providers(
|
4679
|
+
crypt,
|
4680
|
+
TEST_BSON(BSON_STR({"local" : {"key" : {"$binary" : {"base64" : "%s", "subType" : "00"}}}}), local_kek));
|
4681
|
+
|
4682
|
+
ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map(
|
4683
|
+
crypt,
|
4684
|
+
TEST_FILE("./test/data/bulkWrite/simple/encrypted-field-map.json")),
|
4685
|
+
crypt);
|
4686
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
4687
|
+
|
4688
|
+
// Successful case.
|
4689
|
+
{
|
4690
|
+
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
4691
|
+
mongocrypt_binary_t *cmd = TEST_BSON(BSON_STR({"bulkWrite" : 1, "nsInfo" : [ {"ns" : "db.coll"} ]}));
|
4692
|
+
ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "admin", -1, cmd), ctx);
|
4693
|
+
mongocrypt_ctx_destroy(ctx);
|
4694
|
+
}
|
4695
|
+
|
4696
|
+
// No `nsInfo`.
|
4697
|
+
{
|
4698
|
+
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
4699
|
+
mongocrypt_binary_t *cmd = TEST_BSON(BSON_STR({"bulkWrite" : 1}));
|
4700
|
+
ASSERT_FAILS(mongocrypt_ctx_encrypt_init(ctx, "admin", -1, cmd), ctx, "failed to find namespace");
|
4701
|
+
mongocrypt_ctx_destroy(ctx);
|
4702
|
+
}
|
4703
|
+
|
4704
|
+
// `nsInfo` is not an array.
|
4705
|
+
{
|
4706
|
+
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
4707
|
+
mongocrypt_binary_t *cmd = TEST_BSON(BSON_STR({"bulkWrite" : 1, "nsInfo" : {"foo" : "bar"}}));
|
4708
|
+
ASSERT_FAILS(mongocrypt_ctx_encrypt_init(ctx, "admin", -1, cmd), ctx, "failed to find namespace");
|
4709
|
+
mongocrypt_ctx_destroy(ctx);
|
4710
|
+
}
|
4711
|
+
|
4712
|
+
// `nsInfo.ns` is not correct form.
|
4713
|
+
{
|
4714
|
+
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
4715
|
+
mongocrypt_binary_t *cmd = TEST_BSON(BSON_STR({"bulkWrite" : 1, "nsInfo" : [ {"ns" : "invalid"} ]}));
|
4716
|
+
ASSERT_FAILS(mongocrypt_ctx_encrypt_init(ctx, "admin", -1, cmd), ctx, "expected namespace to contain dot");
|
4717
|
+
mongocrypt_ctx_destroy(ctx);
|
4718
|
+
}
|
4719
|
+
|
4720
|
+
// `nsInfo` is empty.
|
4721
|
+
{
|
4722
|
+
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
4723
|
+
mongocrypt_binary_t *cmd = TEST_BSON(BSON_STR({"bulkWrite" : 1, "nsInfo" : []}));
|
4724
|
+
ASSERT_FAILS(mongocrypt_ctx_encrypt_init(ctx, "admin", -1, cmd), ctx, "failed to find namespace");
|
4725
|
+
mongocrypt_ctx_destroy(ctx);
|
4726
|
+
}
|
4727
|
+
|
4728
|
+
// `nsInfo` has more than one entry.
|
4729
|
+
{
|
4730
|
+
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
4731
|
+
mongocrypt_binary_t *cmd =
|
4732
|
+
TEST_BSON(BSON_STR({"bulkWrite" : 1, "nsInfo" : [ {"ns" : "db.coll"}, {"ns" : "db.coll2"} ]}));
|
4733
|
+
ASSERT_FAILS(mongocrypt_ctx_encrypt_init(ctx, "admin", -1, cmd), ctx, "found more than one");
|
4734
|
+
mongocrypt_ctx_destroy(ctx);
|
4735
|
+
}
|
4736
|
+
|
4737
|
+
mongocrypt_destroy(crypt);
|
4738
|
+
}
|
4739
|
+
|
4740
|
+
// Test a bulkWrite with one namespace.
|
4741
|
+
{
|
4742
|
+
mongocrypt_t *crypt = mongocrypt_new();
|
4743
|
+
|
4744
|
+
mongocrypt_setopt_kms_providers(
|
4745
|
+
crypt,
|
4746
|
+
TEST_BSON(BSON_STR({"local" : {"key" : {"$binary" : {"base64" : "%s", "subType" : "00"}}}}), local_kek));
|
4747
|
+
|
4748
|
+
ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map(
|
4749
|
+
crypt,
|
4750
|
+
TEST_FILE("./test/data/bulkWrite/simple/encrypted-field-map.json")),
|
4751
|
+
crypt);
|
4752
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
4753
|
+
|
4754
|
+
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
4755
|
+
|
4756
|
+
ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "admin", -1, TEST_FILE("./test/data/bulkWrite/simple/cmd.json")),
|
4757
|
+
ctx);
|
4758
|
+
|
4759
|
+
ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS);
|
4760
|
+
{
|
4761
|
+
mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new();
|
4762
|
+
|
4763
|
+
ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx);
|
4764
|
+
ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/bulkWrite/simple/cmd-to-mongocryptd.json"),
|
4765
|
+
cmd_to_mongocryptd);
|
4766
|
+
mongocrypt_binary_destroy(cmd_to_mongocryptd);
|
4767
|
+
ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, TEST_FILE("./test/data/bulkWrite/simple/mongocryptd-reply.json")),
|
4768
|
+
ctx);
|
4769
|
+
ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx);
|
4770
|
+
}
|
4771
|
+
|
4772
|
+
ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_KEYS);
|
4773
|
+
{
|
4774
|
+
ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, TEST_FILE("./test/data/key-document-local.json")), ctx);
|
4775
|
+
ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx);
|
4776
|
+
}
|
4777
|
+
|
4778
|
+
ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY);
|
4779
|
+
{
|
4780
|
+
mongocrypt_binary_t *out = mongocrypt_binary_new();
|
4781
|
+
ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx);
|
4782
|
+
|
4783
|
+
// Match results.
|
4784
|
+
bson_t out_bson;
|
4785
|
+
ASSERT(_mongocrypt_binary_to_bson(out, &out_bson));
|
4786
|
+
mongocrypt_binary_t *pattern = TEST_FILE("./test/data/bulkWrite/simple/encrypted-payload-pattern.json");
|
4787
|
+
bson_t pattern_bson;
|
4788
|
+
ASSERT(_mongocrypt_binary_to_bson(pattern, &pattern_bson));
|
4789
|
+
_assert_match_bson(&out_bson, &pattern_bson);
|
4790
|
+
|
4791
|
+
mongocrypt_binary_destroy(out);
|
4792
|
+
}
|
4793
|
+
|
4794
|
+
mongocrypt_ctx_destroy(ctx);
|
4795
|
+
mongocrypt_destroy(crypt);
|
4796
|
+
}
|
4797
|
+
|
4798
|
+
// Test a bulkWrite with remote encryptedFields.
|
4799
|
+
{
|
4800
|
+
mongocrypt_t *crypt = mongocrypt_new();
|
4801
|
+
mongocrypt_setopt_use_need_mongo_collinfo_with_db_state(crypt);
|
4802
|
+
|
4803
|
+
mongocrypt_setopt_kms_providers(
|
4804
|
+
crypt,
|
4805
|
+
TEST_BSON(BSON_STR({"local" : {"key" : {"$binary" : {"base64" : "%s", "subType" : "00"}}}}), local_kek));
|
4806
|
+
|
4807
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
4808
|
+
|
4809
|
+
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
4810
|
+
|
4811
|
+
ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "admin", -1, TEST_FILE("./test/data/bulkWrite/simple/cmd.json")),
|
4812
|
+
ctx);
|
4813
|
+
|
4814
|
+
ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB);
|
4815
|
+
{
|
4816
|
+
// Ensure the requested database is obtained from `nsInfo` (and not "admin").
|
4817
|
+
const char *db = mongocrypt_ctx_mongo_db(ctx);
|
4818
|
+
ASSERT_OK(db, ctx);
|
4819
|
+
ASSERT_STREQUAL(db, "db");
|
4820
|
+
|
4821
|
+
{
|
4822
|
+
mongocrypt_binary_t *cmd = mongocrypt_binary_new();
|
4823
|
+
ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd), ctx);
|
4824
|
+
bson_t cmd_bson;
|
4825
|
+
ASSERT(_mongocrypt_binary_to_bson(cmd, &cmd_bson));
|
4826
|
+
_assert_match_bson(&cmd_bson, TMP_BSON(BSON_STR({"name" : "test"})));
|
4827
|
+
mongocrypt_binary_destroy(cmd);
|
4828
|
+
}
|
4829
|
+
// Feed back response.
|
4830
|
+
ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, TEST_FILE("./test/data/bulkWrite/simple/collinfo.json")), ctx);
|
4831
|
+
ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx);
|
4832
|
+
}
|
4833
|
+
|
4834
|
+
ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS);
|
4835
|
+
{
|
4836
|
+
mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new();
|
4837
|
+
|
4838
|
+
ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx);
|
4839
|
+
ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/bulkWrite/simple/cmd-to-mongocryptd.json"),
|
4840
|
+
cmd_to_mongocryptd);
|
4841
|
+
mongocrypt_binary_destroy(cmd_to_mongocryptd);
|
4842
|
+
ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, TEST_FILE("./test/data/bulkWrite/simple/mongocryptd-reply.json")),
|
4843
|
+
ctx);
|
4844
|
+
ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx);
|
4845
|
+
}
|
4846
|
+
|
4847
|
+
ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_KEYS);
|
4848
|
+
{
|
4849
|
+
ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, TEST_FILE("./test/data/key-document-local.json")), ctx);
|
4850
|
+
ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx);
|
4851
|
+
}
|
4852
|
+
|
4853
|
+
ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY);
|
4854
|
+
{
|
4855
|
+
mongocrypt_binary_t *out = mongocrypt_binary_new();
|
4856
|
+
ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx);
|
4857
|
+
|
4858
|
+
// Match results.
|
4859
|
+
bson_t out_bson;
|
4860
|
+
ASSERT(_mongocrypt_binary_to_bson(out, &out_bson));
|
4861
|
+
mongocrypt_binary_t *pattern = TEST_FILE("./test/data/bulkWrite/simple/encrypted-payload-pattern.json");
|
4862
|
+
bson_t pattern_bson;
|
4863
|
+
ASSERT(_mongocrypt_binary_to_bson(pattern, &pattern_bson));
|
4864
|
+
_assert_match_bson(&out_bson, &pattern_bson);
|
4865
|
+
|
4866
|
+
mongocrypt_binary_destroy(out);
|
4867
|
+
}
|
4868
|
+
|
4869
|
+
mongocrypt_ctx_destroy(ctx);
|
4870
|
+
mongocrypt_destroy(crypt);
|
4871
|
+
}
|
4872
|
+
|
4873
|
+
// Test a bulkWrite with remote schema when MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB is not supported.
|
4874
|
+
{
|
4875
|
+
mongocrypt_t *crypt = mongocrypt_new();
|
4876
|
+
|
4877
|
+
mongocrypt_setopt_kms_providers(
|
4878
|
+
crypt,
|
4879
|
+
TEST_BSON(BSON_STR({"local" : {"key" : {"$binary" : {"base64" : "%s", "subType" : "00"}}}}), local_kek));
|
4880
|
+
|
4881
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
4882
|
+
|
4883
|
+
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
4884
|
+
|
4885
|
+
ASSERT_FAILS(
|
4886
|
+
mongocrypt_ctx_encrypt_init(ctx, "admin", -1, TEST_FILE("./test/data/bulkWrite/simple/cmd.json")),
|
4887
|
+
ctx,
|
4888
|
+
"Fetching remote collection information on separate databases is not supported. Try upgrading driver, or "
|
4889
|
+
"specify a local schemaMap or encryptedFieldsMap.");
|
4890
|
+
|
4891
|
+
mongocrypt_ctx_destroy(ctx);
|
4892
|
+
mongocrypt_destroy(crypt);
|
4893
|
+
}
|
4894
|
+
|
4895
|
+
// Test a bulkWrite to an unencrypted collection.
|
4896
|
+
{
|
4897
|
+
mongocrypt_t *crypt = mongocrypt_new();
|
4898
|
+
// Opt-in to handling required state for fetching remote encryptedFields with `bulkWrite`.
|
4899
|
+
mongocrypt_setopt_use_need_mongo_collinfo_with_db_state(crypt);
|
4900
|
+
|
4901
|
+
mongocrypt_setopt_kms_providers(
|
4902
|
+
crypt,
|
4903
|
+
TEST_BSON(BSON_STR({"local" : {"key" : {"$binary" : {"base64" : "%s", "subType" : "00"}}}}), local_kek));
|
4904
|
+
|
4905
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
4906
|
+
|
4907
|
+
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
4908
|
+
|
4909
|
+
ASSERT_OK(
|
4910
|
+
mongocrypt_ctx_encrypt_init(ctx, "admin", -1, TEST_FILE("./test/data/bulkWrite/unencrypted/cmd.json")),
|
4911
|
+
ctx);
|
4912
|
+
|
4913
|
+
ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB);
|
4914
|
+
{
|
4915
|
+
// Do not feed any response.
|
4916
|
+
ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx);
|
4917
|
+
}
|
4918
|
+
|
4919
|
+
ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS);
|
4920
|
+
{
|
4921
|
+
mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new();
|
4922
|
+
|
4923
|
+
ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx);
|
4924
|
+
ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/bulkWrite/unencrypted/cmd-to-mongocryptd.json"),
|
4925
|
+
cmd_to_mongocryptd);
|
4926
|
+
mongocrypt_binary_destroy(cmd_to_mongocryptd);
|
4927
|
+
ASSERT_OK(
|
4928
|
+
mongocrypt_ctx_mongo_feed(ctx, TEST_FILE("./test/data/bulkWrite/unencrypted/mongocryptd-reply.json")),
|
4929
|
+
ctx);
|
4930
|
+
ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx);
|
4931
|
+
}
|
4932
|
+
|
4933
|
+
ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY);
|
4934
|
+
{
|
4935
|
+
mongocrypt_binary_t *out = mongocrypt_binary_new();
|
4936
|
+
ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx);
|
4937
|
+
|
4938
|
+
// `expect` excludes `encryptionInformation`.
|
4939
|
+
mongocrypt_binary_t *expect = TEST_FILE("./test/data/bulkWrite/unencrypted/payload.json");
|
4940
|
+
ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(expect, out);
|
4941
|
+
|
4942
|
+
mongocrypt_binary_destroy(out);
|
4943
|
+
}
|
4944
|
+
|
4945
|
+
mongocrypt_ctx_destroy(ctx);
|
4946
|
+
|
4947
|
+
// Test again to ensure the cached collinfo produces same result.
|
4948
|
+
ctx = mongocrypt_ctx_new(crypt);
|
4949
|
+
|
4950
|
+
ASSERT_OK(
|
4951
|
+
mongocrypt_ctx_encrypt_init(ctx, "admin", -1, TEST_FILE("./test/data/bulkWrite/unencrypted/cmd.json")),
|
4952
|
+
ctx);
|
4953
|
+
|
4954
|
+
// MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB state is not entered. collinfo is loaded from cache.
|
4955
|
+
|
4956
|
+
ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS);
|
4957
|
+
{
|
4958
|
+
mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new();
|
4959
|
+
|
4960
|
+
ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx);
|
4961
|
+
ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/bulkWrite/unencrypted/cmd-to-mongocryptd.json"),
|
4962
|
+
cmd_to_mongocryptd);
|
4963
|
+
mongocrypt_binary_destroy(cmd_to_mongocryptd);
|
4964
|
+
ASSERT_OK(
|
4965
|
+
mongocrypt_ctx_mongo_feed(ctx, TEST_FILE("./test/data/bulkWrite/unencrypted/mongocryptd-reply.json")),
|
4966
|
+
ctx);
|
4967
|
+
ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx);
|
4968
|
+
}
|
4969
|
+
|
4970
|
+
ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY);
|
4971
|
+
{
|
4972
|
+
mongocrypt_binary_t *out = mongocrypt_binary_new();
|
4973
|
+
ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx);
|
4974
|
+
|
4975
|
+
// `expect` excludes `encryptionInformation`.
|
4976
|
+
mongocrypt_binary_t *expect = TEST_FILE("./test/data/bulkWrite/unencrypted/payload.json");
|
4977
|
+
ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(expect, out);
|
4978
|
+
|
4979
|
+
mongocrypt_binary_destroy(out);
|
4980
|
+
}
|
4981
|
+
|
4982
|
+
mongocrypt_ctx_destroy(ctx);
|
4983
|
+
mongocrypt_destroy(crypt);
|
4984
|
+
}
|
4985
|
+
|
4986
|
+
// Test a bulkWrite with bypassQueryAnalysis. Expect `encryptionInformation` is added, but query analysis is not
|
4987
|
+
// consulted.
|
4988
|
+
{
|
4989
|
+
mongocrypt_t *crypt = mongocrypt_new();
|
4990
|
+
|
4991
|
+
mongocrypt_setopt_bypass_query_analysis(crypt);
|
4992
|
+
|
4993
|
+
mongocrypt_setopt_kms_providers(
|
4994
|
+
crypt,
|
4995
|
+
TEST_BSON(BSON_STR({"local" : {"key" : {"$binary" : {"base64" : "%s", "subType" : "00"}}}}), local_kek));
|
4996
|
+
|
4997
|
+
ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map(
|
4998
|
+
crypt,
|
4999
|
+
TEST_FILE("./test/data/bulkWrite/simple/encrypted-field-map.json")),
|
5000
|
+
crypt);
|
5001
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
5002
|
+
|
5003
|
+
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
5004
|
+
|
5005
|
+
ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "admin", -1, TEST_FILE("./test/data/bulkWrite/simple/cmd.json")),
|
5006
|
+
ctx);
|
5007
|
+
|
5008
|
+
// Query analysis is not consulted. Immediately transitions to MONGOCRYPT_CTX_READY.
|
5009
|
+
|
5010
|
+
ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY);
|
5011
|
+
{
|
5012
|
+
mongocrypt_binary_t *out = mongocrypt_binary_new();
|
5013
|
+
ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx);
|
5014
|
+
|
5015
|
+
// `expect` excludes `encryptionInformation`.
|
5016
|
+
mongocrypt_binary_t *expect = TEST_FILE("./test/data/bulkWrite/bypassQueryAnalysis/payload.json");
|
5017
|
+
ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(expect, out);
|
5018
|
+
mongocrypt_binary_destroy(out);
|
5019
|
+
}
|
5020
|
+
|
5021
|
+
mongocrypt_ctx_destroy(ctx);
|
5022
|
+
mongocrypt_destroy(crypt);
|
5023
|
+
}
|
5024
|
+
|
5025
|
+
// Test a bulkWrite with CSFLE (not supported by server)
|
5026
|
+
{
|
5027
|
+
mongocrypt_t *crypt = mongocrypt_new();
|
5028
|
+
|
5029
|
+
mongocrypt_setopt_kms_providers(
|
5030
|
+
crypt,
|
5031
|
+
TEST_BSON(BSON_STR({"local" : {"key" : {"$binary" : {"base64" : "%s", "subType" : "00"}}}}), local_kek));
|
5032
|
+
|
5033
|
+
// Associate a JSON schema to the collection to enable CSFLE.
|
5034
|
+
ASSERT_OK(mongocrypt_setopt_schema_map(crypt, TEST_BSON(BSON_STR({"db.test" : {}}))), crypt);
|
5035
|
+
ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt);
|
5036
|
+
|
5037
|
+
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
5038
|
+
|
5039
|
+
ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "admin", -1, TEST_FILE("./test/data/bulkWrite/simple/cmd.json")),
|
5040
|
+
ctx);
|
5041
|
+
|
5042
|
+
ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS);
|
5043
|
+
{
|
5044
|
+
mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new();
|
5045
|
+
|
5046
|
+
ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx);
|
5047
|
+
ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/bulkWrite/jsonSchema/cmd-to-mongocryptd.json"),
|
5048
|
+
cmd_to_mongocryptd);
|
5049
|
+
mongocrypt_binary_destroy(cmd_to_mongocryptd);
|
5050
|
+
|
5051
|
+
// End the test here. At present, an error query analysis returns this error for `bulkWrite` with a
|
5052
|
+
// `jsonSchema`: `The bulkWrite command only supports Queryable Encryption`.
|
5053
|
+
// libmongocrypt deliberately does not error to enable possible future server support of CSFLE
|
5054
|
+
// with bulkWrite without libmongocrypt changes.
|
5055
|
+
}
|
5056
|
+
|
5057
|
+
mongocrypt_ctx_destroy(ctx);
|
5058
|
+
mongocrypt_destroy(crypt);
|
5059
|
+
}
|
5060
|
+
|
5061
|
+
bson_free(local_kek);
|
5062
|
+
}
|
5063
|
+
|
5064
|
+
// `_test_rangePreview_fails` tests that use of "rangePreview" errors when rangeV2 is opted-in.
|
5065
|
+
static void _test_rangePreview_fails(_mongocrypt_tester_t *tester) {
|
5066
|
+
// local_kek is the KEK used to encrypt the keyMaterial in ./test/data/key-document-local.json
|
5067
|
+
uint8_t local_kek_raw[MONGOCRYPT_KEY_LEN] = {0};
|
5068
|
+
char *local_kek = kms_message_raw_to_b64(local_kek_raw, sizeof(local_kek_raw));
|
5069
|
+
mongocrypt_binary_t *kms_providers =
|
5070
|
+
TEST_BSON(BSON_STR({"local" : {"key" : {"$binary" : {"base64" : "%s", "subType" : "00"}}}}), local_kek);
|
5071
|
+
|
5072
|
+
// Test setting 'rangePreview' as an explicit encryption algorithm results in error.
|
5073
|
+
{
|
5074
|
+
mongocrypt_t *crypt = mongocrypt_new();
|
5075
|
+
mongocrypt_setopt_kms_providers(crypt, kms_providers);
|
5076
|
+
ASSERT_OK(mongocrypt_setopt_use_range_v2(crypt), crypt);
|
5077
|
+
ASSERT_OK(mongocrypt_init(crypt), crypt);
|
5078
|
+
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
5079
|
+
ASSERT_OK(ctx, crypt);
|
5080
|
+
ASSERT_FAILS(mongocrypt_ctx_setopt_algorithm(ctx, MONGOCRYPT_ALGORITHM_RANGEPREVIEW_DEPRECATED_STR, -1),
|
5081
|
+
ctx,
|
5082
|
+
"Algorithm 'rangePreview' is deprecated");
|
5083
|
+
mongocrypt_ctx_destroy(ctx);
|
5084
|
+
mongocrypt_destroy(crypt);
|
5085
|
+
}
|
5086
|
+
|
5087
|
+
// Test setting 'rangePreview' as an explicit encryption queryType results in error.
|
5088
|
+
{
|
5089
|
+
mongocrypt_t *crypt = mongocrypt_new();
|
5090
|
+
mongocrypt_setopt_kms_providers(crypt, kms_providers);
|
5091
|
+
ASSERT_OK(mongocrypt_setopt_use_range_v2(crypt), crypt);
|
5092
|
+
ASSERT_OK(mongocrypt_init(crypt), crypt);
|
5093
|
+
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
5094
|
+
ASSERT_OK(ctx, crypt);
|
5095
|
+
ASSERT_FAILS(mongocrypt_ctx_setopt_query_type(ctx, MONGOCRYPT_QUERY_TYPE_RANGEPREVIEW_DEPRECATED_STR, -1),
|
5096
|
+
ctx,
|
5097
|
+
"Query type 'rangePreview' is deprecated");
|
5098
|
+
mongocrypt_ctx_destroy(ctx);
|
5099
|
+
mongocrypt_destroy(crypt);
|
5100
|
+
}
|
5101
|
+
|
5102
|
+
// Test setting 'rangePreview' from encryptedFields results in error.
|
5103
|
+
{
|
5104
|
+
mongocrypt_t *crypt = mongocrypt_new();
|
5105
|
+
mongocrypt_setopt_kms_providers(crypt, kms_providers);
|
5106
|
+
ASSERT_OK(mongocrypt_setopt_use_range_v2(crypt), crypt);
|
5107
|
+
ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map(
|
5108
|
+
crypt,
|
5109
|
+
TEST_FILE("./test/data/fle2-insert-range/int32/encrypted-field-map.json")), // Uses 'rangePreview'
|
5110
|
+
crypt);
|
5111
|
+
ASSERT_OK(mongocrypt_init(crypt), crypt);
|
5112
|
+
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
5113
|
+
ASSERT_OK(ctx, crypt);
|
5114
|
+
ASSERT_FAILS(
|
5115
|
+
mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_FILE("./test/data/fle2-insert-range/int32/cmd.json")),
|
5116
|
+
ctx,
|
5117
|
+
"Cannot use field 'encrypted' with 'rangePreview' queries");
|
5118
|
+
mongocrypt_ctx_destroy(ctx);
|
5119
|
+
mongocrypt_destroy(crypt);
|
5120
|
+
}
|
5121
|
+
|
5122
|
+
bson_free(local_kek);
|
5123
|
+
}
|
5124
|
+
|
5125
|
+
// `autoencryption_test` defines a test for the automatic encryption context.
|
5126
|
+
typedef struct {
|
5127
|
+
const char *desc;
|
5128
|
+
_test_rng_data_source rng_data;
|
5129
|
+
mongocrypt_binary_t *cmd;
|
5130
|
+
mongocrypt_binary_t *encrypted_field_map;
|
5131
|
+
mongocrypt_binary_t *mongocryptd_reply;
|
5132
|
+
mongocrypt_binary_t *keys_to_feed[3]; // NULL terminated list.
|
5133
|
+
mongocrypt_binary_t *expect;
|
5134
|
+
} autoencryption_test;
|
5135
|
+
|
5136
|
+
static void autoencryption_test_run(autoencryption_test *aet) {
|
5137
|
+
if (!_aes_ctr_is_supported_by_os) {
|
5138
|
+
printf("Common Crypto with no CTR support detected. Skipping.");
|
5139
|
+
return;
|
5140
|
+
}
|
5141
|
+
|
5142
|
+
printf(" auto_encryption test: '%s' ... begin\n", aet->desc);
|
5143
|
+
|
5144
|
+
// Reset global counter for the `payloadId` to produce deterministic payloads.
|
5145
|
+
extern void mc_reset_payloadId_for_testing(void);
|
5146
|
+
mc_reset_payloadId_for_testing();
|
5147
|
+
|
5148
|
+
// Initialize mongocrypt_t.
|
5149
|
+
mongocrypt_t *crypt = mongocrypt_new();
|
5150
|
+
{
|
5151
|
+
mongocrypt_setopt_log_handler(crypt, _mongocrypt_stdout_log_fn, NULL);
|
5152
|
+
|
5153
|
+
// Set "local" KMS provider.
|
5154
|
+
{
|
5155
|
+
// `localkey_data` is the KEK used to encrypt the keyMaterial in ./test/data/keys/
|
5156
|
+
char localkey_data[MONGOCRYPT_KEY_LEN] = {0};
|
5157
|
+
mongocrypt_binary_t *localkey =
|
5158
|
+
mongocrypt_binary_new_from_data((uint8_t *)localkey_data, sizeof localkey_data);
|
5159
|
+
ASSERT_OK(mongocrypt_setopt_kms_provider_local(crypt, localkey), crypt);
|
5160
|
+
mongocrypt_binary_destroy(localkey);
|
5161
|
+
}
|
5162
|
+
|
5163
|
+
if (aet->rng_data.buf.len > 0) {
|
5164
|
+
// Set deterministic random number generator.
|
5165
|
+
ASSERT_OK(mongocrypt_setopt_crypto_hooks(crypt,
|
5166
|
+
_std_hook_native_crypto_aes_256_cbc_encrypt,
|
5167
|
+
_std_hook_native_crypto_aes_256_cbc_decrypt,
|
5168
|
+
_test_rng_source,
|
5169
|
+
_std_hook_native_hmac_sha512,
|
5170
|
+
_std_hook_native_hmac_sha256,
|
5171
|
+
_error_hook_native_sha256,
|
5172
|
+
&aet->rng_data /* ctx */),
|
5173
|
+
crypt);
|
5174
|
+
}
|
5175
|
+
|
5176
|
+
ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map(crypt, aet->encrypted_field_map), crypt);
|
5177
|
+
ASSERT_OK(mongocrypt_setopt_use_range_v2(crypt), crypt);
|
5178
|
+
ASSERT_OK(mongocrypt_init(crypt), crypt);
|
5179
|
+
}
|
5180
|
+
|
5181
|
+
// Create the auto encryption context and run.
|
5182
|
+
mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
|
5183
|
+
ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, aet->cmd), ctx);
|
5184
|
+
|
5185
|
+
ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS);
|
5186
|
+
{
|
5187
|
+
ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, aet->mongocryptd_reply), ctx);
|
5188
|
+
ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx);
|
5189
|
+
}
|
5190
|
+
|
5191
|
+
ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_KEYS);
|
5192
|
+
{
|
5193
|
+
for (mongocrypt_binary_t **iter = aet->keys_to_feed; *iter != NULL; iter++) {
|
5194
|
+
ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, *iter), ctx);
|
5195
|
+
}
|
5196
|
+
ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx);
|
5197
|
+
}
|
5198
|
+
|
5199
|
+
ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY);
|
5200
|
+
{
|
5201
|
+
mongocrypt_binary_t *got = mongocrypt_binary_new();
|
5202
|
+
|
5203
|
+
bool ret = mongocrypt_ctx_finalize(ctx, got);
|
5204
|
+
ASSERT_OK(ret, ctx);
|
5205
|
+
ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(aet->expect, got);
|
5206
|
+
mongocrypt_binary_destroy(got);
|
5207
|
+
}
|
5208
|
+
|
5209
|
+
printf(" auto_encryption test: '%s' ... end\n", aet->desc);
|
5210
|
+
mongocrypt_ctx_destroy(ctx);
|
5211
|
+
mongocrypt_destroy(crypt);
|
5212
|
+
}
|
5213
|
+
|
5214
|
+
static void _test_no_trimFactor(_mongocrypt_tester_t *tester) {
|
5215
|
+
if (!_aes_ctr_is_supported_by_os) {
|
5216
|
+
printf("Common Crypto with no CTR support detected. Skipping.");
|
5217
|
+
return;
|
5218
|
+
}
|
5219
|
+
|
5220
|
+
mongocrypt_binary_t *key123 = TEST_FILE("./test/data/keys/12345678123498761234123456789012-local-document.json");
|
5221
|
+
|
5222
|
+
// Test insert.
|
5223
|
+
{
|
5224
|
+
autoencryption_test aet = {
|
5225
|
+
.desc = "missing trimFactor in mongocryptd reply for `insert` is OK",
|
5226
|
+
.cmd = TEST_FILE("test/data/no-trimFactor/insert/cmd.json"),
|
5227
|
+
.encrypted_field_map = TEST_FILE("test/data/no-trimFactor/insert/encrypted-field-map.json"),
|
5228
|
+
.mongocryptd_reply = TEST_FILE("test/data/no-trimFactor/insert/mongocryptd-reply.json"),
|
5229
|
+
.keys_to_feed = {key123},
|
5230
|
+
.expect = TEST_FILE("test/data/no-trimFactor/insert/encrypted-payload.json"),
|
5231
|
+
};
|
5232
|
+
|
5233
|
+
// Set fixed random data for deterministic results.
|
5234
|
+
mongocrypt_binary_t *rng_data = TEST_BIN(1024);
|
5235
|
+
aet.rng_data = (_test_rng_data_source){.buf = {.data = rng_data->data, .len = rng_data->len}};
|
5236
|
+
|
5237
|
+
autoencryption_test_run(&aet);
|
5238
|
+
}
|
5239
|
+
|
5240
|
+
// Test find.
|
5241
|
+
{
|
5242
|
+
autoencryption_test aet = {
|
5243
|
+
.desc = "missing trimFactor in mongocryptd reply for `find` is OK",
|
5244
|
+
.cmd = TEST_FILE("test/data/no-trimFactor/find/cmd.json"),
|
5245
|
+
.encrypted_field_map = TEST_FILE("test/data/no-trimFactor/find/encrypted-field-map.json"),
|
5246
|
+
.mongocryptd_reply = TEST_FILE("test/data/no-trimFactor/find/mongocryptd-reply.json"),
|
5247
|
+
.keys_to_feed = {key123},
|
5248
|
+
.expect = TEST_FILE("test/data/no-trimFactor/find/encrypted-payload.json"),
|
5249
|
+
};
|
5250
|
+
|
5251
|
+
// Set fixed random data for deterministic results.
|
5252
|
+
mongocrypt_binary_t *rng_data = TEST_BIN(1024);
|
5253
|
+
aet.rng_data = (_test_rng_data_source){.buf = {.data = rng_data->data, .len = rng_data->len}};
|
5254
|
+
|
5255
|
+
autoencryption_test_run(&aet);
|
5256
|
+
}
|
5257
|
+
}
|
5258
|
+
|
5259
|
+
// `lookup_payload_bson` looks up a payload from the BSON document `result` at path `path`.
|
5260
|
+
// The BSON portion of the payload is parsed into `payload_bson`.
|
5261
|
+
static void lookup_payload_bson(mongocrypt_binary_t *result, char *path, bson_t *payload_bson) {
|
5262
|
+
bson_t result_bson;
|
5263
|
+
ASSERT(_mongocrypt_binary_to_bson(result, &result_bson));
|
5264
|
+
|
5265
|
+
// Iterate to the path.
|
5266
|
+
bson_iter_t iter;
|
5267
|
+
ASSERT(bson_iter_init(&iter, &result_bson));
|
5268
|
+
if (!bson_iter_find_descendant(&iter, path, &iter)) {
|
5269
|
+
TEST_ERROR("Unable to find path '%s'. Got: %s", path, tmp_json(&result_bson));
|
5270
|
+
}
|
5271
|
+
|
5272
|
+
_mongocrypt_buffer_t buf;
|
5273
|
+
ASSERT(_mongocrypt_buffer_from_binary_iter(&buf, &iter));
|
5274
|
+
ASSERT_CMPINT((int)buf.subtype, ==, (int)BSON_SUBTYPE_ENCRYPTED);
|
5275
|
+
|
5276
|
+
// Expect a payload to start with an identifier byte. Expect the remainder to be BSON.
|
5277
|
+
ASSERT_CMPUINT32(buf.len, >, 0);
|
5278
|
+
ASSERT(bson_init_static(payload_bson, buf.data + 1, buf.len - 1));
|
5279
|
+
}
|
5280
|
+
|
5281
|
+
// Test that the crypto params added in SERVER-91889 are sent for "range" payloads.
|
5282
|
+
static void _test_range_sends_cryptoParams(_mongocrypt_tester_t *tester) {
|
5283
|
+
if (!_aes_ctr_is_supported_by_os) {
|
5284
|
+
printf("Common Crypto with no CTR support detected. Skipping.");
|
5285
|
+
return;
|
5286
|
+
}
|
5287
|
+
|
5288
|
+
// Set up key data used for test.
|
5289
|
+
_mongocrypt_buffer_t key123_id;
|
5290
|
+
_mongocrypt_buffer_copy_from_hex(&key123_id, "12345678123498761234123456789012");
|
5291
|
+
mongocrypt_binary_t *key123 = TEST_FILE("./test/data/keys/12345678123498761234123456789012-local-document.json");
|
5292
|
+
// Use fixed random data for deterministic results.
|
5293
|
+
mongocrypt_binary_t *rng_data = TEST_BIN(1024);
|
5294
|
+
|
5295
|
+
// Test explicit insert.
|
5296
|
+
{
|
5297
|
+
ee_testcase tc = {0};
|
5298
|
+
tc.desc = "'range' sends crypto params for insert";
|
5299
|
+
tc.rng_data = (_test_rng_data_source){.buf = {.data = rng_data->data, .len = rng_data->len}};
|
5300
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
5301
|
+
tc.user_key_id = &key123_id;
|
5302
|
+
tc.contention_factor = OPT_I64(1);
|
5303
|
+
tc.range_opts = TEST_BSON("{'min': 0, 'max': 1234567, 'sparsity': { '$numberLong': '3' }, 'trimFactor': 4}");
|
5304
|
+
tc.msg = TEST_BSON("{'v': 123456}");
|
5305
|
+
tc.keys_to_feed[0] = key123;
|
5306
|
+
tc.expect = TEST_FILE("./test/data/range-sends-cryptoParams/explicit-insert-int32/expected.json");
|
5307
|
+
tc.use_v2 = true; // Use QEv2 protocol.
|
5308
|
+
tc.use_range_v2 = true; // Use RangeV2 protocol.
|
5309
|
+
ee_testcase_run(&tc);
|
5310
|
+
// Check the parameters are present in the final payload.
|
5311
|
+
{
|
5312
|
+
bson_t payload_bson;
|
5313
|
+
lookup_payload_bson(tc.expect, "v", &payload_bson);
|
5314
|
+
_assert_match_bson(
|
5315
|
+
&payload_bson,
|
5316
|
+
TMP_BSON(BSON_STR({"sp" : 3, "tf" : 4, "mn" : 0, "mx" : 1234567, "pn" : {"$exists" : false}})));
|
5317
|
+
}
|
5318
|
+
}
|
5319
|
+
|
5320
|
+
// Test explicit insert with defaults.
|
5321
|
+
{
|
5322
|
+
ee_testcase tc = {0};
|
5323
|
+
tc.desc = "'range' sends crypto params for insert with correct defaults";
|
5324
|
+
tc.rng_data = (_test_rng_data_source){.buf = {.data = rng_data->data, .len = rng_data->len}};
|
5325
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
5326
|
+
tc.user_key_id = &key123_id;
|
5327
|
+
tc.contention_factor = OPT_I64(1);
|
5328
|
+
// Use defaults for `sparsity` (2), and `trimFactor` (6).
|
5329
|
+
tc.range_opts = TEST_BSON("{'min': 0, 'max': 1234567}");
|
5330
|
+
tc.msg = TEST_BSON("{'v': 123456}");
|
5331
|
+
tc.keys_to_feed[0] = key123;
|
5332
|
+
tc.expect = TEST_FILE("./test/data/range-sends-cryptoParams/explicit-insert-int32-defaults/expected.json");
|
5333
|
+
tc.use_v2 = true; // Use QEv2 protocol.
|
5334
|
+
tc.use_range_v2 = true; // Use RangeV2 protocol.
|
5335
|
+
ee_testcase_run(&tc);
|
5336
|
+
// Check the parameters are present in the final payload.
|
5337
|
+
{
|
5338
|
+
bson_t payload_bson;
|
5339
|
+
lookup_payload_bson(tc.expect, "v", &payload_bson);
|
5340
|
+
_assert_match_bson(
|
5341
|
+
&payload_bson,
|
5342
|
+
TMP_BSON(BSON_STR({"sp" : 2, "tf" : 6, "mn" : 0, "mx" : 1234567, "pn" : {"$exists" : false}})));
|
5343
|
+
}
|
5344
|
+
}
|
5345
|
+
|
5346
|
+
// Test explicit insert of double.
|
5347
|
+
{
|
5348
|
+
ee_testcase tc = {0};
|
5349
|
+
tc.desc = "'range' sends crypto params for insert for double";
|
5350
|
+
mongocrypt_binary_t *rng_data = TEST_BIN(1024);
|
5351
|
+
tc.rng_data = (_test_rng_data_source){.buf = {.data = rng_data->data, .len = rng_data->len}};
|
5352
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
5353
|
+
tc.user_key_id = &key123_id;
|
5354
|
+
tc.contention_factor = OPT_I64(1);
|
5355
|
+
tc.range_opts = TEST_BSON(
|
5356
|
+
"{'min': 0.0, 'max': 1234567.0, 'precision': 2, 'sparsity': { '$numberLong': '3' }, 'trimFactor': 4}");
|
5357
|
+
tc.msg = TEST_BSON("{'v': 123456.0}");
|
5358
|
+
tc.keys_to_feed[0] = key123;
|
5359
|
+
tc.expect = TEST_FILE("./test/data/range-sends-cryptoParams/explicit-insert-double/expected.json");
|
5360
|
+
tc.use_v2 = true; // Use QEv2 protocol.
|
5361
|
+
tc.use_range_v2 = true; // Use RangeV2 protocol.
|
5362
|
+
ee_testcase_run(&tc);
|
5363
|
+
// Check the parameters are present in the final payload.
|
5364
|
+
{
|
5365
|
+
bson_t payload_bson;
|
5366
|
+
lookup_payload_bson(tc.expect, "v", &payload_bson);
|
5367
|
+
_assert_match_bson(&payload_bson,
|
5368
|
+
TMP_BSON(BSON_STR({"sp" : 3, "tf" : 4, "mn" : 0.0, "mx" : 1234567.0, "pn" : 2})));
|
5369
|
+
}
|
5370
|
+
}
|
5371
|
+
|
5372
|
+
// Test explicit find.
|
5373
|
+
{
|
5374
|
+
ee_testcase tc = {0};
|
5375
|
+
tc.desc = "'range' sends crypto params for find with correct defaults";
|
5376
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
5377
|
+
tc.query_type = MONGOCRYPT_QUERY_TYPE_RANGE_STR;
|
5378
|
+
tc.is_expression = true;
|
5379
|
+
tc.user_key_id = &key123_id;
|
5380
|
+
tc.contention_factor = OPT_I64(1);
|
5381
|
+
tc.range_opts =
|
5382
|
+
TEST_BSON("{'min': 0, 'max': 1234567}"); // Use defaults for `sparsity` (2), and `trimFactor` (6).
|
5383
|
+
tc.msg = TEST_FILE("./test/data/range-sends-cryptoParams/explicit-find-int32-defaults/to-encrypt.json");
|
5384
|
+
tc.keys_to_feed[0] = key123;
|
5385
|
+
tc.expect = TEST_FILE("./test/data/range-sends-cryptoParams/explicit-find-int32-defaults/expected.json");
|
5386
|
+
tc.use_v2 = true; // Use QEv2 protocol.
|
5387
|
+
tc.use_range_v2 = true; // Use RangeV2 protocol.
|
5388
|
+
ee_testcase_run(&tc);
|
5389
|
+
// Check the parameters are present in the final payload.
|
5390
|
+
{
|
5391
|
+
bson_t payload_bson;
|
5392
|
+
lookup_payload_bson(tc.expect, "v.$and.0.age.$gte", &payload_bson);
|
5393
|
+
_assert_match_bson(
|
5394
|
+
&payload_bson,
|
5395
|
+
TMP_BSON(BSON_STR({"sp" : 2, "tf" : 6, "mn" : 0, "mx" : 1234567, "pn" : {"$exists" : false}})));
|
5396
|
+
}
|
5397
|
+
}
|
5398
|
+
|
5399
|
+
// Test explicit find with defaults.
|
5400
|
+
{
|
5401
|
+
ee_testcase tc = {0};
|
5402
|
+
tc.desc = "'range' sends crypto params for find";
|
5403
|
+
tc.algorithm = MONGOCRYPT_ALGORITHM_RANGE_STR;
|
5404
|
+
tc.query_type = MONGOCRYPT_QUERY_TYPE_RANGE_STR;
|
5405
|
+
tc.is_expression = true;
|
5406
|
+
tc.user_key_id = &key123_id;
|
5407
|
+
tc.contention_factor = OPT_I64(1);
|
5408
|
+
tc.range_opts = TEST_BSON("{'min': 0, 'max': 1234567, 'sparsity': { '$numberLong': '3' }, 'trimFactor': 4}");
|
5409
|
+
tc.msg = TEST_FILE("./test/data/range-sends-cryptoParams/explicit-find-int32/to-encrypt.json");
|
5410
|
+
tc.keys_to_feed[0] = key123;
|
5411
|
+
tc.expect = TEST_FILE("./test/data/range-sends-cryptoParams/explicit-find-int32/expected.json");
|
5412
|
+
tc.use_v2 = true; // Use QEv2 protocol.
|
5413
|
+
tc.use_range_v2 = true; // Use RangeV2 protocol.
|
5414
|
+
ee_testcase_run(&tc);
|
5415
|
+
// Check the parameters are present in the final payload.
|
5416
|
+
{
|
5417
|
+
bson_t payload_bson;
|
5418
|
+
lookup_payload_bson(tc.expect, "v.$and.0.age.$gte", &payload_bson);
|
5419
|
+
_assert_match_bson(
|
5420
|
+
&payload_bson,
|
5421
|
+
TMP_BSON(BSON_STR({"sp" : 3, "tf" : 4, "mn" : 0, "mx" : 1234567, "pn" : {"$exists" : false}})));
|
5422
|
+
}
|
5423
|
+
}
|
5424
|
+
|
5425
|
+
// Test automatic insert of int32.
|
5426
|
+
{
|
5427
|
+
autoencryption_test aet = {
|
5428
|
+
.desc = "'range' sends crypto params for insert",
|
5429
|
+
.rng_data = {.buf = {.data = rng_data->data, .len = rng_data->len}},
|
5430
|
+
.cmd = TEST_FILE("./test/data/range-sends-cryptoParams/auto-insert-int32/cmd.json"),
|
5431
|
+
.encrypted_field_map =
|
5432
|
+
TEST_FILE("./test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-field-map.json"),
|
5433
|
+
.mongocryptd_reply =
|
5434
|
+
TEST_FILE("./test/data/range-sends-cryptoParams/auto-insert-int32/mongocryptd-reply.json"),
|
5435
|
+
.keys_to_feed = {key123},
|
5436
|
+
.expect = TEST_FILE("./test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-payload.json")};
|
5437
|
+
|
5438
|
+
autoencryption_test_run(&aet);
|
5439
|
+
|
5440
|
+
// Check the parameters are present in the final payload.
|
5441
|
+
{
|
5442
|
+
bson_t payload_bson;
|
5443
|
+
lookup_payload_bson(aet.expect, "documents.0.encrypted", &payload_bson);
|
5444
|
+
_assert_match_bson(
|
5445
|
+
&payload_bson,
|
5446
|
+
TMP_BSON(
|
5447
|
+
BSON_STR({"sp" : 2, "tf" : 6, "mn" : -2147483648, "mx" : 2147483647, "pn" : {"$exists" : false}})));
|
5448
|
+
}
|
5449
|
+
}
|
5450
|
+
|
5451
|
+
// Test automatic find of int32.
|
5452
|
+
{
|
5453
|
+
autoencryption_test aet = {
|
5454
|
+
.desc = "'range' sends crypto params for find",
|
5455
|
+
.cmd = TEST_FILE("./test/data/range-sends-cryptoParams/auto-find-int32/cmd.json"),
|
5456
|
+
.encrypted_field_map =
|
5457
|
+
TEST_FILE("./test/data/range-sends-cryptoParams/auto-find-int32/encrypted-field-map.json"),
|
5458
|
+
.mongocryptd_reply =
|
5459
|
+
TEST_FILE("./test/data/range-sends-cryptoParams/auto-find-int32/mongocryptd-reply.json"),
|
5460
|
+
.keys_to_feed = {key123},
|
5461
|
+
.expect = TEST_FILE("./test/data/range-sends-cryptoParams/auto-find-int32/encrypted-payload.json")};
|
5462
|
+
|
5463
|
+
autoencryption_test_run(&aet);
|
5464
|
+
|
5465
|
+
// Check the parameters are present in the final payload.
|
5466
|
+
{
|
5467
|
+
bson_t payload_bson;
|
5468
|
+
lookup_payload_bson(aet.expect, "filter.$and.0.encrypted.$gte", &payload_bson);
|
5469
|
+
_assert_match_bson(
|
5470
|
+
&payload_bson,
|
5471
|
+
TMP_BSON(
|
5472
|
+
BSON_STR({"sp" : 2, "tf" : 6, "mn" : -2147483648, "mx" : 2147483647, "pn" : {"$exists" : false}})));
|
5473
|
+
}
|
5474
|
+
}
|
5475
|
+
|
5476
|
+
_mongocrypt_buffer_cleanup(&key123_id);
|
5477
|
+
}
|
5478
|
+
|
4653
5479
|
void _mongocrypt_tester_install_ctx_encrypt(_mongocrypt_tester_t *tester) {
|
4654
5480
|
INSTALL_TEST(_test_explicit_encrypt_init);
|
4655
5481
|
INSTALL_TEST(_test_encrypt_init);
|
@@ -4729,4 +5555,8 @@ void _mongocrypt_tester_install_ctx_encrypt(_mongocrypt_tester_t *tester) {
|
|
4729
5555
|
INSTALL_TEST(_test_encrypt_fle2_find_range_payload_decimal128);
|
4730
5556
|
INSTALL_TEST(_test_encrypt_fle2_find_range_payload_decimal128_precision);
|
4731
5557
|
#endif
|
5558
|
+
INSTALL_TEST(_test_bulkWrite);
|
5559
|
+
INSTALL_TEST(_test_rangePreview_fails);
|
5560
|
+
INSTALL_TEST(_test_no_trimFactor);
|
5561
|
+
INSTALL_TEST(_test_range_sends_cryptoParams);
|
4732
5562
|
}
|