diff options
| author | Shreyas Kalyan <shreyas.kalyan@10gen.com> | 2022-03-11 11:49:37 -0500 |
|---|---|---|
| committer | Shreyas Kalyan <shreyas.kalyan@10gen.com> | 2022-03-17 15:03:42 -0400 |
| commit | 6e062c6815c8eefaa36b6d4c3216b352df8b3d82 (patch) | |
| tree | 5d25feb6d65e297ce920069a144ef204c44336f8 | |
| parent | f7e3b602cf271f7793eedfbc49050e6728607ad7 (diff) | |
| download | mongo-6e062c6815c8eefaa36b6d4c3216b352df8b3d82.tar.gz | |
SERVER-64101 Add support for transforming FLE2EncryptionPlaceholder to FLE2FindEqualityPayload
| -rw-r--r-- | src/mongo/crypto/fle_crypto.cpp | 156 | ||||
| -rw-r--r-- | src/mongo/crypto/fle_crypto.h | 4 | ||||
| -rw-r--r-- | src/mongo/crypto/fle_crypto_test.cpp | 205 | ||||
| -rw-r--r-- | src/mongo/db/fle_crud_test.cpp | 6 |
4 files changed, 247 insertions, 124 deletions
diff --git a/src/mongo/crypto/fle_crypto.cpp b/src/mongo/crypto/fle_crypto.cpp index 33813becaf1..7c7e15dc073 100644 --- a/src/mongo/crypto/fle_crypto.cpp +++ b/src/mongo/crypto/fle_crypto.cpp @@ -632,21 +632,35 @@ StatusWith<std::vector<uint8_t>> KeyIdAndValue::decrypt(FLEUserKey userKey, */ class EDCClientPayload { public: - static FLE2InsertUpdatePayload parse(ConstDataRange cdr); - static FLE2InsertUpdatePayload serialize(FLEIndexKeyAndId indexKey, - FLEUserKeyAndId userKey, - BSONElement element, - uint64_t maxContentionFactor); + static FLE2InsertUpdatePayload parseIUPayload(ConstDataRange cdr); + static FLE2FindEqualityPayload parseFindPayload(ConstDataRange cdr); + + static FLE2InsertUpdatePayload serializeIUPayload(FLEIndexKeyAndId indexKey, + FLEUserKeyAndId userKey, + BSONElement element, + uint64_t maxContentionFactor); + + static FLE2FindEqualityPayload serializeFindPayload(FLEIndexKeyAndId indexKey, + FLEUserKeyAndId userKey, + BSONElement element, + uint64_t maxContentionFactor); }; -FLE2InsertUpdatePayload EDCClientPayload::parse(ConstDataRange cdr) { + +FLE2InsertUpdatePayload EDCClientPayload::parseIUPayload(ConstDataRange cdr) { return parseFromCDR<FLE2InsertUpdatePayload>(cdr); } -FLE2InsertUpdatePayload EDCClientPayload::serialize(FLEIndexKeyAndId indexKey, - FLEUserKeyAndId userKey, - BSONElement element, - uint64_t maxContentionFactor) { + +FLE2FindEqualityPayload EDCClientPayload::parseFindPayload(ConstDataRange cdr) { + return parseFromCDR<FLE2FindEqualityPayload>(cdr); +} + + +FLE2InsertUpdatePayload EDCClientPayload::serializeIUPayload(FLEIndexKeyAndId indexKey, + FLEUserKeyAndId userKey, + BSONElement element, + uint64_t maxContentionFactor) { auto value = ConstDataRange(element.value(), element.value() + element.valuesize()); auto collectionToken = FLELevel1TokenGenerator::generateCollectionsLevel1Token(indexKey.key); @@ -705,6 +719,39 @@ FLE2InsertUpdatePayload EDCClientPayload::serialize(FLEIndexKeyAndId indexKey, } +FLE2FindEqualityPayload EDCClientPayload::serializeFindPayload(FLEIndexKeyAndId indexKey, + FLEUserKeyAndId userKey, + BSONElement element, + uint64_t maxContentionFactor) { + auto value = ConstDataRange(element.value(), element.value() + element.valuesize()); + + auto collectionToken = FLELevel1TokenGenerator::generateCollectionsLevel1Token(indexKey.key); + auto serverEncryptToken = + FLELevel1TokenGenerator::generateServerDataEncryptionLevel1Token(indexKey.key); + + auto edcToken = FLECollectionTokenGenerator::generateEDCToken(collectionToken); + auto escToken = FLECollectionTokenGenerator::generateESCToken(collectionToken); + auto eccToken = FLECollectionTokenGenerator::generateECCToken(collectionToken); + auto ecocToken = FLECollectionTokenGenerator::generateECOCToken(collectionToken); + + EDCDerivedFromDataToken edcDatakey = + FLEDerivedFromDataTokenGenerator::generateEDCDerivedFromDataToken(edcToken, value); + ESCDerivedFromDataToken escDatakey = + FLEDerivedFromDataTokenGenerator::generateESCDerivedFromDataToken(escToken, value); + ECCDerivedFromDataToken eccDatakey = + FLEDerivedFromDataTokenGenerator::generateECCDerivedFromDataToken(eccToken, value); + + FLE2FindEqualityPayload payload; + + payload.setEdcDerivedToken(edcDatakey.toCDR()); + payload.setEscDerivedToken(escDatakey.toCDR()); + payload.setEccDerivedToken(eccDatakey.toCDR()); + payload.setMaxCounter(maxContentionFactor); + + return payload; +} + + /** * Lightweight class to build a singly linked list of field names to represent the current field * name @@ -883,10 +930,10 @@ void visitEncryptedBSON(const BSONObj& object, * Converts an encryption placeholder to FLE2InsertUpdatePayload in prepration for insert, * fndAndModify and update. */ -void convertToFLE2InsertUpdateValue(FLEKeyVault* keyVault, - ConstDataRange cdr, - BSONObjBuilder* builder, - StringData fieldNameToSerialize) { +void convertToFLE2Payload(FLEKeyVault* keyVault, + ConstDataRange cdr, + BSONObjBuilder* builder, + StringData fieldNameToSerialize) { auto [encryptedType, subCdr] = fromEncryptedConstDataRange(cdr); if (encryptedType == EncryptedBinDataType::kFLE2Placeholder) { @@ -895,7 +942,6 @@ void convertToFLE2InsertUpdateValue(FLEKeyVault* keyVault, auto el = ep.getValue().getElement(); - FLEIndexKeyAndId indexKey = keyVault->getIndexKeyById(ep.getIndexKeyId()); FLEUserKeyAndId userKey = keyVault->getUserKeyById(ep.getUserKeyId()); @@ -905,13 +951,23 @@ void convertToFLE2InsertUpdateValue(FLEKeyVault* keyVault, << "' is not a valid type for FLE 2 encryption", isFLE2EqualityIndexedSupportedType(el.type())); - auto iupayload = - EDCClientPayload::serialize(indexKey, userKey, el, ep.getMaxContentionCounter()); - toEncryptedBinData(fieldNameToSerialize, - EncryptedBinDataType::kFLE2InsertUpdatePayload, - iupayload, - builder); - + if (ep.getType() == Fle2PlaceholderType::kInsert) { + auto iupayload = + EDCClientPayload::serializeIUPayload(indexKey, userKey, el, ep.getMaxContentionCounter()); + + toEncryptedBinData(fieldNameToSerialize, + EncryptedBinDataType::kFLE2InsertUpdatePayload, + iupayload, + builder); + } else if (ep.getType() == Fle2PlaceholderType::kFind) { + auto findpayload = + EDCClientPayload::serializeFindPayload(indexKey, userKey, el, ep.getMaxContentionCounter()); + + toEncryptedBinData(fieldNameToSerialize, + EncryptedBinDataType::kFLE2FindEqualityPayload, + findpayload, + builder); + } } else { uasserted(6338603, "Only FLE 2 style encryption placeholders are supported"); } @@ -924,6 +980,23 @@ void convertToFLE2InsertUpdateValue(FLEKeyVault* keyVault, } } +void parseAndVerifyIUPayload(std::vector<EDCServerPayloadInfo>* pFields, StringData fieldPath, EncryptedBinDataType type, ConstDataRange subCdr) { + auto iupayload = EDCClientPayload::parseIUPayload(subCdr); + + uassert(6373504, + str::stream() << "Type '" << typeName(static_cast<BSONType>(iupayload.getType())) + << "' is not a valid type for FLE 2 encryption", + isValidBSONType(iupayload.getType()) && + isFLE2EqualityIndexedSupportedType(static_cast<BSONType>(iupayload.getType()))); + + pFields->push_back({std::move(iupayload), fieldPath.toString(), 0}); +} + +void parseAndVerifyFindPayload(std::vector<EDCServerPayloadInfo>* pFields, StringData fieldPath, EncryptedBinDataType type, ConstDataRange subCdr) { + // No-op; + return; +} + void collectEDCServerInfo(std::vector<EDCServerPayloadInfo>* pFields, ConstDataRange cdr, StringData fieldPath) { @@ -934,21 +1007,15 @@ void collectEDCServerInfo(std::vector<EDCServerPayloadInfo>* pFields, auto [encryptedTypeBinding, subCdr] = fromEncryptedConstDataRange(cdr); - auto encryptedType = encryptedTypeBinding; - uassert(6373503, - str::stream() << "Unexpected encrypted payload type: " - << static_cast<uint32_t>(encryptedType), - encryptedType == EncryptedBinDataType::kFLE2InsertUpdatePayload); - - auto iupayload = EDCClientPayload::parse(subCdr); - - uassert(6373504, - str::stream() << "Type '" << typeName(static_cast<BSONType>(iupayload.getType())) - << "' is not a valid type for FLE 2 encryption", - isValidBSONType(iupayload.getType()) && - isFLE2EqualityIndexedSupportedType(static_cast<BSONType>(iupayload.getType()))); - - pFields->push_back({std::move(iupayload), fieldPath.toString(), 0}); + if (encryptedTypeBinding == EncryptedBinDataType::kFLE2InsertUpdatePayload) { + parseAndVerifyIUPayload(pFields, fieldPath, encryptedTypeBinding, subCdr); + } else if (encryptedTypeBinding == EncryptedBinDataType::kFLE2FindEqualityPayload) { + parseAndVerifyFindPayload(pFields, fieldPath, encryptedTypeBinding, subCdr); + } else { + uasserted(6373503, + str::stream() << "Unexpected encrypted payload type: " + << static_cast<uint32_t>(encryptedTypeBinding)); + }; } template <typename T> @@ -968,7 +1035,12 @@ void convertServerPayload(std::vector<TagInfo>* pTags, BSONObjBuilder* builder, StringData fieldPath) { - uassert(6373505, "Unexpected end of iterator", it.it != it.end); + if (it.it == it.end) { + return; + } + + // TODO : renable this when find is working on query (find server number) + // uassert(6373505, "Unexpected end of iterator", it.it != it.end); auto payload = *(it.it); // TODO - validate acceptable types - kFLE2InsertUpdatePayload or kFLE2UnindexedEncryptedValue @@ -1216,17 +1288,17 @@ std::vector<uint8_t> FLEClientCrypto::encrypt(BSONElement element, FLEUserKeyAndId userKey, FLECounter counter) { - auto iupayload = EDCClientPayload::serialize(indexKey, userKey, element, counter); + auto iupayload = EDCClientPayload::serializeIUPayload(indexKey, userKey, element, counter); return toEncryptedVector(EncryptedBinDataType::kFLE2InsertUpdatePayload, iupayload); } -BSONObj FLEClientCrypto::generateInsertOrUpdateFromPlaceholders(const BSONObj& obj, - FLEKeyVault* keyVault) { +BSONObj FLEClientCrypto::transformPlaceholders(const BSONObj& obj, + FLEKeyVault* keyVault) { auto ret = transformBSON( obj, [keyVault](ConstDataRange cdr, BSONObjBuilder* builder, StringData field) { - convertToFLE2InsertUpdateValue(keyVault, cdr, builder, field); + convertToFLE2Payload(keyVault, cdr, builder, field); }); return ret; diff --git a/src/mongo/crypto/fle_crypto.h b/src/mongo/crypto/fle_crypto.h index de2b9e93c13..a64f567219b 100644 --- a/src/mongo/crypto/fle_crypto.h +++ b/src/mongo/crypto/fle_crypto.h @@ -730,8 +730,8 @@ public: * e : ServerDataEncryptionLevel1Token, * } */ - static BSONObj generateInsertOrUpdateFromPlaceholders(const BSONObj& obj, - FLEKeyVault* keyVault); + static BSONObj transformPlaceholders(const BSONObj& obj, + FLEKeyVault* keyVault); /** diff --git a/src/mongo/crypto/fle_crypto_test.cpp b/src/mongo/crypto/fle_crypto_test.cpp index 4b91c4e6bde..23de9e0ff5a 100644 --- a/src/mongo/crypto/fle_crypto_test.cpp +++ b/src/mongo/crypto/fle_crypto_test.cpp @@ -27,6 +27,7 @@ * it in the license file. */ +#include "mongo/db/operation_context.h" #include "mongo/platform/basic.h" #include "mongo/crypto/fle_crypto.h" @@ -556,14 +557,21 @@ TEST(FLE_ESC, EmuBinary_NullRecord) { } -std::vector<char> generatePlaceholder(BSONElement value) { +enum class Operation { kFind, kInsert }; + +std::vector<char> generatePlaceholder(BSONElement value, Operation operation) { FLE2EncryptionPlaceholder ep; + if (operation == Operation::kFind) { + ep.setType(mongo::Fle2PlaceholderType::kFind); + } else if (operation == Operation::kInsert) { + ep.setType(mongo::Fle2PlaceholderType::kInsert); + } + ep.setAlgorithm(mongo::Fle2AlgorithmInt::kEquality); ep.setUserKeyId(userKeyId); ep.setIndexKeyId(indexKeyId); ep.setValue(value); - ep.setType(mongo::Fle2PlaceholderType::kInsert); ep.setMaxContentionCounter(0); BSONObj obj = ep.toBSON(); @@ -575,8 +583,9 @@ std::vector<char> generatePlaceholder(BSONElement value) { return v; } -BSONObj encryptDocument(BSONObj obj, FLEKeyVault* keyVault) { - auto result = FLEClientCrypto::generateInsertOrUpdateFromPlaceholders(obj, keyVault); + +BSONObj encryptDocumentForInsert(BSONObj obj, FLEKeyVault* keyVault) { + auto result = FLEClientCrypto::transformPlaceholders(obj, keyVault); // Start Server Side auto serverPayload = EDCServerCollection::getEncryptedFieldInfo(result); @@ -591,7 +600,37 @@ BSONObj encryptDocument(BSONObj obj, FLEKeyVault* keyVault) { return finalDoc; } -void roundTripTest(BSONObj doc, BSONType type) { + +BSONObj generateTokensForFind(BSONObj obj, FLEKeyVault* keyVault) { + auto result = FLEClientCrypto::transformPlaceholders(obj, keyVault); + + // TODO: once query work for find is done, we can return finalDoc. Until then + // we should just return result to see the object with placeholders. + + // // Start Server Side + // auto serverPayload = EDCServerCollection::getEncryptedFieldInfo(result); + + // for (auto& payload : serverPayload) { + // payload.count = 1; + // } + + // // Finalize document for find + // auto finalDoc = EDCServerCollection::finalizeForUpdate(result, serverPayload); + + return result; +} + +BSONObj encryptDocument(BSONObj obj, FLEKeyVault* keyVault, Operation operation) { + if (operation == Operation::kInsert) { + return encryptDocumentForInsert(obj, keyVault); + } else if (operation == Operation::kFind) { + return generateTokensForFind(obj, keyVault); + } else { + return BSONObj(); + } +} + +void roundTripTest(BSONObj doc, BSONType type, Operation operation) { auto element = doc.firstElement(); ASSERT_EQ(element.type(), type); @@ -603,17 +642,23 @@ void roundTripTest(BSONObj doc, BSONType type) { << "sample" << "encrypted" << element); - auto buf = generatePlaceholder(element); + auto buf = generatePlaceholder(element, operation); BSONObjBuilder builder; builder.append("plainText", "sample"); builder.appendBinData("encrypted", buf.size(), BinDataType::Encrypt, buf.data()); - auto finalDoc = encryptDocument(builder.obj(), &keyVault); + auto finalDoc = encryptDocument(builder.obj(), &keyVault, operation); ASSERT_EQ(finalDoc["plainText"].type(), String); ASSERT_EQ(finalDoc["encrypted"].type(), BinData); ASSERT_TRUE(finalDoc["encrypted"].isBinData(BinDataType::Encrypt)); + // TODO : when query enables server side work for Find, remove this + // if statement. + if (operation == Operation::kFind) { + return; + } + // Decrypt document auto decryptedDoc = FLEClientCrypto::decryptDocument(finalDoc, &keyVault); @@ -624,23 +669,27 @@ void roundTripTest(BSONObj doc, BSONType type) { } TEST(FLE_EDC, Allowed_Types) { - roundTripTest(BSON("sample" - << "value123"), - String); - roundTripTest(BSON("sample" << BSONBinData( - testValue.data(), testValue.size(), BinDataType::BinDataGeneral)), - BinData); - roundTripTest(BSON("sample" << OID()), jstOID); - - - roundTripTest(BSON("sample" << false), Bool); - roundTripTest(BSON("sample" << true), Bool); - roundTripTest(BSON("sample" << Date_t()), Date); - roundTripTest(BSON("sample" << BSONRegEx("value1", "value2")), RegEx); - roundTripTest(BSON("sample" << 123456), NumberInt); - roundTripTest(BSON("sample" << Timestamp()), bsonTimestamp); - roundTripTest(BSON("sample" << 12345678901234567LL), NumberLong); - roundTripTest(BSON("sample" << BSONCode("value")), Code); + std::vector<Operation> opTypes{Operation::kInsert, Operation::kFind}; + + for (const auto& type : opTypes) { + roundTripTest(BSON("sample" + << "value123"), + String, type); + roundTripTest(BSON("sample" << BSONBinData( + testValue.data(), testValue.size(), BinDataType::BinDataGeneral)), + BinData, type); + roundTripTest(BSON("sample" << OID()), jstOID, type); + + + roundTripTest(BSON("sample" << false), Bool, type); + roundTripTest(BSON("sample" << true), Bool, type); + roundTripTest(BSON("sample" << Date_t()), Date, type); + roundTripTest(BSON("sample" << BSONRegEx("value1", "value2")), RegEx, type); + roundTripTest(BSON("sample" << 123456), NumberInt, type); + roundTripTest(BSON("sample" << Timestamp()), bsonTimestamp, type); + roundTripTest(BSON("sample" << 12345678901234567LL), NumberLong, type); + roundTripTest(BSON("sample" << BSONCode("value")), Code, type); + }; } void illegalBSONType(BSONObj doc, BSONType type) { @@ -651,13 +700,13 @@ void illegalBSONType(BSONObj doc, BSONType type) { TestKeyVault keyVault; - auto buf = generatePlaceholder(element); + auto buf = generatePlaceholder(element, Operation::kInsert); BSONObjBuilder builder; builder.append("plainText", "sample"); builder.appendBinData("encrypted", buf.size(), BinDataType::Encrypt, buf.data()); BSONObj obj = builder.obj(); - ASSERT_THROWS_CODE(FLEClientCrypto::generateInsertOrUpdateFromPlaceholders(obj, &keyVault), + ASSERT_THROWS_CODE(FLEClientCrypto::transformPlaceholders(obj, &keyVault), DBException, 6338602); } @@ -691,38 +740,6 @@ TEST(FLE_EDC, Disallowed_Types) { } -template <typename T> -T parseFromCDR(ConstDataRange cdr) { - ConstDataRangeCursor cdc(cdr); - auto swObj = cdc.readAndAdvanceNoThrow<Validated<BSONObj>>(); - - uassertStatusOK(swObj); - - BSONObj obj = swObj.getValue(); - - IDLParserErrorContext ctx("root"); - return T::parse(ctx, obj); -} - -template <typename T> -std::vector<uint8_t> toEncryptedVector(EncryptedBinDataType dt, T t) { - BSONObj obj = t.toBSON(); - - std::vector<uint8_t> buf(obj.objsize() + 1); - buf[0] = static_cast<uint8_t>(dt); - - std::copy(obj.objdata(), obj.objdata() + obj.objsize(), buf.data() + 1); - - return buf; -} - -template <typename T> -void toEncryptedBinData(StringData field, EncryptedBinDataType dt, T t, BSONObjBuilder* builder) { - auto buf = toEncryptedVector(dt, t); - - builder->appendBinData(field, buf.size(), BinDataType::Encrypt, buf.data()); -} - BSONObj transformBSON( const BSONObj& object, const std::function<void(ConstDataRange, BSONObjBuilder*, StringData)>& doTransform) { @@ -769,6 +786,40 @@ BSONObj transformBSON( return frameStack.top().builder.obj(); } + +template <typename T> +T parseFromCDR(ConstDataRange cdr) { + ConstDataRangeCursor cdc(cdr); + auto swObj = cdc.readAndAdvanceNoThrow<Validated<BSONObj>>(); + + uassertStatusOK(swObj); + + BSONObj obj = swObj.getValue(); + + IDLParserErrorContext ctx("root"); + return T::parse(ctx, obj); +} + +template <typename T> +std::vector<uint8_t> toEncryptedVector(EncryptedBinDataType dt, T t) { + BSONObj obj = t.toBSON(); + + std::vector<uint8_t> buf(obj.objsize() + 1); + buf[0] = static_cast<uint8_t>(dt); + + std::copy(obj.objdata(), obj.objdata() + obj.objsize(), buf.data() + 1); + + return buf; +} + +template <typename T> +void toEncryptedBinData(StringData field, EncryptedBinDataType dt, T t, BSONObjBuilder* builder) { + auto buf = toEncryptedVector(dt, t); + + builder->appendBinData(field, buf.size(), BinDataType::Encrypt, buf.data()); +} + + void disallowedEqualityPayloadType(BSONType type) { auto doc = BSON("sample" << 123456); auto element = doc.firstElement(); @@ -780,15 +831,15 @@ void disallowedEqualityPayloadType(BSONType type) { << "sample" << "encrypted" << element); - auto buf = generatePlaceholder(element); + auto buf = generatePlaceholder(element, Operation::kInsert); BSONObjBuilder builder; builder.append("plainText", "sample"); builder.appendBinData("encrypted", buf.size(), BinDataType::Encrypt, buf.data()); BSONObj obj = builder.obj(); - auto result = FLEClientCrypto::generateInsertOrUpdateFromPlaceholders(obj, &keyVault); + auto result = FLEClientCrypto::transformPlaceholders(obj, &keyVault); - // Since FLEClientCrypto::generateInsertOrUpdateFromPlaceholders validates the type is correct, + // Since FLEClientCrypto::transformPlaceholders validates the type is correct, // we send an allowed type and then change the type to something that is not allowed result = transformBSON( result, @@ -909,12 +960,12 @@ TEST(FLE_EDC, DuplicateSafeContent_CompatibleType) { auto element = doc.firstElement(); auto inputDoc = BSON(kSafeContent << BSON_ARRAY(1 << 2 << 4) << "encrypted" << element); - auto buf = generatePlaceholder(element); + auto buf = generatePlaceholder(element, Operation::kInsert); BSONObjBuilder builder; builder.append(kSafeContent, BSON_ARRAY(1 << 2 << 4)); builder.appendBinData("encrypted", buf.size(), BinDataType::Encrypt, buf.data()); - auto finalDoc = encryptDocument(builder.obj(), &keyVault); + auto finalDoc = encryptDocumentForInsert(builder.obj(), &keyVault); ASSERT_EQ(finalDoc[kSafeContent].type(), Array); ASSERT_EQ(finalDoc["encrypted"].type(), BinData); @@ -942,12 +993,12 @@ TEST(FLE_EDC, DuplicateSafeContent_IncompatibleType) { << "123456"); auto element = doc.firstElement(); - auto buf = generatePlaceholder(element); + auto buf = generatePlaceholder(element, Operation::kInsert); BSONObjBuilder builder; builder.append(kSafeContent, 123456); builder.appendBinData("encrypted", buf.size(), BinDataType::Encrypt, buf.data()); - ASSERT_THROWS_CODE(encryptDocument(builder.obj(), &keyVault), DBException, 6373510); + ASSERT_THROWS_CODE(encryptDocumentForInsert(builder.obj(), &keyVault), DBException, 6373510); } template <typename T, typename Func> @@ -1068,7 +1119,7 @@ TEST(IndexedFields, FetchTwoLevels) { auto element = doc.firstElement(); auto inputDoc = BSON(kSafeContent << BSON_ARRAY(1 << 2 << 4) << "encrypted" << element); - auto buf = generatePlaceholder(element); + auto buf = generatePlaceholder(element, Operation::kInsert); BSONObjBuilder builder; builder.append(kSafeContent, BSON_ARRAY(1 << 2 << 4)); builder.appendBinData("encrypted", buf.size(), BinDataType::Encrypt, buf.data()); @@ -1087,7 +1138,7 @@ TEST(IndexedFields, FetchTwoLevels) { ASSERT_EQ(noIndexedFields.size(), 0); - auto finalDoc = encryptDocument(obj, &keyVault); + auto finalDoc = encryptDocumentForInsert(obj, &keyVault); auto indexedFields = EDCServerCollection::getEncryptedIndexedFields(finalDoc); @@ -1244,7 +1295,7 @@ TEST(EDC, ValidateDocument) { auto doc = BSON("a" << "secret"); auto element = doc.firstElement(); - auto buf = generatePlaceholder(element); + auto buf = generatePlaceholder(element, Operation::kInsert); builder.appendBinData("encrypted", buf.size(), BinDataType::Encrypt, buf.data()); } { @@ -1253,12 +1304,12 @@ TEST(EDC, ValidateDocument) { auto element = doc.firstElement(); BSONObjBuilder sub(builder.subobjStart("nested")); - auto buf = generatePlaceholder(element); + auto buf = generatePlaceholder(element, Operation::kInsert); builder.appendBinData("encrypted", buf.size(), BinDataType::Encrypt, buf.data()); // TODO - add support for unindexed } - auto finalDoc = encryptDocument(builder.obj(), &keyVault); + auto finalDoc = encryptDocumentForInsert(builder.obj(), &keyVault); // Positive - Encrypted Doc FLEClientCrypto::validateDocument(finalDoc, efc, &keyVault); @@ -1321,7 +1372,7 @@ TEST(EDC, ValidateDocument) { } BSONObj encryptUpdateDocument(BSONObj obj, FLEKeyVault* keyVault) { - auto result = FLEClientCrypto::generateInsertOrUpdateFromPlaceholders(obj, keyVault); + auto result = FLEClientCrypto::transformPlaceholders(obj, keyVault); // Start Server Side auto serverPayload = EDCServerCollection::getEncryptedFieldInfo(result); @@ -1341,7 +1392,7 @@ TEST(FLE_Update, Basic) { << "123456"); auto element = doc.firstElement(); - auto buf = generatePlaceholder(element); + auto buf = generatePlaceholder(element, Operation::kInsert); auto inputDoc = BSON( "$set" << BSON("encrypted" << BSONBinData(buf.data(), buf.size(), BinDataType::Encrypt))); auto finalDoc = encryptUpdateDocument(inputDoc, &keyVault); @@ -1375,7 +1426,7 @@ TEST(FLE_Update, BadPush) { << "123456"); auto element = doc.firstElement(); - auto buf = generatePlaceholder(element); + auto buf = generatePlaceholder(element, Operation::kInsert); auto inputDoc = BSON( "$push" << 123 << "$set" << BSON("encrypted" << BSONBinData(buf.data(), buf.size(), BinDataType::Encrypt))); @@ -1389,7 +1440,7 @@ TEST(FLE_Update, PushToSafeContent) { << "123456"); auto element = doc.firstElement(); - auto buf = generatePlaceholder(element); + auto buf = generatePlaceholder(element, Operation::kInsert); auto inputDoc = BSON( "$push" << 123 << "$set" << BSON("encrypted" << BSONBinData(buf.data(), buf.size(), BinDataType::Encrypt))); @@ -1403,7 +1454,7 @@ TEST(FLE_Update, PushToOtherfield) { << "123456"); auto element = doc.firstElement(); - auto buf = generatePlaceholder(element); + auto buf = generatePlaceholder(element, Operation::kInsert); auto inputDoc = BSON( "$push" << BSON("abc" << 123) << "$set" << BSON("encrypted" << BSONBinData(buf.data(), buf.size(), BinDataType::Encrypt))); @@ -1440,7 +1491,7 @@ TEST(FLE_Update, PullTokens) { auto element = doc.firstElement(); auto inputDoc = BSON(kSafeContent << BSON_ARRAY(1 << 2 << 4) << "encrypted" << element); - auto buf = generatePlaceholder(element); + auto buf = generatePlaceholder(element, Operation::kInsert); BSONObjBuilder builder; builder.append(kSafeContent, BSON_ARRAY(1 << 2 << 4)); builder.appendBinData("encrypted", buf.size(), BinDataType::Encrypt, buf.data()); @@ -1448,7 +1499,7 @@ TEST(FLE_Update, PullTokens) { BSONObjBuilder sub(builder.subobjStart("nested")); sub.appendBinData("encrypted", buf.size(), BinDataType::Encrypt, buf.data()); } - auto encDoc = encryptDocument(builder.obj(), &keyVault); + auto encDoc = encryptDocumentForInsert(builder.obj(), &keyVault); auto removedFields = EDCServerCollection::getEncryptedIndexedFields(encDoc); diff --git a/src/mongo/db/fle_crud_test.cpp b/src/mongo/db/fle_crud_test.cpp index 43cc1ccdbd2..53d5047d37c 100644 --- a/src/mongo/db/fle_crud_test.cpp +++ b/src/mongo/db/fle_crud_test.cpp @@ -449,7 +449,7 @@ void FleCrudTest::doSingleWideInsert(int id, uint64_t fieldCount, ValueGenerator auto clientDoc = builder.obj(); - auto result = FLEClientCrypto::generateInsertOrUpdateFromPlaceholders(clientDoc, &_keyVault); + auto result = FLEClientCrypto::transformPlaceholders(clientDoc, &_keyVault); auto serverPayload = EDCServerCollection::getEncryptedFieldInfo(result); @@ -510,7 +510,7 @@ void FleCrudTest::doSingleInsert(int id, BSONElement element) { auto clientDoc = builder.obj(); - auto result = FLEClientCrypto::generateInsertOrUpdateFromPlaceholders(clientDoc, &_keyVault); + auto result = FLEClientCrypto::transformPlaceholders(clientDoc, &_keyVault); auto serverPayload = EDCServerCollection::getEncryptedFieldInfo(result); @@ -534,7 +534,7 @@ void FleCrudTest::doSingleUpdate(int id, BSONElement element) { builder.append("$set", BSON("encrypted" << BSONBinData(buf.data(), buf.size(), BinDataType::Encrypt))); auto clientDoc = builder.obj(); - auto result = FLEClientCrypto::generateInsertOrUpdateFromPlaceholders(clientDoc, &_keyVault); + auto result = FLEClientCrypto::transformPlaceholders(clientDoc, &_keyVault); doSingleUpdateWithUpdateDoc(id, result); } |