SERVER-72913 Implement generate/decrypt functions for new ESC document formats

author: Erwin Pe <erwin.pe@mongodb.com> 2023-01-24 20:18:31 +0000
committer: Evergreen Agent <no-reply@evergreen.mongodb.com> 2023-01-24 22:28:05 +0000
commit: 7f50a907063adeba488bd5e344dc8b94f3865efd (patch)
tree: b0b2684791edfb4acc23b3e0b987a508fa7764b5 /src/mongo/crypto/fle_crypto.cpp
parent: 5f0ff89c34be00d956b67a90e51aaaba4e05e393 (diff)
download: mongo-7f50a907063adeba488bd5e344dc8b94f3865efd.tar.gz
1 files changed, 59 insertions, 0 deletions
diff --git a/src/mongo/crypto/fle_crypto.cpp b/src/mongo/crypto/fle_crypto.cpp
index 381f453babc..10e1673c1a8 100644
--- a/src/mongo/crypto/fle_crypto.cpp
+++ b/src/mongo/crypto/fle_crypto.cpp
@@ -139,6 +139,10 @@ constexpr uint64_t kESCNonNullId = 1;
 constexpr uint64_t KESCInsertRecordValue = 0;
 constexpr uint64_t kESCompactionRecordValue = std::numeric_limits<uint64_t>::max();
 
+constexpr uint64_t kESCAnchorId = 0;
+constexpr uint64_t kESCNullAnchorPosition = 0;
+constexpr uint64_t kESCNonNullAnchorValuePrefix = 0;
+
 constexpr auto kId = "_id";
 constexpr auto kValue = "value";
 constexpr auto kFieldName = "fieldName";
@@ -2278,6 +2282,19 @@ PrfBlock ESCCollection::generateId(ESCTwiceDerivedTagToken tagToken,
     }
 }
 
+PrfBlock ESCCollection::generateNonAnchorId(const ESCTwiceDerivedTagToken& tagToken,
+                                            uint64_t cpos) {
+    return prf(tagToken.data, cpos);
+}
+
+PrfBlock ESCCollection::generateAnchorId(const ESCTwiceDerivedTagToken& tagToken, uint64_t apos) {
+    return prf(tagToken.data, kESCAnchorId, apos);
+}
+
+PrfBlock ESCCollection::generateNullAnchorId(const ESCTwiceDerivedTagToken& tagToken) {
+    return ESCCollection::generateAnchorId(tagToken, kESCNullAnchorPosition);
+}
+
 BSONObj ESCCollection::generateNullDocument(ESCTwiceDerivedTagToken tagToken,
                                             ESCTwiceDerivedValueToken valueToken,
                                             uint64_t pos,
@@ -2336,6 +2353,44 @@ BSONObj ESCCollection::generateCompactionPlaceholderDocument(ESCTwiceDerivedTagT
     return builder.obj();
 }
 
+BSONObj ESCCollection::generateNonAnchorDocument(const ESCTwiceDerivedTagToken& tagToken,
+                                                 uint64_t cpos) {
+    auto block = ESCCollection::generateNonAnchorId(tagToken, cpos);
+    BSONObjBuilder builder;
+    toBinData(kId, block, &builder);
+    return builder.obj();
+}
+
+BSONObj ESCCollection::generateAnchorDocument(const ESCTwiceDerivedTagToken& tagToken,
+                                              const ESCTwiceDerivedValueToken& valueToken,
+                                              uint64_t apos,
+                                              uint64_t cpos) {
+    auto block = ESCCollection::generateAnchorId(tagToken, apos);
+
+    auto swCipherText = packAndEncrypt(std::tie(kESCNonNullAnchorValuePrefix, cpos), valueToken);
+    uassertStatusOK(swCipherText);
+
+    BSONObjBuilder builder;
+    toBinData(kId, block, &builder);
+    toBinData(kValue, swCipherText.getValue(), &builder);
+    return builder.obj();
+}
+
+BSONObj ESCCollection::generateNullAnchorDocument(const ESCTwiceDerivedTagToken& tagToken,
+                                                  const ESCTwiceDerivedValueToken& valueToken,
+                                                  uint64_t apos,
+                                                  uint64_t cpos) {
+    auto block = ESCCollection::generateNullAnchorId(tagToken);
+
+    auto swCipherText = packAndEncrypt(std::tie(apos, cpos), valueToken);
+    uassertStatusOK(swCipherText);
+
+    BSONObjBuilder builder;
+    toBinData(kId, block, &builder);
+    toBinData(kValue, swCipherText.getValue(), &builder);
+    return builder.obj();
+}
+
 StatusWith<ESCNullDocument> ESCCollection::decryptNullDocument(ESCTwiceDerivedValueToken valueToken,
                                                                BSONObj& doc) {
     return ESCCollection::decryptNullDocument(valueToken, std::move(doc));
@@ -2385,6 +2440,10 @@ StatusWith<ESCDocument> ESCCollection::decryptDocument(ESCTwiceDerivedValueToken
         std::get<0>(value) == kESCompactionRecordValue, std::get<0>(value), std::get<1>(value)};
 }
 
+StatusWith<ESCDocument> ESCCollection::decryptAnchorDocument(
+    const ESCTwiceDerivedValueToken& valueToken, BSONObj& doc) {
+    return ESCCollection::decryptDocument(valueToken, doc);
+}
 
 boost::optional<uint64_t> ESCCollection::emuBinary(const FLEStateCollectionReader& reader,
                                                    ESCTwiceDerivedTagToken tagToken,
author	Erwin Pe <erwin.pe@mongodb.com>	2023-01-24 20:18:31 +0000
committer	Evergreen Agent <no-reply@evergreen.mongodb.com>	2023-01-24 22:28:05 +0000
commit	7f50a907063adeba488bd5e344dc8b94f3865efd (patch)
tree	b0b2684791edfb4acc23b3e0b987a508fa7764b5 /src/mongo/crypto/fle_crypto.cpp
parent	5f0ff89c34be00d956b67a90e51aaaba4e05e393 (diff)
download	mongo-7f50a907063adeba488bd5e344dc8b94f3865efd.tar.gz