diff options
author | Erwin Pe <erwin.pe@mongodb.com> | 2023-01-24 20:18:31 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2023-01-24 22:28:05 +0000 |
commit | 7f50a907063adeba488bd5e344dc8b94f3865efd (patch) | |
tree | b0b2684791edfb4acc23b3e0b987a508fa7764b5 /src/mongo/crypto/fle_crypto.cpp | |
parent | 5f0ff89c34be00d956b67a90e51aaaba4e05e393 (diff) | |
download | mongo-7f50a907063adeba488bd5e344dc8b94f3865efd.tar.gz |
SERVER-72913 Implement generate/decrypt functions for new ESC document formats
Diffstat (limited to 'src/mongo/crypto/fle_crypto.cpp')
-rw-r--r-- | src/mongo/crypto/fle_crypto.cpp | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/src/mongo/crypto/fle_crypto.cpp b/src/mongo/crypto/fle_crypto.cpp index 381f453babc..10e1673c1a8 100644 --- a/src/mongo/crypto/fle_crypto.cpp +++ b/src/mongo/crypto/fle_crypto.cpp @@ -139,6 +139,10 @@ constexpr uint64_t kESCNonNullId = 1; constexpr uint64_t KESCInsertRecordValue = 0; constexpr uint64_t kESCompactionRecordValue = std::numeric_limits<uint64_t>::max(); +constexpr uint64_t kESCAnchorId = 0; +constexpr uint64_t kESCNullAnchorPosition = 0; +constexpr uint64_t kESCNonNullAnchorValuePrefix = 0; + constexpr auto kId = "_id"; constexpr auto kValue = "value"; constexpr auto kFieldName = "fieldName"; @@ -2278,6 +2282,19 @@ PrfBlock ESCCollection::generateId(ESCTwiceDerivedTagToken tagToken, } } +PrfBlock ESCCollection::generateNonAnchorId(const ESCTwiceDerivedTagToken& tagToken, + uint64_t cpos) { + return prf(tagToken.data, cpos); +} + +PrfBlock ESCCollection::generateAnchorId(const ESCTwiceDerivedTagToken& tagToken, uint64_t apos) { + return prf(tagToken.data, kESCAnchorId, apos); +} + +PrfBlock ESCCollection::generateNullAnchorId(const ESCTwiceDerivedTagToken& tagToken) { + return ESCCollection::generateAnchorId(tagToken, kESCNullAnchorPosition); +} + BSONObj ESCCollection::generateNullDocument(ESCTwiceDerivedTagToken tagToken, ESCTwiceDerivedValueToken valueToken, uint64_t pos, @@ -2336,6 +2353,44 @@ BSONObj ESCCollection::generateCompactionPlaceholderDocument(ESCTwiceDerivedTagT return builder.obj(); } +BSONObj ESCCollection::generateNonAnchorDocument(const ESCTwiceDerivedTagToken& tagToken, + uint64_t cpos) { + auto block = ESCCollection::generateNonAnchorId(tagToken, cpos); + BSONObjBuilder builder; + toBinData(kId, block, &builder); + return builder.obj(); +} + +BSONObj ESCCollection::generateAnchorDocument(const ESCTwiceDerivedTagToken& tagToken, + const ESCTwiceDerivedValueToken& valueToken, + uint64_t apos, + uint64_t cpos) { + auto block = ESCCollection::generateAnchorId(tagToken, apos); + + auto swCipherText = packAndEncrypt(std::tie(kESCNonNullAnchorValuePrefix, cpos), valueToken); + uassertStatusOK(swCipherText); + + BSONObjBuilder builder; + toBinData(kId, block, &builder); + toBinData(kValue, swCipherText.getValue(), &builder); + return builder.obj(); +} + +BSONObj ESCCollection::generateNullAnchorDocument(const ESCTwiceDerivedTagToken& tagToken, + const ESCTwiceDerivedValueToken& valueToken, + uint64_t apos, + uint64_t cpos) { + auto block = ESCCollection::generateNullAnchorId(tagToken); + + auto swCipherText = packAndEncrypt(std::tie(apos, cpos), valueToken); + uassertStatusOK(swCipherText); + + BSONObjBuilder builder; + toBinData(kId, block, &builder); + toBinData(kValue, swCipherText.getValue(), &builder); + return builder.obj(); +} + StatusWith<ESCNullDocument> ESCCollection::decryptNullDocument(ESCTwiceDerivedValueToken valueToken, BSONObj& doc) { return ESCCollection::decryptNullDocument(valueToken, std::move(doc)); @@ -2385,6 +2440,10 @@ StatusWith<ESCDocument> ESCCollection::decryptDocument(ESCTwiceDerivedValueToken std::get<0>(value) == kESCompactionRecordValue, std::get<0>(value), std::get<1>(value)}; } +StatusWith<ESCDocument> ESCCollection::decryptAnchorDocument( + const ESCTwiceDerivedValueToken& valueToken, BSONObj& doc) { + return ESCCollection::decryptDocument(valueToken, doc); +} boost::optional<uint64_t> ESCCollection::emuBinary(const FLEStateCollectionReader& reader, ESCTwiceDerivedTagToken tagToken, |