diff options
author | Erwin Pe <erwin.pe@mongodb.com> | 2023-01-20 16:16:55 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2023-01-20 17:46:45 +0000 |
commit | 5f8acec6f0b3c591f6d636537d98ff8bd92791f1 (patch) | |
tree | f0065210d57dbd065638253bdae4d8922d5a89f3 /src/mongo/crypto | |
parent | b3126fca432803c0f90de535c814e228599fd51f (diff) | |
download | mongo-5f8acec6f0b3c591f6d636537d98ff8bd92791f1.tar.gz |
SERVER-72906 Create client-side payload types for QE version 2
Diffstat (limited to 'src/mongo/crypto')
-rw-r--r-- | src/mongo/crypto/fle_field_schema.idl | 152 |
1 files changed, 150 insertions, 2 deletions
diff --git a/src/mongo/crypto/fle_field_schema.idl b/src/mongo/crypto/fle_field_schema.idl index 918344b7e17..b23c8982124 100644 --- a/src/mongo/crypto/fle_field_schema.idl +++ b/src/mongo/crypto/fle_field_schema.idl @@ -60,6 +60,15 @@ enums: kFLE2RangeIndexedValue : 9 # see FLE2IndexedRangeEncryptedValue kFLE2FindRangePayload : 10 # see FLE2FindRangePayload + # QE protocol version 2 - client-side payloads + kFLE2InsertUpdatePayloadV2: 11 + kFLE2FindEqualityPayloadV2: 12 + kFLE2FindRangePayloadV2: 13 + + # QE protocol version 2 - server-side payloads + kFLE2EqualityIndexedValueV2: 14 + kFLE2RangeIndexedValueV2: 15 + FleVersion: description: "The version / type of field-level encryption in use." type: int @@ -140,7 +149,7 @@ structs: cpp_name: value FLE2EncryptionPlaceholder: - description: "Implements Encryption BinData (subtype 6) sub-subtype 0, the intent-to-encrypt + description: "Implements Encryption BinData (subtype 6) sub-subtype 3, the intent-to-encrypt mapping. Contains a value to encrypt and a description of how it should be encrypted." strict: true cpp_validator_func: "validateIDLFLE2EncryptionPlaceholder" @@ -198,6 +207,27 @@ structs: type: bindata_generic cpp_name: encryptedTokens + EdgeTokenSetV2: + description: "Payload of an indexed field to insert or update. Version 2" + strict: true + fields: + d: + description: "EDCDerivedFromDataTokenAndCounter" + type: bindata_generic + cpp_name: edcDerivedToken + s: + description: "ESCDerivedFromDataTokenAndCounter" + type: bindata_generic + cpp_name: escDerivedToken + l: + description: "ServerDerivedFromDataToken" + type: bindata_generic + cpp_name: serverDerivedFromDataToken + p: + description: "Encrypted tokens" + type: bindata_generic + cpp_name: encryptedTokens + FLE2InsertUpdatePayload: description: "Payload of an indexed field to insert or update" strict: true @@ -240,6 +270,52 @@ structs: cpp_name: edgeTokenSet optional: true + FLE2InsertUpdatePayloadV2: + description: "Payload of an indexed field to insert or update. Version 2" + strict: true + fields: + d: + description: "EDCDerivedFromDataAndContentionToken" + type: bindata_generic + cpp_name: edcDerivedToken + s: + description: "ESCDerivedFromDataAndContentionToken" + type: bindata_generic + cpp_name: escDerivedToken + p: + description: "Encrypted tokens" + type: bindata_generic + cpp_name: encryptedTokens + u: + description: "Index KeyId" + type: uuid + cpp_name: indexKeyId + t: + description: "Encrypted type" + type: safeInt + cpp_name: type + v: + description: "Encrypted value" + type: bindata_generic + cpp_name: value + e: + description: "ServerDataEncryptionLevel1Token" + type: bindata_generic + cpp_name: serverEncryptionToken + l: + description: "ServerDerivedFromDataToken" + type: bindata_generic + cpp_name: serverDerivedFromDataToken + k: + description: "Randomly sampled contention factor value" + type: long + cpp_name: contentionFactor + g: + description: "Array of Edges" + type: array<EdgeTokenSetV2> + cpp_name: edgeTokenSet + optional: true + FLE2DeletePayload: description: "Payload of an indexed field to delete" strict: true @@ -280,6 +356,27 @@ structs: cpp_name: maxCounter optional: true + FLE2FindEqualityPayloadV2: + description: "Payload for an equality find. Version 2" + strict: true + fields: + d: + description: "EDCDerivedFromDataToken" + type: bindata_generic + cpp_name: edcDerivedToken + s: + description: "ESCDerivedFromDataToken" + type: bindata_generic + cpp_name: escDerivedToken + l: + description: "ServerDerivedFromDataToken" + type: bindata_generic + cpp_name: serverDerivedFromDataToken + cm: + description: "Queryable Encryption max counter" + type: long + cpp_name: maxCounter + EdgeFindTokenSet: description: "Payload of an edge to query for" strict: true @@ -297,8 +394,25 @@ structs: type: bindata_generic cpp_name: eccDerivedToken + EdgeFindTokenSetV2: + description: "Payload of an edge to query for. Version 2" + strict: true + fields: + d: + description: "EDCDerivedFromDataToken" + type: bindata_generic + cpp_name: edcDerivedToken + s: + description: "ESCDerivedFromDataToken" + type: bindata_generic + cpp_name: escDerivedToken + l: + description: "ServerDerivedFromDataToken" + type: bindata_generic + cpp_name: serverDerivedFromDataToken + FLE2FindRangePayloadEdgesInfo: - description: "Tokken information for find range payload." + description: "Token information for find range payload." strict: true fields: g: @@ -314,6 +428,19 @@ structs: type: long cpp_name: maxCounter + FLE2FindRangePayloadEdgesInfoV2: + description: "Token information for find range payload." + strict: true + fields: + g: + description: "Array of Edges" + type: array<EdgeFindTokenSetV2> + cpp_name: edges + cm: + description: "Queryable Encryption max counter" + type: long + cpp_name: maxCounter + FLE2FindRangePayload: description: "Payload for a range find" strict: true @@ -335,6 +462,27 @@ structs: type: Fle2RangeOperator optional: true + FLE2FindRangePayloadV2: + description: "Payload for a range find. Version 2" + strict: true + fields: + payload: + description: "Token information for a find range payload" + type: FLE2FindRangePayloadEdgesInfoV2 + optional: true + payloadId: + description: "Id of payload - must be paired with another payload" + type: safeInt + optional: false + firstOperator: + description: "First query operator for which this payload was generated." + type: Fle2RangeOperator + optional: false + secondOperator: + description: "Second query operator for which this payload was generated. Only populated for two-sided ranges." + type: Fle2RangeOperator + optional: true + EncryptionInformation: description: "Implements Encryption Information which includes the schema for Queryable Encryption that is consumed by query_analysis, queries and write_ops" strict: true |