1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
/**
* Check the functionality of encrypt and decrypt functions in KeyStore.js
*/
load("jstests/client_encrypt/lib/mock_kms.js");
load('jstests/ssl/libs/ssl_helpers.js');
(function() {
"use strict";
const mock_kms = new MockKMSServer();
mock_kms.start();
const x509_options = {
sslMode: "requireSSL",
sslPEMKeyFile: SERVER_CERT,
sslCAFile: CA_CERT
};
const conn = MongoRunner.runMongod(x509_options);
const test = conn.getDB("test");
const collection = test.coll;
const awsKMS = {
accessKeyId: "access",
secretAccessKey: "secret",
url: mock_kms.getURL(),
};
let localKMS = {
key: BinData(
0,
"tu9jUCBqZdwCelwE/EAm/4WqdxrSMi04B8e9uAV+m30rI1J2nhKZZtQjdvsSCwuI4erR6IEcEK+5eGUAODv43NDNIR9QheT2edWFewUfHKsl9cnzTc86meIzOmYl6drp"),
};
const clientSideFLEOptions = {
kmsProviders: {
aws: awsKMS,
local: localKMS,
},
keyVaultNamespace: "test.coll",
schemaMap: {}
};
const kmsTypes = ["aws", "local"];
const randomAlgorithm = "AEAD_AES_256_CBC_HMAC_SHA_512-Random";
const deterministicAlgorithm = "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic";
const encryptionAlgorithms = [randomAlgorithm, deterministicAlgorithm];
const passTestCases = [
"mongo",
NumberLong(13),
NumberInt(23),
UUID(),
ISODate(),
new Date('December 17, 1995 03:24:00'),
BinData(0, '1234'),
BinData(1, '1234'),
BinData(3, '1234'),
BinData(4, '1234'),
BinData(5, '1234'),
BinData(6, '1234'),
new Timestamp(1, 2),
new ObjectId(),
new DBPointer("mongo", new ObjectId()),
/test/
];
const failDeterministic = [
true,
false,
12,
NumberDecimal(0.1234),
["this is an array"],
{"value": "mongo"},
Code("function() { return true; }")
];
const failTestCases =
[null, undefined, MinKey(), MaxKey(), DBRef("test", "test", "test"), BinData(2, '1234')];
const shell = Mongo(conn.host, clientSideFLEOptions);
const keyVault = shell.getKeyVault();
// Testing for every combination of (kmsType, algorithm, javascriptVariable)
for (const kmsType of kmsTypes) {
for (const encryptionAlgorithm of encryptionAlgorithms) {
collection.drop();
const keyId =
keyVault.createKey(kmsType, "arn:aws:kms:us-east-1:fake:fake:fake", ['mongoKey']);
let pass;
let fail;
if (encryptionAlgorithm === randomAlgorithm) {
pass = [...passTestCases, ...failDeterministic];
fail = failTestCases;
} else if (encryptionAlgorithm === deterministicAlgorithm) {
pass = passTestCases;
fail = [...failTestCases, ...failDeterministic];
}
const clientEncrypt = shell.getClientEncryption();
for (const passTestCase of pass) {
const encPassTestCase = clientEncrypt.encrypt(keyId, passTestCase, encryptionAlgorithm);
assert.eq(passTestCase, clientEncrypt.decrypt(encPassTestCase));
if (encryptionAlgorithm === deterministicAlgorithm) {
assert.eq(encPassTestCase,
clientEncrypt.encrypt(keyId, passTestCase, encryptionAlgorithm));
}
}
for (const failTestCase of fail) {
assert.throws(() => clientEncrypt.encrypt(keyId, failTestCase, encryptionAlgorithm));
}
}
}
MongoRunner.stopMongod(conn);
mock_kms.stop();
}());
|
