From b29081605f71230ce6502515d2d8bb58e2f2eea1 Mon Sep 17 00:00:00 2001 From: Gabriel Marks Date: Mon, 27 Jan 2025 21:13:52 +0000 Subject: [PATCH 01/12] p1 --- src/mc-efc-private.h | 1 + src/mc-efc.c | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/src/mc-efc-private.h b/src/mc-efc-private.h index 5c1979db8..bcf90f16e 100644 --- a/src/mc-efc-private.h +++ b/src/mc-efc-private.h @@ -46,6 +46,7 @@ typedef struct _mc_EncryptedField_t { * for the server IDL definition of EncryptedFieldConfig. */ typedef struct { mc_EncryptedField_t *fields; + uint8_t str_encode_version; } mc_EncryptedFieldConfig_t; /* mc_EncryptedFieldConfig_parse parses a subset of the fields from @efc_bson diff --git a/src/mc-efc.c b/src/mc-efc.c index 342fe9e98..a649253f6 100644 --- a/src/mc-efc.c +++ b/src/mc-efc.c @@ -19,6 +19,7 @@ #include "mlib/str.h" #include "mongocrypt-private.h" #include "mongocrypt-util-private.h" // mc_iter_document_as_bson +#include static bool _parse_query_type_string(const char *queryType, supported_query_type_flags *out) { BSON_ASSERT_PARAM(queryType); @@ -191,6 +192,22 @@ bool mc_EncryptedFieldConfig_parse(mc_EncryptedFieldConfig_t *efc, return false; } } + + if (!bson_iter_init_find(&field_iter, field, "strEncodeVersion")) { + // Set to default of 1. + efc->str_encode_version = 1; + } else { + if (!BSON_ITER_HOLDS_INT32(&iter)) { + CLIENT_ERR("expected 'strEncodeVersion' to be type int32, got: %d", bson_iter_type(&iter)); + return false; + } + int32_t version = bson_iter_int32(&iter); + if (version != 1) { + CLIENT_ERR("expected 'strEncodeVersion' to be equal to 1, got: %d", version); + return false; + } + efc->str_encode_version = (uint8_t)version; + } return true; } From 56a3b0b20147a274295a1cfa228f6da9672c7d76 Mon Sep 17 00:00:00 2001 From: Gabriel Marks Date: Wed, 29 Jan 2025 19:10:06 +0000 Subject: [PATCH 02/12] SERVER-97941 --- src/mc-efc.c | 2 +- src/mongocrypt-ctx-encrypt.c | 12 ++++++++- test/data/efc/efc-oneField-badVersionSet.json | 23 +++++++++++++++++ .../data/efc/efc-oneField-goodVersionSet.json | 23 +++++++++++++++++ test/test-mc-efc.c | 25 +++++++++++++++++++ 5 files changed, 83 insertions(+), 2 deletions(-) create mode 100644 test/data/efc/efc-oneField-badVersionSet.json create mode 100644 test/data/efc/efc-oneField-goodVersionSet.json diff --git a/src/mc-efc.c b/src/mc-efc.c index a649253f6..9ded939d2 100644 --- a/src/mc-efc.c +++ b/src/mc-efc.c @@ -193,7 +193,7 @@ bool mc_EncryptedFieldConfig_parse(mc_EncryptedFieldConfig_t *efc, } } - if (!bson_iter_init_find(&field_iter, field, "strEncodeVersion")) { + if (!bson_iter_init_find(&iter, efc_bson, "strEncodeVersion")) { // Set to default of 1. efc->str_encode_version = 1; } else { diff --git a/src/mongocrypt-ctx-encrypt.c b/src/mongocrypt-ctx-encrypt.c index 6d9e7ce05..fa2dcd88e 100644 --- a/src/mongocrypt-ctx-encrypt.c +++ b/src/mongocrypt-ctx-encrypt.c @@ -27,7 +27,7 @@ #include "mongocrypt.h" /* _fle2_append_encryptedFieldConfig copies encryptedFieldConfig and applies - * default state collection names for escCollection, and ecocCollection if required. */ + * default state collection names for escCollection and ecocCollection, and default strEncodeVersion, if required. */ static bool _fle2_append_encryptedFieldConfig(const mongocrypt_ctx_t *ctx, bson_t *dst, bson_t *encryptedFieldConfig, @@ -36,6 +36,7 @@ static bool _fle2_append_encryptedFieldConfig(const mongocrypt_ctx_t *ctx, bson_iter_t iter; bool has_escCollection = false; bool has_ecocCollection = false; + bool has_strEncodeVersion = false; BSON_ASSERT_PARAM(dst); BSON_ASSERT_PARAM(encryptedFieldConfig); @@ -53,6 +54,9 @@ static bool _fle2_append_encryptedFieldConfig(const mongocrypt_ctx_t *ctx, if (strcmp(bson_iter_key(&iter), "ecocCollection") == 0) { has_ecocCollection = true; } + if (strcmp(bson_iter_key(&iter), "strEncodeVersion") == 0) { + has_strEncodeVersion = true; + } if (!BSON_APPEND_VALUE(dst, bson_iter_key(&iter), bson_iter_value(&iter))) { CLIENT_ERR("unable to append field: %s", bson_iter_key(&iter)); return false; @@ -77,6 +81,12 @@ static bool _fle2_append_encryptedFieldConfig(const mongocrypt_ctx_t *ctx, } bson_free(default_ecocCollection); } + if (!has_strEncodeVersion) { + if (!BSON_APPEND_INT32(dst, "strEncodeVersion", 1)) { + CLIENT_ERR("unable to append strEncodeVersion"); + return false; + } + } return true; } diff --git a/test/data/efc/efc-oneField-badVersionSet.json b/test/data/efc/efc-oneField-badVersionSet.json new file mode 100644 index 000000000..c38ea9690 --- /dev/null +++ b/test/data/efc/efc-oneField-badVersionSet.json @@ -0,0 +1,23 @@ +{ + "escCollection": "fle2.basic.esc", + "ecocCollection": "fle2.basic.ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "firstName", + "bsonType": "string", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ], + "strEncodeVersion": 2 +} diff --git a/test/data/efc/efc-oneField-goodVersionSet.json b/test/data/efc/efc-oneField-goodVersionSet.json new file mode 100644 index 000000000..17b85fdbc --- /dev/null +++ b/test/data/efc/efc-oneField-goodVersionSet.json @@ -0,0 +1,23 @@ +{ + "escCollection": "fle2.basic.esc", + "ecocCollection": "fle2.basic.ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "firstName", + "bsonType": "string", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ], + "strEncodeVersion": 1 +} diff --git a/test/test-mc-efc.c b/test/test-mc-efc.c index 91c7e8752..9877c4473 100644 --- a/test/test-mc-efc.c +++ b/test/test-mc-efc.c @@ -39,6 +39,19 @@ static void _test_efc(_mongocrypt_tester_t *tester) { { _load_test_file(tester, "./test/data/efc/efc-oneField.json", &efc_bson); ASSERT_OK_STATUS(mc_EncryptedFieldConfig_parse(&efc, &efc_bson, status, use_range_v2), status); + ASSERT_CMPUINT8(efc.str_encode_version, ==, 1); + ptr = efc.fields; + ASSERT(ptr); + ASSERT_STREQUAL(ptr->path, "firstName"); + ASSERT_CMPBUF(expect_keyId1, ptr->keyId); + ASSERT(ptr->next == NULL); + mc_EncryptedFieldConfig_cleanup(&efc); + } + + { + _load_test_file(tester, "./test/data/efc/efc-oneField-goodVersionSet.json", &efc_bson); + ASSERT_OK_STATUS(mc_EncryptedFieldConfig_parse(&efc, &efc_bson, status, use_range_v2), status); + ASSERT_CMPUINT8(efc.str_encode_version, ==, 1); ptr = efc.fields; ASSERT(ptr); ASSERT_STREQUAL(ptr->path, "firstName"); @@ -50,6 +63,7 @@ static void _test_efc(_mongocrypt_tester_t *tester) { { _load_test_file(tester, "./test/data/efc/efc-extraField.json", &efc_bson); ASSERT_OK_STATUS(mc_EncryptedFieldConfig_parse(&efc, &efc_bson, status, use_range_v2), status); + ASSERT_CMPUINT8(efc.str_encode_version, ==, 1); ptr = efc.fields; ASSERT(ptr); ASSERT_STREQUAL(ptr->path, "firstName"); @@ -61,6 +75,7 @@ static void _test_efc(_mongocrypt_tester_t *tester) { { _load_test_file(tester, "./test/data/efc/efc-twoFields.json", &efc_bson); ASSERT_OK_STATUS(mc_EncryptedFieldConfig_parse(&efc, &efc_bson, status, use_range_v2), status); + ASSERT_CMPUINT8(efc.str_encode_version, ==, 1); ptr = efc.fields; ASSERT(ptr); ASSERT_STREQUAL(ptr->path, "lastName"); @@ -82,9 +97,19 @@ static void _test_efc(_mongocrypt_tester_t *tester) { _mongocrypt_status_reset(status); } + { + _load_test_file(tester, "./test/data/efc/efc-oneField-badVersionSet.json", &efc_bson); + ASSERT_FAILS_STATUS(mc_EncryptedFieldConfig_parse(&efc, &efc_bson, status, use_range_v2), + status, + "expected 'strEncodeVersion' to be equal to 1"); + mc_EncryptedFieldConfig_cleanup(&efc); + _mongocrypt_status_reset(status); + } + { _load_test_file(tester, "./test/data/efc/efc-textSearchFields.json", &efc_bson); ASSERT_OK_STATUS(mc_EncryptedFieldConfig_parse(&efc, &efc_bson, status, use_range_v2), status); + ASSERT_CMPUINT8(efc.str_encode_version, ==, 1); ptr = efc.fields; ASSERT(ptr); ASSERT_STREQUAL(ptr->path, "lastName"); From 1ba805a33b0b7917734ef1dd7fb8a7f26bd927a0 Mon Sep 17 00:00:00 2001 From: Gabriel Marks Date: Mon, 3 Feb 2025 19:54:01 +0000 Subject: [PATCH 03/12] stuff --- src/mc-efc.c | 8 +- src/mongocrypt-ctx-encrypt.c | 75 +++++- src/mongocrypt-private.h | 4 + .../bypassQueryAnalysis/payload.json | 3 +- .../bulkWrite/simple/cmd-to-mongocryptd.json | 3 +- .../unencrypted/cmd-to-mongocryptd.json | 3 +- .../encrypted-payload-range-v2.json | 3 +- .../success/encrypted-payload-range-v2.json | 3 +- .../dollardb/omitted/cmd-to-mongocryptd.json | 3 +- .../dollardb/omitted/encrypted-payload.json | 3 +- .../preserved/cmd-to-mongocryptd.json | 3 +- .../dollardb/preserved/encrypted-payload.json | 3 +- .../preserved_empty/cmd-to-mongocryptd.json | 3 +- .../data/find-with-encryptionInformation.json | 3 +- .../bad-collinfo.json | 25 ++ .../bad-create-cmd-mongocryptd-reply.json | 52 ++++ .../bad-create-cmd-to-mongocryptd.json | 46 ++++ .../bad-create-cmd.json | 18 ++ .../bad-encrypted-field-config-map.json | 23 ++ .../encrypted-payload.json | 40 +++ .../cmd-to-mongocryptd.json | 46 ++++ .../cmd.json | 18 ++ .../encrypted-field-config-map.json | 25 ++ .../encrypted-payload.json | 18 ++ .../mongocryptd-reply.json | 52 ++++ .../cmd-to-mongocryptd.json | 45 ++++ .../fle2-create-encrypted-collection/cmd.json | 17 ++ .../encrypted-field-config-map.json | 24 ++ .../encrypted-payload.json | 18 ++ .../mongocryptd-reply.json | 51 ++++ test/data/fle2-create/cmd-to-mongocryptd.json | 3 +- .../empty/encrypted-payload-v2.json | 3 +- .../success/encrypted-payload-v2.json | 3 +- .../with-csfle/encrypted-payload.json | 3 +- .../with-mongocryptd/cmd-to-mongocryptd.json | 3 +- .../with-mongocryptd/encrypted-payload.json | 3 +- .../encrypted-payload.json | 3 +- .../cmd-to-mongocryptd.json | 3 +- .../fle2-find-explicit/cmd-to-mongod.json | 3 +- .../date-v2/encrypted-payload.json | 3 +- .../encrypted-payload.json | 3 +- .../decimal128-v2/encrypted-payload.json | 3 +- .../encrypted-payload.json | 3 +- .../double-v2/encrypted-payload.json | 3 +- .../int32-v2/encrypted-payload.json | 3 +- .../int64-v2/encrypted-payload.json | 3 +- .../date-v2/encrypted-payload.json | 3 +- .../encrypted-payload.json | 3 +- .../decimal128-v2/encrypted-payload.json | 3 +- .../encrypted-payload.json | 3 +- .../double-v2/encrypted-payload.json | 3 +- .../int32-v2/encrypted-payload.json | 3 +- .../int64-v2/encrypted-payload.json | 3 +- .../cmd.json | 9 + .../encrypted-field-map.json | 23 ++ .../encrypted-payload.json | 40 +++ .../mongocryptd-reply.json | 50 ++++ .../fle2-insert-v2/encrypted-payload.json | 3 +- .../no-trimFactor/find/encrypted-payload.json | 3 +- .../insert/encrypted-payload.json | 3 +- .../auto-find-int32/encrypted-payload.json | 3 +- .../auto-insert-int32/encrypted-payload.json | 3 +- test/test-mc-efc.c | 10 +- test/test-mongocrypt-ctx-encrypt.c | 247 +++++++++++++++++- 64 files changed, 1049 insertions(+), 52 deletions(-) create mode 100644 test/data/fle2-bad-str-encode-version/bad-collinfo.json create mode 100644 test/data/fle2-bad-str-encode-version/bad-create-cmd-mongocryptd-reply.json create mode 100644 test/data/fle2-bad-str-encode-version/bad-create-cmd-to-mongocryptd.json create mode 100644 test/data/fle2-bad-str-encode-version/bad-create-cmd.json create mode 100644 test/data/fle2-bad-str-encode-version/bad-encrypted-field-config-map.json create mode 100644 test/data/fle2-bad-str-encode-version/encrypted-payload.json create mode 100644 test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json create mode 100644 test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd.json create mode 100644 test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json create mode 100644 test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-payload.json create mode 100644 test/data/fle2-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json create mode 100644 test/data/fle2-create-encrypted-collection/cmd-to-mongocryptd.json create mode 100644 test/data/fle2-create-encrypted-collection/cmd.json create mode 100644 test/data/fle2-create-encrypted-collection/encrypted-field-config-map.json create mode 100644 test/data/fle2-create-encrypted-collection/encrypted-payload.json create mode 100644 test/data/fle2-create-encrypted-collection/mongocryptd-reply.json create mode 100644 test/data/fle2-insert-v2-with-str-encode-version/cmd.json create mode 100644 test/data/fle2-insert-v2-with-str-encode-version/encrypted-field-map.json create mode 100644 test/data/fle2-insert-v2-with-str-encode-version/encrypted-payload.json create mode 100644 test/data/fle2-insert-v2-with-str-encode-version/mongocryptd-reply.json diff --git a/src/mc-efc.c b/src/mc-efc.c index 9ded939d2..c2d4a3c06 100644 --- a/src/mc-efc.c +++ b/src/mc-efc.c @@ -194,16 +194,16 @@ bool mc_EncryptedFieldConfig_parse(mc_EncryptedFieldConfig_t *efc, } if (!bson_iter_init_find(&iter, efc_bson, "strEncodeVersion")) { - // Set to default of 1. - efc->str_encode_version = 1; + // Set to latest. + efc->str_encode_version = LATEST_STR_ENCODE_VERSION; } else { if (!BSON_ITER_HOLDS_INT32(&iter)) { CLIENT_ERR("expected 'strEncodeVersion' to be type int32, got: %d", bson_iter_type(&iter)); return false; } int32_t version = bson_iter_int32(&iter); - if (version != 1) { - CLIENT_ERR("expected 'strEncodeVersion' to be equal to 1, got: %d", version); + if (version > LATEST_STR_ENCODE_VERSION || version < MIN_STR_ENCODE_VERSION) { + CLIENT_ERR("'strEncodeVersion' of %d is not supported", version); return false; } efc->str_encode_version = (uint8_t)version; diff --git a/src/mongocrypt-ctx-encrypt.c b/src/mongocrypt-ctx-encrypt.c index fa2dcd88e..75ce56614 100644 --- a/src/mongocrypt-ctx-encrypt.c +++ b/src/mongocrypt-ctx-encrypt.c @@ -22,6 +22,7 @@ #include "mongocrypt-ctx-private.h" #include "mongocrypt-key-broker-private.h" #include "mongocrypt-marking-private.h" +#include "mongocrypt-private.h" #include "mongocrypt-traverse-util-private.h" #include "mongocrypt-util-private.h" // mc_iter_document_as_bson #include "mongocrypt.h" @@ -82,7 +83,7 @@ static bool _fle2_append_encryptedFieldConfig(const mongocrypt_ctx_t *ctx, bson_free(default_ecocCollection); } if (!has_strEncodeVersion) { - if (!BSON_APPEND_INT32(dst, "strEncodeVersion", 1)) { + if (!BSON_APPEND_INT32(dst, "strEncodeVersion", LATEST_STR_ENCODE_VERSION)) { CLIENT_ERR("unable to append strEncodeVersion"); return false; } @@ -1443,6 +1444,67 @@ _fle2_strip_encryptionInformation(const char *cmd_name, bson_t *cmd /* in and ou return ok; } +/* + * Parses and re-serializes "encryptedFields" field for "create" commands. + */ +static bool +_fle2_fixup_encryptedFields(const char *cmd_name, bson_t *cmd /* in and out */, mongocrypt_status_t *status) { + BSON_ASSERT_PARAM(cmd_name); + BSON_ASSERT_PARAM(cmd); + + if (0 == strcmp(cmd_name, "create")) { + bson_iter_t ef_iter; + if (!bson_iter_init_find(&ef_iter, cmd, "encryptedFields")) { + // No encryptedFields, this is fine + return true; + } + bson_iter_t sev_iter; + if (!bson_iter_init(&sev_iter, cmd)) { + CLIENT_ERR("Failed to initialize bson_iter in fixup_encryptedFields"); + return false; + } + if (!bson_iter_find_descendant(&sev_iter, "encryptedFields.strEncodeVersion", &sev_iter)) { + // No strEncodeVersion, add it + bson_t fixed = BSON_INITIALIZER; + bson_copy_to_excluding_noinit(cmd, &fixed, "encryptedFields", NULL); + bson_t ef; + bson_t fixed_ef; + const uint8_t *data; + uint32_t len; + BSON_ASSERT(BSON_ITER_HOLDS_DOCUMENT(&ef_iter)); + bson_iter_document(&ef_iter, &len, &data); + bson_init_static(&ef, data, len); + bson_copy_to(&ef, &fixed_ef); + if (!BSON_APPEND_INT32(&fixed_ef, "strEncodeVersion", LATEST_STR_ENCODE_VERSION)) { + CLIENT_ERR("Failed to append strEncodeVersion in fixup_encryptedFields"); + return false; + } + if (!BSON_APPEND_DOCUMENT(&fixed, "encryptedFields", &fixed_ef)) { + CLIENT_ERR("Failed to append encryptedFields in fixup_encryptedFields"); + return false; + } + bson_destroy(cmd); + if (!bson_steal(cmd, &fixed)) { + CLIENT_ERR("Failed to steal BSON in fixup_encryptedFields"); + bson_destroy(&fixed); + return false; + } + return true; + } else { + if (!BSON_ITER_HOLDS_INT32(&sev_iter)) { + CLIENT_ERR("expected 'strEncodeVersion' to be type int32, got: %d", bson_iter_type(&sev_iter)); + return false; + } + int32_t version = bson_iter_int32(&sev_iter); + if (version > LATEST_STR_ENCODE_VERSION || version < MIN_STR_ENCODE_VERSION) { + CLIENT_ERR("'strEncodeVersion' of %d is not supported", version); + return false; + } + } + } + return true; +} + /* Process a call to mongocrypt_ctx_finalize when an encryptedFieldConfig is * associated with the command. */ static bool _fle2_finalize(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) { @@ -1515,6 +1577,17 @@ static bool _fle2_finalize(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) { return _mongocrypt_ctx_fail(ctx); } + { + char *json = bson_as_canonical_extended_json(&converted, NULL); + fprintf(stderr, "converted: %s\n", json); + bson_free(json); + } + + if (!_fle2_fixup_encryptedFields(command_name, &converted, ctx->status)) { + bson_destroy(&converted); + return _mongocrypt_ctx_fail(ctx); + } + /* Append a new 'encryptionInformation'. */ if (!result.must_omit && !ectx->used_empty_encryptedFields) { if (!_fle2_insert_encryptionInformation(ctx, diff --git a/src/mongocrypt-private.h b/src/mongocrypt-private.h index 9ae0c5d32..45efac68d 100644 --- a/src/mongocrypt-private.h +++ b/src/mongocrypt-private.h @@ -49,6 +49,10 @@ #define MONGOCRYPT_DATA_AND_LEN(x) ((uint8_t *)x), (sizeof(x) / sizeof((x)[0]) - 1) +#define LATEST_STR_ENCODE_VERSION 1 + +#define MIN_STR_ENCODE_VERSION 1 + /* TODO: Move these to mongocrypt-log-private.h? */ const char *tmp_json(const bson_t *bson); diff --git a/test/data/bulkWrite/bypassQueryAnalysis/payload.json b/test/data/bulkWrite/bypassQueryAnalysis/payload.json index 97124c5e4..a12305f64 100644 --- a/test/data/bulkWrite/bypassQueryAnalysis/payload.json +++ b/test/data/bulkWrite/bypassQueryAnalysis/payload.json @@ -44,7 +44,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/bulkWrite/simple/cmd-to-mongocryptd.json b/test/data/bulkWrite/simple/cmd-to-mongocryptd.json index 7d01df750..ef45cad83 100644 --- a/test/data/bulkWrite/simple/cmd-to-mongocryptd.json +++ b/test/data/bulkWrite/simple/cmd-to-mongocryptd.json @@ -41,7 +41,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/bulkWrite/unencrypted/cmd-to-mongocryptd.json b/test/data/bulkWrite/unencrypted/cmd-to-mongocryptd.json index 46f8792de..c9ad91dbf 100644 --- a/test/data/bulkWrite/unencrypted/cmd-to-mongocryptd.json +++ b/test/data/bulkWrite/unencrypted/cmd-to-mongocryptd.json @@ -21,7 +21,8 @@ "db.test": { "escCollection": "enxcol_.test.esc", "ecocCollection": "enxcol_.test.ecoc", - "fields": [] + "fields": [], + "strEncodeVersion": 1 } } } diff --git a/test/data/compact/anchor-pad/encrypted-payload-range-v2.json b/test/data/compact/anchor-pad/encrypted-payload-range-v2.json index 7f9712960..5b600ab69 100644 --- a/test/data/compact/anchor-pad/encrypted-payload-range-v2.json +++ b/test/data/compact/anchor-pad/encrypted-payload-range-v2.json @@ -63,7 +63,8 @@ "sparsity": 1 } } - ] + ], + "strEncodeVersion": 1 } } }, diff --git a/test/data/compact/success/encrypted-payload-range-v2.json b/test/data/compact/success/encrypted-payload-range-v2.json index 9ebc76361..508bb720b 100644 --- a/test/data/compact/success/encrypted-payload-range-v2.json +++ b/test/data/compact/success/encrypted-payload-range-v2.json @@ -62,7 +62,8 @@ "sparsity": 1 } } - ] + ], + "strEncodeVersion": 1 } } }, diff --git a/test/data/dollardb/omitted/cmd-to-mongocryptd.json b/test/data/dollardb/omitted/cmd-to-mongocryptd.json index c874759f8..bcc3724c7 100644 --- a/test/data/dollardb/omitted/cmd-to-mongocryptd.json +++ b/test/data/dollardb/omitted/cmd-to-mongocryptd.json @@ -26,7 +26,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/dollardb/omitted/encrypted-payload.json b/test/data/dollardb/omitted/encrypted-payload.json index 5809af0c3..1446448e6 100644 --- a/test/data/dollardb/omitted/encrypted-payload.json +++ b/test/data/dollardb/omitted/encrypted-payload.json @@ -31,7 +31,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/dollardb/preserved/cmd-to-mongocryptd.json b/test/data/dollardb/preserved/cmd-to-mongocryptd.json index c874759f8..bcc3724c7 100644 --- a/test/data/dollardb/preserved/cmd-to-mongocryptd.json +++ b/test/data/dollardb/preserved/cmd-to-mongocryptd.json @@ -26,7 +26,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/dollardb/preserved/encrypted-payload.json b/test/data/dollardb/preserved/encrypted-payload.json index e91d5f859..a23d34e02 100644 --- a/test/data/dollardb/preserved/encrypted-payload.json +++ b/test/data/dollardb/preserved/encrypted-payload.json @@ -31,7 +31,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } }, diff --git a/test/data/dollardb/preserved_empty/cmd-to-mongocryptd.json b/test/data/dollardb/preserved_empty/cmd-to-mongocryptd.json index 68d66b758..9aa737a9a 100644 --- a/test/data/dollardb/preserved_empty/cmd-to-mongocryptd.json +++ b/test/data/dollardb/preserved_empty/cmd-to-mongocryptd.json @@ -9,7 +9,8 @@ "db.test": { "escCollection": "esc", "ecocCollection": "ecoc", - "fields": [] + "fields": [], + "strEncodeVersion": 1 } } } diff --git a/test/data/find-with-encryptionInformation.json b/test/data/find-with-encryptionInformation.json index b6a4a5f22..e0739e533 100644 --- a/test/data/find-with-encryptionInformation.json +++ b/test/data/find-with-encryptionInformation.json @@ -8,7 +8,8 @@ "db.coll": { "fields": [], "escCollection": "enxcol_.coll.esc", - "ecocCollection": "enxcol_.coll.ecoc" + "ecocCollection": "enxcol_.coll.ecoc", + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-bad-str-encode-version/bad-collinfo.json b/test/data/fle2-bad-str-encode-version/bad-collinfo.json new file mode 100644 index 000000000..25424cee1 --- /dev/null +++ b/test/data/fle2-bad-str-encode-version/bad-collinfo.json @@ -0,0 +1,25 @@ +{ + "options": { + "encryptedFields": { + "escCollection": "fle2.test.esc", + "ecocCollection": "fle2.test.ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "ssn", + "bsonType": "string", + "queries": { + "queryType": "equality", + "contention": 0 + } + } + ], + "strEncodeVersion": 99 + } + } +} \ No newline at end of file diff --git a/test/data/fle2-bad-str-encode-version/bad-create-cmd-mongocryptd-reply.json b/test/data/fle2-bad-str-encode-version/bad-create-cmd-mongocryptd-reply.json new file mode 100644 index 000000000..1e254f335 --- /dev/null +++ b/test/data/fle2-bad-str-encode-version/bad-create-cmd-mongocryptd-reply.json @@ -0,0 +1,52 @@ +{ + "ok": { + "$numberInt": "1" + }, + "result": { + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ], + "strEncodeVersion": 99 + }, + "encryptionInformation": { + "type": 1, + "schema": { + "db.coll": { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "escCollection": "esc", + "ecocCollection": "ecoc", + "fields": [ + { + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ], + "strEncodeVersion": 1 + } + } + } + }, + "hasEncryptedPlaceholders": false +} \ No newline at end of file diff --git a/test/data/fle2-bad-str-encode-version/bad-create-cmd-to-mongocryptd.json b/test/data/fle2-bad-str-encode-version/bad-create-cmd-to-mongocryptd.json new file mode 100644 index 000000000..b624241e3 --- /dev/null +++ b/test/data/fle2-bad-str-encode-version/bad-create-cmd-to-mongocryptd.json @@ -0,0 +1,46 @@ +{ + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ], + "strEncodeVersion": 99 + }, + "encryptionInformation": { + "type": 1, + "schema": { + "db.coll": { + "escCollection": "esc", + "ecocCollection": "ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ], + "strEncodeVersion": 1 + } + } + } +} diff --git a/test/data/fle2-bad-str-encode-version/bad-create-cmd.json b/test/data/fle2-bad-str-encode-version/bad-create-cmd.json new file mode 100644 index 000000000..e00361dad --- /dev/null +++ b/test/data/fle2-bad-str-encode-version/bad-create-cmd.json @@ -0,0 +1,18 @@ +{ + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ], + "strEncodeVersion": 99 + } +} \ No newline at end of file diff --git a/test/data/fle2-bad-str-encode-version/bad-encrypted-field-config-map.json b/test/data/fle2-bad-str-encode-version/bad-encrypted-field-config-map.json new file mode 100644 index 000000000..192455287 --- /dev/null +++ b/test/data/fle2-bad-str-encode-version/bad-encrypted-field-config-map.json @@ -0,0 +1,23 @@ +{ + "db.test": { + "escCollection": "fle2.test.esc", + "ecocCollection": "fle2.test.ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "ssn", + "bsonType": "string", + "queries": { + "queryType": "equality", + "contention": 0 + } + } + ], + "strEncodeVersion": 99 + } +} \ No newline at end of file diff --git a/test/data/fle2-bad-str-encode-version/encrypted-payload.json b/test/data/fle2-bad-str-encode-version/encrypted-payload.json new file mode 100644 index 000000000..e8a27cf54 --- /dev/null +++ b/test/data/fle2-bad-str-encode-version/encrypted-payload.json @@ -0,0 +1,40 @@ +{ + "insert": "test", + "documents": [ + { + "_id": 1, + "ssn": { + "$binary": { + "base64": "C18BAAAFZAAgAAAAAHb62aV7+mqmaGcotPLdG3KP7S8diFwWMLM/5rYtqLrEBXMAIAAAAAAVJ6OWHRv3OtCozHpt3ZzfBhaxZirLv3B+G8PuaaO4EgVwADAAAAAAx0PWdXaep4jV5cRA2yQN+ULLwjv8e++oMonpfGOGs9BZ0uqPP7waiwZSwHsDx57+BXUAEAAAAAQSNFZ4EjSYdhI0EjRWeJASEHQAAgAAAAV2AFAAAAAAq83vqxI0mHYSNBI0VniQEkzZZBBDgeZh+h+gXEmOrSHYikH9u4e644rfZY9N9UQR4h76qKAmcbo43utRcXMQy+FXXIxSuNntFHZHTcNJhJoFZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsBWwAIAAAAABpn2zcb7jOd/FK3F45nBxnLU6HOMwZzmGOZ0w35v/DqRJrAAAAAAAAAAAAAA==", + "subType": "06" + } + } + } + ], + "encryptionInformation": { + "type": 1, + "schema": { + "db.test": { + "escCollection": "fle2.test.esc", + "ecocCollection": "fle2.test.ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "ssn", + "bsonType": "string", + "queries": { + "queryType": "equality", + "contention": 0 + } + } + ], + "strEncodeVersion": 1 + } + } + } +} diff --git a/test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json b/test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json new file mode 100644 index 000000000..5b87904f3 --- /dev/null +++ b/test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json @@ -0,0 +1,46 @@ +{ + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ], + "strEncodeVersion": 1 + }, + "encryptionInformation": { + "type": 1, + "schema": { + "db.coll": { + "escCollection": "esc", + "ecocCollection": "ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ], + "strEncodeVersion": 1 + } + } + } +} diff --git a/test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd.json b/test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd.json new file mode 100644 index 000000000..3ebff7d9e --- /dev/null +++ b/test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd.json @@ -0,0 +1,18 @@ +{ + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ], + "strEncodeVersion": 1 + } +} \ No newline at end of file diff --git a/test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json b/test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json new file mode 100644 index 000000000..137d5f640 --- /dev/null +++ b/test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json @@ -0,0 +1,25 @@ +{ + "db.coll": { + "escCollection": "esc", + "ecocCollection": "ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ], + "strEncodeVersion": 1 + } +} diff --git a/test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-payload.json b/test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-payload.json new file mode 100644 index 000000000..3ebff7d9e --- /dev/null +++ b/test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-payload.json @@ -0,0 +1,18 @@ +{ + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ], + "strEncodeVersion": 1 + } +} \ No newline at end of file diff --git a/test/data/fle2-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json b/test/data/fle2-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json new file mode 100644 index 000000000..6ba6123d7 --- /dev/null +++ b/test/data/fle2-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json @@ -0,0 +1,52 @@ +{ + "ok": { + "$numberInt": "1" + }, + "result": { + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ], + "strEncodeVersion": 1 + }, + "encryptionInformation": { + "type": 1, + "schema": { + "db.coll": { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "escCollection": "esc", + "ecocCollection": "ecoc", + "fields": [ + { + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ], + "strEncodeVersion": 1 + } + } + } + }, + "hasEncryptedPlaceholders": false +} \ No newline at end of file diff --git a/test/data/fle2-create-encrypted-collection/cmd-to-mongocryptd.json b/test/data/fle2-create-encrypted-collection/cmd-to-mongocryptd.json new file mode 100644 index 000000000..b9f5c98e2 --- /dev/null +++ b/test/data/fle2-create-encrypted-collection/cmd-to-mongocryptd.json @@ -0,0 +1,45 @@ +{ + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ] + }, + "encryptionInformation": { + "type": 1, + "schema": { + "db.coll": { + "escCollection": "esc", + "ecocCollection": "ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ], + "strEncodeVersion": 1 + } + } + } +} diff --git a/test/data/fle2-create-encrypted-collection/cmd.json b/test/data/fle2-create-encrypted-collection/cmd.json new file mode 100644 index 000000000..7007d2b2c --- /dev/null +++ b/test/data/fle2-create-encrypted-collection/cmd.json @@ -0,0 +1,17 @@ +{ + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ] + } +} \ No newline at end of file diff --git a/test/data/fle2-create-encrypted-collection/encrypted-field-config-map.json b/test/data/fle2-create-encrypted-collection/encrypted-field-config-map.json new file mode 100644 index 000000000..92608c3a9 --- /dev/null +++ b/test/data/fle2-create-encrypted-collection/encrypted-field-config-map.json @@ -0,0 +1,24 @@ +{ + "db.coll": { + "escCollection": "esc", + "ecocCollection": "ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ] + } +} diff --git a/test/data/fle2-create-encrypted-collection/encrypted-payload.json b/test/data/fle2-create-encrypted-collection/encrypted-payload.json new file mode 100644 index 000000000..3ebff7d9e --- /dev/null +++ b/test/data/fle2-create-encrypted-collection/encrypted-payload.json @@ -0,0 +1,18 @@ +{ + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ], + "strEncodeVersion": 1 + } +} \ No newline at end of file diff --git a/test/data/fle2-create-encrypted-collection/mongocryptd-reply.json b/test/data/fle2-create-encrypted-collection/mongocryptd-reply.json new file mode 100644 index 000000000..58611cc5d --- /dev/null +++ b/test/data/fle2-create-encrypted-collection/mongocryptd-reply.json @@ -0,0 +1,51 @@ +{ + "ok": { + "$numberInt": "1" + }, + "result": { + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ] + }, + "encryptionInformation": { + "type": 1, + "schema": { + "db.coll": { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "escCollection": "esc", + "ecocCollection": "ecoc", + "fields": [ + { + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ], + "strEncodeVersion": 1 + } + } + } + }, + "hasEncryptedPlaceholders": false +} \ No newline at end of file diff --git a/test/data/fle2-create/cmd-to-mongocryptd.json b/test/data/fle2-create/cmd-to-mongocryptd.json index 99eaa70e8..48a9f14cd 100644 --- a/test/data/fle2-create/cmd-to-mongocryptd.json +++ b/test/data/fle2-create/cmd-to-mongocryptd.json @@ -6,7 +6,8 @@ "db.coll": { "escCollection": "esc", "ecocCollection": "ecoc", - "fields": [] + "fields": [], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-delete/empty/encrypted-payload-v2.json b/test/data/fle2-delete/empty/encrypted-payload-v2.json index 7e177ad90..a4a9be093 100644 --- a/test/data/fle2-delete/empty/encrypted-payload-v2.json +++ b/test/data/fle2-delete/empty/encrypted-payload-v2.json @@ -51,7 +51,8 @@ "path": "nested.notindexed", "bsonType": "string" } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-delete/success/encrypted-payload-v2.json b/test/data/fle2-delete/success/encrypted-payload-v2.json index c30997477..4af078433 100644 --- a/test/data/fle2-delete/success/encrypted-payload-v2.json +++ b/test/data/fle2-delete/success/encrypted-payload-v2.json @@ -58,7 +58,8 @@ "path": "nested.notindexed", "bsonType": "string" } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-explain/with-csfle/encrypted-payload.json b/test/data/fle2-explain/with-csfle/encrypted-payload.json index b9c754476..c0ad1d40a 100644 --- a/test/data/fle2-explain/with-csfle/encrypted-payload.json +++ b/test/data/fle2-explain/with-csfle/encrypted-payload.json @@ -36,7 +36,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-explain/with-mongocryptd/cmd-to-mongocryptd.json b/test/data/fle2-explain/with-mongocryptd/cmd-to-mongocryptd.json index d5ea3094a..334891af3 100644 --- a/test/data/fle2-explain/with-mongocryptd/cmd-to-mongocryptd.json +++ b/test/data/fle2-explain/with-mongocryptd/cmd-to-mongocryptd.json @@ -28,7 +28,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-explain/with-mongocryptd/encrypted-payload.json b/test/data/fle2-explain/with-mongocryptd/encrypted-payload.json index 6193d870d..a57499196 100644 --- a/test/data/fle2-explain/with-mongocryptd/encrypted-payload.json +++ b/test/data/fle2-explain/with-mongocryptd/encrypted-payload.json @@ -32,7 +32,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-find-equality-v2/encrypted-payload.json b/test/data/fle2-find-equality-v2/encrypted-payload.json index 1bd24683a..2018f4a8b 100644 --- a/test/data/fle2-find-equality-v2/encrypted-payload.json +++ b/test/data/fle2-find-equality-v2/encrypted-payload.json @@ -33,7 +33,8 @@ "contention": 0 } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-find-explicit/cmd-to-mongocryptd.json b/test/data/fle2-find-explicit/cmd-to-mongocryptd.json index a447d615b..ebca5e166 100644 --- a/test/data/fle2-find-explicit/cmd-to-mongocryptd.json +++ b/test/data/fle2-find-explicit/cmd-to-mongocryptd.json @@ -16,7 +16,8 @@ "db.coll": { "fields": [], "escCollection": "enxcol_.coll.esc", - "ecocCollection": "enxcol_.coll.ecoc" + "ecocCollection": "enxcol_.coll.ecoc", + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-find-explicit/cmd-to-mongod.json b/test/data/fle2-find-explicit/cmd-to-mongod.json index a447d615b..ebca5e166 100644 --- a/test/data/fle2-find-explicit/cmd-to-mongod.json +++ b/test/data/fle2-find-explicit/cmd-to-mongod.json @@ -16,7 +16,8 @@ "db.coll": { "fields": [], "escCollection": "enxcol_.coll.esc", - "ecocCollection": "enxcol_.coll.ecoc" + "ecocCollection": "enxcol_.coll.ecoc", + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-find-range/date-v2/encrypted-payload.json b/test/data/fle2-find-range/date-v2/encrypted-payload.json index 903ab0c08..dff4f121f 100644 --- a/test/data/fle2-find-range/date-v2/encrypted-payload.json +++ b/test/data/fle2-find-range/date-v2/encrypted-payload.json @@ -34,7 +34,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-find-range/decimal128-precision-v2/encrypted-payload.json b/test/data/fle2-find-range/decimal128-precision-v2/encrypted-payload.json index 73920aed8..9e6129936 100644 --- a/test/data/fle2-find-range/decimal128-precision-v2/encrypted-payload.json +++ b/test/data/fle2-find-range/decimal128-precision-v2/encrypted-payload.json @@ -43,7 +43,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-find-range/decimal128-v2/encrypted-payload.json b/test/data/fle2-find-range/decimal128-v2/encrypted-payload.json index e2e5329a8..ab296f166 100644 --- a/test/data/fle2-find-range/decimal128-v2/encrypted-payload.json +++ b/test/data/fle2-find-range/decimal128-v2/encrypted-payload.json @@ -34,7 +34,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-find-range/double-precision-v2/encrypted-payload.json b/test/data/fle2-find-range/double-precision-v2/encrypted-payload.json index 40d3fdc47..9f8c3ad84 100644 --- a/test/data/fle2-find-range/double-precision-v2/encrypted-payload.json +++ b/test/data/fle2-find-range/double-precision-v2/encrypted-payload.json @@ -37,7 +37,8 @@ "precision": 2 } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-find-range/double-v2/encrypted-payload.json b/test/data/fle2-find-range/double-v2/encrypted-payload.json index a72dfacc1..984ced20d 100644 --- a/test/data/fle2-find-range/double-v2/encrypted-payload.json +++ b/test/data/fle2-find-range/double-v2/encrypted-payload.json @@ -34,7 +34,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-find-range/int32-v2/encrypted-payload.json b/test/data/fle2-find-range/int32-v2/encrypted-payload.json index c28ed3e15..94cf2f15e 100644 --- a/test/data/fle2-find-range/int32-v2/encrypted-payload.json +++ b/test/data/fle2-find-range/int32-v2/encrypted-payload.json @@ -34,7 +34,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-find-range/int64-v2/encrypted-payload.json b/test/data/fle2-find-range/int64-v2/encrypted-payload.json index d35ddce01..a82c3f3cd 100644 --- a/test/data/fle2-find-range/int64-v2/encrypted-payload.json +++ b/test/data/fle2-find-range/int64-v2/encrypted-payload.json @@ -34,7 +34,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-insert-range/date-v2/encrypted-payload.json b/test/data/fle2-insert-range/date-v2/encrypted-payload.json index d12ed4a1e..7135ff25b 100644 --- a/test/data/fle2-insert-range/date-v2/encrypted-payload.json +++ b/test/data/fle2-insert-range/date-v2/encrypted-payload.json @@ -37,7 +37,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-insert-range/decimal128-precision-v2/encrypted-payload.json b/test/data/fle2-insert-range/decimal128-precision-v2/encrypted-payload.json index e96bc2ad0..a2bf9a573 100644 --- a/test/data/fle2-insert-range/decimal128-precision-v2/encrypted-payload.json +++ b/test/data/fle2-insert-range/decimal128-precision-v2/encrypted-payload.json @@ -46,7 +46,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-insert-range/decimal128-v2/encrypted-payload.json b/test/data/fle2-insert-range/decimal128-v2/encrypted-payload.json index 48c5dd86f..983f086cf 100644 --- a/test/data/fle2-insert-range/decimal128-v2/encrypted-payload.json +++ b/test/data/fle2-insert-range/decimal128-v2/encrypted-payload.json @@ -37,7 +37,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-insert-range/double-precision-v2/encrypted-payload.json b/test/data/fle2-insert-range/double-precision-v2/encrypted-payload.json index e4f3bb3f3..832ea9c88 100644 --- a/test/data/fle2-insert-range/double-precision-v2/encrypted-payload.json +++ b/test/data/fle2-insert-range/double-precision-v2/encrypted-payload.json @@ -40,7 +40,8 @@ "precision": 2 } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-insert-range/double-v2/encrypted-payload.json b/test/data/fle2-insert-range/double-v2/encrypted-payload.json index 23dbb35d6..f08ddad80 100644 --- a/test/data/fle2-insert-range/double-v2/encrypted-payload.json +++ b/test/data/fle2-insert-range/double-v2/encrypted-payload.json @@ -37,7 +37,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-insert-range/int32-v2/encrypted-payload.json b/test/data/fle2-insert-range/int32-v2/encrypted-payload.json index c6d791e23..bd06cd490 100644 --- a/test/data/fle2-insert-range/int32-v2/encrypted-payload.json +++ b/test/data/fle2-insert-range/int32-v2/encrypted-payload.json @@ -37,7 +37,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-insert-range/int64-v2/encrypted-payload.json b/test/data/fle2-insert-range/int64-v2/encrypted-payload.json index 7c42ae92d..1e73c9214 100644 --- a/test/data/fle2-insert-range/int64-v2/encrypted-payload.json +++ b/test/data/fle2-insert-range/int64-v2/encrypted-payload.json @@ -37,7 +37,8 @@ } } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/fle2-insert-v2-with-str-encode-version/cmd.json b/test/data/fle2-insert-v2-with-str-encode-version/cmd.json new file mode 100644 index 000000000..ca12d021d --- /dev/null +++ b/test/data/fle2-insert-v2-with-str-encode-version/cmd.json @@ -0,0 +1,9 @@ +{ + "insert": "test", + "documents": [ + { + "_id": 1, + "ssn": "value123" + } + ] +} \ No newline at end of file diff --git a/test/data/fle2-insert-v2-with-str-encode-version/encrypted-field-map.json b/test/data/fle2-insert-v2-with-str-encode-version/encrypted-field-map.json new file mode 100644 index 000000000..e3f02f231 --- /dev/null +++ b/test/data/fle2-insert-v2-with-str-encode-version/encrypted-field-map.json @@ -0,0 +1,23 @@ +{ + "db.test": { + "escCollection": "fle2.test.esc", + "ecocCollection": "fle2.test.ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "ssn", + "bsonType": "string", + "queries": { + "queryType": "equality", + "contention": 0 + } + } + ], + "strEncodeVersion": 1 + } +} \ No newline at end of file diff --git a/test/data/fle2-insert-v2-with-str-encode-version/encrypted-payload.json b/test/data/fle2-insert-v2-with-str-encode-version/encrypted-payload.json new file mode 100644 index 000000000..e8a27cf54 --- /dev/null +++ b/test/data/fle2-insert-v2-with-str-encode-version/encrypted-payload.json @@ -0,0 +1,40 @@ +{ + "insert": "test", + "documents": [ + { + "_id": 1, + "ssn": { + "$binary": { + "base64": "C18BAAAFZAAgAAAAAHb62aV7+mqmaGcotPLdG3KP7S8diFwWMLM/5rYtqLrEBXMAIAAAAAAVJ6OWHRv3OtCozHpt3ZzfBhaxZirLv3B+G8PuaaO4EgVwADAAAAAAx0PWdXaep4jV5cRA2yQN+ULLwjv8e++oMonpfGOGs9BZ0uqPP7waiwZSwHsDx57+BXUAEAAAAAQSNFZ4EjSYdhI0EjRWeJASEHQAAgAAAAV2AFAAAAAAq83vqxI0mHYSNBI0VniQEkzZZBBDgeZh+h+gXEmOrSHYikH9u4e644rfZY9N9UQR4h76qKAmcbo43utRcXMQy+FXXIxSuNntFHZHTcNJhJoFZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsBWwAIAAAAABpn2zcb7jOd/FK3F45nBxnLU6HOMwZzmGOZ0w35v/DqRJrAAAAAAAAAAAAAA==", + "subType": "06" + } + } + } + ], + "encryptionInformation": { + "type": 1, + "schema": { + "db.test": { + "escCollection": "fle2.test.esc", + "ecocCollection": "fle2.test.ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "ssn", + "bsonType": "string", + "queries": { + "queryType": "equality", + "contention": 0 + } + } + ], + "strEncodeVersion": 1 + } + } + } +} diff --git a/test/data/fle2-insert-v2-with-str-encode-version/mongocryptd-reply.json b/test/data/fle2-insert-v2-with-str-encode-version/mongocryptd-reply.json new file mode 100644 index 000000000..7751c33f6 --- /dev/null +++ b/test/data/fle2-insert-v2-with-str-encode-version/mongocryptd-reply.json @@ -0,0 +1,50 @@ +{ + "ok": { + "$numberInt": "1" + }, + "result": { + "insert": "test", + "documents": [ + { + "_id": 1, + "ssn": { + "$binary": { + "base64": "A2EAAAAQdAABAAAAEGEAAgAAAAVraQAQAAAABBI0VngSNJh2EjQSNFZ4kBIFa3UAEAAAAASrze+rEjSYdhI0EjRWeJASAnYACQAAAHZhbHVlMTIzABJjbQAAAAAAAAAAAAA=", + "subType": "06" + } + } + } + ], + "encryptionInformation": { + "type": { + "$numberInt": "1" + }, + "schema": { + "db.test": { + "escCollection": "fle2.test.esc", + "ecocCollection": "fle2.test.ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "ssn", + "bsonType": "string", + "queries": { + "queryType": "equality", + "contention": { + "$numberInt": "0" + } + } + } + ], + "strEncodeVersion": 1 + } + } + } + }, + "hasEncryptedPlaceholders": true +} \ No newline at end of file diff --git a/test/data/fle2-insert-v2/encrypted-payload.json b/test/data/fle2-insert-v2/encrypted-payload.json index fa84a6bec..e8a27cf54 100644 --- a/test/data/fle2-insert-v2/encrypted-payload.json +++ b/test/data/fle2-insert-v2/encrypted-payload.json @@ -32,7 +32,8 @@ "contention": 0 } } - ] + ], + "strEncodeVersion": 1 } } } diff --git a/test/data/no-trimFactor/find/encrypted-payload.json b/test/data/no-trimFactor/find/encrypted-payload.json index 0dce092b6..9ca27b124 100644 --- a/test/data/no-trimFactor/find/encrypted-payload.json +++ b/test/data/no-trimFactor/find/encrypted-payload.json @@ -55,7 +55,8 @@ } ], "escCollection": "enxcol_.test.esc", - "ecocCollection": "enxcol_.test.ecoc" + "ecocCollection": "enxcol_.test.ecoc", + "strEncodeVersion": 1 } } } diff --git a/test/data/no-trimFactor/insert/encrypted-payload.json b/test/data/no-trimFactor/insert/encrypted-payload.json index 722f052b2..4254a12db 100644 --- a/test/data/no-trimFactor/insert/encrypted-payload.json +++ b/test/data/no-trimFactor/insert/encrypted-payload.json @@ -33,7 +33,8 @@ } ], "escCollection": "enxcol_.test.esc", - "ecocCollection": "enxcol_.test.ecoc" + "ecocCollection": "enxcol_.test.ecoc", + "strEncodeVersion": 1 } } } diff --git a/test/data/range-sends-cryptoParams/auto-find-int32/encrypted-payload.json b/test/data/range-sends-cryptoParams/auto-find-int32/encrypted-payload.json index 46b87e8f0..b6c2ae4c7 100644 --- a/test/data/range-sends-cryptoParams/auto-find-int32/encrypted-payload.json +++ b/test/data/range-sends-cryptoParams/auto-find-int32/encrypted-payload.json @@ -46,7 +46,8 @@ } ], "escCollection": "enxcol_.test.esc", - "ecocCollection": "enxcol_.test.ecoc" + "ecocCollection": "enxcol_.test.ecoc", + "strEncodeVersion": 1 } } } diff --git a/test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-payload.json b/test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-payload.json index 934fe11ad..f7786e07b 100644 --- a/test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-payload.json +++ b/test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-payload.json @@ -33,7 +33,8 @@ } ], "escCollection": "enxcol_.test.esc", - "ecocCollection": "enxcol_.test.ecoc" + "ecocCollection": "enxcol_.test.ecoc", + "strEncodeVersion": 1 } } } diff --git a/test/test-mc-efc.c b/test/test-mc-efc.c index 9877c4473..95c07c1c5 100644 --- a/test/test-mc-efc.c +++ b/test/test-mc-efc.c @@ -39,7 +39,7 @@ static void _test_efc(_mongocrypt_tester_t *tester) { { _load_test_file(tester, "./test/data/efc/efc-oneField.json", &efc_bson); ASSERT_OK_STATUS(mc_EncryptedFieldConfig_parse(&efc, &efc_bson, status, use_range_v2), status); - ASSERT_CMPUINT8(efc.str_encode_version, ==, 1); + ASSERT_CMPUINT8(efc.str_encode_version, ==, LATEST_STR_ENCODE_VERSION); ptr = efc.fields; ASSERT(ptr); ASSERT_STREQUAL(ptr->path, "firstName"); @@ -63,7 +63,7 @@ static void _test_efc(_mongocrypt_tester_t *tester) { { _load_test_file(tester, "./test/data/efc/efc-extraField.json", &efc_bson); ASSERT_OK_STATUS(mc_EncryptedFieldConfig_parse(&efc, &efc_bson, status, use_range_v2), status); - ASSERT_CMPUINT8(efc.str_encode_version, ==, 1); + ASSERT_CMPUINT8(efc.str_encode_version, ==, LATEST_STR_ENCODE_VERSION); ptr = efc.fields; ASSERT(ptr); ASSERT_STREQUAL(ptr->path, "firstName"); @@ -75,7 +75,7 @@ static void _test_efc(_mongocrypt_tester_t *tester) { { _load_test_file(tester, "./test/data/efc/efc-twoFields.json", &efc_bson); ASSERT_OK_STATUS(mc_EncryptedFieldConfig_parse(&efc, &efc_bson, status, use_range_v2), status); - ASSERT_CMPUINT8(efc.str_encode_version, ==, 1); + ASSERT_CMPUINT8(efc.str_encode_version, ==, LATEST_STR_ENCODE_VERSION); ptr = efc.fields; ASSERT(ptr); ASSERT_STREQUAL(ptr->path, "lastName"); @@ -101,7 +101,7 @@ static void _test_efc(_mongocrypt_tester_t *tester) { _load_test_file(tester, "./test/data/efc/efc-oneField-badVersionSet.json", &efc_bson); ASSERT_FAILS_STATUS(mc_EncryptedFieldConfig_parse(&efc, &efc_bson, status, use_range_v2), status, - "expected 'strEncodeVersion' to be equal to 1"); + "'strEncodeVersion' of 2 is not supported"); mc_EncryptedFieldConfig_cleanup(&efc); _mongocrypt_status_reset(status); } @@ -109,7 +109,7 @@ static void _test_efc(_mongocrypt_tester_t *tester) { { _load_test_file(tester, "./test/data/efc/efc-textSearchFields.json", &efc_bson); ASSERT_OK_STATUS(mc_EncryptedFieldConfig_parse(&efc, &efc_bson, status, use_range_v2), status); - ASSERT_CMPUINT8(efc.str_encode_version, ==, 1); + ASSERT_CMPUINT8(efc.str_encode_version, ==, LATEST_STR_ENCODE_VERSION); ptr = efc.fields; ASSERT(ptr); ASSERT_STREQUAL(ptr->path, "lastName"); diff --git a/test/test-mongocrypt-ctx-encrypt.c b/test/test-mongocrypt-ctx-encrypt.c index abda18d56..36bfa0421 100644 --- a/test/test-mongocrypt-ctx-encrypt.c +++ b/test/test-mongocrypt-ctx-encrypt.c @@ -20,6 +20,7 @@ #include "mongocrypt-crypto-private.h" // MONGOCRYPT_KEY_LEN #include "mongocrypt.h" #include "test-mongocrypt-assert-match-bson.h" +#include "test-mongocrypt-assert.h" #include "test-mongocrypt-crypto-std-hooks.h" #include "test-mongocrypt.h" @@ -1716,6 +1717,13 @@ static void _test_encrypt_fle2_insert_payload(_mongocrypt_tester_t *tester) { TEST_ENCRYPT_FLE2_ENCRYPTION_PLACEHOLDER(tester, "fle2-insert-v2", &source, NULL) } +static void _test_encrypt_fle2_insert_payload_with_str_encode_version(_mongocrypt_tester_t *tester) { + uint8_t rng_data[] = RNG_DATA; + + _test_rng_data_source source = {.buf = {.data = rng_data, .len = sizeof(rng_data) - 1u}}; + TEST_ENCRYPT_FLE2_ENCRYPTION_PLACEHOLDER(tester, "fle2-insert-v2-with-str-encode-version", &source, NULL) +} + #undef RNG_DATA // FLE2FindEqualityPayload only uses deterministic token generation. @@ -2454,7 +2462,7 @@ static void _test_encrypt_applies_default_state_collections(_mongocrypt_tester_t { const char *expect_schema = "{ 'fields': [], 'escCollection': " "'enxcol_.coll.esc', 'ecocCollection': " - "'enxcol_.coll.ecoc' }"; + "'enxcol_.coll.ecoc', 'strEncodeVersion': 1 }"; mongocrypt_binary_t *cmd_to_mongocryptd; cmd_to_mongocryptd = mongocrypt_binary_new(); @@ -2485,7 +2493,8 @@ static void _test_encrypt_applies_default_state_collections(_mongocrypt_tester_t ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_BSON("{'find': 'coll'}")), ctx); ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); { - const char *expect_schema = "{'fields': [], 'escCollection': 'esc', 'ecocCollection': 'ecoc' }"; + const char *expect_schema = + "{'fields': [], 'escCollection': 'esc', 'ecocCollection': 'ecoc', 'strEncodeVersion': 1 }"; mongocrypt_binary_t *cmd_to_mongocryptd; cmd_to_mongocryptd = mongocrypt_binary_new(); @@ -2517,7 +2526,7 @@ static void _test_encrypt_applies_default_state_collections(_mongocrypt_tester_t ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); { const char *expect_schema = - "{'escCollection': 'esc', 'fields': [], 'ecocCollection': 'enxcol_.coll.ecoc' }"; + "{'escCollection': 'esc', 'fields': [], 'ecocCollection': 'enxcol_.coll.ecoc', 'strEncodeVersion': 1 }"; mongocrypt_binary_t *cmd_to_mongocryptd; cmd_to_mongocryptd = mongocrypt_binary_new(); @@ -3537,6 +3546,136 @@ static void _test_fle2_create(_mongocrypt_tester_t *tester) { mongocrypt_destroy(crypt); } +static void _test_fle2_create_with_encrypted_fields(_mongocrypt_tester_t *tester) { + mongocrypt_t *crypt = mongocrypt_new(); + + ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt); + ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map( + crypt, + TEST_FILE("./test/data/fle2-create-encrypted-collection/encrypted-field-config-map.json")), + crypt); + ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt); + + mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); + + ASSERT_OK( + mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_FILE("./test/data/fle2-create-encrypted-collection/cmd.json")), + ctx); + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); + { + mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); + + ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/without-schema/" + "ismaster-to-mongocryptd.json"), + cmd_to_mongocryptd); + mongocrypt_binary_destroy(cmd_to_mongocryptd); + ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, + TEST_FILE("./test/data/fle1-create/without-schema/" + "mongocryptd-ismaster.json")), + ctx); + ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); + } + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); + { + mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); + + ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( + TEST_FILE("./test/data/fle2-create-encrypted-collection/cmd-to-mongocryptd.json"), + cmd_to_mongocryptd); + mongocrypt_binary_destroy(cmd_to_mongocryptd); + ASSERT_OK( + mongocrypt_ctx_mongo_feed(ctx, + TEST_FILE("./test/data/fle2-create-encrypted-collection/mongocryptd-reply.json")), + ctx); + ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); + } + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY); + { + mongocrypt_binary_t *out = mongocrypt_binary_new(); + ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( + TEST_FILE("./test/data/fle2-create-encrypted-collection/encrypted-payload.json"), + out); + mongocrypt_binary_destroy(out); + } + + mongocrypt_ctx_destroy(ctx); + mongocrypt_destroy(crypt); +} + +static void _test_fle2_create_with_encrypted_fields_and_str_encode_version(_mongocrypt_tester_t *tester) { + mongocrypt_t *crypt = mongocrypt_new(); + + ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt); + ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map( + crypt, + TEST_FILE("./test/data/fle2-create-encrypted-collection-with-str-encode-version/" + "encrypted-field-config-map.json")), + crypt); + ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt); + + mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); + + ASSERT_OK(mongocrypt_ctx_encrypt_init( + ctx, + "db", + -1, + TEST_FILE("./test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd.json")), + ctx); + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); + { + mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); + + ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/without-schema/" + "ismaster-to-mongocryptd.json"), + cmd_to_mongocryptd); + mongocrypt_binary_destroy(cmd_to_mongocryptd); + ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, + TEST_FILE("./test/data/fle1-create/without-schema/" + "mongocryptd-ismaster.json")), + ctx); + ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); + } + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); + { + mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); + + ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( + TEST_FILE("./test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json"), + cmd_to_mongocryptd); + mongocrypt_binary_destroy(cmd_to_mongocryptd); + ASSERT_OK( + mongocrypt_ctx_mongo_feed( + ctx, + TEST_FILE( + "./test/data/fle2-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json")), + ctx); + ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); + } + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY); + { + mongocrypt_binary_t *out = mongocrypt_binary_new(); + ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( + TEST_FILE("./test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-payload.json"), + out); + mongocrypt_binary_destroy(out); + } + + mongocrypt_ctx_destroy(ctx); + mongocrypt_destroy(crypt); +} + /* Regression test for MONGOCRYPT-435 */ static void _test_fle2_create_bypass_query_analysis(_mongocrypt_tester_t *tester) { mongocrypt_t *crypt = mongocrypt_new(); @@ -4703,6 +4842,102 @@ static void _test_does_not_warn_for_empty_local_schema(_mongocrypt_tester_t *tes mongocrypt_destroy(crypt); } +static void _test_fle2_encrypted_field_config_with_bad_str_encode_version(_mongocrypt_tester_t *tester) { + mongocrypt_t *crypt = mongocrypt_new(); + + ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt); + ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map( + crypt, + TEST_FILE("./test/data/fle2-bad-str-encode-version/bad-encrypted-field-config-map.json")), + crypt); + ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt); + + mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); + ASSERT_FAILS(mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_FILE("./test/data/fle2-insert-v2/cmd.json")), + ctx, + "'strEncodeVersion' of 99 is not supported"); + + mongocrypt_ctx_destroy(ctx); + mongocrypt_destroy(crypt); +} + +static void _test_fle2_encrypted_fields_with_bad_str_encode_version(_mongocrypt_tester_t *tester) { + mongocrypt_t *crypt = mongocrypt_new(); + + ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt); + ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map(crypt, + TEST_FILE("./test/data/fle2-create-encrypted-collection/" + "encrypted-field-config-map.json")), + crypt); + ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt); + + mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); + + ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, + "db", + -1, + TEST_FILE("./test/data/fle2-bad-str-encode-version/bad-create-cmd.json")), + ctx); + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); + { + mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); + + ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/without-schema/" + "ismaster-to-mongocryptd.json"), + cmd_to_mongocryptd); + mongocrypt_binary_destroy(cmd_to_mongocryptd); + ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, + TEST_FILE("./test/data/fle1-create/without-schema/" + "mongocryptd-ismaster.json")), + ctx); + ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); + } + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); + { + mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); + + ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( + TEST_FILE("./test/data/fle2-bad-str-encode-version/bad-create-cmd-to-mongocryptd.json"), + cmd_to_mongocryptd); + mongocrypt_binary_destroy(cmd_to_mongocryptd); + ASSERT_OK(mongocrypt_ctx_mongo_feed( + ctx, + TEST_FILE("./test/data/fle2-bad-str-encode-version/bad-create-cmd-mongocryptd-reply.json")), + ctx); + ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); + } + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY); + { + mongocrypt_binary_t *out = mongocrypt_binary_new(); + ASSERT_FAILS(mongocrypt_ctx_finalize(ctx, out), ctx, "'strEncodeVersion' of 99 is not supported"); + } + + mongocrypt_ctx_destroy(ctx); + mongocrypt_destroy(crypt); +} + +static void _test_fle2_collinfo_with_bad_str_encode_version(_mongocrypt_tester_t *tester) { + mongocrypt_t *crypt = mongocrypt_new(); + ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt); + ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt); + mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); + + ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_FILE("./test/data/fle2-insert-v2/cmd.json")), ctx); + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_COLLINFO); + ASSERT_FAILS(mongocrypt_ctx_mongo_feed(ctx, TEST_FILE("./test/data/fle2-bad-str-encode-version/bad-collinfo.json")), + ctx, + "'strEncodeVersion' of 99 is not supported"); + + mongocrypt_ctx_destroy(ctx); + mongocrypt_destroy(crypt); +} + void _mongocrypt_tester_install_ctx_encrypt(_mongocrypt_tester_t *tester) { INSTALL_TEST(_test_explicit_encrypt_init); INSTALL_TEST(_test_encrypt_init); @@ -4738,6 +4973,7 @@ void _mongocrypt_tester_install_ctx_encrypt(_mongocrypt_tester_t *tester) { INSTALL_TEST(_test_encrypt_remote_encryptedfields); INSTALL_TEST(_test_encrypt_with_bypassqueryanalysis); INSTALL_TEST(_test_encrypt_fle2_insert_payload); + INSTALL_TEST(_test_encrypt_fle2_insert_payload_with_str_encode_version); INSTALL_TEST(_test_encrypt_fle2_find_payload); INSTALL_TEST(_test_encrypt_fle2_unindexed_encrypted_payload); INSTALL_TEST(_test_encrypt_fle2_explicit); @@ -4758,6 +4994,8 @@ void _mongocrypt_tester_install_ctx_encrypt(_mongocrypt_tester_t *tester) { INSTALL_TEST(_test_fle1_create_old_mongocryptd); INSTALL_TEST(_test_fle1_create_with_csfle); INSTALL_TEST(_test_fle2_create); + INSTALL_TEST(_test_fle2_create_with_encrypted_fields); + INSTALL_TEST(_test_fle2_create_with_encrypted_fields_and_str_encode_version); INSTALL_TEST(_test_fle2_create_bypass_query_analysis); INSTALL_TEST(_test_encrypt_macos_no_ctr); INSTALL_TEST(_test_fle1_collmod_with_jsonSchema); @@ -4786,4 +5024,7 @@ void _mongocrypt_tester_install_ctx_encrypt(_mongocrypt_tester_t *tester) { INSTALL_TEST(_test_range_sends_cryptoParams); INSTALL_TEST(_test_encrypt_retry); INSTALL_TEST(_test_does_not_warn_for_empty_local_schema); + INSTALL_TEST(_test_fle2_encrypted_field_config_with_bad_str_encode_version); + INSTALL_TEST(_test_fle2_encrypted_fields_with_bad_str_encode_version); + INSTALL_TEST(_test_fle2_collinfo_with_bad_str_encode_version); } From 21f3a557e6643d1733391af64b91291ce58f603b Mon Sep 17 00:00:00 2001 From: Gabriel Marks Date: Mon, 3 Feb 2025 20:51:20 +0000 Subject: [PATCH 04/12] Readability --- src/mongocrypt-ctx-encrypt.c | 48 +++++++++++++++++++++--------------- 1 file changed, 28 insertions(+), 20 deletions(-) diff --git a/src/mongocrypt-ctx-encrypt.c b/src/mongocrypt-ctx-encrypt.c index 75ce56614..328c6993a 100644 --- a/src/mongocrypt-ctx-encrypt.c +++ b/src/mongocrypt-ctx-encrypt.c @@ -1445,7 +1445,8 @@ _fle2_strip_encryptionInformation(const char *cmd_name, bson_t *cmd /* in and ou } /* - * Parses and re-serializes "encryptedFields" field for "create" commands. + * Checks the "encryptedFields.strEncodeVersion" field for "create" commands for validity, and sets it to the default if + * it does not exist. */ static bool _fle2_fixup_encryptedFields(const char *cmd_name, bson_t *cmd /* in and out */, mongocrypt_status_t *status) { @@ -1455,42 +1456,55 @@ _fle2_fixup_encryptedFields(const char *cmd_name, bson_t *cmd /* in and out */, if (0 == strcmp(cmd_name, "create")) { bson_iter_t ef_iter; if (!bson_iter_init_find(&ef_iter, cmd, "encryptedFields")) { - // No encryptedFields, this is fine + // No encryptedFields, nothing to check or fix return true; } bson_iter_t sev_iter; if (!bson_iter_init(&sev_iter, cmd)) { - CLIENT_ERR("Failed to initialize bson_iter in fixup_encryptedFields"); + CLIENT_ERR("_fle2_fixup_encryptedFields: Failed to initialize bson_iter"); return false; } if (!bson_iter_find_descendant(&sev_iter, "encryptedFields.strEncodeVersion", &sev_iter)) { + bool ok = false; // No strEncodeVersion, add it bson_t fixed = BSON_INITIALIZER; bson_copy_to_excluding_noinit(cmd, &fixed, "encryptedFields", NULL); bson_t ef; - bson_t fixed_ef; const uint8_t *data; uint32_t len; - BSON_ASSERT(BSON_ITER_HOLDS_DOCUMENT(&ef_iter)); + if (!BSON_ITER_HOLDS_DOCUMENT(&ef_iter)) { + CLIENT_ERR("_fle2_fixup_encryptedFields: Expected encryptedFields to be type obj, got: %d", + bson_iter_type(&ef_iter)); + goto fail2; + } bson_iter_document(&ef_iter, &len, &data); - bson_init_static(&ef, data, len); + if (!bson_init_static(&ef, data, len)) { + CLIENT_ERR("_fle2_fixup_encryptedFields: bson_init_static failed"); + goto fail2; + } + bson_t fixed_ef; bson_copy_to(&ef, &fixed_ef); if (!BSON_APPEND_INT32(&fixed_ef, "strEncodeVersion", LATEST_STR_ENCODE_VERSION)) { - CLIENT_ERR("Failed to append strEncodeVersion in fixup_encryptedFields"); - return false; + CLIENT_ERR("_fle2_fixup_encryptedFields: Failed to append strEncodeVersion"); + goto fail1; } if (!BSON_APPEND_DOCUMENT(&fixed, "encryptedFields", &fixed_ef)) { - CLIENT_ERR("Failed to append encryptedFields in fixup_encryptedFields"); - return false; + CLIENT_ERR("_fle2_fixup_encryptedFields: Failed to append encryptedFields"); + goto fail1; } bson_destroy(cmd); if (!bson_steal(cmd, &fixed)) { - CLIENT_ERR("Failed to steal BSON in fixup_encryptedFields"); - bson_destroy(&fixed); - return false; + CLIENT_ERR("_fle2_fixup_encryptedFields: Failed to steal BSON"); + goto fail1; } - return true; + ok = true; + fail1: + bson_destroy(&fixed_ef); + fail2: + bson_destroy(&fixed); + return ok; } else { + // Check strEncodeVersion for validity if (!BSON_ITER_HOLDS_INT32(&sev_iter)) { CLIENT_ERR("expected 'strEncodeVersion' to be type int32, got: %d", bson_iter_type(&sev_iter)); return false; @@ -1577,12 +1591,6 @@ static bool _fle2_finalize(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) { return _mongocrypt_ctx_fail(ctx); } - { - char *json = bson_as_canonical_extended_json(&converted, NULL); - fprintf(stderr, "converted: %s\n", json); - bson_free(json); - } - if (!_fle2_fixup_encryptedFields(command_name, &converted, ctx->status)) { bson_destroy(&converted); return _mongocrypt_ctx_fail(ctx); From 1e2b448aeb1734aff493f238d7ffdeefa35bea5a Mon Sep 17 00:00:00 2001 From: Gabriel Marks Date: Mon, 3 Feb 2025 21:12:15 +0000 Subject: [PATCH 05/12] Fix leaks --- src/mongocrypt-ctx-encrypt.c | 4 +++- test/test-mongocrypt-ctx-encrypt.c | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/mongocrypt-ctx-encrypt.c b/src/mongocrypt-ctx-encrypt.c index 328c6993a..df9079b39 100644 --- a/src/mongocrypt-ctx-encrypt.c +++ b/src/mongocrypt-ctx-encrypt.c @@ -1501,7 +1501,9 @@ _fle2_fixup_encryptedFields(const char *cmd_name, bson_t *cmd /* in and out */, fail1: bson_destroy(&fixed_ef); fail2: - bson_destroy(&fixed); + if (!ok) { + bson_destroy(&fixed); + } return ok; } else { // Check strEncodeVersion for validity diff --git a/test/test-mongocrypt-ctx-encrypt.c b/test/test-mongocrypt-ctx-encrypt.c index 36bfa0421..57c6771ef 100644 --- a/test/test-mongocrypt-ctx-encrypt.c +++ b/test/test-mongocrypt-ctx-encrypt.c @@ -4915,6 +4915,7 @@ static void _test_fle2_encrypted_fields_with_bad_str_encode_version(_mongocrypt_ { mongocrypt_binary_t *out = mongocrypt_binary_new(); ASSERT_FAILS(mongocrypt_ctx_finalize(ctx, out), ctx, "'strEncodeVersion' of 99 is not supported"); + mongocrypt_binary_destroy(out); } mongocrypt_ctx_destroy(ctx); From b287c3f434bf3489afcfb49cd1aa081506b3ea44 Mon Sep 17 00:00:00 2001 From: Gabriel Marks Date: Tue, 4 Feb 2025 21:33:11 +0000 Subject: [PATCH 06/12] tmp --- src/mc-efc.c | 14 ++++++++++++-- src/mongocrypt-ctx-encrypt.c | 35 +++++++++++++++++++++++++---------- test/test-mc-efc.c | 6 +++--- 3 files changed, 40 insertions(+), 15 deletions(-) diff --git a/src/mc-efc.c b/src/mc-efc.c index c2d4a3c06..af02a870c 100644 --- a/src/mc-efc.c +++ b/src/mc-efc.c @@ -183,6 +183,7 @@ bool mc_EncryptedFieldConfig_parse(mc_EncryptedFieldConfig_t *efc, CLIENT_ERR("unable to recurse into encrypted_field_config 'fields'"); return false; } + supported_query_type_flags all_supported_queries = SUPPORTS_NO_QUERIES; while (bson_iter_next(&iter)) { bson_t field; if (!mc_iter_document_as_bson(&iter, &field, status)) { @@ -191,11 +192,20 @@ bool mc_EncryptedFieldConfig_parse(mc_EncryptedFieldConfig_t *efc, if (!_parse_field(efc, &field, status, use_range_v2)) { return false; } + // The first element of efc->fields contains the newly parsed field. + all_supported_queries |= efc->fields->supported_queries; } if (!bson_iter_init_find(&iter, efc_bson, "strEncodeVersion")) { - // Set to latest. - efc->str_encode_version = LATEST_STR_ENCODE_VERSION; + if (all_supported_queries + & (SUPPORTS_SUBSTRING_PREVIEW_QUERIES | SUPPORTS_SUFFIX_PREVIEW_QUERIES + | SUPPORTS_PREFIX_PREVIEW_QUERIES)) { + // Has at least one text search query type, set to latest by default. + efc->str_encode_version = LATEST_STR_ENCODE_VERSION; + } else { + // Set to 0 to indicate no text search. + efc->str_encode_version = 0; + } } else { if (!BSON_ITER_HOLDS_INT32(&iter)) { CLIENT_ERR("expected 'strEncodeVersion' to be type int32, got: %d", bson_iter_type(&iter)); diff --git a/src/mongocrypt-ctx-encrypt.c b/src/mongocrypt-ctx-encrypt.c index df9079b39..8ee03014f 100644 --- a/src/mongocrypt-ctx-encrypt.c +++ b/src/mongocrypt-ctx-encrypt.c @@ -39,6 +39,7 @@ static bool _fle2_append_encryptedFieldConfig(const mongocrypt_ctx_t *ctx, bool has_ecocCollection = false; bool has_strEncodeVersion = false; + BSON_ASSERT_PARAM(ctx); BSON_ASSERT_PARAM(dst); BSON_ASSERT_PARAM(encryptedFieldConfig); BSON_ASSERT_PARAM(target_coll); @@ -83,9 +84,15 @@ static bool _fle2_append_encryptedFieldConfig(const mongocrypt_ctx_t *ctx, bson_free(default_ecocCollection); } if (!has_strEncodeVersion) { - if (!BSON_APPEND_INT32(dst, "strEncodeVersion", LATEST_STR_ENCODE_VERSION)) { - CLIENT_ERR("unable to append strEncodeVersion"); - return false; + _mongocrypt_ctx_encrypt_t *ectx = (_mongocrypt_ctx_encrypt_t *)ctx; + // Check str_encode_version on the EncryptedFieldConfig object to see whether we should append or not. This will + // be LATEST_STR_ENCODE_VERSION if we should append (meaning either the EFC had an attached + // strEncodeVersion, or we have a text search query type on the EFC), or 0 if we should not. + if (ectx->efc.str_encode_version != 0) { + if (!BSON_APPEND_INT32(dst, "strEncodeVersion", (int32_t)ectx->efc.str_encode_version)) { + CLIENT_ERR("unable to append strEncodeVersion"); + return false; + } } } return true; @@ -1448,8 +1455,10 @@ _fle2_strip_encryptionInformation(const char *cmd_name, bson_t *cmd /* in and ou * Checks the "encryptedFields.strEncodeVersion" field for "create" commands for validity, and sets it to the default if * it does not exist. */ -static bool -_fle2_fixup_encryptedFields(const char *cmd_name, bson_t *cmd /* in and out */, mongocrypt_status_t *status) { +static bool _fle2_fixup_encryptedFields(const char *cmd_name, + bson_t *cmd /* in and out */, + const mc_EncryptedFieldConfig_t *efc, + mongocrypt_status_t *status) { BSON_ASSERT_PARAM(cmd_name); BSON_ASSERT_PARAM(cmd); @@ -1465,6 +1474,10 @@ _fle2_fixup_encryptedFields(const char *cmd_name, bson_t *cmd /* in and out */, return false; } if (!bson_iter_find_descendant(&sev_iter, "encryptedFields.strEncodeVersion", &sev_iter)) { + if (efc->str_encode_version == 0) { + // Unset StrEncodeVersion matches our EFC, nothing to fix. + return true; + } bool ok = false; // No strEncodeVersion, add it bson_t fixed = BSON_INITIALIZER; @@ -1484,7 +1497,7 @@ _fle2_fixup_encryptedFields(const char *cmd_name, bson_t *cmd /* in and out */, } bson_t fixed_ef; bson_copy_to(&ef, &fixed_ef); - if (!BSON_APPEND_INT32(&fixed_ef, "strEncodeVersion", LATEST_STR_ENCODE_VERSION)) { + if (!BSON_APPEND_INT32(&fixed_ef, "strEncodeVersion", efc->str_encode_version)) { CLIENT_ERR("_fle2_fixup_encryptedFields: Failed to append strEncodeVersion"); goto fail1; } @@ -1506,14 +1519,16 @@ _fle2_fixup_encryptedFields(const char *cmd_name, bson_t *cmd /* in and out */, } return ok; } else { - // Check strEncodeVersion for validity + // Check strEncodeVersion for match against EFC if (!BSON_ITER_HOLDS_INT32(&sev_iter)) { CLIENT_ERR("expected 'strEncodeVersion' to be type int32, got: %d", bson_iter_type(&sev_iter)); return false; } int32_t version = bson_iter_int32(&sev_iter); - if (version > LATEST_STR_ENCODE_VERSION || version < MIN_STR_ENCODE_VERSION) { - CLIENT_ERR("'strEncodeVersion' of %d is not supported", version); + if (version != efc->str_encode_version) { + CLIENT_ERR("'strEncodeVersion' of %d does not match efc->str_encode_version of %d", + version, + efc->str_encode_version); return false; } } @@ -1593,7 +1608,7 @@ static bool _fle2_finalize(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) { return _mongocrypt_ctx_fail(ctx); } - if (!_fle2_fixup_encryptedFields(command_name, &converted, ctx->status)) { + if (!_fle2_fixup_encryptedFields(command_name, &converted, &ectx->efc, ctx->status)) { bson_destroy(&converted); return _mongocrypt_ctx_fail(ctx); } diff --git a/test/test-mc-efc.c b/test/test-mc-efc.c index 95c07c1c5..39f2c6d36 100644 --- a/test/test-mc-efc.c +++ b/test/test-mc-efc.c @@ -39,7 +39,7 @@ static void _test_efc(_mongocrypt_tester_t *tester) { { _load_test_file(tester, "./test/data/efc/efc-oneField.json", &efc_bson); ASSERT_OK_STATUS(mc_EncryptedFieldConfig_parse(&efc, &efc_bson, status, use_range_v2), status); - ASSERT_CMPUINT8(efc.str_encode_version, ==, LATEST_STR_ENCODE_VERSION); + ASSERT_CMPUINT8(efc.str_encode_version, ==, 0); ptr = efc.fields; ASSERT(ptr); ASSERT_STREQUAL(ptr->path, "firstName"); @@ -63,7 +63,7 @@ static void _test_efc(_mongocrypt_tester_t *tester) { { _load_test_file(tester, "./test/data/efc/efc-extraField.json", &efc_bson); ASSERT_OK_STATUS(mc_EncryptedFieldConfig_parse(&efc, &efc_bson, status, use_range_v2), status); - ASSERT_CMPUINT8(efc.str_encode_version, ==, LATEST_STR_ENCODE_VERSION); + ASSERT_CMPUINT8(efc.str_encode_version, ==, 0); ptr = efc.fields; ASSERT(ptr); ASSERT_STREQUAL(ptr->path, "firstName"); @@ -75,7 +75,7 @@ static void _test_efc(_mongocrypt_tester_t *tester) { { _load_test_file(tester, "./test/data/efc/efc-twoFields.json", &efc_bson); ASSERT_OK_STATUS(mc_EncryptedFieldConfig_parse(&efc, &efc_bson, status, use_range_v2), status); - ASSERT_CMPUINT8(efc.str_encode_version, ==, LATEST_STR_ENCODE_VERSION); + ASSERT_CMPUINT8(efc.str_encode_version, ==, 0); ptr = efc.fields; ASSERT(ptr); ASSERT_STREQUAL(ptr->path, "lastName"); From 1cf2ea9b42ac9ae4135f4fbdacf3f919d5eb5b8a Mon Sep 17 00:00:00 2001 From: Gabriel Marks Date: Tue, 4 Feb 2025 22:21:22 +0000 Subject: [PATCH 07/12] Fix tests to work good --- .../bypassQueryAnalysis/payload.json | 3 +- .../bulkWrite/simple/cmd-to-mongocryptd.json | 3 +- .../unencrypted/cmd-to-mongocryptd.json | 3 +- .../encrypted-payload-range-v2.json | 3 +- .../success/encrypted-payload-range-v2.json | 3 +- .../dollardb/omitted/cmd-to-mongocryptd.json | 3 +- .../dollardb/omitted/encrypted-payload.json | 3 +- .../preserved/cmd-to-mongocryptd.json | 3 +- .../dollardb/preserved/encrypted-payload.json | 3 +- .../preserved_empty/cmd-to-mongocryptd.json | 3 +- .../data/find-with-encryptionInformation.json | 3 +- .../bad-create-cmd-mongocryptd-reply.json | 5 +- .../bad-create-cmd-to-mongocryptd.json | 5 +- .../cmd-to-mongocryptd.json | 45 +++ .../mongocryptd-reply.json | 51 +++ .../cmd-to-mongocryptd.json | 3 +- .../encrypted-payload.json | 3 +- .../mongocryptd-reply.json | 3 +- test/data/fle2-create/cmd-to-mongocryptd.json | 3 +- .../empty/encrypted-payload-v2.json | 3 +- .../success/encrypted-payload-v2.json | 3 +- .../with-csfle/encrypted-payload.json | 3 +- .../with-mongocryptd/cmd-to-mongocryptd.json | 3 +- .../with-mongocryptd/encrypted-payload.json | 3 +- .../encrypted-payload.json | 3 +- .../cmd-to-mongocryptd.json | 3 +- .../fle2-find-explicit/cmd-to-mongod.json | 3 +- .../date-v2/encrypted-payload.json | 3 +- .../encrypted-payload.json | 3 +- .../decimal128-v2/encrypted-payload.json | 3 +- .../encrypted-payload.json | 3 +- .../double-v2/encrypted-payload.json | 3 +- .../int32-v2/encrypted-payload.json | 3 +- .../int64-v2/encrypted-payload.json | 3 +- .../date-v2/encrypted-payload.json | 3 +- .../encrypted-payload.json | 3 +- .../decimal128-v2/encrypted-payload.json | 3 +- .../encrypted-payload.json | 3 +- .../double-v2/encrypted-payload.json | 3 +- .../int32-v2/encrypted-payload.json | 3 +- .../int64-v2/encrypted-payload.json | 3 +- .../fle2-insert-v2/encrypted-payload.json | 3 +- .../cmd-to-mongocryptd.json | 56 +++ .../cmd.json | 23 ++ .../encrypted-field-config-map.json | 30 ++ .../encrypted-payload.json | 23 ++ .../mongocryptd-reply.json | 62 +++ .../cmd-to-mongocryptd.json | 55 +++ .../cmd.json | 22 ++ .../encrypted-field-config-map.json | 29 ++ .../encrypted-payload.json | 23 ++ .../mongocryptd-reply.json | 61 +++ .../no-trimFactor/find/encrypted-payload.json | 3 +- .../insert/encrypted-payload.json | 3 +- .../auto-find-int32/encrypted-payload.json | 3 +- .../auto-insert-int32/encrypted-payload.json | 3 +- test/test-mongocrypt-ctx-encrypt.c | 371 +++++++++++++++++- 57 files changed, 886 insertions(+), 101 deletions(-) create mode 100644 test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/cmd-to-mongocryptd.json create mode 100644 test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/mongocryptd-reply.json create mode 100644 test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json create mode 100644 test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd.json create mode 100644 test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json create mode 100644 test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-payload.json create mode 100644 test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json create mode 100644 test/data/fle2-text-search-create-encrypted-collection/cmd-to-mongocryptd.json create mode 100644 test/data/fle2-text-search-create-encrypted-collection/cmd.json create mode 100644 test/data/fle2-text-search-create-encrypted-collection/encrypted-field-config-map.json create mode 100644 test/data/fle2-text-search-create-encrypted-collection/encrypted-payload.json create mode 100644 test/data/fle2-text-search-create-encrypted-collection/mongocryptd-reply.json diff --git a/test/data/bulkWrite/bypassQueryAnalysis/payload.json b/test/data/bulkWrite/bypassQueryAnalysis/payload.json index a12305f64..97124c5e4 100644 --- a/test/data/bulkWrite/bypassQueryAnalysis/payload.json +++ b/test/data/bulkWrite/bypassQueryAnalysis/payload.json @@ -44,8 +44,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/bulkWrite/simple/cmd-to-mongocryptd.json b/test/data/bulkWrite/simple/cmd-to-mongocryptd.json index ef45cad83..7d01df750 100644 --- a/test/data/bulkWrite/simple/cmd-to-mongocryptd.json +++ b/test/data/bulkWrite/simple/cmd-to-mongocryptd.json @@ -41,8 +41,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/bulkWrite/unencrypted/cmd-to-mongocryptd.json b/test/data/bulkWrite/unencrypted/cmd-to-mongocryptd.json index c9ad91dbf..46f8792de 100644 --- a/test/data/bulkWrite/unencrypted/cmd-to-mongocryptd.json +++ b/test/data/bulkWrite/unencrypted/cmd-to-mongocryptd.json @@ -21,8 +21,7 @@ "db.test": { "escCollection": "enxcol_.test.esc", "ecocCollection": "enxcol_.test.ecoc", - "fields": [], - "strEncodeVersion": 1 + "fields": [] } } } diff --git a/test/data/compact/anchor-pad/encrypted-payload-range-v2.json b/test/data/compact/anchor-pad/encrypted-payload-range-v2.json index 5b600ab69..7f9712960 100644 --- a/test/data/compact/anchor-pad/encrypted-payload-range-v2.json +++ b/test/data/compact/anchor-pad/encrypted-payload-range-v2.json @@ -63,8 +63,7 @@ "sparsity": 1 } } - ], - "strEncodeVersion": 1 + ] } } }, diff --git a/test/data/compact/success/encrypted-payload-range-v2.json b/test/data/compact/success/encrypted-payload-range-v2.json index 508bb720b..9ebc76361 100644 --- a/test/data/compact/success/encrypted-payload-range-v2.json +++ b/test/data/compact/success/encrypted-payload-range-v2.json @@ -62,8 +62,7 @@ "sparsity": 1 } } - ], - "strEncodeVersion": 1 + ] } } }, diff --git a/test/data/dollardb/omitted/cmd-to-mongocryptd.json b/test/data/dollardb/omitted/cmd-to-mongocryptd.json index bcc3724c7..c874759f8 100644 --- a/test/data/dollardb/omitted/cmd-to-mongocryptd.json +++ b/test/data/dollardb/omitted/cmd-to-mongocryptd.json @@ -26,8 +26,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/dollardb/omitted/encrypted-payload.json b/test/data/dollardb/omitted/encrypted-payload.json index 1446448e6..5809af0c3 100644 --- a/test/data/dollardb/omitted/encrypted-payload.json +++ b/test/data/dollardb/omitted/encrypted-payload.json @@ -31,8 +31,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/dollardb/preserved/cmd-to-mongocryptd.json b/test/data/dollardb/preserved/cmd-to-mongocryptd.json index bcc3724c7..c874759f8 100644 --- a/test/data/dollardb/preserved/cmd-to-mongocryptd.json +++ b/test/data/dollardb/preserved/cmd-to-mongocryptd.json @@ -26,8 +26,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/dollardb/preserved/encrypted-payload.json b/test/data/dollardb/preserved/encrypted-payload.json index a23d34e02..e91d5f859 100644 --- a/test/data/dollardb/preserved/encrypted-payload.json +++ b/test/data/dollardb/preserved/encrypted-payload.json @@ -31,8 +31,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } }, diff --git a/test/data/dollardb/preserved_empty/cmd-to-mongocryptd.json b/test/data/dollardb/preserved_empty/cmd-to-mongocryptd.json index 9aa737a9a..68d66b758 100644 --- a/test/data/dollardb/preserved_empty/cmd-to-mongocryptd.json +++ b/test/data/dollardb/preserved_empty/cmd-to-mongocryptd.json @@ -9,8 +9,7 @@ "db.test": { "escCollection": "esc", "ecocCollection": "ecoc", - "fields": [], - "strEncodeVersion": 1 + "fields": [] } } } diff --git a/test/data/find-with-encryptionInformation.json b/test/data/find-with-encryptionInformation.json index e0739e533..b6a4a5f22 100644 --- a/test/data/find-with-encryptionInformation.json +++ b/test/data/find-with-encryptionInformation.json @@ -8,8 +8,7 @@ "db.coll": { "fields": [], "escCollection": "enxcol_.coll.esc", - "ecocCollection": "enxcol_.coll.ecoc", - "strEncodeVersion": 1 + "ecocCollection": "enxcol_.coll.ecoc" } } } diff --git a/test/data/fle2-bad-str-encode-version/bad-create-cmd-mongocryptd-reply.json b/test/data/fle2-bad-str-encode-version/bad-create-cmd-mongocryptd-reply.json index 1e254f335..8a14cd9f1 100644 --- a/test/data/fle2-bad-str-encode-version/bad-create-cmd-mongocryptd-reply.json +++ b/test/data/fle2-bad-str-encode-version/bad-create-cmd-mongocryptd-reply.json @@ -17,7 +17,7 @@ } } ], - "strEncodeVersion": 99 + "strEncodeVersion": 1 }, "encryptionInformation": { "type": 1, @@ -42,8 +42,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-bad-str-encode-version/bad-create-cmd-to-mongocryptd.json b/test/data/fle2-bad-str-encode-version/bad-create-cmd-to-mongocryptd.json index b624241e3..b4ae213fd 100644 --- a/test/data/fle2-bad-str-encode-version/bad-create-cmd-to-mongocryptd.json +++ b/test/data/fle2-bad-str-encode-version/bad-create-cmd-to-mongocryptd.json @@ -13,7 +13,7 @@ } } ], - "strEncodeVersion": 99 + "strEncodeVersion": 1 }, "encryptionInformation": { "type": 1, @@ -38,8 +38,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/cmd-to-mongocryptd.json b/test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/cmd-to-mongocryptd.json new file mode 100644 index 000000000..b9f5c98e2 --- /dev/null +++ b/test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/cmd-to-mongocryptd.json @@ -0,0 +1,45 @@ +{ + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ] + }, + "encryptionInformation": { + "type": 1, + "schema": { + "db.coll": { + "escCollection": "esc", + "ecocCollection": "ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ], + "strEncodeVersion": 1 + } + } + } +} diff --git a/test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/mongocryptd-reply.json b/test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/mongocryptd-reply.json new file mode 100644 index 000000000..58611cc5d --- /dev/null +++ b/test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/mongocryptd-reply.json @@ -0,0 +1,51 @@ +{ + "ok": { + "$numberInt": "1" + }, + "result": { + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ] + }, + "encryptionInformation": { + "type": 1, + "schema": { + "db.coll": { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "escCollection": "esc", + "ecocCollection": "ecoc", + "fields": [ + { + "path": "encrypted", + "bsonType": "int", + "queries": { + "queryType": "equality", + "contention": { + "$numberLong": "0" + } + } + } + ], + "strEncodeVersion": 1 + } + } + } + }, + "hasEncryptedPlaceholders": false +} \ No newline at end of file diff --git a/test/data/fle2-create-encrypted-collection/cmd-to-mongocryptd.json b/test/data/fle2-create-encrypted-collection/cmd-to-mongocryptd.json index b9f5c98e2..a6eaa11a7 100644 --- a/test/data/fle2-create-encrypted-collection/cmd-to-mongocryptd.json +++ b/test/data/fle2-create-encrypted-collection/cmd-to-mongocryptd.json @@ -37,8 +37,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-create-encrypted-collection/encrypted-payload.json b/test/data/fle2-create-encrypted-collection/encrypted-payload.json index 3ebff7d9e..7007d2b2c 100644 --- a/test/data/fle2-create-encrypted-collection/encrypted-payload.json +++ b/test/data/fle2-create-encrypted-collection/encrypted-payload.json @@ -12,7 +12,6 @@ } } } - ], - "strEncodeVersion": 1 + ] } } \ No newline at end of file diff --git a/test/data/fle2-create-encrypted-collection/mongocryptd-reply.json b/test/data/fle2-create-encrypted-collection/mongocryptd-reply.json index 58611cc5d..f9bb1a80c 100644 --- a/test/data/fle2-create-encrypted-collection/mongocryptd-reply.json +++ b/test/data/fle2-create-encrypted-collection/mongocryptd-reply.json @@ -41,8 +41,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-create/cmd-to-mongocryptd.json b/test/data/fle2-create/cmd-to-mongocryptd.json index 48a9f14cd..99eaa70e8 100644 --- a/test/data/fle2-create/cmd-to-mongocryptd.json +++ b/test/data/fle2-create/cmd-to-mongocryptd.json @@ -6,8 +6,7 @@ "db.coll": { "escCollection": "esc", "ecocCollection": "ecoc", - "fields": [], - "strEncodeVersion": 1 + "fields": [] } } } diff --git a/test/data/fle2-delete/empty/encrypted-payload-v2.json b/test/data/fle2-delete/empty/encrypted-payload-v2.json index a4a9be093..7e177ad90 100644 --- a/test/data/fle2-delete/empty/encrypted-payload-v2.json +++ b/test/data/fle2-delete/empty/encrypted-payload-v2.json @@ -51,8 +51,7 @@ "path": "nested.notindexed", "bsonType": "string" } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-delete/success/encrypted-payload-v2.json b/test/data/fle2-delete/success/encrypted-payload-v2.json index 4af078433..c30997477 100644 --- a/test/data/fle2-delete/success/encrypted-payload-v2.json +++ b/test/data/fle2-delete/success/encrypted-payload-v2.json @@ -58,8 +58,7 @@ "path": "nested.notindexed", "bsonType": "string" } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-explain/with-csfle/encrypted-payload.json b/test/data/fle2-explain/with-csfle/encrypted-payload.json index c0ad1d40a..b9c754476 100644 --- a/test/data/fle2-explain/with-csfle/encrypted-payload.json +++ b/test/data/fle2-explain/with-csfle/encrypted-payload.json @@ -36,8 +36,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-explain/with-mongocryptd/cmd-to-mongocryptd.json b/test/data/fle2-explain/with-mongocryptd/cmd-to-mongocryptd.json index 334891af3..d5ea3094a 100644 --- a/test/data/fle2-explain/with-mongocryptd/cmd-to-mongocryptd.json +++ b/test/data/fle2-explain/with-mongocryptd/cmd-to-mongocryptd.json @@ -28,8 +28,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-explain/with-mongocryptd/encrypted-payload.json b/test/data/fle2-explain/with-mongocryptd/encrypted-payload.json index a57499196..6193d870d 100644 --- a/test/data/fle2-explain/with-mongocryptd/encrypted-payload.json +++ b/test/data/fle2-explain/with-mongocryptd/encrypted-payload.json @@ -32,8 +32,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-find-equality-v2/encrypted-payload.json b/test/data/fle2-find-equality-v2/encrypted-payload.json index 2018f4a8b..1bd24683a 100644 --- a/test/data/fle2-find-equality-v2/encrypted-payload.json +++ b/test/data/fle2-find-equality-v2/encrypted-payload.json @@ -33,8 +33,7 @@ "contention": 0 } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-find-explicit/cmd-to-mongocryptd.json b/test/data/fle2-find-explicit/cmd-to-mongocryptd.json index ebca5e166..a447d615b 100644 --- a/test/data/fle2-find-explicit/cmd-to-mongocryptd.json +++ b/test/data/fle2-find-explicit/cmd-to-mongocryptd.json @@ -16,8 +16,7 @@ "db.coll": { "fields": [], "escCollection": "enxcol_.coll.esc", - "ecocCollection": "enxcol_.coll.ecoc", - "strEncodeVersion": 1 + "ecocCollection": "enxcol_.coll.ecoc" } } } diff --git a/test/data/fle2-find-explicit/cmd-to-mongod.json b/test/data/fle2-find-explicit/cmd-to-mongod.json index ebca5e166..a447d615b 100644 --- a/test/data/fle2-find-explicit/cmd-to-mongod.json +++ b/test/data/fle2-find-explicit/cmd-to-mongod.json @@ -16,8 +16,7 @@ "db.coll": { "fields": [], "escCollection": "enxcol_.coll.esc", - "ecocCollection": "enxcol_.coll.ecoc", - "strEncodeVersion": 1 + "ecocCollection": "enxcol_.coll.ecoc" } } } diff --git a/test/data/fle2-find-range/date-v2/encrypted-payload.json b/test/data/fle2-find-range/date-v2/encrypted-payload.json index dff4f121f..903ab0c08 100644 --- a/test/data/fle2-find-range/date-v2/encrypted-payload.json +++ b/test/data/fle2-find-range/date-v2/encrypted-payload.json @@ -34,8 +34,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-find-range/decimal128-precision-v2/encrypted-payload.json b/test/data/fle2-find-range/decimal128-precision-v2/encrypted-payload.json index 9e6129936..73920aed8 100644 --- a/test/data/fle2-find-range/decimal128-precision-v2/encrypted-payload.json +++ b/test/data/fle2-find-range/decimal128-precision-v2/encrypted-payload.json @@ -43,8 +43,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-find-range/decimal128-v2/encrypted-payload.json b/test/data/fle2-find-range/decimal128-v2/encrypted-payload.json index ab296f166..e2e5329a8 100644 --- a/test/data/fle2-find-range/decimal128-v2/encrypted-payload.json +++ b/test/data/fle2-find-range/decimal128-v2/encrypted-payload.json @@ -34,8 +34,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-find-range/double-precision-v2/encrypted-payload.json b/test/data/fle2-find-range/double-precision-v2/encrypted-payload.json index 9f8c3ad84..40d3fdc47 100644 --- a/test/data/fle2-find-range/double-precision-v2/encrypted-payload.json +++ b/test/data/fle2-find-range/double-precision-v2/encrypted-payload.json @@ -37,8 +37,7 @@ "precision": 2 } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-find-range/double-v2/encrypted-payload.json b/test/data/fle2-find-range/double-v2/encrypted-payload.json index 984ced20d..a72dfacc1 100644 --- a/test/data/fle2-find-range/double-v2/encrypted-payload.json +++ b/test/data/fle2-find-range/double-v2/encrypted-payload.json @@ -34,8 +34,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-find-range/int32-v2/encrypted-payload.json b/test/data/fle2-find-range/int32-v2/encrypted-payload.json index 94cf2f15e..c28ed3e15 100644 --- a/test/data/fle2-find-range/int32-v2/encrypted-payload.json +++ b/test/data/fle2-find-range/int32-v2/encrypted-payload.json @@ -34,8 +34,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-find-range/int64-v2/encrypted-payload.json b/test/data/fle2-find-range/int64-v2/encrypted-payload.json index a82c3f3cd..d35ddce01 100644 --- a/test/data/fle2-find-range/int64-v2/encrypted-payload.json +++ b/test/data/fle2-find-range/int64-v2/encrypted-payload.json @@ -34,8 +34,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-insert-range/date-v2/encrypted-payload.json b/test/data/fle2-insert-range/date-v2/encrypted-payload.json index 7135ff25b..d12ed4a1e 100644 --- a/test/data/fle2-insert-range/date-v2/encrypted-payload.json +++ b/test/data/fle2-insert-range/date-v2/encrypted-payload.json @@ -37,8 +37,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-insert-range/decimal128-precision-v2/encrypted-payload.json b/test/data/fle2-insert-range/decimal128-precision-v2/encrypted-payload.json index a2bf9a573..e96bc2ad0 100644 --- a/test/data/fle2-insert-range/decimal128-precision-v2/encrypted-payload.json +++ b/test/data/fle2-insert-range/decimal128-precision-v2/encrypted-payload.json @@ -46,8 +46,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-insert-range/decimal128-v2/encrypted-payload.json b/test/data/fle2-insert-range/decimal128-v2/encrypted-payload.json index 983f086cf..48c5dd86f 100644 --- a/test/data/fle2-insert-range/decimal128-v2/encrypted-payload.json +++ b/test/data/fle2-insert-range/decimal128-v2/encrypted-payload.json @@ -37,8 +37,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-insert-range/double-precision-v2/encrypted-payload.json b/test/data/fle2-insert-range/double-precision-v2/encrypted-payload.json index 832ea9c88..e4f3bb3f3 100644 --- a/test/data/fle2-insert-range/double-precision-v2/encrypted-payload.json +++ b/test/data/fle2-insert-range/double-precision-v2/encrypted-payload.json @@ -40,8 +40,7 @@ "precision": 2 } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-insert-range/double-v2/encrypted-payload.json b/test/data/fle2-insert-range/double-v2/encrypted-payload.json index f08ddad80..23dbb35d6 100644 --- a/test/data/fle2-insert-range/double-v2/encrypted-payload.json +++ b/test/data/fle2-insert-range/double-v2/encrypted-payload.json @@ -37,8 +37,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-insert-range/int32-v2/encrypted-payload.json b/test/data/fle2-insert-range/int32-v2/encrypted-payload.json index bd06cd490..c6d791e23 100644 --- a/test/data/fle2-insert-range/int32-v2/encrypted-payload.json +++ b/test/data/fle2-insert-range/int32-v2/encrypted-payload.json @@ -37,8 +37,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-insert-range/int64-v2/encrypted-payload.json b/test/data/fle2-insert-range/int64-v2/encrypted-payload.json index 1e73c9214..7c42ae92d 100644 --- a/test/data/fle2-insert-range/int64-v2/encrypted-payload.json +++ b/test/data/fle2-insert-range/int64-v2/encrypted-payload.json @@ -37,8 +37,7 @@ } } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-insert-v2/encrypted-payload.json b/test/data/fle2-insert-v2/encrypted-payload.json index e8a27cf54..fa84a6bec 100644 --- a/test/data/fle2-insert-v2/encrypted-payload.json +++ b/test/data/fle2-insert-v2/encrypted-payload.json @@ -32,8 +32,7 @@ "contention": 0 } } - ], - "strEncodeVersion": 1 + ] } } } diff --git a/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json b/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json new file mode 100644 index 000000000..7116f7cf2 --- /dev/null +++ b/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json @@ -0,0 +1,56 @@ +{ + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + }, + "strMaxLength": 100, + "strMinQueryLength": 5, + "strMaxQueryLength": 20, + "caseSensitive": false, + "diacriticSensitive": true + } + } + ], + "strEncodeVersion": 1 + }, + "encryptionInformation": { + "type": 1, + "schema": { + "db.coll": { + "escCollection": "esc", + "ecocCollection": "ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "encrypted", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + }, + "strMaxLength": 100, + "strMinQueryLength": 5, + "strMaxQueryLength": 20, + "caseSensitive": false, + "diacriticSensitive": true + } + } + ], + "strEncodeVersion": 1 + } + } + } +} diff --git a/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd.json b/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd.json new file mode 100644 index 000000000..f3f50a992 --- /dev/null +++ b/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd.json @@ -0,0 +1,23 @@ +{ + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + }, + "strMaxLength": 100, + "strMinQueryLength": 5, + "strMaxQueryLength": 20, + "caseSensitive": false, + "diacriticSensitive": true + } + } + ], + "strEncodeVersion": 1 + } +} \ No newline at end of file diff --git a/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json b/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json new file mode 100644 index 000000000..9e8d52bdc --- /dev/null +++ b/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json @@ -0,0 +1,30 @@ +{ + "db.coll": { + "escCollection": "esc", + "ecocCollection": "ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "encrypted", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + }, + "strMaxLength": 100, + "strMinQueryLength": 5, + "strMaxQueryLength": 20, + "caseSensitive": false, + "diacriticSensitive": true + } + } + ], + "strEncodeVersion": 1 + } +} diff --git a/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-payload.json b/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-payload.json new file mode 100644 index 000000000..f3f50a992 --- /dev/null +++ b/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-payload.json @@ -0,0 +1,23 @@ +{ + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + }, + "strMaxLength": 100, + "strMinQueryLength": 5, + "strMaxQueryLength": 20, + "caseSensitive": false, + "diacriticSensitive": true + } + } + ], + "strEncodeVersion": 1 + } +} \ No newline at end of file diff --git a/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json b/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json new file mode 100644 index 000000000..b3a352436 --- /dev/null +++ b/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json @@ -0,0 +1,62 @@ +{ + "ok": { + "$numberInt": "1" + }, + "result": { + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + }, + "strMaxLength": 100, + "strMinQueryLength": 5, + "strMaxQueryLength": 20, + "caseSensitive": false, + "diacriticSensitive": true + } + } + ], + "strEncodeVersion": 1 + }, + "encryptionInformation": { + "type": 1, + "schema": { + "db.coll": { + "escCollection": "esc", + "ecocCollection": "ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "encrypted", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + }, + "strMaxLength": 100, + "strMinQueryLength": 5, + "strMaxQueryLength": 20, + "caseSensitive": false, + "diacriticSensitive": true + } + } + ], + "strEncodeVersion": 1 + } + } + } + }, + "hasEncryptedPlaceholders": false +} \ No newline at end of file diff --git a/test/data/fle2-text-search-create-encrypted-collection/cmd-to-mongocryptd.json b/test/data/fle2-text-search-create-encrypted-collection/cmd-to-mongocryptd.json new file mode 100644 index 000000000..b88f92934 --- /dev/null +++ b/test/data/fle2-text-search-create-encrypted-collection/cmd-to-mongocryptd.json @@ -0,0 +1,55 @@ +{ + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + }, + "strMaxLength": 100, + "strMinQueryLength": 5, + "strMaxQueryLength": 20, + "caseSensitive": false, + "diacriticSensitive": true + } + } + ] + }, + "encryptionInformation": { + "type": 1, + "schema": { + "db.coll": { + "escCollection": "esc", + "ecocCollection": "ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "encrypted", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + }, + "strMaxLength": 100, + "strMinQueryLength": 5, + "strMaxQueryLength": 20, + "caseSensitive": false, + "diacriticSensitive": true + } + } + ], + "strEncodeVersion": 1 + } + } + } +} diff --git a/test/data/fle2-text-search-create-encrypted-collection/cmd.json b/test/data/fle2-text-search-create-encrypted-collection/cmd.json new file mode 100644 index 000000000..2dbc89b0d --- /dev/null +++ b/test/data/fle2-text-search-create-encrypted-collection/cmd.json @@ -0,0 +1,22 @@ +{ + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + }, + "strMaxLength": 100, + "strMinQueryLength": 5, + "strMaxQueryLength": 20, + "caseSensitive": false, + "diacriticSensitive": true + } + } + ] + } +} \ No newline at end of file diff --git a/test/data/fle2-text-search-create-encrypted-collection/encrypted-field-config-map.json b/test/data/fle2-text-search-create-encrypted-collection/encrypted-field-config-map.json new file mode 100644 index 000000000..7a58a8b28 --- /dev/null +++ b/test/data/fle2-text-search-create-encrypted-collection/encrypted-field-config-map.json @@ -0,0 +1,29 @@ +{ + "db.coll": { + "escCollection": "esc", + "ecocCollection": "ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "encrypted", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + }, + "strMaxLength": 100, + "strMinQueryLength": 5, + "strMaxQueryLength": 20, + "caseSensitive": false, + "diacriticSensitive": true + } + } + ] + } +} diff --git a/test/data/fle2-text-search-create-encrypted-collection/encrypted-payload.json b/test/data/fle2-text-search-create-encrypted-collection/encrypted-payload.json new file mode 100644 index 000000000..f3f50a992 --- /dev/null +++ b/test/data/fle2-text-search-create-encrypted-collection/encrypted-payload.json @@ -0,0 +1,23 @@ +{ + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + }, + "strMaxLength": 100, + "strMinQueryLength": 5, + "strMaxQueryLength": 20, + "caseSensitive": false, + "diacriticSensitive": true + } + } + ], + "strEncodeVersion": 1 + } +} \ No newline at end of file diff --git a/test/data/fle2-text-search-create-encrypted-collection/mongocryptd-reply.json b/test/data/fle2-text-search-create-encrypted-collection/mongocryptd-reply.json new file mode 100644 index 000000000..0231a2b77 --- /dev/null +++ b/test/data/fle2-text-search-create-encrypted-collection/mongocryptd-reply.json @@ -0,0 +1,61 @@ +{ + "ok": { + "$numberInt": "1" + }, + "result": { + "create": "coll", + "encryptedFields": { + "fields": [ + { + "path": "encrypted", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + }, + "strMaxLength": 100, + "strMinQueryLength": 5, + "strMaxQueryLength": 20, + "caseSensitive": false, + "diacriticSensitive": true + } + } + ] + }, + "encryptionInformation": { + "type": 1, + "schema": { + "db.coll": { + "escCollection": "esc", + "ecocCollection": "ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "encrypted", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + }, + "strMaxLength": 100, + "strMinQueryLength": 5, + "strMaxQueryLength": 20, + "caseSensitive": false, + "diacriticSensitive": true + } + } + ], + "strEncodeVersion": 1 + } + } + } + }, + "hasEncryptedPlaceholders": false +} \ No newline at end of file diff --git a/test/data/no-trimFactor/find/encrypted-payload.json b/test/data/no-trimFactor/find/encrypted-payload.json index 9ca27b124..0dce092b6 100644 --- a/test/data/no-trimFactor/find/encrypted-payload.json +++ b/test/data/no-trimFactor/find/encrypted-payload.json @@ -55,8 +55,7 @@ } ], "escCollection": "enxcol_.test.esc", - "ecocCollection": "enxcol_.test.ecoc", - "strEncodeVersion": 1 + "ecocCollection": "enxcol_.test.ecoc" } } } diff --git a/test/data/no-trimFactor/insert/encrypted-payload.json b/test/data/no-trimFactor/insert/encrypted-payload.json index 4254a12db..722f052b2 100644 --- a/test/data/no-trimFactor/insert/encrypted-payload.json +++ b/test/data/no-trimFactor/insert/encrypted-payload.json @@ -33,8 +33,7 @@ } ], "escCollection": "enxcol_.test.esc", - "ecocCollection": "enxcol_.test.ecoc", - "strEncodeVersion": 1 + "ecocCollection": "enxcol_.test.ecoc" } } } diff --git a/test/data/range-sends-cryptoParams/auto-find-int32/encrypted-payload.json b/test/data/range-sends-cryptoParams/auto-find-int32/encrypted-payload.json index b6c2ae4c7..46b87e8f0 100644 --- a/test/data/range-sends-cryptoParams/auto-find-int32/encrypted-payload.json +++ b/test/data/range-sends-cryptoParams/auto-find-int32/encrypted-payload.json @@ -46,8 +46,7 @@ } ], "escCollection": "enxcol_.test.esc", - "ecocCollection": "enxcol_.test.ecoc", - "strEncodeVersion": 1 + "ecocCollection": "enxcol_.test.ecoc" } } } diff --git a/test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-payload.json b/test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-payload.json index f7786e07b..934fe11ad 100644 --- a/test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-payload.json +++ b/test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-payload.json @@ -33,8 +33,7 @@ } ], "escCollection": "enxcol_.test.esc", - "ecocCollection": "enxcol_.test.ecoc", - "strEncodeVersion": 1 + "ecocCollection": "enxcol_.test.ecoc" } } } diff --git a/test/test-mongocrypt-ctx-encrypt.c b/test/test-mongocrypt-ctx-encrypt.c index 57c6771ef..92eb6880b 100644 --- a/test/test-mongocrypt-ctx-encrypt.c +++ b/test/test-mongocrypt-ctx-encrypt.c @@ -2462,7 +2462,7 @@ static void _test_encrypt_applies_default_state_collections(_mongocrypt_tester_t { const char *expect_schema = "{ 'fields': [], 'escCollection': " "'enxcol_.coll.esc', 'ecocCollection': " - "'enxcol_.coll.ecoc', 'strEncodeVersion': 1 }"; + "'enxcol_.coll.ecoc' }"; mongocrypt_binary_t *cmd_to_mongocryptd; cmd_to_mongocryptd = mongocrypt_binary_new(); @@ -2493,8 +2493,7 @@ static void _test_encrypt_applies_default_state_collections(_mongocrypt_tester_t ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_BSON("{'find': 'coll'}")), ctx); ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); { - const char *expect_schema = - "{'fields': [], 'escCollection': 'esc', 'ecocCollection': 'ecoc', 'strEncodeVersion': 1 }"; + const char *expect_schema = "{'fields': [], 'escCollection': 'esc', 'ecocCollection': 'ecoc' }"; mongocrypt_binary_t *cmd_to_mongocryptd; cmd_to_mongocryptd = mongocrypt_binary_new(); @@ -2526,7 +2525,7 @@ static void _test_encrypt_applies_default_state_collections(_mongocrypt_tester_t ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); { const char *expect_schema = - "{'escCollection': 'esc', 'fields': [], 'ecocCollection': 'enxcol_.coll.ecoc', 'strEncodeVersion': 1 }"; + "{'escCollection': 'esc', 'fields': [], 'ecocCollection': 'enxcol_.coll.ecoc' }"; mongocrypt_binary_t *cmd_to_mongocryptd; cmd_to_mongocryptd = mongocrypt_binary_new(); @@ -3676,6 +3675,348 @@ static void _test_fle2_create_with_encrypted_fields_and_str_encode_version(_mong mongocrypt_destroy(crypt); } +static void _test_fle2_create_with_encrypted_fields_unset_str_encode_version(_mongocrypt_tester_t *tester) { + mongocrypt_t *crypt = mongocrypt_new(); + + ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt); + ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map( + crypt, + TEST_FILE("./test/data/fle2-create-encrypted-collection-with-str-encode-version/" + "encrypted-field-config-map.json")), + crypt); + ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt); + + mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); + + ASSERT_OK( + mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_FILE("./test/data/fle2-create-encrypted-collection/cmd.json")), + ctx); + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); + { + mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); + + ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/without-schema/" + "ismaster-to-mongocryptd.json"), + cmd_to_mongocryptd); + mongocrypt_binary_destroy(cmd_to_mongocryptd); + ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, + TEST_FILE("./test/data/fle1-create/without-schema/" + "mongocryptd-ismaster.json")), + ctx); + ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); + } + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); + { + mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); + + ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( + TEST_FILE("./test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/" + "cmd-to-mongocryptd.json"), + cmd_to_mongocryptd); + mongocrypt_binary_destroy(cmd_to_mongocryptd); + ASSERT_OK( + mongocrypt_ctx_mongo_feed( + ctx, + TEST_FILE("./test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/" + "mongocryptd-reply.json")), + ctx); + ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); + } + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY); + { + mongocrypt_binary_t *out = mongocrypt_binary_new(); + ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( + TEST_FILE("./test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-payload.json"), + out); + mongocrypt_binary_destroy(out); + } + + mongocrypt_ctx_destroy(ctx); + mongocrypt_destroy(crypt); +} + +static void _test_fle2_text_search_create_with_encrypted_fields(_mongocrypt_tester_t *tester) { + mongocrypt_t *crypt = mongocrypt_new(); + + ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt); + ASSERT_OK( + mongocrypt_setopt_encrypted_field_config_map( + crypt, + TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection/encrypted-field-config-map.json")), + crypt); + ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt); + + mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); + + ASSERT_OK( + mongocrypt_ctx_encrypt_init(ctx, + "db", + -1, + TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection/cmd.json")), + ctx); + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); + { + mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); + + ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/without-schema/" + "ismaster-to-mongocryptd.json"), + cmd_to_mongocryptd); + mongocrypt_binary_destroy(cmd_to_mongocryptd); + ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, + TEST_FILE("./test/data/fle1-create/without-schema/" + "mongocryptd-ismaster.json")), + ctx); + ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); + } + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); + { + mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); + + ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( + TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection/cmd-to-mongocryptd.json"), + cmd_to_mongocryptd); + mongocrypt_binary_destroy(cmd_to_mongocryptd); + ASSERT_OK(mongocrypt_ctx_mongo_feed( + ctx, + TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection/mongocryptd-reply.json")), + ctx); + ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); + } + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY); + { + mongocrypt_binary_t *out = mongocrypt_binary_new(); + ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( + TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection/encrypted-payload.json"), + out); + mongocrypt_binary_destroy(out); + } + + mongocrypt_ctx_destroy(ctx); + mongocrypt_destroy(crypt); +} + +static void _test_fle2_text_search_create_with_encrypted_fields_and_str_encode_version(_mongocrypt_tester_t *tester) { + mongocrypt_t *crypt = mongocrypt_new(); + + ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt); + ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map( + crypt, + TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/" + "encrypted-field-config-map.json")), + crypt); + ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt); + + mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); + + ASSERT_OK( + mongocrypt_ctx_encrypt_init( + ctx, + "db", + -1, + TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd.json")), + ctx); + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); + { + mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); + + ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/without-schema/" + "ismaster-to-mongocryptd.json"), + cmd_to_mongocryptd); + mongocrypt_binary_destroy(cmd_to_mongocryptd); + ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, + TEST_FILE("./test/data/fle1-create/without-schema/" + "mongocryptd-ismaster.json")), + ctx); + ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); + } + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); + { + mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); + + ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( + TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/" + "cmd-to-mongocryptd.json"), + cmd_to_mongocryptd); + mongocrypt_binary_destroy(cmd_to_mongocryptd); + ASSERT_OK(mongocrypt_ctx_mongo_feed( + ctx, + TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/" + "mongocryptd-reply.json")), + ctx); + ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); + } + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY); + { + mongocrypt_binary_t *out = mongocrypt_binary_new(); + ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( + TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/" + "encrypted-payload.json"), + out); + mongocrypt_binary_destroy(out); + } + + mongocrypt_ctx_destroy(ctx); + mongocrypt_destroy(crypt); +} + +static void _test_fle2_text_search_create_with_encrypted_fields_unset_str_encode_version(_mongocrypt_tester_t *tester) { + mongocrypt_t *crypt = mongocrypt_new(); + + ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt); + ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map( + crypt, + TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/" + "encrypted-field-config-map.json")), + crypt); + ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt); + + mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); + + ASSERT_OK( + mongocrypt_ctx_encrypt_init(ctx, + "db", + -1, + TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection/cmd.json")), + ctx); + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); + { + mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); + + ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/without-schema/" + "ismaster-to-mongocryptd.json"), + cmd_to_mongocryptd); + mongocrypt_binary_destroy(cmd_to_mongocryptd); + ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, + TEST_FILE("./test/data/fle1-create/without-schema/" + "mongocryptd-ismaster.json")), + ctx); + ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); + } + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); + { + mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); + + ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection/" + "cmd-to-mongocryptd.json"), + cmd_to_mongocryptd); + mongocrypt_binary_destroy(cmd_to_mongocryptd); + ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, + TEST_FILE("./test/data/" + "fle2-text-search-create-encrypted-collection/" + "mongocryptd-reply.json")), + ctx); + ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); + } + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY); + { + mongocrypt_binary_t *out = mongocrypt_binary_new(); + ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( + TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/" + "encrypted-payload.json"), + out); + mongocrypt_binary_destroy(out); + } + + mongocrypt_ctx_destroy(ctx); + mongocrypt_destroy(crypt); +} + +static void +_test_fle2_text_search_create_with_encrypted_fields_unmatching_str_encode_version(_mongocrypt_tester_t *tester) { + mongocrypt_t *crypt = mongocrypt_new(); + + ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt); + ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map( + crypt, + TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection/" + "encrypted-field-config-map.json")), + crypt); + ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt); + + mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); + + ASSERT_OK( + mongocrypt_ctx_encrypt_init( + ctx, + "db", + -1, + TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd.json")), + ctx); + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); + { + mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); + + ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/without-schema/" + "ismaster-to-mongocryptd.json"), + cmd_to_mongocryptd); + mongocrypt_binary_destroy(cmd_to_mongocryptd); + ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, + TEST_FILE("./test/data/fle1-create/without-schema/" + "mongocryptd-ismaster.json")), + ctx); + ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); + } + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); + { + mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); + + ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( + TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/" + "cmd-to-mongocryptd.json"), + cmd_to_mongocryptd); + mongocrypt_binary_destroy(cmd_to_mongocryptd); + ASSERT_OK( + mongocrypt_ctx_mongo_feed(ctx, + TEST_FILE("./test/data/" + "fle2-text-search-create-encrypted-collection-with-str-encode-version/" + "mongocryptd-reply.json")), + ctx); + ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); + } + + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY); + { + mongocrypt_binary_t *out = mongocrypt_binary_new(); + ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( + TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/" + "encrypted-payload.json"), + out); + mongocrypt_binary_destroy(out); + } + + mongocrypt_ctx_destroy(ctx); + mongocrypt_destroy(crypt); +} + /* Regression test for MONGOCRYPT-435 */ static void _test_fle2_create_bypass_query_analysis(_mongocrypt_tester_t *tester) { mongocrypt_t *crypt = mongocrypt_new(); @@ -4861,7 +5202,7 @@ static void _test_fle2_encrypted_field_config_with_bad_str_encode_version(_mongo mongocrypt_destroy(crypt); } -static void _test_fle2_encrypted_fields_with_bad_str_encode_version(_mongocrypt_tester_t *tester) { +static void _test_fle2_encrypted_fields_with_unmatching_str_encode_version(_mongocrypt_tester_t *tester) { mongocrypt_t *crypt = mongocrypt_new(); ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt); @@ -4873,10 +5214,11 @@ static void _test_fle2_encrypted_fields_with_bad_str_encode_version(_mongocrypt_ mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); - ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, - "db", - -1, - TEST_FILE("./test/data/fle2-bad-str-encode-version/bad-create-cmd.json")), + ASSERT_OK(mongocrypt_ctx_encrypt_init( + ctx, + "db", + -1, + TEST_FILE("./test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd.json")), ctx); ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); @@ -4914,7 +5256,9 @@ static void _test_fle2_encrypted_fields_with_bad_str_encode_version(_mongocrypt_ ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY); { mongocrypt_binary_t *out = mongocrypt_binary_new(); - ASSERT_FAILS(mongocrypt_ctx_finalize(ctx, out), ctx, "'strEncodeVersion' of 99 is not supported"); + ASSERT_FAILS(mongocrypt_ctx_finalize(ctx, out), + ctx, + "'strEncodeVersion' of 1 does not match efc->str_encode_version of 0"); mongocrypt_binary_destroy(out); } @@ -4997,6 +5341,11 @@ void _mongocrypt_tester_install_ctx_encrypt(_mongocrypt_tester_t *tester) { INSTALL_TEST(_test_fle2_create); INSTALL_TEST(_test_fle2_create_with_encrypted_fields); INSTALL_TEST(_test_fle2_create_with_encrypted_fields_and_str_encode_version); + INSTALL_TEST(_test_fle2_create_with_encrypted_fields_unset_str_encode_version); + INSTALL_TEST(_test_fle2_text_search_create_with_encrypted_fields); + INSTALL_TEST(_test_fle2_text_search_create_with_encrypted_fields_and_str_encode_version); + INSTALL_TEST(_test_fle2_text_search_create_with_encrypted_fields_unset_str_encode_version); + INSTALL_TEST(_test_fle2_text_search_create_with_encrypted_fields_unmatching_str_encode_version); INSTALL_TEST(_test_fle2_create_bypass_query_analysis); INSTALL_TEST(_test_encrypt_macos_no_ctr); INSTALL_TEST(_test_fle1_collmod_with_jsonSchema); @@ -5026,6 +5375,6 @@ void _mongocrypt_tester_install_ctx_encrypt(_mongocrypt_tester_t *tester) { INSTALL_TEST(_test_encrypt_retry); INSTALL_TEST(_test_does_not_warn_for_empty_local_schema); INSTALL_TEST(_test_fle2_encrypted_field_config_with_bad_str_encode_version); - INSTALL_TEST(_test_fle2_encrypted_fields_with_bad_str_encode_version); + INSTALL_TEST(_test_fle2_encrypted_fields_with_unmatching_str_encode_version); INSTALL_TEST(_test_fle2_collinfo_with_bad_str_encode_version); } From c62f5c98689c0df0e5cd8824ffadc4bf50213036 Mon Sep 17 00:00:00 2001 From: Gabriel Marks Date: Wed, 5 Feb 2025 16:14:27 +0000 Subject: [PATCH 08/12] various --- src/mc-efc.c | 2 +- src/mongocrypt-ctx-encrypt.c | 38 ++++++++------- test/data/efc/efc-oneField-badVersionSet.json | 2 +- .../efc-textSearchFields-badVersionSet.json | 48 +++++++++++++++++++ .../efc-textSearchFields-goodVersionSet.json | 48 +++++++++++++++++++ test/test-mc-efc.c | 29 ++++++++++- 6 files changed, 147 insertions(+), 20 deletions(-) create mode 100644 test/data/efc/efc-textSearchFields-badVersionSet.json create mode 100644 test/data/efc/efc-textSearchFields-goodVersionSet.json diff --git a/src/mc-efc.c b/src/mc-efc.c index af02a870c..1fa857276 100644 --- a/src/mc-efc.c +++ b/src/mc-efc.c @@ -203,7 +203,7 @@ bool mc_EncryptedFieldConfig_parse(mc_EncryptedFieldConfig_t *efc, // Has at least one text search query type, set to latest by default. efc->str_encode_version = LATEST_STR_ENCODE_VERSION; } else { - // Set to 0 to indicate no text search. + // Set to 0 to indicate no text search, and thus no strEncodeVersion needed. efc->str_encode_version = 0; } } else { diff --git a/src/mongocrypt-ctx-encrypt.c b/src/mongocrypt-ctx-encrypt.c index 8ee03014f..493e4798f 100644 --- a/src/mongocrypt-ctx-encrypt.c +++ b/src/mongocrypt-ctx-encrypt.c @@ -85,9 +85,9 @@ static bool _fle2_append_encryptedFieldConfig(const mongocrypt_ctx_t *ctx, } if (!has_strEncodeVersion) { _mongocrypt_ctx_encrypt_t *ectx = (_mongocrypt_ctx_encrypt_t *)ctx; - // Check str_encode_version on the EncryptedFieldConfig object to see whether we should append or not. This will - // be LATEST_STR_ENCODE_VERSION if we should append (meaning either the EFC had an attached - // strEncodeVersion, or we have a text search query type on the EFC), or 0 if we should not. + // Check str_encode_version on the EncryptedFieldConfig object to see whether we should append or not. 0 + // indicates that there was no text search query in the EFC and the strEncodeVersion was not set on the EFC; in + // this case, we should not append strEncodeVersion, as mongocryptd/mongod may not understand it. if (ectx->efc.str_encode_version != 0) { if (!BSON_APPEND_INT32(dst, "strEncodeVersion", (int32_t)ectx->efc.str_encode_version)) { CLIENT_ERR("unable to append strEncodeVersion"); @@ -1455,10 +1455,10 @@ _fle2_strip_encryptionInformation(const char *cmd_name, bson_t *cmd /* in and ou * Checks the "encryptedFields.strEncodeVersion" field for "create" commands for validity, and sets it to the default if * it does not exist. */ -static bool _fle2_fixup_encryptedFields(const char *cmd_name, - bson_t *cmd /* in and out */, - const mc_EncryptedFieldConfig_t *efc, - mongocrypt_status_t *status) { +static bool _fle2_fixup_encryptedFields_strEncodeVersion(const char *cmd_name, + bson_t *cmd /* in and out */, + const mc_EncryptedFieldConfig_t *efc, + mongocrypt_status_t *status) { BSON_ASSERT_PARAM(cmd_name); BSON_ASSERT_PARAM(cmd); @@ -1470,50 +1470,52 @@ static bool _fle2_fixup_encryptedFields(const char *cmd_name, } bson_iter_t sev_iter; if (!bson_iter_init(&sev_iter, cmd)) { - CLIENT_ERR("_fle2_fixup_encryptedFields: Failed to initialize bson_iter"); + CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to initialize bson_iter"); return false; } if (!bson_iter_find_descendant(&sev_iter, "encryptedFields.strEncodeVersion", &sev_iter)) { if (efc->str_encode_version == 0) { - // Unset StrEncodeVersion matches our EFC, nothing to fix. + // Unset StrEncodeVersion matches the EFC, nothing to fix. return true; } bool ok = false; - // No strEncodeVersion, add it + // No strEncodeVersion and the EFC has a nonzero strEncodeVersion, add it. bson_t fixed = BSON_INITIALIZER; bson_copy_to_excluding_noinit(cmd, &fixed, "encryptedFields", NULL); bson_t ef; const uint8_t *data; uint32_t len; if (!BSON_ITER_HOLDS_DOCUMENT(&ef_iter)) { - CLIENT_ERR("_fle2_fixup_encryptedFields: Expected encryptedFields to be type obj, got: %d", - bson_iter_type(&ef_iter)); + CLIENT_ERR( + "_fle2_fixup_encryptedFields_strEncodeVersion: Expected encryptedFields to be type obj, got: %d", + bson_iter_type(&ef_iter)); goto fail2; } bson_iter_document(&ef_iter, &len, &data); if (!bson_init_static(&ef, data, len)) { - CLIENT_ERR("_fle2_fixup_encryptedFields: bson_init_static failed"); + CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: bson_init_static failed"); goto fail2; } bson_t fixed_ef; bson_copy_to(&ef, &fixed_ef); if (!BSON_APPEND_INT32(&fixed_ef, "strEncodeVersion", efc->str_encode_version)) { - CLIENT_ERR("_fle2_fixup_encryptedFields: Failed to append strEncodeVersion"); + CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to append strEncodeVersion"); goto fail1; } if (!BSON_APPEND_DOCUMENT(&fixed, "encryptedFields", &fixed_ef)) { - CLIENT_ERR("_fle2_fixup_encryptedFields: Failed to append encryptedFields"); + CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to append encryptedFields"); goto fail1; } bson_destroy(cmd); if (!bson_steal(cmd, &fixed)) { - CLIENT_ERR("_fle2_fixup_encryptedFields: Failed to steal BSON"); + CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to steal BSON"); goto fail1; } ok = true; fail1: bson_destroy(&fixed_ef); fail2: + // If OK, fixed was stolen and put in cmd; don't destroy it if (!ok) { bson_destroy(&fixed); } @@ -1608,7 +1610,9 @@ static bool _fle2_finalize(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) { return _mongocrypt_ctx_fail(ctx); } - if (!_fle2_fixup_encryptedFields(command_name, &converted, &ectx->efc, ctx->status)) { + /* If this is a create command, append the encryptedFields.strEncodeVersion field if it's necessary. If the field + * already exists, check it against the EFC for correctness. */ + if (!_fle2_fixup_encryptedFields_strEncodeVersion(command_name, &converted, &ectx->efc, ctx->status)) { bson_destroy(&converted); return _mongocrypt_ctx_fail(ctx); } diff --git a/test/data/efc/efc-oneField-badVersionSet.json b/test/data/efc/efc-oneField-badVersionSet.json index c38ea9690..c1abaad17 100644 --- a/test/data/efc/efc-oneField-badVersionSet.json +++ b/test/data/efc/efc-oneField-badVersionSet.json @@ -19,5 +19,5 @@ } } ], - "strEncodeVersion": 2 + "strEncodeVersion": 99 } diff --git a/test/data/efc/efc-textSearchFields-badVersionSet.json b/test/data/efc/efc-textSearchFields-badVersionSet.json new file mode 100644 index 000000000..76992885f --- /dev/null +++ b/test/data/efc/efc-textSearchFields-badVersionSet.json @@ -0,0 +1,48 @@ +{ + "escCollection": "fle2.basic.esc", + "eccCollection": "fle2.basic.ecc", + "ecocCollection": "fle2.basic.ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "firstName", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + } + } + }, + { + "keyId": { + "$binary": { + "base64": "q83vqxI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "lastName", + "bsonType": "string", + "queries": [ + { + "queryType": "suffixPreview", + "contention": { + "$numberLong": "0" + } + }, + { + "queryType": "prefixPreview", + "contention": { + "$numberLong": "0" + } + } + ] + } + ], + "strEncodeVersion": 99 +} \ No newline at end of file diff --git a/test/data/efc/efc-textSearchFields-goodVersionSet.json b/test/data/efc/efc-textSearchFields-goodVersionSet.json new file mode 100644 index 000000000..87fccdec6 --- /dev/null +++ b/test/data/efc/efc-textSearchFields-goodVersionSet.json @@ -0,0 +1,48 @@ +{ + "escCollection": "fle2.basic.esc", + "eccCollection": "fle2.basic.ecc", + "ecocCollection": "fle2.basic.ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "firstName", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + } + } + }, + { + "keyId": { + "$binary": { + "base64": "q83vqxI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "lastName", + "bsonType": "string", + "queries": [ + { + "queryType": "suffixPreview", + "contention": { + "$numberLong": "0" + } + }, + { + "queryType": "prefixPreview", + "contention": { + "$numberLong": "0" + } + } + ] + } + ], + "strEncodeVersion": 1 +} \ No newline at end of file diff --git a/test/test-mc-efc.c b/test/test-mc-efc.c index 39f2c6d36..156961324 100644 --- a/test/test-mc-efc.c +++ b/test/test-mc-efc.c @@ -101,7 +101,7 @@ static void _test_efc(_mongocrypt_tester_t *tester) { _load_test_file(tester, "./test/data/efc/efc-oneField-badVersionSet.json", &efc_bson); ASSERT_FAILS_STATUS(mc_EncryptedFieldConfig_parse(&efc, &efc_bson, status, use_range_v2), status, - "'strEncodeVersion' of 2 is not supported"); + "'strEncodeVersion' of 99 is not supported"); mc_EncryptedFieldConfig_cleanup(&efc); _mongocrypt_status_reset(status); } @@ -124,6 +124,33 @@ static void _test_efc(_mongocrypt_tester_t *tester) { mc_EncryptedFieldConfig_cleanup(&efc); } + { + _load_test_file(tester, "./test/data/efc/efc-textSearchFields-goodVersionSet.json", &efc_bson); + ASSERT_OK_STATUS(mc_EncryptedFieldConfig_parse(&efc, &efc_bson, status, use_range_v2), status); + ASSERT_CMPUINT8(efc.str_encode_version, ==, 1); + ptr = efc.fields; + ASSERT(ptr); + ASSERT_STREQUAL(ptr->path, "lastName"); + ASSERT_CMPBUF(expect_keyId2, ptr->keyId); + ASSERT(ptr->supported_queries == (SUPPORTS_SUFFIX_PREVIEW_QUERIES | SUPPORTS_PREFIX_PREVIEW_QUERIES)); + ASSERT(ptr->next != NULL); + ptr = ptr->next; + ASSERT_STREQUAL(ptr->path, "firstName"); + ASSERT_CMPBUF(expect_keyId1, ptr->keyId); + ASSERT(ptr->supported_queries == SUPPORTS_SUBSTRING_PREVIEW_QUERIES); + ASSERT(ptr->next == NULL); + mc_EncryptedFieldConfig_cleanup(&efc); + } + + { + _load_test_file(tester, "./test/data/efc/efc-textSearchFields-badVersionSet.json", &efc_bson); + ASSERT_FAILS_STATUS(mc_EncryptedFieldConfig_parse(&efc, &efc_bson, status, use_range_v2), + status, + "'strEncodeVersion' of 99 is not supported"); + mc_EncryptedFieldConfig_cleanup(&efc); + _mongocrypt_status_reset(status); + } + _mongocrypt_buffer_cleanup(&expect_keyId2); _mongocrypt_buffer_cleanup(&expect_keyId1); mongocrypt_status_destroy(status); From 548f9fbced391daa84cdb2210afa085470b35f30 Mon Sep 17 00:00:00 2001 From: Gabriel Marks Date: Wed, 5 Feb 2025 17:05:39 +0000 Subject: [PATCH 09/12] More tests --- .../cmd.json | 9 +++ .../encrypted-field-map.json | 30 ++++++++++ .../encrypted-payload.json | 47 ++++++++++++++++ .../mongocryptd-reply.json | 55 +++++++++++++++++++ test/data/fle2-insert-text-search/cmd.json | 9 +++ .../encrypted-field-map.json | 29 ++++++++++ .../encrypted-payload.json | 47 ++++++++++++++++ .../mongocryptd-reply.json | 55 +++++++++++++++++++ test/test-mongocrypt-ctx-encrypt.c | 38 ++++++++++++- 9 files changed, 316 insertions(+), 3 deletions(-) create mode 100644 test/data/fle2-insert-text-search-with-str-encode-version/cmd.json create mode 100644 test/data/fle2-insert-text-search-with-str-encode-version/encrypted-field-map.json create mode 100644 test/data/fle2-insert-text-search-with-str-encode-version/encrypted-payload.json create mode 100644 test/data/fle2-insert-text-search-with-str-encode-version/mongocryptd-reply.json create mode 100644 test/data/fle2-insert-text-search/cmd.json create mode 100644 test/data/fle2-insert-text-search/encrypted-field-map.json create mode 100644 test/data/fle2-insert-text-search/encrypted-payload.json create mode 100644 test/data/fle2-insert-text-search/mongocryptd-reply.json diff --git a/test/data/fle2-insert-text-search-with-str-encode-version/cmd.json b/test/data/fle2-insert-text-search-with-str-encode-version/cmd.json new file mode 100644 index 000000000..ca12d021d --- /dev/null +++ b/test/data/fle2-insert-text-search-with-str-encode-version/cmd.json @@ -0,0 +1,9 @@ +{ + "insert": "test", + "documents": [ + { + "_id": 1, + "ssn": "value123" + } + ] +} \ No newline at end of file diff --git a/test/data/fle2-insert-text-search-with-str-encode-version/encrypted-field-map.json b/test/data/fle2-insert-text-search-with-str-encode-version/encrypted-field-map.json new file mode 100644 index 000000000..d52efeb40 --- /dev/null +++ b/test/data/fle2-insert-text-search-with-str-encode-version/encrypted-field-map.json @@ -0,0 +1,30 @@ +{ + "db.test": { + "escCollection": "fle2.test.esc", + "ecocCollection": "fle2.test.ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "ssn", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + }, + "strMaxLength": 100, + "strMinQueryLength": 5, + "strMaxQueryLength": 20, + "caseSensitive": false, + "diacriticSensitive": true + } + } + ], + "strEncodeVersion": 1 + } +} \ No newline at end of file diff --git a/test/data/fle2-insert-text-search-with-str-encode-version/encrypted-payload.json b/test/data/fle2-insert-text-search-with-str-encode-version/encrypted-payload.json new file mode 100644 index 000000000..83927a238 --- /dev/null +++ b/test/data/fle2-insert-text-search-with-str-encode-version/encrypted-payload.json @@ -0,0 +1,47 @@ +{ + "insert": "test", + "documents": [ + { + "_id": 1, + "ssn": { + "$binary": { + "base64": "C18BAAAFZAAgAAAAAHb62aV7+mqmaGcotPLdG3KP7S8diFwWMLM/5rYtqLrEBXMAIAAAAAAVJ6OWHRv3OtCozHpt3ZzfBhaxZirLv3B+G8PuaaO4EgVwADAAAAAAx0PWdXaep4jV5cRA2yQN+ULLwjv8e++oMonpfGOGs9BZ0uqPP7waiwZSwHsDx57+BXUAEAAAAAQSNFZ4EjSYdhI0EjRWeJASEHQAAgAAAAV2AFAAAAAAq83vqxI0mHYSNBI0VniQEkzZZBBDgeZh+h+gXEmOrSHYikH9u4e644rfZY9N9UQR4h76qKAmcbo43utRcXMQy+FXXIxSuNntFHZHTcNJhJoFZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsBWwAIAAAAABpn2zcb7jOd/FK3F45nBxnLU6HOMwZzmGOZ0w35v/DqRJrAAAAAAAAAAAAAA==", + "subType": "06" + } + } + } + ], + "encryptionInformation": { + "type": 1, + "schema": { + "db.test": { + "escCollection": "fle2.test.esc", + "ecocCollection": "fle2.test.ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "ssn", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + }, + "strMaxLength": 100, + "strMinQueryLength": 5, + "strMaxQueryLength": 20, + "caseSensitive": false, + "diacriticSensitive": true + } + } + ], + "strEncodeVersion": 1 + } + } + } +} diff --git a/test/data/fle2-insert-text-search-with-str-encode-version/mongocryptd-reply.json b/test/data/fle2-insert-text-search-with-str-encode-version/mongocryptd-reply.json new file mode 100644 index 000000000..30bd0e981 --- /dev/null +++ b/test/data/fle2-insert-text-search-with-str-encode-version/mongocryptd-reply.json @@ -0,0 +1,55 @@ +{ + "ok": { + "$numberInt": "1" + }, + "result": { + "insert": "test", + "documents": [ + { + "_id": 1, + "ssn": { + "$binary": { + "base64": "A2EAAAAQdAABAAAAEGEAAgAAAAVraQAQAAAABBI0VngSNJh2EjQSNFZ4kBIFa3UAEAAAAASrze+rEjSYdhI0EjRWeJASAnYACQAAAHZhbHVlMTIzABJjbQAAAAAAAAAAAAA=", + "subType": "06" + } + } + } + ], + "encryptionInformation": { + "type": { + "$numberInt": "1" + }, + "schema": { + "db.test": { + "escCollection": "fle2.test.esc", + "ecocCollection": "fle2.test.ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "ssn", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + }, + "strMaxLength": 100, + "strMinQueryLength": 5, + "strMaxQueryLength": 20, + "caseSensitive": false, + "diacriticSensitive": true + } + } + ], + "strEncodeVersion": 1 + } + } + } + }, + "hasEncryptedPlaceholders": true +} \ No newline at end of file diff --git a/test/data/fle2-insert-text-search/cmd.json b/test/data/fle2-insert-text-search/cmd.json new file mode 100644 index 000000000..ca12d021d --- /dev/null +++ b/test/data/fle2-insert-text-search/cmd.json @@ -0,0 +1,9 @@ +{ + "insert": "test", + "documents": [ + { + "_id": 1, + "ssn": "value123" + } + ] +} \ No newline at end of file diff --git a/test/data/fle2-insert-text-search/encrypted-field-map.json b/test/data/fle2-insert-text-search/encrypted-field-map.json new file mode 100644 index 000000000..066f72afc --- /dev/null +++ b/test/data/fle2-insert-text-search/encrypted-field-map.json @@ -0,0 +1,29 @@ +{ + "db.test": { + "escCollection": "fle2.test.esc", + "ecocCollection": "fle2.test.ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "ssn", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + }, + "strMaxLength": 100, + "strMinQueryLength": 5, + "strMaxQueryLength": 20, + "caseSensitive": false, + "diacriticSensitive": true + } + } + ] + } +} \ No newline at end of file diff --git a/test/data/fle2-insert-text-search/encrypted-payload.json b/test/data/fle2-insert-text-search/encrypted-payload.json new file mode 100644 index 000000000..83927a238 --- /dev/null +++ b/test/data/fle2-insert-text-search/encrypted-payload.json @@ -0,0 +1,47 @@ +{ + "insert": "test", + "documents": [ + { + "_id": 1, + "ssn": { + "$binary": { + "base64": "C18BAAAFZAAgAAAAAHb62aV7+mqmaGcotPLdG3KP7S8diFwWMLM/5rYtqLrEBXMAIAAAAAAVJ6OWHRv3OtCozHpt3ZzfBhaxZirLv3B+G8PuaaO4EgVwADAAAAAAx0PWdXaep4jV5cRA2yQN+ULLwjv8e++oMonpfGOGs9BZ0uqPP7waiwZSwHsDx57+BXUAEAAAAAQSNFZ4EjSYdhI0EjRWeJASEHQAAgAAAAV2AFAAAAAAq83vqxI0mHYSNBI0VniQEkzZZBBDgeZh+h+gXEmOrSHYikH9u4e644rfZY9N9UQR4h76qKAmcbo43utRcXMQy+FXXIxSuNntFHZHTcNJhJoFZQAgAAAAAOuac/eRLYakKX6B0vZ1r3QodOQFfjqJD+xlGiPu4/PsBWwAIAAAAABpn2zcb7jOd/FK3F45nBxnLU6HOMwZzmGOZ0w35v/DqRJrAAAAAAAAAAAAAA==", + "subType": "06" + } + } + } + ], + "encryptionInformation": { + "type": 1, + "schema": { + "db.test": { + "escCollection": "fle2.test.esc", + "ecocCollection": "fle2.test.ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "ssn", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + }, + "strMaxLength": 100, + "strMinQueryLength": 5, + "strMaxQueryLength": 20, + "caseSensitive": false, + "diacriticSensitive": true + } + } + ], + "strEncodeVersion": 1 + } + } + } +} diff --git a/test/data/fle2-insert-text-search/mongocryptd-reply.json b/test/data/fle2-insert-text-search/mongocryptd-reply.json new file mode 100644 index 000000000..30bd0e981 --- /dev/null +++ b/test/data/fle2-insert-text-search/mongocryptd-reply.json @@ -0,0 +1,55 @@ +{ + "ok": { + "$numberInt": "1" + }, + "result": { + "insert": "test", + "documents": [ + { + "_id": 1, + "ssn": { + "$binary": { + "base64": "A2EAAAAQdAABAAAAEGEAAgAAAAVraQAQAAAABBI0VngSNJh2EjQSNFZ4kBIFa3UAEAAAAASrze+rEjSYdhI0EjRWeJASAnYACQAAAHZhbHVlMTIzABJjbQAAAAAAAAAAAAA=", + "subType": "06" + } + } + } + ], + "encryptionInformation": { + "type": { + "$numberInt": "1" + }, + "schema": { + "db.test": { + "escCollection": "fle2.test.esc", + "ecocCollection": "fle2.test.ecoc", + "fields": [ + { + "keyId": { + "$binary": { + "base64": "EjRWeBI0mHYSNBI0VniQEg==", + "subType": "04" + } + }, + "path": "ssn", + "bsonType": "string", + "queries": { + "queryType": "substringPreview", + "contention": { + "$numberLong": "0" + }, + "strMaxLength": 100, + "strMinQueryLength": 5, + "strMaxQueryLength": 20, + "caseSensitive": false, + "diacriticSensitive": true + } + } + ], + "strEncodeVersion": 1 + } + } + } + }, + "hasEncryptedPlaceholders": true +} \ No newline at end of file diff --git a/test/test-mongocrypt-ctx-encrypt.c b/test/test-mongocrypt-ctx-encrypt.c index 92eb6880b..705f055b5 100644 --- a/test/test-mongocrypt-ctx-encrypt.c +++ b/test/test-mongocrypt-ctx-encrypt.c @@ -1589,12 +1589,22 @@ typedef struct { static bool _test_rng_source(void *ctx, mongocrypt_binary_t *out, uint32_t count, mongocrypt_status_t *status) { _test_rng_data_source *source = (_test_rng_data_source *)ctx; - if ((source->pos + count) > source->buf.len) { - TEST_ERROR("Out of random data, wanted: %" PRIu32, count); - return false; + // TEST_ERROR("Out of random data, wanted: %" PRIu32, count); + // return false; + uint32_t remaining = (uint32_t)(source->buf.len - source->pos); + TEST_PRINTF("Out of random data, wanted: %" PRIu32 ", had: %" PRIu32 "\n", count, remaining); + if (remaining) { + memcpy(out->data, source->buf.data + source->pos, remaining); + source->pos += remaining; + } + if (count - remaining) { + memset(out->data + remaining, 0, count - remaining); + } + return true; } + TEST_PRINTF("Got: %" PRIu32 "\n", count); memcpy(out->data, source->buf.data + source->pos, count); source->pos += count; return true; @@ -1860,6 +1870,26 @@ static void _test_encrypt_fle2_find_range_payload_decimal128_precision(_mongocry } #endif // MONGOCRYPT_HAVE_DECIMAL128_SUPPORT +#define RNG_DATA \ + "\xc7\x43\xd6\x75\x76\x9e\xa7\x88\xd5\xe5\xc4\x40\xdb\x24\x0d\xf9" \ + "\x4c\xd9\x64\x10\x43\x81\xe6\x61\xfa\x1f\xa0\x5c\x49\x8e\xad\x21" + +static void _test_encrypt_fle2_insert_text_search_payload(_mongocrypt_tester_t *tester) { + uint8_t rng_data[] = RNG_DATA; + + _test_rng_data_source source = {.buf = {.data = rng_data, .len = sizeof(rng_data) - 1u}}; + TEST_ENCRYPT_FLE2_ENCRYPTION_PLACEHOLDER(tester, "fle2-insert-text-search", &source, NULL) +} + +static void _test_encrypt_fle2_insert_text_search_payload_with_str_encode_version(_mongocrypt_tester_t *tester) { + uint8_t rng_data[] = RNG_DATA; + + _test_rng_data_source source = {.buf = {.data = rng_data, .len = sizeof(rng_data) - 1u}}; + TEST_ENCRYPT_FLE2_ENCRYPTION_PLACEHOLDER(tester, "fle2-insert-text-search-with-str-encode-version", &source, NULL) +} + +#undef RNG_DATA + static mongocrypt_t *_crypt_with_rng(_test_rng_data_source *rng_source, bool use_range_v2) { mongocrypt_t *crypt; mongocrypt_binary_t *localkey; @@ -5368,6 +5398,8 @@ void _mongocrypt_tester_install_ctx_encrypt(_mongocrypt_tester_t *tester) { INSTALL_TEST(_test_encrypt_fle2_find_range_payload_decimal128); INSTALL_TEST(_test_encrypt_fle2_find_range_payload_decimal128_precision); #endif + INSTALL_TEST(_test_encrypt_fle2_insert_text_search_payload); + INSTALL_TEST(_test_encrypt_fle2_insert_text_search_payload_with_str_encode_version); INSTALL_TEST(_test_bulkWrite); INSTALL_TEST(_test_rangePreview_fails); INSTALL_TEST(_test_no_trimFactor); From a9d6d31c3512a1351f5c29d2dfab5ae3ab2ef1fe Mon Sep 17 00:00:00 2001 From: Gabriel Marks Date: Wed, 5 Feb 2025 17:15:27 +0000 Subject: [PATCH 10/12] a --- src/mongocrypt-ctx-encrypt.c | 1 + test/test-mongocrypt-ctx-encrypt.c | 48 ++++++++++-------------------- 2 files changed, 17 insertions(+), 32 deletions(-) diff --git a/src/mongocrypt-ctx-encrypt.c b/src/mongocrypt-ctx-encrypt.c index 493e4798f..4692f49fe 100644 --- a/src/mongocrypt-ctx-encrypt.c +++ b/src/mongocrypt-ctx-encrypt.c @@ -1461,6 +1461,7 @@ static bool _fle2_fixup_encryptedFields_strEncodeVersion(const char *cmd_name, mongocrypt_status_t *status) { BSON_ASSERT_PARAM(cmd_name); BSON_ASSERT_PARAM(cmd); + BSON_ASSERT_PARAM(efc); if (0 == strcmp(cmd_name, "create")) { bson_iter_t ef_iter; diff --git a/test/test-mongocrypt-ctx-encrypt.c b/test/test-mongocrypt-ctx-encrypt.c index 705f055b5..a79e772ea 100644 --- a/test/test-mongocrypt-ctx-encrypt.c +++ b/test/test-mongocrypt-ctx-encrypt.c @@ -1590,18 +1590,8 @@ typedef struct { static bool _test_rng_source(void *ctx, mongocrypt_binary_t *out, uint32_t count, mongocrypt_status_t *status) { _test_rng_data_source *source = (_test_rng_data_source *)ctx; if ((source->pos + count) > source->buf.len) { - // TEST_ERROR("Out of random data, wanted: %" PRIu32, count); - // return false; - uint32_t remaining = (uint32_t)(source->buf.len - source->pos); - TEST_PRINTF("Out of random data, wanted: %" PRIu32 ", had: %" PRIu32 "\n", count, remaining); - if (remaining) { - memcpy(out->data, source->buf.data + source->pos, remaining); - source->pos += remaining; - } - if (count - remaining) { - memset(out->data + remaining, 0, count - remaining); - } - return true; + TEST_ERROR("Out of random data, wanted: %" PRIu32, count); + return false; } TEST_PRINTF("Got: %" PRIu32 "\n", count); @@ -1734,6 +1724,20 @@ static void _test_encrypt_fle2_insert_payload_with_str_encode_version(_mongocryp TEST_ENCRYPT_FLE2_ENCRYPTION_PLACEHOLDER(tester, "fle2-insert-v2-with-str-encode-version", &source, NULL) } +static void _test_encrypt_fle2_insert_text_search_payload(_mongocrypt_tester_t *tester) { + uint8_t rng_data[] = RNG_DATA; + + _test_rng_data_source source = {.buf = {.data = rng_data, .len = sizeof(rng_data) - 1u}}; + TEST_ENCRYPT_FLE2_ENCRYPTION_PLACEHOLDER(tester, "fle2-insert-text-search", &source, NULL) +} + +static void _test_encrypt_fle2_insert_text_search_payload_with_str_encode_version(_mongocrypt_tester_t *tester) { + uint8_t rng_data[] = RNG_DATA; + + _test_rng_data_source source = {.buf = {.data = rng_data, .len = sizeof(rng_data) - 1u}}; + TEST_ENCRYPT_FLE2_ENCRYPTION_PLACEHOLDER(tester, "fle2-insert-text-search-with-str-encode-version", &source, NULL) +} + #undef RNG_DATA // FLE2FindEqualityPayload only uses deterministic token generation. @@ -1870,26 +1874,6 @@ static void _test_encrypt_fle2_find_range_payload_decimal128_precision(_mongocry } #endif // MONGOCRYPT_HAVE_DECIMAL128_SUPPORT -#define RNG_DATA \ - "\xc7\x43\xd6\x75\x76\x9e\xa7\x88\xd5\xe5\xc4\x40\xdb\x24\x0d\xf9" \ - "\x4c\xd9\x64\x10\x43\x81\xe6\x61\xfa\x1f\xa0\x5c\x49\x8e\xad\x21" - -static void _test_encrypt_fle2_insert_text_search_payload(_mongocrypt_tester_t *tester) { - uint8_t rng_data[] = RNG_DATA; - - _test_rng_data_source source = {.buf = {.data = rng_data, .len = sizeof(rng_data) - 1u}}; - TEST_ENCRYPT_FLE2_ENCRYPTION_PLACEHOLDER(tester, "fle2-insert-text-search", &source, NULL) -} - -static void _test_encrypt_fle2_insert_text_search_payload_with_str_encode_version(_mongocrypt_tester_t *tester) { - uint8_t rng_data[] = RNG_DATA; - - _test_rng_data_source source = {.buf = {.data = rng_data, .len = sizeof(rng_data) - 1u}}; - TEST_ENCRYPT_FLE2_ENCRYPTION_PLACEHOLDER(tester, "fle2-insert-text-search-with-str-encode-version", &source, NULL) -} - -#undef RNG_DATA - static mongocrypt_t *_crypt_with_rng(_test_rng_data_source *rng_source, bool use_range_v2) { mongocrypt_t *crypt; mongocrypt_binary_t *localkey; From 4e5f7b7597c8ea0c786312b01941d8be18fd2fdb Mon Sep 17 00:00:00 2001 From: Gabriel Marks Date: Wed, 5 Feb 2025 17:15:48 +0000 Subject: [PATCH 11/12] a --- test/test-mongocrypt-ctx-encrypt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test-mongocrypt-ctx-encrypt.c b/test/test-mongocrypt-ctx-encrypt.c index a79e772ea..1ee7ace1a 100644 --- a/test/test-mongocrypt-ctx-encrypt.c +++ b/test/test-mongocrypt-ctx-encrypt.c @@ -1589,12 +1589,12 @@ typedef struct { static bool _test_rng_source(void *ctx, mongocrypt_binary_t *out, uint32_t count, mongocrypt_status_t *status) { _test_rng_data_source *source = (_test_rng_data_source *)ctx; + if ((source->pos + count) > source->buf.len) { TEST_ERROR("Out of random data, wanted: %" PRIu32, count); return false; } - TEST_PRINTF("Got: %" PRIu32 "\n", count); memcpy(out->data, source->buf.data + source->pos, count); source->pos += count; return true; From 76afda6c0f66a24bf1879c8d628e32627d454b2b Mon Sep 17 00:00:00 2001 From: Gabriel Marks Date: Mon, 10 Feb 2025 16:51:38 +0000 Subject: [PATCH 12/12] Better things --- src/mc-efc.c | 7 +- src/mongocrypt-ctx-encrypt.c | 70 ++-- test/test-mongocrypt-ctx-encrypt.c | 596 +++-------------------------- 3 files changed, 105 insertions(+), 568 deletions(-) diff --git a/src/mc-efc.c b/src/mc-efc.c index 1fa857276..205cd529e 100644 --- a/src/mc-efc.c +++ b/src/mc-efc.c @@ -176,7 +176,7 @@ bool mc_EncryptedFieldConfig_parse(mc_EncryptedFieldConfig_t *efc, return false; } if (!BSON_ITER_HOLDS_ARRAY(&iter)) { - CLIENT_ERR("expected 'fields' to be type array, got: %d", bson_iter_type(&iter)); + CLIENT_ERR("expected 'fields' to be type array, got: %s", mc_bson_type_to_string(bson_iter_type(&iter))); return false; } if (!bson_iter_recurse(&iter, &iter)) { @@ -208,12 +208,13 @@ bool mc_EncryptedFieldConfig_parse(mc_EncryptedFieldConfig_t *efc, } } else { if (!BSON_ITER_HOLDS_INT32(&iter)) { - CLIENT_ERR("expected 'strEncodeVersion' to be type int32, got: %d", bson_iter_type(&iter)); + CLIENT_ERR("expected 'strEncodeVersion' to be type int32, got: %s", + mc_bson_type_to_string(bson_iter_type(&iter))); return false; } int32_t version = bson_iter_int32(&iter); if (version > LATEST_STR_ENCODE_VERSION || version < MIN_STR_ENCODE_VERSION) { - CLIENT_ERR("'strEncodeVersion' of %d is not supported", version); + CLIENT_ERR("'strEncodeVersion' of %" PRId32 " is not supported", version); return false; } efc->str_encode_version = (uint8_t)version; diff --git a/src/mongocrypt-ctx-encrypt.c b/src/mongocrypt-ctx-encrypt.c index 4692f49fe..95f750b65 100644 --- a/src/mongocrypt-ctx-encrypt.c +++ b/src/mongocrypt-ctx-encrypt.c @@ -1469,58 +1469,64 @@ static bool _fle2_fixup_encryptedFields_strEncodeVersion(const char *cmd_name, // No encryptedFields, nothing to check or fix return true; } + if (!BSON_ITER_HOLDS_DOCUMENT(&ef_iter)) { + CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Expected encryptedFields to be type obj, got: %s", + mc_bson_type_to_string(bson_iter_type(&ef_iter))); + return false; + } bson_iter_t sev_iter; - if (!bson_iter_init(&sev_iter, cmd)) { - CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to initialize bson_iter"); + if (!bson_iter_recurse(&ef_iter, &sev_iter)) { + CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to recurse bson_iter"); return false; } - if (!bson_iter_find_descendant(&sev_iter, "encryptedFields.strEncodeVersion", &sev_iter)) { + if (!bson_iter_find(&sev_iter, "strEncodeVersion")) { if (efc->str_encode_version == 0) { // Unset StrEncodeVersion matches the EFC, nothing to fix. return true; } - bool ok = false; + // No strEncodeVersion and the EFC has a nonzero strEncodeVersion, add it. + // Initialize the new cmd object from the old one, excluding encryptedFields. bson_t fixed = BSON_INITIALIZER; bson_copy_to_excluding_noinit(cmd, &fixed, "encryptedFields", NULL); - bson_t ef; - const uint8_t *data; - uint32_t len; - if (!BSON_ITER_HOLDS_DOCUMENT(&ef_iter)) { - CLIENT_ERR( - "_fle2_fixup_encryptedFields_strEncodeVersion: Expected encryptedFields to be type obj, got: %d", - bson_iter_type(&ef_iter)); - goto fail2; - } - bson_iter_document(&ef_iter, &len, &data); - if (!bson_init_static(&ef, data, len)) { - CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: bson_init_static failed"); - goto fail2; + + // Recurse the original encryptedFields and copy everything over. + bson_iter_t copy_iter; + if (!bson_iter_recurse(&ef_iter, ©_iter)) { + CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to recurse bson_iter"); + goto fail; } bson_t fixed_ef; - bson_copy_to(&ef, &fixed_ef); + if (!BSON_APPEND_DOCUMENT_BEGIN(&fixed, "encryptedFields", &fixed_ef)) { + CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to start appending encryptedFields"); + goto fail; + } + while (bson_iter_next(©_iter)) { + if (!bson_append_iter(&fixed_ef, NULL, 0, ©_iter)) { + CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to copy element"); + goto fail; + } + } + + // Add the EFC's strEncodeVersion to encryptedFields. if (!BSON_APPEND_INT32(&fixed_ef, "strEncodeVersion", efc->str_encode_version)) { CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to append strEncodeVersion"); - goto fail1; + goto fail; } - if (!BSON_APPEND_DOCUMENT(&fixed, "encryptedFields", &fixed_ef)) { - CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to append encryptedFields"); - goto fail1; + if (!bson_append_document_end(&fixed, &fixed_ef)) { + CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to finish appending encryptedFields"); + goto fail; } + bson_destroy(cmd); if (!bson_steal(cmd, &fixed)) { CLIENT_ERR("_fle2_fixup_encryptedFields_strEncodeVersion: Failed to steal BSON"); - goto fail1; - } - ok = true; - fail1: - bson_destroy(&fixed_ef); - fail2: - // If OK, fixed was stolen and put in cmd; don't destroy it - if (!ok) { - bson_destroy(&fixed); + goto fail; } - return ok; + return true; + fail: + bson_destroy(&fixed); + return false; } else { // Check strEncodeVersion for match against EFC if (!BSON_ITER_HOLDS_INT32(&sev_iter)) { diff --git a/test/test-mongocrypt-ctx-encrypt.c b/test/test-mongocrypt-ctx-encrypt.c index 1ee7ace1a..e7805a8f4 100644 --- a/test/test-mongocrypt-ctx-encrypt.c +++ b/test/test-mongocrypt-ctx-encrypt.c @@ -3279,6 +3279,25 @@ static void _test_dollardb_preserved_fle1(_mongocrypt_tester_t *tester) { mongocrypt_destroy(crypt); } +#define expect_and_reply_to_ismaster(ctx) \ + do { \ + ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); \ + { \ + mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); \ + \ + ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); \ + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/without-schema/" \ + "ismaster-to-mongocryptd.json"), \ + cmd_to_mongocryptd); \ + mongocrypt_binary_destroy(cmd_to_mongocryptd); \ + ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, \ + TEST_FILE("./test/data/fle1-create/without-schema/" \ + "mongocryptd-ismaster.json")), \ + ctx); \ + ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); \ + } \ + } while (0) + static void _test_fle1_create_without_schema(_mongocrypt_tester_t *tester) { mongocrypt_t *crypt = _mongocrypt_tester_mongocrypt(TESTER_MONGOCRYPT_DEFAULT); mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); @@ -3286,21 +3305,7 @@ static void _test_fle1_create_without_schema(_mongocrypt_tester_t *tester) { ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_FILE("./test/data/fle1-create/without-schema/cmd.json")), ctx); - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); - { - mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); - - ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/without-schema/" - "ismaster-to-mongocryptd.json"), - cmd_to_mongocryptd); - mongocrypt_binary_destroy(cmd_to_mongocryptd); - ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, - TEST_FILE("./test/data/fle1-create/without-schema/" - "mongocryptd-ismaster.json")), - ctx); - ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); - } + expect_and_reply_to_ismaster(ctx); ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); { @@ -3344,21 +3349,7 @@ static void _test_fle1_create_with_schema(_mongocrypt_tester_t *tester) { ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_FILE("./test/data/fle1-create/with-schema/cmd.json")), ctx); - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); - { - mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); - - ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/with-schema/" - "ismaster-to-mongocryptd.json"), - cmd_to_mongocryptd); - mongocrypt_binary_destroy(cmd_to_mongocryptd); - ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, - TEST_FILE("./test/data/fle1-create/with-schema/" - "mongocryptd-ismaster.json")), - ctx); - ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); - } + expect_and_reply_to_ismaster(ctx); ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); { @@ -3397,21 +3388,7 @@ static void _test_fle1_create_with_cmd_schema(_mongocrypt_tester_t *tester) { ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_FILE("./test/data/fle1-create/with-cmd-schema/cmd.json")), ctx); - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); - { - mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); - - ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/with-cmd-schema/" - "ismaster-to-mongocryptd.json"), - cmd_to_mongocryptd); - mongocrypt_binary_destroy(cmd_to_mongocryptd); - ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, - TEST_FILE("./test/data/fle1-create/with-cmd-schema/" - "mongocryptd-ismaster.json")), - ctx); - ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); - } + expect_and_reply_to_ismaster(ctx); ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); { @@ -3505,45 +3482,32 @@ static void _test_fle1_create_with_csfle(_mongocrypt_tester_t *tester) { mongocrypt_destroy(crypt); } -static void _test_fle2_create(_mongocrypt_tester_t *tester) { +static void test_successful_fle2_create(_mongocrypt_tester_t *tester, + const char *efc_map_path, + const char *cmd_path, + const char *cmd_to_cryptd_path, + const char *cryptd_reply_path, + const char *encrypted_payload_path) { mongocrypt_t *crypt = mongocrypt_new(); ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt); - ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map( - crypt, - TEST_FILE("./test/data/fle2-create/encrypted-field-config-map.json")), - crypt); + ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map(crypt, TEST_FILE(efc_map_path)), crypt); ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt); mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); - ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_FILE("./test/data/fle2-create/cmd.json")), ctx); - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); - { - mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); + ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_FILE(cmd_path)), ctx); - ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/without-schema/" - "ismaster-to-mongocryptd.json"), - cmd_to_mongocryptd); - mongocrypt_binary_destroy(cmd_to_mongocryptd); - ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, - TEST_FILE("./test/data/fle1-create/without-schema/" - "mongocryptd-ismaster.json")), - ctx); - ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); - } + expect_and_reply_to_ismaster(ctx); ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); { mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle2-create/cmd-to-mongocryptd.json"), - cmd_to_mongocryptd); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE(cmd_to_cryptd_path), cmd_to_mongocryptd); mongocrypt_binary_destroy(cmd_to_mongocryptd); - ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, TEST_FILE("./test/data/fle2-create/mongocryptd-reply.json")), ctx); + ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, TEST_FILE(cryptd_reply_path)), ctx); ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); } @@ -3551,7 +3515,7 @@ static void _test_fle2_create(_mongocrypt_tester_t *tester) { { mongocrypt_binary_t *out = mongocrypt_binary_new(); ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle2-create/encrypted-payload.json"), out); + ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE(encrypted_payload_path), out); mongocrypt_binary_destroy(out); } @@ -3559,476 +3523,56 @@ static void _test_fle2_create(_mongocrypt_tester_t *tester) { mongocrypt_destroy(crypt); } -static void _test_fle2_create_with_encrypted_fields(_mongocrypt_tester_t *tester) { - mongocrypt_t *crypt = mongocrypt_new(); - - ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt); - ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map( - crypt, - TEST_FILE("./test/data/fle2-create-encrypted-collection/encrypted-field-config-map.json")), - crypt); - ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt); - - mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); - - ASSERT_OK( - mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_FILE("./test/data/fle2-create-encrypted-collection/cmd.json")), - ctx); - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); - { - mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); - - ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/without-schema/" - "ismaster-to-mongocryptd.json"), - cmd_to_mongocryptd); - mongocrypt_binary_destroy(cmd_to_mongocryptd); - ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, - TEST_FILE("./test/data/fle1-create/without-schema/" - "mongocryptd-ismaster.json")), - ctx); - ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); - } - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); - { - mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); +#define TEST_SUCCESSFUL_FLE2_CREATE(efc_path, cmd_path, cryptd_path, payload_path) \ + test_successful_fle2_create(tester, \ + "./test/data/" efc_path "/encrypted-field-config-map.json", \ + "./test/data/" cmd_path "/cmd.json", \ + "./test/data/" cryptd_path "/cmd-to-mongocryptd.json", \ + "./test/data/" cryptd_path "/mongocryptd-reply.json", \ + "./test/data/" payload_path "/encrypted-payload.json") - ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( - TEST_FILE("./test/data/fle2-create-encrypted-collection/cmd-to-mongocryptd.json"), - cmd_to_mongocryptd); - mongocrypt_binary_destroy(cmd_to_mongocryptd); - ASSERT_OK( - mongocrypt_ctx_mongo_feed(ctx, - TEST_FILE("./test/data/fle2-create-encrypted-collection/mongocryptd-reply.json")), - ctx); - ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); - } +#define TEST_SUCCESSFUL_FLE2_CREATE_ONEDIR(path) TEST_SUCCESSFUL_FLE2_CREATE(path, path, path, path) - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY); - { - mongocrypt_binary_t *out = mongocrypt_binary_new(); - ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( - TEST_FILE("./test/data/fle2-create-encrypted-collection/encrypted-payload.json"), - out); - mongocrypt_binary_destroy(out); - } +static void _test_fle2_create(_mongocrypt_tester_t *tester) { + TEST_SUCCESSFUL_FLE2_CREATE_ONEDIR("fle2-create"); +} - mongocrypt_ctx_destroy(ctx); - mongocrypt_destroy(crypt); +static void _test_fle2_create_with_encrypted_fields(_mongocrypt_tester_t *tester) { + TEST_SUCCESSFUL_FLE2_CREATE_ONEDIR("fle2-create-encrypted-collection"); } static void _test_fle2_create_with_encrypted_fields_and_str_encode_version(_mongocrypt_tester_t *tester) { - mongocrypt_t *crypt = mongocrypt_new(); - - ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt); - ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map( - crypt, - TEST_FILE("./test/data/fle2-create-encrypted-collection-with-str-encode-version/" - "encrypted-field-config-map.json")), - crypt); - ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt); - - mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); - - ASSERT_OK(mongocrypt_ctx_encrypt_init( - ctx, - "db", - -1, - TEST_FILE("./test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd.json")), - ctx); - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); - { - mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); - - ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/without-schema/" - "ismaster-to-mongocryptd.json"), - cmd_to_mongocryptd); - mongocrypt_binary_destroy(cmd_to_mongocryptd); - ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, - TEST_FILE("./test/data/fle1-create/without-schema/" - "mongocryptd-ismaster.json")), - ctx); - ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); - } - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); - { - mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); - - ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( - TEST_FILE("./test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json"), - cmd_to_mongocryptd); - mongocrypt_binary_destroy(cmd_to_mongocryptd); - ASSERT_OK( - mongocrypt_ctx_mongo_feed( - ctx, - TEST_FILE( - "./test/data/fle2-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json")), - ctx); - ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); - } - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY); - { - mongocrypt_binary_t *out = mongocrypt_binary_new(); - ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( - TEST_FILE("./test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-payload.json"), - out); - mongocrypt_binary_destroy(out); - } - - mongocrypt_ctx_destroy(ctx); - mongocrypt_destroy(crypt); + TEST_SUCCESSFUL_FLE2_CREATE_ONEDIR("fle2-create-encrypted-collection-with-str-encode-version"); } static void _test_fle2_create_with_encrypted_fields_unset_str_encode_version(_mongocrypt_tester_t *tester) { - mongocrypt_t *crypt = mongocrypt_new(); - - ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt); - ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map( - crypt, - TEST_FILE("./test/data/fle2-create-encrypted-collection-with-str-encode-version/" - "encrypted-field-config-map.json")), - crypt); - ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt); - - mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); - - ASSERT_OK( - mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_FILE("./test/data/fle2-create-encrypted-collection/cmd.json")), - ctx); - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); - { - mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); - - ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/without-schema/" - "ismaster-to-mongocryptd.json"), - cmd_to_mongocryptd); - mongocrypt_binary_destroy(cmd_to_mongocryptd); - ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, - TEST_FILE("./test/data/fle1-create/without-schema/" - "mongocryptd-ismaster.json")), - ctx); - ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); - } - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); - { - mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); - - ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( - TEST_FILE("./test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/" - "cmd-to-mongocryptd.json"), - cmd_to_mongocryptd); - mongocrypt_binary_destroy(cmd_to_mongocryptd); - ASSERT_OK( - mongocrypt_ctx_mongo_feed( - ctx, - TEST_FILE("./test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/" - "mongocryptd-reply.json")), - ctx); - ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); - } - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY); - { - mongocrypt_binary_t *out = mongocrypt_binary_new(); - ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( - TEST_FILE("./test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-payload.json"), - out); - mongocrypt_binary_destroy(out); - } - - mongocrypt_ctx_destroy(ctx); - mongocrypt_destroy(crypt); + TEST_SUCCESSFUL_FLE2_CREATE("fle2-create-encrypted-collection-with-str-encode-version", + "fle2-create-encrypted-collection", + "fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version", + "fle2-create-encrypted-collection-with-str-encode-version"); } static void _test_fle2_text_search_create_with_encrypted_fields(_mongocrypt_tester_t *tester) { - mongocrypt_t *crypt = mongocrypt_new(); - - ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt); - ASSERT_OK( - mongocrypt_setopt_encrypted_field_config_map( - crypt, - TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection/encrypted-field-config-map.json")), - crypt); - ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt); - - mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); - - ASSERT_OK( - mongocrypt_ctx_encrypt_init(ctx, - "db", - -1, - TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection/cmd.json")), - ctx); - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); - { - mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); - - ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/without-schema/" - "ismaster-to-mongocryptd.json"), - cmd_to_mongocryptd); - mongocrypt_binary_destroy(cmd_to_mongocryptd); - ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, - TEST_FILE("./test/data/fle1-create/without-schema/" - "mongocryptd-ismaster.json")), - ctx); - ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); - } - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); - { - mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); - - ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( - TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection/cmd-to-mongocryptd.json"), - cmd_to_mongocryptd); - mongocrypt_binary_destroy(cmd_to_mongocryptd); - ASSERT_OK(mongocrypt_ctx_mongo_feed( - ctx, - TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection/mongocryptd-reply.json")), - ctx); - ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); - } - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY); - { - mongocrypt_binary_t *out = mongocrypt_binary_new(); - ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( - TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection/encrypted-payload.json"), - out); - mongocrypt_binary_destroy(out); - } - - mongocrypt_ctx_destroy(ctx); - mongocrypt_destroy(crypt); + TEST_SUCCESSFUL_FLE2_CREATE_ONEDIR("fle2-text-search-create-encrypted-collection"); } static void _test_fle2_text_search_create_with_encrypted_fields_and_str_encode_version(_mongocrypt_tester_t *tester) { - mongocrypt_t *crypt = mongocrypt_new(); - - ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt); - ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map( - crypt, - TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/" - "encrypted-field-config-map.json")), - crypt); - ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt); - - mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); - - ASSERT_OK( - mongocrypt_ctx_encrypt_init( - ctx, - "db", - -1, - TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd.json")), - ctx); - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); - { - mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); - - ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/without-schema/" - "ismaster-to-mongocryptd.json"), - cmd_to_mongocryptd); - mongocrypt_binary_destroy(cmd_to_mongocryptd); - ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, - TEST_FILE("./test/data/fle1-create/without-schema/" - "mongocryptd-ismaster.json")), - ctx); - ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); - } - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); - { - mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); - - ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( - TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/" - "cmd-to-mongocryptd.json"), - cmd_to_mongocryptd); - mongocrypt_binary_destroy(cmd_to_mongocryptd); - ASSERT_OK(mongocrypt_ctx_mongo_feed( - ctx, - TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/" - "mongocryptd-reply.json")), - ctx); - ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); - } - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY); - { - mongocrypt_binary_t *out = mongocrypt_binary_new(); - ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( - TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/" - "encrypted-payload.json"), - out); - mongocrypt_binary_destroy(out); - } - - mongocrypt_ctx_destroy(ctx); - mongocrypt_destroy(crypt); + TEST_SUCCESSFUL_FLE2_CREATE_ONEDIR("fle2-text-search-create-encrypted-collection-with-str-encode-version"); } static void _test_fle2_text_search_create_with_encrypted_fields_unset_str_encode_version(_mongocrypt_tester_t *tester) { - mongocrypt_t *crypt = mongocrypt_new(); - - ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt); - ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map( - crypt, - TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/" - "encrypted-field-config-map.json")), - crypt); - ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt); - - mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); - - ASSERT_OK( - mongocrypt_ctx_encrypt_init(ctx, - "db", - -1, - TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection/cmd.json")), - ctx); - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); - { - mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); - - ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/without-schema/" - "ismaster-to-mongocryptd.json"), - cmd_to_mongocryptd); - mongocrypt_binary_destroy(cmd_to_mongocryptd); - ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, - TEST_FILE("./test/data/fle1-create/without-schema/" - "mongocryptd-ismaster.json")), - ctx); - ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); - } - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); - { - mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); - - ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection/" - "cmd-to-mongocryptd.json"), - cmd_to_mongocryptd); - mongocrypt_binary_destroy(cmd_to_mongocryptd); - ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, - TEST_FILE("./test/data/" - "fle2-text-search-create-encrypted-collection/" - "mongocryptd-reply.json")), - ctx); - ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); - } - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY); - { - mongocrypt_binary_t *out = mongocrypt_binary_new(); - ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( - TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/" - "encrypted-payload.json"), - out); - mongocrypt_binary_destroy(out); - } - - mongocrypt_ctx_destroy(ctx); - mongocrypt_destroy(crypt); + TEST_SUCCESSFUL_FLE2_CREATE("fle2-text-search-create-encrypted-collection-with-str-encode-version", + "fle2-text-search-create-encrypted-collection", + "fle2-text-search-create-encrypted-collection", + "fle2-text-search-create-encrypted-collection-with-str-encode-version"); } static void _test_fle2_text_search_create_with_encrypted_fields_unmatching_str_encode_version(_mongocrypt_tester_t *tester) { - mongocrypt_t *crypt = mongocrypt_new(); - - ASSERT_OK(mongocrypt_setopt_kms_provider_aws(crypt, "example", -1, "example", -1), crypt); - ASSERT_OK(mongocrypt_setopt_encrypted_field_config_map( - crypt, - TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection/" - "encrypted-field-config-map.json")), - crypt); - ASSERT_OK(_mongocrypt_init_for_test(crypt), crypt); - - mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt); - - ASSERT_OK( - mongocrypt_ctx_encrypt_init( - ctx, - "db", - -1, - TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd.json")), - ctx); - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); - { - mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); - - ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/without-schema/" - "ismaster-to-mongocryptd.json"), - cmd_to_mongocryptd); - mongocrypt_binary_destroy(cmd_to_mongocryptd); - ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, - TEST_FILE("./test/data/fle1-create/without-schema/" - "mongocryptd-ismaster.json")), - ctx); - ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); - } - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); - { - mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); - - ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( - TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/" - "cmd-to-mongocryptd.json"), - cmd_to_mongocryptd); - mongocrypt_binary_destroy(cmd_to_mongocryptd); - ASSERT_OK( - mongocrypt_ctx_mongo_feed(ctx, - TEST_FILE("./test/data/" - "fle2-text-search-create-encrypted-collection-with-str-encode-version/" - "mongocryptd-reply.json")), - ctx); - ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); - } - - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY); - { - mongocrypt_binary_t *out = mongocrypt_binary_new(); - ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON( - TEST_FILE("./test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/" - "encrypted-payload.json"), - out); - mongocrypt_binary_destroy(out); - } - - mongocrypt_ctx_destroy(ctx); - mongocrypt_destroy(crypt); + TEST_SUCCESSFUL_FLE2_CREATE("fle2-text-search-create-encrypted-collection", + "fle2-text-search-create-encrypted-collection-with-str-encode-version", + "fle2-text-search-create-encrypted-collection-with-str-encode-version", + "fle2-text-search-create-encrypted-collection-with-str-encode-version"); } /* Regression test for MONGOCRYPT-435 */ @@ -5235,21 +4779,7 @@ static void _test_fle2_encrypted_fields_with_unmatching_str_encode_version(_mong TEST_FILE("./test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd.json")), ctx); - ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); - { - mongocrypt_binary_t *cmd_to_mongocryptd = mongocrypt_binary_new(); - - ASSERT_OK(mongocrypt_ctx_mongo_op(ctx, cmd_to_mongocryptd), ctx); - ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/fle1-create/without-schema/" - "ismaster-to-mongocryptd.json"), - cmd_to_mongocryptd); - mongocrypt_binary_destroy(cmd_to_mongocryptd); - ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, - TEST_FILE("./test/data/fle1-create/without-schema/" - "mongocryptd-ismaster.json")), - ctx); - ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx); - } + expect_and_reply_to_ismaster(ctx); ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); {