Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 4.2.0-rc4
Affects Version/s: None
Component/s: Shell
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v4.2
Steps To Reproduce:
Hide

Add the snippet shown in the diff below to the bottom of testDeterministicCollection() in jstests/fle/fle_implicit_encryption.js in the enterprise module:

diff --git a/jstests/fle/fle_implicit_encryption.js b/jstests/fle/fle_implicit_encryption.js index c5f6c3e..8da488b 100644 --- a/jstests/fle/fle_implicit_encryption.js +++ b/jstests/fle/fle_implicit_encryption.js @@ -118,6 +118,17 @@ load('jstests/ssl/libs/ssl_helpers.js'); unencryptedCollection.insert({"name": "Shreyas", "ssn": encryptedDeterministicSSN}); assert.eq(1, encryptedCollection.count({"ssn": NumberInt(987654321)})); + for (let i = 0; i < 128; i++) { + unencryptedCollection.insertOne({ + name: 'Davis' + i, + 'ssn': encryptedShell.getClientEncryption().encrypt( + keyId, NumberInt(i), deterministicAlgorithm) + }); + } + let results = encryptedCollection.aggregate([]).toArray(); + for (let i = 0; i < results.length; i++) { + assert.eq(false, results[i].ssn instanceof BinData, results[i]); + } // Will add tests for aggregate once query implements it. // TODO : File ticket if this goes in before query work is finished. };

Changing 128 to a smaller number, like 10, will make the test pass, since then .toArray() won't have to call getMore().
Show
Add the snippet shown in the diff below to the bottom of testDeterministicCollection() in jstests/fle/fle_implicit_encryption.js in the enterprise module: diff --git a/jstests/fle/fle_implicit_encryption.js b/jstests/fle/fle_implicit_encryption.js index c5f6c3e..8da488b 100644 --- a/jstests/fle/fle_implicit_encryption.js +++ b/jstests/fle/fle_implicit_encryption.js @@ -118,6 +118,17 @@ load( 'jstests/ssl/libs/ssl_helpers.js' ); unencryptedCollection.insert({ "name" : "Shreyas" , "ssn" : encryptedDeterministicSSN}); assert .eq(1, encryptedCollection.count({ "ssn" : NumberInt(987654321)})); + for (let i = 0; i < 128; i++) { + unencryptedCollection.insertOne({ + name: 'Davis' + i, + 'ssn' : encryptedShell.getClientEncryption().encrypt( + keyId, NumberInt(i), deterministicAlgorithm) + }); + } + let results = encryptedCollection.aggregate([]).toArray(); + for (let i = 0; i < results.length; i++) { + assert .eq( false , results[i].ssn instanceof BinData, results[i]); + } // Will add tests for aggregate once query implements it. // TODO : File ticket if this goes in before query work is finished. }; Changing 128 to a smaller number, like 10, will make the test pass, since then .toArray() won't have to call getMore().
Sprint:
Security 2019-07-15

In the FLE enabled shell, it seems like BinData type 6 isn't decrypted as it should be when documents are fetched in getMore calls. When running an aggregation against the FLE-enabled shell which returns more than 101 documents, the first 101 are decrypted properly, while all the rest contain BinData. For example, one document looks like this:

{
	"_id" : "u49",
	"patient" : {
		"name" : BinData(6,"AYgJLpLd8ku+jV8arok6P4MCvO7xtz7j1/LauGMFhdUxX+SI+yu16CcSi8vRMOVyE1ngPSeI777Q1jq33H0AupCrbovf1AnNoJxMG9XoiS7KEg==")

	},
	"doctor" : {
		"name" : BinData(6,"AYgJLpLd8ku+jV8arok6P4MCXX2OS/ntRC87Kczz+iwaudQr95q0upAo3A7pifESuOw0NmjnMZIQsyKyzoKkYGMfiPjCcr7sIX4+j7lIcBI8zw==")
	}
}

When it should look like this:

{
	"_id" : "u49",
	"patient" : {
		"name" : "D6"
	},
	"doctor" : {
		"name" : "AA"
	}
}

Assignee:: Mark Benvenuto

Reporter:: Davis Haupt (Inactive)

Participants:: Davis Haupt, Githook User, Mark Benvenuto

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: Jun 26 2019 08:40:35 PM UTC

Updated:: Oct 29 2023 10:19:33 PM UTC

Resolved:: Jul 02 2019 06:51:28 PM UTC

Details

Description

Attachments

Activity

People

Dates