[DRIVERS-2718] Enable use of native crypto in libmongocrypt bindings Created: 08/Sep/23 Updated: 31/Jan/24 |
|
| Status: | Implementing |
| Project: | Drivers |
| Component/s: | Client Side Encryption, Performance |
| Fix Version/s: | None |
| Type: | Task | Priority: | Unknown |
| Reporter: | Kevin Albertson | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Driver Changes: | Needed | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Quarter: | FY25Q1 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Downstream Changes Summary: | Summary of necessary driver changes Package the crypto-enabled libmongocrypt on platforms where it is safe to do so: Mac and Windows. For Linux, continue to package the crypto-disabled (nocrypto) builds due to the issues with OpenSSL versioning (see Check if the loaded libmongocrypt supports native crypto by calling mongocrypt_is_crypto_available. Only register crypto callbacks if it returns false. Document that on Linux, high-performance use cases should install libmongocrypt on the system. If possible, ensure this install takes precedence over the packaged crypto-disabled libmongocrypt. Context for other referenced/linked tickets mongocrypt_is_crypto_available is added in I expect this work only applies to drivers that implement the crypto hooks (i.e. calling mongocrypt_setopt_crypto_hooks and friends). From this survey, this appears to be: C#, Java, Node.js, Python, Ruby. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Engineering Lead: | |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Start date: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Driver Compliance: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description |
SummaryInvestigate options to enable use of native crypto in libmongocrypt bindings. I expect this will require a scope document and prototyping. MotivationBy default, libmongocrypt implements crypto primitives (including AES, HMAC, SHA) by linking to a native crypto library (OpenSSL on Linux, CommonCrypto on macOS, Cryptography API on Windows). Alternatively: libmongocrypt can be configured without crypto using the CMake option DISABLE_NATIVE_CRYPTO. The "no crypto" version of libmongocrypt is used by driver languages that supply crypto callbacks. On last survey: Java, Python, C#, Ruby, Node, and Rust implement the crypto callbacks.
The mongodb-crypt JAR and pymongocrypt wheel include generic Linux binaries of libmongocrypt. Use of crypto callbacks may result in slower throughput. HELP-27047 identified a problematic workload: decrypting documents with 1500 encrypted values. A benchmark of bulk decryption showed the most improvement when using libmongocrypt’s native system crypto, rather than the callbacks in the Java bindings:
Some bindings provide an option to use a system install of libmongocrypt (example: PYMONGOCRYPT_LIB in pymongocrypt). It may be possible to extend this to other drivers. Who is the affected end user?Users of In-Use Encryption. How does this affect the end user?Proposed changes may improve throughput of encryption and decryption. How likely is it that this problem or use case will occur?Certain. This was reported in HELP-27047. If the problem does occur, what are the consequences and how severe are they?Performance concern. Is this issue urgent?No. Is this ticket required by a downstream team?No. Is this ticket only for tests?No. Acceptance CriteriaExpect improved throughput of encryption and decryption in impacted drivers. |