[JAVA-3448] CSFLE - garbled creationDate and updateDate fields for data encryption key documents Created: 25/Sep/19  Updated: 07/Oct/19  Resolved: 07/Oct/19

Status: Closed
Project: Java Driver
Component/s: Client Side Encryption
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Christopher Cho Assignee: Jeffrey Yemin
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to MONGOCRYPT-21 libmongocrypt creates data keys in th... Closed

 Description   

When creating a data encryption key via the createKey() method for client-side field level encryption, a new document is created that contains fields such as a UUID, encrypted key, creationDate, updateDate, status, and masterKey document.

 

Here are a few examples of documents that were created using the 3.11.0 sync driver:

{ "_id" : UUID("bdc04a10-a231-4a2e-b8d2-af32cf3f9b77"), "keyMaterial" : BinData(0,"F/J5R4YVcvxYh1QcdrZ1zXbqkEGEzH4UctOpzqHw3JfGeAf2wfv7nh6jsSMDSIpx0ueRX5aWPy/hWYe69A9wGryR5ecSRYgeNp2FdFzLjTQ73fZcEZ/Szf+pw6wzHI+mc0qDAM5cRwtthcXiNx4mvQcEQyaP7PLwglU5Dt182CvrbukcMDfkcHfVMA3wJRZlJ+sH/d0vaSwPc2P8F8wctg=="), "creationDate" : ISODate("20404-12-07T04:50:09Z"), "updateDate" : ISODate("20404-12-07T04:50:09Z"), "status" : 0, "masterKey" : \{ "provider" : "local" }

}

{ "_id" : UUID("222b2c28-49a8-417d-a711-0be15978625a"), "keyMaterial" : BinData(0,"7BlqwT30CgVT/8mGR0iU16JJvWrbXYRwCkgW5xHAmTWJV3fqZewJBEVfiGyuUg85qwAN2RsomX1MKiJnbtDOIacbtJIuLN1d7tucpt9D1tsXY5hBPCSs7ZGgOVipvdQdG/rFzthMnUnWR9SUoRSoXWdgsdWCw/vMv4RqegIgqsea09pOl9UyCZfJ4FSAgK2KsUTOZlpqWZRMebUvqH6jHA=="), "creationDate" : ISODate("20405-07-25T14:11:53Z"), "updateDate" : ISODate("20405-07-25T14:11:53Z"), "status" : 0, "masterKey" : \{ "provider" : "local" }

}

{ "_id" : UUID("450b1a1f-0462-4448-b81b-4bd1b4187823"), "keyMaterial" : BinData(0,"/e4RMEFJV0j5MAl/O3ohYgUeUyAVVqPMXGblRtjKbFUJk2uTcaeHISVifV1pq/djB6PIAEuPwpu/QDr3KDM+8ma4umPNfPc2cShk+++jpNDYWQOTbHkpjwdkpV09mnyIJ7h1N+78zwp35NUxL6sYH3Xj5vRjfecL7a1GaXARpzwP3QCcWEnhlmvppk8IwBhS8JCkdb3U6oQX47kwNDNCwA=="), "creationDate" : ISODate("20458-07-07T19:33:47Z"), "updateDate" : ISODate("20458-07-07T19:33:47Z"), "status" : 0, "masterKey" : \{ "provider" : "local" }

}

{ "_id" : UUID("31c062d2-2d74-4a9e-ac6f-914637163387"), "keyMaterial" : BinData(0,"ecsjyG4R8uZjI5Bu21j54F8PzSyyuW3yG5qIoaMUa1DTyiFmN2k9+RpzAA6CmTV4E7/5FBj2Po0vOmu6VjKROto0r6tEenMyxlN4soB2hQbZdVgT2ejl6WEVQIVCuVmc32IqTH+DhhuEEEu1SPNys7w6I3YBegHVFhNtpXjeHWNpDYnqg1iOdoeD5d8V1PaTbBWPi6tqKuNS2LeySgXfsQ=="), "creationDate" : ISODate("20830-06-26T18:44:26Z"), "updateDate" : ISODate("20830-06-26T18:44:26Z"), "status" : 0, "masterKey" : \{ "provider" : "local" }

}

{ "_id" : UUID("dad3a063-4f9b-48f8-bf4e-7ca9d323fd1c"), "keyMaterial" : BinData(0,"2ONi+GlkEKdVUjxoEFFkGI8aocBJlXo0enuKEuRQUZGbjbh11dschs50ongK5j7Si819v6lsx/kCkf6hybhPKoZkYbDtToKuhjIpS7KrfG//50gwEe/wtO7OK6CkIXxn1Mi9Z5HLOMzMfGb9chkhV3qohYaMxhKr3ZFiROU0gs+WMky2hKQdVQNg8I2wRHBWMydLDqPawWbJo7rs6GNCzQ=="), "creationDate" : ISODate("23600-04-13T02:22:54Z"), "updateDate" : ISODate("23600-04-13T02:22:54Z"), "status" : 0, "masterKey" : \{ "provider" : "local" }

}

{ "_id" : UUID("37541a82-b051-4338-97df-86a0780a6a22"), "keyMaterial" : BinData(0,"6sdjYoBmLaqsVs8vyMn+M1CLlNPKHwoEJvxf9vgcbuUl4RUywGzebR4GpnIb5K76v2tQnIkZDwkEFtYqRWpUEDq3AhvCBSA4RZNJV1d8ICLkeZRpGFCUTldrL5BBKFFMZmA5RMGgTh22VxSsy/9NTzAiRihdn4cIvYSttTXzgtRjIuSTOj5y+fDWhYvZt6Ey7PkotwFE75WG40GA/Ics/g=="), "creationDate" : ISODate("25770-08-11T07:31:17Z"), "updateDate" : ISODate("25770-08-11T07:31:17Z"), "status" : 0, "masterKey" : \{ "provider" : "local" }

}

 

 

 

 

These data encryption keys can be generated either with the sample code from the driver repo:

https://github.com/mongodb/mongo-java-driver/blob/master/driver-sync/src/examples/tour/ClientSideEncryptionSimpleTour.java

Or by following instructions in this use-case guide:

https://docs.mongodb.com/ecosystem/use-cases/sensitive-data-encryption



 Comments   
Comment by Jeffrey Yemin [ 07/Oct/19 ]

Fixed with mongodb-crypt 1.0.0-beta5

Comment by Jeffrey Yemin [ 30/Sep/19 ]

chris.cho,

Please try with mongodb-crypt 1.0.0-beta5 jar. That should fix it.

Comment by Jeffrey Yemin [ 26/Sep/19 ]

It's probably MONGOCRYPT-21 then. We just need to build a new jar file with the latest libmongocrypt. We tagged back on 7/24 and that's what's in mongodb-crypt jar file.

Comment by Kevin Albertson [ 26/Sep/19 ]

I suspect this is a libmongocrypt bug, but I have not yet been able to reproduce locally. With a unit test in libmongocrypt that creates a data key, I inserted it with pymongo to produce:

{
	"_id" : BinData(3,"D3wiHg/8SEi4LNi8e4uhBQ=="),
	"status" : 0,
	"masterKey" : {
		"region" : "region",
		"key" : "cmk",
		"provider" : "aws"
	},
	"updateDate" : ISODate("2019-09-26T13:17:04.380Z"),
	"keyMaterial" : BinData(0,"AQICAHhQNmWG2CzOm1dq3kWLM+iDUZhEqnhJwH9wZVpuZ94A8gHCPOT4UQIpMTvAVABLqnXlAAAAwjCBvwYJKoZIhvcNAQcGoIGxMIGuAgEAMIGoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDLxAm0nO3rccdoWA6AIBEIB7HUe6+aPvgNu/4sLEXBQVDIJVBueI3q7zdOMBSkRKkgZWqEuQgA6iDuEZbhHhOVCUXPBaLX6QWRwyMmjvIy/2Bg5q+TmwnfRo6QKdw2vee1W32/FdPWIoQy1yKOoIhNy6XMWldS3JuWK8ffQOYkssEqx0V4LW6PKuFv7D"),
	"creationDate" : ISODate("2019-09-26T13:17:04.380Z")
}

And using the 3.11.0 Java driver locally produced:

{
	"_id" : UUID("87885145-5ff7-4fc8-96df-4a5879834c0a"),
	"keyMaterial" : BinData(0,"M9PzsB/hqtjL/mbqNpiGCBFE/yGcakbMjrtmRnNyJ42MevqL5bAztTk2NgrIVbGOnaK2bsIcJesXoOsziWnCHnZDMoVVW9g+vTPKeBSdCkB99izU0BDzowL1e9mM6GZ4FVxnDUMzUttJ5FXyAanL11LIOIjjHtLf+5lRjK8utIssis45EuXseWmUuvqgUw4RQOq3kcoaWQrZ1c0Y+buIcA=="),
	"creationDate" : ISODate("2019-09-26T13:34:55.963Z"),
	"updateDate" : ISODate("2019-09-26T13:34:55.963Z"),
	"status" : 0,
	"masterKey" : {
		"provider" : "local"
	}
}

We've had an issue with creationDate/updateDate previously, but that was fixed in MONGOCRYPT-21.

Perhaps this is an underlying libbson bug in bson_gettimeofday. However, I am using macOS and I assume jeff.yemin is too.

Comment by Jeffrey Yemin [ 25/Sep/19 ]

kevin.albertson the key vault document is generated by libmongocrypt. Any idea how we could be getting these weird dates? When I try locally I'm seeing dates in the far past:

MongoDB Enterprise > db.datakeys.find().pretty()
{
	"_id" : UUID("c6ad06b9-9528-48f6-9b0d-c636a9d398f7"),
	"keyMaterial" : BinData(0,"yHyhpGsqC6HfA7caBQgf/EyGqHFQ57Q48tJdZ3IB92eYM28dcjSgi2Oy3NJKx8ExeklJ/MCXp9WrDjmisUslwZyOMEN2OJwiF7MHFf43YFXsJY+X+x1JSCQVBtGUU4Ph3/0by+CzusHy0uk0rNgDdtJqYyyYbs4AlWAXAavIloMfqX8oQ0sLSv496D+8cFyCTdph6W0rCQ/cB+8Z+cH3oA=="),
	"creationDate" : ISODate("1978-02-25T23:05:39Z"),
	"updateDate" : ISODate("1978-02-25T23:05:39Z"),
	"status" : 0,
	"masterKey" : {
		"provider" : "local"
	}
}

Generated at Thu Feb 08 08:59:38 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.