[MONGOCRYPT-365] Support new context and state for rewrapManyDataKey Created: 04/Jan/22  Updated: 28/Oct/23  Resolved: 28/Mar/22

Status: Closed
Project: Libmongocrypt
Component/s: None
Affects Version/s: None
Fix Version/s: 1.5.0-alpha0, 1.5.0

Type: New Feature Priority: Unknown
Reporter: Kevin Albertson Assignee: Ezra Chung
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to MONGOCRYPT-450 Remove unnecessary fields from rewrap... Closed
Epic Link: Key Management API

 Description   

Background

WRITING-9378 proposes adding a new context to libmongocrypt to assist with driver implementation of the new ClientEncryption::rewrapManyDataKey method.

The ClientEncryption::rewrapManyDataKey method should create a context in libmongocrypt.

The libmongocrypt context should do the following:

  • Enter the MONGOCRYPT_CTX_NEED_MONGO_KEYS state to request the driver "find" matching keys.
  • Decrypt matching keys with the old KMS provider, entering the MONGOCRYPT_CTX_NEED_KMS state as needed.
  • Encrypt matching keys with the new KMS provider, entering the MONGOCRYPT_CTX_NEED_KMS state as needed.
  • Enter a new state MONGOCRYPT_CTX_NEED_UPDATE to request the driver run a bulk update on the key vault collection with the new documents.
    • Drivers are expected to run a bulk update after obtaining the rewrapped key documents with mongocrypt_ctx_finalize(), after which libmongocrypt has no further work to do. A new state was therefore deemed unnecessary.

Scope

  • Support a new context in libmongocrypt to rewrap multiple data keys.
  • Add a new state MONGOCRYPT_CTX_NEED_UPDATE to request the driver run a bulk update.


 Comments   
Comment by Githook User [ 28/Mar/22 ]

Author:

{'name': 'Ezra Chung', 'email': '88335979+eramongodb@users.noreply.github.com', 'username': 'eramongodb'}

Message: MONGOCRYPT-365 Implement rewrapManyDataKey (#270)

  • Preserve dates when copying _mongocrypt_key_doc_t
  • Add mode to key broker to permit adding keys without requests
Generated at Thu Feb 08 09:08:32 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.