[MONGOCRYPT-537] Switch QE to CBC for user data Created: 15/Feb/23  Updated: 28/Oct/23  Resolved: 28/Feb/23

Status: Closed
Project: Libmongocrypt
Component/s: None
Affects Version/s: None
Fix Version/s: 1.8.0, 1.8.0-alpha0

Type: Task Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Sara Golemon
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on MONGOCRYPT-546 Unify en/decrypt functions across FLE... Closed
Epic Link: PM-2972
Binding Changes: Not Needed

 Description   

Change from CTR cipher mode to CBC cipher mode for encrypting the user data. In final cipher in use will be AES-256-CBC with AEAD provided by HMAC-SHA-256. This is not the same as the FLE 1 algorithm which took half of SHA-512 for AEAD.

This impacts kFLE2EqualityIndexedValueV2 and kFLE2RangeIndexedValueV2. Also, a new unindexed encrypted value type will be needed that uses CBC.

In the server code, only the QE code that calls _mongocrypt_fle2aead_do_encryption is affected by this change.



 Comments   
Comment by Githook User [ 28/Feb/23 ]

Author:

{'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}

Message: MONGOCRYPT-537 Use AES-256-CBC/SHA-256 with FLE2v2
Branch: master
https://github.com/mongodb/libmongocrypt/commit/e656245b7ebc742df210c8156b9aac41bdd5d113

Comment by Githook User [ 24/Feb/23 ]

Author:

{'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}

Message: MONGOCRYPT-537 Use AES-256-CBC/SHA-256 with FLE2v2
Branch: MONGOCRYPT-537
https://github.com/mongodb/libmongocrypt/commit/7c99a864f2165d77e1467d1d96a2b341bf6bf287

Comment by Sara Golemon [ 23/Feb/23 ]

https://github.com/mongodb/libmongocrypt/pull/582

Generated at Thu Feb 08 09:08:54 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.