[SERVER-73729] Split decryptAndParse functions of FLE2IndexedEqualityEncryptedValueV2 and FLE2IndexedRangeEncryptedValueV2 Created: 07/Feb/23 Updated: 29/Oct/23 Resolved: 09/Feb/23 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 7.0.0-rc0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Erwin Pe | Assignee: | Erwin Pe |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Sprint: | Security 2023-02-20 | ||||
| Participants: | |||||
| Linked BF Score: | 153 | ||||
| Description |
|
The current decryptAndParse functions in these two classes require both the serverToken and the serverDerivedFromData token so that they can parse and decrypt the entire serialized blob. However, it is often the case that only one of these tokens exist and only a certain section of the serialized blob needs to be decrypted. For example. in collScan finds, only the metadata block needs to be decrypted. During client decryption, only the user ciphertext needs to be decrypted. The interface of these classes should be rewritten so as to allow the parse & decryption of only certain sections of the serialized data. |
| Comments |
| Comment by Githook User [ 09/Feb/23 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: |
| Comment by Githook User [ 09/Feb/23 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: |