[SERVER-73729] Split decryptAndParse functions of FLE2IndexedEqualityEncryptedValueV2 and FLE2IndexedRangeEncryptedValueV2 Created: 07/Feb/23  Updated: 29/Oct/23  Resolved: 09/Feb/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.0.0-rc0

Type: Task Priority: Major - P3
Reporter: Erwin Pe Assignee: Erwin Pe
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Backwards Compatibility: Fully Compatible
Sprint: Security 2023-02-20
Participants:
Linked BF Score: 153

 Description   

The current decryptAndParse functions in these two classes require both the serverToken and the serverDerivedFromData token so that they can parse and decrypt the entire serialized blob.

However, it is often the case that only one of these tokens exist and only a certain section of the serialized blob needs to be decrypted. For example. in collScan finds, only the metadata block needs to be decrypted. During client decryption, only the user ciphertext needs to be decrypted.

The interface of these classes should be rewritten so as to allow the parse & decryption of only certain sections of the serialized data.



 Comments   
Comment by Githook User [ 09/Feb/23 ]

Author:

{'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}

Message: SERVER-73729 Fix unit test compilation on Windows
Branch: master
https://github.com/mongodb/mongo/commit/8a82b0ad9167ee516b777bf1e46e820bd3e27580

Comment by Githook User [ 09/Feb/23 ]

Author:

{'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}

Message: SERVER-73729 Split decryptAndParse functions of FLE2Indexed(Equality/Range)EncryptedValueV2
Branch: master
https://github.com/mongodb/mongo/commit/4ac9a81c224c4eebc1e971062b5319ed37122e83

Generated at Thu Feb 08 06:25:28 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.