Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
d8cf297
add failing test
kevinAlbs Sep 15, 2025
a23b6fe
keyAltName prototype
mdb-ad Sep 29, 2025
55f4a65
WIP state
mdb-ad Oct 14, 2025
072857f
c driver tests passing
mdb-ad Oct 17, 2025
31bbd30
test including cache + passing
mdb-ad Oct 21, 2025
c4d566f
working in C driver
mdb-ad Oct 21, 2025
bd76c71
cleanup
mdb-ad Oct 29, 2025
e07769d
test fixes
mdb-ad Oct 29, 2025
c004d2a
Merge branch 'master' into keyaltname
mdb-ad Oct 30, 2025
5889267
fix schema broker tests
mdb-ad Oct 30, 2025
b516f7d
reset key broker state
mdb-ad Oct 30, 2025
8038777
Merge branch 'master' into keyaltname
mdb-ad Nov 19, 2025
7dce4e0
Merge branch 'master' into keyaltname
mdb-ad Nov 20, 2025
eed45cd
avoid keyAltName uninitialized warning
mdb-ad Nov 20, 2025
ba797ed
Merge branch 'master' into keyaltname
mdb-ad Dec 4, 2025
7275061
leak fixes
mdb-ad Dec 11, 2025
a1e2d05
key doc
mdb-ad Dec 15, 2025
6b4ad06
mongocryptd docs
mdb-ad Dec 15, 2025
df70cff
memory fixes
mdb-ad Dec 16, 2025
635815e
BSON matching
mdb-ad Dec 19, 2025
0640178
Merge branch 'master' into keyaltname
mdb-ad Jan 8, 2026
9bfc564
possible leak fix
mdb-ad Jan 27, 2026
139972f
adjust test error message to include keyAltName
mdb-ad Jan 29, 2026
8e6d691
fmt
mdb-ad Jan 29, 2026
8b3b569
fmt
mdb-ad Feb 6, 2026
2026432
fmt
mdb-ad Feb 6, 2026
fce8aff
add failing test for "create"
kevinAlbs Feb 10, 2026
f1e46e3
create tests
mdb-ad Feb 13, 2026
36f3d12
translate create command
mdb-ad Feb 16, 2026
5d5c740
refactor translate function + passing create test
mdb-ad Feb 16, 2026
cd02412
add failing test for bypassQueryAnalysis
kevinAlbs Feb 12, 2026
60ec413
respect bypassQueryAnalysis
mdb-ad Feb 16, 2026
2011f85
fix another create test
mdb-ad Feb 16, 2026
3dbfc1c
encryptedFields and encryptionInformation were reordered
mdb-ad Feb 16, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/mc-efc-private.h
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ typedef enum _supported_query_type_flags {
typedef struct _mc_EncryptedField_t {
supported_query_type_flags supported_queries;
_mongocrypt_buffer_t keyId;
const char *keyAltName;
const char *path;
struct _mc_EncryptedField_t *next;
} mc_EncryptedField_t;
Expand Down
50 changes: 42 additions & 8 deletions src/mc-efc.c
Original file line number Diff line number Diff line change
Expand Up @@ -85,18 +85,46 @@ static bool _parse_field(mc_EncryptedFieldConfig_t *efc, bson_t *field, mongocry
BSON_ASSERT_PARAM(efc);
BSON_ASSERT_PARAM(field);

if (!bson_iter_init_find(&field_iter, field, "keyId")) {
CLIENT_ERR("unable to find 'keyId' in 'field' document");
bool has_keyid = false;
bool has_keyaltname = false;
if (bson_iter_init_find(&field_iter, field, "keyId")) {
has_keyid = true;
}
if (bson_iter_init_find(&field_iter, field, "keyAltName")) {
has_keyaltname = true;
}
if (!(has_keyid || has_keyaltname)) {
CLIENT_ERR("unable to find 'keyId' or 'keyAltName' in 'field' document");
return false;
}
if (!BSON_ITER_HOLDS_BINARY(&field_iter)) {
CLIENT_ERR("expected 'fields.keyId' to be type binary, got: %d", (int)bson_iter_type(&field_iter));
if (has_keyid && has_keyaltname) {
CLIENT_ERR("only one of 'keyId' or 'keyAltName may be in 'field' document");
return false;
}

_mongocrypt_buffer_t field_keyid;
if (!_mongocrypt_buffer_from_uuid_iter(&field_keyid, &field_iter)) {
CLIENT_ERR("unable to parse uuid key from 'fields.keyId'");
return false;
if (has_keyid) {
BSON_ASSERT(bson_iter_init_find(&field_iter, field, "keyId"));
if (!BSON_ITER_HOLDS_BINARY(&field_iter)) {
CLIENT_ERR("expected 'fields.keyId' to be type binary, got: %d", (int)bson_iter_type(&field_iter));
return false;
}
if (!_mongocrypt_buffer_from_uuid_iter(&field_keyid, &field_iter)) {
CLIENT_ERR("unable to parse uuid key from 'fields.keyId'");
return false;
}
} else if (has_keyaltname) {
BSON_ASSERT(bson_iter_init_find(&field_iter, field, "keyAltName"));
}

const char *keyAltName = "";
if (has_keyaltname) {
BSON_ASSERT(bson_iter_init_find(&field_iter, field, "keyAltName"));
if (!BSON_ITER_HOLDS_UTF8(&field_iter)) {
CLIENT_ERR("expected 'fields.keyAltName' to be type UTF-8, got: %d", (int)bson_iter_type(&field_iter));
return false;
}
keyAltName = bson_iter_utf8(&field_iter, NULL);
}

const char *field_path;
Expand Down Expand Up @@ -151,7 +179,12 @@ static bool _parse_field(mc_EncryptedFieldConfig_t *efc, bson_t *field, mongocry

/* Prepend a new mc_EncryptedField_t */
mc_EncryptedField_t *ef = bson_malloc0(sizeof(mc_EncryptedField_t));
_mongocrypt_buffer_copy_to(&field_keyid, &ef->keyId);
if (has_keyid) {
_mongocrypt_buffer_copy_to(&field_keyid, &ef->keyId);
}
if (has_keyaltname) {
ef->keyAltName = bson_strdup(keyAltName);
}
ef->path = bson_strdup(field_path);
ef->next = efc->fields;
ef->supported_queries = query_types;
Expand Down Expand Up @@ -229,6 +262,7 @@ void mc_EncryptedFieldConfig_cleanup(mc_EncryptedFieldConfig_t *efc) {
mc_EncryptedField_t *ptr_next = ptr->next;
_mongocrypt_buffer_cleanup(&ptr->keyId);
bson_free((char *)ptr->path);
bson_free((char *)ptr->keyAltName);
bson_free(ptr);
ptr = ptr_next;
}
Expand Down
24 changes: 23 additions & 1 deletion src/mc-schema-broker-private.h
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@

#include "mc-efc-private.h" // mc_EncryptedFieldConfig_t
#include "mongocrypt-cache-collinfo-private.h"
#include "mongocrypt-key-broker-private.h"
#include "mongocrypt.h"
#include <bson/bson.h>

Expand Down Expand Up @@ -102,6 +103,12 @@ bool mc_schema_broker_need_more_schemas(const mc_schema_broker_t *sb);
const mc_EncryptedFieldConfig_t *
mc_schema_broker_get_encryptedFields(const mc_schema_broker_t *sb, const char *coll, mongocrypt_status_t *status);

// mc_schema_broker_get_encryptedFields returns encryptedFields for a collection if any exists.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// mc_schema_broker_get_encryptedFields returns encryptedFields for a collection if any exists.
// mc_schema_broker_maybe_get_encryptedFields returns encryptedFields for a collection if any exists.

//
// Returns NULL if none is found.
const mc_EncryptedFieldConfig_t *
mc_schema_broker_maybe_get_encryptedFields(const mc_schema_broker_t *sb, const char *coll, mongocrypt_status_t *status);

typedef enum {
MC_CMD_SCHEMAS_FOR_CRYPT_SHARED, // target the crypt_shared library.
MC_CMD_SCHEMAS_FOR_MONGOCRYPTD, // target mongocryptd process.
Expand All @@ -118,8 +125,23 @@ typedef enum {
// - encryptionInformation: for QE.
//
// Set cmd_target to the intended command destination. This impacts if/how schema information is added.
bool mc_schema_broker_add_schemas_to_cmd(const mc_schema_broker_t *sb,
bool mc_schema_broker_add_schemas_to_cmd(mc_schema_broker_t *sb,
_mongocrypt_key_broker_t *kb,
bson_t *cmd /* in and out */,
mc_cmd_target_t cmd_target,
mongocrypt_status_t *status);

// mc_translate_fields_keyAltName_to_keyId processes a "fields" array from encryptedFields,
// translating keyAltName to keyId for each field document.
//
// @param fields_bson The fields array to process
// @param kb The key broker to use for keyAltName to keyId translation
// @param out The output array to append translated fields to
// @param status Output status
// @return true on success, false on error
bool mc_translate_fields_keyAltName_to_keyId(const bson_t *fields_bson,
_mongocrypt_key_broker_t *kb,
bson_t *out,
mongocrypt_status_t *status);

#endif // MC_SCHEMA_BROKER_PRIVATE_H
Loading