libmongocrypt
mc-fle2-payload-iev-private-v2.h
1 /*
2  * Copyright 2023-present MongoDB, Inc.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef MONGOCRYPT_INDEXED_ENCRYPTED_VALUE_PRIVATE_V2_H
18 #define MONGOCRYPT_INDEXED_ENCRYPTED_VALUE_PRIVATE_V2_H
19 
20 #include "mc-fle2-tag-and-encrypted-metadata-block-private.h"
21 #include "mc-tokens-private.h"
22 #include "mongocrypt-buffer-private.h"
23 #include "mongocrypt-crypto-private.h"
24 #include "mongocrypt-status-private.h"
25 
26 /*
27  * FLE2IndexedEqualityEncryptedValueV2 and FLE2IndexedRangeEncryptedValueV2
28  * share a common internal implementation.
29  *
30  * Lifecycle:
31  * 1. mc_FLE2IndexedEncryptedValueV2_init
32  * 2. mc_FLE2IndexedEncryptedValueV2_parse
33  * 3. mc_FLE2IndexedEncryptedValueV2_get_S_KeyId
34  * 4. mc_FLE2IndexedEncryptedValueV2_add_S_Key
35  * 5. mc_FLE2IndexedEncryptedValueV2_get_K_KeyId
36  * 6. mc_FLE2IndexedEncryptedValueV2_add_K_Key
37  * 7. mc_FLE2IndexedEncryptedValueV2_get_ClientValue
38  * 8. mc_FLE2IndexedEncryptedValueV2_serialize
39  * 9. mc_FLE2IndexedEncryptedValueV2_destroy
40  *
41  *
42  * FLE2IndexedEqualityEncryptedValueV2 has the following data layout:
43  *
44  * struct FLE2IndexedEqualityEncryptedValueV2 {
45  * uint8_t fle_blob_subtype = 14;
46  * uint8_t S_KeyId[16];
47  * uint8_t original_bson_type;
48  * uint8_t ServerEncryptedValue[ServerEncryptedValue.length];
49  * FLE2TagAndEncryptedMetadataBlock metadata;
50  * }
51  *
52  * ServerEncryptedValue :=
53  * EncryptCTR(ServerEncryptionToken, K_KeyId || ClientEncryptedValue)
54  * ClientEncryptedValue := EncryptCBCAEAD(K_Key, clientValue, AD=K_KeyId)
55  *
56  *
57  * struct FLE2TagAndEncryptedMetadataBlock {
58  * uint8_t encryptedCount[32]; // EncryptCTR(countEncryptionToken,
59  * // count || contentionFactor)
60  * uint8_t tag[32]; // HMAC-SHA256(count, edcTwiceDerived)
61  * uint8_t encryptedZeros[32]; // EncryptCTR(zerosEncryptionToken, 0*)
62  * }
63  *
64  *
65  * FLE2IndexedRangeEncryptedValueV2 has the following data layout:
66  *
67  * struct FLE2IndexedRangeEncryptedValueV2 {
68  * uint8_t fle_blob_subtype = 15;
69  * uint8_t S_KeyId[16];
70  * uint8_t original_bson_type;
71  * uint8_t edge_count;
72  * uint8_t ServerEncryptedValue[ServerEncryptedValue.length];
73  * FLE2TagAndEncryptedMetadataBlock metadata[edge_count];
74  * }
75  *
76  * Note that this format differs from FLE2IndexedEqualityEncryptedValueV2
77  * in only two ways:
78  * 1/ `edge_count` is introduced as an octet following `original_bson_type`.
79  * 2/ Rather than a single metadata block, we have {edge_count} blocks.
80  *
81  */
82 
83 typedef struct _mc_FLE2IndexedEncryptedValueV2_t mc_FLE2IndexedEncryptedValueV2_t;
84 
85 mc_FLE2IndexedEncryptedValueV2_t *mc_FLE2IndexedEncryptedValueV2_new(void);
86 bson_type_t mc_FLE2IndexedEncryptedValueV2_get_bson_value_type(const mc_FLE2IndexedEncryptedValueV2_t *iev,
87  mongocrypt_status_t *status);
88 
89 /*
90  * Populates an mc_FLE2IndexedEncryptedValueV2_t from a buffer.
91  *
92  * Input buffer must take the form of:
93  * fle_blob_subtype (8u)
94  * S_KeyId (8u * 16u)
95  * original_bson_type (8u)
96  * if (range)
97  * edge_count(8u)
98  * ServerEncryptedValue (8u * SEV_len)
99  * metadata (96u * {range ? edge_count : 1u})
100  *
101  * Returns an error if the input buffer is not valid.
102  */
103 bool mc_FLE2IndexedEncryptedValueV2_parse(mc_FLE2IndexedEncryptedValueV2_t *iev,
104  const _mongocrypt_buffer_t *buf,
105  mongocrypt_status_t *status);
106 
107 /*
108  * Serializes an mc_FLE2IndexedEncryptedValueV2_t into a buffer.
109  *
110  * The serialized output follows the same layout as the input `buf` to
111  * mc_FLE2IndexedEncryptedValueV2_parse, allowing for round-trip
112  * conversions between the serialized and parsed forms.
113  *
114  * Returns an error if the input structure is not valid, or if the buffer
115  * provided is insufficient to hold the serialized data.
116  */
117 bool mc_FLE2IndexedEncryptedValueV2_serialize(const mc_FLE2IndexedEncryptedValueV2_t *iev,
118  _mongocrypt_buffer_t *buf,
119  mongocrypt_status_t *status);
120 
121 const _mongocrypt_buffer_t *mc_FLE2IndexedEncryptedValueV2_get_S_KeyId(const mc_FLE2IndexedEncryptedValueV2_t *iev,
122  mongocrypt_status_t *status);
123 
124 bool mc_FLE2IndexedEncryptedValueV2_add_S_Key(_mongocrypt_crypto_t *crypto,
125  mc_FLE2IndexedEncryptedValueV2_t *iev,
126  const _mongocrypt_buffer_t *S_Key,
127  mongocrypt_status_t *status);
128 
129 const _mongocrypt_buffer_t *
130 mc_FLE2IndexedEncryptedValueV2_get_ClientEncryptedValue(const mc_FLE2IndexedEncryptedValueV2_t *iev,
131  mongocrypt_status_t *status);
132 
133 const _mongocrypt_buffer_t *mc_FLE2IndexedEncryptedValueV2_get_K_KeyId(const mc_FLE2IndexedEncryptedValueV2_t *iev,
134  mongocrypt_status_t *status);
135 
136 bool mc_FLE2IndexedEncryptedValueV2_add_K_Key(_mongocrypt_crypto_t *crypto,
137  mc_FLE2IndexedEncryptedValueV2_t *iev,
138  const _mongocrypt_buffer_t *K_Key,
139  mongocrypt_status_t *status);
140 
141 const _mongocrypt_buffer_t *mc_FLE2IndexedEncryptedValueV2_get_ClientValue(const mc_FLE2IndexedEncryptedValueV2_t *iev,
142  mongocrypt_status_t *status);
143 
144 uint8_t mc_FLE2IndexedEncryptedValueV2_get_edge_count(const mc_FLE2IndexedEncryptedValueV2_t *iev,
145  mongocrypt_status_t *status);
146 
147 bool mc_FLE2IndexedEncryptedValueV2_get_edge(const mc_FLE2IndexedEncryptedValueV2_t *iev,
148  mc_FLE2TagAndEncryptedMetadataBlock_t *out,
149  const uint8_t edge_index,
150  mongocrypt_status_t *status);
151 
152 bool mc_FLE2IndexedEncryptedValueV2_get_metadata(const mc_FLE2IndexedEncryptedValueV2_t *iev,
153  mc_FLE2TagAndEncryptedMetadataBlock_t *out,
154  mongocrypt_status_t *status);
155 
156 void mc_FLE2IndexedEncryptedValueV2_destroy(mc_FLE2IndexedEncryptedValueV2_t *iev);
157 
158 #endif /* MONGOCRYPT_INDEXED_ENCRYPTED_VALUE_PRIVATE_V2_H */
struct _mongocrypt_status_t mongocrypt_status_t
Definition: mongocrypt.h:152