MONGOCRYPT-756 Convert FLE2EncryptionPlaceholder to FLE2InsertUpdatePayloadV2 for text search indexed fields (#939)

MONGOCRYPT-756 Convert FLE2EncryptionPlaceholder to FLE2InsertUpdatePayloadV2 for text search indexed fields

Author: erwee

CMakeLists.txt

@@ -462,6 +462,7 @@ set (TEST_MONGOCRYPT_SOURCES
    test/test-gcp-auth.c
    test/test-mc-cmp.c
    test/test-mc-efc.c
+   test/test-mc-fle2-encryption-placeholder.c
    test/test-mc-fle2-find-equality-payload-v2.c
    test/test-mc-fle2-find-range-payload-v2.c
    test/test-mc-fle2-payload-iev.c

src/mc-efc-private.h

@@ -28,6 +28,10 @@ typedef enum _supported_query_type_flags {
     SUPPORTS_RANGE_QUERIES = 1 << 1,
     // Range preview query supported
     SUPPORTS_RANGE_PREVIEW_DEPRECATED_QUERIES = 1 << 2,
+    // Text search preview query supported
+    SUPPORTS_SUBSTRING_PREVIEW_QUERIES = 1 << 3,
+    SUPPORTS_SUFFIX_PREVIEW_QUERIES = 1 << 4,
+    SUPPORTS_PREFIX_PREVIEW_QUERIES = 1 << 5,
 } supported_query_type_flags;
 
 typedef struct _mc_EncryptedField_t {

src/mc-efc.c

@@ -32,6 +32,12 @@ static bool _parse_query_type_string(const char *queryType, supported_query_type
         *out = SUPPORTS_RANGE_QUERIES;
     } else if (mstr_eq_ignore_case(mstrv_lit(MONGOCRYPT_QUERY_TYPE_RANGEPREVIEW_DEPRECATED_STR), qtv)) {
         *out = SUPPORTS_RANGE_PREVIEW_DEPRECATED_QUERIES;
+    } else if (mstr_eq_ignore_case(mstrv_lit(MONGOCRYPT_QUERY_TYPE_SUBSTRINGPREVIEW_STR), qtv)) {
+        *out = SUPPORTS_SUBSTRING_PREVIEW_QUERIES;
+    } else if (mstr_eq_ignore_case(mstrv_lit(MONGOCRYPT_QUERY_TYPE_SUFFIXPREVIEW_STR), qtv)) {
+        *out = SUPPORTS_SUFFIX_PREVIEW_QUERIES;
+    } else if (mstr_eq_ignore_case(mstrv_lit(MONGOCRYPT_QUERY_TYPE_PREFIXPREVIEW_STR), qtv)) {
+        *out = SUPPORTS_PREFIX_PREVIEW_QUERIES;
     } else {
         return false;
     }

src/mc-fle2-encryption-placeholder-private.h

@@ -121,6 +121,7 @@ bool mc_FLE2RangeInsertSpec_parse(mc_FLE2RangeInsertSpec_t *out,
 
 // Note: For the substring/suffix/prefix insert specs, all lengths are in terms of number of UTF-8 codepoints, not
 // number of bytes.
+/* mc_FLE2SubstringInsertSpec_t holds the parameters used to encode for substring search. */
 typedef struct {
     // mlen is the max string length that can be indexed.
     uint32_t mlen;
@@ -130,22 +131,31 @@ typedef struct {
     uint32_t ub;
 } mc_FLE2SubstringInsertSpec_t;
 
+/* mc_FLE2SuffixInsertSpec_t holds the parameters used to encode for suffix search. */
 typedef struct {
     // lb is the lower bound on the length of suffixes to be indexed.
     uint32_t lb;
     // ub is the upper bound on the length of suffixes to be indexed.
     uint32_t ub;
 } mc_FLE2SuffixInsertSpec_t;
 
+/* mc_FLE2PrefixInsertSpec_t holds the parameters used to encode for prefix search. */
 typedef struct {
     // lb is the lower bound on the length of prefixes to be indexed.
     uint32_t lb;
     // ub is the upper bound on the length of prefixes to be indexed.
     uint32_t ub;
 } mc_FLE2PrefixInsertSpec_t;
 
+/** mc_FLE2TextSearchInsertSpec_t represents the text search insert specification that is
+ * encoded inside of a FLE2EncryptionPlaceholder. See
+ * https://github.com/mongodb/mongo/blob/master/src/mongo/crypto/fle_field_schema.idl
+ * for the representation in the MongoDB server. */
 typedef struct {
-    // v is the value to encrypt.
+    // v_iter points to the value to encrypt.
+    bson_iter_t v_iter;
+
+    // v is the value to encrypt, pointing to the value at v_iter.
     const char *v;
     // len is the byte length of v.
     uint32_t len;
@@ -174,6 +184,20 @@ typedef struct {
     bool diacf;
 } mc_FLE2TextSearchInsertSpec_t;
 
+// `mc_FLE2TextSearchInsertSpec_t` inherits extended alignment from libbson. To dynamically allocate, use
+// aligned allocation (e.g. BSON_ALIGNED_ALLOC)
+BSON_STATIC_ASSERT2(alignof_mc_FLE2TextSearchInsertSpec_t,
+                    BSON_ALIGNOF(mc_FLE2TextSearchInsertSpec_t) >= BSON_ALIGNOF(bson_iter_t));
+
+/** mc_FLE2TextSearchInsertSpec_parse parses a BSON document into a mc_FLE2TextSearchInsertSpec_t.
+ * @in must point to a BSON document.
+ * @out must outlive the BSON object @in is iterating on.
+ * - Returns false on error.
+ * - No cleanup needed for @out. */
+bool mc_FLE2TextSearchInsertSpec_parse(mc_FLE2TextSearchInsertSpec_t *out,
+                                       const bson_iter_t *in,
+                                       mongocrypt_status_t *status);
+
 /** FLE2EncryptionPlaceholder implements Encryption BinData (subtype 6)
  * sub-subtype 0, the intent-to-encrypt mapping. Contains a value to encrypt and
  * a description of how it should be encrypted.

src/mc-fle2-encryption-placeholder.c

@@ -20,6 +20,8 @@
 
 #include "mc-fle2-encryption-placeholder-private.h"
 #include "mongocrypt-buffer-private.h"
+#include "mongocrypt-private.h"
+#include "mongocrypt-util-private.h" // mc_bson_type_to_string
 #include "mongocrypt.h"
 
 #define CLIENT_ERR_PREFIXED_HELPER(Prefix, ErrorString, ...) CLIENT_ERR(Prefix ": " ErrorString, ##__VA_ARGS__)
@@ -44,6 +46,22 @@
         goto fail;                                                                                                     \
     }
 
+// Common logic for parsing int32 greater than zero
+#define IF_FIELD_INT32_GT0_PARSE(Name, Dest, Iter)                                                                     \
+    IF_FIELD(Name) {                                                                                                   \
+        if (!BSON_ITER_HOLDS_INT32(&Iter)) {                                                                           \
+            CLIENT_ERR_PREFIXED("'" #Name "' must be an int32");                                                       \
+            goto fail;                                                                                                 \
+        }                                                                                                              \
+        int32_t val = bson_iter_int32(&Iter);                                                                          \
+        if (val <= 0) {                                                                                                \
+            CLIENT_ERR_PREFIXED("'" #Name "' must be greater than zero");                                              \
+            goto fail;                                                                                                 \
+        }                                                                                                              \
+        Dest = (uint32_t)val;                                                                                          \
+    }                                                                                                                  \
+    END_IF_FIELD
+
 void mc_FLE2EncryptionPlaceholder_init(mc_FLE2EncryptionPlaceholder_t *placeholder) {
     memset(placeholder, 0, sizeof(mc_FLE2EncryptionPlaceholder_t));
 }
@@ -94,7 +112,7 @@ bool mc_FLE2EncryptionPlaceholder_parse(mc_FLE2EncryptionPlaceholder_t *out,
             }
             algorithm = bson_iter_int32(&iter);
             if (algorithm != MONGOCRYPT_FLE2_ALGORITHM_UNINDEXED && algorithm != MONGOCRYPT_FLE2_ALGORITHM_EQUALITY
-                && algorithm != MONGOCRYPT_FLE2_ALGORITHM_RANGE) {
+                && algorithm != MONGOCRYPT_FLE2_ALGORITHM_RANGE && algorithm != MONGOCRYPT_FLE2_ALGORITHM_TEXT_SEARCH) {
                 CLIENT_ERR_PREFIXED("invalid algorithm value: %d", algorithm);
                 goto fail;
             }
@@ -491,3 +509,210 @@ bool mc_FLE2RangeInsertSpec_parse(mc_FLE2RangeInsertSpec_t *out,
 }
 
 #undef ERROR_PREFIX
+
+#define ERROR_PREFIX "Error parsing FLE2SubstringInsertSpec"
+
+static bool mc_FLE2SubstringInsertSpec_parse(mc_FLE2SubstringInsertSpec_t *out,
+                                             const bson_iter_t *in,
+                                             mongocrypt_status_t *status) {
+    bson_iter_t iter;
+    bool has_mlen = false, has_ub = false, has_lb = false;
+    BSON_ASSERT_PARAM(out);
+    BSON_ASSERT_PARAM(in);
+
+    iter = *in;
+
+    if (!BSON_ITER_HOLDS_DOCUMENT(&iter)) {
+        CLIENT_ERR_PREFIXED("must be an iterator to a document");
+        return false;
+    }
+    bson_iter_recurse(&iter, &iter);
+    while (bson_iter_next(&iter)) {
+        const char *field = bson_iter_key(&iter);
+        BSON_ASSERT(field);
+        IF_FIELD_INT32_GT0_PARSE(mlen, out->mlen, iter);
+        IF_FIELD_INT32_GT0_PARSE(ub, out->ub, iter);
+        IF_FIELD_INT32_GT0_PARSE(lb, out->lb, iter);
+    }
+    CHECK_HAS(mlen)
+    CHECK_HAS(ub)
+    CHECK_HAS(lb)
+    if (out->ub < out->lb) {
+        CLIENT_ERR_PREFIXED("upper bound cannot be less than the lower bound");
+        goto fail;
+    }
+    if (out->mlen < out->ub) {
+        CLIENT_ERR_PREFIXED("maximum indexed length cannot be less than the upper bound");
+        goto fail;
+    }
+    return true;
+fail:
+    return false;
+}
+
+#undef ERROR_PREFIX
+
+#define ERROR_PREFIX "Error parsing FLE2SuffixInsertSpec"
+
+static bool
+mc_FLE2SuffixInsertSpec_parse(mc_FLE2SuffixInsertSpec_t *out, const bson_iter_t *in, mongocrypt_status_t *status) {
+    bson_iter_t iter;
+    bool has_ub = false, has_lb = false;
+
+    BSON_ASSERT_PARAM(out);
+    BSON_ASSERT_PARAM(in);
+
+    iter = *in;
+
+    if (!BSON_ITER_HOLDS_DOCUMENT(&iter)) {
+        CLIENT_ERR_PREFIXED("must be an iterator to a document");
+        return false;
+    }
+    bson_iter_recurse(&iter, &iter);
+    while (bson_iter_next(&iter)) {
+        const char *field = bson_iter_key(&iter);
+        BSON_ASSERT(field);
+        IF_FIELD_INT32_GT0_PARSE(ub, out->ub, iter);
+        IF_FIELD_INT32_GT0_PARSE(lb, out->lb, iter);
+    }
+    CHECK_HAS(ub)
+    CHECK_HAS(lb)
+    if (out->ub < out->lb) {
+        CLIENT_ERR_PREFIXED("upper bound cannot be less than the lower bound");
+        goto fail;
+    }
+    return true;
+fail:
+    return false;
+}
+
+#undef ERROR_PREFIX
+
+#define ERROR_PREFIX "Error parsing FLE2PrefixInsertSpec"
+
+static bool
+mc_FLE2PrefixInsertSpec_parse(mc_FLE2PrefixInsertSpec_t *out, const bson_iter_t *in, mongocrypt_status_t *status) {
+    bson_iter_t iter;
+    bool has_ub = false, has_lb = false;
+    BSON_ASSERT_PARAM(out);
+    BSON_ASSERT_PARAM(in);
+
+    iter = *in;
+
+    if (!BSON_ITER_HOLDS_DOCUMENT(&iter)) {
+        CLIENT_ERR_PREFIXED("must be an iterator to a document");
+        return false;
+    }
+    bson_iter_recurse(&iter, &iter);
+    while (bson_iter_next(&iter)) {
+        const char *field = bson_iter_key(&iter);
+        BSON_ASSERT(field);
+        IF_FIELD_INT32_GT0_PARSE(ub, out->ub, iter);
+        IF_FIELD_INT32_GT0_PARSE(lb, out->lb, iter);
+    }
+    CHECK_HAS(ub)
+    CHECK_HAS(lb)
+    if (out->ub < out->lb) {
+        CLIENT_ERR_PREFIXED("upper bound cannot be less than the lower bound");
+        goto fail;
+    }
+    return true;
+fail:
+    return false;
+}
+
+#undef ERROR_PREFIX
+
+#define ERROR_PREFIX "Error parsing FLE2TextSearchInsertSpec"
+
+bool mc_FLE2TextSearchInsertSpec_parse(mc_FLE2TextSearchInsertSpec_t *out,
+                                       const bson_iter_t *in,
+                                       mongocrypt_status_t *status) {
+    BSON_ASSERT_PARAM(out);
+    BSON_ASSERT_PARAM(in);
+
+    *out = (mc_FLE2TextSearchInsertSpec_t){{0}};
+
+    bson_iter_t iter = *in;
+    bool has_v = false, has_casef = false, has_diacf = false;
+    bool has_substr = false, has_suffix = false, has_prefix = false;
+
+    if (!BSON_ITER_HOLDS_DOCUMENT(&iter)) {
+        CLIENT_ERR_PREFIXED("must be an iterator to a document");
+        return false;
+    }
+    bson_iter_recurse(&iter, &iter);
+
+    while (bson_iter_next(&iter)) {
+        const char *field = bson_iter_key(&iter);
+        BSON_ASSERT(field);
+
+        IF_FIELD(v) {
+            out->v = bson_iter_utf8(&iter, &out->len);
+            if (!out->v) {
+                CLIENT_ERR_PREFIXED("unsupported BSON type: %s for text search",
+                                    mc_bson_type_to_string(bson_iter_type(&iter)));
+                goto fail;
+            }
+            out->v_iter = iter;
+        }
+        END_IF_FIELD
+
+        IF_FIELD(casef) {
+            if (!BSON_ITER_HOLDS_BOOL(&iter)) {
+                CLIENT_ERR_PREFIXED("'casef' must be a bool");
+                goto fail;
+            }
+            out->casef = bson_iter_bool(&iter);
+        }
+        END_IF_FIELD
+
+        IF_FIELD(diacf) {
+            if (!BSON_ITER_HOLDS_BOOL(&iter)) {
+                CLIENT_ERR_PREFIXED("'diacf' must be a bool");
+                goto fail;
+            }
+            out->diacf = bson_iter_bool(&iter);
+        }
+        END_IF_FIELD
+
+        IF_FIELD(substr) {
+            if (!mc_FLE2SubstringInsertSpec_parse(&out->substr.value, &iter, status)) {
+                goto fail;
+            }
+            out->substr.set = true;
+        }
+        END_IF_FIELD
+
+        IF_FIELD(suffix) {
+            if (!mc_FLE2SuffixInsertSpec_parse(&out->suffix.value, &iter, status)) {
+                goto fail;
+            }
+            out->suffix.set = true;
+        }
+        END_IF_FIELD
+
+        IF_FIELD(prefix) {
+            if (!mc_FLE2PrefixInsertSpec_parse(&out->prefix.value, &iter, status)) {
+                goto fail;
+            }
+            out->prefix.set = true;
+        }
+        END_IF_FIELD
+    }
+
+    CHECK_HAS(v)
+    CHECK_HAS(casef)
+    CHECK_HAS(diacf)
+    // one of substr/suffix/prefix must be set
+    if (!(has_substr || has_suffix || has_prefix)) {
+        CLIENT_ERR_PREFIXED("Must have a substring, suffix, or prefix index specification");
+        goto fail;
+    }
+    return true;
+
+fail:
+    return false;
+}
+
+#undef ERROR_PREFIX