MONGOCRYPT-756 Convert FLE2EncryptionPlaceholder to FLE2InsertUpdatePayloadV2 for text search indexed fields

Author: erwee

src/mc-efc-private.h

@@ -28,6 +28,10 @@ typedef enum _supported_query_type_flags {
     SUPPORTS_RANGE_QUERIES = 1 << 1,
     // Range preview query supported
     SUPPORTS_RANGE_PREVIEW_DEPRECATED_QUERIES = 1 << 2,
+    // Text search preview query supported
+    SUPPORTS_SUBSTRING_PREVIEW_QUERIES = 1 << 3,
+    SUPPORTS_SUFFIX_PREVIEW_QUERIES = 1 << 4,
+    SUPPORTS_PREFIX_PREVIEW_QUERIES = 1 << 5,
 } supported_query_type_flags;
 
 typedef struct _mc_EncryptedField_t {

src/mc-efc.c

@@ -32,6 +32,12 @@ static bool _parse_query_type_string(const char *queryType, supported_query_type
         *out = SUPPORTS_RANGE_QUERIES;
     } else if (mstr_eq_ignore_case(mstrv_lit(MONGOCRYPT_QUERY_TYPE_RANGEPREVIEW_DEPRECATED_STR), qtv)) {
         *out = SUPPORTS_RANGE_PREVIEW_DEPRECATED_QUERIES;
+    } else if (mstr_eq_ignore_case(mstrv_lit(MONGOCRYPT_QUERY_TYPE_SUBSTRINGPREVIEW_STR), qtv)) {
+        *out = SUPPORTS_SUBSTRING_PREVIEW_QUERIES;
+    } else if (mstr_eq_ignore_case(mstrv_lit(MONGOCRYPT_QUERY_TYPE_SUFFIXPREVIEW_STR), qtv)) {
+        *out = SUPPORTS_SUFFIX_PREVIEW_QUERIES;
+    } else if (mstr_eq_ignore_case(mstrv_lit(MONGOCRYPT_QUERY_TYPE_PREFIXPREVIEW_STR), qtv)) {
+        *out = SUPPORTS_PREFIX_PREVIEW_QUERIES;
     } else {
         return false;
     }

src/mc-fle2-encryption-placeholder-private.h

@@ -119,6 +119,72 @@ bool mc_FLE2RangeInsertSpec_parse(mc_FLE2RangeInsertSpec_t *out,
                                   bool use_range_v2,
                                   mongocrypt_status_t *status);
 
+/* mc_FLE2SubstringInsertSpec_t holds the parameters used to encode for substring search. */
+typedef struct {
+    // max substring code point length to be indexed
+    int32_t mlen;
+    // upper bound code point length of valid substring queries
+    int32_t ub;
+    // lower bound code point length of valid substring queries
+    int32_t lb;
+} mc_FLE2SubstringInsertSpec_t;
+
+/* mc_FLE2SuffixInsertSpec_t holds the parameters used to encode for suffix search. */
+typedef struct {
+    // upper bound code point length of valid suffix queries
+    int32_t ub;
+    // lower bound code point length of valid suffix queries
+    int32_t lb;
+} mc_FLE2SuffixInsertSpec_t;
+
+/* mc_FLE2PrefixInsertSpec_t holds the parameters used to encode for prefix search. */
+typedef struct {
+    // upper bound code point length of valid prefix queries
+    int32_t ub;
+    // lower bound code point length of valid prefix queries
+    int32_t lb;
+} mc_FLE2PrefixInsertSpec_t;
+
+/** mc_FLE2TextSearchInsertSpec_t represents the text search insert specification that is
+ * encoded inside of a FLE2EncryptionPlaceholder. See
+ * https://github.com/mongodb/mongo/blob/master/src/mongo/crypto/fle_field_schema.idl
+ * for the representation in the MongoDB server. */
+typedef struct {
+    // v is the value to encrypt.
+    bson_iter_t v;
+    // casef is whether or not to case fold
+    bool casef;
+    // diacf is whether or not to diacritic fold
+    bool diacf;
+
+    // optional parameters for substring search
+    struct {
+        mc_FLE2SubstringInsertSpec_t value;
+        bool set;
+    } substringSpec;
+
+    // optional parameters for suffix search
+    struct {
+        mc_FLE2SuffixInsertSpec_t value;
+        bool set;
+    } suffixSpec;
+
+    // optional parameters for prefix search
+    struct {
+        mc_FLE2PrefixInsertSpec_t value;
+        bool set;
+    } prefixSpec;
+} mc_FLE2TextSearchInsertSpec_t;
+
+// `mc_FLE2TextSearchInsertSpec_t` inherits extended alignment from libbson. To dynamically allocate, use
+// aligned allocation (e.g. BSON_ALIGNED_ALLOC)
+BSON_STATIC_ASSERT2(alignof_mc_FLE2TextSearchInsertSpec_t,
+                    BSON_ALIGNOF(mc_FLE2TextSearchInsertSpec_t) >= BSON_ALIGNOF(bson_iter_t));
+
+bool mc_FLE2TextSearchInsertSpec_parse(mc_FLE2TextSearchInsertSpec_t *out,
+                                       const bson_iter_t *in,
+                                       mongocrypt_status_t *status);
+
 /** FLE2EncryptionPlaceholder implements Encryption BinData (subtype 6)
  * sub-subtype 0, the intent-to-encrypt mapping. Contains a value to encrypt and
  * a description of how it should be encrypted.

src/mc-fle2-encryption-placeholder.c

@@ -20,6 +20,7 @@
 
 #include "mc-fle2-encryption-placeholder-private.h"
 #include "mongocrypt-buffer-private.h"
+#include "mongocrypt-private.h"
 #include "mongocrypt.h"
 
 #define CLIENT_ERR_PREFIXED_HELPER(Prefix, ErrorString, ...) CLIENT_ERR(Prefix ": " ErrorString, ##__VA_ARGS__)
@@ -44,6 +45,22 @@
         goto fail;                                                                                                     \
     }
 
+// Common logic for parsing int32 greater than zero
+#define IF_FIELD_INT32_GT0_PARSE(Name, Dest, Iter)                                                                     \
+    IF_FIELD(Name) {                                                                                                   \
+        if (!BSON_ITER_HOLDS_INT32(&Iter)) {                                                                           \
+            CLIENT_ERR_PREFIXED("'" #Name "' must be an int32");                                                       \
+            goto fail;                                                                                                 \
+        }                                                                                                              \
+        int32_t val = bson_iter_int32(&Iter);                                                                          \
+        if (val <= 0) {                                                                                                \
+            CLIENT_ERR_PREFIXED("'" #Name "' must be greater than zero");                                              \
+            goto fail;                                                                                                 \
+        }                                                                                                              \
+        Dest = val;                                                                                                    \
+    }                                                                                                                  \
+    END_IF_FIELD
+
 void mc_FLE2EncryptionPlaceholder_init(mc_FLE2EncryptionPlaceholder_t *placeholder) {
     memset(placeholder, 0, sizeof(mc_FLE2EncryptionPlaceholder_t));
 }
@@ -94,7 +111,7 @@ bool mc_FLE2EncryptionPlaceholder_parse(mc_FLE2EncryptionPlaceholder_t *out,
             }
             algorithm = bson_iter_int32(&iter);
             if (algorithm != MONGOCRYPT_FLE2_ALGORITHM_UNINDEXED && algorithm != MONGOCRYPT_FLE2_ALGORITHM_EQUALITY
-                && algorithm != MONGOCRYPT_FLE2_ALGORITHM_RANGE) {
+                && algorithm != MONGOCRYPT_FLE2_ALGORITHM_RANGE && algorithm != MONGOCRYPT_FLE2_ALGORITHM_TEXT_SEARCH) {
                 CLIENT_ERR_PREFIXED("invalid algorithm value: %d", algorithm);
                 goto fail;
             }
@@ -491,3 +508,203 @@ bool mc_FLE2RangeInsertSpec_parse(mc_FLE2RangeInsertSpec_t *out,
 }
 
 #undef ERROR_PREFIX
+
+#define ERROR_PREFIX "Error parsing FLE2SubstringInsertSpec"
+
+static bool mc_FLE2SubstringInsertSpec_parse(mc_FLE2SubstringInsertSpec_t *out,
+                                             const bson_iter_t *in,
+                                             mongocrypt_status_t *status) {
+    bson_iter_t iter;
+    bool has_mlen = false, has_ub = false, has_lb = false;
+    BSON_ASSERT_PARAM(out);
+    BSON_ASSERT_PARAM(in);
+
+    iter = *in;
+
+    if (!BSON_ITER_HOLDS_DOCUMENT(&iter)) {
+        CLIENT_ERR_PREFIXED("must be an iterator to a document");
+        return false;
+    }
+    bson_iter_recurse(&iter, &iter);
+    while (bson_iter_next(&iter)) {
+        const char *field = bson_iter_key(&iter);
+        BSON_ASSERT(field);
+        IF_FIELD_INT32_GT0_PARSE(mlen, out->mlen, iter);
+        IF_FIELD_INT32_GT0_PARSE(ub, out->ub, iter);
+        IF_FIELD_INT32_GT0_PARSE(lb, out->lb, iter);
+    }
+    CHECK_HAS(mlen)
+    CHECK_HAS(ub)
+    CHECK_HAS(lb)
+    if (out->ub < out->lb) {
+        CLIENT_ERR_PREFIXED("upper bound cannot be less than the lower bound");
+        goto fail;
+    }
+    if (out->mlen < out->ub) {
+        CLIENT_ERR_PREFIXED("maximum indexed length cannot be less than the upper bound");
+        goto fail;
+    }
+    return true;
+fail:
+    return false;
+}
+
+#undef ERROR_PREFIX
+
+#define ERROR_PREFIX "Error parsing FLE2SuffixInsertSpec"
+
+static bool
+mc_FLE2SuffixInsertSpec_parse(mc_FLE2SuffixInsertSpec_t *out, const bson_iter_t *in, mongocrypt_status_t *status) {
+    bson_iter_t iter;
+    bool has_ub = false, has_lb = false;
+
+    BSON_ASSERT_PARAM(out);
+    BSON_ASSERT_PARAM(in);
+
+    iter = *in;
+
+    if (!BSON_ITER_HOLDS_DOCUMENT(&iter)) {
+        CLIENT_ERR_PREFIXED("must be an iterator to a document");
+        return false;
+    }
+    bson_iter_recurse(&iter, &iter);
+    while (bson_iter_next(&iter)) {
+        const char *field = bson_iter_key(&iter);
+        BSON_ASSERT(field);
+        IF_FIELD_INT32_GT0_PARSE(ub, out->ub, iter);
+        IF_FIELD_INT32_GT0_PARSE(lb, out->lb, iter);
+    }
+    CHECK_HAS(ub)
+    CHECK_HAS(lb)
+    if (out->ub < out->lb) {
+        CLIENT_ERR_PREFIXED("upper bound cannot be less than the lower bound");
+        goto fail;
+    }
+    return true;
+fail:
+    return false;
+}
+
+#undef ERROR_PREFIX
+
+#define ERROR_PREFIX "Error parsing FLE2PrefixInsertSpec"
+
+static bool
+mc_FLE2PrefixInsertSpec_parse(mc_FLE2PrefixInsertSpec_t *out, const bson_iter_t *in, mongocrypt_status_t *status) {
+    bson_iter_t iter;
+    bool has_ub = false, has_lb = false;
+    BSON_ASSERT_PARAM(out);
+    BSON_ASSERT_PARAM(in);
+
+    iter = *in;
+
+    if (!BSON_ITER_HOLDS_DOCUMENT(&iter)) {
+        CLIENT_ERR_PREFIXED("must be an iterator to a document");
+        return false;
+    }
+    bson_iter_recurse(&iter, &iter);
+    while (bson_iter_next(&iter)) {
+        const char *field = bson_iter_key(&iter);
+        BSON_ASSERT(field);
+        IF_FIELD_INT32_GT0_PARSE(ub, out->ub, iter);
+        IF_FIELD_INT32_GT0_PARSE(lb, out->lb, iter);
+    }
+    CHECK_HAS(ub)
+    CHECK_HAS(lb)
+    if (out->ub < out->lb) {
+        CLIENT_ERR_PREFIXED("upper bound cannot be less than the lower bound");
+        goto fail;
+    }
+fail:
+    return false;
+}
+
+#undef ERROR_PREFIX
+
+#define ERROR_PREFIX "Error parsing FLE2TextSearchInsertSpec"
+
+bool mc_FLE2TextSearchInsertSpec_parse(mc_FLE2TextSearchInsertSpec_t *out,
+                                       const bson_iter_t *in,
+                                       mongocrypt_status_t *status) {
+    BSON_ASSERT_PARAM(out);
+    BSON_ASSERT_PARAM(in);
+
+    *out = (mc_FLE2TextSearchInsertSpec_t){{0}};
+
+    bson_iter_t iter = *in;
+    bool has_v = false, has_casef = false, has_diacf = false;
+    bool has_substr = false, has_suffix = false, has_prefix = false;
+
+    if (!BSON_ITER_HOLDS_DOCUMENT(&iter)) {
+        CLIENT_ERR_PREFIXED("must be an iterator to a document");
+        return false;
+    }
+    bson_iter_recurse(&iter, &iter);
+
+    while (bson_iter_next(&iter)) {
+        const char *field = bson_iter_key(&iter);
+        BSON_ASSERT(field);
+
+        IF_FIELD(v) {
+            out->v = iter;
+        }
+        END_IF_FIELD
+
+        IF_FIELD(casef) {
+            if (!BSON_ITER_HOLDS_BOOL(&iter)) {
+                CLIENT_ERR_PREFIXED("'casef' must be a bool");
+                goto fail;
+            }
+            out->casef = bson_iter_bool(&iter);
+        }
+        END_IF_FIELD
+
+        IF_FIELD(diacf) {
+            if (!BSON_ITER_HOLDS_BOOL(&iter)) {
+                CLIENT_ERR_PREFIXED("'diacf' must be a bool");
+                goto fail;
+            }
+            out->diacf = bson_iter_bool(&iter);
+        }
+        END_IF_FIELD
+
+        IF_FIELD(substr) {
+            if (!mc_FLE2SubstringInsertSpec_parse(&out->substringSpec.value, &iter, status)) {
+                goto fail;
+            }
+            out->substringSpec.set = true;
+        }
+        END_IF_FIELD
+
+        IF_FIELD(suffix) {
+            if (!mc_FLE2SuffixInsertSpec_parse(&out->suffixSpec.value, &iter, status)) {
+                goto fail;
+            }
+            out->suffixSpec.set = true;
+        }
+        END_IF_FIELD
+
+        IF_FIELD(prefix) {
+            if (!mc_FLE2PrefixInsertSpec_parse(&out->prefixSpec.value, &iter, status)) {
+                goto fail;
+            }
+            out->prefixSpec.set = true;
+        }
+        END_IF_FIELD
+    }
+
+    CHECK_HAS(v)
+    CHECK_HAS(casef)
+    CHECK_HAS(diacf)
+    // one of substr/suffix/prefix must be set
+    if (!(has_substr || has_suffix || has_prefix)) {
+        CLIENT_ERR_PREFIXED("Must have a substring, suffix, or prefix index specification");
+        goto fail;
+    }
+    return true;
+
+fail:
+    return false;
+}
+
+#undef ERROR_PREFIX

src/mc-fle2-insert-update-payload-private-v2.h

@@ -25,6 +25,31 @@
 #include "mongocrypt-private.h"
 #include "mongocrypt.h"
 
+#define DEF_TEXT_SEARCH_TOKEN_SET(Type)                                                                                \
+    typedef struct {                                                                                                   \
+        _mongocrypt_buffer_t edcDerivedToken;                                                                          \
+        _mongocrypt_buffer_t escDerivedToken;                                                                          \
+        _mongocrypt_buffer_t serverDerivedFromDataToken;                                                               \
+        _mongocrypt_buffer_t encryptedTokens;                                                                          \
+    } mc_Text##Type##TokenSet_t;                                                                                       \
+    void mc_Text##Type##TokenSet_init(mc_Text##Type##TokenSet_t *);                                                    \
+    void mc_Text##Type##TokenSet_cleanup(mc_Text##Type##TokenSet_t *)
+
+DEF_TEXT_SEARCH_TOKEN_SET(Exact);
+DEF_TEXT_SEARCH_TOKEN_SET(Substring);
+DEF_TEXT_SEARCH_TOKEN_SET(Suffix);
+DEF_TEXT_SEARCH_TOKEN_SET(Prefix);
+
+typedef struct {
+    mc_TextExactTokenSet_t exact; // e
+    mc_array_t substringArray;    // s
+    mc_array_t suffixArray;       // u
+    mc_array_t prefixArray;       // p
+} mc_TextSearchTokenSets_t;
+
+void mc_TextSearchTokenSets_init(mc_TextSearchTokenSets_t *);
+void mc_TextSearchTokenSets_cleanup(mc_TextSearchTokenSets_t *);
+
 /**
  * FLE2InsertUpdatePayloadV2 represents an FLE2 payload of an indexed field to
  * insert or update. It is created client side.
@@ -83,6 +108,12 @@ typedef struct {
     mc_optional_int32_t trimFactor;                  // tf
     bson_value_t indexMin;                           // mn
     bson_value_t indexMax;                           // mx
+
+    struct {
+        mc_TextSearchTokenSets_t tsts;
+        bool set;
+    } textSearchTokenSets; // b
+
     _mongocrypt_buffer_t plaintext;
     _mongocrypt_buffer_t userKeyId;
 } mc_FLE2InsertUpdatePayloadV2_t;
@@ -130,6 +161,8 @@ bool mc_FLE2InsertUpdatePayloadV2_serializeForRange(const mc_FLE2InsertUpdatePay
                                                     bson_t *out,
                                                     bool use_range_v2);
 
+bool mc_FLE2InsertUpdatePayloadV2_serializeForTextSearch(const mc_FLE2InsertUpdatePayloadV2_t *payload, bson_t *out);
+
 void mc_FLE2InsertUpdatePayloadV2_cleanup(mc_FLE2InsertUpdatePayloadV2_t *payload);
 
 #endif /* MC_FLE2_INSERT_UPDATE_PAYLOAD_PRIVATE_V2_H */