Background

WRITING-9378 proposes adding a new context to libmongocrypt to assist with driver implementation of the new ClientEncryption::rewrapManyDataKey method.

The ClientEncryption::rewrapManyDataKey method should create a context in libmongocrypt.

The libmongocrypt context should do the following:

• Enter the MONGOCRYPT_CTX_NEED_MONGO_KEYS state to request the driver "find" matching keys.
• Decrypt matching keys with the old KMS provider, entering the MONGOCRYPT_CTX_NEED_KMS state as needed.
• Encrypt matching keys with the new KMS provider, entering the MONGOCRYPT_CTX_NEED_KMS state as needed.
• Enter a new state MONGOCRYPT_CTX_NEED_UPDATE to request the driver run a bulk update on the key vault collection with the new documents.
  • Drivers are expected to run a bulk update after obtaining the rewrapped key documents with mongocrypt_ctx_finalize(), after which libmongocrypt has no further work to do. A new state was therefore deemed unnecessary.

Scope

• Support a new context in libmongocrypt to rewrap multiple data keys.
• Add a new state MONGOCRYPT_CTX_NEED_UPDATE to request the driver run a bulk update.