-
Type: Improvement
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: Field Level Encryption
-
None
-
Minor Change
-
Security 2022-07-11, Security 2022-07-25, Security 2022-08-08
Scope
- Return an error when receiving an InsertUpdatePayload with a mismatched IndexKeyId.
Background & Motivation
The InsertUpdatePayload includes the IndexKeyId here.
The IndexKeyId is expected to match the "keyId" specified on encryptedFields. A mistaken insert with an incorrect IndexKeyId results in incorrect query results and non-obvious errors.
Example 1:
- encryptedFields uses key1ID
- Insert with UserKeyID=key1ID IndexKeyID=key2ID
- Find with IndexKeyID=key1ID
Will not find the inserted document.
Example 2:
- encryptedFields uses key1ID
- Insert with UserKeyID=key1ID IndexKeyID=key2ID
- Delete with IndexKeyID=key2ID
Returns this server error:
Invalid advance (5391210624386066) past end of buffer[188] at offset: 8
These scenarios were tested with the Go driver here and can be run with:
go test -v -tags cse -count=1 ./mongo/integration -run TestClientSideEncryptionProse/explicit_encryption/case_6