Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-91887

Reject mismatched parameters in QE payloads

    • Type: Icon: Improvement Improvement
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Queryable Encryption
    • None
    • Server Security
    • Security 2024-07-08, Security 2024-07-22, Security 2024-08-05, Security 2024-08-19, Security 2024-09-02, Security 2024-09-16, Security 2024-09-30, Security 2024-10-14, Security 2024-10-28, Security 2024-11-11, Security 2024-11-25

      Scope

      Add encryption parameters to QE payloads intended for the server. contentionFactor is already present in payloads. Add: min, max, trimFactor, sparsity, precision to the range payloads:

      • FLE2InsertUpdatePayloadV2
      • FLE2FindRangePayloadV2.

      Reject incoming QE payloads created with values differing from the server's encryptedFields.

      Background & Motivation

      If a QE payload is generated with parameters that do not match the server, the server may quietly accept the values. This may result in incorrect query responses.

      Here is a runnable example. Relevant snippet:

      # Create the collection with contention_factor=1
      coll = db.create_collection("coll", encryptedFields=encrypted_fields)
      
      # Insert with contention_factor=2
      payload = client_encryption.encrypt(
          "foo", Algorithm.INDEXED, key_id, contention_factor=2
      )
      coll.insert_one({"encrypted": payload})  # No error!
      
      # Find with contention_factor=1
      find_payload = client_encryption.encrypt(
          "foo",
          Algorithm.INDEXED,
          key_id,
          query_type=QueryType.EQUALITY,
          contention_factor=1,
      )
      
      doc = coll.find_one({"encrypted": find_payload})
      print(f"Got document: {doc}") # Sometimes 'None'!
      

      See Safeguard mismatched encryption parameters for a further description.

            Assignee:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Reporter:
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: