SERVER-85745 Add QE2 AnchorPaddingToken(Root|Key|Value)

GitOrigin-RevId: 5650bdc8e3cc8545867bf9bfecc879030368854c
Crescentek · Feb 6, 2024 · ccf712b · ccf712b
1 parent cbb439b
commit ccf712b
Show file tree

Hide file tree

Showing 4 changed files with 88 additions and 3 deletions.
diff --git a/src/mongo/crypto/fle_crypto.cpp b/src/mongo/crypto/fle_crypto.cpp
@@ -151,6 +151,13 @@ constexpr uint64_t kTwiceDerivedTokenFromECCValue = 2;
 constexpr uint64_t kServerCountAndContentionFactorEncryption = 1;
 constexpr uint64_t kServerZerosEncryption = 2;
 
+// "d" value in: S^esc_f_d = Fs[f,1,2,d]; where d = 17 octets of 0
+constexpr char kAnchorPaddingTokenDVal[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+static_assert(sizeof(kAnchorPaddingTokenDVal) == 17);
+
+constexpr uint64_t kAnchorPaddingKeyToken = 1;
+constexpr uint64_t kAnchorPaddingValueToken = 2;
+
 constexpr int32_t kEncryptionInformationSchemaVersion = 1;
 
 constexpr auto kECCNullId = 0;
@@ -2275,6 +2282,20 @@ FLEServerMetadataEncryptionTokenGenerator::generateServerZerosEncryptionToken(
     return FLEUtil::prf(token.data, kServerZerosEncryption);
 }
 
+AnchorPaddingRootToken FLEAnchorPaddingGenerator::generateAnchorPaddingRootToken(ESCToken token) {
+    return FLEUtil::prf(token.data, ConstDataRange(kAnchorPaddingTokenDVal));
+}
+
+AnchorPaddingKeyToken FLEAnchorPaddingDerivedGenerator::generateAnchorPaddingKeyToken(
+    AnchorPaddingRootToken token) {
+    return FLEUtil::prf(token.data, kAnchorPaddingKeyToken);
+}
+
+AnchorPaddingValueToken FLEAnchorPaddingDerivedGenerator::generateAnchorPaddingValueToken(
+    AnchorPaddingRootToken token) {
+    return FLEUtil::prf(token.data, kAnchorPaddingValueToken);
+}
+
 StatusWith<EncryptedStateCollectionTokens> EncryptedStateCollectionTokens::decryptAndParse(
     ECOCToken token, ConstDataRange cdr) {
     auto swUnpack = decryptAndUnpack<PrfBlock, PrfBlock>(cdr, token);

diff --git a/src/mongo/crypto/fle_crypto.h b/src/mongo/crypto/fle_crypto.h
@@ -233,6 +233,35 @@ class FLEServerMetadataEncryptionTokenGenerator {
         ServerDerivedFromDataToken token);
 };
 
+/**
+ * Generate token anchor padding root
+ */
+class FLEAnchorPaddingGenerator {
+public:
+    /**
+     * AnchorPaddingRootToken = HMAC(ESCToken, d) = S^esc_f_d = Fs[f,1,2,d]
+     *  d = 136 bit blob of zero = 17 octets of 0
+     */
+    static AnchorPaddingRootToken generateAnchorPaddingRootToken(ESCToken token);
+};
+
+/**
+ * Generate token anchor padding derived tokens
+ */
+class FLEAnchorPaddingDerivedGenerator {
+public:
+    /**
+     * AnchorPaddingKeyToken = HMAC(AnchorPaddingRootToken, 1) = Fs[f,1,2,d,1]
+     */
+    static AnchorPaddingKeyToken generateAnchorPaddingKeyToken(AnchorPaddingRootToken token);
+
+    /**
+     * AnchorPaddingValueToken = HMAC(AnchorPaddingRootToken, 2) = Fs[f,1,2,d,2]
+     */
+    static AnchorPaddingValueToken generateAnchorPaddingValueToken(AnchorPaddingRootToken token);
+};
+
+
 /**
  * ESC Collection schema
  * {

diff --git a/src/mongo/crypto/fle_crypto_test.cpp b/src/mongo/crypto/fle_crypto_test.cpp
@@ -368,6 +368,26 @@ TEST(FLETokens, TestVectors) {
     ASSERT_EQUALS(ECCTwiceDerivedValueToken(decodePrf(
                       "EFA5746DB796DAC6FAACB7E5F28DB53B333588A43131F0C026B19D2B1215EAE2"_sd)),
                   eccTwiceValueToken);
+
+
+    // Anchor Padding
+    auto anchorPaddingTokenRoot =
+        FLEAnchorPaddingGenerator::generateAnchorPaddingRootToken(escToken);
+    ASSERT_EQUALS(AnchorPaddingRootToken(decodePrf(
+                      "4312890F621FE3CA7497C3405DFD8AAF46A578C77F7404D28C12BA853A4D3327"_sd)),
+                  anchorPaddingTokenRoot);
+
+    auto anchorPaddingTokenKey =
+        FLEAnchorPaddingDerivedGenerator::generateAnchorPaddingKeyToken(anchorPaddingTokenRoot);
+    ASSERT_EQUALS(AnchorPaddingKeyToken(decodePrf(
+                      "EF6D80379C462FC724CE8C245DC177ED507154B4EBB04DED780FA0DDAF1A2247"_sd)),
+                  anchorPaddingTokenKey);
+
+    auto anchorPaddingTokenValue =
+        FLEAnchorPaddingDerivedGenerator::generateAnchorPaddingValueToken(anchorPaddingTokenRoot);
+    ASSERT_EQUALS(AnchorPaddingValueToken(decodePrf(
+                      "A3308597F3C5271D5BAB640F749E619E9272A2C33F4CD372680F55F84CC4DF7F"_sd)),
+                  anchorPaddingTokenValue);
 }
 
 TEST(FLETokens, TestVectorUnindexedValueDecryption) {

diff --git a/src/mongo/crypto/fle_crypto_types.h b/src/mongo/crypto/fle_crypto_types.h
@@ -125,9 +125,9 @@ using FLEUserKeyAndId = FLEKeyAndId<FLEKeyType::User>;
  * CollectionsLevel1Token = HMAC(IndexKey, 1) = K_{f,1}
  * ServerDataEncryptionLevel1Token = HMAC(IndexKey, 3) = K_{f,3} = Fs[f,3]
  *
- * EDCToken = HMAC(CollectionsLevel1Token, 1) = K^{edc}_f
- * ESCToken = HMAC(CollectionsLevel1Token, 2) = K^{esc}_f
- * ECCToken = HMAC(CollectionsLevel1Token, 3) = K^{ecc}_f
+ * EDCToken = HMAC(CollectionsLevel1Token, 1) = K^{edc}_f = Fs[f,1,1]
+ * ESCToken = HMAC(CollectionsLevel1Token, 2) = K^{esc}_f = Fs[f,1,2]
+ * ECCToken = HMAC(CollectionsLevel1Token, 3) = K^{ecc}_f = Fs[f,1,3]
  * ECOCToken = HMAC(CollectionsLevel1Token, 4) = K^{ecoc}_f = Fs[f,1,4]
  *
  * EDCDerivedFromDataToken = HMAC(EDCToken, v) = K^{edc}_{f,v} = Fs[f,1,1,v]
@@ -149,6 +149,12 @@ using FLEUserKeyAndId = FLEKeyAndId<FLEKeyType::User>;
  * ServerDerivedFromDataToken = HMAC(ServerTokenDerivationLevel1Token, v) = K_{f,2,v} = Fs[f,2,v]
  * ServerCountAndContentionFactorEncryptionToken = HMAC(ServerDerivedFromDataToken, 1) = Fs[f,2,v,1]
  * ServerZerosEncryptionToken = HMAC(ServerDerivedFromDataToken, 2) = Fs[f,2,v,2]
+ *
+ * Range Protocol V2
+ * AnchorPaddingRootToken = HMAC(ESCToken, d) = S^esc_f_d = Fs[f,1,2,d]
+ *  d = 136 bit blob of zero = 17 octets of 0
+ * AnchorPaddingKeyToken = HMAC(AnchorPaddingRootToken, 1) = S1_d = F^(S^esc_fd)(1)
+ * AnchorPaddingValueToken = HMAC(AnchorPaddingRootToken, 2) =  S2_d = F^(S^esc_fd)(2)
  */
 enum class FLETokenType {
     CollectionsLevel1Token,
@@ -178,6 +184,11 @@ enum class FLETokenType {
     ServerDerivedFromDataToken,
     ServerCountAndContentionFactorEncryptionToken,
     ServerZerosEncryptionToken,
+
+    // range protocol v2 tokens
+    AnchorPaddingRootToken,
+    AnchorPaddingKeyToken,
+    AnchorPaddingValueToken,
 };
 
 /**
@@ -239,6 +250,10 @@ using ServerCountAndContentionFactorEncryptionToken =
     FLEToken<FLETokenType::ServerCountAndContentionFactorEncryptionToken>;
 using ServerZerosEncryptionToken = FLEToken<FLETokenType::ServerZerosEncryptionToken>;
 
+using AnchorPaddingRootToken = FLEToken<FLETokenType::AnchorPaddingRootToken>;
+using AnchorPaddingKeyToken = FLEToken<FLETokenType::AnchorPaddingKeyToken>;
+using AnchorPaddingValueToken = FLEToken<FLETokenType::AnchorPaddingValueToken>;
+
 /**
  * A pair of a (ESCDerivedFromDataTokenAndContentionFactorToken, optional
  * EDCDerivedFromDataTokenAndContentionFactorToken) that will be used to lookup a count for the ESC