Class: Mongo::Crypt::Binding Private

Inherits:
Object
  • Object
show all
Extended by:
FFI::Library
Defined in:
lib/mongo/crypt/binding.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

A Ruby binding for the libmongocrypt C library

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.check_ctx_status(context) ⇒ nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Raise a Mongo::Error::CryptError based on the status of the underlying mongocrypt_ctx_t object.

Returns:

  • (nil)

    Always nil.



1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
 
# File 'lib/mongo/crypt/binding.rb', line 1191

def self.check_ctx_status(context)
  if block_given?
    do_raise = !yield
  else
    do_raise = true
  end

  if do_raise
    status = Status.new

    mongocrypt_ctx_status(context.ctx_p, status.ref)
    status.raise_crypt_error
  end
end

.check_kms_ctx_status(kms_context) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

If the provided block returns false, raise a CryptError with the status information from the provided KmsContext object.

Parameters:

Raises:



966
967
968
969
970
971
972
973
 
# File 'lib/mongo/crypt/binding.rb', line 966

def self.check_kms_ctx_status(kms_context)
  unless yield
    status = Status.new

    mongocrypt_kms_ctx_status(kms_context.kms_ctx_p, status.ref)
    status.raise_crypt_error
  end
end

.check_status(handle) ⇒ nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Raise a Mongo::Error::CryptError based on the status of the underlying mongocrypt_t object.

Returns:

  • (nil)

    Always nil.



1178
1179
1180
1181
1182
1183
1184
1185
 
# File 'lib/mongo/crypt/binding.rb', line 1178

def self.check_status(handle)
  unless yield
    status = Status.new

    mongocrypt_status(handle.ref, status.ref)
    status.raise_crypt_error
  end
end

.ctx_datakey_init(context) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initialize the Context to create a data key

Parameters:

Raises:



605
606
607
608
609
 
# File 'lib/mongo/crypt/binding.rb', line 605

def self.ctx_datakey_init(context)
  check_ctx_status(context) do
    mongocrypt_ctx_datakey_init(context.ctx_p)
  end
end

.ctx_decrypt_init(context, command) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initialize the Context for auto-decryption

Parameters:

Raises:



698
699
700
701
702
703
704
705
706
 
# File 'lib/mongo/crypt/binding.rb', line 698

def self.ctx_decrypt_init(context, command)
  validate_document(command)
  data = command.to_bson.to_s
  Binary.wrap_string(data) do |data_p|
    check_ctx_status(context) do
      mongocrypt_ctx_decrypt_init(context.ctx_p, data_p)
    end
  end
end

.ctx_encrypt_init(context, db_name, command) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initialize the Context for auto-encryption

Parameters:

  • context (Mongo::Crypt::Context)
  • db_name (String)

    The name of the database against which the encrypted command is being performed

  • command (Hash)

    The command to be encrypted

Raises:



638
639
640
641
642
643
644
645
646
 
# File 'lib/mongo/crypt/binding.rb', line 638

def self.ctx_encrypt_init(context, db_name, command)
  validate_document(command)
  data = command.to_bson.to_s
  Binary.wrap_string(data) do |data_p|
    check_ctx_status(context) do
      mongocrypt_ctx_encrypt_init(context.ctx_p, db_name, -1, data_p)
    end
  end
end

.ctx_explicit_decrypt_init(context, doc) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initialize the Context for explicit decryption

Parameters:

Raises:



728
729
730
731
732
733
734
735
736
 
# File 'lib/mongo/crypt/binding.rb', line 728

def self.ctx_explicit_decrypt_init(context, doc)
  validate_document(doc)
  data = doc.to_bson.to_s
  Binary.wrap_string(data) do |data_p|
    check_ctx_status(context) do
      mongocrypt_ctx_explicit_decrypt_init(context.ctx_p, data_p)
    end
  end
end

.ctx_explicit_encrypt_init(context, doc) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initialize the Context for explicit encryption

Parameters:

Raises:



672
673
674
675
676
677
678
679
680
 
# File 'lib/mongo/crypt/binding.rb', line 672

def self.ctx_explicit_encrypt_init(context, doc)
  validate_document(doc)
  data = doc.to_bson.to_s
  Binary.wrap_string(data) do |data_p|
    check_ctx_status(context) do
      mongocrypt_ctx_explicit_encrypt_init(context.ctx_p, data_p)
    end
  end
end

.ctx_finalize(context) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Finalize the state machine represented by the Context

Parameters:

Raises:



1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
 
# File 'lib/mongo/crypt/binding.rb', line 1012

def self.ctx_finalize(context)
  binary = Binary.new

  check_ctx_status(context) do
    mongocrypt_ctx_finalize(context.ctx_p, binary.ref)
  end

  # TODO since the binary references a C pointer, and ByteBuffer is
  # written in C in MRI, we could omit a copy of the data by making
  # ByteBuffer reference the string that is owned by libmongocrypt.
  BSON::Document.from_bson(BSON::ByteBuffer.new(binary.to_s), mode: :bson)
end

.ctx_kms_done(context) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Indicate to libmongocrypt that it will receive no more KMS replies.

Parameters:

Raises:



989
990
991
992
993
 
# File 'lib/mongo/crypt/binding.rb', line 989

def self.ctx_kms_done(context)
  check_ctx_status(context) do
    mongocrypt_ctx_kms_done(context.ctx_p)
  end
end

.ctx_mongo_feed(context, doc) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Feed a response from the driver back to libmongocrypt

Parameters:

Raises:



808
809
810
811
812
813
814
815
816
 
# File 'lib/mongo/crypt/binding.rb', line 808

def self.ctx_mongo_feed(context, doc)
  validate_document(doc)
  data = doc.to_bson.to_s
  Binary.wrap_string(data) do |data_p|
    check_ctx_status(context) do
      mongocrypt_ctx_mongo_feed(context.ctx_p, data_p)
    end
  end
end

.ctx_mongo_op(context) ⇒ BSON::Document

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns a BSON::Document representing an operation that the driver must perform on behalf of libmongocrypt to get the information it needs in order to continue with encryption/decryption (for example, a filter for a key vault query).

Parameters:

Returns:

  • (BSON::Document)

    The operation that the driver must perform

Raises:

  • (Mongo::Crypt)

    If there is an error getting the operation



779
780
781
782
783
784
785
786
787
788
789
790
 
# File 'lib/mongo/crypt/binding.rb', line 779

def self.ctx_mongo_op(context)
  binary = Binary.new

  check_ctx_status(context) do
    mongocrypt_ctx_mongo_op(context.ctx_p, binary.ref)
  end

  # TODO since the binary references a C pointer, and ByteBuffer is
  # written in C in MRI, we could omit a copy of the data by making
  # ByteBuffer reference the string that is owned by libmongocrypt.
  BSON::Document.from_bson(BSON::ByteBuffer.new(binary.to_s), mode: :bson)
end

.ctx_next_kms_ctx(context) ⇒ Mongo::Crypt::KmsContext | nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Return a new KmsContext object needed by a Context object.

Parameters:

Returns:

  • (Mongo::Crypt::KmsContext | nil)

    The KmsContext needed to fetch an AWS master key or nil, if no KmsContext is needed



840
841
842
843
844
845
846
847
848
 
# File 'lib/mongo/crypt/binding.rb', line 840

def self.ctx_next_kms_ctx(context)
  kms_ctx_p = mongocrypt_ctx_next_kms_ctx(context.ctx_p)

  if kms_ctx_p.null?
    nil
  else
    KmsContext.new(kms_ctx_p)
  end
end

.ctx_setopt_algorithm(context, name) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set the algorithm on the context

Parameters:

  • context (Mongo::Crypt::Context)
  • name (String)

    The algorithm name. Valid values are:

    • “AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic”

    • “AEAD_AES_256_CBC_HMAC_SHA_512-Random”

Raises:



490
491
492
493
494
 
# File 'lib/mongo/crypt/binding.rb', line 490

def self.ctx_setopt_algorithm(context, name)
  check_ctx_status(context) do
    mongocrypt_ctx_setopt_algorithm(context.ctx_p, name, -1)
  end
end

.ctx_setopt_key_alt_names(context, key_alt_names) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set multiple alternate key names on data key creation

Parameters:

  • context (Mongo::Crypt::Context)

    A DataKeyContext

  • key_alt_names (Array)

    An array of alternate key names as strings

Raises:



453
454
455
456
457
458
459
460
461
462
463
 
# File 'lib/mongo/crypt/binding.rb', line 453

def self.ctx_setopt_key_alt_names(context, key_alt_names)
  key_alt_names.each do |key_alt_name|
    key_alt_name_bson = { :keyAltName => key_alt_name }.to_bson.to_s

    Binary.wrap_string(key_alt_name_bson) do |key_alt_name_p|
      check_ctx_status(context) do
        mongocrypt_ctx_setopt_key_alt_name(context.ctx_p, key_alt_name_p)
      end
    end
  end
end

.ctx_setopt_key_id(context, key_id) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Sets the key id option on an explicit encryption context.

Parameters:

Raises:



420
421
422
423
424
425
426
 
# File 'lib/mongo/crypt/binding.rb', line 420

def self.ctx_setopt_key_id(context, key_id)
  Binary.wrap_string(key_id) do |key_id_p|
    check_ctx_status(context) do
      mongocrypt_ctx_setopt_key_id(context.ctx_p, key_id_p)
    end
  end
end

.ctx_setopt_master_key_aws(context, region, arn) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Configure the Context object to take a master key from AWS

Parameters:

  • context (Mongo::Crypt::Context)
  • region (String)

    The AWS region (e.g. “us-east-2”)

  • arn (String)

    The master key Amazon Resource Name

Raises:



521
522
523
524
525
526
527
528
529
530
531
 
# File 'lib/mongo/crypt/binding.rb', line 521

def self.ctx_setopt_master_key_aws(context, region, arn)
  check_ctx_status(context) do
    mongocrypt_ctx_setopt_masterkey_aws(
      context.ctx_p,
      region,
      -1,
      arn,
      -1
    )
  end
end

.ctx_setopt_master_key_aws_endpoint(context, endpoint) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Configure the Context object to take a masterk ey from AWS

Parameters:

Raises:



554
555
556
557
558
559
560
561
562
 
# File 'lib/mongo/crypt/binding.rb', line 554

def self.ctx_setopt_master_key_aws_endpoint(context, endpoint)
  check_ctx_status(context) do
    mongocrypt_ctx_setopt_masterkey_aws_endpoint(
      context.ctx_p,
      endpoint,
      -1,
    )
  end
end

.ctx_setopt_master_key_local(context) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Tell the Context object to read the master key from local KMS options

Parameters:

Raises:



582
583
584
585
586
 
# File 'lib/mongo/crypt/binding.rb', line 582

def self.ctx_setopt_master_key_local(context)
  check_ctx_status(context) do
    mongocrypt_ctx_setopt_masterkey_local(context.ctx_p)
  end
end

.init(handle) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initialize the Mongo::Crypt::Handle object

Parameters:

Raises:



360
361
362
363
364
 
# File 'lib/mongo/crypt/binding.rb', line 360

def self.init(handle)
  check_status(handle) do
    mongocrypt_init(handle.ref)
  end
end

.kms_ctx_bytes_needed(kms_context) ⇒ Integer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the number of bytes needed by the KmsContext.

Parameters:

Returns:

  • (Integer)

    The number of bytes needed



922
923
924
 
# File 'lib/mongo/crypt/binding.rb', line 922

def self.kms_ctx_bytes_needed(kms_context)
  mongocrypt_kms_ctx_bytes_needed(kms_context.kms_ctx_p)
end

.kms_ctx_endpoint(kms_context) ⇒ String | nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the hostname with which to connect over TLS to get information about the AWS master key.

Parameters:

Returns:

  • (String | nil)

    The hostname, or nil if none exists

Raises:



898
899
900
901
902
903
904
905
906
907
 
# File 'lib/mongo/crypt/binding.rb', line 898

def self.kms_ctx_endpoint(kms_context)
  ptr = FFI::MemoryPointer.new(:pointer, 1)

  check_kms_ctx_status(kms_context) do
    mongocrypt_kms_ctx_endpoint(kms_context.kms_ctx_p, ptr)
  end

  str_ptr = ptr.read_pointer
  str_ptr.null? ? nil : str_ptr.read_string.force_encoding('UTF-8')
end

.kms_ctx_feed(kms_context, bytes) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Feed replies from the KMS back to libmongocrypt.

Parameters:

Raises:



942
943
944
945
946
947
948
 
# File 'lib/mongo/crypt/binding.rb', line 942

def self.kms_ctx_feed(kms_context, bytes)
  check_kms_ctx_status(kms_context) do
    Binary.wrap_string(bytes) do |bytes_p|
      mongocrypt_kms_ctx_feed(kms_context.kms_ctx_p, bytes_p)
    end
  end
end

.kms_ctx_message(kms_context) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the HTTP message needed to fetch the AWS KMS master key from a KmsContext object.

Parameters:

Returns:

  • (String)

    The HTTP message

Raises:



869
870
871
872
873
874
875
876
877
 
# File 'lib/mongo/crypt/binding.rb', line 869

def self.kms_ctx_message(kms_context)
  binary = Binary.new

  check_kms_ctx_status(kms_context) do
    mongocrypt_kms_ctx_message(kms_context.kms_ctx_p, binary.ref)
  end

  return binary.to_s
end

.mongocrypt_binary_data(binary) ⇒ FFI::Pointer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the pointer to the underlying data for the mongocrypt_binary_t.

Parameters:

  • binary (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object.

Returns:

  • (FFI::Pointer)

    A pointer to the data array.



99
 
# File 'lib/mongo/crypt/binding.rb', line 99

attach_function :mongocrypt_binary_data, [:pointer], :pointer

.mongocrypt_binary_destroy(binary) ⇒ nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Destroy the mongocrypt_binary_t object.

Parameters:

  • binary (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object.

Returns:

  • (nil)

    Always nil.



115
 
# File 'lib/mongo/crypt/binding.rb', line 115

attach_function :mongocrypt_binary_destroy, [:pointer], :void

.mongocrypt_binary_len(binary) ⇒ Integer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the length of the underlying data array.

Parameters:

  • binary (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object.

Returns:

  • (Integer)

    The length of the data array.



107
 
# File 'lib/mongo/crypt/binding.rb', line 107

attach_function :mongocrypt_binary_len, [:pointer], :int

.mongocrypt_binary_newFFI::Pointer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Creates a new mongocrypt_binary_t object (a non-owning view of a byte

array).

Returns:

  • (FFI::Pointer)

    A pointer to the newly-created mongocrypt_binary_t object.



75
 
# File 'lib/mongo/crypt/binding.rb', line 75

attach_function :mongocrypt_binary_new, [], :pointer

.mongocrypt_binary_new_from_data(data, len) ⇒ FFI::Pointer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Create a new mongocrypt_binary_t object that maintains a pointer to

the specified byte array.

Parameters:

  • data (FFI::Pointer)

    A pointer to an array of bytes; the data is not copied and must outlive the mongocrypt_binary_t object.

  • len (Integer)

    The length of the array argument.

Returns:

  • (FFI::Pointer)

    A pointer to the newly-created mongocrypt_binary_t object.



87
88
89
90
91
 
# File 'lib/mongo/crypt/binding.rb', line 87

attach_function(
  :mongocrypt_binary_new_from_data,
  [:pointer, :int],
  :pointer
)

.mongocrypt_ctx_datakey_init(ctx) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

Before calling this method, master key options must be set. Set AWS master key by calling mongocrypt_ctx_setopt_masterkey_aws and mongocrypt_ctx_setopt_masterkey_aws_endpoint. Set local master key by calling mongocrypt_ctx_setopt_masterkey_local.

Initializes the ctx to create a data key.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

Returns:

  • (Boolean)

    Whether the initialization was successful.



598
 
# File 'lib/mongo/crypt/binding.rb', line 598

attach_function :mongocrypt_ctx_datakey_init, [:pointer], :bool

.mongocrypt_ctx_decrypt_init(ctx, doc) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initializes the ctx for auto-decryption.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • doc (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the document to be decrypted as a BSON binary string.

Returns:

  • (Boolean)

    Whether the initialization was successful.



690
 
# File 'lib/mongo/crypt/binding.rb', line 690

attach_function :mongocrypt_ctx_decrypt_init, [:pointer, :pointer], :bool

.mongocrypt_ctx_destroy(ctx) ⇒ nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Destroy the reference to the mongocrypt_ctx_t object.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

Returns:

  • (nil)

    Always nil.



1031
 
# File 'lib/mongo/crypt/binding.rb', line 1031

attach_function :mongocrypt_ctx_destroy, [:pointer], :void

.mongocrypt_ctx_encrypt_init(ctx, db, db_len, cmd) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This method expects the passed-in BSON to be in the format: { “v”: BSON value to decrypt }.

Initializes the ctx for auto-encryption.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • db (String)

    The database name.

  • db_len (Integer)

    The length of the database name argument (or -1 for a null-terminated string).

  • cmd (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the database command as a binary string.

Returns:

  • (Boolean)

    Whether the initialization was successful.



624
625
626
627
628
 
# File 'lib/mongo/crypt/binding.rb', line 624

attach_function(
  :mongocrypt_ctx_encrypt_init,
  [:pointer, :string, :int, :pointer],
  :bool
)

.mongocrypt_ctx_explicit_decrypt_init(ctx, msg) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initializes the ctx for explicit decryption.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • msg (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the message to be decrypted as a BSON binary string.

Returns:

  • (Boolean)

    Whether the initialization was successful.



716
717
718
719
720
 
# File 'lib/mongo/crypt/binding.rb', line 716

attach_function(
  :mongocrypt_ctx_explicit_decrypt_init,
  [:pointer, :pointer],
  :bool
)

.mongocrypt_ctx_explicit_encrypt_init(ctx, msg) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

Before calling this method, set a key_id, key_alt_name (optional), and encryption algorithm using the following methods: mongocrypt_ctx_setopt_key_id, mongocrypt_ctx_setopt_key_alt_name, and mongocrypt_ctx_setopt_algorithm.

Initializes the ctx for explicit encryption.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • msg (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the message to be encrypted as a binary string.

Returns:

  • (Boolean)

    Whether the initialization was successful.



660
661
662
663
664
 
# File 'lib/mongo/crypt/binding.rb', line 660

attach_function(
  :mongocrypt_ctx_explicit_encrypt_init,
  [:pointer, :pointer],
  :bool
)

.mongocrypt_ctx_finalize(ctx, op_bson) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Perform the final encryption or decryption and return a BSON document.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • op_bson (FFI::Pointer)

    (out param) A pointer to a mongocrypt_binary_t object that will have a reference to the final encrypted BSON document.

Returns:

  • (Boolean)

    A boolean indicating the success of the operation.



1004
 
# File 'lib/mongo/crypt/binding.rb', line 1004

attach_function :mongocrypt_ctx_finalize, [:pointer, :pointer], :void

.mongocrypt_ctx_mongo_done(ctx) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Indicate to libmongocrypt that the driver is done feeding replies.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

Returns:

  • (Boolean)

    A boolean indicating the success of the operation.



824
 
# File 'lib/mongo/crypt/binding.rb', line 824

attach_function :mongocrypt_ctx_mongo_done, [:pointer], :bool

.mongocrypt_ctx_mongo_feed(ctx, reply) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Feed a BSON reply to libmongocrypt.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • reply (FFI::Pointer)

    A mongocrypt_binary_t object that references the BSON reply to feed to libmongocrypt.

Returns:

  • (Boolean)

    A boolean indicating the success of the operation.



800
 
# File 'lib/mongo/crypt/binding.rb', line 800

attach_function :mongocrypt_ctx_mongo_feed, [:pointer, :pointer], :bool

.mongocrypt_ctx_mongo_next_kms_ctx(ctx) ⇒ FFI::Pointer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Return a pointer to a mongocrypt_kms_ctx_t object or NULL.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

Returns:

  • (FFI::Pointer)

    A pointer to a mongocrypt_kms_ctx_t object.



832
 
# File 'lib/mongo/crypt/binding.rb', line 832

attach_function :mongocrypt_ctx_next_kms_ctx, [:pointer], :pointer

.mongocrypt_ctx_mongo_op(ctx, op_bson) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get a BSON operation for the driver to run against the MongoDB

collection, the key vault database, or mongocryptd.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • op_bson (FFI::Pointer)

    (out param) A pointer to a mongocrypt_binary_t object that will have a reference to the BSON operation written to it by libmongocrypt.

Returns:

  • (Boolean)

    A boolean indicating the success of the operation.



768
 
# File 'lib/mongo/crypt/binding.rb', line 768

attach_function :mongocrypt_ctx_mongo_op, [:pointer, :pointer], :bool

.mongocrypt_ctx_new(crypt) ⇒ FFI::Pointer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Create a new mongocrypt_ctx_t object (a wrapper for the libmongocrypt

state machine).

Parameters:

  • crypt (FFI::Pointer)

    A pointer to a mongocrypt_t object.

Returns:

  • (FFI::Pointer)

    A new mongocrypt_ctx_t object.



391
 
# File 'lib/mongo/crypt/binding.rb', line 391

attach_function :mongocrypt_ctx_new, [:pointer], :pointer

.mongocrypt_ctx_setopt_algorithm(ctx, algorithm, len) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

Do not initialize ctx before calling this method.

Set the algorithm used for explicit encryption.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • algorithm (String)

    The algorithm name. Valid values are:

    • “AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic”

    • “AEAD_AES_256_CBC_HMAC_SHA_512-Random”

  • len (Integer)

    The length of the algorithm string.

Returns:

  • (Boolean)

    Whether the option was successfully set.



476
477
478
479
480
 
# File 'lib/mongo/crypt/binding.rb', line 476

attach_function(
  :mongocrypt_ctx_setopt_algorithm,
  [:pointer, :string, :int],
  :bool
)

.mongocrypt_ctx_setopt_key_alt_name(ctx, binary) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

Do not initialize ctx before calling this method.

When creating a data key, set an alternate name on that key. When

performing explicit encryption, specifying which data key to use for
encryption based on its keyAltName field.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • binary (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references a BSON document in the format { “keyAltName”: <BSON UTF8 value> }.

Returns:

  • (Boolean)

    Whether the alternative name was successfully set.



440
441
442
443
444
 
# File 'lib/mongo/crypt/binding.rb', line 440

attach_function(
  :mongocrypt_ctx_setopt_key_alt_name,
  [:pointer, :pointer],
  :bool
)

.mongocrypt_ctx_setopt_key_id(ctx, key_id) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

Do not initialize ctx before calling this method.

Set the key id used for explicit encryption.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • key_id (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the 16-byte key-id.

Returns:

  • (Boolean)

    Whether the option was successfully set.



412
 
# File 'lib/mongo/crypt/binding.rb', line 412

attach_function :mongocrypt_ctx_setopt_key_id, [:pointer, :pointer], :bool

.mongocrypt_ctx_setopt_masterkey_aws(ctx, region, region_len, arn, arn_len) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Configure the ctx to take a master key from AWS.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_object.

  • region (String)

    The AWS region.

  • region_len (Integer)

    The length of the region string (or -1 for a null-terminated string).

  • arn (String)

    The Amazon Resource Name (ARN) of the mater key.

  • arn_len (Integer)

    The length of the ARN (or -1 for a null-terminated string).

Returns:

  • (Boolean)

    Returns whether the option was set successfully.



508
509
510
511
512
 
# File 'lib/mongo/crypt/binding.rb', line 508

attach_function(
  :mongocrypt_ctx_setopt_masterkey_aws,
  [:pointer, :string, :int, :string, :int],
  :bool
)

.mongocrypt_ctx_setopt_masterkey_aws_endpoint(ctx, endpoint, endpoint_len) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set a custom endpoint at which to fetch the AWS master key

Parameters:

  • ctx (FFI::Pointer)
  • endpoint (String)

    The custom endpoint.

  • endpoint_len (Integer)

    The length of the endpoint string (or -1 for a null-terminated string).

Returns:

  • (Boolean)

    Returns whether the option was set successfully.



542
543
544
545
546
 
# File 'lib/mongo/crypt/binding.rb', line 542

attach_function(
  :mongocrypt_ctx_setopt_masterkey_aws_endpoint,
  [:pointer, :string, :int],
  :bool
)

.mongocrypt_ctx_setopt_masterkey_local(ctx) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

Do not initialize ctx before calling this method.

Set the ctx to take a local master key.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

Returns:

  • (Boolean)

    Whether the option was successfully set.



571
572
573
574
575
 
# File 'lib/mongo/crypt/binding.rb', line 571

attach_function(
  :mongocrypt_ctx_setopt_masterkey_local,
  [:pointer],
  :bool
)

.mongocrypt_ctx_state(ctx) ⇒ Symbol

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the current state of the ctx.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

Returns:

  • (Symbol)

    The current state, will be one of the values defined by the mongocrypt_ctx_state enum.



756
 
# File 'lib/mongo/crypt/binding.rb', line 756

attach_function :mongocrypt_ctx_state, [:pointer], :mongocrypt_ctx_state

.mongocrypt_ctx_status(ctx, status) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set the status information from the mongocrypt_ctx_t object on the

mongocrypt_status_t object.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t object.

Returns:

  • (Boolean)

    Whether the status was successfully set.



401
 
# File 'lib/mongo/crypt/binding.rb', line 401

attach_function :mongocrypt_ctx_status, [:pointer, :pointer], :bool

.mongocrypt_destroy(crypt) ⇒ nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Destroy the reference the mongocrypt_t object.

Parameters:

  • crypt (FFI::Pointer)

    A pointer to a mongocrypt_t object.

Returns:

  • (nil)

    Always nil.



382
 
# File 'lib/mongo/crypt/binding.rb', line 382

attach_function :mongocrypt_destroy, [:pointer], :void

.mongocrypt_init(crypt) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initialize the mongocrypt_t object.

Parameters:

  • crypt (FFI::Pointer)

    A pointer to a mongocrypt_t object.

Returns:

  • (Boolean)

    Returns whether the crypt was initialized successfully.



353
 
# File 'lib/mongo/crypt/binding.rb', line 353

attach_function :mongocrypt_init, [:pointer], :bool

.mongocrypt_kms_ctx_bytes_needed(kms) ⇒ Integer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the number of bytes needed by the KMS context.

Parameters:

  • kms (FFI::Pointer)

    The mongocrypt_kms_ctx_t object.

Returns:

  • (Integer)

    The number of bytes needed.



915
 
# File 'lib/mongo/crypt/binding.rb', line 915

attach_function :mongocrypt_kms_ctx_bytes_needed, [:pointer], :int

.mongocrypt_kms_ctx_done(ctx) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Indicate to libmongocrypt that it will receive no more replies from

mongocrypt_kms_ctx_t objects.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

Returns:

  • (Boolean)

    Whether the operation was successful.



982
 
# File 'lib/mongo/crypt/binding.rb', line 982

attach_function :mongocrypt_ctx_kms_done, [:pointer], :bool

.mongocrypt_kms_ctx_endpoint(kms, endpoint) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the hostname with which to connect over TLS to get information about

the AWS master key.

Parameters:

  • kms (FFI::Pointer)

    A pointer to a mongocrypt_kms_ctx_t object.

  • endpoint (FFI::Pointer)

    (out param) A pointer to which the endpoint string will be written by libmongocrypt.

Returns:

  • (Boolean)

    Whether the operation was successful.



888
 
# File 'lib/mongo/crypt/binding.rb', line 888

attach_function :mongocrypt_kms_ctx_endpoint, [:pointer, :pointer], :bool

.mongocrypt_kms_ctx_feed(kms, bytes) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Feed replies from the KMS back to libmongocrypt.

Parameters:

  • kms (FFI::Pointer)

    A pointer to the mongocrypt_kms_ctx_t object.

  • bytes (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the response from the KMS.

Returns:

  • (Boolean)

    Whether the operation was successful.



934
 
# File 'lib/mongo/crypt/binding.rb', line 934

attach_function :mongocrypt_kms_ctx_feed, [:pointer, :pointer], :bool

.mongocrypt_kms_ctx_message(kms, msg) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the message needed to fetch the AWS KMS master key.

Parameters:

  • kms (FFI::Pointer)

    Pointer to the mongocrypt_kms_ctx_t object

  • msg (FFI::Pointer)

    (outparam) Pointer to a mongocrypt_binary_t object that will have the location of the message written to it by libmongocrypt.

Returns:

  • (Boolean)

    Whether the operation is successful.



859
 
# File 'lib/mongo/crypt/binding.rb', line 859

attach_function :mongocrypt_kms_ctx_message, [:pointer, :pointer], :bool

.mongocrypt_kms_ctx_status(kms, status) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Write status information about the mongocrypt_kms_ctx_t object

to the mongocrypt_status_t object.

Parameters:

  • kms (FFI::Pointer)

    A pointer to the mongocrypt_kms_ctx_t object.

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t object.

Returns:

  • (Boolean)

    Whether the operation was successful.



958
 
# File 'lib/mongo/crypt/binding.rb', line 958

attach_function :mongocrypt_kms_ctx_status, [:pointer, :pointer], :bool

.mongocrypt_setopt_crypto_hooks(crypt, aes_enc_fn, aes_dec_fn, random_fn, sha_512_fn, sha_256_fn, hash_fn, ctx = nil) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set crypto hooks on the provided mongocrypt object.

Parameters:

  • crypt (FFI::Pointer)

    A pointer to a mongocrypt_t object.

  • aes_enc_fn (Proc)

    An AES encryption method.

  • aes_dec_fn (Proc)

    An AES decryption method.

  • random_fn (Proc)

    A random method.

  • sha_512_fn (Proc)

    A HMAC SHA-512 method.

  • sha_256_fn (Proc)

    A HMAC SHA-256 method.

  • hash_fn (Proc)

    A SHA-256 hash method.

  • ctx (FFI::Pointer | nil) (defaults to: nil)

    An optional pointer to a context object that may have been set when hooks were enabled.

Returns:

  • (Boolean)

    Whether setting this option succeeded.



1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
 
# File 'lib/mongo/crypt/binding.rb', line 1136

attach_function(
  :mongocrypt_setopt_crypto_hooks,
  [
    :pointer,
    :mongocrypt_crypto_fn,
    :mongocrypt_crypto_fn,
    :mongocrypt_random_fn,
    :mongocrypt_hmac_fn,
    :mongocrypt_hmac_fn,
    :mongocrypt_hash_fn,
    :pointer
  ],
  :bool
)

.mongocrypt_setopt_kms_provider_aws(crypt, aws_access_key_id, aws_access_key_id_len, aws_secret_access_key, aws_secret_access_key_len) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Configure mongocrypt_t object with AWS KMS provider options.

Parameters:

  • crypt (FFI::Pointer)

    A pointer to a mongocrypt_t object.

  • aws_access_key_id (String)

    The AWS access key id.

  • aws_access_key_id_len (Integer)

    The length of the AWS access key string (or -1 for a null-terminated string).

  • aws_secret_access_key (String)

    The AWS secret access key.

  • aws_secret_access_key_len (Integer)

    The length of the AWS secret access key (or -1 for a null-terminated string).

Returns:

  • (Boolean)

    Returns whether the option was set successfully.



265
266
267
268
269
 
# File 'lib/mongo/crypt/binding.rb', line 265

attach_function(
  :mongocrypt_setopt_kms_provider_aws,
  [:pointer, :string, :int, :string, :int],
  :bool
)

.mongocrypt_setopt_kms_provider_local(crypt, key) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Configure mongocrypt_t object to take local KSM provider options.

Parameters:

  • crypt (FFI::Pointer)

    A pointer to a mongocrypt_t object.

  • key (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the 96-byte local master key.

Returns:

  • (Boolean)

    Returns whether the option was set successfully.



300
301
302
303
304
 
# File 'lib/mongo/crypt/binding.rb', line 300

attach_function(
  :mongocrypt_setopt_kms_provider_local,
  [:pointer, :pointer],
  :bool
)

.mongocrypt_setopt_log_handler(crypt, log_fn, log_ctx = nil) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set the handler on the mongocrypt_t object to be called every time

libmongocrypt logs a message.

Parameters:

  • crypt (FFI::Pointer)

    A pointer to a mongocrypt_t object.

  • log_fn (Method)

    A logging callback method.

  • log_ctx (FFI::Pointer | nil) (defaults to: nil)

    An optional pointer to a context to be passed into the log callback on every invocation.

Returns:

  • (Boolean)

    Whether setting the callback was successful.



235
236
237
238
239
 
# File 'lib/mongo/crypt/binding.rb', line 235

attach_function(
  :mongocrypt_setopt_log_handler,
  [:pointer, :mongocrypt_log_fn_t, :pointer],
  :bool
)

.mongocrypt_setopt_schema_map(crypt, schema_map) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Sets a local schema map for encryption.

Parameters:

  • crypt (FFI::Pointer)

    A pointer to a mongocrypt_t object.

  • schema_map (FFI::Pointer)

    A pointer to a mongocrypt_binary_t. object that references the schema map as a BSON binary string.

Returns:

  • (Boolean)

    Returns whether the option was set successfully.



328
 
# File 'lib/mongo/crypt/binding.rb', line 328

attach_function :mongocrypt_setopt_schema_map, [:pointer, :pointer], :bool

.mongocrypt_status(crypt, status) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set the status information from the mongocrypt_t object on the

mongocrypt_status_t object.

Parameters:

  • crypt (FFI::Pointer)

    A pointer to a mongocrypt_t object.

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t object.

Returns:

  • (Boolean)

    Whether the status was successfully set.



374
 
# File 'lib/mongo/crypt/binding.rb', line 374

attach_function :mongocrypt_status, [:pointer, :pointer], :bool

.mongocrypt_status_code(status) ⇒ Integer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Return the status error code.

Parameters:

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t.

Returns:

  • (Integer)

    The status code.



163
 
# File 'lib/mongo/crypt/binding.rb', line 163

attach_function :mongocrypt_status_code, [:pointer], :int

.mongocrypt_status_destroy(status) ⇒ nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Destroys the reference to the mongocrypt_status_t object.

Parameters:

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t.

Returns:

  • (nil)

    Always nil.



189
 
# File 'lib/mongo/crypt/binding.rb', line 189

attach_function :mongocrypt_status_destroy, [:pointer], :void

.mongocrypt_status_message(status, len = nil) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns the status message.

Parameters:

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t.

  • len (FFI::Pointer | nil) (defaults to: nil)

    (out param) An optional pointer to a uint32, where the length of the retun string will be written.

Returns:

  • (String)

    The status message.



173
 
# File 'lib/mongo/crypt/binding.rb', line 173

attach_function :mongocrypt_status_message, [:pointer, :pointer], :string

.mongocrypt_status_newFFI::Pointer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Create a new mongocrypt_status_t object.

Returns:

  • (FFI::Pointer)

    A pointer to the new mongocrypt_status_ts.



129
 
# File 'lib/mongo/crypt/binding.rb', line 129

attach_function :mongocrypt_status_new, [], :pointer

.mongocrypt_status_ok(status) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns whether the status is ok or an error.

Parameters:

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t.

Returns:

  • (Boolean)

    Whether the status is ok.



181
 
# File 'lib/mongo/crypt/binding.rb', line 181

attach_function :mongocrypt_status_ok, [:pointer], :bool

.mongocrypt_status_set(status, type, code, message, len) ⇒ nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set a message, type, and code on an existing status.

Parameters:

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t.

  • type (Symbol)

    The status type; possible values are defined by the status_type enum.

  • code (Integer)

    The status code.

  • message (String)

    The status message.

  • len (Integer)

    The length of the message argument (or -1 for a null-terminated string).

Returns:

  • (nil)

    Always nil.



143
144
145
146
147
 
# File 'lib/mongo/crypt/binding.rb', line 143

attach_function(
  :mongocrypt_status_set,
  [:pointer, :status_type, :int, :string, :int],
  :void
)

.mongocrypt_status_type(status) ⇒ Symbol

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Indicates the status type.

Parameters:

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t.

Returns:

  • (Symbol)

    The status type (as defined by the status_type enum).



155
 
# File 'lib/mongo/crypt/binding.rb', line 155

attach_function :mongocrypt_status_type, [:pointer], :status_type

.mongocrypt_version(len) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns the version string of the libmongocrypt library.

Parameters:

  • len (FFI::Pointer | nil)

    (out param) An optional pointer to a uint8 that will reference the length of the returned string.

Returns:

  • (String)

    A version string for libmongocrypt.



66
 
# File 'lib/mongo/crypt/binding.rb', line 66

attach_function :mongocrypt_version, [:pointer], :string

.ongocrypt_newFFI::Pointer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Creates a new mongocrypt_t object.

Returns:

  • (FFI::Pointer)

    A pointer to a new mongocrypt_t object.



223
 
# File 'lib/mongo/crypt/binding.rb', line 223

attach_function :mongocrypt_new, [], :pointer

.setopt_crypto_hooks(handle, aes_encrypt_cb, aes_decrypt_cb, random_cb, hmac_sha_512_cb, hmac_sha_256_cb, hmac_hash_cb) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set crypto callbacks on the Handle

Parameters:

  • handle (Mongo::Crypt::Handle)
  • aes_encrypt_cb (Method)

    An AES encryption method

  • aes_decrypt_cb (Method)

    A AES decryption method

  • random_cb (Method)

    A method that returns a string of random bytes

  • hmac_sha_512_cb (Method)

    A HMAC SHA-512 method

  • hmac_sha_256_cb (Method)

    A HMAC SHA-256 method

  • hmac_hash_cb (Method)

    A SHA-256 hash method

Raises:



1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
 
# File 'lib/mongo/crypt/binding.rb', line 1162

def self.setopt_crypto_hooks(handle,
  aes_encrypt_cb, aes_decrypt_cb, random_cb,
  hmac_sha_512_cb, hmac_sha_256_cb, hmac_hash_cb
)
  check_status(handle) do
    mongocrypt_setopt_crypto_hooks(handle.ref,
      aes_encrypt_cb, aes_decrypt_cb, random_cb,
      hmac_sha_512_cb, hmac_sha_256_cb, hmac_hash_cb, nil
    )
  end
end

.setopt_kms_provider_aws(handle, aws_access_key, aws_secret_access_key) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Configure the Handle object with AWS KMS provider options

Parameters:

  • handle (Mongo::Crypt::Handle)
  • aws_access_key (String)

    The AWS access key

  • aws_secret_access_key (String)

    The AWS secret access key

Raises:



278
279
280
281
282
283
284
285
286
287
288
289
290
 
# File 'lib/mongo/crypt/binding.rb', line 278

def self.setopt_kms_provider_aws(handle,
  aws_access_key, aws_secret_access_key
)
  check_status(handle) do
    mongocrypt_setopt_kms_provider_aws(
      handle.ref,
      aws_access_key,
      -1,
      aws_secret_access_key,
      -1
    )
  end
end

.setopt_kms_provider_local(handle, master_key) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set local KMS provider options on the Mongo::Crypt::Handle object

Parameters:

Raises:



312
313
314
315
316
317
318
 
# File 'lib/mongo/crypt/binding.rb', line 312

def self.setopt_kms_provider_local(handle, master_key)
  Binary.wrap_string(master_key) do |master_key_p|
    check_status(handle) do
      mongocrypt_setopt_kms_provider_local(handle.ref, master_key_p)
    end
  end
end

.setopt_log_handler(handle, log_callback) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set the logger callback function on the Mongo::Crypt::Handle object

Parameters:

Raises:



247
248
249
250
251
 
# File 'lib/mongo/crypt/binding.rb', line 247

def self.setopt_log_handler(handle, log_callback)
  check_status(handle) do
    mongocrypt_setopt_log_handler(handle, log_callback, nil)
  end
end

.setopt_schema_map(handle, schema_map_doc) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set schema map on the Mongo::Crypt::Handle object

Parameters:

  • handle (Mongo::Crypt::Handle)
  • schema_map_doc (BSON::Document)

    The schema map as a BSON::Document object

Raises:



337
338
339
340
341
342
343
344
345
 
# File 'lib/mongo/crypt/binding.rb', line 337

def self.setopt_schema_map(handle, schema_map_doc)
  validate_document(schema_map_doc)
  data = schema_map_doc.to_bson.to_s
  Binary.wrap_string(data) do |data_p|
    check_status(handle) do
      mongocrypt_setopt_schema_map(handle.ref, data_p)
    end
  end
end

.validate_document(data) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

All BSON::Document instances are also Hash instances

Checks that the specified data is a Hash before serializing it to BSON to prevent errors from libmongocrypt

Parameters:

  • data (Object)

    The data to be passed to libmongocrypt

Raises:



1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
 
# File 'lib/mongo/crypt/binding.rb', line 1214

def self.validate_document(data)
  return if data.is_a?(Hash)

  if data.nil?
    message = "Attempted to pass nil data to libmongocrypt. " +
      "Data must be a Hash"
  else
    message = "Attempted to pass invalid data to libmongocrypt: #{data} " +
      "Data must be a Hash"
  end

  raise Error::CryptError.new(message)
end

Instance Method Details

#mongocrypt_crypto_fn(ctx, key, iv, input, output, status) ⇒ Bool

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This defines a method signature for an FFI callback; it is not an instance method on the Binding class.

A callback to a function that performs AES encryption or decryption.

Parameters:

  • ctx (FFI::Pointer | nil)

    An optional pointer to a context object that may have been set when hooks were enabled.

  • key (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the 32-byte AES encryption key.

  • iv (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the 16-byte AES IV.

  • input (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the value to be encrypted/decrypted.

  • output (FFI::Pointer)

    (out param) A pointer to a mongocrypt_binary_t object will have a reference to the encrypted/ decrypted value written to it by libmongocrypt.

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t object to which an error message will be written if encryption fails.

Returns:

  • (Bool)

    Whether encryption/decryption was successful.



1054
1055
1056
1057
1058
 
# File 'lib/mongo/crypt/binding.rb', line 1054

callback(
  :mongocrypt_crypto_fn,
  [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer, :pointer],
  :bool
)

#mongocrypt_hash_fn(ctx, input, output, status) ⇒ Bool

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This defines a method signature for an FFI callback; it is not an instance method on the Binding class.

A callback to a SHA-256 hash function.

Parameters:

  • ctx (FFI::Pointer | nil)

    An optional pointer to a context object that may have been set when hooks were enabled.

  • input (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the value to be hashed.

  • output (FFI::Pointer)

    (out param) A pointer to a mongocrypt_binary_t object will have a reference to the output value written to it by libmongocrypt.

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t object to which an error message will be written if encryption fails.

Returns:

  • (Bool)

    Whether hashing was successful.



1102
 
# File 'lib/mongo/crypt/binding.rb', line 1102

callback :mongocrypt_hash_fn, [:pointer, :pointer, :pointer, :pointer], :bool

#mongocrypt_hmac_fn(ctx, key, input, output, status) ⇒ Bool

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This defines a method signature for an FFI callback; it is not an instance method on the Binding class.

A callback to a function that performs HMAC SHA-512 or SHA-256.

Parameters:

  • ctx (FFI::Pointer | nil)

    An optional pointer to a context object that may have been set when hooks were enabled.

  • key (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the 32-byte HMAC SHA encryption key.

  • input (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the input value.

  • output (FFI::Pointer)

    (out param) A pointer to a mongocrypt_binary_t object will have a reference to the output value written to it by libmongocrypt.

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t object to which an error message will be written if encryption fails.

Returns:

  • (Bool)

    Whether HMAC-SHA was successful.



1079
1080
1081
1082
1083
 
# File 'lib/mongo/crypt/binding.rb', line 1079

callback(
  :mongocrypt_hmac_fn,
  [:pointer, :pointer, :pointer, :pointer, :pointer],
  :bool
)

#mongocrypt_log_fn_t(level, message, len, ctx) ⇒ nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This defines a method signature for an FFI callback; it is not an instance method on the Binding class.

A callback to the mongocrypt log function. Set a custom log callback

with the mongocrypt_setopt_log_handler method

Parameters:

  • level (Symbol)

    The log level; possible values defined by the log_level enum

  • message (String)

    The log message

  • len (Integer)

    The length of the message param, or -1 if the string is null terminated

  • ctx (FFI::Pointer | nil)

    An optional pointer to a context object when this callback was set

Returns:

  • (nil)

    Always nil.



216
 
# File 'lib/mongo/crypt/binding.rb', line 216

callback :mongocrypt_log_fn_t, [:log_level, :string, :int, :pointer], :void

#mongocrypt_random_fn(ctx, output, count, status) ⇒ Bool

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This defines a method signature for an FFI callback; it is not an instance method on the Binding class.

A callback to a crypto secure random function.

Parameters:

  • ctx (FFI::Pointer | nil)

    An optional pointer to a context object that may have been set when hooks were enabled.

  • output (FFI::Pointer)

    (out param) A pointer to a mongocrypt_binary_t object will have a reference to the output value written to it by libmongocrypt.

  • count (Integer)

    The number of random bytes to return.

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t object to which an error message will be written if encryption fails.

Returns:

  • (Bool)

    Whether hashing was successful.



1120
 
# File 'lib/mongo/crypt/binding.rb', line 1120

callback :mongocrypt_random_fn, [:pointer, :pointer, :int, :pointer], :bool