Class: Mongo::Crypt::Binding Private

Inherits:
Object
  • Object
show all
Extended by:
FFI::Library
Defined in:
lib/mongo/crypt/binding.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

A Ruby binding for the libmongocrypt C library

Constant Summary collapse

MIN_LIBMONGOCRYPT_VERSION =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

Minimum version of libmongocrypt required by this version of the driver. An attempt to use the driver with any previous version of libmongocrypt will cause a ‘LoadError`.

Gem::Version.new("1.12.0")

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.check_ctx_status(context) ⇒ nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Raise a Mongo::Error::CryptError based on the status of the underlying mongocrypt_ctx_t object.

Returns:

  • (nil)

    Always nil.



1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
# File 'lib/mongo/crypt/binding.rb', line 1821

def self.check_ctx_status(context)
  if block_given?
    do_raise = !yield
  else
    do_raise = true
  end

  if do_raise
    status = Status.new

    mongocrypt_ctx_status(context.ctx_p, status.ref)
    status.raise_crypt_error
  end
end

.check_kms_ctx_status(kms_context) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

If the provided block returns false, raise a CryptError with the status information from the provided KmsContext object.

Parameters:

Raises:



1107
1108
1109
1110
1111
1112
1113
1114
# File 'lib/mongo/crypt/binding.rb', line 1107

def self.check_kms_ctx_status(kms_context)
  unless yield
    status = Status.new

    mongocrypt_kms_ctx_status(kms_context.kms_ctx_p, status.ref)
    status.raise_crypt_error(kms: true)
  end
end

.check_status(handle) ⇒ nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Raise a Mongo::Error::CryptError based on the status of the underlying mongocrypt_t object.

Returns:

  • (nil)

    Always nil.



1808
1809
1810
1811
1812
1813
1814
1815
# File 'lib/mongo/crypt/binding.rb', line 1808

def self.check_status(handle)
  unless yield
    status = Status.new

    mongocrypt_status(handle.ref, status.ref)
    status.raise_crypt_error
  end
end

.crypt_shared_lib_version(handle) ⇒ Integer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Obtain a 64-bit constant encoding the version of the loaded crypt_shared library, if available.

The version is encoded as four 16-bit numbers, from high to low:

  • Major version

  • Minor version

  • Revision

  • Reserved

For example, version 6.2.1 would be encoded as: 0x0006’0002’0001’0000

Parameters:

Returns:

  • (Integer)

    A 64-bit encoded version number, with the version encoded as four sixteen-bit integers, or zero if no crypt_shared library was loaded.



1614
1615
1616
# File 'lib/mongo/crypt/binding.rb', line 1614

def self.crypt_shared_lib_version(handle)
  mongocrypt_crypt_shared_lib_version(handle.ref)
end

.ctx_datakey_init(context) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initialize the Context to create a data key

Parameters:

Raises:



625
626
627
628
629
# File 'lib/mongo/crypt/binding.rb', line 625

def self.ctx_datakey_init(context)
  check_ctx_status(context) do
    mongocrypt_ctx_datakey_init(context.ctx_p)
  end
end

.ctx_decrypt_init(context, command) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initialize the Context for auto-decryption

Parameters:

Raises:



786
787
788
789
790
791
792
793
794
# File 'lib/mongo/crypt/binding.rb', line 786

def self.ctx_decrypt_init(context, command)
  validate_document(command)
  data = command.to_bson.to_s
  Binary.wrap_string(data) do |data_p|
    check_ctx_status(context) do
      mongocrypt_ctx_decrypt_init(context.ctx_p, data_p)
    end
  end
end

.ctx_encrypt_init(context, db_name, command) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initialize the Context for auto-encryption

Parameters:

  • context (Mongo::Crypt::Context)
  • db_name (String)

    The name of the database against which the encrypted command is being performed

  • command (Hash)

    The command to be encrypted

Raises:



692
693
694
695
696
697
698
699
700
# File 'lib/mongo/crypt/binding.rb', line 692

def self.ctx_encrypt_init(context, db_name, command)
  validate_document(command)
  data = command.to_bson.to_s
  Binary.wrap_string(data) do |data_p|
    check_ctx_status(context) do
      mongocrypt_ctx_encrypt_init(context.ctx_p, db_name, -1, data_p)
    end
  end
end

.ctx_explicit_decrypt_init(context, doc) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initialize the Context for explicit decryption

Parameters:

Raises:



816
817
818
819
820
821
822
823
824
# File 'lib/mongo/crypt/binding.rb', line 816

def self.ctx_explicit_decrypt_init(context, doc)
  validate_document(doc)
  data = doc.to_bson.to_s
  Binary.wrap_string(data) do |data_p|
    check_ctx_status(context) do
      mongocrypt_ctx_explicit_decrypt_init(context.ctx_p, data_p)
    end
  end
end

.ctx_explicit_encrypt_expression_init(context, doc) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initialize the Context for explicit expression encryption.

Parameters:

Raises:



760
761
762
763
764
765
766
767
768
# File 'lib/mongo/crypt/binding.rb', line 760

def self.ctx_explicit_encrypt_expression_init(context, doc)
  validate_document(doc)
  data = doc.to_bson.to_s
  Binary.wrap_string(data) do |data_p|
    check_ctx_status(context) do
      mongocrypt_ctx_explicit_encrypt_expression_init(context.ctx_p, data_p)
    end
  end
end

.ctx_explicit_encrypt_init(context, doc) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initialize the Context for explicit encryption

Parameters:

Raises:



726
727
728
729
730
731
732
733
734
# File 'lib/mongo/crypt/binding.rb', line 726

def self.ctx_explicit_encrypt_init(context, doc)
  validate_document(doc)
  data = doc.to_bson.to_s
  Binary.wrap_string(data) do |data_p|
    check_ctx_status(context) do
      mongocrypt_ctx_explicit_encrypt_init(context.ctx_p, data_p)
    end
  end
end

.ctx_finalize(context) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Finalize the state machine represented by the Context

Parameters:

Raises:



1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
# File 'lib/mongo/crypt/binding.rb', line 1209

def self.ctx_finalize(context)
  binary = Binary.new

  check_ctx_status(context) do
    mongocrypt_ctx_finalize(context.ctx_p, binary.ref)
  end

  # TODO since the binary references a C pointer, and ByteBuffer is
  # written in C in MRI, we could omit a copy of the data by making
  # ByteBuffer reference the string that is owned by libmongocrypt.
  BSON::Document.from_bson(BSON::ByteBuffer.new(binary.to_s), mode: :bson)
end

.ctx_kms_done(context) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Indicate to libmongocrypt that it will receive no more KMS replies.

Parameters:

Raises:



1186
1187
1188
1189
1190
# File 'lib/mongo/crypt/binding.rb', line 1186

def self.ctx_kms_done(context)
  check_ctx_status(context) do
    mongocrypt_ctx_kms_done(context.ctx_p)
  end
end

.ctx_mongo_feed(context, doc) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Feed a response from the driver back to libmongocrypt

Parameters:

Raises:



897
898
899
900
901
902
903
904
905
# File 'lib/mongo/crypt/binding.rb', line 897

def self.ctx_mongo_feed(context, doc)
  validate_document(doc)
  data = doc.to_bson.to_s
  Binary.wrap_string(data) do |data_p|
    check_ctx_status(context) do
      mongocrypt_ctx_mongo_feed(context.ctx_p, data_p)
    end
  end
end

.ctx_mongo_op(context) ⇒ BSON::Document

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns a BSON::Document representing an operation that the driver must perform on behalf of libmongocrypt to get the information it needs in order to continue with encryption/decryption (for example, a filter for a key vault query).

Parameters:

Returns:

  • (BSON::Document)

    The operation that the driver must perform

Raises:

  • (Mongo::Crypt)

    If there is an error getting the operation



868
869
870
871
872
873
874
875
876
877
878
879
# File 'lib/mongo/crypt/binding.rb', line 868

def self.ctx_mongo_op(context)
  binary = Binary.new

  check_ctx_status(context) do
    mongocrypt_ctx_mongo_op(context.ctx_p, binary.ref)
  end

  # TODO since the binary references a C pointer, and ByteBuffer is
  # written in C in MRI, we could omit a copy of the data by making
  # ByteBuffer reference the string that is owned by libmongocrypt.
  BSON::Document.from_bson(BSON::ByteBuffer.new(binary.to_s), mode: :bson)
end

.ctx_next_kms_ctx(context) ⇒ Mongo::Crypt::KmsContext | nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Return a new KmsContext object needed by a Context object.

Parameters:

Returns:

  • (Mongo::Crypt::KmsContext | nil)

    The KmsContext needed to fetch an AWS master key or nil, if no KmsContext is needed



929
930
931
932
933
934
935
936
937
# File 'lib/mongo/crypt/binding.rb', line 929

def self.ctx_next_kms_ctx(context)
  kms_ctx_p = mongocrypt_ctx_next_kms_ctx(context.ctx_p)

  if kms_ctx_p.null?
    nil
  else
    KmsContext.new(kms_ctx_p)
  end
end

.ctx_provide_kms_providers(context, kms_providers) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Call in response to the MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS state to set per-context KMS provider settings. These follow the same format as ‘mongocrypt_setopt_kms_providers“. If no keys are present in the BSON input, the KMS provider settings configured for the mongocrypt_t at initialization are used.

Parameters:

  • context (Mongo::Crypt::Context)

    Encryption context.

  • kms_providers (BSON::Document)

    BSON document mapping the KMS provider names to credentials.

Raises:



1687
1688
1689
1690
1691
1692
1693
1694
1695
# File 'lib/mongo/crypt/binding.rb', line 1687

def self.ctx_provide_kms_providers(context, kms_providers)
  validate_document(kms_providers)
  data = kms_providers.to_bson.to_s
  Binary.wrap_string(data) do |data_p|
    check_ctx_status(context) do
      mongocrypt_ctx_provide_kms_providers(context.ctx_p, data_p)
    end
  end
end

.ctx_rewrap_many_datakey_init(context, filter) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initialize a context to rewrap datakeys.

Parameters:

  • context (Mongo::Crypt::Context)
  • filter (BSON::Document)

    BSON Document that represents filter to use for the find command on the key vault collection to retrieve datakeys to rewrap.

Returns:

  • (Boolean)

    Whether the initialization was successful.



656
657
658
659
660
661
662
663
# File 'lib/mongo/crypt/binding.rb', line 656

def self.ctx_rewrap_many_datakey_init(context, filter)
  filter_data = filter.to_bson.to_s
  Binary.wrap_string(filter_data) do |data_p|
    check_ctx_status(context) do
      mongocrypt_ctx_rewrap_many_datakey_init(context.ctx_p, data_p)
    end
  end
end

.ctx_setopt_algorithm(context, name) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set the algorithm on the context

Parameters:

  • context (Mongo::Crypt::Context)
  • name (String)

    The algorithm name. Valid values are:

    • “AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic”

    • “AEAD_AES_256_CBC_HMAC_SHA_512-Random”

Raises:



569
570
571
572
573
# File 'lib/mongo/crypt/binding.rb', line 569

def self.ctx_setopt_algorithm(context, name)
  check_ctx_status(context) do
    mongocrypt_ctx_setopt_algorithm(context.ctx_p, name, -1)
  end
end

.ctx_setopt_algorithm_range(context, opts) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

The Range algorithm is experimental only. It is not intended for

Set options for explicit encryption with the “range” algorithm.

public use.

Parameters:

Raises:



1794
1795
1796
1797
1798
1799
1800
1801
1802
# File 'lib/mongo/crypt/binding.rb', line 1794

def self.ctx_setopt_algorithm_range(context, opts)
  validate_document(opts)
  data = opts.to_bson.to_s
  Binary.wrap_string(data) do |data_p|
    check_ctx_status(context) do
      mongocrypt_ctx_setopt_algorithm_range(context.ctx_p, data_p)
    end
  end
end

.ctx_setopt_contention_factor(context, factor) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set the contention factor used for explicit encryption. The contention factor is only used for indexed FLE 2 encryption.

Parameters:

  • context (Mongo::Crypt::Context)

    Explicit encryption context.

  • factor (Integer)

    Contention factor used for explicit encryption.

Raises:



1757
1758
1759
1760
1761
# File 'lib/mongo/crypt/binding.rb', line 1757

def self.ctx_setopt_contention_factor(context, factor)
  check_ctx_status(context) do
    mongocrypt_ctx_setopt_contention_factor(context.ctx_p, factor)
  end
end

.ctx_setopt_key_alt_names(context, key_alt_names) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set multiple alternate key names on data key creation

Parameters:

  • context (Mongo::Crypt::Context)

    A DataKeyContext

  • key_alt_names (Array)

    An array of alternate key names as strings

Raises:



500
501
502
503
504
505
506
507
508
509
510
# File 'lib/mongo/crypt/binding.rb', line 500

def self.ctx_setopt_key_alt_names(context, key_alt_names)
  key_alt_names.each do |key_alt_name|
    key_alt_name_bson = { :keyAltName => key_alt_name }.to_bson.to_s

    Binary.wrap_string(key_alt_name_bson) do |key_alt_name_p|
      check_ctx_status(context) do
        mongocrypt_ctx_setopt_key_alt_name(context.ctx_p, key_alt_name_p)
      end
    end
  end
end

.ctx_setopt_key_encryption_key(context, key_document) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set key encryption key document for creating a data key.

Parameters:

  • context (Mongo::Crypt::Context)
  • key_document (BSON::Document)

    BSON document representing the key encryption key document with an additional “provider” field.

Raises:



598
599
600
601
602
603
604
605
606
# File 'lib/mongo/crypt/binding.rb', line 598

def self.ctx_setopt_key_encryption_key(context, key_document)
  validate_document(key_document)
  data = key_document.to_bson.to_s
  Binary.wrap_string(data) do |data_p|
    check_ctx_status(context) do
      mongocrypt_ctx_setopt_key_encryption_key(context.ctx_p, data_p)
    end
  end
end

.ctx_setopt_key_id(context, key_id) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Sets the key id option on an explicit encryption context.

Parameters:

Raises:



467
468
469
470
471
472
473
# File 'lib/mongo/crypt/binding.rb', line 467

def self.ctx_setopt_key_id(context, key_id)
  Binary.wrap_string(key_id) do |key_id_p|
    check_ctx_status(context) do
      mongocrypt_ctx_setopt_key_id(context.ctx_p, key_id_p)
    end
  end
end

.ctx_setopt_key_material(context, key_material) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set set a custom key material to use for

encrypting data.

Parameters:

  • context (Mongo::Crypt::Context)

    A DataKeyContext

  • key_material (BSON::Binary)

    96 bytes of custom key material

Raises:



535
536
537
538
539
540
541
542
# File 'lib/mongo/crypt/binding.rb', line 535

def self.ctx_setopt_key_material(context, key_material)
  data = {'keyMaterial' => key_material}.to_bson.to_s
  Binary.wrap_string(data) do |data_p|
    check_ctx_status(context) do
      mongocrypt_ctx_setopt_key_material(context.ctx_p, data_p)
    end
  end
end

.ctx_setopt_query_type(context, query_type) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set the query type to use for FLE 2 explicit encryption. The query type is only used for indexed FLE 2 encryption.

Parameters:

  • context (Mongo::Crypt::Context)

    Explicit encryption context.

  • :mongocrypt_query_type (String)

    query_type Type of the query.

Raises:



1725
1726
1727
1728
1729
# File 'lib/mongo/crypt/binding.rb', line 1725

def self.ctx_setopt_query_type(context, query_type)
  check_ctx_status(context) do
    mongocrypt_ctx_setopt_query_type(context.ctx_p, query_type, -1)
  end
end

.get_binary_data_direct(mongocrypt_binary_t) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



181
182
183
# File 'lib/mongo/crypt/binding.rb', line 181

def self.get_binary_data_direct(mongocrypt_binary_t)
  mongocrypt_binary_t.get_pointer(0)
end

.get_binary_len_direct(mongocrypt_binary_t) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



185
186
187
# File 'lib/mongo/crypt/binding.rb', line 185

def self.get_binary_len_direct(mongocrypt_binary_t)
  mongocrypt_binary_t.get_uint32(FFI::NativeType::POINTER.size)
end

.init(handle) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initialize the Mongo::Crypt::Handle object

Parameters:

Raises:



407
408
409
410
411
# File 'lib/mongo/crypt/binding.rb', line 407

def self.init(handle)
  check_status(handle) do
    mongocrypt_init(handle.ref)
  end
end

.kms_ctx_bytes_needed(kms_context) ⇒ Integer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the number of bytes needed by the KmsContext.

Parameters:

Returns:

  • (Integer)

    The number of bytes needed



1063
1064
1065
# File 'lib/mongo/crypt/binding.rb', line 1063

def self.kms_ctx_bytes_needed(kms_context)
  mongocrypt_kms_ctx_bytes_needed(kms_context.kms_ctx_p)
end

.kms_ctx_endpoint(kms_context) ⇒ String | nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the hostname with which to connect over TLS to get information about the AWS master key.

Parameters:

Returns:

  • (String | nil)

    The hostname, or nil if none exists

Raises:



1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
# File 'lib/mongo/crypt/binding.rb', line 1039

def self.kms_ctx_endpoint(kms_context)
  ptr = FFI::MemoryPointer.new(:pointer, 1)

  check_kms_ctx_status(kms_context) do
    mongocrypt_kms_ctx_endpoint(kms_context.kms_ctx_p, ptr)
  end

  str_ptr = ptr.read_pointer
  str_ptr.null? ? nil : str_ptr.read_string.force_encoding('UTF-8')
end

.kms_ctx_fail(kms_context) ⇒ true, false

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Check whether the last failed request for the KMS context may be retried.

Parameters:

Returns:

  • (true, false)

    whether the failed request may be retried.



1148
1149
1150
# File 'lib/mongo/crypt/binding.rb', line 1148

def self.kms_ctx_fail(kms_context)
  mongocrypt_kms_ctx_fail(kms_context.kms_ctx_p)
end

.kms_ctx_feed(kms_context, bytes) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Feed replies from the KMS back to libmongocrypt.

Parameters:

Raises:



1083
1084
1085
1086
1087
1088
1089
# File 'lib/mongo/crypt/binding.rb', line 1083

def self.kms_ctx_feed(kms_context, bytes)
  check_kms_ctx_status(kms_context) do
    Binary.wrap_string(bytes) do |bytes_p|
      mongocrypt_kms_ctx_feed(kms_context.kms_ctx_p, bytes_p)
    end
  end
end

.kms_ctx_get_kms_provider(kms_context) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the KMS provider identifier associated with this KMS request.

This is used to conditionally configure TLS connections based on the KMS request. It is useful for KMIP, which authenticates with a client certificate.

Parameters:

  • kms (FFI::Pointer)

    Pointer mongocrypt_kms_ctx_t object.



970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
# File 'lib/mongo/crypt/binding.rb', line 970

def self.kms_ctx_get_kms_provider(kms_context)
  len_ptr = FFI::MemoryPointer.new(:uint32, 1)
  provider = mongocrypt_kms_ctx_get_kms_provider(
    kms_context.kms_ctx_p,
    len_ptr
  )
  if len_ptr.nil?
    nil
  else
    len = if BSON::Environment.jruby?
      # JRuby FFI implementation does not have `read(type)` method, but it
      # has this `get_uint32`.
      len_ptr.get_uint32
    else
      # For MRI we use a documented `read` method - https://www.rubydoc.info/github/ffi/ffi/FFI%2FPointer:read
      len_ptr.read(:uint32)
    end
    provider.read_string(len).to_sym
  end
end

.kms_ctx_message(kms_context) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the HTTP message needed to fetch the AWS KMS master key from a KmsContext object.

Parameters:

Returns:

  • (String)

    The HTTP message

Raises:



1010
1011
1012
1013
1014
1015
1016
1017
1018
# File 'lib/mongo/crypt/binding.rb', line 1010

def self.kms_ctx_message(kms_context)
  binary = Binary.new

  check_kms_ctx_status(kms_context) do
    mongocrypt_kms_ctx_message(kms_context.kms_ctx_p, binary.ref)
  end

  return binary.to_s
end

.kms_ctx_setopt_retry_kms(handle, value) ⇒ true, fale

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Enable or disable KMS retry behavior.

Parameters:

Returns:

  • (true, fale)

    true is the option was set, otherwise false.



1167
1168
1169
# File 'lib/mongo/crypt/binding.rb', line 1167

def self.kms_ctx_setopt_retry_kms(handle, value)
  mongocrypt_setopt_retry_kms(handle.ref, value)
end

.kms_ctx_usleep(kms_context) ⇒ Integer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns number of milliseconds to sleep before sending KMS request for the given KMS context.

Parameters:

Returns:

  • (Integer)

    A 64-bit encoded number of microseconds to sleep.



1131
1132
1133
# File 'lib/mongo/crypt/binding.rb', line 1131

def self.kms_ctx_usleep(kms_context)
  mongocrypt_kms_ctx_usleep(kms_context.kms_ctx_p)
end

.mongocrypt_binary_data(binary) ⇒ FFI::Pointer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the pointer to the underlying data for the mongocrypt_binary_t.

Parameters:

  • binary (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object.

Returns:

  • (FFI::Pointer)

    A pointer to the data array.



171
# File 'lib/mongo/crypt/binding.rb', line 171

attach_function :mongocrypt_binary_data, [:pointer], :pointer

.mongocrypt_binary_destroy(binary) ⇒ nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Destroy the mongocrypt_binary_t object.

Parameters:

  • binary (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object.

Returns:

  • (nil)

    Always nil.



195
# File 'lib/mongo/crypt/binding.rb', line 195

attach_function :mongocrypt_binary_destroy, [:pointer], :void

.mongocrypt_binary_len(binary) ⇒ Integer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the length of the underlying data array.

Parameters:

  • binary (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object.

Returns:

  • (Integer)

    The length of the data array.



179
# File 'lib/mongo/crypt/binding.rb', line 179

attach_function :mongocrypt_binary_len, [:pointer], :int

.mongocrypt_binary_newFFI::Pointer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Creates a new mongocrypt_binary_t object (a non-owning view of a byte

array).

Returns:

  • (FFI::Pointer)

    A pointer to the newly-created mongocrypt_binary_t object.



147
# File 'lib/mongo/crypt/binding.rb', line 147

attach_function :mongocrypt_binary_new, [], :pointer

.mongocrypt_binary_new_from_data(data, len) ⇒ FFI::Pointer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Create a new mongocrypt_binary_t object that maintains a pointer to

the specified byte array.

Parameters:

  • data (FFI::Pointer)

    A pointer to an array of bytes; the data is not copied and must outlive the mongocrypt_binary_t object.

  • len (Integer)

    The length of the array argument.

Returns:

  • (FFI::Pointer)

    A pointer to the newly-created mongocrypt_binary_t object.



159
160
161
162
163
# File 'lib/mongo/crypt/binding.rb', line 159

attach_function(
  :mongocrypt_binary_new_from_data,
  [:pointer, :int],
  :pointer
)

.mongocrypt_crypt_shared_lib_version(crypt) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



1592
1593
1594
1595
1596
# File 'lib/mongo/crypt/binding.rb', line 1592

attach_function(
  :mongocrypt_crypt_shared_lib_version,
  [ :pointer ],
  :uint64
)

.mongocrypt_ctx_datakey_init(ctx, filter) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



618
# File 'lib/mongo/crypt/binding.rb', line 618

attach_function :mongocrypt_ctx_datakey_init, [:pointer], :bool

.mongocrypt_ctx_decrypt_init(ctx, doc) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initializes the ctx for auto-decryption.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • doc (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the document to be decrypted as a BSON binary string.

Returns:

  • (Boolean)

    Whether the initialization was successful.



778
# File 'lib/mongo/crypt/binding.rb', line 778

attach_function :mongocrypt_ctx_decrypt_init, [:pointer, :pointer], :bool

.mongocrypt_ctx_destroy(ctx) ⇒ nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Destroy the reference to the mongocrypt_ctx_t object.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

Returns:

  • (nil)

    Always nil.



1228
# File 'lib/mongo/crypt/binding.rb', line 1228

attach_function :mongocrypt_ctx_destroy, [:pointer], :void

.mongocrypt_ctx_encrypt_init(ctx, db, db_len, cmd) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This method expects the passed-in BSON to be in the format: { “v”: BSON value to decrypt }.

Initializes the ctx for auto-encryption.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • db (String)

    The database name.

  • db_len (Integer)

    The length of the database name argument (or -1 for a null-terminated string).

  • cmd (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the database command as a binary string.

Returns:

  • (Boolean)

    Whether the initialization was successful.



678
679
680
681
682
# File 'lib/mongo/crypt/binding.rb', line 678

attach_function(
  :mongocrypt_ctx_encrypt_init,
  [:pointer, :string, :int, :pointer],
  :bool
)

.mongocrypt_ctx_explicit_decrypt_init(ctx, msg) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initializes the ctx for explicit decryption.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • msg (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the message to be decrypted as a BSON binary string.

Returns:

  • (Boolean)

    Whether the initialization was successful.



804
805
806
807
808
# File 'lib/mongo/crypt/binding.rb', line 804

attach_function(
  :mongocrypt_ctx_explicit_decrypt_init,
  [:pointer, :pointer],
  :bool
)

.mongocrypt_ctx_explicit_encrypt_init(ctx, msg) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

Before calling this method, set a key_id, key_alt_name (optional), and encryption algorithm using the following methods: mongocrypt_ctx_setopt_key_id, mongocrypt_ctx_setopt_key_alt_name, and mongocrypt_ctx_setopt_algorithm.

Initializes the ctx for explicit expression encryption.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • msg (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the message to be encrypted as a binary string.

Returns:

  • (Boolean)

    Whether the initialization was successful.



714
715
716
717
718
# File 'lib/mongo/crypt/binding.rb', line 714

attach_function(
  :mongocrypt_ctx_explicit_encrypt_init,
  [:pointer, :pointer],
  :bool
)

.mongocrypt_ctx_finalize(ctx, op_bson) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Perform the final encryption or decryption and return a BSON document.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • op_bson (FFI::Pointer)

    (out param) A pointer to a mongocrypt_binary_t object that will have a reference to the final encrypted BSON document.

Returns:

  • (Boolean)

    A boolean indicating the success of the operation.



1201
# File 'lib/mongo/crypt/binding.rb', line 1201

attach_function :mongocrypt_ctx_finalize, [:pointer, :pointer], :void

.mongocrypt_ctx_mongo_done(ctx) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Indicate to libmongocrypt that the driver is done feeding replies.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

Returns:

  • (Boolean)

    A boolean indicating the success of the operation.



913
# File 'lib/mongo/crypt/binding.rb', line 913

attach_function :mongocrypt_ctx_mongo_done, [:pointer], :bool

.mongocrypt_ctx_mongo_feed(ctx, reply) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Feed a BSON reply to libmongocrypt.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • reply (FFI::Pointer)

    A mongocrypt_binary_t object that references the BSON reply to feed to libmongocrypt.

Returns:

  • (Boolean)

    A boolean indicating the success of the operation.



889
# File 'lib/mongo/crypt/binding.rb', line 889

attach_function :mongocrypt_ctx_mongo_feed, [:pointer, :pointer], :bool

.mongocrypt_ctx_mongo_next_kms_ctx(ctx) ⇒ FFI::Pointer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Return a pointer to a mongocrypt_kms_ctx_t object or NULL.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

Returns:

  • (FFI::Pointer)

    A pointer to a mongocrypt_kms_ctx_t object.



921
# File 'lib/mongo/crypt/binding.rb', line 921

attach_function :mongocrypt_ctx_next_kms_ctx, [:pointer], :pointer

.mongocrypt_ctx_mongo_op(ctx, op_bson) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get a BSON operation for the driver to run against the MongoDB

collection, the key vault database, or mongocryptd.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • op_bson (FFI::Pointer)

    (out param) A pointer to a mongocrypt_binary_t object that will have a reference to the BSON operation written to it by libmongocrypt.

Returns:

  • (Boolean)

    A boolean indicating the success of the operation.



857
# File 'lib/mongo/crypt/binding.rb', line 857

attach_function :mongocrypt_ctx_mongo_op, [:pointer, :pointer], :bool

.mongocrypt_ctx_new(crypt) ⇒ FFI::Pointer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Create a new mongocrypt_ctx_t object (a wrapper for the libmongocrypt

state machine).

Parameters:

  • crypt (FFI::Pointer)

    A pointer to a mongocrypt_t object.

Returns:

  • (FFI::Pointer)

    A new mongocrypt_ctx_t object.



438
# File 'lib/mongo/crypt/binding.rb', line 438

attach_function :mongocrypt_ctx_new, [:pointer], :pointer

.mongocrypt_ctx_provide_kms_providers(ctx, kms_providers) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



1670
1671
1672
1673
1674
# File 'lib/mongo/crypt/binding.rb', line 1670

attach_function(
  :mongocrypt_ctx_provide_kms_providers,
  [ :pointer, :pointer ],
  :bool
)

.mongocrypt_ctx_setopt_algorithm(ctx, algorithm, len) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

Do not initialize ctx before calling this method.

Set the algorithm used for explicit encryption.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • algorithm (String)

    The algorithm name. Valid values are:

    • “AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic”

    • “AEAD_AES_256_CBC_HMAC_SHA_512-Random”

  • len (Integer)

    The length of the algorithm string.

Returns:

  • (Boolean)

    Whether the option was successfully set.



555
556
557
558
559
# File 'lib/mongo/crypt/binding.rb', line 555

attach_function(
  :mongocrypt_ctx_setopt_algorithm,
  [:pointer, :string, :int],
  :bool
)

.mongocrypt_ctx_setopt_algorithm_range(ctx, opts) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



1776
1777
1778
1779
1780
1781
1782
1783
# File 'lib/mongo/crypt/binding.rb', line 1776

attach_function(
  :mongocrypt_ctx_setopt_algorithm_range,
  [
    :pointer,
    :pointer
  ],
  :bool
)

.mongocrypt_ctx_setopt_contention_factor(ctx, contention_factor) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



1741
1742
1743
1744
1745
1746
1747
1748
# File 'lib/mongo/crypt/binding.rb', line 1741

attach_function(
  :mongocrypt_ctx_setopt_contention_factor,
  [
    :pointer,
    :int64
  ],
  :bool
)

.mongocrypt_ctx_setopt_key_alt_name(ctx, binary) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

Do not initialize ctx before calling this method.

When creating a data key, set an alternate name on that key. When

performing explicit encryption, specifying which data key to use for
encryption based on its keyAltName field.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • binary (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references a BSON document in the format { “keyAltName”: <BSON UTF8 value> }.

Returns:

  • (Boolean)

    Whether the alternative name was successfully set.



487
488
489
490
491
# File 'lib/mongo/crypt/binding.rb', line 487

attach_function(
  :mongocrypt_ctx_setopt_key_alt_name,
  [:pointer, :pointer],
  :bool
)

.mongocrypt_ctx_setopt_key_encryption_key(ctx) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

Do not initialize ctx before calling this method.

Set key encryption key document for creating a data key.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • bin (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references a BSON document representing the key encryption key document with an additional “provider” field.

Returns:

  • (Boolean)

    Whether the option was successfully set.



585
586
587
588
589
# File 'lib/mongo/crypt/binding.rb', line 585

attach_function(
  :mongocrypt_ctx_setopt_key_encryption_key,
  [:pointer, :pointer],
  :bool
)

.mongocrypt_ctx_setopt_key_id(ctx, key_id) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

Do not initialize ctx before calling this method.

Set the key id used for explicit encryption.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • key_id (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the 16-byte key-id.

Returns:

  • (Boolean)

    Whether the option was successfully set.



459
# File 'lib/mongo/crypt/binding.rb', line 459

attach_function :mongocrypt_ctx_setopt_key_id, [:pointer, :pointer], :bool

.mongocrypt_ctx_setopt_key_material(ctx, binary) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

Do not initialize ctx before calling this method.

When creating a data key, set a custom key material to use for

encrypting data.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • binary (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the data encryption key to use.

Returns:

  • (Boolean)

    Whether the custom key material was successfully set.



522
523
524
525
526
# File 'lib/mongo/crypt/binding.rb', line 522

attach_function(
  :mongocrypt_ctx_setopt_key_material,
  [:pointer, :pointer],
  :bool
)

.mongocrypt_ctx_setopt_query_type(ctx, mongocrypt_query_type) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



1708
1709
1710
1711
1712
1713
1714
1715
1716
# File 'lib/mongo/crypt/binding.rb', line 1708

attach_function(
  :mongocrypt_ctx_setopt_query_type,
  [
    :pointer,
    :string,
    :int
  ],
  :bool
)

.mongocrypt_ctx_state(ctx) ⇒ Symbol

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the current state of the ctx.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

Returns:

  • (Symbol)

    The current state, will be one of the values defined by the mongocrypt_ctx_state enum.



845
# File 'lib/mongo/crypt/binding.rb', line 845

attach_function :mongocrypt_ctx_state, [:pointer], :mongocrypt_ctx_state

.mongocrypt_ctx_status(ctx, status) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set the status information from the mongocrypt_ctx_t object on the

mongocrypt_status_t object.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t object.

Returns:

  • (Boolean)

    Whether the status was successfully set.



448
# File 'lib/mongo/crypt/binding.rb', line 448

attach_function :mongocrypt_ctx_status, [:pointer, :pointer], :bool

.mongocrypt_destroy(crypt) ⇒ nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Destroy the reference the mongocrypt_t object.

Parameters:

  • crypt (FFI::Pointer)

    A pointer to a mongocrypt_t object.

Returns:

  • (nil)

    Always nil.



429
# File 'lib/mongo/crypt/binding.rb', line 429

attach_function :mongocrypt_destroy, [:pointer], :void

.mongocrypt_init(crypt) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initialize the mongocrypt_t object.

Parameters:

  • crypt (FFI::Pointer)

    A pointer to a mongocrypt_t object.

Returns:

  • (Boolean)

    Returns whether the crypt was initialized successfully.



400
# File 'lib/mongo/crypt/binding.rb', line 400

attach_function :mongocrypt_init, [:pointer], :bool

.mongocrypt_kms_ctx_bytes_needed(kms) ⇒ Integer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the number of bytes needed by the KMS context.

Parameters:

  • kms (FFI::Pointer)

    The mongocrypt_kms_ctx_t object.

Returns:

  • (Integer)

    The number of bytes needed.



1056
# File 'lib/mongo/crypt/binding.rb', line 1056

attach_function :mongocrypt_kms_ctx_bytes_needed, [:pointer], :int

.mongocrypt_kms_ctx_done(ctx) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Indicate to libmongocrypt that it will receive no more replies from

mongocrypt_kms_ctx_t objects.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

Returns:

  • (Boolean)

    Whether the operation was successful.



1179
# File 'lib/mongo/crypt/binding.rb', line 1179

attach_function :mongocrypt_ctx_kms_done, [:pointer], :bool

.mongocrypt_kms_ctx_endpoint(kms, endpoint) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the hostname with which to connect over TLS to get information about

the AWS master key.

Parameters:

  • kms (FFI::Pointer)

    A pointer to a mongocrypt_kms_ctx_t object.

  • endpoint (FFI::Pointer)

    (out param) A pointer to which the endpoint string will be written by libmongocrypt.

Returns:

  • (Boolean)

    Whether the operation was successful.



1029
# File 'lib/mongo/crypt/binding.rb', line 1029

attach_function :mongocrypt_kms_ctx_endpoint, [:pointer, :pointer], :bool

.mongocrypt_kms_ctx_fail(ctx) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



1142
# File 'lib/mongo/crypt/binding.rb', line 1142

attach_function :mongocrypt_kms_ctx_fail, [:pointer], :bool

.mongocrypt_kms_ctx_feed(kms, bytes) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Feed replies from the KMS back to libmongocrypt.

Parameters:

  • kms (FFI::Pointer)

    A pointer to the mongocrypt_kms_ctx_t object.

  • bytes (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the response from the KMS.

Returns:

  • (Boolean)

    Whether the operation was successful.



1075
# File 'lib/mongo/crypt/binding.rb', line 1075

attach_function :mongocrypt_kms_ctx_feed, [:pointer, :pointer], :bool

.mongocrypt_kms_ctx_get_kms_provider(crypt, kms_providers) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



955
956
957
958
959
# File 'lib/mongo/crypt/binding.rb', line 955

attach_function(
  :mongocrypt_kms_ctx_get_kms_provider,
  [:pointer, :pointer],
  :pointer
)

.mongocrypt_kms_ctx_message(kms, msg) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the message needed to fetch the AWS KMS master key.

Parameters:

  • kms (FFI::Pointer)

    Pointer to the mongocrypt_kms_ctx_t object

  • msg (FFI::Pointer)

    (outparam) Pointer to a mongocrypt_binary_t object that will have the location of the message written to it by libmongocrypt.

Returns:

  • (Boolean)

    Whether the operation is successful.



1000
# File 'lib/mongo/crypt/binding.rb', line 1000

attach_function :mongocrypt_kms_ctx_message, [:pointer, :pointer], :bool

.mongocrypt_kms_ctx_status(kms, status) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Write status information about the mongocrypt_kms_ctx_t object

to the mongocrypt_status_t object.

Parameters:

  • kms (FFI::Pointer)

    A pointer to the mongocrypt_kms_ctx_t object.

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t object.

Returns:

  • (Boolean)

    Whether the operation was successful.



1099
# File 'lib/mongo/crypt/binding.rb', line 1099

attach_function :mongocrypt_kms_ctx_status, [:pointer, :pointer], :bool

.mongocrypt_kms_ctx_usleep(ctx) ⇒ int64

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Indicates how long to sleep before sending KMS request.

Parameters:

  • ctx (FFI::Pointer)

    A pointer to a mongocrypt_ctx_t object.

Returns:

  • (int64)

    A 64-bit encoded number of microseconds of how long to sleep.



1123
# File 'lib/mongo/crypt/binding.rb', line 1123

attach_function :mongocrypt_kms_ctx_usleep, [:pointer], :int64

.mongocrypt_setopt_aes_256_ctr(crypt, aes_256_ctr_encrypt, aes_256_ctr_decrypt, ctx) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set a crypto hook for the AES256-CTR operations.

Parameters:

  • crypt (FFI::Pointer)

    A pointer to a mongocrypt_t object.

  • aes_enc_fn (Proc)

    An AES-CTR encryption method.

  • aes_dec_fn (Proc)

    An AES-CTR decryption method.

  • ctx (FFI::Pointer | nil)

    An optional pointer to a context object that may have been set when hooks were enabled.

Returns:

  • (Boolean)

    Whether setting this option succeeded.



1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
# File 'lib/mongo/crypt/binding.rb', line 1487

attach_function(
  :mongocrypt_setopt_aes_256_ctr,
  [
    :pointer,
    :mongocrypt_crypto_fn,
    :mongocrypt_crypto_fn,
    :pointer
  ],
  :bool
)

.mongocrypt_setopt_append_crypt_shared_lib_search_path(crypt, path) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



1525
1526
1527
1528
1529
1530
1531
1532
# File 'lib/mongo/crypt/binding.rb', line 1525

attach_function(
  :mongocrypt_setopt_append_crypt_shared_lib_search_path,
  [
    :pointer,
    :string,
  ],
  :void
)

.mongocrypt_setopt_bypass_query_analysis(crypt) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



1463
# File 'lib/mongo/crypt/binding.rb', line 1463

attach_function(:mongocrypt_setopt_bypass_query_analysis, [:pointer], :void)

.mongocrypt_setopt_crypto_hook_sign_rsaes_pkcs1_v1_5(crypt, sign_rsaes_pkcs1_v1_5, ctx = nil) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set a crypto hook for the RSASSA-PKCS1-v1_5 algorithm with a SHA-256 hash.

Parameters:

  • crypt (FFI::Pointer)

    A pointer to a mongocrypt_t object.

  • sign_rsaes_pkcs1_v1_5 (Proc)

    A RSASSA-PKCS1-v1_5 signing method.

  • ctx (FFI::Pointer | nil) (defaults to: nil)

    An optional pointer to a context object that may have been set when hooks were enabled.

Returns:

  • (Boolean)

    Whether setting this option succeeded.



1380
1381
1382
1383
1384
1385
1386
1387
1388
# File 'lib/mongo/crypt/binding.rb', line 1380

attach_function(
  :mongocrypt_setopt_crypto_hook_sign_rsaes_pkcs1_v1_5,
  [
    :pointer,
    :mongocrypt_hmac_fn,
    :pointer
  ],
  :bool
)

.mongocrypt_setopt_crypto_hooks(crypt, aes_enc_fn, aes_dec_fn, random_fn, sha_512_fn, sha_256_fn, hash_fn, ctx = nil) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set crypto hooks on the provided mongocrypt object.

Parameters:

  • crypt (FFI::Pointer)

    A pointer to a mongocrypt_t object.

  • aes_enc_fn (Proc)

    An AES encryption method.

  • aes_dec_fn (Proc)

    An AES decryption method.

  • random_fn (Proc)

    A random method.

  • sha_512_fn (Proc)

    A HMAC SHA-512 method.

  • sha_256_fn (Proc)

    A HMAC SHA-256 method.

  • hash_fn (Proc)

    A SHA-256 hash method.

  • ctx (FFI::Pointer | nil) (defaults to: nil)

    An optional pointer to a context object that may have been set when hooks were enabled.

Returns:

  • (Boolean)

    Whether setting this option succeeded.



1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
# File 'lib/mongo/crypt/binding.rb', line 1333

attach_function(
  :mongocrypt_setopt_crypto_hooks,
  [
    :pointer,
    :mongocrypt_crypto_fn,
    :mongocrypt_crypto_fn,
    :mongocrypt_random_fn,
    :mongocrypt_hmac_fn,
    :mongocrypt_hmac_fn,
    :mongocrypt_hash_fn,
    :pointer
  ],
  :bool
)

.mongocrypt_setopt_encrypted_field_config_map(crypt, efc_map) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



1422
1423
1424
1425
1426
1427
1428
1429
# File 'lib/mongo/crypt/binding.rb', line 1422

attach_function(
  :mongocrypt_setopt_encrypted_field_config_map,
  [
    :pointer,
    :pointer
  ],
  :bool
)

.mongocrypt_setopt_kms_providers(crypt, kms_providers) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

Do not initialize ctx before calling this method.

Configure KMS providers with a BSON document.

Parameters:

  • crypt (FFI::Pointer)

    A pointer to a mongocrypt_t object.

  • kms_providers (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references a BSON document mapping the KMS provider names to credentials.



344
345
346
347
348
# File 'lib/mongo/crypt/binding.rb', line 344

attach_function(
  :mongocrypt_setopt_kms_providers,
  [:pointer, :pointer],
  :bool
)

.mongocrypt_setopt_log_handler(crypt, log_fn, log_ctx = nil) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set the handler on the mongocrypt_t object to be called every time

libmongocrypt logs a message.

Parameters:

  • crypt (FFI::Pointer)

    A pointer to a mongocrypt_t object.

  • log_fn (Method)

    A logging callback method.

  • log_ctx (FFI::Pointer | nil) (defaults to: nil)

    An optional pointer to a context to be passed into the log callback on every invocation.

Returns:

  • (Boolean)

    Whether setting the callback was successful.



315
316
317
318
319
# File 'lib/mongo/crypt/binding.rb', line 315

attach_function(
  :mongocrypt_setopt_log_handler,
  [:pointer, :mongocrypt_log_fn_t, :pointer],
  :bool
)

.mongocrypt_setopt_retry_kms(crypt, enable) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



1160
# File 'lib/mongo/crypt/binding.rb', line 1160

attach_function :mongocrypt_setopt_retry_kms, [:pointer, :bool], :bool

.mongocrypt_setopt_schema_map(crypt, schema_map) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Sets a local schema map for encryption.

Parameters:

  • crypt (FFI::Pointer)

    A pointer to a mongocrypt_t object.

  • schema_map (FFI::Pointer)

    A pointer to a mongocrypt_binary_t. object that references the schema map as a BSON binary string.

Returns:

  • (Boolean)

    Returns whether the option was set successfully.



375
# File 'lib/mongo/crypt/binding.rb', line 375

attach_function :mongocrypt_setopt_schema_map, [:pointer, :pointer], :bool

.mongocrypt_setopt_set_crypt_shared_lib_path_override(crypt, path) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



1554
1555
1556
1557
1558
1559
1560
1561
# File 'lib/mongo/crypt/binding.rb', line 1554

attach_function(
  :mongocrypt_setopt_set_crypt_shared_lib_path_override,
  [
    :pointer,
    :string,
  ],
  :void
)

.mongocrypt_setopt_use_need_kms_credentials_state(crypt) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



1633
1634
1635
1636
1637
# File 'lib/mongo/crypt/binding.rb', line 1633

attach_function(
  :mongocrypt_setopt_use_need_kms_credentials_state,
  [ :pointer ],
  :void
)

.mongocrypt_status(crypt, status) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set the status information from the mongocrypt_t object on the

mongocrypt_status_t object.

Parameters:

  • crypt (FFI::Pointer)

    A pointer to a mongocrypt_t object.

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t object.

Returns:

  • (Boolean)

    Whether the status was successfully set.



421
# File 'lib/mongo/crypt/binding.rb', line 421

attach_function :mongocrypt_status, [:pointer, :pointer], :bool

.mongocrypt_status_code(status) ⇒ Integer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Return the status error code.

Parameters:

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t.

Returns:

  • (Integer)

    The status code.



243
# File 'lib/mongo/crypt/binding.rb', line 243

attach_function :mongocrypt_status_code, [:pointer], :int

.mongocrypt_status_destroy(status) ⇒ nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Destroys the reference to the mongocrypt_status_t object.

Parameters:

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t.

Returns:

  • (nil)

    Always nil.



269
# File 'lib/mongo/crypt/binding.rb', line 269

attach_function :mongocrypt_status_destroy, [:pointer], :void

.mongocrypt_status_message(status, len = nil) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns the status message.

Parameters:

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t.

  • len (FFI::Pointer | nil) (defaults to: nil)

    (out param) An optional pointer to a uint32, where the length of the retun string will be written.

Returns:

  • (String)

    The status message.



253
# File 'lib/mongo/crypt/binding.rb', line 253

attach_function :mongocrypt_status_message, [:pointer, :pointer], :string

.mongocrypt_status_newFFI::Pointer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Create a new mongocrypt_status_t object.

Returns:

  • (FFI::Pointer)

    A pointer to the new mongocrypt_status_ts.



209
# File 'lib/mongo/crypt/binding.rb', line 209

attach_function :mongocrypt_status_new, [], :pointer

.mongocrypt_status_ok(status) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns whether the status is ok or an error.

Parameters:

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t.

Returns:

  • (Boolean)

    Whether the status is ok.



261
# File 'lib/mongo/crypt/binding.rb', line 261

attach_function :mongocrypt_status_ok, [:pointer], :bool

.mongocrypt_status_set(status, type, code, message, len) ⇒ nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set a message, type, and code on an existing status.

Parameters:

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t.

  • type (Symbol)

    The status type; possible values are defined by the status_type enum.

  • code (Integer)

    The status code.

  • message (String)

    The status message.

  • len (Integer)

    The length of the message argument (or -1 for a null-terminated string).

Returns:

  • (nil)

    Always nil.



223
224
225
226
227
# File 'lib/mongo/crypt/binding.rb', line 223

attach_function(
  :mongocrypt_status_set,
  [:pointer, :status_type, :int, :string, :int],
  :void
)

.mongocrypt_status_type(status) ⇒ Symbol

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Indicates the status type.

Parameters:

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t.

Returns:

  • (Symbol)

    The status type (as defined by the status_type enum).



235
# File 'lib/mongo/crypt/binding.rb', line 235

attach_function :mongocrypt_status_type, [:pointer], :status_type

.mongocrypt_version(len) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns the version string of the libmongocrypt library.

Parameters:

  • len (FFI::Pointer | nil)

    (out param) An optional pointer to a uint8 that will reference the length of the returned string.

Returns:

  • (String)

    A version string for libmongocrypt.



95
# File 'lib/mongo/crypt/binding.rb', line 95

attach_function :mongocrypt_version, [:pointer], :string

.ongocrypt_newFFI::Pointer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Creates a new mongocrypt_t object.

Returns:

  • (FFI::Pointer)

    A pointer to a new mongocrypt_t object.



303
# File 'lib/mongo/crypt/binding.rb', line 303

attach_function :mongocrypt_new, [], :pointer

.parse_version(version) ⇒ Gem::Version

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Given a string representing a version number, parses it into a Gem::Version object. This handles the case where the string is not in a format supported by Gem::Version by doing some custom parsing.

Parameters:

  • version (String)

    String representing a version number.

Returns:

  • (Gem::Version)

    the version number

Raises:

  • (ArgumentError)

    if the string cannot be parsed.



108
109
110
111
112
113
114
115
116
117
118
119
120
121
# File 'lib/mongo/crypt/binding.rb', line 108

def self.parse_version(version)
  Gem::Version.new(version)
rescue ArgumentError
  match = version.match(/\A(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)?(-[A-Za-z\+\d]+)?\z/)
  raise ArgumentError.new("Malformed version number string #{version}") if match.nil?

  Gem::Version.new(
    [
      match[:major],
      match[:minor],
      match[:patch]
    ].join('.')
  )
end

.setopt_aes_256_ctr(handle, aes_ctr_encrypt_cb, aes_ctr_decrypt_cb) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set a crypto hook for the AES256-CTR operations.

Parameters:

  • handle (Mongo::Crypt::Handle)
  • aes_encrypt_cb (Method)

    An AES-CTR encryption method

  • aes_decrypt_cb (Method)

    A AES-CTR decryption method

Raises:



1505
1506
1507
1508
1509
1510
1511
# File 'lib/mongo/crypt/binding.rb', line 1505

def self.setopt_aes_256_ctr(handle, aes_ctr_encrypt_cb, aes_ctr_decrypt_cb)
  check_status(handle) do
    mongocrypt_setopt_aes_256_ctr(handle.ref,
      aes_ctr_encrypt_cb, aes_ctr_decrypt_cb, nil
    )
  end
end

.setopt_append_crypt_shared_lib_search_path(handle, path) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Append an additional search directory to the search path for loading

the crypt_shared dynamic library.

Parameters:



1539
1540
1541
1542
1543
# File 'lib/mongo/crypt/binding.rb', line 1539

def self.setopt_append_crypt_shared_lib_search_path(handle, path)
  check_status(handle) do
    mongocrypt_setopt_append_crypt_shared_lib_search_path(handle.ref, path)
  end
end

.setopt_bypass_query_analysis(handle) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Opt-into skipping query analysis.

If opted in:

  • The csfle shared library will not attempt to be loaded.

  • A mongocrypt_ctx_t will never enter the MONGOCRYPT_CTX_NEED_MARKINGS state.

Parameters:



1472
1473
1474
# File 'lib/mongo/crypt/binding.rb', line 1472

def self.setopt_bypass_query_analysis(handle)
  mongocrypt_setopt_bypass_query_analysis(handle.ref)
end

.setopt_crypto_hook_sign_rsaes_pkcs1_v1_5(handle, rsaes_pkcs_signature_cb) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set a crypto hook for the RSASSA-PKCS1-v1_5 algorithm with

a SHA-256 hash oh the Handle.

Parameters:

  • handle (Mongo::Crypt::Handle)
  • rsaes_pkcs_signature_cb (Method)

    A RSASSA-PKCS1-v1_5 signing method.

Raises:



1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
# File 'lib/mongo/crypt/binding.rb', line 1397

def self.setopt_crypto_hook_sign_rsaes_pkcs1_v1_5(
  handle,
  rsaes_pkcs_signature_cb
)
  check_status(handle) do
    mongocrypt_setopt_crypto_hook_sign_rsaes_pkcs1_v1_5(
      handle.ref,
      rsaes_pkcs_signature_cb,
      nil
    )
  end
end

.setopt_crypto_hooks(handle, aes_encrypt_cb, aes_decrypt_cb, random_cb, hmac_sha_512_cb, hmac_sha_256_cb, hmac_hash_cb) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set crypto callbacks on the Handle

Parameters:

  • handle (Mongo::Crypt::Handle)
  • aes_encrypt_cb (Method)

    An AES encryption method

  • aes_decrypt_cb (Method)

    A AES decryption method

  • random_cb (Method)

    A method that returns a string of random bytes

  • hmac_sha_512_cb (Method)

    A HMAC SHA-512 method

  • hmac_sha_256_cb (Method)

    A HMAC SHA-256 method

  • hmac_hash_cb (Method)

    A SHA-256 hash method

Raises:



1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
# File 'lib/mongo/crypt/binding.rb', line 1359

def self.setopt_crypto_hooks(handle,
  aes_encrypt_cb, aes_decrypt_cb, random_cb,
  hmac_sha_512_cb, hmac_sha_256_cb, hmac_hash_cb
)
  check_status(handle) do
    mongocrypt_setopt_crypto_hooks(handle.ref,
      aes_encrypt_cb, aes_decrypt_cb, random_cb,
      hmac_sha_512_cb, hmac_sha_256_cb, hmac_hash_cb, nil
    )
  end
end

.setopt_encrypted_field_config_map(handle, efc_map) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set a local EncryptedFieldConfigMap for encryption.

Parameters:

  • handle (Mongo::Crypt::Handle)
  • efc_map (BSON::Document)

    A BSON document representing the EncryptedFieldConfigMap supplied by the user. The keys are collection namespaces and values are EncryptedFieldConfigMap documents.

Raises:



1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
# File 'lib/mongo/crypt/binding.rb', line 1440

def self.setopt_encrypted_field_config_map(handle, efc_map)
  validate_document(efc_map)
  data = efc_map.to_bson.to_s
  Binary.wrap_string(data) do |data_p|
    check_status(handle) do
      mongocrypt_setopt_encrypted_field_config_map(
        handle.ref,
        data_p
      )
    end
  end
end

.setopt_kms_providers(handle, kms_providers) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set KMS providers options on the Mongo::Crypt::Handle object

Parameters:

  • handle (Mongo::Crypt::Handle)
  • kms_providers (BSON::Document)

    BSON document mapping the KMS provider names to credentials.

Raises:



357
358
359
360
361
362
363
364
365
# File 'lib/mongo/crypt/binding.rb', line 357

def self.setopt_kms_providers(handle, kms_providers)
  validate_document(kms_providers)
  data = kms_providers.to_bson.to_s
  Binary.wrap_string(data) do |data_p|
    check_status(handle) do
      mongocrypt_setopt_kms_providers(handle.ref, data_p)
    end
  end
end

.setopt_log_handler(handle, log_callback) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set the logger callback function on the Mongo::Crypt::Handle object

Parameters:

Raises:



327
328
329
330
331
# File 'lib/mongo/crypt/binding.rb', line 327

def self.setopt_log_handler(handle, log_callback)
  check_status(handle) do
    mongocrypt_setopt_log_handler(handle, log_callback, nil)
  end
end

.setopt_schema_map(handle, schema_map_doc) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set schema map on the Mongo::Crypt::Handle object

Parameters:

  • handle (Mongo::Crypt::Handle)
  • schema_map_doc (BSON::Document)

    The schema map as a BSON::Document object

Raises:



384
385
386
387
388
389
390
391
392
# File 'lib/mongo/crypt/binding.rb', line 384

def self.setopt_schema_map(handle, schema_map_doc)
  validate_document(schema_map_doc)
  data = schema_map_doc.to_bson.to_s
  Binary.wrap_string(data) do |data_p|
    check_status(handle) do
      mongocrypt_setopt_schema_map(handle.ref, data_p)
    end
  end
end

.setopt_set_crypt_shared_lib_path_override(handle, path) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Set a single override path for loading the crypt shared library.

Parameters:



1567
1568
1569
1570
1571
# File 'lib/mongo/crypt/binding.rb', line 1567

def self.setopt_set_crypt_shared_lib_path_override(handle, path)
  check_status(handle) do
    mongocrypt_setopt_set_crypt_shared_lib_path_override(handle.ref, path)
  end
end

.setopt_use_need_kms_credentials_state(handle) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Opt-into handling the MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS state.

If set, before entering the MONGOCRYPT_CTX_NEED_KMS state, contexts may enter the MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS state and then wait for credentials to be supplied through ‘mongocrypt_ctx_provide_kms_providers`.

A context will only enter MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS if an empty document was set for a KMS provider in ‘mongocrypt_setopt_kms_providers`.

Parameters:



1651
1652
1653
# File 'lib/mongo/crypt/binding.rb', line 1651

def self.setopt_use_need_kms_credentials_state(handle)
  mongocrypt_setopt_use_need_kms_credentials_state(handle.ref)
end

.validate_document(data) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

All BSON::Document instances are also Hash instances

Checks that the specified data is a Hash before serializing it to BSON to prevent errors from libmongocrypt

Parameters:

  • data (Object)

    The data to be passed to libmongocrypt

Raises:



1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
# File 'lib/mongo/crypt/binding.rb', line 1844

def self.validate_document(data)
  return if data.is_a?(Hash)

  if data.nil?
    message = "Attempted to pass nil data to libmongocrypt. " +
      "Data must be a Hash"
  else
    message = "Attempted to pass invalid data to libmongocrypt: #{data} " +
      "Data must be a Hash"
  end

  raise Error::CryptError.new(message)
end

.validate_version(lmc_version) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Validates if provided version of libmongocrypt is valid, i.e. equal or greater than minimum required version. Raises a LoadError if not.

Parameters:

  • lmc_version (String)

    String representing libmongocrypt version.

Raises:

  • (LoadError)

    if given version is lesser than minimum required version.



131
132
133
134
135
136
# File 'lib/mongo/crypt/binding.rb', line 131

def self.validate_version(lmc_version)
  if (actual_version = parse_version(lmc_version)) < MIN_LIBMONGOCRYPT_VERSION
    raise LoadError, "libmongocrypt version #{MIN_LIBMONGOCRYPT_VERSION} or above is required, " +
      "but version #{actual_version} was found."
  end
end

Instance Method Details

#mongocrypt_crypto_fn(ctx, key, iv, input, output, status) ⇒ Bool

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This defines a method signature for an FFI callback; it is not an instance method on the Binding class.

A callback to a function that performs AES encryption or decryption.

Parameters:

  • ctx (FFI::Pointer | nil)

    An optional pointer to a context object that may have been set when hooks were enabled.

  • key (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the 32-byte AES encryption key.

  • iv (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the 16-byte AES IV.

  • input (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the value to be encrypted/decrypted.

  • output (FFI::Pointer)

    (out param) A pointer to a mongocrypt_binary_t object will have a reference to the encrypted/ decrypted value written to it by libmongocrypt.

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t object to which an error message will be written if encryption fails.

Returns:

  • (Bool)

    Whether encryption/decryption was successful.



1251
1252
1253
1254
1255
# File 'lib/mongo/crypt/binding.rb', line 1251

callback(
  :mongocrypt_crypto_fn,
  [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer, :pointer],
  :bool
)

#mongocrypt_hash_fn(ctx, input, output, status) ⇒ Bool

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This defines a method signature for an FFI callback; it is not an instance method on the Binding class.

A callback to a SHA-256 hash function.

Parameters:

  • ctx (FFI::Pointer | nil)

    An optional pointer to a context object that may have been set when hooks were enabled.

  • input (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the value to be hashed.

  • output (FFI::Pointer)

    (out param) A pointer to a mongocrypt_binary_t object will have a reference to the output value written to it by libmongocrypt.

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t object to which an error message will be written if encryption fails.

Returns:

  • (Bool)

    Whether hashing was successful.



1299
# File 'lib/mongo/crypt/binding.rb', line 1299

callback :mongocrypt_hash_fn, [:pointer, :pointer, :pointer, :pointer], :bool

#mongocrypt_hmac_fn(ctx, key, input, output, status) ⇒ Bool

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This defines a method signature for an FFI callback; it is not an instance method on the Binding class.

A callback to a function that performs HMAC SHA-512 or SHA-256.

Parameters:

  • ctx (FFI::Pointer | nil)

    An optional pointer to a context object that may have been set when hooks were enabled.

  • key (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the 32-byte HMAC SHA encryption key.

  • input (FFI::Pointer)

    A pointer to a mongocrypt_binary_t object that references the input value.

  • output (FFI::Pointer)

    (out param) A pointer to a mongocrypt_binary_t object will have a reference to the output value written to it by libmongocrypt.

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t object to which an error message will be written if encryption fails.

Returns:

  • (Bool)

    Whether HMAC-SHA was successful.



1276
1277
1278
1279
1280
# File 'lib/mongo/crypt/binding.rb', line 1276

callback(
  :mongocrypt_hmac_fn,
  [:pointer, :pointer, :pointer, :pointer, :pointer],
  :bool
)

#mongocrypt_log_fn_t(level, message, len, ctx) ⇒ nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This defines a method signature for an FFI callback; it is not an instance method on the Binding class.

A callback to the mongocrypt log function. Set a custom log callback

with the mongocrypt_setopt_log_handler method

Parameters:

  • level (Symbol)

    The log level; possible values defined by the log_level enum

  • message (String)

    The log message

  • len (Integer)

    The length of the message param, or -1 if the string is null terminated

  • ctx (FFI::Pointer | nil)

    An optional pointer to a context object when this callback was set

Returns:

  • (nil)

    Always nil.



296
# File 'lib/mongo/crypt/binding.rb', line 296

callback :mongocrypt_log_fn_t, [:log_level, :string, :int, :pointer], :void

#mongocrypt_random_fn(ctx, output, count, status) ⇒ Bool

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This defines a method signature for an FFI callback; it is not an instance method on the Binding class.

A callback to a crypto secure random function.

Parameters:

  • ctx (FFI::Pointer | nil)

    An optional pointer to a context object that may have been set when hooks were enabled.

  • output (FFI::Pointer)

    (out param) A pointer to a mongocrypt_binary_t object will have a reference to the output value written to it by libmongocrypt.

  • count (Integer)

    The number of random bytes to return.

  • status (FFI::Pointer)

    A pointer to a mongocrypt_status_t object to which an error message will be written if encryption fails.

Returns:

  • (Bool)

    Whether hashing was successful.



1317
# File 'lib/mongo/crypt/binding.rb', line 1317

callback :mongocrypt_random_fn, [:pointer, :pointer, :int, :pointer], :bool