extern "C" {
#[doc = " Returns the version string for libmongocrypt.\n\n @param[out] len An optional length of the returned string. May be NULL.\n @returns a NULL terminated version string for libmongocrypt."]
pub fn mongocrypt_version(len: *mut u32) -> *const ::std::os::raw::c_char;
}
extern "C" {
#[doc = " Returns true if libmongocrypt was built with native crypto support.\n\n If libmongocrypt was not built with native crypto support, setting crypto\n hooks is required.\n\n @returns True if libmongocrypt was built with native crypto support."]
pub fn mongocrypt_is_crypto_available() -> bool;
}
#[doc = " A non-owning view of a byte buffer.\n\n When constructing a mongocrypt_binary_t it is the responsibility of the\n caller to maintain the lifetime of the viewed data. However, all public\n functions that take a mongocrypt_binary_t as an argument will make a copy of\n the viewed data. For example, the following is valid:\n\n @code{.c}\n mongocrypt_binary_t bin = mongocrypt_binary_new_from_data(mydata, mylen);\n assert (mongocrypt_setopt_kms_provider_local (crypt), bin);\n // The viewed data of bin has been copied. Ok to free the view and the data.\n mongocrypt_binary_destroy (bin);\n my_free_fn (mydata);\n @endcode\n\n Functions with a mongocrypt_binary_t* out guarantee the lifetime of the\n viewed data to live as long as the parent object. For example, @ref\n mongocrypt_ctx_mongo_op guarantees that the viewed data of\n mongocrypt_binary_t is valid until the parent ctx is destroyed with @ref\n mongocrypt_ctx_destroy.\n\n The `mongocrypt_binary_t` struct definition is public.\n Consumers may rely on the struct layout."]
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct _mongocrypt_binary_t {
pub data: *mut ::std::os::raw::c_void,
pub len: u32,
}
#[test]
fn bindgen_test_layout__mongocrypt_binary_t() {
const UNINIT: ::std::mem::MaybeUninit<_mongocrypt_binary_t> = ::std::mem::MaybeUninit::uninit();
let ptr = UNINIT.as_ptr();
assert_eq!(
::std::mem::size_of::<_mongocrypt_binary_t>(),
16usize,
concat!("Size of: ", stringify!(_mongocrypt_binary_t))
);
assert_eq!(
::std::mem::align_of::<_mongocrypt_binary_t>(),
8usize,
concat!("Alignment of ", stringify!(_mongocrypt_binary_t))
);
assert_eq!(
unsafe { ::std::ptr::addr_of!((*ptr).data) as usize - ptr as usize },
0usize,
concat!(
"Offset of field: ",
stringify!(_mongocrypt_binary_t),
"::",
stringify!(data)
)
);
assert_eq!(
unsafe { ::std::ptr::addr_of!((*ptr).len) as usize - ptr as usize },
8usize,
concat!(
"Offset of field: ",
stringify!(_mongocrypt_binary_t),
"::",
stringify!(len)
)
);
}
#[doc = " A non-owning view of a byte buffer.\n\n When constructing a mongocrypt_binary_t it is the responsibility of the\n caller to maintain the lifetime of the viewed data. However, all public\n functions that take a mongocrypt_binary_t as an argument will make a copy of\n the viewed data. For example, the following is valid:\n\n @code{.c}\n mongocrypt_binary_t bin = mongocrypt_binary_new_from_data(mydata, mylen);\n assert (mongocrypt_setopt_kms_provider_local (crypt), bin);\n // The viewed data of bin has been copied. Ok to free the view and the data.\n mongocrypt_binary_destroy (bin);\n my_free_fn (mydata);\n @endcode\n\n Functions with a mongocrypt_binary_t* out guarantee the lifetime of the\n viewed data to live as long as the parent object. For example, @ref\n mongocrypt_ctx_mongo_op guarantees that the viewed data of\n mongocrypt_binary_t is valid until the parent ctx is destroyed with @ref\n mongocrypt_ctx_destroy.\n\n The `mongocrypt_binary_t` struct definition is public.\n Consumers may rely on the struct layout."]
pub type mongocrypt_binary_t = _mongocrypt_binary_t;
extern "C" {
#[doc = " Create a new non-owning view of a buffer (data + length).\n\n Use this to create a mongocrypt_binary_t used for output parameters.\n\n @returns A new mongocrypt_binary_t."]
pub fn mongocrypt_binary_new() -> *mut mongocrypt_binary_t;
}
extern "C" {
#[doc = " Create a new non-owning view of a buffer (data + length).\n\n @param[in] data A pointer to an array of bytes. This data is not copied. @p\n data must outlive the binary object.\n @param[in] len The length of the @p data byte array.\n\n @returns A new @ref mongocrypt_binary_t."]
pub fn mongocrypt_binary_new_from_data(data: *mut u8, len: u32) -> *mut mongocrypt_binary_t;
}
extern "C" {
#[doc = " Get a pointer to the viewed data.\n\n @param[in] binary The @ref mongocrypt_binary_t.\n\n @returns A pointer to the viewed data."]
pub fn mongocrypt_binary_data(binary: *const mongocrypt_binary_t) -> *mut u8;
}
extern "C" {
#[doc = " Get the length of the viewed data.\n\n @param[in] binary The @ref mongocrypt_binary_t.\n\n @returns The length of the viewed data."]
pub fn mongocrypt_binary_len(binary: *const mongocrypt_binary_t) -> u32;
}
extern "C" {
#[doc = " Free the @ref mongocrypt_binary_t.\n\n This does not free the viewed data.\n\n @param[in] binary The mongocrypt_binary_t destroy."]
pub fn mongocrypt_binary_destroy(binary: *mut mongocrypt_binary_t);
}
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct _mongocrypt_status_t {
_unused: [u8; 0],
}
#[doc = " Indicates success or contains error information.\n\n Functions like @ref mongocrypt_ctx_encrypt_init follow a pattern to expose a\n status. A boolean is returned. True indicates success, and false indicates\n failure. On failure a status on the handle is set, and is accessible with a\n corresponding (handle)_status function. E.g. @ref mongocrypt_ctx_status."]
pub type mongocrypt_status_t = _mongocrypt_status_t;
pub const mongocrypt_status_type_t_MONGOCRYPT_STATUS_OK: mongocrypt_status_type_t = 0;
pub const mongocrypt_status_type_t_MONGOCRYPT_STATUS_ERROR_CLIENT: mongocrypt_status_type_t = 1;
pub const mongocrypt_status_type_t_MONGOCRYPT_STATUS_ERROR_KMS: mongocrypt_status_type_t = 2;
pub const mongocrypt_status_type_t_MONGOCRYPT_STATUS_ERROR_CRYPT_SHARED: mongocrypt_status_type_t =
3;
#[doc = " Indicates the type of error."]
pub type mongocrypt_status_type_t = ::std::os::raw::c_uint;
extern "C" {
#[doc = " Create a new status object.\n\n Use a new status object to retrieve the status from a handle by passing\n this as an out-parameter to functions like @ref mongocrypt_ctx_status.\n When done, destroy it with @ref mongocrypt_status_destroy.\n\n @returns A new status object."]
pub fn mongocrypt_status_new() -> *mut mongocrypt_status_t;
}
extern "C" {
#[doc = " Set a status object with message, type, and code.\n\n Use this to set the @ref mongocrypt_status_t given in the crypto hooks.\n\n @param[in] type The status type.\n @param[in] code The status code.\n @param[in] message The message.\n @param[in] message_len Due to historical behavior, pass 1 + the string length\n of @p message (which differs from other functions accepting string\n arguments).\n Alternatively, if message is NULL terminated this may be -1 to tell\n mongocrypt\n to determine the string's length with strlen.\n"]
pub fn mongocrypt_status_set(
status: *mut mongocrypt_status_t,
type_: mongocrypt_status_type_t,
code: u32,
message: *const ::std::os::raw::c_char,
message_len: i32,
);
}
extern "C" {
#[doc = " Indicates success or the type of error.\n\n @param[in] status The status object.\n\n @returns A @ref mongocrypt_status_type_t."]
pub fn mongocrypt_status_type(status: *mut mongocrypt_status_t) -> mongocrypt_status_type_t;
}
extern "C" {
#[doc = " Get an error code or 0.\n\n @param[in] status The status object.\n\n @returns An error code."]
pub fn mongocrypt_status_code(status: *mut mongocrypt_status_t) -> u32;
}
extern "C" {
#[doc = " Get the error message associated with a status or NULL.\n\n @param[in] status The status object.\n @param[out] len An optional length of the returned string (excluding the\n trailing NULL byte). May be NULL.\n\n @returns A NULL terminated error message or NULL."]
pub fn mongocrypt_status_message(
status: *mut mongocrypt_status_t,
len: *mut u32,
) -> *const ::std::os::raw::c_char;
}
extern "C" {
#[doc = " Returns true if the status indicates success.\n\n @param[in] status The status to check.\n\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_status_ok(status: *mut mongocrypt_status_t) -> bool;
}
extern "C" {
#[doc = " Free the memory for a status object.\n\n @param[in] status The status to destroy."]
pub fn mongocrypt_status_destroy(status: *mut mongocrypt_status_t);
}
pub const mongocrypt_log_level_t_MONGOCRYPT_LOG_LEVEL_FATAL: mongocrypt_log_level_t = 0;
pub const mongocrypt_log_level_t_MONGOCRYPT_LOG_LEVEL_ERROR: mongocrypt_log_level_t = 1;
pub const mongocrypt_log_level_t_MONGOCRYPT_LOG_LEVEL_WARNING: mongocrypt_log_level_t = 2;
pub const mongocrypt_log_level_t_MONGOCRYPT_LOG_LEVEL_INFO: mongocrypt_log_level_t = 3;
pub const mongocrypt_log_level_t_MONGOCRYPT_LOG_LEVEL_TRACE: mongocrypt_log_level_t = 4;
#[doc = " Indicates the type of log message."]
pub type mongocrypt_log_level_t = ::std::os::raw::c_uint;
#[doc = " A log callback function. Set a custom log callback with @ref\n mongocrypt_setopt_log_handler.\n\n @param[in] message A NULL terminated message.\n @param[in] message_len The length of message.\n @param[in] ctx A context provided by the caller of @ref\n mongocrypt_setopt_log_handler."]
pub type mongocrypt_log_fn_t = ::std::option::Option<
unsafe extern "C" fn(
level: mongocrypt_log_level_t,
message: *const ::std::os::raw::c_char,
message_len: u32,
ctx: *mut ::std::os::raw::c_void,
),
>;
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct _mongocrypt_t {
_unused: [u8; 0],
}
#[doc = " The top-level handle to libmongocrypt.\n\n Create a mongocrypt_t handle to perform operations within libmongocrypt:\n encryption, decryption, registering log callbacks, etc.\n\n Functions on a mongocrypt_t are thread safe, though functions on derived\n handles (e.g. mongocrypt_ctx_t) are not and must be owned by a single\n thread. See each handle's documentation for thread-safety considerations.\n\n Multiple mongocrypt_t handles may be created."]
pub type mongocrypt_t = _mongocrypt_t;
extern "C" {
#[doc = " Allocate a new @ref mongocrypt_t object.\n\n Set options using mongocrypt_setopt_* functions, then initialize with @ref\n mongocrypt_init. When done with the @ref mongocrypt_t, free with @ref\n mongocrypt_destroy.\n\n @returns A new @ref mongocrypt_t object."]
pub fn mongocrypt_new() -> *mut mongocrypt_t;
}
extern "C" {
#[doc = " Set a handler on the @ref mongocrypt_t object to get called on every log\n message.\n\n @param[in] crypt The @ref mongocrypt_t object.\n @param[in] log_fn The log callback.\n @param[in] log_ctx A context passed as an argument to the log callback every\n invocation.\n @pre @ref mongocrypt_init has not been called on @p crypt.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_setopt_log_handler(
crypt: *mut mongocrypt_t,
log_fn: mongocrypt_log_fn_t,
log_ctx: *mut ::std::os::raw::c_void,
) -> bool;
}
extern "C" {
#[doc = " Configure an AWS KMS provider on the @ref mongocrypt_t object.\n\n This has been superseded by the more flexible:\n @ref mongocrypt_setopt_kms_providers\n\n @param[in] crypt The @ref mongocrypt_t object.\n @param[in] aws_access_key_id The AWS access key ID used to generate KMS\n messages.\n @param[in] aws_access_key_id_len The string length (in bytes) of @p\n aws_access_key_id. Pass -1 to determine the string length with strlen (must\n be NULL terminated).\n @param[in] aws_secret_access_key The AWS secret access key used to generate\n KMS messages.\n @param[in] aws_secret_access_key_len The string length (in bytes) of @p\n aws_secret_access_key. Pass -1 to determine the string length with strlen\n (must be NULL terminated).\n @pre @ref mongocrypt_init has not been called on @p crypt.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_setopt_kms_provider_aws(
crypt: *mut mongocrypt_t,
aws_access_key_id: *const ::std::os::raw::c_char,
aws_access_key_id_len: i32,
aws_secret_access_key: *const ::std::os::raw::c_char,
aws_secret_access_key_len: i32,
) -> bool;
}
extern "C" {
#[doc = " Configure a local KMS provider on the @ref mongocrypt_t object.\n\n This has been superseded by the more flexible:\n @ref mongocrypt_setopt_kms_providers\n\n @param[in] crypt The @ref mongocrypt_t object.\n @param[in] key A 96 byte master key used to encrypt and decrypt key vault\n keys. The viewed data is copied. It is valid to destroy @p key with @ref\n mongocrypt_binary_destroy immediately after.\n @pre @ref mongocrypt_init has not been called on @p crypt.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_setopt_kms_provider_local(
crypt: *mut mongocrypt_t,
key: *mut mongocrypt_binary_t,
) -> bool;
}
extern "C" {
#[doc = " Configure KMS providers with a BSON document.\n\n @param[in] crypt The @ref mongocrypt_t object.\n @param[in] kms_providers A BSON document mapping the KMS provider names\n to credentials. Set a KMS provider value to an empty document to supply\n credentials on-demand with @ref mongocrypt_ctx_provide_kms_providers.\n @pre @ref mongocrypt_init has not been called on @p crypt.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_setopt_kms_providers(
crypt: *mut mongocrypt_t,
kms_providers: *mut mongocrypt_binary_t,
) -> bool;
}
extern "C" {
#[doc = " Set a local schema map for encryption.\n\n @param[in] crypt The @ref mongocrypt_t object.\n @param[in] schema_map A BSON document representing the schema map supplied by\n the user. The keys are collection namespaces and values are JSON schemas. The\n viewed data copied. It is valid to destroy @p schema_map with @ref\n mongocrypt_binary_destroy immediately after.\n @pre @p crypt has not been initialized.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_status"]
pub fn mongocrypt_setopt_schema_map(
crypt: *mut mongocrypt_t,
schema_map: *mut mongocrypt_binary_t,
) -> bool;
}
extern "C" {
#[doc = " Set a local EncryptedFieldConfigMap for encryption.\n\n @param[in] crypt The @ref mongocrypt_t object.\n @param[in] efc_map A BSON document representing the EncryptedFieldConfigMap\n supplied by the user. The keys are collection namespaces and values are\n EncryptedFieldConfigMap documents. The viewed data copied. It is valid to\n destroy @p efc_map with @ref mongocrypt_binary_destroy immediately after.\n @pre @p crypt has not been initialized.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_status"]
pub fn mongocrypt_setopt_encrypted_field_config_map(
crypt: *mut mongocrypt_t,
efc_map: *mut mongocrypt_binary_t,
) -> bool;
}
extern "C" {
#[doc = " @brief Append an additional search directory to the search path for loading\n the crypt_shared dynamic library.\n\n @param[in] crypt The @ref mongocrypt_t object to update\n @param[in] path A null-terminated sequence of bytes for the search path. On\n some filesystems, this may be arbitrary bytes. On other filesystems, this may\n be required to be a valid UTF-8 code unit sequence. If the leading element of\n the path is the literal string \"$ORIGIN\", that substring will be replaced\n with the directory path containing the executable libmongocrypt module. If\n the path string is literal \"$SYSTEM\", then libmongocrypt will defer to the\n system's library resolution mechanism to find the crypt_shared library.\n\n @note If no crypt_shared dynamic library is found in any of the directories\n specified by the search paths loaded here, @ref mongocrypt_init() will still\n succeed and continue to operate without crypt_shared.\n\n @note The search paths are searched in the order that they are appended. This\n allows one to provide a precedence in how the library will be discovered. For\n example, appending known directories before appending \"$SYSTEM\" will allow\n one to supersede the system's installed library, but still fall-back to it if\n the library wasn't found otherwise. If one does not ever append \"$SYSTEM\",\n then the system's library-search mechanism will never be consulted.\n\n @note If an absolute path to the library is specified using\n @ref mongocrypt_setopt_set_crypt_shared_lib_path_override, then paths\n appended here will have no effect."]
pub fn mongocrypt_setopt_append_crypt_shared_lib_search_path(
crypt: *mut mongocrypt_t,
path: *const ::std::os::raw::c_char,
);
}
extern "C" {
#[doc = " @brief Set a single override path for loading the crypt_shared dynamic\n library.\n\n @param[in] crypt The @ref mongocrypt_t object to update\n @param[in] path A null-terminated sequence of bytes for a path to the\n crypt_shared dynamic library. On some filesystems, this may be arbitrary\n bytes. On other filesystems, this may be required to be a valid UTF-8 code\n unit sequence. If the leading element of the path is the literal string\n `$ORIGIN`, that substring will be replaced with the directory path containing\n the executable libmongocrypt module.\n\n @note This function will do no IO nor path validation. All validation will\n occur during the call to @ref mongocrypt_init.\n\n @note If a crypt_shared library path override is specified here, then no\n paths given to @ref mongocrypt_setopt_append_crypt_shared_lib_search_path\n will be consulted when opening the crypt_shared library.\n\n @note If a path is provided via this API and @ref mongocrypt_init fails to\n initialize a valid crypt_shared library instance for the path specified, then\n the initialization of mongocrypt_t will fail with an error."]
pub fn mongocrypt_setopt_set_crypt_shared_lib_path_override(
crypt: *mut mongocrypt_t,
path: *const ::std::os::raw::c_char,
);
}
extern "C" {
#[doc = " @brief Opt-into handling the MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS state.\n\n If set, before entering the MONGOCRYPT_CTX_NEED_KMS state,\n contexts may enter the MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS state\n and then wait for credentials to be supplied through\n @ref mongocrypt_ctx_provide_kms_providers.\n\n A context will only enter MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS\n if an empty document was set for a KMS provider in @ref\n mongocrypt_setopt_kms_providers.\n\n @param[in] crypt The @ref mongocrypt_t object to update"]
pub fn mongocrypt_setopt_use_need_kms_credentials_state(crypt: *mut mongocrypt_t);
}
extern "C" {
#[doc = " @brief Opt-into handling the MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB state.\n\n A context enters the MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB state when\n processing a `bulkWrite` command. The target database of the `bulkWrite` may differ from the command database\n (\"admin\").\n\n @param[in] crypt The @ref mongocrypt_t object to update"]
pub fn mongocrypt_setopt_use_need_mongo_collinfo_with_db_state(crypt: *mut mongocrypt_t);
}
extern "C" {
#[doc = " Initialize new @ref mongocrypt_t object.\n\n Set options before using @ref mongocrypt_setopt_kms_provider_local, @ref\n mongocrypt_setopt_kms_provider_aws, or @ref mongocrypt_setopt_log_handler.\n\n @param[in] crypt The @ref mongocrypt_t object.\n\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status Failure may occur if previously\n set\n options are invalid."]
pub fn mongocrypt_init(crypt: *mut mongocrypt_t) -> bool;
}
extern "C" {
#[doc = " Get the status associated with a @ref mongocrypt_t object.\n\n @param[in] crypt The @ref mongocrypt_t object.\n @param[out] status Receives the status.\n\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_status(crypt: *mut mongocrypt_t, status: *mut mongocrypt_status_t) -> bool;
}
extern "C" {
#[doc = " Destroy the @ref mongocrypt_t object.\n\n @param[in] crypt The @ref mongocrypt_t object to destroy."]
pub fn mongocrypt_destroy(crypt: *mut mongocrypt_t);
}
extern "C" {
#[doc = " Obtain a nul-terminated version string of the loaded crypt_shared dynamic\n library, if available.\n\n If no crypt_shared was successfully loaded, this function returns NULL.\n\n @param[in] crypt The mongocrypt_t object after a successful call to\n mongocrypt_init.\n @param[out] len An optional output parameter to which the length of the\n returned string is written. If provided and no crypt_shared library was\n loaded, zero is written to *len.\n\n @return A nul-terminated string of the dynamically loaded crypt_shared\n library.\n\n @note For a numeric value that can be compared against, use\n @ref mongocrypt_crypt_shared_lib_version."]
pub fn mongocrypt_crypt_shared_lib_version_string(
crypt: *const mongocrypt_t,
len: *mut u32,
) -> *const ::std::os::raw::c_char;
}
extern "C" {
#[doc = " @brief Obtain a 64-bit constant encoding the version of the loaded\n crypt_shared library, if available.\n\n @param[in] crypt The mongocrypt_t object after a successul call to\n mongocrypt_init.\n\n @return A 64-bit encoded version number, with the version encoded as four\n sixteen-bit integers, or zero if no crypt_shared library was loaded.\n\n The version is encoded as four 16-bit numbers, from high to low:\n\n - Major version\n - Minor version\n - Revision\n - Reserved\n\n For example, version 6.2.1 would be encoded as: 0x0006'0002'0001'0000"]
pub fn mongocrypt_crypt_shared_lib_version(crypt: *const mongocrypt_t) -> u64;
}
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct _mongocrypt_ctx_t {
_unused: [u8; 0],
}
#[doc = " Manages the state machine for encryption or decryption."]
pub type mongocrypt_ctx_t = _mongocrypt_ctx_t;
extern "C" {
#[doc = " Create a new uninitialized @ref mongocrypt_ctx_t.\n\n Initialize the context with functions like @ref mongocrypt_ctx_encrypt_init.\n When done, destroy it with @ref mongocrypt_ctx_destroy.\n\n @param[in] crypt The @ref mongocrypt_t object.\n @returns A new context."]
pub fn mongocrypt_ctx_new(crypt: *mut mongocrypt_t) -> *mut mongocrypt_ctx_t;
}
extern "C" {
#[doc = " Get the status associated with a @ref mongocrypt_ctx_t object.\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @param[out] status Receives the status.\n\n @returns True if the output is an ok status, false if it is an error\n status.\n\n @see mongocrypt_status_ok"]
pub fn mongocrypt_ctx_status(
ctx: *mut mongocrypt_ctx_t,
status: *mut mongocrypt_status_t,
) -> bool;
}
extern "C" {
#[doc = " Set the key id to use for explicit encryption.\n\n It is an error to set both this and the key alt name.\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @param[in] key_id The binary corresponding to the _id (a UUID) of the data\n key to use from the key vault collection. Note, the UUID must be encoded with\n RFC-4122 byte order. The viewed data is copied. It is valid to destroy\n @p key_id with @ref mongocrypt_binary_destroy immediately after.\n @pre @p ctx has not been initialized.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_ctx_setopt_key_id(
ctx: *mut mongocrypt_ctx_t,
key_id: *mut mongocrypt_binary_t,
) -> bool;
}
extern "C" {
#[doc = " Set the keyAltName to use for explicit encryption or\n data key creation.\n\n Pass the binary encoding a BSON document like the following:\n\n { \"keyAltName\" : (BSON UTF8 value) }\n\n For explicit encryption, it is an error to set both the keyAltName\n and the key id.\n\n For creating data keys, call this function repeatedly to set\n multiple keyAltNames.\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @param[in] key_alt_name The name to use. The viewed data is copied. It is\n valid to destroy @p key_alt_name with @ref mongocrypt_binary_destroy\n immediately after.\n @pre @p ctx has not been initialized.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_ctx_setopt_key_alt_name(
ctx: *mut mongocrypt_ctx_t,
key_alt_name: *mut mongocrypt_binary_t,
) -> bool;
}
extern "C" {
#[doc = " Set the keyMaterial to use for encrypting data.\n\n Pass the binary encoding of a BSON document like the following:\n\n { \"keyMaterial\" : (BSON BINARY value) }\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @param[in] key_material The data encryption key to use. The viewed data is\n copied. It is valid to destroy @p key_material with @ref\n mongocrypt_binary_destroy immediately after.\n @pre @p ctx has not been initialized.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_ctx_setopt_key_material(
ctx: *mut mongocrypt_ctx_t,
key_material: *mut mongocrypt_binary_t,
) -> bool;
}
extern "C" {
#[doc = " Set the algorithm used for encryption to either\n deterministic or random encryption. This value\n should only be set when using explicit encryption.\n\n If -1 is passed in for \"len\", then \"algorithm\" is\n assumed to be a null-terminated string.\n\n Valid values for algorithm are:\n \"AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic\"\n \"AEAD_AES_256_CBC_HMAC_SHA_512-Random\"\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @param[in] algorithm A string specifying the algorithm to\n use for encryption.\n @param[in] len The length of the algorithm string.\n @pre @p ctx has not been initialized.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_ctx_setopt_algorithm(
ctx: *mut mongocrypt_ctx_t,
algorithm: *const ::std::os::raw::c_char,
len: ::std::os::raw::c_int,
) -> bool;
}
extern "C" {
#[doc = " Identify the AWS KMS master key to use for creating a data key.\n\n This has been superseded by the more flexible:\n @ref mongocrypt_ctx_setopt_key_encryption_key\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @param[in] region The AWS region.\n @param[in] region_len The string length of @p region. Pass -1 to determine\n the string length with strlen (must be NULL terminated).\n @param[in] cmk The Amazon Resource Name (ARN) of the customer master key\n (CMK).\n @param[in] cmk_len The string length of @p cmk_len. Pass -1 to determine the\n string length with strlen (must be NULL terminated).\n @pre @p ctx has not been initialized.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_ctx_setopt_masterkey_aws(
ctx: *mut mongocrypt_ctx_t,
region: *const ::std::os::raw::c_char,
region_len: i32,
cmk: *const ::std::os::raw::c_char,
cmk_len: i32,
) -> bool;
}
extern "C" {
#[doc = " Identify a custom AWS endpoint when creating a data key.\n This is used internally to construct the correct HTTP request\n (with the Host header set to this endpoint). This endpoint\n is persisted in the new data key, and will be returned via\n @ref mongocrypt_kms_ctx_endpoint.\n\n This has been superseded by the more flexible:\n @ref mongocrypt_ctx_setopt_key_encryption_key\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @param[in] endpoint The endpoint.\n @param[in] endpoint_len The string length of @p endpoint. Pass -1 to\n determine the string length with strlen (must be NULL terminated).\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_ctx_setopt_masterkey_aws_endpoint(
ctx: *mut mongocrypt_ctx_t,
endpoint: *const ::std::os::raw::c_char,
endpoint_len: i32,
) -> bool;
}
extern "C" {
#[doc = " Set the master key to \"local\" for creating a data key.\n This has been superseded by the more flexible:\n @ref mongocrypt_ctx_setopt_key_encryption_key\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @pre @p ctx has not been initialized.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_ctx_setopt_masterkey_local(ctx: *mut mongocrypt_ctx_t) -> bool;
}
extern "C" {
#[doc = " Set key encryption key document for creating a data key or for rewrapping\n datakeys.\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @param[in] bin BSON representing the key encryption key document with\n an additional \"provider\" field. The following forms are accepted:\n\n AWS\n {\n provider: \"aws\",\n region: <string>,\n key: <string>,\n endpoint: <optional string>\n }\n\n Azure\n {\n provider: \"azure\",\n keyVaultEndpoint: <string>,\n keyName: <string>,\n keyVersion: <optional string>\n }\n\n GCP\n {\n provider: \"gcp\",\n projectId: <string>,\n location: <string>,\n keyRing: <string>,\n keyName: <string>,\n keyVersion: <optional string>,\n endpoint: <optional string>\n }\n\n Local\n {\n provider: \"local\"\n }\n\n KMIP\n {\n provider: \"kmip\",\n keyId: <optional string>\n endpoint: <string>\n }\n\n @pre @p ctx has not been initialized.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status."]
pub fn mongocrypt_ctx_setopt_key_encryption_key(
ctx: *mut mongocrypt_ctx_t,
bin: *mut mongocrypt_binary_t,
) -> bool;
}
extern "C" {
#[doc = " Initialize a context to create a data key.\n\n Associated options:\n - @ref mongocrypt_ctx_setopt_masterkey_aws\n - @ref mongocrypt_ctx_setopt_masterkey_aws_endpoint\n - @ref mongocrypt_ctx_setopt_masterkey_local\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status\n @pre A master key option has been set, and an associated KMS provider\n has been set on the parent @ref mongocrypt_t."]
pub fn mongocrypt_ctx_datakey_init(ctx: *mut mongocrypt_ctx_t) -> bool;
}
extern "C" {
#[doc = " Initialize a context for encryption.\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @param[in] db The database name.\n @param[in] db_len The byte length of @p db. Pass -1 to determine the string\n length with strlen (must\n be NULL terminated).\n @param[in] cmd The BSON command to be encrypted. The viewed data is copied.\n It is valid to destroy @p cmd with @ref mongocrypt_binary_destroy immediately\n after.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_ctx_encrypt_init(
ctx: *mut mongocrypt_ctx_t,
db: *const ::std::os::raw::c_char,
db_len: i32,
cmd: *mut mongocrypt_binary_t,
) -> bool;
}
extern "C" {
#[doc = " Explicit helper method to encrypt a single BSON object. Contexts\n created for explicit encryption will not go through mongocryptd.\n\n To specify a key_id, algorithm, or iv to use, please use the\n corresponding mongocrypt_setopt methods before calling this.\n\n This method expects the passed-in BSON to be of the form:\n { \"v\" : BSON value to encrypt }\n\n The value of \"v\" is expected to be the BSON value passed to a driver\n ClientEncryption.encrypt helper.\n\n Associated options for FLE 1:\n - @ref mongocrypt_ctx_setopt_key_id\n - @ref mongocrypt_ctx_setopt_key_alt_name\n - @ref mongocrypt_ctx_setopt_algorithm\n\n Associated options for Queryable Encryption:\n - @ref mongocrypt_ctx_setopt_key_id\n - @ref mongocrypt_ctx_setopt_index_key_id\n - @ref mongocrypt_ctx_setopt_contention_factor\n - @ref mongocrypt_ctx_setopt_query_type\n - @ref mongocrypt_ctx_setopt_algorithm_range\n\n An error is returned if FLE 1 and Queryable Encryption incompatible options\n are set.\n\n @param[in] ctx A @ref mongocrypt_ctx_t.\n @param[in] msg A @ref mongocrypt_binary_t the plaintext BSON value. The\n viewed data is copied. It is valid to destroy @p msg with @ref\n mongocrypt_binary_destroy immediately after.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_ctx_explicit_encrypt_init(
ctx: *mut mongocrypt_ctx_t,
msg: *mut mongocrypt_binary_t,
) -> bool;
}
extern "C" {
#[doc = " Explicit helper method to encrypt a Match Expression or Aggregate Expression.\n Contexts created for explicit encryption will not go through mongocryptd.\n Requires query_type to be \"range\".\n\n This method expects the passed-in BSON to be of the form:\n { \"v\" : FLE2RangeFindDriverSpec }\n\n FLE2RangeFindDriverSpec is a BSON document with one of these forms:\n\n 1. A Match Expression of this form:\n {$and: [{<field>: {<op>: <value1>, {<field>: {<op>: <value2> }}]}\n 2. An Aggregate Expression of this form:\n {$and: [{<op>: [<fieldpath>, <value1>]}, {<op>: [<fieldpath>, <value2>]}]\n\n <op> may be $lt, $lte, $gt, or $gte.\n\n The value of \"v\" is expected to be the BSON value passed to a driver\n ClientEncryption.encryptExpression helper.\n\n Associated options for FLE 1:\n - @ref mongocrypt_ctx_setopt_key_id\n - @ref mongocrypt_ctx_setopt_key_alt_name\n - @ref mongocrypt_ctx_setopt_algorithm\n\n Associated options for Queryable Encryption:\n - @ref mongocrypt_ctx_setopt_key_id\n - @ref mongocrypt_ctx_setopt_index_key_id\n - @ref mongocrypt_ctx_setopt_contention_factor\n - @ref mongocrypt_ctx_setopt_query_type\n - @ref mongocrypt_ctx_setopt_algorithm_range\n\n An error is returned if FLE 1 and Queryable Encryption incompatible options\n are set.\n\n @param[in] ctx A @ref mongocrypt_ctx_t.\n @param[in] msg A @ref mongocrypt_binary_t the plaintext BSON value. The\n viewed data is copied. It is valid to destroy @p msg with @ref\n mongocrypt_binary_destroy immediately after.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_ctx_explicit_encrypt_expression_init(
ctx: *mut mongocrypt_ctx_t,
msg: *mut mongocrypt_binary_t,
) -> bool;
}
extern "C" {
#[doc = " Initialize a context for decryption.\n\n This method expects the passed-in BSON to be of the form:\n { \"v\" : BSON value to encrypt }\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @param[in] doc The document to be decrypted. The viewed data is copied. It is\n valid to destroy @p doc with @ref mongocrypt_binary_destroy immediately\n after.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_ctx_decrypt_init(
ctx: *mut mongocrypt_ctx_t,
doc: *mut mongocrypt_binary_t,
) -> bool;
}
extern "C" {
#[doc = " Explicit helper method to decrypt a single BSON object.\n\n Pass the binary encoding of a BSON document containing the BSON value to\n encrypt like the following:\n\n { \"v\" : (BSON BINARY value of subtype 6) }\n\n @param[in] ctx A @ref mongocrypt_ctx_t.\n @param[in] msg A @ref mongocrypt_binary_t the encrypted BSON. The viewed data\n is copied. It is valid to destroy @p msg with @ref mongocrypt_binary_destroy\n immediately after."]
pub fn mongocrypt_ctx_explicit_decrypt_init(
ctx: *mut mongocrypt_ctx_t,
msg: *mut mongocrypt_binary_t,
) -> bool;
}
extern "C" {
#[doc = " @brief Initialize a context to rewrap datakeys.\n\n Associated options:\n - @ref mongocrypt_ctx_setopt_key_encryption_key\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @param[in] filter The filter to use for the find command on the key vault\n collection to retrieve datakeys to rewrap.\n @return A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status."]
pub fn mongocrypt_ctx_rewrap_many_datakey_init(
ctx: *mut mongocrypt_ctx_t,
filter: *mut mongocrypt_binary_t,
) -> bool;
}
pub const mongocrypt_ctx_state_t_MONGOCRYPT_CTX_ERROR: mongocrypt_ctx_state_t = 0;
pub const mongocrypt_ctx_state_t_MONGOCRYPT_CTX_NEED_MONGO_COLLINFO: mongocrypt_ctx_state_t = 1;
pub const mongocrypt_ctx_state_t_MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB:
mongocrypt_ctx_state_t = 8;
pub const mongocrypt_ctx_state_t_MONGOCRYPT_CTX_NEED_MONGO_MARKINGS: mongocrypt_ctx_state_t = 2;
pub const mongocrypt_ctx_state_t_MONGOCRYPT_CTX_NEED_MONGO_KEYS: mongocrypt_ctx_state_t = 3;
pub const mongocrypt_ctx_state_t_MONGOCRYPT_CTX_NEED_KMS: mongocrypt_ctx_state_t = 4;
pub const mongocrypt_ctx_state_t_MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS: mongocrypt_ctx_state_t = 7;
pub const mongocrypt_ctx_state_t_MONGOCRYPT_CTX_READY: mongocrypt_ctx_state_t = 5;
pub const mongocrypt_ctx_state_t_MONGOCRYPT_CTX_DONE: mongocrypt_ctx_state_t = 6;
#[doc = " Indicates the state of the @ref mongocrypt_ctx_t. Each state requires\n different handling. See [the integration\n guide](https://github.com/mongodb/libmongocrypt/blob/master/integrating.md#state-machine)\n for information on what to do for each state."]
pub type mongocrypt_ctx_state_t = ::std::os::raw::c_uint;
extern "C" {
#[doc = " Get the current state of a context.\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @returns A @ref mongocrypt_ctx_state_t."]
pub fn mongocrypt_ctx_state(ctx: *mut mongocrypt_ctx_t) -> mongocrypt_ctx_state_t;
}
extern "C" {
#[doc = " Get BSON necessary to run the mongo operation when mongocrypt_ctx_t\n is in MONGOCRYPT_CTX_NEED_MONGO_* states.\n\n @p op_bson is a BSON document to be used for the operation.\n - For MONGOCRYPT_CTX_NEED_MONGO_COLLINFO(_WITH_DB) it is a listCollections filter.\n - For MONGOCRYPT_CTX_NEED_MONGO_KEYS it is a find filter.\n - For MONGOCRYPT_CTX_NEED_MONGO_MARKINGS it is a command to send to\n mongocryptd.\n\n The lifetime of @p op_bson is tied to the lifetime of @p ctx. It is valid\n until @ref mongocrypt_ctx_destroy is called.\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @param[out] op_bson A BSON document for the MongoDB operation. The data\n viewed by @p op_bson is guaranteed to be valid until @p ctx is destroyed with\n @ref mongocrypt_ctx_destroy.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_ctx_mongo_op(
ctx: *mut mongocrypt_ctx_t,
op_bson: *mut mongocrypt_binary_t,
) -> bool;
}
extern "C" {
#[doc = " Get the database to run the mongo operation.\n\n Only applies when mongocrypt_ctx_t is in the state:\n MONGOCRYPT_CTX_NEED_MONGO_COLLINFO_WITH_DB.\n\n The lifetime of the returned string is tied to the lifetime of @p ctx. It is\n valid until @ref mongocrypt_ctx_destroy is called.\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @returns A string or NULL. If NULL, an error status is set. Retrieve it with\n @ref mongocrypt_ctx_status"]
pub fn mongocrypt_ctx_mongo_db(ctx: *mut mongocrypt_ctx_t) -> *const ::std::os::raw::c_char;
}
extern "C" {
#[doc = " Feed a BSON reply or result when mongocrypt_ctx_t is in\n MONGOCRYPT_CTX_NEED_MONGO_* states. This may be called multiple times\n depending on the operation.\n\n reply is a BSON document result being fed back for this operation.\n - For MONGOCRYPT_CTX_NEED_MONGO_COLLINFO(_WITH_DB) it is a doc from a listCollections\n cursor. (Note, if listCollections returned no result, do not call this\n function.)\n - For MONGOCRYPT_CTX_NEED_MONGO_KEYS it is a doc from a find cursor.\n (Note, if find returned no results, do not call this function. reply must\n not\n be NULL.)\n - For MONGOCRYPT_CTX_NEED_MONGO_MARKINGS it is a reply from mongocryptd.\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @param[in] reply A BSON document for the MongoDB operation. The viewed data\n is copied. It is valid to destroy @p reply with @ref\n mongocrypt_binary_destroy immediately after.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_ctx_mongo_feed(
ctx: *mut mongocrypt_ctx_t,
reply: *mut mongocrypt_binary_t,
) -> bool;
}
extern "C" {
#[doc = " Call when done feeding the reply (or replies) back to the context.\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_ctx_mongo_done(ctx: *mut mongocrypt_ctx_t) -> bool;
}
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct _mongocrypt_kms_ctx_t {
_unused: [u8; 0],
}
#[doc = " Manages a single KMS HTTP request/response."]
pub type mongocrypt_kms_ctx_t = _mongocrypt_kms_ctx_t;
extern "C" {
#[doc = " Get the next KMS handle.\n\n Multiple KMS handles may be retrieved at once. Drivers may do this to fan\n out multiple concurrent KMS HTTP requests. Feeding multiple KMS requests\n is thread-safe.\n\n If KMS handles are being handled synchronously, the driver can reuse the same\n TLS socket to send HTTP requests and receive responses.\n\n @param[in] ctx A @ref mongocrypt_ctx_t.\n @returns a new @ref mongocrypt_kms_ctx_t or NULL."]
pub fn mongocrypt_ctx_next_kms_ctx(ctx: *mut mongocrypt_ctx_t) -> *mut mongocrypt_kms_ctx_t;
}
extern "C" {
#[doc = " Get the HTTP request message for a KMS handle.\n\n The lifetime of @p msg is tied to the lifetime of @p kms. It is valid\n until @ref mongocrypt_ctx_kms_done is called.\n\n @param[in] kms A @ref mongocrypt_kms_ctx_t.\n @param[out] msg The HTTP request to send to KMS. The data viewed by @p msg is\n guaranteed to be valid until the call of @ref mongocrypt_ctx_kms_done of the\n parent @ref mongocrypt_ctx_t.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_kms_ctx_status"]
pub fn mongocrypt_kms_ctx_message(
kms: *mut mongocrypt_kms_ctx_t,
msg: *mut mongocrypt_binary_t,
) -> bool;
}
extern "C" {
#[doc = " Get the hostname from which to connect over TLS.\n\n The storage for @p endpoint is not owned by the caller, but\n is valid until calling @ref mongocrypt_ctx_kms_done.\n\n @param[in] kms A @ref mongocrypt_kms_ctx_t.\n @param[out] endpoint The output endpoint as a NULL terminated string.\n The endpoint consists of a hostname and port separated by a colon.\n E.g. \"example.com:123\". A port is always present.\n\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_kms_ctx_status"]
pub fn mongocrypt_kms_ctx_endpoint(
kms: *mut mongocrypt_kms_ctx_t,
endpoint: *mut *const ::std::os::raw::c_char,
) -> bool;
}
extern "C" {
#[doc = " Indicates how many bytes to feed into @ref mongocrypt_kms_ctx_feed.\n\n @param[in] kms The @ref mongocrypt_kms_ctx_t.\n @returns The number of requested bytes."]
pub fn mongocrypt_kms_ctx_bytes_needed(kms: *mut mongocrypt_kms_ctx_t) -> u32;
}
extern "C" {
#[doc = " Feed bytes from the HTTP response.\n\n Feeding more bytes than what has been returned in @ref\n mongocrypt_kms_ctx_bytes_needed is an error.\n\n @param[in] kms The @ref mongocrypt_kms_ctx_t.\n @param[in] bytes The bytes to feed. The viewed data is copied. It is valid to\n destroy @p bytes with @ref mongocrypt_binary_destroy immediately after.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_kms_ctx_status"]
pub fn mongocrypt_kms_ctx_feed(
kms: *mut mongocrypt_kms_ctx_t,
bytes: *mut mongocrypt_binary_t,
) -> bool;
}
extern "C" {
#[doc = " Get the status associated with a @ref mongocrypt_kms_ctx_t object.\n\n @param[in] kms The @ref mongocrypt_kms_ctx_t object.\n @param[out] status Receives the status.\n\n @returns A boolean indicating success. If false, an error status is set."]
pub fn mongocrypt_kms_ctx_status(
kms: *mut mongocrypt_kms_ctx_t,
status: *mut mongocrypt_status_t,
) -> bool;
}
extern "C" {
#[doc = " Get the KMS provider identifier associated with this KMS request.\n\n This is used to conditionally configure TLS connections based on the KMS\n request. It is useful for KMIP, which authenticates with a client\n certificate.\n\n @param[in] kms The @ref mongocrypt_kms_ctx_t object.\n @param[out] len Receives the length of the returned string. It may be NULL.\n If it is not NULL, it is set to the length of the returned string without\n the NULL terminator.\n\n @returns One of the NULL terminated static strings: \"aws\", \"azure\", \"gcp\", or\n \"kmip\"."]
pub fn mongocrypt_kms_ctx_get_kms_provider(
kms: *mut mongocrypt_kms_ctx_t,
len: *mut u32,
) -> *const ::std::os::raw::c_char;
}
extern "C" {
#[doc = " Call when done handling all KMS contexts.\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_ctx_kms_done(ctx: *mut mongocrypt_ctx_t) -> bool;
}
extern "C" {
#[doc = " Call in response to the MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS state\n to set per-context KMS provider settings. These follow the same format\n as @ref mongocrypt_setopt_kms_providers. If no keys are present in the\n BSON input, the KMS provider settings configured for the @ref mongocrypt_t\n at initialization are used.\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @param[in] kms_providers_definition A BSON document mapping the KMS provider\n names to credentials.\n\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status."]
pub fn mongocrypt_ctx_provide_kms_providers(
ctx: *mut mongocrypt_ctx_t,
kms_providers_definition: *mut mongocrypt_binary_t,
) -> bool;
}
extern "C" {
#[doc = " Perform the final encryption or decryption.\n\n @param[in] ctx A @ref mongocrypt_ctx_t.\n @param[out] out The final BSON. The data viewed by @p out is guaranteed\n to be valid until @p ctx is destroyed with @ref mongocrypt_ctx_destroy.\n The meaning of this BSON depends on the type of @p ctx.\n\n If @p ctx was initialized with @ref mongocrypt_ctx_encrypt_init, then\n this BSON is the (possibly) encrypted command to send to the server.\n\n If @p ctx was initialized with @ref mongocrypt_ctx_decrypt_init, then\n this BSON is the decrypted result to return to the user.\n\n If @p ctx was initialized with @ref mongocrypt_ctx_explicit_encrypt_init,\n then this BSON has the form { \"v\": (BSON binary) } where the BSON binary\n is the resulting encrypted value.\n\n If @p ctx was initialized with @ref mongocrypt_ctx_explicit_decrypt_init,\n then this BSON has the form { \"v\": (BSON value) } where the BSON value\n is the resulting decrypted value.\n\n If @p ctx was initialized with @ref mongocrypt_ctx_datakey_init, then\n this BSON is the document containing the new data key to be inserted into\n the key vault collection.\n\n If @p ctx was initialized with @ref mongocrypt_ctx_rewrap_many_datakey_init,\n then this BSON has the form:\n { \"v\": [{ \"_id\": ..., \"keyMaterial\": ..., \"masterKey\": ... }, ...] }\n where each BSON document in the array contains the updated fields of a\n rewrapped datakey to be bulk-updated into the key vault collection.\n Note: the updateDate field should be updated using the $currentDate operator.\n\n @returns a bool indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_ctx_finalize(
ctx: *mut mongocrypt_ctx_t,
out: *mut mongocrypt_binary_t,
) -> bool;
}
extern "C" {
#[doc = " Destroy and free all memory associated with a @ref mongocrypt_ctx_t.\n\n @param[in] ctx A @ref mongocrypt_ctx_t."]
pub fn mongocrypt_ctx_destroy(ctx: *mut mongocrypt_ctx_t);
}
#[doc = " An crypto AES-256-CBC encrypt or decrypt function.\n\n Note, @p in is already padded. Encrypt with padding disabled.\n @param[in] ctx An optional context object that may have been set when hooks\n were enabled.\n @param[in] key An encryption key (32 bytes for AES_256).\n @param[in] iv An initialization vector (16 bytes for AES_256);\n @param[in] in The input.\n @param[out] out A preallocated byte array for the output. See @ref\n mongocrypt_binary_data.\n @param[out] bytes_written Set this to the number of bytes written to @p out.\n @param[out] status An optional status to pass error messages. See @ref\n mongocrypt_status_set.\n @returns A boolean indicating success. If returning false, set @p status\n with a message indiciating the error using @ref mongocrypt_status_set."]
pub type mongocrypt_crypto_fn = ::std::option::Option<
unsafe extern "C" fn(
ctx: *mut ::std::os::raw::c_void,
key: *mut mongocrypt_binary_t,
iv: *mut mongocrypt_binary_t,
in_: *mut mongocrypt_binary_t,
out: *mut mongocrypt_binary_t,
bytes_written: *mut u32,
status: *mut mongocrypt_status_t,
) -> bool,
>;
#[doc = " A crypto signature or HMAC function.\n\n Currently used in callbacks for HMAC SHA-512, HMAC SHA-256, and RSA SHA-256\n signature.\n\n @param[in] ctx An optional context object that may have been set when hooks\n were enabled.\n @param[in] key An encryption key (32 bytes for HMAC_SHA512).\n @param[in] in The input.\n @param[out] out A preallocated byte array for the output. See @ref\n mongocrypt_binary_data.\n @param[out] status An optional status to pass error messages. See @ref\n mongocrypt_status_set.\n @returns A boolean indicating success. If returning false, set @p status\n with a message indiciating the error using @ref mongocrypt_status_set."]
pub type mongocrypt_hmac_fn = ::std::option::Option<
unsafe extern "C" fn(
ctx: *mut ::std::os::raw::c_void,
key: *mut mongocrypt_binary_t,
in_: *mut mongocrypt_binary_t,
out: *mut mongocrypt_binary_t,
status: *mut mongocrypt_status_t,
) -> bool,
>;
#[doc = " A crypto hash (SHA-256) function.\n\n @param[in] ctx An optional context object that may have been set when hooks\n were enabled.\n @param[in] in The input.\n @param[out] out A preallocated byte array for the output. See @ref\n mongocrypt_binary_data.\n @param[out] status An optional status to pass error messages. See @ref\n mongocrypt_status_set.\n @returns A boolean indicating success. If returning false, set @p status\n with a message indiciating the error using @ref mongocrypt_status_set."]
pub type mongocrypt_hash_fn = ::std::option::Option<
unsafe extern "C" fn(
ctx: *mut ::std::os::raw::c_void,
in_: *mut mongocrypt_binary_t,
out: *mut mongocrypt_binary_t,
status: *mut mongocrypt_status_t,
) -> bool,
>;
#[doc = " A crypto secure random function.\n\n @param[in] ctx An optional context object that may have been set when hooks\n were enabled.\n @param[out] out A preallocated byte array for the output. See @ref\n mongocrypt_binary_data.\n @param[in] count The number of random bytes requested.\n @param[out] status An optional status to pass error messages. See @ref\n mongocrypt_status_set.\n @returns A boolean indicating success. If returning false, set @p status\n with a message indiciating the error using @ref mongocrypt_status_set."]
pub type mongocrypt_random_fn = ::std::option::Option<
unsafe extern "C" fn(
ctx: *mut ::std::os::raw::c_void,
out: *mut mongocrypt_binary_t,
count: u32,
status: *mut mongocrypt_status_t,
) -> bool,
>;
extern "C" {
pub fn mongocrypt_setopt_crypto_hooks(
crypt: *mut mongocrypt_t,
aes_256_cbc_encrypt: mongocrypt_crypto_fn,
aes_256_cbc_decrypt: mongocrypt_crypto_fn,
random: mongocrypt_random_fn,
hmac_sha_512: mongocrypt_hmac_fn,
hmac_sha_256: mongocrypt_hmac_fn,
sha_256: mongocrypt_hash_fn,
ctx: *mut ::std::os::raw::c_void,
) -> bool;
}
extern "C" {
#[doc = " Set a crypto hook for the AES256-CTR operations.\n\n @param[in] crypt The @ref mongocrypt_t object.\n @param[in] aes_256_ctr_encrypt The crypto callback function for encrypt\n operation.\n @param[in] aes_256_ctr_decrypt The crypto callback function for decrypt\n operation.\n @param[in] ctx Unused.\n @pre @ref mongocrypt_init has not been called on @p crypt.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_status\n"]
pub fn mongocrypt_setopt_aes_256_ctr(
crypt: *mut mongocrypt_t,
aes_256_ctr_encrypt: mongocrypt_crypto_fn,
aes_256_ctr_decrypt: mongocrypt_crypto_fn,
ctx: *mut ::std::os::raw::c_void,
) -> bool;
}
extern "C" {
#[doc = " Set an AES256-ECB crypto hook for the AES256-CTR operations. If CTR hook was\n configured using @ref mongocrypt_setopt_aes_256_ctr, ECB hook will be\n ignored.\n\n @param[in] crypt The @ref mongocrypt_t object.\n @param[in] aes_256_ecb_encrypt The crypto callback function for encrypt\n operation.\n @param[in] ctx Unused.\n @pre @ref mongocrypt_init has not been called on @p crypt.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_status\n"]
pub fn mongocrypt_setopt_aes_256_ecb(
crypt: *mut mongocrypt_t,
aes_256_ecb_encrypt: mongocrypt_crypto_fn,
ctx: *mut ::std::os::raw::c_void,
) -> bool;
}
extern "C" {
#[doc = " Set a crypto hook for the RSASSA-PKCS1-v1_5 algorithm with a SHA-256 hash.\n\n See: https://tools.ietf.org/html/rfc3447#section-8.2\n\n Note: this function has the wrong name. It should be:\n mongocrypt_setopt_crypto_hook_sign_rsassa_pkcs1_v1_5\n\n @param[in] crypt The @ref mongocrypt_t object.\n @param[in] sign_rsaes_pkcs1_v1_5 The crypto callback function.\n @param[in] sign_ctx A context passed as an argument to the crypto callback\n every invocation.\n @pre @ref mongocrypt_init has not been called on @p crypt.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_status\n"]
pub fn mongocrypt_setopt_crypto_hook_sign_rsaes_pkcs1_v1_5(
crypt: *mut mongocrypt_t,
sign_rsaes_pkcs1_v1_5: mongocrypt_hmac_fn,
sign_ctx: *mut ::std::os::raw::c_void,
) -> bool;
}
extern "C" {
#[doc = " @brief Opt-into skipping query analysis.\n\n If opted in:\n - The crypt_shared library will not attempt to be loaded.\n - A mongocrypt_ctx_t will never enter the MONGOCRYPT_CTX_NEED_MARKINGS state.\n\n @param[in] crypt The @ref mongocrypt_t object to update"]
pub fn mongocrypt_setopt_bypass_query_analysis(crypt: *mut mongocrypt_t);
}
extern "C" {
#[doc = " DEPRECATED: Use of `mongocrypt_setopt_use_range_v2` is deprecated. Range V2 is always enabled.\n\n @param[in] crypt The @ref mongocrypt_t object.\n\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_status"]
pub fn mongocrypt_setopt_use_range_v2(crypt: *mut mongocrypt_t) -> bool;
}
extern "C" {
#[doc = " Set the contention factor used for explicit encryption.\n The contention factor is only used for indexed Queryable Encryption.\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @param[in] contention_factor\n @pre @p ctx has not been initialized.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status."]
pub fn mongocrypt_ctx_setopt_contention_factor(
ctx: *mut mongocrypt_ctx_t,
contention_factor: i64,
) -> bool;
}
extern "C" {
#[doc = " Set the index key id to use for explicit Queryable Encryption.\n\n If the index key id not set, the key id from @ref\n mongocrypt_ctx_setopt_key_id is used.\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @param[in] key_id The binary corresponding to the _id (a UUID) of the data\n key to use from the key vault collection. Note, the UUID must be encoded with\n RFC-4122 byte order. The viewed data is copied. It is valid to destroy\n @p key_id with @ref mongocrypt_binary_destroy immediately after.\n @pre @p ctx has not been initialized.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_ctx_setopt_index_key_id(
ctx: *mut mongocrypt_ctx_t,
key_id: *mut mongocrypt_binary_t,
) -> bool;
}
extern "C" {
#[doc = " Set the query type to use for explicit Queryable Encryption.\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @param[in] query_type The query type string\n @param[in] len The length of query_type, or -1 for automatic\n @pre @p ctx has not been initialized.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_ctx_setopt_query_type(
ctx: *mut mongocrypt_ctx_t,
query_type: *const ::std::os::raw::c_char,
len: ::std::os::raw::c_int,
) -> bool;
}
extern "C" {
#[doc = " Set options for explicit encryption with the \"range\" algorithm.\n\n @p opts is a BSON document of the form:\n {\n \"min\": Optional<BSON value>,\n \"max\": Optional<BSON value>,\n \"sparsity\": Int64,\n \"precision\": Optional<Int32>,\n \"trimFactor\": Optional<Int32>\n }\n\n @param[in] ctx The @ref mongocrypt_ctx_t object.\n @param[in] opts BSON.\n @pre @p ctx has not been initialized.\n @returns A boolean indicating success. If false, an error status is set.\n Retrieve it with @ref mongocrypt_ctx_status"]
pub fn mongocrypt_ctx_setopt_algorithm_range(
ctx: *mut mongocrypt_ctx_t,
opts: *mut mongocrypt_binary_t,
) -> bool;
}