libmongocrypt-helper 1.8.0.0.1001 → 1.11.0.0.1001
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/libmongocrypt/libmongocrypt/CHANGELOG.md +33 -0
- data/ext/libmongocrypt/libmongocrypt/CMakeLists.txt +12 -1
- data/ext/libmongocrypt/libmongocrypt/CODEOWNERS +1 -4
- data/ext/libmongocrypt/libmongocrypt/Earthfile +151 -3
- data/ext/libmongocrypt/libmongocrypt/README.md +36 -40
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/CMakeLists.txt +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Driver.snk +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/AssemblyInfo.cs +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Binary.cs +16 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/CryptClientFactory.cs +8 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/Library.cs +10 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/LibraryLoader.cs +81 -44
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt/MongoDB.Libmongocrypt.csproj +2 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test/MongoDB.Libmongocrypt.Test.csproj +2 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/MongoDB.Libmongocrypt.Test32/MongoDB.Libmongocrypt.Test32.csproj +2 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/README.md +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.cake +21 -26
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.config +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/Scripts/build.sh +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/build.gradle.kts +28 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/java/com/mongodb/crypt/benchmark/BenchmarkRunner.java +217 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/resources/keyDocument.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/build.gradle.kts +21 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.jar +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.properties +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew +154 -108
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew.bat +7 -18
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/settings.gradle.kts +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPI.java +41 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPIHelper.java +5 -5
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CipherCallback.java +27 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptImpl.java +34 -19
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoExplicitEncryptOptions.java +6 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/jni-config.json +180 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/reflect-config.json +134 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/java/com/mongodb/crypt/capi/MongoCryptTest.java +44 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/encrypted-payload.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/rangeopts.json +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/node/README.md +4 -900
- data/ext/libmongocrypt/libmongocrypt/bindings/python/CHANGELOG.rst +60 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/README.rst +41 -20
- data/ext/libmongocrypt/libmongocrypt/bindings/python/RELEASE.rst +6 -24
- data/ext/libmongocrypt/libmongocrypt/bindings/python/build-manylinux-wheel.sh +4 -13
- data/ext/libmongocrypt/libmongocrypt/bindings/python/hatch_build.py +36 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/libmongocrypt-version.txt +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/__init__.py +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/auto_encrypter.py +61 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/credentials.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/explicit_encrypter.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/state_machine.py +149 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/auto_encrypter.py +2 -46
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binary.py +14 -17
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binding.py +107 -61
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/compat.py +6 -4
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/credentials.py +2 -121
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/crypto.py +31 -20
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/errors.py +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/explicit_encrypter.py +2 -233
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/mongocrypt.py +168 -238
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/options.py +265 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/state_machine.py +2 -141
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/auto_encrypter.py +61 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/credentials.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/explicit_encrypter.py +156 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/state_machine.py +149 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/version.py +2 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pyproject.toml +118 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/release.sh +97 -61
- data/ext/libmongocrypt/libmongocrypt/bindings/python/{test-requirements.txt → requirements-test.txt} +4 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/requirements.txt +4 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/sbom.json +76 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/strip_header.py +6 -7
- data/ext/libmongocrypt/libmongocrypt/bindings/python/synchro.py +64 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/__init__.py +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/collection-info.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/command.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/compact/success/encrypted-payload.json +21 -21
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/encrypted-command-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/encrypted-field-config-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-range-explicit-v2/int32/encrypted-payload.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-range-explicit-v2/int32/rangeopts.json +3 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-rangePreview-explicit/int32/rangeopts.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/fle2-find-rangePreview-explicit/int32/value-to-encrypt.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-document-azure.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-document-gcp.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-document.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/key-filter.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/list-collections-filter.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/mongocryptd-command.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/schema-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/performance/keyDocument.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/performance/perf_test.py +165 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_binding.py +8 -12
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_crypto.py +9 -11
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_mongocrypt.py +988 -340
- data/ext/libmongocrypt/libmongocrypt/bindings/python/update-sbom.sh +14 -0
- data/ext/libmongocrypt/libmongocrypt/cmake/FetchMongoC.cmake +19 -1
- data/ext/libmongocrypt/libmongocrypt/cmake/ImportBSON.cmake +23 -0
- data/ext/libmongocrypt/libmongocrypt/cmake/IntelDFP.cmake +19 -227
- data/ext/libmongocrypt/libmongocrypt/cmake/Patch.cmake +54 -0
- data/ext/libmongocrypt/libmongocrypt/doc/img/cli-icon.png +0 -0
- data/ext/libmongocrypt/libmongocrypt/doc/img/reference-targets.png +0 -0
- data/ext/libmongocrypt/libmongocrypt/doc/releasing.md +153 -0
- data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version.py +61 -28
- data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version_selftest.sh +73 -0
- data/ext/libmongocrypt/libmongocrypt/etc/cyclonedx.sbom.json +108 -0
- data/ext/libmongocrypt/libmongocrypt/etc/format.sh +1 -1
- data/ext/libmongocrypt/libmongocrypt/etc/libbson-remove-GCC-diagnostic-pragma.patch +27 -0
- data/ext/libmongocrypt/libmongocrypt/etc/mongo-inteldfp-alpine-arm-fix.patch +17 -0
- data/ext/libmongocrypt/libmongocrypt/etc/packager.py +120 -91
- data/ext/libmongocrypt/libmongocrypt/etc/purls.txt +14 -0
- data/ext/libmongocrypt/libmongocrypt/etc/repo_config.yaml +56 -0
- data/ext/libmongocrypt/libmongocrypt/etc/silk-create-asset-group.sh +70 -0
- data/ext/libmongocrypt/libmongocrypt/etc/ssdlc_compliance_report.md +37 -0
- data/ext/libmongocrypt/libmongocrypt/etc/third_party_vulnerabilities.md +42 -0
- data/ext/libmongocrypt/libmongocrypt/integrating.md +18 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/CMakeLists.txt +11 -3
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_gcp_request.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_reader_writer.c +17 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_reader_writer_private.h +6 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_request.c +211 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_response.c +163 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_tag_type_private.h +2 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message/kms_kmip_request.h +17 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message/kms_kmip_response.h +6 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_port.c +3 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request.c +4 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_str.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kmip_reader_writer.c +23 -2
- data/ext/libmongocrypt/libmongocrypt/src/crypto/libcrypto.c +13 -10
- data/ext/libmongocrypt/libmongocrypt/src/mc-dec128.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc-private.h +16 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc.c +94 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder-private.h +15 -5
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder.c +114 -53
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-private-v2.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-private.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-v2.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private-v2.h +21 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private.h +5 -5
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-v2.c +38 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private-v2.h +20 -7
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private.h +8 -8
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-v2.c +89 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-v2.c +3 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev.c +1 -23
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds-private.h +4 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds.c +15 -12
- data/ext/libmongocrypt/libmongocrypt/src/mc-optional-private.h +11 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation-private.h +16 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation.c +64 -22
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding-private.h +23 -4
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding.c +359 -65
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-generator.template.h +26 -14
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-private.h +17 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover.c +31 -13
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts-private.h +16 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts.c +259 -63
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens-private.h +40 -24
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens.c +57 -13
- data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.h +17 -0
- data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.test.cpp +5 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-binary-private.h +0 -5
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer.c +5 -7
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-key.c +1 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-oauth-private.h +16 -18
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-oauth.c +105 -76
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-crypto.c +9 -3
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-datakey.c +170 -89
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-decrypt.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-encrypt.c +505 -124
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-private.h +31 -6
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx.c +81 -13
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-dll-private.h +7 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kek-private.h +5 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kek.c +161 -103
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker-private.h +2 -7
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker.c +191 -69
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx-private.h +50 -15
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx.c +365 -69
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking-private.h +2 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking.c +200 -107
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts-private.h +50 -5
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts.c +591 -15
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-private.h +6 -13
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-util.c +3 -2
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.c +47 -234
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.h +75 -24
- data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_dll.c +18 -2
- data/ext/libmongocrypt/libmongocrypt/src/os_win/os_dll.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/bypassQueryAnalysis/payload.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/jsonSchema/cmd-to-mongocryptd.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/jsonSchema/cmd.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/cmd-to-mongocryptd.json +50 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/cmd.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/collinfo.json +44 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/encrypted-field-map.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/encrypted-payload-pattern.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/simple/mongocryptd-reply.json +62 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/cmd-to-mongocryptd.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/cmd.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/mongocryptd-reply.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/payload.json +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/missing-key-id/collinfo.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/no-fields/collinfo.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/no-fields/encrypted-payload.json +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/cmd.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/collinfo.json +63 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-field-config-map.json +61 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-payload-range-v2.json +37 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-payload.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/cmd.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/collinfo.json +64 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/encrypted-payload-range-v2.json +105 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/encrypted-payload.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/cmd.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/collinfo.json +49 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/encrypted-field-config-map.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/encrypted-payload.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/collinfo.json +15 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-field-config-map.json +10 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload-range-v2.json +104 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload.json +6 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/collinfo.json +4 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/encrypted-payload.json +3 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/kms-azure/decrypt-response.txt +16 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/kms-azure/encrypt-response.txt +16 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/kms-azure/oauth-response.txt +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/cmd.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/encrypted-payload.json +62 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/find/mongocryptd-reply.json +69 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/cmd.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/encrypted-payload.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/no-trimFactor/insert/mongocryptd-reply.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_decimal128.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_double.cstruct +8637 -7958
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_int32.cstruct +5522 -1382
- data/ext/libmongocrypt/libmongocrypt/test/data/range-edge-generation/edges_int64.cstruct +5042 -1262
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_decimal128.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_decimal128_precision.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_double.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_double_precision.cstruct +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_int32.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-min-cover/mincover_int64.cstruct +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/cmd.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/encrypted-payload.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-find-int32/mongocryptd-reply.json +58 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/cmd.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-field-map.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/encrypted-payload.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/auto-insert-int32/mongocryptd-reply.json +45 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32/expected.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32/to-encrypt.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32-defaults/expected.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-find-int32-defaults/to-encrypt.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-insert-double/expected.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-insert-int32/expected.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/range-sends-cryptoParams/explicit-insert-int32-defaults/expected.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/README.md +7 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/mc.json +9 -5
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/server.json +9 -5
- data/ext/libmongocrypt/libmongocrypt/test/example-state-machine.c +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-gcp-auth.c +8 -8
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-efc.c +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-range-payload-v2.c +43 -3
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup-v2.c +76 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-rfds.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-edge-generation.c +89 -14
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-encoding.c +342 -76
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-mincover.c +94 -12
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-rangeopts.c +205 -7
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-tokens.c +49 -23
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.c +16 -19
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.h +22 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cache-oauth.c +94 -11
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cleanup.c +374 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-compact.c +121 -42
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-hooks.c +134 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-std-hooks.c +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-std-hooks.h +16 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-csfle-lib.c +11 -11
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-decrypt.c +8 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-encrypt.c +922 -92
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-rewrap-many-datakey.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-setopt.c +114 -12
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-datakey.c +14 -9
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kms-ctx.c +424 -3
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-log.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-marking.c +447 -28
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-opts.c +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-traverse-util.c +30 -26
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-util.c +7 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-util.h +3 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.c +66 -14
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.h +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-named-kms-providers.c +2381 -0
- data/ext/libmongocrypt/libmongocrypt/test/util/HELP.autogen +3 -1
- data/ext/libmongocrypt/libmongocrypt/test/util/README.md +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/util/csfle.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/util/make_includes.py +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/util/util.c +38 -3
- data/lib/libmongocrypt_helper/version.rb +2 -2
- metadata +112 -106
- checksums.yaml.gz.sig +0 -0
- data/ext/libmongocrypt/libmongocrypt/VERSION_CURRENT +0 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/cs/cs.sln +0 -79
- data/ext/libmongocrypt/libmongocrypt/bindings/node/CHANGELOG.md +0 -105
- data/ext/libmongocrypt/libmongocrypt/bindings/node/LICENSE +0 -201
- data/ext/libmongocrypt/libmongocrypt/bindings/node/binding.gyp +0 -79
- data/ext/libmongocrypt/libmongocrypt/bindings/node/etc/README.hbs +0 -44
- data/ext/libmongocrypt/libmongocrypt/bindings/node/etc/build-static.sh +0 -36
- data/ext/libmongocrypt/libmongocrypt/bindings/node/index.d.ts +0 -641
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/autoEncrypter.js +0 -420
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/buffer_pool.js +0 -123
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/clientEncryption.js +0 -821
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/common.js +0 -98
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/cryptoCallbacks.js +0 -87
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/errors.js +0 -75
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/index.js +0 -73
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/mongocryptdManager.js +0 -66
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/aws.js +0 -26
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/azure.js +0 -178
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/gcp.js +0 -24
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/index.js +0 -54
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/providers/utils.js +0 -39
- data/ext/libmongocrypt/libmongocrypt/bindings/node/lib/stateMachine.js +0 -492
- data/ext/libmongocrypt/libmongocrypt/bindings/node/package-lock.json +0 -15302
- data/ext/libmongocrypt/libmongocrypt/bindings/node/package.json +0 -100
- data/ext/libmongocrypt/libmongocrypt/bindings/node/src/mongocrypt.cc +0 -956
- data/ext/libmongocrypt/libmongocrypt/bindings/node/src/mongocrypt.h +0 -114
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/autoEncrypter.test.js +0 -950
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/buffer_pool.test.js +0 -91
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/clientEncryption.test.js +0 -1093
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/common.test.js +0 -94
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/cryptoCallbacks.test.js +0 -240
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/README.md +0 -5
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/cmd.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/collection-info.json +0 -37
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/encrypted-document-nested.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/encrypted-document.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/encryptedFields.json +0 -30
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/key-document.json +0 -32
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/key1-document.json +0 -30
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/data/mongocryptd-reply.json +0 -18
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/index.test.js +0 -45
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/mongocryptdManager.test.js +0 -48
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/providers/credentialsProvider.test.js +0 -551
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/release.test.js +0 -66
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/requirements.helper.js +0 -51
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/stateMachine.test.js +0 -331
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/tools/chai-addons.js +0 -8
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/tools/mongodb_reporter.js +0 -325
- data/ext/libmongocrypt/libmongocrypt/bindings/node/test/types/index.test-d.ts +0 -63
- data/ext/libmongocrypt/libmongocrypt/bindings/python/setup.py +0 -89
- data/ext/libmongocrypt/libmongocrypt/debian/build_snapshot.sh +0 -79
- data/ext/libmongocrypt/libmongocrypt/debian/changelog +0 -105
- data/ext/libmongocrypt/libmongocrypt/debian/compat +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/control +0 -41
- data/ext/libmongocrypt/libmongocrypt/debian/copyright +0 -129
- data/ext/libmongocrypt/libmongocrypt/debian/gbp.conf +0 -23
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt-dev.dirs +0 -2
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt-dev.install +0 -5
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt0.dirs +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/libmongocrypt0.install +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/rules +0 -46
- data/ext/libmongocrypt/libmongocrypt/debian/source/format +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/source/lintian-overrides +0 -3
- data/ext/libmongocrypt/libmongocrypt/debian/source/options +0 -1
- data/ext/libmongocrypt/libmongocrypt/debian/watch +0 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/mongocryptd-reply.json +0 -72
- data.tar.gz.sig +0 -1
- metadata.gz.sig +0 -0
- /data/ext/libmongocrypt/libmongocrypt/{bindings/node/test/data/kms-decrypt-reply.txt → test/data/kms-aws/decrypt-response.txt} +0 -0
- /data/ext/libmongocrypt/libmongocrypt/{bindings/node/test/data/kms-encrypt-reply.txt → test/data/kms-aws/encrypt-response.txt} +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{gcp-auth → kms-gcp}/decrypt-response.txt +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{gcp-auth → kms-gcp}/encrypt-response.txt +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{gcp-auth → kms-gcp}/oauth-response.txt +0 -0
@@ -14,10 +14,14 @@
|
|
14
14
|
* limitations under the License.
|
15
15
|
*/
|
16
16
|
|
17
|
+
#include "kms_message/kms_kmip_request.h"
|
17
18
|
#include "mongocrypt-binary-private.h"
|
18
19
|
#include "mongocrypt-buffer-private.h"
|
20
|
+
#include "mongocrypt-crypto-private.h"
|
19
21
|
#include "mongocrypt-ctx-private.h"
|
22
|
+
#include "mongocrypt-endpoint-private.h"
|
20
23
|
#include "mongocrypt-kms-ctx-private.h"
|
24
|
+
#include "mongocrypt-log-private.h"
|
21
25
|
#include "mongocrypt-opts-private.h"
|
22
26
|
#include "mongocrypt-private.h"
|
23
27
|
#include "mongocrypt-status-private.h"
|
@@ -118,11 +122,16 @@ _set_kms_crypto_hooks(_mongocrypt_crypto_t *crypto, ctx_with_status_t *ctx_with_
|
|
118
122
|
|
119
123
|
static bool is_kms(_kms_request_type_t kms_type) {
|
120
124
|
return kms_type == MONGOCRYPT_KMS_KMIP_REGISTER || kms_type == MONGOCRYPT_KMS_KMIP_ACTIVATE
|
121
|
-
|| kms_type == MONGOCRYPT_KMS_KMIP_GET
|
125
|
+
|| kms_type == MONGOCRYPT_KMS_KMIP_GET || kms_type == MONGOCRYPT_KMS_KMIP_ENCRYPT
|
126
|
+
|| kms_type == MONGOCRYPT_KMS_KMIP_DECRYPT || kms_type == MONGOCRYPT_KMS_KMIP_CREATE;
|
122
127
|
}
|
123
128
|
|
124
|
-
static void
|
129
|
+
static void
|
130
|
+
_init_common(mongocrypt_kms_ctx_t *kms, _mongocrypt_log_t *log, _kms_request_type_t kms_type, const char *kmsid) {
|
125
131
|
BSON_ASSERT_PARAM(kms);
|
132
|
+
BSON_ASSERT_PARAM(kmsid);
|
133
|
+
|
134
|
+
kms->kmsid = bson_strdup(kmsid);
|
126
135
|
|
127
136
|
if (is_kms(kms_type)) {
|
128
137
|
kms->parser = kms_kmip_response_parser_new(NULL /* reserved */);
|
@@ -138,8 +147,9 @@ static void _init_common(mongocrypt_kms_ctx_t *kms, _mongocrypt_log_t *log, _kms
|
|
138
147
|
bool _mongocrypt_kms_ctx_init_aws_decrypt(mongocrypt_kms_ctx_t *kms,
|
139
148
|
_mongocrypt_opts_kms_providers_t *kms_providers,
|
140
149
|
_mongocrypt_key_doc_t *key,
|
141
|
-
|
142
|
-
|
150
|
+
_mongocrypt_crypto_t *crypto,
|
151
|
+
const char *kmsid,
|
152
|
+
_mongocrypt_log_t *log) {
|
143
153
|
BSON_ASSERT_PARAM(kms);
|
144
154
|
BSON_ASSERT_PARAM(key);
|
145
155
|
BSON_ASSERT_PARAM(kms_providers);
|
@@ -150,7 +160,7 @@ bool _mongocrypt_kms_ctx_init_aws_decrypt(mongocrypt_kms_ctx_t *kms,
|
|
150
160
|
ctx_with_status_t ctx_with_status;
|
151
161
|
bool ret = false;
|
152
162
|
|
153
|
-
_init_common(kms, log, MONGOCRYPT_KMS_AWS_DECRYPT);
|
163
|
+
_init_common(kms, log, MONGOCRYPT_KMS_AWS_DECRYPT, kmsid);
|
154
164
|
status = kms->status;
|
155
165
|
ctx_with_status.ctx = crypto;
|
156
166
|
ctx_with_status.status = mongocrypt_status_new();
|
@@ -170,17 +180,19 @@ bool _mongocrypt_kms_ctx_init_aws_decrypt(mongocrypt_kms_ctx_t *kms,
|
|
170
180
|
goto done;
|
171
181
|
}
|
172
182
|
|
173
|
-
|
174
|
-
|
183
|
+
mc_kms_creds_t kc;
|
184
|
+
if (!_mongocrypt_opts_kms_providers_lookup(kms_providers, key->kek.kmsid, &kc)) {
|
185
|
+
CLIENT_ERR("KMS provider `%s` is not configured", key->kek.kmsid);
|
175
186
|
goto done;
|
176
187
|
}
|
188
|
+
BSON_ASSERT(kc.type == MONGOCRYPT_KMS_PROVIDER_AWS);
|
177
189
|
|
178
|
-
if (!
|
190
|
+
if (!kc.value.aws.access_key_id) {
|
179
191
|
CLIENT_ERR("aws access key id not provided");
|
180
192
|
goto done;
|
181
193
|
}
|
182
194
|
|
183
|
-
if (!
|
195
|
+
if (!kc.value.aws.secret_access_key) {
|
184
196
|
CLIENT_ERR("aws secret access key not provided");
|
185
197
|
goto done;
|
186
198
|
}
|
@@ -201,8 +213,8 @@ bool _mongocrypt_kms_ctx_init_aws_decrypt(mongocrypt_kms_ctx_t *kms,
|
|
201
213
|
goto done;
|
202
214
|
}
|
203
215
|
|
204
|
-
if (
|
205
|
-
if (!kms_request_add_header_field(kms->req, "X-Amz-Security-Token",
|
216
|
+
if (kc.value.aws.session_token) {
|
217
|
+
if (!kms_request_add_header_field(kms->req, "X-Amz-Security-Token", kc.value.aws.session_token)) {
|
206
218
|
CLIENT_ERR("failed to set session token: %s", kms_request_get_error(kms->req));
|
207
219
|
_mongocrypt_status_append(status, ctx_with_status.status);
|
208
220
|
goto done;
|
@@ -230,12 +242,12 @@ bool _mongocrypt_kms_ctx_init_aws_decrypt(mongocrypt_kms_ctx_t *kms,
|
|
230
242
|
goto done;
|
231
243
|
}
|
232
244
|
|
233
|
-
if (!kms_request_set_access_key_id(kms->req,
|
245
|
+
if (!kms_request_set_access_key_id(kms->req, kc.value.aws.access_key_id)) {
|
234
246
|
CLIENT_ERR("failed to set aws access key id: %s", kms_request_get_error(kms->req));
|
235
247
|
_mongocrypt_status_append(status, ctx_with_status.status);
|
236
248
|
goto done;
|
237
249
|
}
|
238
|
-
if (!kms_request_set_secret_key(kms->req,
|
250
|
+
if (!kms_request_set_secret_key(kms->req, kc.value.aws.secret_access_key)) {
|
239
251
|
CLIENT_ERR("failed to set aws secret access key: %s", kms_request_get_error(kms->req));
|
240
252
|
_mongocrypt_status_append(status, ctx_with_status.status);
|
241
253
|
goto done;
|
@@ -270,8 +282,9 @@ bool _mongocrypt_kms_ctx_init_aws_encrypt(mongocrypt_kms_ctx_t *kms,
|
|
270
282
|
_mongocrypt_opts_kms_providers_t *kms_providers,
|
271
283
|
_mongocrypt_ctx_opts_t *ctx_opts,
|
272
284
|
_mongocrypt_buffer_t *plaintext_key_material,
|
273
|
-
|
274
|
-
|
285
|
+
_mongocrypt_crypto_t *crypto,
|
286
|
+
const char *kmsid,
|
287
|
+
_mongocrypt_log_t *log) {
|
275
288
|
BSON_ASSERT_PARAM(kms);
|
276
289
|
BSON_ASSERT_PARAM(ctx_opts);
|
277
290
|
BSON_ASSERT_PARAM(kms_providers);
|
@@ -283,7 +296,7 @@ bool _mongocrypt_kms_ctx_init_aws_encrypt(mongocrypt_kms_ctx_t *kms,
|
|
283
296
|
ctx_with_status_t ctx_with_status;
|
284
297
|
bool ret = false;
|
285
298
|
|
286
|
-
_init_common(kms, log, MONGOCRYPT_KMS_AWS_ENCRYPT);
|
299
|
+
_init_common(kms, log, MONGOCRYPT_KMS_AWS_ENCRYPT, kmsid);
|
287
300
|
status = kms->status;
|
288
301
|
ctx_with_status.ctx = crypto;
|
289
302
|
ctx_with_status.status = mongocrypt_status_new();
|
@@ -303,17 +316,19 @@ bool _mongocrypt_kms_ctx_init_aws_encrypt(mongocrypt_kms_ctx_t *kms,
|
|
303
316
|
goto done;
|
304
317
|
}
|
305
318
|
|
306
|
-
|
307
|
-
|
319
|
+
mc_kms_creds_t kc;
|
320
|
+
if (!_mongocrypt_opts_kms_providers_lookup(kms_providers, ctx_opts->kek.kmsid, &kc)) {
|
321
|
+
CLIENT_ERR("KMS provider `%s` is not configured", ctx_opts->kek.kmsid);
|
308
322
|
goto done;
|
309
323
|
}
|
324
|
+
BSON_ASSERT(kc.type == MONGOCRYPT_KMS_PROVIDER_AWS);
|
310
325
|
|
311
|
-
if (!
|
326
|
+
if (!kc.value.aws.access_key_id) {
|
312
327
|
CLIENT_ERR("aws access key id not provided");
|
313
328
|
goto done;
|
314
329
|
}
|
315
330
|
|
316
|
-
if (!
|
331
|
+
if (!kc.value.aws.secret_access_key) {
|
317
332
|
CLIENT_ERR("aws secret access key not provided");
|
318
333
|
goto done;
|
319
334
|
}
|
@@ -337,8 +352,8 @@ bool _mongocrypt_kms_ctx_init_aws_encrypt(mongocrypt_kms_ctx_t *kms,
|
|
337
352
|
goto done;
|
338
353
|
}
|
339
354
|
|
340
|
-
if (
|
341
|
-
if (!kms_request_add_header_field(kms->req, "X-Amz-Security-Token",
|
355
|
+
if (kc.value.aws.session_token) {
|
356
|
+
if (!kms_request_add_header_field(kms->req, "X-Amz-Security-Token", kc.value.aws.session_token)) {
|
342
357
|
CLIENT_ERR("failed to set session token: %s", kms_request_get_error(kms->req));
|
343
358
|
_mongocrypt_status_append(status, ctx_with_status.status);
|
344
359
|
goto done;
|
@@ -366,12 +381,12 @@ bool _mongocrypt_kms_ctx_init_aws_encrypt(mongocrypt_kms_ctx_t *kms,
|
|
366
381
|
goto done;
|
367
382
|
}
|
368
383
|
|
369
|
-
if (!kms_request_set_access_key_id(kms->req,
|
384
|
+
if (!kms_request_set_access_key_id(kms->req, kc.value.aws.access_key_id)) {
|
370
385
|
CLIENT_ERR("failed to set aws access key id: %s", kms_request_get_error(kms->req));
|
371
386
|
_mongocrypt_status_append(status, ctx_with_status.status);
|
372
387
|
goto done;
|
373
388
|
}
|
374
|
-
if (!kms_request_set_secret_key(kms->req,
|
389
|
+
if (!kms_request_set_secret_key(kms->req, kc.value.aws.secret_access_key)) {
|
375
390
|
CLIENT_ERR("failed to set aws secret access key: %s", kms_request_get_error(kms->req));
|
376
391
|
_mongocrypt_status_append(status, ctx_with_status.status);
|
377
392
|
goto done;
|
@@ -464,6 +479,10 @@ static bool _ctx_done_aws(mongocrypt_kms_ctx_t *kms, const char *json_field) {
|
|
464
479
|
/* Parse out the {en|de}crypted result. */
|
465
480
|
http_status = kms_response_parser_status(kms->parser);
|
466
481
|
response = kms_response_parser_get_response(kms->parser);
|
482
|
+
if (!response) {
|
483
|
+
CLIENT_ERR("Failed to get response from parser: %s", kms_response_parser_error(kms->parser));
|
484
|
+
goto fail;
|
485
|
+
}
|
467
486
|
body = kms_response_get_body(response, &body_len);
|
468
487
|
|
469
488
|
if (http_status != 200) {
|
@@ -541,6 +560,10 @@ static bool _ctx_done_oauth(mongocrypt_kms_ctx_t *kms) {
|
|
541
560
|
/* Parse out the oauth token result (or error). */
|
542
561
|
http_status = kms_response_parser_status(kms->parser);
|
543
562
|
response = kms_response_parser_get_response(kms->parser);
|
563
|
+
if (!response) {
|
564
|
+
CLIENT_ERR("Failed to get response from parser: %s", kms_response_parser_error(kms->parser));
|
565
|
+
goto fail;
|
566
|
+
}
|
544
567
|
body = kms_response_get_body(response, &body_len);
|
545
568
|
|
546
569
|
if (body_len == 0) {
|
@@ -614,6 +637,10 @@ static bool _ctx_done_azure_wrapkey_unwrapkey(mongocrypt_kms_ctx_t *kms) {
|
|
614
637
|
/* Parse out the oauth token result (or error). */
|
615
638
|
http_status = kms_response_parser_status(kms->parser);
|
616
639
|
response = kms_response_parser_get_response(kms->parser);
|
640
|
+
if (!response) {
|
641
|
+
CLIENT_ERR("Failed to get response from parser: %s", kms_response_parser_error(kms->parser));
|
642
|
+
goto fail;
|
643
|
+
}
|
617
644
|
body = kms_response_get_body(response, &body_len);
|
618
645
|
|
619
646
|
if (body_len == 0) {
|
@@ -704,6 +731,10 @@ static bool _ctx_done_gcp(mongocrypt_kms_ctx_t *kms, const char *json_field) {
|
|
704
731
|
/* Parse out the {en|de}crypted result. */
|
705
732
|
http_status = kms_response_parser_status(kms->parser);
|
706
733
|
response = kms_response_parser_get_response(kms->parser);
|
734
|
+
if (!response) {
|
735
|
+
CLIENT_ERR("Failed to get response from parser: %s", kms_response_parser_error(kms->parser));
|
736
|
+
goto fail;
|
737
|
+
}
|
707
738
|
body = kms_response_get_body(response, &body_len);
|
708
739
|
|
709
740
|
if (http_status != 200) {
|
@@ -826,6 +857,144 @@ done:
|
|
826
857
|
return ret;
|
827
858
|
}
|
828
859
|
|
860
|
+
static bool _ctx_done_kmip_create(mongocrypt_kms_ctx_t *kms_ctx) {
|
861
|
+
BSON_ASSERT_PARAM(kms_ctx);
|
862
|
+
|
863
|
+
kms_response_t *res = NULL;
|
864
|
+
|
865
|
+
mongocrypt_status_t *status = kms_ctx->status;
|
866
|
+
bool ret = false;
|
867
|
+
char *uid;
|
868
|
+
|
869
|
+
res = kms_response_parser_get_response(kms_ctx->parser);
|
870
|
+
if (!res) {
|
871
|
+
CLIENT_ERR("Error getting KMIP response: %s", kms_response_parser_error(kms_ctx->parser));
|
872
|
+
goto done;
|
873
|
+
}
|
874
|
+
|
875
|
+
uid = kms_kmip_response_get_unique_identifier(res);
|
876
|
+
if (!uid) {
|
877
|
+
CLIENT_ERR("Error getting UniqueIdentifer from KMIP Create response: %s", kms_response_get_error(res));
|
878
|
+
goto done;
|
879
|
+
}
|
880
|
+
|
881
|
+
if (!_mongocrypt_buffer_steal_from_string(&kms_ctx->result, uid)) {
|
882
|
+
CLIENT_ERR("Error storing KMS UniqueIdentifer result");
|
883
|
+
bson_free(uid);
|
884
|
+
goto done;
|
885
|
+
}
|
886
|
+
ret = true;
|
887
|
+
|
888
|
+
done:
|
889
|
+
kms_response_destroy(res);
|
890
|
+
return ret;
|
891
|
+
}
|
892
|
+
|
893
|
+
static bool _ctx_done_kmip_encrypt(mongocrypt_kms_ctx_t *kms_ctx) {
|
894
|
+
BSON_ASSERT_PARAM(kms_ctx);
|
895
|
+
|
896
|
+
kms_response_t *res = NULL;
|
897
|
+
|
898
|
+
mongocrypt_status_t *status = kms_ctx->status;
|
899
|
+
bool ret = false;
|
900
|
+
uint8_t *ciphertext;
|
901
|
+
size_t ciphertext_len;
|
902
|
+
uint8_t *iv;
|
903
|
+
size_t iv_len;
|
904
|
+
_mongocrypt_buffer_t data_buf, iv_buf;
|
905
|
+
_mongocrypt_buffer_init(&data_buf);
|
906
|
+
_mongocrypt_buffer_init(&iv_buf);
|
907
|
+
|
908
|
+
res = kms_response_parser_get_response(kms_ctx->parser);
|
909
|
+
if (!res) {
|
910
|
+
CLIENT_ERR("Error getting KMIP response: %s", kms_response_parser_error(kms_ctx->parser));
|
911
|
+
goto done;
|
912
|
+
}
|
913
|
+
|
914
|
+
ciphertext = kms_kmip_response_get_data(res, &ciphertext_len);
|
915
|
+
if (!ciphertext) {
|
916
|
+
CLIENT_ERR("Error getting data from KMIP Encrypt response: %s", kms_response_get_error(res));
|
917
|
+
goto done;
|
918
|
+
}
|
919
|
+
|
920
|
+
iv = kms_kmip_response_get_iv(res, &iv_len);
|
921
|
+
if (!iv) {
|
922
|
+
CLIENT_ERR("Error getting IV from KMIP Encrypt response: %s", kms_response_get_error(res));
|
923
|
+
bson_free(ciphertext);
|
924
|
+
goto done;
|
925
|
+
}
|
926
|
+
|
927
|
+
if (iv_len != MONGOCRYPT_IV_LEN) {
|
928
|
+
CLIENT_ERR("KMIP IV response has unexpected length: %zu", iv_len);
|
929
|
+
bson_free(ciphertext);
|
930
|
+
bson_free(iv);
|
931
|
+
goto done;
|
932
|
+
}
|
933
|
+
|
934
|
+
if (!_mongocrypt_buffer_steal_from_data_and_size(&data_buf, ciphertext, ciphertext_len)) {
|
935
|
+
CLIENT_ERR("Error storing KMS Encrypt result");
|
936
|
+
bson_free(ciphertext);
|
937
|
+
bson_free(iv);
|
938
|
+
goto done;
|
939
|
+
}
|
940
|
+
|
941
|
+
if (!_mongocrypt_buffer_steal_from_data_and_size(&iv_buf, iv, iv_len)) {
|
942
|
+
CLIENT_ERR("Error storing KMS Encrypt IV");
|
943
|
+
bson_free(ciphertext);
|
944
|
+
bson_free(iv);
|
945
|
+
goto done;
|
946
|
+
}
|
947
|
+
|
948
|
+
const _mongocrypt_buffer_t results_buf[2] = {iv_buf, data_buf};
|
949
|
+
if (!_mongocrypt_buffer_concat(&kms_ctx->result, results_buf, 2)) {
|
950
|
+
CLIENT_ERR("Error concatenating IV and ciphertext");
|
951
|
+
goto done;
|
952
|
+
}
|
953
|
+
|
954
|
+
ret = true;
|
955
|
+
|
956
|
+
done:
|
957
|
+
kms_response_destroy(res);
|
958
|
+
_mongocrypt_buffer_cleanup(&iv_buf);
|
959
|
+
_mongocrypt_buffer_cleanup(&data_buf);
|
960
|
+
return ret;
|
961
|
+
}
|
962
|
+
|
963
|
+
static bool _ctx_done_kmip_decrypt(mongocrypt_kms_ctx_t *kms_ctx) {
|
964
|
+
BSON_ASSERT_PARAM(kms_ctx);
|
965
|
+
|
966
|
+
kms_response_t *res = NULL;
|
967
|
+
|
968
|
+
mongocrypt_status_t *status = kms_ctx->status;
|
969
|
+
bool ret = false;
|
970
|
+
uint8_t *ciphertext;
|
971
|
+
size_t ciphertext_len;
|
972
|
+
|
973
|
+
res = kms_response_parser_get_response(kms_ctx->parser);
|
974
|
+
if (!res) {
|
975
|
+
CLIENT_ERR("Error getting KMIP response: %s", kms_response_parser_error(kms_ctx->parser));
|
976
|
+
goto done;
|
977
|
+
}
|
978
|
+
|
979
|
+
ciphertext = kms_kmip_response_get_data(res, &ciphertext_len);
|
980
|
+
if (!ciphertext) {
|
981
|
+
CLIENT_ERR("Error getting data from KMIP Decrypt response: %s", kms_response_get_error(res));
|
982
|
+
goto done;
|
983
|
+
}
|
984
|
+
|
985
|
+
if (!_mongocrypt_buffer_steal_from_data_and_size(&kms_ctx->result, ciphertext, ciphertext_len)) {
|
986
|
+
CLIENT_ERR("Error storing KMS Decrypt result");
|
987
|
+
bson_free(ciphertext);
|
988
|
+
goto done;
|
989
|
+
}
|
990
|
+
|
991
|
+
ret = true;
|
992
|
+
|
993
|
+
done:
|
994
|
+
kms_response_destroy(res);
|
995
|
+
return ret;
|
996
|
+
}
|
997
|
+
|
829
998
|
bool mongocrypt_kms_ctx_feed(mongocrypt_kms_ctx_t *kms, mongocrypt_binary_t *bytes) {
|
830
999
|
if (!kms) {
|
831
1000
|
return false;
|
@@ -889,6 +1058,9 @@ bool mongocrypt_kms_ctx_feed(mongocrypt_kms_ctx_t *kms, mongocrypt_binary_t *byt
|
|
889
1058
|
case MONGOCRYPT_KMS_KMIP_REGISTER: return _ctx_done_kmip_register(kms);
|
890
1059
|
case MONGOCRYPT_KMS_KMIP_ACTIVATE: return _ctx_done_kmip_activate(kms);
|
891
1060
|
case MONGOCRYPT_KMS_KMIP_GET: return _ctx_done_kmip_get(kms);
|
1061
|
+
case MONGOCRYPT_KMS_KMIP_ENCRYPT: return _ctx_done_kmip_encrypt(kms);
|
1062
|
+
case MONGOCRYPT_KMS_KMIP_DECRYPT: return _ctx_done_kmip_decrypt(kms);
|
1063
|
+
case MONGOCRYPT_KMS_KMIP_CREATE: return _ctx_done_kmip_create(kms);
|
892
1064
|
}
|
893
1065
|
}
|
894
1066
|
return true;
|
@@ -948,6 +1120,7 @@ void _mongocrypt_kms_ctx_cleanup(mongocrypt_kms_ctx_t *kms) {
|
|
948
1120
|
_mongocrypt_buffer_cleanup(&kms->msg);
|
949
1121
|
_mongocrypt_buffer_cleanup(&kms->result);
|
950
1122
|
bson_free(kms->endpoint);
|
1123
|
+
bson_free(kms->kmsid);
|
951
1124
|
}
|
952
1125
|
|
953
1126
|
bool mongocrypt_kms_ctx_message(mongocrypt_kms_ctx_t *kms, mongocrypt_binary_t *msg) {
|
@@ -979,24 +1152,27 @@ bool mongocrypt_kms_ctx_endpoint(mongocrypt_kms_ctx_t *kms, const char **endpoin
|
|
979
1152
|
}
|
980
1153
|
|
981
1154
|
bool _mongocrypt_kms_ctx_init_azure_auth(mongocrypt_kms_ctx_t *kms,
|
982
|
-
|
983
|
-
|
984
|
-
|
1155
|
+
const mc_kms_creds_t *kc,
|
1156
|
+
_mongocrypt_endpoint_t *key_vault_endpoint,
|
1157
|
+
const char *kmsid,
|
1158
|
+
_mongocrypt_log_t *log) {
|
985
1159
|
BSON_ASSERT_PARAM(kms);
|
986
|
-
BSON_ASSERT_PARAM(
|
1160
|
+
BSON_ASSERT_PARAM(kc);
|
987
1161
|
|
988
1162
|
kms_request_opt_t *opt = NULL;
|
989
1163
|
mongocrypt_status_t *status;
|
990
|
-
_mongocrypt_endpoint_t *identity_platform_endpoint;
|
1164
|
+
const _mongocrypt_endpoint_t *identity_platform_endpoint;
|
991
1165
|
char *scope = NULL;
|
992
1166
|
const char *hostname;
|
993
1167
|
char *request_string;
|
994
1168
|
bool ret = false;
|
995
1169
|
|
996
|
-
_init_common(kms, log, MONGOCRYPT_KMS_AZURE_OAUTH);
|
1170
|
+
_init_common(kms, log, MONGOCRYPT_KMS_AZURE_OAUTH, kmsid);
|
997
1171
|
status = kms->status;
|
998
1172
|
|
999
|
-
|
1173
|
+
BSON_ASSERT(kc->type == MONGOCRYPT_KMS_PROVIDER_AZURE);
|
1174
|
+
|
1175
|
+
identity_platform_endpoint = kc->value.azure.identity_platform_endpoint;
|
1000
1176
|
|
1001
1177
|
if (identity_platform_endpoint) {
|
1002
1178
|
kms->endpoint = bson_strdup(identity_platform_endpoint->host_and_port);
|
@@ -1022,9 +1198,9 @@ bool _mongocrypt_kms_ctx_init_azure_auth(mongocrypt_kms_ctx_t *kms,
|
|
1022
1198
|
kms_request_opt_set_provider(opt, KMS_REQUEST_PROVIDER_AZURE);
|
1023
1199
|
kms->req = kms_azure_request_oauth_new(hostname,
|
1024
1200
|
scope,
|
1025
|
-
|
1026
|
-
|
1027
|
-
|
1201
|
+
kc->value.azure.tenant_id,
|
1202
|
+
kc->value.azure.client_id,
|
1203
|
+
kc->value.azure.client_secret,
|
1028
1204
|
opt);
|
1029
1205
|
if (kms_request_get_error(kms->req)) {
|
1030
1206
|
CLIENT_ERR("error constructing KMS message: %s", kms_request_get_error(kms->req));
|
@@ -1049,11 +1225,12 @@ fail:
|
|
1049
1225
|
}
|
1050
1226
|
|
1051
1227
|
bool _mongocrypt_kms_ctx_init_azure_wrapkey(mongocrypt_kms_ctx_t *kms,
|
1052
|
-
_mongocrypt_log_t *log,
|
1053
1228
|
_mongocrypt_opts_kms_providers_t *kms_providers,
|
1054
1229
|
struct __mongocrypt_ctx_opts_t *ctx_opts,
|
1055
1230
|
const char *access_token,
|
1056
|
-
_mongocrypt_buffer_t *plaintext_key_material
|
1231
|
+
_mongocrypt_buffer_t *plaintext_key_material,
|
1232
|
+
const char *kmsid,
|
1233
|
+
_mongocrypt_log_t *log) {
|
1057
1234
|
BSON_ASSERT_PARAM(kms);
|
1058
1235
|
BSON_ASSERT_PARAM(ctx_opts);
|
1059
1236
|
BSON_ASSERT_PARAM(plaintext_key_material);
|
@@ -1066,7 +1243,7 @@ bool _mongocrypt_kms_ctx_init_azure_wrapkey(mongocrypt_kms_ctx_t *kms,
|
|
1066
1243
|
char *request_string;
|
1067
1244
|
bool ret = false;
|
1068
1245
|
|
1069
|
-
_init_common(kms, log, MONGOCRYPT_KMS_AZURE_WRAPKEY);
|
1246
|
+
_init_common(kms, log, MONGOCRYPT_KMS_AZURE_WRAPKEY, kmsid);
|
1070
1247
|
status = kms->status;
|
1071
1248
|
|
1072
1249
|
BSON_ASSERT(ctx_opts->kek.provider.azure.key_vault_endpoint);
|
@@ -1114,6 +1291,7 @@ bool _mongocrypt_kms_ctx_init_azure_unwrapkey(mongocrypt_kms_ctx_t *kms,
|
|
1114
1291
|
_mongocrypt_opts_kms_providers_t *kms_providers,
|
1115
1292
|
const char *access_token,
|
1116
1293
|
_mongocrypt_key_doc_t *key,
|
1294
|
+
const char *kmsid,
|
1117
1295
|
_mongocrypt_log_t *log) {
|
1118
1296
|
BSON_ASSERT_PARAM(kms);
|
1119
1297
|
BSON_ASSERT_PARAM(key);
|
@@ -1126,7 +1304,7 @@ bool _mongocrypt_kms_ctx_init_azure_unwrapkey(mongocrypt_kms_ctx_t *kms,
|
|
1126
1304
|
char *request_string;
|
1127
1305
|
bool ret = false;
|
1128
1306
|
|
1129
|
-
_init_common(kms, log, MONGOCRYPT_KMS_AZURE_UNWRAPKEY);
|
1307
|
+
_init_common(kms, log, MONGOCRYPT_KMS_AZURE_UNWRAPKEY, kmsid);
|
1130
1308
|
status = kms->status;
|
1131
1309
|
|
1132
1310
|
BSON_ASSERT(key->kek.provider.azure.key_vault_endpoint);
|
@@ -1212,17 +1390,18 @@ static bool _sign_rsaes_pkcs1_v1_5_trampoline(void *ctx,
|
|
1212
1390
|
}
|
1213
1391
|
|
1214
1392
|
bool _mongocrypt_kms_ctx_init_gcp_auth(mongocrypt_kms_ctx_t *kms,
|
1215
|
-
_mongocrypt_log_t *log,
|
1216
1393
|
_mongocrypt_opts_t *crypt_opts,
|
1217
|
-
|
1218
|
-
_mongocrypt_endpoint_t *kms_endpoint
|
1394
|
+
const mc_kms_creds_t *kc,
|
1395
|
+
_mongocrypt_endpoint_t *kms_endpoint,
|
1396
|
+
const char *kmsid,
|
1397
|
+
_mongocrypt_log_t *log) {
|
1219
1398
|
BSON_ASSERT_PARAM(kms);
|
1220
|
-
BSON_ASSERT_PARAM(
|
1399
|
+
BSON_ASSERT_PARAM(kc);
|
1221
1400
|
BSON_ASSERT_PARAM(crypt_opts);
|
1222
1401
|
|
1223
1402
|
kms_request_opt_t *opt = NULL;
|
1224
1403
|
mongocrypt_status_t *status;
|
1225
|
-
_mongocrypt_endpoint_t *auth_endpoint;
|
1404
|
+
const _mongocrypt_endpoint_t *auth_endpoint;
|
1226
1405
|
char *scope = NULL;
|
1227
1406
|
char *audience = NULL;
|
1228
1407
|
const char *hostname;
|
@@ -1230,12 +1409,14 @@ bool _mongocrypt_kms_ctx_init_gcp_auth(mongocrypt_kms_ctx_t *kms,
|
|
1230
1409
|
bool ret = false;
|
1231
1410
|
ctx_with_status_t ctx_with_status;
|
1232
1411
|
|
1233
|
-
_init_common(kms, log, MONGOCRYPT_KMS_GCP_OAUTH);
|
1412
|
+
_init_common(kms, log, MONGOCRYPT_KMS_GCP_OAUTH, kmsid);
|
1234
1413
|
status = kms->status;
|
1235
1414
|
ctx_with_status.ctx = crypt_opts;
|
1236
1415
|
ctx_with_status.status = mongocrypt_status_new();
|
1237
1416
|
|
1238
|
-
|
1417
|
+
BSON_ASSERT(kc->type == MONGOCRYPT_KMS_PROVIDER_GCP);
|
1418
|
+
|
1419
|
+
auth_endpoint = kc->value.gcp.endpoint;
|
1239
1420
|
if (auth_endpoint) {
|
1240
1421
|
kms->endpoint = bson_strdup(auth_endpoint->host_and_port);
|
1241
1422
|
hostname = auth_endpoint->host;
|
@@ -1262,11 +1443,11 @@ bool _mongocrypt_kms_ctx_init_gcp_auth(mongocrypt_kms_ctx_t *kms,
|
|
1262
1443
|
kms_request_opt_set_crypto_hook_sign_rsaes_pkcs1_v1_5(opt, _sign_rsaes_pkcs1_v1_5_trampoline, &ctx_with_status);
|
1263
1444
|
}
|
1264
1445
|
kms->req = kms_gcp_request_oauth_new(hostname,
|
1265
|
-
|
1446
|
+
kc->value.gcp.email,
|
1266
1447
|
audience,
|
1267
1448
|
scope,
|
1268
|
-
(const char *)
|
1269
|
-
|
1449
|
+
(const char *)kc->value.gcp.private_key.data,
|
1450
|
+
kc->value.gcp.private_key.len,
|
1270
1451
|
opt);
|
1271
1452
|
if (kms_request_get_error(kms->req)) {
|
1272
1453
|
CLIENT_ERR("error constructing KMS message: %s", kms_request_get_error(kms->req));
|
@@ -1295,11 +1476,12 @@ fail:
|
|
1295
1476
|
}
|
1296
1477
|
|
1297
1478
|
bool _mongocrypt_kms_ctx_init_gcp_encrypt(mongocrypt_kms_ctx_t *kms,
|
1298
|
-
_mongocrypt_log_t *log,
|
1299
1479
|
_mongocrypt_opts_kms_providers_t *kms_providers,
|
1300
1480
|
struct __mongocrypt_ctx_opts_t *ctx_opts,
|
1301
1481
|
const char *access_token,
|
1302
|
-
_mongocrypt_buffer_t *plaintext_key_material
|
1482
|
+
_mongocrypt_buffer_t *plaintext_key_material,
|
1483
|
+
const char *kmsid,
|
1484
|
+
_mongocrypt_log_t *log) {
|
1303
1485
|
BSON_ASSERT_PARAM(kms);
|
1304
1486
|
BSON_ASSERT_PARAM(ctx_opts);
|
1305
1487
|
BSON_ASSERT_PARAM(kms_providers);
|
@@ -1314,7 +1496,7 @@ bool _mongocrypt_kms_ctx_init_gcp_encrypt(mongocrypt_kms_ctx_t *kms,
|
|
1314
1496
|
char *request_string;
|
1315
1497
|
bool ret = false;
|
1316
1498
|
|
1317
|
-
_init_common(kms, log, MONGOCRYPT_KMS_GCP_ENCRYPT);
|
1499
|
+
_init_common(kms, log, MONGOCRYPT_KMS_GCP_ENCRYPT, kmsid);
|
1318
1500
|
status = kms->status;
|
1319
1501
|
|
1320
1502
|
if (ctx_opts->kek.provider.gcp.endpoint) {
|
@@ -1368,6 +1550,7 @@ bool _mongocrypt_kms_ctx_init_gcp_decrypt(mongocrypt_kms_ctx_t *kms,
|
|
1368
1550
|
_mongocrypt_opts_kms_providers_t *kms_providers,
|
1369
1551
|
const char *access_token,
|
1370
1552
|
_mongocrypt_key_doc_t *key,
|
1553
|
+
const char *kmsid,
|
1371
1554
|
_mongocrypt_log_t *log) {
|
1372
1555
|
BSON_ASSERT_PARAM(kms);
|
1373
1556
|
BSON_ASSERT_PARAM(kms_providers);
|
@@ -1382,7 +1565,7 @@ bool _mongocrypt_kms_ctx_init_gcp_decrypt(mongocrypt_kms_ctx_t *kms,
|
|
1382
1565
|
char *request_string;
|
1383
1566
|
bool ret = false;
|
1384
1567
|
|
1385
|
-
_init_common(kms, log, MONGOCRYPT_KMS_GCP_DECRYPT);
|
1568
|
+
_init_common(kms, log, MONGOCRYPT_KMS_GCP_DECRYPT, kmsid);
|
1386
1569
|
status = kms->status;
|
1387
1570
|
|
1388
1571
|
if (key->kek.provider.gcp.endpoint) {
|
@@ -1435,6 +1618,7 @@ bool _mongocrypt_kms_ctx_init_kmip_register(mongocrypt_kms_ctx_t *kms_ctx,
|
|
1435
1618
|
const _mongocrypt_endpoint_t *endpoint,
|
1436
1619
|
const uint8_t *secretdata,
|
1437
1620
|
uint32_t secretdata_len,
|
1621
|
+
const char *kmsid,
|
1438
1622
|
_mongocrypt_log_t *log) {
|
1439
1623
|
BSON_ASSERT_PARAM(kms_ctx);
|
1440
1624
|
BSON_ASSERT_PARAM(endpoint);
|
@@ -1445,7 +1629,7 @@ bool _mongocrypt_kms_ctx_init_kmip_register(mongocrypt_kms_ctx_t *kms_ctx,
|
|
1445
1629
|
const uint8_t *reqdata;
|
1446
1630
|
size_t reqlen;
|
1447
1631
|
|
1448
|
-
_init_common(kms_ctx, log, MONGOCRYPT_KMS_KMIP_REGISTER);
|
1632
|
+
_init_common(kms_ctx, log, MONGOCRYPT_KMS_KMIP_REGISTER, kmsid);
|
1449
1633
|
status = kms_ctx->status;
|
1450
1634
|
|
1451
1635
|
kms_ctx->endpoint = bson_strdup(endpoint->host_and_port);
|
@@ -1471,6 +1655,7 @@ done:
|
|
1471
1655
|
bool _mongocrypt_kms_ctx_init_kmip_activate(mongocrypt_kms_ctx_t *kms_ctx,
|
1472
1656
|
const _mongocrypt_endpoint_t *endpoint,
|
1473
1657
|
const char *unique_identifier,
|
1658
|
+
const char *kmsid,
|
1474
1659
|
_mongocrypt_log_t *log) {
|
1475
1660
|
BSON_ASSERT_PARAM(kms_ctx);
|
1476
1661
|
BSON_ASSERT_PARAM(endpoint);
|
@@ -1481,7 +1666,7 @@ bool _mongocrypt_kms_ctx_init_kmip_activate(mongocrypt_kms_ctx_t *kms_ctx,
|
|
1481
1666
|
size_t reqlen;
|
1482
1667
|
const uint8_t *reqdata;
|
1483
1668
|
|
1484
|
-
_init_common(kms_ctx, log, MONGOCRYPT_KMS_KMIP_ACTIVATE);
|
1669
|
+
_init_common(kms_ctx, log, MONGOCRYPT_KMS_KMIP_ACTIVATE, kmsid);
|
1485
1670
|
status = kms_ctx->status;
|
1486
1671
|
|
1487
1672
|
kms_ctx->endpoint = bson_strdup(endpoint->host_and_port);
|
@@ -1507,6 +1692,7 @@ done:
|
|
1507
1692
|
bool _mongocrypt_kms_ctx_init_kmip_get(mongocrypt_kms_ctx_t *kms_ctx,
|
1508
1693
|
const _mongocrypt_endpoint_t *endpoint,
|
1509
1694
|
const char *unique_identifier,
|
1695
|
+
const char *kmsid,
|
1510
1696
|
_mongocrypt_log_t *log) {
|
1511
1697
|
BSON_ASSERT_PARAM(kms_ctx);
|
1512
1698
|
BSON_ASSERT_PARAM(endpoint);
|
@@ -1517,7 +1703,7 @@ bool _mongocrypt_kms_ctx_init_kmip_get(mongocrypt_kms_ctx_t *kms_ctx,
|
|
1517
1703
|
size_t reqlen;
|
1518
1704
|
const uint8_t *reqdata;
|
1519
1705
|
|
1520
|
-
_init_common(kms_ctx, log, MONGOCRYPT_KMS_KMIP_GET);
|
1706
|
+
_init_common(kms_ctx, log, MONGOCRYPT_KMS_KMIP_GET, kmsid);
|
1521
1707
|
status = kms_ctx->status;
|
1522
1708
|
|
1523
1709
|
kms_ctx->endpoint = bson_strdup(endpoint->host_and_port);
|
@@ -1540,6 +1726,129 @@ done:
|
|
1540
1726
|
return ret;
|
1541
1727
|
}
|
1542
1728
|
|
1729
|
+
bool _mongocrypt_kms_ctx_init_kmip_create(mongocrypt_kms_ctx_t *kms_ctx,
|
1730
|
+
const _mongocrypt_endpoint_t *endpoint,
|
1731
|
+
const char *kmsid,
|
1732
|
+
_mongocrypt_log_t *log) {
|
1733
|
+
BSON_ASSERT_PARAM(kms_ctx);
|
1734
|
+
BSON_ASSERT_PARAM(endpoint);
|
1735
|
+
bool ret = false;
|
1736
|
+
|
1737
|
+
_init_common(kms_ctx, log, MONGOCRYPT_KMS_KMIP_CREATE, kmsid);
|
1738
|
+
mongocrypt_status_t *status = kms_ctx->status;
|
1739
|
+
kms_ctx->endpoint = bson_strdup(endpoint->host_and_port);
|
1740
|
+
_mongocrypt_apply_default_port(&kms_ctx->endpoint, DEFAULT_KMIP_PORT);
|
1741
|
+
|
1742
|
+
kms_ctx->req = kms_kmip_request_create_new(NULL /* reserved */);
|
1743
|
+
|
1744
|
+
if (kms_request_get_error(kms_ctx->req)) {
|
1745
|
+
CLIENT_ERR("Error creating KMIP create request: %s", kms_request_get_error(kms_ctx->req));
|
1746
|
+
goto done;
|
1747
|
+
}
|
1748
|
+
|
1749
|
+
size_t reqlen;
|
1750
|
+
const uint8_t *reqdata = kms_request_to_bytes(kms_ctx->req, &reqlen);
|
1751
|
+
if (!_mongocrypt_buffer_copy_from_data_and_size(&kms_ctx->msg, reqdata, reqlen)) {
|
1752
|
+
CLIENT_ERR("Error storing KMS request payload");
|
1753
|
+
goto done;
|
1754
|
+
}
|
1755
|
+
|
1756
|
+
ret = true;
|
1757
|
+
done:
|
1758
|
+
return ret;
|
1759
|
+
}
|
1760
|
+
|
1761
|
+
bool _mongocrypt_kms_ctx_init_kmip_encrypt(mongocrypt_kms_ctx_t *kms_ctx,
|
1762
|
+
const _mongocrypt_endpoint_t *endpoint,
|
1763
|
+
const char *unique_identifier,
|
1764
|
+
const char *kmsid,
|
1765
|
+
_mongocrypt_buffer_t *plaintext,
|
1766
|
+
_mongocrypt_log_t *log) {
|
1767
|
+
BSON_ASSERT_PARAM(kms_ctx);
|
1768
|
+
BSON_ASSERT_PARAM(endpoint);
|
1769
|
+
BSON_ASSERT_PARAM(plaintext);
|
1770
|
+
bool ret = false;
|
1771
|
+
|
1772
|
+
_init_common(kms_ctx, log, MONGOCRYPT_KMS_KMIP_ENCRYPT, kmsid);
|
1773
|
+
mongocrypt_status_t *status = kms_ctx->status;
|
1774
|
+
kms_ctx->endpoint = bson_strdup(endpoint->host_and_port);
|
1775
|
+
_mongocrypt_apply_default_port(&kms_ctx->endpoint, DEFAULT_KMIP_PORT);
|
1776
|
+
|
1777
|
+
kms_ctx->req =
|
1778
|
+
kms_kmip_request_encrypt_new(NULL /* reserved */, unique_identifier, plaintext->data, plaintext->len);
|
1779
|
+
|
1780
|
+
if (kms_request_get_error(kms_ctx->req)) {
|
1781
|
+
CLIENT_ERR("Error creating KMIP encrypt request: %s", kms_request_get_error(kms_ctx->req));
|
1782
|
+
goto done;
|
1783
|
+
}
|
1784
|
+
|
1785
|
+
size_t reqlen;
|
1786
|
+
const uint8_t *reqdata = kms_request_to_bytes(kms_ctx->req, &reqlen);
|
1787
|
+
if (!_mongocrypt_buffer_copy_from_data_and_size(&kms_ctx->msg, reqdata, reqlen)) {
|
1788
|
+
CLIENT_ERR("Error storing KMS request payload");
|
1789
|
+
goto done;
|
1790
|
+
}
|
1791
|
+
|
1792
|
+
ret = true;
|
1793
|
+
done:
|
1794
|
+
return ret;
|
1795
|
+
}
|
1796
|
+
|
1797
|
+
bool _mongocrypt_kms_ctx_init_kmip_decrypt(mongocrypt_kms_ctx_t *kms_ctx,
|
1798
|
+
const _mongocrypt_endpoint_t *endpoint,
|
1799
|
+
const char *kmsid,
|
1800
|
+
_mongocrypt_key_doc_t *key,
|
1801
|
+
_mongocrypt_log_t *log) {
|
1802
|
+
BSON_ASSERT_PARAM(kms_ctx);
|
1803
|
+
BSON_ASSERT_PARAM(endpoint);
|
1804
|
+
BSON_ASSERT_PARAM(key);
|
1805
|
+
bool ret = false;
|
1806
|
+
|
1807
|
+
_init_common(kms_ctx, log, MONGOCRYPT_KMS_KMIP_DECRYPT, kmsid);
|
1808
|
+
mongocrypt_status_t *status = kms_ctx->status;
|
1809
|
+
kms_ctx->endpoint = bson_strdup(endpoint->host_and_port);
|
1810
|
+
_mongocrypt_apply_default_port(&kms_ctx->endpoint, DEFAULT_KMIP_PORT);
|
1811
|
+
|
1812
|
+
_mongocrypt_buffer_t iv;
|
1813
|
+
if (!_mongocrypt_buffer_from_subrange(&iv, &key->key_material, 0, MONGOCRYPT_IV_LEN)) {
|
1814
|
+
CLIENT_ERR("Error getting IV from key material");
|
1815
|
+
goto done;
|
1816
|
+
}
|
1817
|
+
_mongocrypt_buffer_t ciphertext;
|
1818
|
+
if (!_mongocrypt_buffer_from_subrange(&ciphertext,
|
1819
|
+
&key->key_material,
|
1820
|
+
MONGOCRYPT_IV_LEN,
|
1821
|
+
key->key_material.len - MONGOCRYPT_IV_LEN)) {
|
1822
|
+
CLIENT_ERR("Error getting ciphertext from key material");
|
1823
|
+
goto done;
|
1824
|
+
}
|
1825
|
+
|
1826
|
+
BSON_ASSERT(key->kek.kms_provider == MONGOCRYPT_KMS_PROVIDER_KMIP);
|
1827
|
+
BSON_ASSERT(key->kek.provider.kmip.delegated);
|
1828
|
+
kms_ctx->req = kms_kmip_request_decrypt_new(NULL /* reserved */,
|
1829
|
+
key->kek.provider.kmip.key_id,
|
1830
|
+
ciphertext.data,
|
1831
|
+
ciphertext.len,
|
1832
|
+
iv.data,
|
1833
|
+
iv.len);
|
1834
|
+
|
1835
|
+
if (kms_request_get_error(kms_ctx->req)) {
|
1836
|
+
CLIENT_ERR("Error creating KMIP decrypt request: %s", kms_request_get_error(kms_ctx->req));
|
1837
|
+
goto done;
|
1838
|
+
}
|
1839
|
+
|
1840
|
+
size_t reqlen;
|
1841
|
+
const uint8_t *reqdata = kms_request_to_bytes(kms_ctx->req, &reqlen);
|
1842
|
+
if (!_mongocrypt_buffer_copy_from_data_and_size(&kms_ctx->msg, reqdata, reqlen)) {
|
1843
|
+
CLIENT_ERR("Error storing KMS request payload");
|
1844
|
+
goto done;
|
1845
|
+
}
|
1846
|
+
|
1847
|
+
ret = true;
|
1848
|
+
done:
|
1849
|
+
return ret;
|
1850
|
+
}
|
1851
|
+
|
1543
1852
|
static const char *set_and_ret(const char *what, uint32_t *len) {
|
1544
1853
|
BSON_ASSERT_PARAM(what);
|
1545
1854
|
|
@@ -1553,18 +1862,5 @@ const char *mongocrypt_kms_ctx_get_kms_provider(mongocrypt_kms_ctx_t *kms, uint3
|
|
1553
1862
|
BSON_ASSERT_PARAM(kms);
|
1554
1863
|
/* len is checked in set_and_ret () before it is used */
|
1555
1864
|
|
1556
|
-
|
1557
|
-
default: BSON_ASSERT(false && "unknown KMS request type");
|
1558
|
-
case MONGOCRYPT_KMS_AWS_ENCRYPT:
|
1559
|
-
case MONGOCRYPT_KMS_AWS_DECRYPT: return set_and_ret("aws", len);
|
1560
|
-
case MONGOCRYPT_KMS_AZURE_OAUTH:
|
1561
|
-
case MONGOCRYPT_KMS_AZURE_WRAPKEY:
|
1562
|
-
case MONGOCRYPT_KMS_AZURE_UNWRAPKEY: return set_and_ret("azure", len);
|
1563
|
-
case MONGOCRYPT_KMS_GCP_OAUTH:
|
1564
|
-
case MONGOCRYPT_KMS_GCP_ENCRYPT:
|
1565
|
-
case MONGOCRYPT_KMS_GCP_DECRYPT: return set_and_ret("gcp", len);
|
1566
|
-
case MONGOCRYPT_KMS_KMIP_REGISTER:
|
1567
|
-
case MONGOCRYPT_KMS_KMIP_ACTIVATE:
|
1568
|
-
case MONGOCRYPT_KMS_KMIP_GET: return set_and_ret("kmip", len);
|
1569
|
-
}
|
1865
|
+
return set_and_ret(kms->kmsid, len);
|
1570
1866
|
}
|