1 /* 2 * Copyright 2019-present MongoDB, Inc. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include "mongoc-prelude.h" 18 19 #ifndef MONGOC_CLIENT_SIDE_ENCRYPTION_H 20 #define MONGOC_CLIENT_SIDE_ENCRYPTION_H 21 22 #include <bson/bson.h> 23 24 /* Forward declare */ 25 struct _mongoc_client_t; 26 struct _mongoc_client_pool_t; 27 28 #define MONGOC_AEAD_AES_256_CBC_HMAC_SHA_512_RANDOM "AEAD_AES_256_CBC_HMAC_SHA_512-Random" 29 #define MONGOC_AEAD_AES_256_CBC_HMAC_SHA_512_DETERMINISTIC "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" 30 31 BSON_BEGIN_DECLS 32 33 typedef struct _mongoc_auto_encryption_opts_t mongoc_auto_encryption_opts_t; 34 35 MONGOC_EXPORT (mongoc_auto_encryption_opts_t *) 36 mongoc_auto_encryption_opts_new (void); 37 38 MONGOC_EXPORT (void) 39 mongoc_auto_encryption_opts_destroy (mongoc_auto_encryption_opts_t *opts); 40 41 MONGOC_EXPORT (void) 42 mongoc_auto_encryption_opts_set_keyvault_client ( 43 mongoc_auto_encryption_opts_t *opts, struct _mongoc_client_t *client); 44 45 MONGOC_EXPORT (void) 46 mongoc_auto_encryption_opts_set_keyvault_client_pool ( 47 mongoc_auto_encryption_opts_t *opts, struct _mongoc_client_pool_t *pool); 48 49 MONGOC_EXPORT (void) 50 mongoc_auto_encryption_opts_set_keyvault_namespace ( 51 mongoc_auto_encryption_opts_t *opts, const char *db, const char *coll); 52 53 MONGOC_EXPORT (void) 54 mongoc_auto_encryption_opts_set_kms_providers ( 55 mongoc_auto_encryption_opts_t *opts, const bson_t *kms_providers); 56 57 MONGOC_EXPORT (void) 58 mongoc_auto_encryption_opts_set_schema_map (mongoc_auto_encryption_opts_t *opts, 59 const bson_t *schema_map); 60 61 MONGOC_EXPORT (void) 62 mongoc_auto_encryption_opts_set_bypass_auto_encryption ( 63 mongoc_auto_encryption_opts_t *opts, bool bypass_auto_encryption); 64 65 MONGOC_EXPORT (void) 66 mongoc_auto_encryption_opts_set_extra (mongoc_auto_encryption_opts_t *opts, 67 const bson_t *extra); 68 69 typedef struct _mongoc_client_encryption_opts_t mongoc_client_encryption_opts_t; 70 typedef struct _mongoc_client_encryption_t mongoc_client_encryption_t; 71 typedef struct _mongoc_client_encryption_encrypt_opts_t 72 mongoc_client_encryption_encrypt_opts_t; 73 typedef struct _mongoc_client_encryption_datakey_opts_t 74 mongoc_client_encryption_datakey_opts_t; 75 76 MONGOC_EXPORT (mongoc_client_encryption_opts_t *) 77 mongoc_client_encryption_opts_new (void); 78 79 MONGOC_EXPORT (void) 80 mongoc_client_encryption_opts_destroy (mongoc_client_encryption_opts_t *opts); 81 82 MONGOC_EXPORT (void) 83 mongoc_client_encryption_opts_set_keyvault_client ( 84 mongoc_client_encryption_opts_t *opts, 85 struct _mongoc_client_t *keyvault_client); 86 87 MONGOC_EXPORT (void) 88 mongoc_client_encryption_opts_set_keyvault_namespace ( 89 mongoc_client_encryption_opts_t *opts, const char *db, const char *coll); 90 91 MONGOC_EXPORT (void) 92 mongoc_client_encryption_opts_set_kms_providers ( 93 mongoc_client_encryption_opts_t *opts, const bson_t *kms_providers); 94 95 MONGOC_EXPORT (mongoc_client_encryption_t *) 96 mongoc_client_encryption_new (mongoc_client_encryption_opts_t *opts, 97 bson_error_t *error); 98 99 MONGOC_EXPORT (void) 100 mongoc_client_encryption_destroy ( 101 mongoc_client_encryption_t *client_encryption); 102 103 MONGOC_EXPORT (bool) 104 mongoc_client_encryption_create_datakey ( 105 mongoc_client_encryption_t *client_encryption, 106 const char *kms_provider, 107 mongoc_client_encryption_datakey_opts_t *opts, 108 bson_value_t *keyid, 109 bson_error_t *error); 110 111 MONGOC_EXPORT (bool) 112 mongoc_client_encryption_encrypt (mongoc_client_encryption_t *client_encryption, 113 const bson_value_t *value, 114 mongoc_client_encryption_encrypt_opts_t *opts, 115 bson_value_t *ciphertext, 116 bson_error_t *error); 117 118 MONGOC_EXPORT (bool) 119 mongoc_client_encryption_decrypt (mongoc_client_encryption_t *client_encryption, 120 const bson_value_t *ciphertext, 121 bson_value_t *value, 122 bson_error_t *error); 123 124 MONGOC_EXPORT (mongoc_client_encryption_encrypt_opts_t *) 125 mongoc_client_encryption_encrypt_opts_new (void); 126 127 MONGOC_EXPORT (void) 128 mongoc_client_encryption_encrypt_opts_destroy ( 129 mongoc_client_encryption_encrypt_opts_t *opts); 130 131 MONGOC_EXPORT (void) 132 mongoc_client_encryption_encrypt_opts_set_keyid ( 133 mongoc_client_encryption_encrypt_opts_t *opts, const bson_value_t *keyid); 134 135 MONGOC_EXPORT (void) 136 mongoc_client_encryption_encrypt_opts_set_keyaltname ( 137 mongoc_client_encryption_encrypt_opts_t *opts, const char *keyaltname); 138 139 MONGOC_EXPORT (void) 140 mongoc_client_encryption_encrypt_opts_set_algorithm ( 141 mongoc_client_encryption_encrypt_opts_t *opts, const char *algorithm); 142 143 MONGOC_EXPORT (mongoc_client_encryption_datakey_opts_t *) 144 mongoc_client_encryption_datakey_opts_new (void); 145 146 MONGOC_EXPORT (void) 147 mongoc_client_encryption_datakey_opts_destroy ( 148 mongoc_client_encryption_datakey_opts_t *opts); 149 150 MONGOC_EXPORT (void) 151 mongoc_client_encryption_datakey_opts_set_masterkey ( 152 mongoc_client_encryption_datakey_opts_t *opts, const bson_t *masterkey); 153 154 MONGOC_EXPORT (void) 155 mongoc_client_encryption_datakey_opts_set_keyaltnames ( 156 mongoc_client_encryption_datakey_opts_t *opts, 157 char **keyaltnames, 158 uint32_t keyaltnames_count); 159 160 BSON_END_DECLS 161 162 #endif /* MONGOC_CLIENT_SIDE_ENCRYPTION_H */ 163