/// <summary> /// Starts an explicit encryption context. /// </summary> /// <param name="key">The key id.</param> /// <param name="encryptionAlgorithm">The encryption algorithm.</param> /// <param name="message">The BSON message.</param> /// <returns>A encryption context. </returns> public CryptContext StartExplicitEncryptionContextWithKeyId(byte[] keyId, EncryptionAlgorithm encryptionAlgorithm, byte[] message) { ContextSafeHandle handle = Library.mongocrypt_ctx_new(_handle); unsafe { fixed(byte *p = keyId) { IntPtr ptr = (IntPtr)p; using (PinnedBinary pinned = new PinnedBinary(ptr, (uint)keyId.Length)) { handle.Check(_status, Library.mongocrypt_ctx_setopt_key_id(handle, pinned.Handle)); } } } handle.Check(_status, Library.mongocrypt_ctx_setopt_algorithm(handle, Helpers.EncryptionAlgorithmToString(encryptionAlgorithm), -1)); unsafe { fixed(byte *p = message) { IntPtr ptr = (IntPtr)p; using (PinnedBinary pinned = new PinnedBinary(ptr, (uint)message.Length)) { handle.Check(_status, Library.mongocrypt_ctx_explicit_encrypt_init(handle, pinned.Handle)); } } } return(new CryptContext(handle)); }
/// <summary>Creates a CryptClient with the specified options.</summary> /// <param name="options">The options.</param> /// <returns>A CryptClient</returns> public static CryptClient Create(CryptOptions options) { MongoCryptSafeHandle handle = Library.mongocrypt_new(); Status status = new Status(); foreach (var kmsCredentials in options.KmsCredentialsMap) { ((IInternalKmsCredentials)kmsCredentials.Value).SetCredentials(handle, status); } if (options.Schema != null) { unsafe { fixed(byte *schema = options.Schema) { var schemaPtr = (IntPtr)schema; using (var pinnedSchema = new PinnedBinary(schemaPtr, (uint)options.Schema.Length)) { handle.Check(status, Library.mongocrypt_setopt_schema_map(handle, schema: pinnedSchema.Handle)); } } } } Library.mongocrypt_init(handle); return(new CryptClient(handle, status)); }
/// <summary> /// Starts the encryption context. /// </summary> /// <param name="db">The database of the collection.</param> /// <param name="command">The command.</param> /// <returns>A encryption context.</returns> public CryptContext StartEncryptionContext(string db, byte[] command) { ContextSafeHandle handle = Library.mongocrypt_ctx_new(_handle); IntPtr stringPointer = (IntPtr)Marshal.StringToHGlobalAnsi(db); try { unsafe { fixed(byte *c = command) { var commandPtr = (IntPtr)c; using (var pinnedCommand = new PinnedBinary(commandPtr, (uint)command.Length)) { // Let mongocrypt run strlen handle.Check(_status, Library.mongocrypt_ctx_encrypt_init(handle, stringPointer, -1, pinnedCommand.Handle)); } } } } finally { Marshal.FreeHGlobal(stringPointer); } return(new CryptContext(handle)); }
/// <summary>Creates a CryptClient with the specified options.</summary> /// <param name="options">The options.</param> /// <returns>A CryptClient</returns> public static CryptClient Create(CryptOptions options) { var handle = Library.mongocrypt_new(); var status = new Status(); // The below code can be avoided on Windows. So, we don't call it on this system // to avoid restrictions on target frameworks that present in some of below if (OperatingSystemHelper.CurrentOperatingSystem != OperatingSystemPlatform.Windows) { handle.Check( status, Library.mongocrypt_setopt_crypto_hooks( handle, __crypto256EncryptCallback, __crypto256DecryptCallback, __randomCallback, __cryptoHmacSha512Callback, __cryptoHmacSha256Callback, __cryptoHashCallback, IntPtr.Zero)); handle.Check( status, Library.mongocrypt_setopt_crypto_hook_sign_rsaes_pkcs1_v1_5( handle, __signRsaesPkcs1HmacCallback, IntPtr.Zero)); } foreach (var kmsCredentials in options.KmsCredentials) { kmsCredentials.SetCredentials(handle, status); } if (options.Schema != null) { unsafe { fixed(byte *schema = options.Schema) { var schemaPtr = (IntPtr)schema; using (var pinnedSchema = new PinnedBinary(schemaPtr, (uint)options.Schema.Length)) { handle.Check(status, Library.mongocrypt_setopt_schema_map(handle, schema: pinnedSchema.Handle)); } } } } Library.mongocrypt_init(handle); return(new CryptClient(handle, status)); }
// internal methods internal void SetCredentials(MongoCryptSafeHandle handle, Status status) { unsafe { fixed(byte *p = _credentialsBytes) { IntPtr ptr = (IntPtr)p; using (PinnedBinary pinned = new PinnedBinary(ptr, (uint)_credentialsBytes.Length)) { handle.Check(status, Library.mongocrypt_setopt_kms_providers(handle, pinned.Handle)); } } } }
/// <summary> /// Feeds the response back to the libmongocrypt /// </summary> /// <param name="buffer">The response.</param> public void Feed(byte[] buffer) { unsafe { fixed(byte *p = buffer) { IntPtr ptr = (IntPtr)p; using (PinnedBinary pinned = new PinnedBinary(ptr, (uint)buffer.Length)) { Check(Library.mongocrypt_kms_ctx_feed(_id, pinned.Handle)); } } } }
void IInternalKmsCredentials.SetCredentials(MongoCryptSafeHandle handle, Status status) { unsafe { fixed(byte *p = Key) { IntPtr ptr = (IntPtr)p; using (PinnedBinary pinned = new PinnedBinary(ptr, (uint)Key.Length)) { handle.Check(status, Library.mongocrypt_setopt_kms_provider_local(handle, pinned.Handle)); } } } }
internal void SetCredentials(ContextSafeHandle context, Status status) { unsafe { fixed(byte *p = _dataKeyOptionsBytes) { IntPtr ptr = (IntPtr)p; using (PinnedBinary pinned = new PinnedBinary(ptr, (uint)_dataKeyOptionsBytes.Length)) { context.Check(status, Library.mongocrypt_ctx_setopt_key_encryption_key(context, pinned.Handle)); } } } SetAlternateKeyNames(context, status); }
internal static void SetAlternateKeyNames(this IKmsKeyId kmsKeyId, ContextSafeHandle context, Status status) { foreach (var alternateKeyName in kmsKeyId.AlternateKeyNameBsonDocuments) { unsafe { fixed(byte *p = alternateKeyName) { IntPtr ptr = (IntPtr)p; using (PinnedBinary pinned = new PinnedBinary(ptr, (uint)alternateKeyName.Length)) { context.Check(status, Library.mongocrypt_ctx_setopt_key_alt_name(context, pinned.Handle)); } } } } }
// internal methods internal void SetAlternateKeyNames(ContextSafeHandle context, Status status) { foreach (var alternateKeyNameBytes in _alternateKeyNameBytes) { unsafe { fixed(byte *p = alternateKeyNameBytes) { IntPtr ptr = (IntPtr)p; using (PinnedBinary pinned = new PinnedBinary(ptr, (uint)alternateKeyNameBytes.Length)) { context.Check(status, Library.mongocrypt_ctx_setopt_key_alt_name(context, pinned.Handle)); } } } } }
/// <summary> /// Starts an explicit decryption context. /// </summary> /// <param name="buffer">The buffer.</param> /// <returns>A encryption context</returns> public CryptContext StartExplicitDecryptionContext(byte[] buffer) { ContextSafeHandle handle = Library.mongocrypt_ctx_new(_handle); unsafe { fixed(byte *p = buffer) { IntPtr ptr = (IntPtr)p; using (PinnedBinary pinned = new PinnedBinary(ptr, (uint)buffer.Length)) { // Let mongocrypt run strlen handle.Check(_status, Library.mongocrypt_ctx_explicit_decrypt_init(handle, pinned.Handle)); } } } return(new CryptContext(handle)); }
/// <summary> /// Starts the decryption context. /// </summary> /// <param name="buffer">The bson document to decrypt.</param> /// <returns>A decryption context</returns> public CryptContext StartDecryptionContext(byte[] buffer) { ContextSafeHandle handle = Library.mongocrypt_ctx_new(_handle); GCHandle gch = GCHandle.Alloc(buffer, GCHandleType.Pinned); unsafe { fixed(byte *p = buffer) { IntPtr ptr = (IntPtr)p; using (PinnedBinary pinned = new PinnedBinary(ptr, (uint)buffer.Length)) { handle.Check(_status, Library.mongocrypt_ctx_decrypt_init(handle, pinned.Handle)); } } } return(new CryptContext(handle)); }