__wt_encryptor

wiredtiger_sys

Struct __wt_encryptor 

Source 
#[repr(C)]
pub struct __wt_encryptor {
    pub encrypt: Option<unsafe extern "C" fn(encryptor: *mut WT_ENCRYPTOR, session: *mut WT_SESSION, src: *mut u8, src_len: usize, dst: *mut u8, dst_len: usize, result_lenp: *mut usize) -> c_int>,
    pub decrypt: Option<unsafe extern "C" fn(encryptor: *mut WT_ENCRYPTOR, session: *mut WT_SESSION, src: *mut u8, src_len: usize, dst: *mut u8, dst_len: usize, result_lenp: *mut usize) -> c_int>,
    pub sizing: Option<unsafe extern "C" fn(encryptor: *mut WT_ENCRYPTOR, session: *mut WT_SESSION, expansion_constantp: *mut usize) -> c_int>,
    pub customize: Option<unsafe extern "C" fn(encryptor: *mut WT_ENCRYPTOR, session: *mut WT_SESSION, encrypt_config: *mut WT_CONFIG_ARG, customp: *mut *mut WT_ENCRYPTOR) -> c_int>,
    pub terminate: Option<unsafe extern "C" fn(encryptor: *mut WT_ENCRYPTOR, session: *mut WT_SESSION) -> c_int>,
}
Expand description

The interface implemented by applications to provide custom encryption.

Encryptors must implement the WT_ENCRYPTOR interface: the WT_ENCRYPTOR::encrypt, WT_ENCRYPTOR::decrypt and WT_ENCRYPTOR::sizing callbacks must be specified, WT_ENCRYPTOR::customize and WT_ENCRYPTOR::terminate are optional. To build your own encryptor, use one of the encryptors in \c ext/encryptors as a template: \c ext/encryptors/nop_encrypt is a simple encryptor that passes through data unchanged, and is a reasonable starting point; \c ext/encryptors/rotn_encrypt is an encryptor implementing a simple rotation cipher, it shows the use of \c keyid, \c secretkey, and implements the WT_ENCRYPTOR::customize and WT_ENCRYPTOR::terminate callbacks.

Applications register their implementation with WiredTiger by calling WT_CONNECTION::add_encryptor.

@snippet nop_encrypt.c WT_ENCRYPTOR initialization structure @snippet nop_encrypt.c WT_ENCRYPTOR initialization function

Fields§

§encrypt: Option<unsafe extern "C" fn(encryptor: *mut WT_ENCRYPTOR, session: *mut WT_SESSION, src: *mut u8, src_len: usize, dst: *mut u8, dst_len: usize, result_lenp: *mut usize) -> c_int>

Callback to encrypt a chunk of data.

WT_ENCRYPTOR::encrypt takes a source buffer and a destination buffer. The callback encrypts the source buffer (plain text) into the destination buffer.

On entry, \c src will point to memory, with the length of the memory in \c src_len. After successful completion, the callback should return \c 0 and set \c result_lenp to the number of bytes required for the encrypted representation.

On entry, \c dst points to the destination buffer with a length of \c dst_len. The destination buffer will be at least src_len plus the size returned by that WT_ENCRYPT::sizing.

This callback cannot be NULL.

@param[in] src the data to encrypt @param[in] src_len the length of the data to encrypt @param[in] dst the destination buffer @param[in] dst_len the length of the destination buffer @param[out] result_lenp the length of the encrypted data @returns zero for success, non-zero to indicate an error.

@snippet nop_encrypt.c WT_ENCRYPTOR encrypt

§decrypt: Option<unsafe extern "C" fn(encryptor: *mut WT_ENCRYPTOR, session: *mut WT_SESSION, src: *mut u8, src_len: usize, dst: *mut u8, dst_len: usize, result_lenp: *mut usize) -> c_int>

Callback to decrypt a chunk of data.

WT_ENCRYPTOR::decrypt takes a source buffer and a destination buffer. The contents are switched from \c encrypt: the source buffer is the encrypted value, and the destination buffer is sized to be the original size. If the callback successfully decrypts the source buffer to the destination buffer, it returns 0. If an error occurs, it returns an errno or WiredTiger error code.

On entry, \c src will point to memory, with the length of the memory in \c src_len. After successful completion, the callback should return \c 0 and set \c result_lenp to the number of bytes required for the decrypted representation.

If the \c dst buffer is not big enough to hold the decrypted data, the callback should return an error.

This callback cannot be NULL.

@param[in] src the data to decrypt @param[in] src_len the length of the data to decrypt @param[in] dst the destination buffer @param[in] dst_len the length of the destination buffer @param[out] result_lenp the length of the decrypted data @returns zero for success, non-zero to indicate an error.

@snippet nop_encrypt.c WT_ENCRYPTOR decrypt

§sizing: Option<unsafe extern "C" fn(encryptor: *mut WT_ENCRYPTOR, session: *mut WT_SESSION, expansion_constantp: *mut usize) -> c_int>

Callback to size a destination buffer for encryption.

WT_ENCRYPTOR::sizing is an callback that returns the number of additional bytes that is needed when encrypting a text buffer. This is always necessary, since encryptors typically generate encrypted text that is larger than the plain text input. Without such a call, WiredTiger would have no way to know the worst case for the encrypted buffer size. The WiredTiger encryption infrastructure assumes that buffer sizing is not dependent on the number of bytes of input, that there is a one to one relationship in number of bytes needed between input and output.

This callback cannot be NULL.

The callback should set \c expansion_constantp to the additional number of bytes needed.

@param[out] expansion_constantp the additional number of bytes needed when encrypting. @returns zero for success, non-zero to indicate an error.

@snippet nop_encrypt.c WT_ENCRYPTOR sizing

§customize: Option<unsafe extern "C" fn(encryptor: *mut WT_ENCRYPTOR, session: *mut WT_SESSION, encrypt_config: *mut WT_CONFIG_ARG, customp: *mut *mut WT_ENCRYPTOR) -> c_int>

If non-NULL, this callback is called to customize the encryptor. The customize function is called whenever a keyid is used for the first time with this encryptor, whether it be in the ::wiredtiger_open call or the WT_SESSION::create call. This gives the algorithm an opportunity to retrieve and save keys in a customized encryptor. If the callback returns a non-NULL encryptor, that instance is used instead of this one for any callbacks.

@param[in] encrypt_config the “encryption” portion of the configuration from the wiredtiger_open or WT_SESSION::create call @param[out] customp the new modified encryptor, or NULL. @returns zero for success, non-zero to indicate an error.

§terminate: Option<unsafe extern "C" fn(encryptor: *mut WT_ENCRYPTOR, session: *mut WT_SESSION) -> c_int>

If non-NULL, a callback performed when the database is closed. It is called for each encryptor that was added using WT_CONNECTION::add_encryptor or returned by the WT_ENCRYPTOR::customize callback.

The WT_ENCRYPTOR::terminate callback is intended to allow cleanup, the handle will not be subsequently accessed by WiredTiger.

@snippet nop_encrypt.c WT_ENCRYPTOR terminate

Trait Implementations§

Source§

impl Clone for __wt_encryptor

Source§

fn clone(&self) -> __wt_encryptor

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for __wt_encryptor

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Copy for __wt_encryptor

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.