PHPC-1499: Implement ClientEncryption::encrypt

alcaeus · alcaeus · commit 4d7b35ee69c9 · 2020-01-22T08:18:32.000+01:00
diff --git a/php_phongo.c b/php_phongo.c
@@ -3104,6 +3104,93 @@ void phongo_clientencryption_create_datakey(php_phongo_clientencryption_t* clien
 		mongoc_client_encryption_datakey_opts_destroy(opts);
 	}
 } /* }}} */
+
+static mongoc_client_encryption_encrypt_opts_t* phongo_clientencryption_encrypt_opts_from_zval(zval* options TSRMLS_DC) /* {{{ */
+{
+	mongoc_client_encryption_encrypt_opts_t* opts;
+
+	opts = mongoc_client_encryption_encrypt_opts_new();
+
+	if (!options || Z_TYPE_P(options) != IS_ARRAY) {
+		return opts;
+	}
+
+	if (php_array_existsc(options, "keyId")) {
+		bson_value_t keyid;
+
+		php_phongo_zval_to_bson_value(php_array_fetchc(options, "keyId"), PHONGO_BSON_NONE, &keyid TSRMLS_CC);
+		if (EG(exception)) {
+			goto cleanup;
+		}
+
+		mongoc_client_encryption_encrypt_opts_set_keyid(opts, &keyid);
+	}
+
+	if (php_array_existsc(options, "keyAltName")) {
+		char*     keyaltname;
+		int       plen;
+		zend_bool pfree;
+
+		keyaltname = php_array_fetch_string(options, "keyAltName", &plen, &pfree);
+		mongoc_client_encryption_encrypt_opts_set_keyaltname(opts, keyaltname);
+
+		if (pfree) {
+			str_efree(keyaltname);
+		}
+	}
+
+	if (php_array_existsc(options, "algorithm")) {
+		char*     algorithm;
+		int       plen;
+		zend_bool pfree;
+
+		algorithm = php_array_fetch_string(options, "algorithm", &plen, &pfree);
+		mongoc_client_encryption_encrypt_opts_set_algorithm(opts, algorithm);
+
+		if (pfree) {
+			str_efree(algorithm);
+		}
+	}
+
+	return opts;
+
+cleanup:
+	if (opts) {
+		mongoc_client_encryption_encrypt_opts_destroy(opts);
+	}
+
+	return NULL;
+} /* }}} */
+
+void phongo_clientencryption_encrypt(php_phongo_clientencryption_t* clientencryption, zval* zvalue, zval* zciphertext, zval* options TSRMLS_DC) /* {{{ */
+{
+	mongoc_client_encryption_encrypt_opts_t* opts;
+	bson_value_t                             ciphertext, value;
+	bson_error_t                             error = { 0 };
+
+	php_phongo_zval_to_bson_value(zvalue, PHONGO_BSON_NONE, &value TSRMLS_CC);
+
+	opts = phongo_clientencryption_encrypt_opts_from_zval(options TSRMLS_CC);
+	if (!opts) {
+		/* Exception already thrown */
+		goto cleanup;
+	}
+
+	if (!mongoc_client_encryption_encrypt(clientencryption->client_encryption, &value, opts, &ciphertext, &error)) {
+		phongo_throw_exception_from_bson_error_t(&error TSRMLS_CC);
+		goto cleanup;
+	}
+
+	if (!php_phongo_bson_value_to_zval(&ciphertext, zciphertext)) {
+		/* Exception already thrown */
+		goto cleanup;
+	}
+
+cleanup:
+	if (opts) {
+		mongoc_client_encryption_encrypt_opts_destroy(opts);
+	}
+} /* }}} */
 #else /* MONGOC_ENABLE_CLIENT_SIDE_ENCRYPTION */
 static void phongo_throw_exception_no_cse(php_phongo_error_domain_t domain, const char* message TSRMLS_DC) /* {{{ */
 {
@@ -3134,6 +3221,12 @@ void phongo_clientencryption_create_datakey(php_phongo_clientencryption_t* clien
 	phongo_throw_exception_no_cse(PHONGO_ERROR_RUNTIME, "Cannot create encryption key." TSRMLS_CC);
 }
 /* }}} */
+
+void phongo_clientencryption_encrypt(php_phongo_clientencryption_t* clientencryption, zval* zvalue, zval* zciphertext, zval* options TSRMLS_DC) /* {{{ */
+{
+	phongo_throw_exception_no_cse(PHONGO_ERROR_RUNTIME, "Cannot encrypt value." TSRMLS_CC);
+}
+/* }}} */
 #endif
 
 void phongo_manager_init(php_phongo_manager_t* manager, const char* uri_string, zval* options, zval* driverOptions TSRMLS_DC) /* {{{ */
diff --git a/php_phongo.h b/php_phongo.h
@@ -168,6 +168,7 @@ int  php_phongo_set_monitoring_callbacks(mongoc_client_t* client);
 bool php_phongo_parse_int64(int64_t* retval, const char* data, phongo_zpp_char_len data_len);
 
 void phongo_clientencryption_create_datakey(php_phongo_clientencryption_t* clientencryption, zval* return_value, char* kms_provider, zval* options TSRMLS_DC);
+void phongo_clientencryption_encrypt(php_phongo_clientencryption_t* clientencryption, zval* zvalue, zval* zciphertext, zval* options TSRMLS_DC);
 
 zend_bool phongo_writeerror_init(zval* return_value, bson_t* bson TSRMLS_DC);
 zend_bool phongo_writeconcernerror_init(zval* return_value, bson_t* bson TSRMLS_DC);
diff --git a/src/MongoDB/ClientEncryption.c b/src/MongoDB/ClientEncryption.c
@@ -49,17 +49,45 @@ static PHP_METHOD(ClientEncryption, createDataKey)
 	phongo_clientencryption_create_datakey(intern, return_value, kms_provider, options TSRMLS_CC);
 } /* }}} */
 
+/* {{{ proto MongoDB\BSON\Binary MongoDB\Driver\ClientEncryption::encrypt(mixed $value[, array $options])
+   Encrypts a value with a given key and algorithm */
+static PHP_METHOD(ClientEncryption, encrypt)
+{
+	zval*                          value   = NULL;
+	zval*                          options = NULL;
+	zend_error_handling            error_handling;
+	php_phongo_clientencryption_t* intern;
+
+	intern = Z_CLIENTENCRYPTION_OBJ_P(getThis());
+	zend_replace_error_handling(EH_THROW, phongo_exception_from_phongo_domain(PHONGO_ERROR_INVALID_ARGUMENT), &error_handling TSRMLS_CC);
+
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z|a!", &value, &options) == FAILURE) {
+		zend_restore_error_handling(&error_handling TSRMLS_CC);
+		return;
+	}
+
+	zend_restore_error_handling(&error_handling TSRMLS_CC);
+
+	phongo_clientencryption_encrypt(intern, value, return_value, options TSRMLS_CC);
+} /* }}} */
+
 ZEND_BEGIN_ARG_INFO_EX(ai_ClientEncryption_createDataKey, 0, 0, 1)
 	ZEND_ARG_INFO(0, kmsProvider)
 	ZEND_ARG_ARRAY_INFO(0, options, 1)
 ZEND_END_ARG_INFO()
 
+ZEND_BEGIN_ARG_INFO_EX(ai_ClientEncryption_encrypt, 0, 0, 1)
+	ZEND_ARG_INFO(0, value)
+	ZEND_ARG_ARRAY_INFO(0, options, 1)
+ZEND_END_ARG_INFO()
+
 ZEND_BEGIN_ARG_INFO_EX(ai_ClientEncryption_void, 0, 0, 0)
 ZEND_END_ARG_INFO()
 
 static zend_function_entry php_phongo_clientencryption_me[] = {
 	/* clang-format off */
 	PHP_ME(ClientEncryption, createDataKey, ai_ClientEncryption_createDataKey, ZEND_ACC_PUBLIC | ZEND_ACC_FINAL)
+	PHP_ME(ClientEncryption, encrypt, ai_ClientEncryption_encrypt, ZEND_ACC_PUBLIC | ZEND_ACC_FINAL)
 	ZEND_NAMED_ME(__construct, PHP_FN(MongoDB_disabled___construct), ai_ClientEncryption_void, ZEND_ACC_PRIVATE | ZEND_ACC_FINAL)
 	ZEND_NAMED_ME(__wakeup, PHP_FN(MongoDB_disabled___wakeup), ai_ClientEncryption_void, ZEND_ACC_PUBLIC | ZEND_ACC_FINAL)
 	PHP_FE_END
diff --git a/tests/clientEncryption/clientEncryption-encrypt-001.phpt b/tests/clientEncryption/clientEncryption-encrypt-001.phpt
@@ -0,0 +1,31 @@
+--TEST--
+MongoDB\Driver\ClientEncryption::encrypt()
+--SKIPIF--
+<?php require __DIR__ . "/../utils/basic-skipif.inc"; ?>
+<?php skip_if_not_libmongocrypt(); ?>
+<?php skip_if_not_live(); ?>
+<?php skip_if_server_version('<', '3.6'); ?>
+--FILE--
+<?php
+require_once __DIR__ . "/../utils/basic.inc";
+
+$key = base64_decode('Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk');
+
+$manager = new MongoDB\Driver\Manager(URI);
+$clientEncryption = $manager->createClientEncryption(['keyVaultNamespace' => 'default.keys', 'kmsProviders' => ['local' => ['key' => new MongoDB\BSON\Binary($key, 0)]]]);
+
+$key = $clientEncryption->createDataKey('local');
+
+var_dump($clientEncryption->encrypt('top-secret', ['keyId' => $key, 'algorithm' => 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic']));
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECTF--
+object(MongoDB\BSON\Binary)#%d (%d) {
+  ["data"]=>
+  string(82) "%a"
+  ["type"]=>
+  int(6)
+}
+===DONE===
