+BlueSkyCloudLog *bluesky_serialize_inode(BlueSkyInode *inode);
+gboolean bluesky_deserialize_inode(BlueSkyInode *inode, BlueSkyCloudLog *item);
+
+void bluesky_deserialize_cloudlog(BlueSkyCloudLog *item,
+ const char *data,
+ size_t len);
+
+void bluesky_serialize_cloudlog(BlueSkyCloudLog *log,
+ GString *encrypted,
+ GString *authenticated,
+ GString *writable);
+
+/* Cryptographic operations. */
+#define CRYPTO_BLOCK_SIZE 16 /* 128-bit AES */
+#define CRYPTO_KEY_SIZE 16
+#define CRYPTO_HASH_SIZE 32 /* SHA-256 */
+
+typedef struct BlueSkyCryptKeys {
+ uint8_t encryption_key[CRYPTO_KEY_SIZE];
+ uint8_t authentication_key[CRYPTO_HASH_SIZE];
+} BlueSkyCryptKeys;
+
+void bluesky_crypt_init();
+void bluesky_crypt_hash_key(const char *keystr, uint8_t *out);
+void bluesky_crypt_random_bytes(guchar *buf, gint len);
+void bluesky_crypt_derive_keys(BlueSkyCryptKeys *keys, const gchar *master);
+BlueSkyRCStr *bluesky_crypt_encrypt(BlueSkyRCStr *in, const uint8_t *key);
+BlueSkyRCStr *bluesky_crypt_decrypt(BlueSkyRCStr *in, const uint8_t *key);
+
+void bluesky_crypt_block_encrypt(gchar *cloud_block, size_t len,
+ BlueSkyCryptKeys *keys);
+gboolean bluesky_crypt_block_decrypt(gchar *cloud_block, size_t len,
+ BlueSkyCryptKeys *keys);
+void bluesky_cloudlog_encrypt(GString *segment, BlueSkyCryptKeys *keys);
+void bluesky_cloudlog_decrypt(char *segment, size_t len,
+ BlueSkyCryptKeys *keys,
+ BlueSkyRangeset *items);