Start adding in selective encryption of cloud log items.

[bluesky.git] / bluesky / bluesky-private.h

diff --git a/bluesky/bluesky-private.h b/bluesky/bluesky-private.h
index 61238eb..74b4e06 100644 (file)
--- a/bluesky/bluesky-private.h
+++ b/bluesky/bluesky-private.h
@@ -58,6 +58,23 @@ void bluesky_serialize_cloudlog(BlueSkyCloudLog *log,
                                 GString *authenticated,
                                 GString *writable);
 
+/* Cryptographic operations. */
+#define CRYPTO_BLOCK_SIZE 16        /* 128-bit AES */
+#define CRYPTO_KEY_SIZE   16
+#define CRYPTO_HASH_SIZE  32        /* SHA-256 */
+
+typedef struct BlueSkyCryptKeys {
+    uint8_t encryption_key[CRYPTO_KEY_SIZE];
+    uint8_t authentication_key[CRYPTO_HASH_SIZE];
+} BlueSkyCryptKeys;
+
+void bluesky_crypt_init();
+void bluesky_crypt_hash_key(const char *keystr, uint8_t *out);
+void bluesky_crypt_random_bytes(guchar *buf, gint len);
+void bluesky_crypt_derive_keys(BlueSkyCryptKeys *keys, const gchar *master);
+BlueSkyRCStr *bluesky_crypt_encrypt(BlueSkyRCStr *in, const uint8_t *key);
+BlueSkyRCStr *bluesky_crypt_decrypt(BlueSkyRCStr *in, const uint8_t *key);
+
 /* Storage layer.  Requests can be performed asynchronously, so these objects
  * help keep track of operations in progress. */
 typedef enum {
@@ -229,6 +246,7 @@ struct cloudlog_header {
 #define CLOUDLOG_JOURNAL    0x01
 #define CLOUDLOG_CLOUD      0x02
 #define CLOUDLOG_CACHE      0x04
+#define CLOUDLOG_UNCOMMITTED 0x10
 struct _BlueSkyCloudLog {
     gint refcount;
     GMutex *lock;