Move encryption into S3 backend.

[bluesky.git] / bluesky / s3store.c

diff --git a/bluesky/s3store.c b/bluesky/s3store.c
index f85a252..3f4fb16 100644 (file)
--- a/bluesky/s3store.c
+++ b/bluesky/s3store.c
@@ -19,6 +19,7 @@
 /* Simple in-memory data store for test purposes. */
 typedef struct {
     S3BucketContext bucket;
+    uint8_t encryption_key[CRYPTO_KEY_SIZE];
 } S3Store;
 
 static gpointer s3store_new()
@@ -30,8 +31,16 @@ static gpointer s3store_new()
     store->bucket.accessKeyId = getenv("AWS_ACCESS_KEY_ID");
     store->bucket.secretAccessKey = getenv("AWS_SECRET_ACCESS_KEY");
 
-    g_print("Initializing S3 with bucket %s, access key %s\n",
-            store->bucket.bucketName, store->bucket.accessKeyId);
+    const char *key = getenv("BLUESKY_KEY");
+    if (key == NULL) {
+        g_error("Encryption key not defined; please set BLUESKY_KEY environment variable");
+        exit(1);
+    }
+
+    bluesky_crypt_hash_key(key, store->encryption_key);
+
+    g_print("Initializing S3 with bucket %s, access key %s, encryption key %s\n",
+            store->bucket.bucketName, store->bucket.accessKeyId, key);
 
     return store;
 }
@@ -82,8 +91,8 @@ static void s3store_response_callback(S3Status status,
                                const S3ErrorDetails *errorDetails,
                                void *callbackData)
 {
-    g_print("S3 operation complete, status=%s\n",
-            S3_get_status_name(status));
+    g_print("S3 operation complete, status=%s, now=%ld\n",
+            S3_get_status_name(status), bluesky_now_hires());
     if (errorDetails != NULL) {
         g_print("  Error message: %s\n", errorDetails->message);
     }
@@ -106,15 +115,20 @@ static BlueSkyRCStr *s3store_get(gpointer s, const gchar *key)
     S3_get_object(&store->bucket, key, NULL, 0, 0, NULL,
                   &handler, &info);
 
-    return bluesky_string_new(info.buf, BLUESKY_BLOCK_SIZE);
+    BlueSkyRCStr *raw, *decrypted;
+    raw = bluesky_string_new(info.buf, BLUESKY_BLOCK_SIZE);
+    decrypted = bluesky_crypt_decrypt(raw, store->encryption_key);
+    bluesky_string_unref(raw);
+    return decrypted;
 }
 
 static void s3store_put(gpointer s, const gchar *key, BlueSkyRCStr *val)
 {
     S3Store *store = (S3Store *)s;
+    BlueSkyRCStr *encrypted = bluesky_crypt_encrypt(val, store->encryption_key);
 
     struct put_info info;
-    info.val = val;
+    info.val = encrypted;
     info.offset = 0;
 
     struct S3PutObjectHandler handler;
@@ -122,9 +136,11 @@ static void s3store_put(gpointer s, const gchar *key, BlueSkyRCStr *val)
     handler.responseHandler.completeCallback = s3store_response_callback;
     handler.putObjectDataCallback = s3store_put_handler;
 
-    g_print("Starting store of %s to S3...\n", key);
-    S3_put_object(&store->bucket, key, val->len, NULL, NULL,
+    g_print("Starting store of %s to S3 at %ld...\n", key, bluesky_now_hires());
+    S3_put_object(&store->bucket, key, encrypted->len, NULL, NULL,
                   &handler, &info);
+
+    /* TODO: unref encrypted */
 }
 
 static BlueSkyStoreImplementation store_impl = {