Add per-item encryption/authentication to the cloud log storage.

[bluesky.git] / bluesky / bluesky-private.h

diff --git a/bluesky/bluesky-private.h b/bluesky/bluesky-private.h
index 74b4e06..dfcb7c5 100644 (file)
--- a/bluesky/bluesky-private.h
+++ b/bluesky/bluesky-private.h
@@ -75,6 +75,14 @@ void bluesky_crypt_derive_keys(BlueSkyCryptKeys *keys, const gchar *master);
 BlueSkyRCStr *bluesky_crypt_encrypt(BlueSkyRCStr *in, const uint8_t *key);
 BlueSkyRCStr *bluesky_crypt_decrypt(BlueSkyRCStr *in, const uint8_t *key);
 
+void bluesky_crypt_block_encrypt(gchar *cloud_block, size_t len,
+                                 BlueSkyCryptKeys *keys);
+gboolean bluesky_crypt_block_decrypt(gchar *cloud_block, size_t len,
+                                     BlueSkyCryptKeys *keys);
+void bluesky_cloudlog_encrypt(GString *segment, BlueSkyCryptKeys *keys);
+void bluesky_cloudlog_decrypt(char *segment, size_t len,
+                              BlueSkyCryptKeys *keys);
+
 /* Storage layer.  Requests can be performed asynchronously, so these objects
  * help keep track of operations in progress. */
 typedef enum {
@@ -240,6 +248,7 @@ struct cloudlog_header {
 
 #define JOURNAL_MAGIC "\nLog"
 #define CLOUDLOG_MAGIC "AgI-"
+#define CLOUDLOG_MAGIC_ENCRYPTED "AgI="     // CLOUDLOG_MAGIC[3] ^= 0x10
 
 /* A record which tracks an object which has been written to a local log,
  * cached, locally, and/or written to the cloud. */