+
+/* Make an encryption pass over a cloud log segment to encrypt private data in
+ * it. */
+void bluesky_cloudlog_encrypt(GString *segment, BlueSkyCryptKeys *keys)
+{
+ char *data = segment->str;
+ size_t remaining_size = segment->len;
+
+ while (remaining_size >= sizeof(struct cloudlog_header)) {
+ struct cloudlog_header *header = (struct cloudlog_header *)data;
+ size_t item_size = sizeof(struct cloudlog_header)
+ + GUINT32_FROM_LE(header->size1)
+ + GUINT32_FROM_LE(header->size2)
+ + GUINT32_FROM_LE(header->size3);
+ if (item_size > remaining_size)
+ break;
+ bluesky_crypt_block_encrypt(data, item_size, keys);
+
+ data += item_size;
+ remaining_size -= item_size;
+ }
+}
+
+/* Make an decryption pass over a cloud log segment to decrypt items which were
+ * encrypted. TODO: Also computes a list of all offsets which at which valid
+ * cloud log items are found. */
+void bluesky_cloudlog_decrypt(char *segment, size_t len, BlueSkyCryptKeys *keys)
+{
+ char *data = segment;
+ size_t remaining_size = len;
+
+ while (remaining_size >= sizeof(struct cloudlog_header)) {
+ struct cloudlog_header *header = (struct cloudlog_header *)data;
+ size_t item_size = sizeof(struct cloudlog_header)
+ + GUINT32_FROM_LE(header->size1)
+ + GUINT32_FROM_LE(header->size2)
+ + GUINT32_FROM_LE(header->size3);
+ if (item_size > remaining_size)
+ break;
+ if (bluesky_crypt_block_decrypt(data, item_size, keys)) {
+ g_print("Decrypted valid cloud log item at offset %zd\n",
+ data - segment);
+ }
+
+ data += item_size;
+ remaining_size -= item_size;
+ }
+}