Couchbase C Client  2.10.7
Asynchronous C Client for Couchbase
example/crypto/openssl_symmetric_decrypt.c

Shows how to use field-encryption API to decrypt JSON values.

/* -*- Mode: C; tab-width: 4; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2018 Couchbase, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h> /* strlen */
#ifdef _WIN32
#define PRIx64 "I64x"
#else
#include <inttypes.h>
#endif
#include "openssl_symmetric_provider.h"
static void die(lcb_t instance, const char *msg, lcb_error_t err)
{
fprintf(stderr, "%s. Received code 0x%X (%s)\n", msg, err, lcb_strerror(instance, err));
exit(EXIT_FAILURE);
}
static void op_callback(lcb_t instance, int cbtype, const lcb_RESPBASE *rb)
{
if (rb->rc == LCB_SUCCESS) {
const lcb_RESPGET *rg = (const lcb_RESPGET *)rb;
lcbcrypto_FIELDSPEC field = {};
printf("VALUE: %.*s\n", (int)rg->nvalue, rg->value);
dcmd.version = 0;
dcmd.prefix = NULL;
dcmd.doc = rg->value;
dcmd.ndoc = rg->nvalue;
dcmd.out = NULL;
dcmd.nout = 0;
dcmd.nfields = 1;
dcmd.fields = &field;
field.name = "message";
field.alg = "AES-256-HMAC-SHA256";
err = lcbcrypto_decrypt_fields(instance, &dcmd);
if (err != LCB_SUCCESS) {
die(instance, "Couldn't decrypt field 'message'", err);
}
if (dcmd.out == NULL) {
die(instance, "Crypto provider returned success, but document is NULL", LCB_EINVAL);
}
/* chop trailing LF for nicer look */
if (dcmd.out[dcmd.nout - 1] == '\n') {
dcmd.out[dcmd.nout - 1] = ' ';
}
printf("PLAIN: %.*s\n", (int)dcmd.nout, dcmd.out);
free(dcmd.out); // NOTE: it should be compatible with what providers use to allocate memory
printf("CAS: 0x%" PRIx64 "\n", rb->cas);
} else {
die(instance, lcb_strcbtype(cbtype), rb->rc);
}
}
static void get_encrypted(lcb_t instance, const char *key)
{
lcb_CMDGET cmd = {};
LCB_CMD_SET_KEY(&cmd, key, strlen(key));
printf("KEY: %s\n", key);
err = lcb_get3(instance, NULL, &cmd);
if (err != LCB_SUCCESS) {
die(instance, "Couldn't schedule get operation", err);
}
lcb_wait(instance);
}
int main(int argc, char *argv[])
{
lcb_t instance;
{
struct lcb_create_st create_options = {};
create_options.version = 3;
if (argc < 2) {
fprintf(stderr, "Usage: %s couchbase://host/bucket [ password [ username ] ]\n", argv[0]);
exit(EXIT_FAILURE);
}
create_options.v.v3.connstr = argv[1];
if (argc > 2) {
create_options.v.v3.passwd = argv[2];
}
if (argc > 3) {
create_options.v.v3.username = argv[3];
}
err = lcb_create(&instance, &create_options);
if (err != LCB_SUCCESS) {
die(NULL, "Couldn't create couchbase handle", err);
}
err = lcb_connect(instance);
if (err != LCB_SUCCESS) {
die(instance, "Couldn't schedule connection", err);
}
lcb_wait(instance);
err = lcb_get_bootstrap_status(instance);
if (err != LCB_SUCCESS) {
die(instance, "Couldn't bootstrap from cluster", err);
}
lcb_install_callback3(instance, LCB_CALLBACK_GET, op_callback);
}
lcbcrypto_register(instance, "AES-256-HMAC-SHA256", osp_create());
get_encrypted(instance, "secret-1");
printf("\n");
get_encrypted(instance, "secret-2");
printf("\n");
get_encrypted(instance, "secret-3");
printf("\n");
get_encrypted(instance, "secret-4");
printf("\n");
get_encrypted(instance, "secret-5");
lcb_destroy(instance);
return 0;
}
lcbcrypto_CMDDECRYPT::nout
size_t nout
size of the output JSON document
Definition: crypto.h:159
lcb_CMDGET
Command for retrieving a single item.
Definition: couchbase.h:840
lcb_wait
lcb_error_t lcb_wait(lcb_t instance)
Wait for the execution of all batched requests.
lcb_strerror
const char * lcb_strerror(lcb_t instance, lcb_error_t error)
Get a textual descrtiption for the given error code.
lcb_RESPGET::value
const void * value
Value buffer for the item.
Definition: couchbase.h:854
lcb_create_st3::passwd
const char * passwd
Password for bucket.
Definition: couchbase.h:293
lcb_get_bootstrap_status
lcb_error_t lcb_get_bootstrap_status(lcb_t instance)
Gets the initial bootstrap status.
lcbcrypto_CMDDECRYPT::doc
const char * doc
pointer to the input JSON document
Definition: crypto.h:156
lcb_create_st3::connstr
const char * connstr
Connection string.
Definition: couchbase.h:282
lcb_connect
lcb_error_t lcb_connect(lcb_t instance)
Schedule the initial connection This function will schedule the initial connection for the handle.
lcb_create_st3::username
const char * username
Username to use for authentication.
Definition: couchbase.h:288
lcb_RESPGET::nvalue
lcb_SIZE nvalue
Length of value.
Definition: couchbase.h:855
lcb_error_t
lcb_error_t
Error codes returned by the library.
Definition: error.h:476
crypto.h
lcb_RESPBASE::cas
lcb_CAS cas
CAS for response (if applicable)
Definition: couchbase.h:626
lcb_RESPBASE::rc
lcb_error_t rc
Status code.
Definition: couchbase.h:626
lcb_create_st::lcb_CRST_u::v3
struct lcb_create_st3 v3
Use this field.
Definition: couchbase.h:338
lcb_get3
lcb_error_t lcb_get3(lcb_t instance, const void *cookie, const lcb_CMDGET *cmd)
Spool a single get operation.
lcbcrypto_register
void lcbcrypto_register(lcb_t instance, const char *name, lcbcrypto_PROVIDER *provider)
Register crypto-provider for specified alias.
lcb_strcbtype
const char * lcb_strcbtype(int cbtype)
Returns the type of the callback as a string.
lcbcrypto_CMDDECRYPT::fields
lcbcrypto_FIELDSPEC * fields
list of field specs
Definition: crypto.h:160
lcb_create_st
Wrapper structure for lcb_create()
Definition: couchbase.h:328
lcbcrypto_CMDDECRYPT::nfields
size_t nfields
number of field specs
Definition: crypto.h:161
lcbcrypto_CMDDECRYPT::version
uint16_t version
version of the structure, currently valid value is 0
Definition: crypto.h:154
LCB_CMD_SET_KEY
#define LCB_CMD_SET_KEY(cmd, keybuf, keylen)
Set the key for the command.
Definition: couchbase.h:556
lcb_t
struct lcb_st * lcb_t
Definition: couchbase.h:41
LCB_CALLBACK_GET
@ LCB_CALLBACK_GET
lcb_get3()
Definition: couchbase.h:697
lcb_RESPGET
Response structure when retrieving a single item.
Definition: couchbase.h:852
lcb_create
lcb_error_t lcb_create(lcb_t *instance, const struct lcb_create_st *options)
Create an instance of lcb.
couchbase.h
LCB_SUCCESS
@ LCB_SUCCESS
Success.
Definition: error.h:478
lcb_RESPBASE
Base response structure for callbacks.
Definition: couchbase.h:625
lcbcrypto_CMDDECRYPT::out
char * out
pointer to output JSON document.
Definition: crypto.h:158
lcb_destroy
void lcb_destroy(lcb_t instance)
Destroy (and release all allocated resources) an instance of lcb.
lcbcrypto_FIELDSPEC::alg
const char * alg
crypto provider alias (NUL-terminated)
Definition: crypto.h:125
lcbcrypto_decrypt_fields
lcb_error_t lcbcrypto_decrypt_fields(lcb_t instance, lcbcrypto_CMDDECRYPT *cmd)
Decrypt all specified fields in the JSON encoded object.
lcbcrypto_CMDDECRYPT::prefix
const char * prefix
prefix to encrypted field.
Definition: crypto.h:155
lcbcrypto_CMDDECRYPT
Command to decrypt JSON fields.
Definition: crypto.h:153
lcb_create_st::version
int version
Indicates which field in the lcb_CRST_u union should be used.
Definition: couchbase.h:330
lcb_install_callback3
lcb_RESPCALLBACK lcb_install_callback3(lcb_t instance, int cbtype, lcb_RESPCALLBACK cb)
LCB_EINVAL
@ LCB_EINVAL
If returned from an API call, it indicates invalid values were passed to the function.
Definition: error.h:478
lcbcrypto_CMDDECRYPT::ndoc
size_t ndoc
size of the input JSON document
Definition: crypto.h:157
lcbcrypto_FIELDSPEC
Structure for JSON field specification for encrypt/decrypt API.
Definition: crypto.h:123
lcbcrypto_FIELDSPEC::name
const char * name
field name (NUL-terminated)
Definition: crypto.h:124