Encryption

Detailed Description

Register crypto-providers and working with encrypted fields of the documents.

These routines contain functionality to define and hook crypto providers, as well as functions which should be used for portable (cross SDK) encoding of encrypted fields.

Function Documentation

lcbcrypto_register()

void lcbcrypto_register	(	lcb_INSTANCE *	instance,
		const char *	name,
		lcbcrypto_PROVIDER *	provider )

Register crypto-provider for specified alias.

See full example in example/crypto/openssl_symmetric_provider.c

Parameters

instance	the handle
name	provider alias, this will be recorded in JSON.
provider	implementation of the crypto-provider

Register provider as "AES-256-HMAC-SHA256".

lcbcrypto_PROVIDER *provider = calloc(1, sizeof(lcbcrypto_PROVIDER));
provider->version = 1;
provider->destructor = osp_free;
provider->v.v1.release_bytes = osp_release_bytes;
provider->v.v1.generate_iv = osp_generate_iv;
provider->v.v1.sign = osp_sign;
provider->v.v1.verify_signature = osp_verify_signature;
provider->v.v1.encrypt = osp_encrypt;
provider->v.v1.decrypt = osp_decrypt;
provider->v.v1.get_key_id = osp_get_key_id;
lcbcrypto_register(instance, "AES-256-HMAC-SHA256", provider);

Examples

example/crypto/openssl_symmetric_decrypt.c, and example/crypto/openssl_symmetric_encrypt.c.

lcbcrypto_unregister()

void lcbcrypto_unregister	(	lcb_INSTANCE *	instance,
		const char *	name )

Unregister crypto-provider for specified alias.

See full example in example/crypto/openssl_symmetric_provider.c

Parameters

instance	the handle
name	provider alias.

lcbcrypto_ref()

void lcbcrypto_ref

(

lcbcrypto_PROVIDER *

provider

)

Increment reference counter for crypto-provider.

Parameters

provider

provider instance

lcbcrypto_unref()

void lcbcrypto_unref

(

lcbcrypto_PROVIDER *

provider

)

Decrement reference counter for crypto-provider.

It calls destructor once counter reaches zero. The provider instance should not be used after calling this function.

Parameters

provider

provider instance

lcbcrypto_encrypt_fields()

lcb_STATUS lcbcrypto_encrypt_fields	(	lcb_INSTANCE *	instance,
		lcbcrypto_CMDENCRYPT *	cmd )

Encrypt all specified fields in the JSON encoded object.

The function will remove original content of the field, and rename it using LCBCRYPTO_DEFAULT_FIELD_PREFIX, or custom prefix, specified in the command.

See full example in example/crypto/openssl_symmetric_encrypt.c

Parameters

instance	the handle
cmd	the command structure

Returns

LCB_SUCCESS if successful, an error code otherwise

Encrypt field "message" in the document using provider registered as "AES-256-HMAC-SHA256"

lcbcrypto_CMDENCRYPT cmd = {};
lcbcrypto_FIELDSPEC field = {};
lcb_STATUS err;
 
cmd.version = 0;
cmd.prefix = NULL;
cmd.doc = "{\"message\":\"hello world\"}";
cmd.ndoc = strlen(cmd.doc);
cmd.nfields = 1;
cmd.fields = &field;
field.name = "message";
field.alg = "AES-256-HMAC-SHA256";
 
err = lcbcrypto_encrypt_fields(instance, &cmd);

Stability

Committed

Examples

example/crypto/openssl_symmetric_encrypt.c.

lcbcrypto_decrypt_fields()

lcb_STATUS lcbcrypto_decrypt_fields	(	lcb_INSTANCE *	instance,
		lcbcrypto_CMDDECRYPT *	cmd )

Decrypt all specified fields in the JSON encoded object.

The function will remove original content of the field, and rename it using LCBCRYPTO_DEFAULT_FIELD_PREFIX, or custom prefix, specified in the command.

See full example in example/crypto/openssl_symmetric_decrypt.c

Parameters

instance	the handle
cmd	the command structure

Returns

LCB_SUCCESS if successful, an error code otherwise

Decrypt field "message" in the document using provider registered as "AES-256-HMAC-SHA256"

lcbcrypto_CMDDECRYPT cmd = {};
lcbcrypto_FIELDSPEC field = {};
lcb_STATUS err;
 
cmd.version = 0;
cmd.prefix = NULL;
cmd.doc = "{\"__crypt_message\":{" \
              "\"alg\":\"AES-256-HMAC-SHA256\"," \
              "\"ciphertext\":\"gYuyEhf6S0AiMGZJZZV35Q==\"," \
              "\"iv\":\"ZedmvjWy0lIrLn6OmQmNqQ==\"," \
              "\"kid\":\"mykeyid\"," \
              "\"sig\":\"FgleInW3Iia04XqLbm5Hd3qVoa77Ocs7g2x4pOutEtY=\"}" \
          "}";
cmd.ndoc = strlen(cmd.doc);
cmd.nfields = 1;
cmd.fields = &field;
field.name = "message";
field.alg = "AES-256-HMAC-SHA256";
 
err = lcbcrypto_decrypt_fields(instance, &cmd);

Stability

Committed

Examples

example/crypto/openssl_symmetric_decrypt.c.

---

Data Structure Documentation

lcbcrypto_SIGV

struct lcbcrypto_SIGV

lcbcrypto_PROVIDER

struct lcbcrypto_PROVIDER

lcbcrypto_FIELDSPEC

struct lcbcrypto_FIELDSPEC

lcbcrypto_CMDENCRYPT

struct lcbcrypto_CMDENCRYPT

lcbcrypto_CMDDECRYPT

struct lcbcrypto_CMDDECRYPT