sdk-api/couchbase-c-client/example_2crypto_2openssl_symmetric_encrypt_8c-example.html

/* -*- Mode: C; tab-width: 4; c-basic-offset: 4; indent-tabs-mode: nil -*- */

/*

 *     Copyright 2018-2020 Couchbase, Inc.

 *

 *   Licensed under the Apache License, Version 2.0 (the "License");

 *   you may not use this file except in compliance with the License.

 *   You may obtain a copy of the License at

 *

 *       http://www.apache.org/licenses/LICENSE-2.0

 *

 *   Unless required by applicable law or agreed to in writing, software

 *   distributed under the License is distributed on an "AS IS" BASIS,

 *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 *   See the License for the specific language governing permissions and

 *   limitations under the License.

 */


#include <stdio.h>

#include <libcouchbase/couchbase.h>

#include <libcouchbase/crypto.h>

#include <stdlib.h>

#include <string.h> /* strlen */

#ifdef _WIN32

#define PRIx64 "I64x"

#else

#include <inttypes.h>

#endif


#include "openssl_symmetric_provider.h"


static void die(lcb_INSTANCE *instance, const char *msg, lcb_STATUS err)

{

    fprintf(stderr, "%s. Received code 0x%X (%s)\n", msg, err, lcb_strerror_short(err));

    exit(EXIT_FAILURE);

}


static void op_callback(lcb_INSTANCE *instance, int cbtype, const lcb_RESPBASE *rb)

{

    if (rb->rc == LCB_SUCCESS) {

        fprintf(stderr, "CAS:    0x%" PRIx64 "\n", rb->cas);

    } else {

        die(instance, lcb_strcbtype(cbtype), rb->rc);

    }

}


static void store_encrypted(lcb_INSTANCE *instance, const char *key, const char *val)

{

    lcb_STATUS err;

    lcb_CMDSTORE cmd = {};

    lcbcrypto_CMDENCRYPT ecmd = {};

    lcbcrypto_FIELDSPEC field = {};


    printf("KEY:    %s\n", key);

    printf("PLAIN:  %s\n", val);


    ecmd.version = 0;

    ecmd.prefix = NULL;

    ecmd.doc = val;

    ecmd.ndoc = strlen(val);

    ecmd.out = NULL;

    ecmd.nout = 0;

    ecmd.nfields = 1;

    ecmd.fields = &field;

    field.name = "message";

    field.alg = "AES-256-HMAC-SHA256";


    err = lcbcrypto_encrypt_fields(instance, &ecmd);

    if (err != LCB_SUCCESS) {

        die(instance, "Couldn't encrypt field 'message'", err);

    }

    /* chop trailing LF for nicer look */

    if (ecmd.out[ecmd.nout - 1] == '\n') {

        ecmd.out[ecmd.nout - 1] = ' ';

    }

    printf("CIPHER: %s\n", ecmd.out);


    LCB_CMD_SET_KEY(&cmd, key, strlen(key));

    LCB_CMD_SET_VALUE(&cmd, ecmd.out, ecmd.nout);

    cmd.operation = LCB_STORE_UPSERT;

    cmd.datatype = LCB_DATATYPE_JSON;


    err = lcb_store3(instance, NULL, &cmd);

    free(ecmd.out); // NOTE: it should be compatible with what providers use to allocate memory

    if (err != LCB_SUCCESS) {

        die(instance, "Couldn't schedule storage operation", err);

    }

    lcb_wait(instance, LCB_WAIT_DEFAULT);

}


int main(int argc, char *argv[])

{

    lcb_STATUS err;

    lcb_INSTANCE *instance;


    {

        struct lcb_create_st create_options = {};

        create_options.version = 3;


        if (argc < 2) {

            fprintf(stderr, "Usage: %s couchbase://host/bucket [ password [ username ] ]\n", argv[0]);

            exit(EXIT_FAILURE);

        }


        create_options.v.v3.connstr = argv[1];

        if (argc > 2) {

            create_options.v.v3.passwd = argv[2];

        }

        if (argc > 3) {

            create_options.v.v3.username = argv[3];

        }


        err = lcb_create(&instance, &create_options);

        if (err != LCB_SUCCESS) {

            die(NULL, "Couldn't create couchbase handle", err);

        }


        err = lcb_connect(instance);

        if (err != LCB_SUCCESS) {

            die(instance, "Couldn't schedule connection", err);

        }


        lcb_wait(instance, LCB_WAIT_DEFAULT);


        err = lcb_get_bootstrap_status(instance);

        if (err != LCB_SUCCESS) {

            die(instance, "Couldn't bootstrap from cluster", err);

        }


        lcb_install_callback3(instance, LCB_CALLBACK_STORE, op_callback);

    }


    lcbcrypto_register(instance, "AES-256-HMAC-SHA256", osp_create());


    store_encrypted(instance, "secret-1", "{\"message\":\"The old grey goose jumped over the wrickety gate.\"}");

    printf("\n");

    store_encrypted(instance, "secret-2", "{\"message\":10}");

    printf("\n");

    store_encrypted(instance, "secret-3", "{\"message\":\"10\"}");

    printf("\n");

    store_encrypted(

        instance, "secret-4",

        "{\"message\":[\"The\",\"Old\",\"Grey\",\"Goose\",\"Jumped\",\"over\",\"the\",\"wrickety\",\"gate\"]}");

    printf("\n");

    store_encrypted(instance, "secret-5",

                    "{\"message\":{\"myValue\":\"The old grey goose jumped over the wrickety gate.\",\"myInt\":10}}");


    lcb_destroy(instance);

    return 0;

}

couchbase.h
Main header file for Couchbase.

LCB_DATATYPE_JSON
#define LCB_DATATYPE_JSON
Definition couchbase.h:2109

lcb_destroy
void lcb_destroy(lcb_INSTANCE *instance)
Destroy (and release all allocated resources) an instance of lcb.

crypto.h
Field encryption.

lcbcrypto_CMDENCRYPT::fields
lcbcrypto_FIELDSPEC * fields
list of field specs
Definition crypto.h:125

lcbcrypto_CMDENCRYPT::out
char * out
pointer to output JSON document.
Definition crypto.h:123

lcbcrypto_CMDENCRYPT::ndoc
size_t ndoc
size of the input JSON document
Definition crypto.h:122

lcbcrypto_CMDENCRYPT::doc
const char * doc
pointer to the input JSON document
Definition crypto.h:121

lcbcrypto_CMDENCRYPT::prefix
const char * prefix
prefix to encrypted field.
Definition crypto.h:120

lcbcrypto_FIELDSPEC::name
const char * name
field name (NUL-terminated)
Definition crypto.h:106

lcbcrypto_CMDENCRYPT::version
uint16_t version
version of the structure, currently valid value is 0
Definition crypto.h:119

lcbcrypto_CMDENCRYPT::nout
size_t nout
size of the output JSON document
Definition crypto.h:124

lcbcrypto_FIELDSPEC::alg
const char * alg
crypto provider alias (NUL-terminated)
Definition crypto.h:107

lcbcrypto_CMDENCRYPT::nfields
size_t nfields
number of field specs
Definition crypto.h:126

lcbcrypto_encrypt_fields
lcb_STATUS lcbcrypto_encrypt_fields(lcb_INSTANCE *instance, lcbcrypto_CMDENCRYPT *cmd)
Encrypt all specified fields in the JSON encoded object.

lcbcrypto_register
void lcbcrypto_register(lcb_INSTANCE *instance, const char *name, lcbcrypto_PROVIDER *provider)
Register crypto-provider for specified alias.

lcbcrypto_CMDENCRYPT
Command to encrypt JSON fields.
Definition crypto.h:118

lcbcrypto_FIELDSPEC
Structure for JSON field specification for encrypt/decrypt API.
Definition crypto.h:105

lcb_strerror_short
LCB_INTERNAL_API const char * lcb_strerror_short(lcb_STATUS error)
Get a shorter textual description of an error message.

lcb_STATUS
lcb_STATUS
Error codes returned by the library.
Definition error.h:212

lcb_get_bootstrap_status
lcb_STATUS lcb_get_bootstrap_status(lcb_INSTANCE *instance)
Gets the initial bootstrap status.

lcb_create
lcb_STATUS lcb_create(lcb_INSTANCE **instance, const lcb_CREATEOPTS *options)
Create an instance of lcb.

lcb_INSTANCE
struct lcb_st lcb_INSTANCE
Library handle representing a connection to a cluster and its data buckets.
Definition couchbase.h:35

lcb_connect
lcb_STATUS lcb_connect(lcb_INSTANCE *instance)
Schedule the initial connection This function will schedule the initial connection for the handle.

lcb_strcbtype
const char * lcb_strcbtype(int cbtype)
Returns the type of the callback as a string.

LCB_CALLBACK_STORE
@ LCB_CALLBACK_STORE
lcb_store()
Definition couchbase.h:472

LCB_STORE_UPSERT
@ LCB_STORE_UPSERT
The default storage mode.
Definition couchbase.h:887

lcb_wait
lcb_STATUS lcb_wait(lcb_INSTANCE *instance, lcb_WAITFLAGS flags)
Wait for completion of scheduled operations.

LCB_WAIT_DEFAULT
@ LCB_WAIT_DEFAULT
Behave like the old lcb_wait()
Definition couchbase.h:1854

LCB_CMD_SET_KEY
#define LCB_CMD_SET_KEY(cmd, keybuf, keylen)
Set the key for the command.
Definition utils.h:52