SEFile
Userspace drivers to manage a secure filesystem
|
In this file you will find the implementation of the public function already described in SEfile.h. More...
#include "SEfile.h"
Data Structures | |
struct | SEFILE_HANDLE |
The SEFILE_HANDLE struct. More... | |
struct | SEFILE_HEADER |
The SEFILE_HEADER struct. More... | |
struct | SEFILE_SECTOR |
The SEFILE_SECTOR struct This data struct is the actual sector organization. The total size should ALWAYS be equal to SEFILE_SECTOR_SIZE. The first sector is used to hold ONLY the header. Thanks to the union data type, the developer can simply declare a sector and then choose if it is the header sector or not. More... | |
Macros | |
#define | _GNU_SOURCE |
#define | SEFILE_NONCE_LEN 32 |
#define | POS_TO_CIPHER_BLOCK(current_position) ((current_position / SEFILE_SECTOR_SIZE) - 1)*(SEFILE_SECTOR_DATA_SIZE / SEFILE_BLOCK_SIZE) |
Functions | |
void | get_filename (char *path, char *file_name) |
This function extract the filename pointed by path. More... | |
void | get_path (char *full_path, char *path) |
This function extract the path where the file is. More... | |
uint16_t | check_env () |
This function check if the environmental variables are correctly initialized and set. More... | |
uint16_t | crypt_sectors (void *buff_decrypt, void *buff_crypt, size_t datain_len, size_t current_offset, uint8_t *nonce_ctr, uint8_t *nonce_pbkdf2) |
This function encrypts the buff_decrypt data by exploiting the functions provided by L1.h. More... | |
uint16_t | crypt_header (void *buff1, void *buff2, size_t datain_len, uint16_t direction) |
This function encrypts a header buffer by exploiting the functions provided by L1.h. More... | |
uint16_t | decrypt_sectors (void *buff_crypt, void *buff_decrypt, size_t datain_len, size_t current_offset, uint8_t *nonce_ctr, uint8_t *nonce_pbkdf2) |
This function decrypts the buff_crypt data by exploiting the functions provided by L1.h. More... | |
uint16_t | get_filesize (SEFILE_FHANDLE *hFile, uint32_t *length) |
This function is used to compute the total logic size of an open file handle. More... | |
uint16_t | decrypt_filename (char *path, char *filename) |
This function is used to compute the plaintext of a encrypted filename stored in path. More... | |
uint16_t | decrypt_filehandle (SEFILE_FHANDLE *hFile, char *filename) |
This function is used to compute the plaintext of a encrypted filename stored in an already open hFile header. More... | |
uint16_t | crypt_dirname (char *dirpath, char *encDirname) |
This function is used to compute the ciphertext of a directory name stored in dirname. More... | |
uint16_t | decrypt_dirname (char *dirpath, char *decDirname) |
This function is used to compute the plaintext of a encrypted directory name stored in dirname. More... | |
uint16_t | valid_name (char *name) |
This function checks if the given name can be a valid encrypted filename/directory name. More... | |
uint16_t | secure_init (se3_session *s, uint32_t keyID, uint16_t crypto) |
This function creates a new secure environment, by allocating statically the parameters needed by the following functions. More... | |
uint16_t | secure_update (se3_session *s, int32_t keyID, uint16_t crypto) |
This function can be called only after the secure_init() function and give to the user the possibility to overwrite the Environment variables with new ones. More... | |
uint16_t | secure_finit () |
This function deallocate the structures defined by the secure_init(). Should be called at the end of a session. No parameters are needed;. More... | |
uint16_t | secure_open (char *path, SEFILE_FHANDLE *hFile, int32_t mode, int32_t creation) |
This function opens a secure file and create a SEFILE_FHANDLE that can be used in future. More... | |
uint16_t | secure_create (char *path, SEFILE_FHANDLE *hFile, int mode) |
This function creates a new secure file and creates a SEFILE_FHANDLE that can be used in future. If the file already exists, it is overwritten with an empty one, all previous data are lost. More... | |
uint16_t | secure_write (SEFILE_FHANDLE *hFile, uint8_t *dataIn, uint32_t dataIn_len) |
This function writes the characters given by dataIn to the encrypted file hFile. Before writing them, dataIn is encrypted according to the environmental parameters. More... | |
uint16_t | secure_read (SEFILE_FHANDLE *hFile, uint8_t *dataOut, uint32_t dataOut_len, uint32_t *bytesRead) |
This function reads from hFile bytesRead characters out of dataOut_len correctly decrypted ones and stores them in dataOut string. More... | |
uint16_t | secure_seek (SEFILE_FHANDLE *hFile, int32_t offset, int32_t *position, uint8_t whence) |
This function is used to move correctly the file pointer. More... | |
uint16_t | secure_truncate (SEFILE_FHANDLE *hFile, uint32_t size) |
This function resizes the file pointed by hFile to size. If size is bigger than its current size the gap is filled with 0s. More... | |
uint16_t | secure_close (SEFILE_FHANDLE *hFile) |
This function releases resources related to hFile. More... | |
uint16_t | secure_ls (char *path, char *list, uint32_t *list_length) |
This function identifies which encrypted files and encrypted directories are present in the directory pointed by path and writes them in list. It only recognizes the ones encrypted with the current environmental parameters. More... | |
uint16_t | secure_getfilesize (char *path, uint32_t *position) |
This function is used to get the total logic size of an encrypted file pointed by path. Logic size will always be smaller than physical size. More... | |
uint16_t | secure_mkdir (char *path) |
This function creates a directory with an encrypted name. More... | |
uint16_t | crypto_filename (char *path, char *enc_name, uint16_t *encoded_length) |
This function computes the encrypted name of the file specified at position path and its length. More... | |
void | compute_blk_offset (size_t current_offset, uint8_t *nonce) |
uint16_t | encrypt_name (void *buff1, void *buff2, size_t size, uint16_t direction) |
uint16_t | secure_sync (SEFILE_FHANDLE *hFile) |
This function is used in case we want to be sure that the physical file is synced with the OS buffers. More... | |
Variables | |
Environmental Variables | |
This static variables will store some data useful during the active session. | |
static se3_session * | EnvSession =NULL |
static int32_t * | EnvKeyID =NULL |
static uint16_t * | EnvCrypto =NULL |
In this file you will find the implementation of the public function already described in SEfile.h.
#define POS_TO_CIPHER_BLOCK | ( | current_position | ) | ((current_position / SEFILE_SECTOR_SIZE) - 1)*(SEFILE_SECTOR_DATA_SIZE / SEFILE_BLOCK_SIZE) |
Macro used to convert the actual pointer position to the cipher blocks amount
uint16_t check_env | ( | ) |
This function check if the environmental variables are correctly initialized and set.
uint16_t crypt_dirname | ( | char * | dirpath, |
char * | encDirname | ||
) |
This function is used to compute the ciphertext of a directory name stored in dirname.
[in] | dirpath | Path to the directory whose name has to be encrypted. No encrypted directory are allowed inside the path. |
[out] | encDirname | A preallocated string where to store the encrypted directory name |
uint16_t crypt_header | ( | void * | buff1, |
void * | buff2, | ||
size_t | datain_len, | ||
uint16_t | direction | ||
) |
This function encrypts a header buffer by exploiting the functions provided by L1.h.
[in] | buff1 | Pointer to the header we want to encrypt/decrypt. |
[out] | buff2 | Pointer to an allocated header where to store the result. |
[in] | datain_len | How big is the amount of data. |
[in] | direction | See SE3_DIR. |
uint16_t crypt_sectors | ( | void * | buff_decrypt, |
void * | buff_crypt, | ||
size_t | datain_len, | ||
size_t | current_offset, | ||
uint8_t * | nonce_ctr, | ||
uint8_t * | nonce_pbkdf2 | ||
) |
This function encrypts the buff_decrypt data by exploiting the functions provided by L1.h.
[in] | buff_decrypt | The plaintext data to be encrypted |
[out] | buff_crypt | The preallocated buffer where to store the encrypted data. |
[in] | datain_len | Specify how many data we want to encrypt. |
[in] | current_offset | Current position inside the file expressed as number of cipher blocks |
[in] | nonce_ctr | Initialization vector, see SEFILE_HEADER |
[in] | nonce_pbkdf2 | Initialization vector, see SEFILE_HEADER |
uint16_t crypto_filename | ( | char * | path, |
char * | enc_name, | ||
uint16_t * | encoded_length | ||
) |
This function computes the encrypted name of the file specified at position path and its length.
[in] | path | It can be absolute or relative but it can not be a directory. No encrypted directory are allowed inside the path. |
[out] | enc_name | Already allocate string where the encrypted filename should be stored. |
[out] | encoded_length | Pointer to an allocated uint16_t where the length of the encrypted filename is stored. |
uint16_t decrypt_dirname | ( | char * | dirpath, |
char * | decDirname | ||
) |
This function is used to compute the plaintext of a encrypted directory name stored in dirname.
[in] | dirpath | Path to the directory whose name has to be decrypted. No encrypted directory are allowed inside the path. |
[out] | decDirname | A preallocated string where to store the decrypted directory name |
uint16_t decrypt_filehandle | ( | SEFILE_FHANDLE * | hFile, |
char * | filename | ||
) |
This function is used to compute the plaintext of a encrypted filename stored in an already open hFile header.
[in] | hFile | Already opened file handle to be read in order to obtain its plaintext filename. |
[out] | filename | A preallocated string where to store the plaintext filename. |
uint16_t decrypt_filename | ( | char * | path, |
char * | filename | ||
) |
This function is used to compute the plaintext of a encrypted filename stored in path.
[in] | path | Where the encrypted file is stored, it can be an absolute or relative path. No encrypted directory are allowed inside the path. |
[out] | filename | A preallocated string where to store the plaintext filename |
uint16_t decrypt_sectors | ( | void * | buff_crypt, |
void * | buff_decrypt, | ||
size_t | datain_len, | ||
size_t | current_offset, | ||
uint8_t * | nonce_ctr, | ||
uint8_t * | nonce_pbkdf2 | ||
) |
This function decrypts the buff_crypt data by exploiting the functions provided by L1.h.
[in] | buff_crypt | The cipher text data to be decrypted |
[out] | buff_decrypt | The preallocated buffer where to store the decrypted data. |
[in] | datain_len | Specify how many data we want to decrypt. |
[in] | current_offset | Current position inside the file expressed as number of cipher blocks |
[in] | nonce_ctr | Initialization vector, see SEFILE_HEADER |
[in] | nonce_pbkdf2 | Initialization vector, see SEFILE_HEADER |
void get_filename | ( | char * | path, |
char * | file_name | ||
) |
This function extract the filename pointed by path.
[in] | path | It can be both an absolute or relative path. No encrypted directory are allowed inside the path. |
[out] | file_name | A preallocated string where to store the filename. |
uint16_t get_filesize | ( | SEFILE_FHANDLE * | hFile, |
uint32_t * | length | ||
) |
This function is used to compute the total logic size of an open file handle.
[in] | hFile | Open file handle whose size shall be computed. |
[out] | length | Pointer to a preallocated variable where to store the logic size. |
void get_path | ( | char * | full_path, |
char * | path | ||
) |
This function extract the path where the file is.
[in] | full_path | It can be both an absolute or relative path. No encrypted directory are allowed inside the path. |
[out] | path | A preallocated string where to store the path |
uint16_t secure_close | ( | SEFILE_FHANDLE * | hFile | ) |
This function releases resources related to hFile.
[in] | hFile | The handle to the file we do not want to manipulate no more. |
uint16_t secure_create | ( | char * | path, |
SEFILE_FHANDLE * | hFile, | ||
int | mode | ||
) |
This function creates a new secure file and creates a SEFILE_FHANDLE that can be used in future. If the file already exists, it is overwritten with an empty one, all previous data are lost.
[in] | path | Specify the absolute/relative path where to create the file. No encrypted directory are allowed inside the path. |
[out] | hFile | The pointer in which the file handle to the new opened file is placed after a success, NULL in case of failure. |
[in] | mode | The mode in which the file should be created. See mode parameter for secure_open. |
uint16_t secure_finit | ( | ) |
This function deallocate the structures defined by the secure_init(). Should be called at the end of a session. No parameters are needed;.
uint16_t secure_getfilesize | ( | char * | path, |
uint32_t * | position | ||
) |
This function is used to get the total logic size of an encrypted file pointed by path. Logic size will always be smaller than physical size.
[in] | path | Absolute or relative path the file. No encrypted directory are allowed inside the path. |
[out] | position | Pointer to an allocated uint32_t variable where will be stored the file size. |
uint16_t secure_init | ( | se3_session * | s, |
uint32_t | keyID, | ||
uint16_t | crypto | ||
) |
This function creates a new secure environment, by allocating statically the parameters needed by the following functions.
[in] | s | Contains the pointer to the se3_session structure that must be used during the session. |
[in] | keyID | Contains the ID number of the key that must be used during the session. |
[in] | crypto | Contains the id to specify which algorithm to use. See AlgorithmAvail, it can be SE3_ALGO_MAX + 1 if you don't know which algorithm to choose. See error values for error list. |
All the data passed to this function must be allocated and filled with valid data. Once secure_init succeed it is possible to destroy these data, since a copy has been made. N.B. Remember to call the secure_finit function to deallocate these data once you have finished.
uint16_t secure_ls | ( | char * | path, |
char * | list, | ||
uint32_t * | list_length | ||
) |
This function identifies which encrypted files and encrypted directories are present in the directory pointed by path and writes them in list. It only recognizes the ones encrypted with the current environmental parameters.
[in] | path | Absolute or relative path to the directory to browse. No encrypted directory are allowed inside the path. |
[out] | list | Already allocated array where to store filenames and directory names. Each entry is separated by '\0'. |
[out] | list_length | Pointer to a uint32_t used to stored total number of characters written in list. |
uint16_t secure_mkdir | ( | char * | path | ) |
This function creates a directory with an encrypted name.
[in] | path | Absolute or relative path of the new directory. No encrypted directory are allowed inside the path. |
uint16_t secure_open | ( | char * | path, |
SEFILE_FHANDLE * | hFile, | ||
int32_t | mode, | ||
int32_t | access | ||
) |
This function opens a secure file and create a SEFILE_FHANDLE that can be used in future.
[in] | path | Specify the absolute/relative path where to retrieve the file to open. No encrypted directory are allowed inside the path. |
[out] | hFile | The pointer in which the file handle to the opened file is placed after a success, NULL in case of failure. |
[in] | mode | The mode in which the file should be opened. See mode parameter for secure_open. |
[in] | access | Define if the file should be created or it should already exist. See access parameter for secure_open. |
uint16_t secure_read | ( | SEFILE_FHANDLE * | hFile, |
uint8_t * | dataOut, | ||
uint32_t | dataOut_len, | ||
uint32_t * | bytesRead | ||
) |
This function reads from hFile bytesRead characters out of dataOut_len correctly decrypted ones and stores them in dataOut string.
[in] | hFile | The handle to an already opened file to be read. |
[out] | dataOut | An already allocated array of characters where to store data read. |
[in] | dataOut_len | Number of characters we want to read. |
[out] | bytesRead | Number of effective characters read, MUST NOT BE NULL. |
uint16_t secure_seek | ( | SEFILE_FHANDLE * | hFile, |
int32_t | offset, | ||
int32_t * | position, | ||
uint8_t | whence | ||
) |
This function is used to move correctly the file pointer.
[in] | hFile | The handle to the file to manipulate. |
[in] | offset | Amount of character we want to move. |
[out] | position | Pointer to a int32_t variable where the final position is stored, MUST NOT BE NULL. |
[in] | whence | According to this parameter we can choose if we want to move from the file beginning, file ending or current file pointer position. See whence parameter for secure_seek. |
uint16_t secure_sync | ( | SEFILE_FHANDLE * | hFile | ) |
This function is used in case we want to be sure that the physical file is synced with the OS buffers.
hFile | Handle to the secure file to be synced. |
uint16_t secure_truncate | ( | SEFILE_FHANDLE * | hFile, |
uint32_t | size | ||
) |
This function resizes the file pointed by hFile to size. If size is bigger than its current size the gap is filled with 0s.
[in] | hFile | The handle to the file to manipulate. |
[in] | size | New size of the file. |
uint16_t secure_update | ( | se3_session * | s, |
int32_t | keyID, | ||
uint16_t | crypto | ||
) |
This function can be called only after the secure_init() function and give to the user the possibility to overwrite the Environment variables with new ones.
[in] | s | Contains the pointer to the se3_session structure that must be used during the session. Can be NULL. |
[in] | keyID | keyID Contains the ID number of the key that must be used during the session. Can be -1. |
[in] | crypto | Contains the id to specify which algorithm to use. |
Parameters from 1 to 3 can be a NULL pointer or '-1' value, if all parameters are NULL (or '-1' in case of keyID) the function is a No-Operation one.
uint16_t secure_write | ( | SEFILE_FHANDLE * | hFile, |
uint8_t * | dataIn, | ||
uint32_t | dataIn_len | ||
) |
This function writes the characters given by dataIn to the encrypted file hFile. Before writing them, dataIn is encrypted according to the environmental parameters.
[in] | hFile | The handle to an already opened file to be written. |
[in] | dataIn | The string of characters that have to be written. |
[in] | dataIn_len | The length, in bytes, of the data that have to be written. |
uint16_t valid_name | ( | char * | name | ) |
This function checks if the given name can be a valid encrypted filename/directory name.
[in] | Name | of the file/directory. |