SEFile
Userspace drivers to manage a secure filesystem
 All Data Structures Files Functions Variables Typedefs Macros Groups
Data Structures | Macros | Functions
SEfile.c File Reference

In this file you will find the implementation of the public function already described in SEfile.h. More...

#include "SEfile.h"

Data Structures

struct  SEFILE_HANDLE
 The SEFILE_HANDLE struct. More...
 
struct  SEFILE_HEADER
 The SEFILE_HEADER struct. More...
 
struct  SEFILE_SECTOR
 The SEFILE_SECTOR struct This data struct is the actual sector organization. The total size should ALWAYS be equal to SEFILE_SECTOR_SIZE. The first sector is used to hold ONLY the header. Thanks to the union data type, the developer can simply declare a sector and then choose if it is the header sector or not. More...
 

Macros

#define _GNU_SOURCE
 
#define SEFILE_NONCE_LEN   32
 
#define POS_TO_CIPHER_BLOCK(current_position)   ((current_position / SEFILE_SECTOR_SIZE) - 1)*(SEFILE_SECTOR_DATA_SIZE / SEFILE_BLOCK_SIZE)
 

Functions

void get_filename (char *path, char *file_name)
 This function extract the filename pointed by path. More...
 
void get_path (char *full_path, char *path)
 This function extract the path where the file is. More...
 
uint16_t check_env ()
 This function check if the environmental variables are correctly initialized and set. More...
 
uint16_t crypt_sectors (void *buff_decrypt, void *buff_crypt, size_t datain_len, size_t current_offset, uint8_t *nonce_ctr, uint8_t *nonce_pbkdf2)
 This function encrypts the buff_decrypt data by exploiting the functions provided by L1.h. More...
 
uint16_t crypt_header (void *buff1, void *buff2, size_t datain_len, uint16_t direction)
 This function encrypts a header buffer by exploiting the functions provided by L1.h. More...
 
uint16_t decrypt_sectors (void *buff_crypt, void *buff_decrypt, size_t datain_len, size_t current_offset, uint8_t *nonce_ctr, uint8_t *nonce_pbkdf2)
 This function decrypts the buff_crypt data by exploiting the functions provided by L1.h. More...
 
uint16_t get_filesize (SEFILE_FHANDLE *hFile, uint32_t *length)
 This function is used to compute the total logic size of an open file handle. More...
 
uint16_t decrypt_filename (char *path, char *filename)
 This function is used to compute the plaintext of a encrypted filename stored in path. More...
 
uint16_t decrypt_filehandle (SEFILE_FHANDLE *hFile, char *filename)
 This function is used to compute the plaintext of a encrypted filename stored in an already open hFile header. More...
 
uint16_t crypt_dirname (char *dirpath, char *encDirname)
 This function is used to compute the ciphertext of a directory name stored in dirname. More...
 
uint16_t decrypt_dirname (char *dirpath, char *decDirname)
 This function is used to compute the plaintext of a encrypted directory name stored in dirname. More...
 
uint16_t valid_name (char *name)
 This function checks if the given name can be a valid encrypted filename/directory name. More...
 
uint16_t secure_init (se3_session *s, uint32_t keyID, uint16_t crypto)
 This function creates a new secure environment, by allocating statically the parameters needed by the following functions. More...
 
uint16_t secure_update (se3_session *s, int32_t keyID, uint16_t crypto)
 This function can be called only after the secure_init() function and give to the user the possibility to overwrite the Environment variables with new ones. More...
 
uint16_t secure_finit ()
 This function deallocate the structures defined by the secure_init(). Should be called at the end of a session. No parameters are needed;. More...
 
uint16_t secure_open (char *path, SEFILE_FHANDLE *hFile, int32_t mode, int32_t creation)
 This function opens a secure file and create a SEFILE_FHANDLE that can be used in future. More...
 
uint16_t secure_create (char *path, SEFILE_FHANDLE *hFile, int mode)
 This function creates a new secure file and creates a SEFILE_FHANDLE that can be used in future. If the file already exists, it is overwritten with an empty one, all previous data are lost. More...
 
uint16_t secure_write (SEFILE_FHANDLE *hFile, uint8_t *dataIn, uint32_t dataIn_len)
 This function writes the characters given by dataIn to the encrypted file hFile. Before writing them, dataIn is encrypted according to the environmental parameters. More...
 
uint16_t secure_read (SEFILE_FHANDLE *hFile, uint8_t *dataOut, uint32_t dataOut_len, uint32_t *bytesRead)
 This function reads from hFile bytesRead characters out of dataOut_len correctly decrypted ones and stores them in dataOut string. More...
 
uint16_t secure_seek (SEFILE_FHANDLE *hFile, int32_t offset, int32_t *position, uint8_t whence)
 This function is used to move correctly the file pointer. More...
 
uint16_t secure_truncate (SEFILE_FHANDLE *hFile, uint32_t size)
 This function resizes the file pointed by hFile to size. If size is bigger than its current size the gap is filled with 0s. More...
 
uint16_t secure_close (SEFILE_FHANDLE *hFile)
 This function releases resources related to hFile. More...
 
uint16_t secure_ls (char *path, char *list, uint32_t *list_length)
 This function identifies which encrypted files and encrypted directories are present in the directory pointed by path and writes them in list. It only recognizes the ones encrypted with the current environmental parameters. More...
 
uint16_t secure_getfilesize (char *path, uint32_t *position)
 This function is used to get the total logic size of an encrypted file pointed by path. Logic size will always be smaller than physical size. More...
 
uint16_t secure_mkdir (char *path)
 This function creates a directory with an encrypted name. More...
 
uint16_t crypto_filename (char *path, char *enc_name, uint16_t *encoded_length)
 This function computes the encrypted name of the file specified at position path and its length. More...
 
void compute_blk_offset (size_t current_offset, uint8_t *nonce)
 
uint16_t encrypt_name (void *buff1, void *buff2, size_t size, uint16_t direction)
 
uint16_t secure_sync (SEFILE_FHANDLE *hFile)
 This function is used in case we want to be sure that the physical file is synced with the OS buffers. More...
 

Variables

Environmental Variables

This static variables will store some data useful during the active session.

static se3_session * EnvSession =NULL
 
static int32_t * EnvKeyID =NULL
 
static uint16_t * EnvCrypto =NULL
 

Detailed Description

In this file you will find the implementation of the public function already described in SEfile.h.

Authors
Francesco Giavatto, Nicolò Maunero, Giulio Scalia
Date
17/09/2016

Macro Definition Documentation

#define POS_TO_CIPHER_BLOCK (   current_position)    ((current_position / SEFILE_SECTOR_SIZE) - 1)*(SEFILE_SECTOR_DATA_SIZE / SEFILE_BLOCK_SIZE)

Macro used to convert the actual pointer position to the cipher blocks amount

Function Documentation

uint16_t check_env ( )

This function check if the environmental variables are correctly initialized and set.

Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
uint16_t crypt_dirname ( char *  dirpath,
char *  encDirname 
)

This function is used to compute the ciphertext of a directory name stored in dirname.

Parameters
[in]dirpathPath to the directory whose name has to be encrypted. No encrypted directory are allowed inside the path.
[out]encDirnameA preallocated string where to store the encrypted directory name
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
uint16_t crypt_header ( void *  buff1,
void *  buff2,
size_t  datain_len,
uint16_t  direction 
)

This function encrypts a header buffer by exploiting the functions provided by L1.h.

Parameters
[in]buff1Pointer to the header we want to encrypt/decrypt.
[out]buff2Pointer to an allocated header where to store the result.
[in]datain_lenHow big is the amount of data.
[in]directionSee SE3_DIR.
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
uint16_t crypt_sectors ( void *  buff_decrypt,
void *  buff_crypt,
size_t  datain_len,
size_t  current_offset,
uint8_t *  nonce_ctr,
uint8_t *  nonce_pbkdf2 
)

This function encrypts the buff_decrypt data by exploiting the functions provided by L1.h.

Parameters
[in]buff_decryptThe plaintext data to be encrypted
[out]buff_cryptThe preallocated buffer where to store the encrypted data.
[in]datain_lenSpecify how many data we want to encrypt.
[in]current_offsetCurrent position inside the file expressed as number of cipher blocks
[in]nonce_ctrInitialization vector, see SEFILE_HEADER
[in]nonce_pbkdf2Initialization vector, see SEFILE_HEADER
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
uint16_t crypto_filename ( char *  path,
char *  enc_name,
uint16_t *  encoded_length 
)

This function computes the encrypted name of the file specified at position path and its length.

Parameters
[in]pathIt can be absolute or relative but it can not be a directory. No encrypted directory are allowed inside the path.
[out]enc_nameAlready allocate string where the encrypted filename should be stored.
[out]encoded_lengthPointer to an allocated uint16_t where the length of the encrypted filename is stored.
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
uint16_t decrypt_dirname ( char *  dirpath,
char *  decDirname 
)

This function is used to compute the plaintext of a encrypted directory name stored in dirname.

Parameters
[in]dirpathPath to the directory whose name has to be decrypted. No encrypted directory are allowed inside the path.
[out]decDirnameA preallocated string where to store the decrypted directory name
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
uint16_t decrypt_filehandle ( SEFILE_FHANDLE hFile,
char *  filename 
)

This function is used to compute the plaintext of a encrypted filename stored in an already open hFile header.

Parameters
[in]hFileAlready opened file handle to be read in order to obtain its plaintext filename.
[out]filenameA preallocated string where to store the plaintext filename.
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
uint16_t decrypt_filename ( char *  path,
char *  filename 
)

This function is used to compute the plaintext of a encrypted filename stored in path.

Parameters
[in]pathWhere the encrypted file is stored, it can be an absolute or relative path. No encrypted directory are allowed inside the path.
[out]filenameA preallocated string where to store the plaintext filename
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
uint16_t decrypt_sectors ( void *  buff_crypt,
void *  buff_decrypt,
size_t  datain_len,
size_t  current_offset,
uint8_t *  nonce_ctr,
uint8_t *  nonce_pbkdf2 
)

This function decrypts the buff_crypt data by exploiting the functions provided by L1.h.

Parameters
[in]buff_cryptThe cipher text data to be decrypted
[out]buff_decryptThe preallocated buffer where to store the decrypted data.
[in]datain_lenSpecify how many data we want to decrypt.
[in]current_offsetCurrent position inside the file expressed as number of cipher blocks
[in]nonce_ctrInitialization vector, see SEFILE_HEADER
[in]nonce_pbkdf2Initialization vector, see SEFILE_HEADER
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
void get_filename ( char *  path,
char *  file_name 
)

This function extract the filename pointed by path.

Parameters
[in]pathIt can be both an absolute or relative path. No encrypted directory are allowed inside the path.
[out]file_nameA preallocated string where to store the filename.
uint16_t get_filesize ( SEFILE_FHANDLE hFile,
uint32_t *  length 
)

This function is used to compute the total logic size of an open file handle.

Parameters
[in]hFileOpen file handle whose size shall be computed.
[out]lengthPointer to a preallocated variable where to store the logic size.
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
void get_path ( char *  full_path,
char *  path 
)

This function extract the path where the file is.

Parameters
[in]full_pathIt can be both an absolute or relative path. No encrypted directory are allowed inside the path.
[out]pathA preallocated string where to store the path
uint16_t secure_close ( SEFILE_FHANDLE hFile)

This function releases resources related to hFile.

Parameters
[in]hFileThe handle to the file we do not want to manipulate no more.
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
uint16_t secure_create ( char *  path,
SEFILE_FHANDLE hFile,
int  mode 
)

This function creates a new secure file and creates a SEFILE_FHANDLE that can be used in future. If the file already exists, it is overwritten with an empty one, all previous data are lost.

Parameters
[in]pathSpecify the absolute/relative path where to create the file. No encrypted directory are allowed inside the path.
[out]hFileThe pointer in which the file handle to the new opened file is placed after a success, NULL in case of failure.
[in]modeThe mode in which the file should be created. See mode parameter for secure_open.
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
uint16_t secure_finit ( )

This function deallocate the structures defined by the secure_init(). Should be called at the end of a session. No parameters are needed;.

Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
uint16_t secure_getfilesize ( char *  path,
uint32_t *  position 
)

This function is used to get the total logic size of an encrypted file pointed by path. Logic size will always be smaller than physical size.

Parameters
[in]pathAbsolute or relative path the file. No encrypted directory are allowed inside the path.
[out]positionPointer to an allocated uint32_t variable where will be stored the file size.
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
uint16_t secure_init ( se3_session *  s,
uint32_t  keyID,
uint16_t  crypto 
)

This function creates a new secure environment, by allocating statically the parameters needed by the following functions.

Parameters
[in]sContains the pointer to the se3_session structure that must be used during the session.
[in]keyIDContains the ID number of the key that must be used during the session.
[in]cryptoContains the id to specify which algorithm to use. See AlgorithmAvail, it can be SE3_ALGO_MAX + 1 if you don't know which algorithm to choose. See error values for error list.

All the data passed to this function must be allocated and filled with valid data. Once secure_init succeed it is possible to destroy these data, since a copy has been made. N.B. Remember to call the secure_finit function to deallocate these data once you have finished.

uint16_t secure_ls ( char *  path,
char *  list,
uint32_t *  list_length 
)

This function identifies which encrypted files and encrypted directories are present in the directory pointed by path and writes them in list. It only recognizes the ones encrypted with the current environmental parameters.

Parameters
[in]pathAbsolute or relative path to the directory to browse. No encrypted directory are allowed inside the path.
[out]listAlready allocated array where to store filenames and directory names. Each entry is separated by '\0'.
[out]list_lengthPointer to a uint32_t used to stored total number of characters written in list.
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
uint16_t secure_mkdir ( char *  path)

This function creates a directory with an encrypted name.

Parameters
[in]pathAbsolute or relative path of the new directory. No encrypted directory are allowed inside the path.
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
uint16_t secure_open ( char *  path,
SEFILE_FHANDLE hFile,
int32_t  mode,
int32_t  access 
)

This function opens a secure file and create a SEFILE_FHANDLE that can be used in future.

Parameters
[in]pathSpecify the absolute/relative path where to retrieve the file to open. No encrypted directory are allowed inside the path.
[out]hFileThe pointer in which the file handle to the opened file is placed after a success, NULL in case of failure.
[in]modeThe mode in which the file should be opened. See mode parameter for secure_open.
[in]accessDefine if the file should be created or it should already exist. See access parameter for secure_open.
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
uint16_t secure_read ( SEFILE_FHANDLE hFile,
uint8_t *  dataOut,
uint32_t  dataOut_len,
uint32_t *  bytesRead 
)

This function reads from hFile bytesRead characters out of dataOut_len correctly decrypted ones and stores them in dataOut string.

Parameters
[in]hFileThe handle to an already opened file to be read.
[out]dataOutAn already allocated array of characters where to store data read.
[in]dataOut_lenNumber of characters we want to read.
[out]bytesReadNumber of effective characters read, MUST NOT BE NULL.
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
uint16_t secure_seek ( SEFILE_FHANDLE hFile,
int32_t  offset,
int32_t *  position,
uint8_t  whence 
)

This function is used to move correctly the file pointer.

Parameters
[in]hFileThe handle to the file to manipulate.
[in]offsetAmount of character we want to move.
[out]positionPointer to a int32_t variable where the final position is stored, MUST NOT BE NULL.
[in]whenceAccording to this parameter we can choose if we want to move from the file beginning, file ending or current file pointer position. See whence parameter for secure_seek.
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
uint16_t secure_sync ( SEFILE_FHANDLE hFile)

This function is used in case we want to be sure that the physical file is synced with the OS buffers.

Parameters
hFileHandle to the secure file to be synced.
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
uint16_t secure_truncate ( SEFILE_FHANDLE hFile,
uint32_t  size 
)

This function resizes the file pointed by hFile to size. If size is bigger than its current size the gap is filled with 0s.

Parameters
[in]hFileThe handle to the file to manipulate.
[in]sizeNew size of the file.
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
uint16_t secure_update ( se3_session *  s,
int32_t  keyID,
uint16_t  crypto 
)

This function can be called only after the secure_init() function and give to the user the possibility to overwrite the Environment variables with new ones.

Parameters
[in]sContains the pointer to the se3_session structure that must be used during the session. Can be NULL.
[in]keyIDkeyID Contains the ID number of the key that must be used during the session. Can be -1.
[in]cryptoContains the id to specify which algorithm to use.
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.

Parameters from 1 to 3 can be a NULL pointer or '-1' value, if all parameters are NULL (or '-1' in case of keyID) the function is a No-Operation one.

uint16_t secure_write ( SEFILE_FHANDLE hFile,
uint8_t *  dataIn,
uint32_t  dataIn_len 
)

This function writes the characters given by dataIn to the encrypted file hFile. Before writing them, dataIn is encrypted according to the environmental parameters.

Parameters
[in]hFileThe handle to an already opened file to be written.
[in]dataInThe string of characters that have to be written.
[in]dataIn_lenThe length, in bytes, of the data that have to be written.
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.
uint16_t valid_name ( char *  name)

This function checks if the given name can be a valid encrypted filename/directory name.

Parameters
[in]Nameof the file/directory.
Returns
The function returns a (uint16_t) '0' in case of success. See error values for error list.