SEcube open-source SDK
SEkey.h
Go to the documentation of this file.
1 
7 #ifndef SEKEY_H_
8 #define SEKEY_H_
9 
10 #include "../sefile/SEfile.h"
11 #include "../sqlite/sqlite3.h"
12 
13 #define PINLEN 32
14 #define AES256KEYLEN 32
15 #define IDLEN 11
16 #define NAMELEN 100
17 #define TRY_LIMIT 5
18 #define UPDATE_RECORD_HEADER_LEN 11
21 enum update_record_type {
27 };
28 
31  SEKEY_OK = 0,
32  SEKEY_ERR = 1,
47  SEKEY_REPROG = 16,
60 };
61 
62 /* WARNING: key ID = 0 is not allowed */
63 #define NUMBER_RESERVED_KEY_IDS 100
64 #define NUMBER_MASTER_SLAVE_KEY_IDS 100000
65 #define KEY_ID_RESERVED_RANGE_BEGIN 1
66 #define KEY_ID_RESERVED_RANGE_END NUMBER_RESERVED_KEY_IDS
67 #define KEY_ID_SEKEY_BEGIN (KEY_ID_RESERVED_RANGE_END + 1)
68 #define KEY_ID_SEKEY_END (UINT32_MAX - NUMBER_MASTER_SLAVE_KEY_IDS)
69 #define KEY_ID_MASTER_SLAVE_BEGIN (KEY_ID_SEKEY_END + 1)
70 #define KEY_ID_MASTER_SLAVE_END UINT32_MAX
71 #define SEkey_ID 1
72 #define wildcard_key_ID 2
75 enum class se_key_status {
76  statusmin = 0,
77  preactive = 1,
78  active = 2,
79  suspended = 3,
80  deactivated = 4,
81  compromised = 5,
82  destroyed = 6,
83  statusmax = 7
84 };
85 
88 enum class se_key_type {
89  typemin = 100,
90  private_signature = 101,
91  public_signature_verification = 102,
92  symmetric_authentication = 103,
93  private_authentication = 104,
94  public_authentication = 105,
95  symmetric_data_encryption = 106,
96  symmetric_key_wrapping = 107,
97  symmetric_RGB = 108,
98  symmetric_key_derivation = 109,
99  private_key_transport = 110,
100  public_key_transport = 111,
101  symmetric_key_agreement = 112,
102  private_static_key_agreement = 113,
103  public_static_key_agreement = 114,
104  private_ephemeral_key_agreement = 115,
105  public_ephemeral_key_agreement = 116,
106  symmetric_authorization = 117,
107  private_authorization = 118,
108  public_authorization = 119,
109  typemax = 120
110 };
111 
116 enum filetype {
117  INIT = 1,
118  RECOVERY = 2,
119  NORMAL = 3
120 };
121 
123 typedef struct userdata_{
124  std::string sn;
125  std::string uid;
126  std::string uname;
127  uint32_t k1;
128  uint32_t k2;
129  uint32_t algo;
130  uint32_t klen;
131  std::string query;
132  std::unique_ptr<uint8_t[]> k1_data;
133  std::unique_ptr<uint8_t[]> k2_data;
134  std::unique_ptr<uint8_t[]> wcard_key;
135 }userdata;
136 
141 typedef struct userinfo_{
142  std::string userid;
143  std::string username;
144  std::string device_sn;
145 } userinfo;
146 
149 class se_user{
150 private:
151  std::string id;
152  std::string name;
153  std::string sn;
154  std::string user_pin;
155  std::string admin_pin;
156  std::string algorithm;
157  uint32_t k1;
158  uint32_t k2;
159  uint32_t init;
160  int64_t update_cnt;
161  std::vector<std::string> groups;
162 public:
163  se_user(): k1(0), k2(0), init(0), update_cnt(0){};
164  se_user(std::string& _id, std::string& _name): id(_id), name(_name), k1(0), k2(0), init(0), update_cnt(0){};
165  se_user(std::string& user_id, std::string& user_name, std::string& serialnumber, std::string& userpin, std::string& adminpin, uint32_t k1, uint32_t k2, uint32_t algo, uint32_t init_flag, int64_t cnt);
166  void set_id(std::string& new_id);
167  std::string& get_id();
168  void set_name(std::string& new_name);
169  void add_group(std::string& group);
170  void print_user_details(std::ofstream& sekey_log);
171  std::string& get_sn(){return this->sn;};
172 };
173 
179 private:
180  uint32_t max_keys;
181  uint32_t algorithm;
183  friend class se_group;
184 public:
185  group_policy(uint32_t maxkeys, uint32_t algo, uint32_t cryptoperiod);
186  group_policy();
187  uint32_t get_max_keys();
188  uint32_t get_algorithm();
189  uint32_t get_default_cryptoperiod();
190  void set_max_keys(uint32_t maxkeys);
191  void set_default_cryptoperiod(uint32_t cryptoperiod);
192  void set_algorithm(uint32_t algo);
193  bool isvalid();
194 };
195 
202 class se_key {
203 private:
204  std::string id;
205  std::string name;
206  std::string owner;
209  uint32_t algorithm;
210  uint32_t length;
211  time_t generation;
212  time_t activation;
213  time_t expiration;
214  time_t deactivation;
215  time_t compromise;
216  time_t destruction;
217  time_t suspension;
218  time_t cryptoperiod;
219 public:
220  se_key(): status(se_key_status::preactive), type(se_key_type::symmetric_data_encryption), algorithm(L1Algorithms::Algorithms::AES_HMACSHA256), length(0), generation(0),
222  se_key(std::string& key_id, uint32_t algo, uint32_t key_length, time_t act, time_t exp);
223  se_key(std::string& key_id, std::string& key_name, std::string& key_owner, se_key_status key_status, uint32_t key_algo, uint32_t key_length, time_t gen, time_t act,
224  time_t exp, time_t crypto, time_t deactivation, se_key_type key_type, time_t compr, time_t destr, time_t susp);
225  se_key& operator= (const se_key& key);
226  std::string& get_id();
227  se_key_status get_status();
228  bool safer(se_key& chosen);
229  void print_key_details(std::ofstream& sekey_log); // used for debugging purpose
230 };
231 
234 class se_group{
235 private:
236  std::string id;
237  std::string name;
238  uint32_t users_counter;
239  uint32_t keys_counter;
241  std::vector<se_user> users_list;
242  std::vector<se_key> keys_list;
243 public:
244  se_group(std::string& groupid, std::string& groupname, group_policy gpolicy);
245  se_group(): users_counter(0), keys_counter(0){};
246  std::string& get_id();
247  void set_id(std::string& new_id);
248  std::string& get_name();
249  void set_name(std::string& new_name);
250  uint32_t get_users_counter();
251  void set_users_counter(uint32_t cnt);
252  uint32_t get_keys_counter();
253  void set_keys_counter(uint32_t cnt);
254  uint32_t get_keys_maxnumber();
255  void set_keys_maxnumber(uint32_t max);
256  uint32_t get_keys_algorithm();
257  void set_keys_algorithm(uint32_t algo);
258  uint32_t get_keys_cryptoperiod();
259  void set_keys_cryptoperiod(uint32_t cryptoperiod);
260  void print_group_details(std::ofstream& sekey_log); // used for debugging purpose
261 };
262 
265 class statement{
266 private:
267  sqlite3_stmt *stmt;
268 public:
270  statement(){ this->stmt = nullptr; };
272  ~statement(){ sqlite3_finalize(this->stmt); this->stmt = nullptr; };
274  sqlite3_stmt *getstmt(){ return this->stmt; };
276  sqlite3_stmt **getstmtref(){ sqlite3_finalize(this->stmt); return &(this->stmt); };
278  void finalize(){ sqlite3_finalize(this->stmt); };
279 };
280 
289  int sekey_start(L0& l0, L1 *l1ptr);
291  int sekey_stop();
292  int sekey_admin_init(L1& l1, std::vector<std::string>& pin, std::string& userpin, std::string& adminpin);
293  int sekey_init_user_SEcube(std::string& uid, std::string& userpin, std::string& adminpin, std::vector<std::string>& pin);
294  int sekey_add_user(std::string& user_id, std::string& username);
295  int sekey_delete_user(std::string& userID);
296  int sekey_add_user_group(std::string& userID, std::string& groupID);
297  int sekey_delete_user_group(std::string& user_id, std::string& group_id);
298  int sekey_user_change_name(std::string& userID, std::string& newname);
299  int sekey_user_get_info_all(std::vector<se_user> *users);
300  int sekey_user_get_info(std::string& userid, se_user *user);
301  int sekey_add_group(std::string& groupID, std::string& group_name, group_policy policy);
302  int sekey_delete_group(std::string& groupID);
303  int sekey_group_change_name(std::string& groupID, std::string& newname);
304  int sekey_group_change_max_keys(std::string& groupID, uint32_t maxkeys);
305  int sekey_group_change_default_cryptoperiod(std::string& groupID, uint32_t cryptoperiod);
306  int sekey_group_get_info(std::string& groupID, se_group *group);
307  int sekey_group_get_info_all(std::vector<se_group> *groups);
308  int sekey_add_key(std::string& key_id, std::string& key_name, std::string& key_owner, uint32_t cryptoperiod, se_key_type keytype);
309  int sekey_activate_key(std::string& key_id);
310  int sekey_key_change_status(std::string& key_id, se_key_status status);
311  int sekey_key_change_name(std::string& key_id, std::string& key_name);
312  int sekey_key_get_info(std::string& key_id, se_key *key);
313  int sekey_key_get_info_all(std::vector<se_key> *keys);
314  int sekey_find_key_v1(std::string& chosen_key, std::string& source_user_id, std::string& dest_user_id, se_key_type keytype);
315  int sekey_find_key_v2(std::string& chosen_key, std::string& source_user_id, std::string& group_id, se_key_type keytype);
316  int sekey_find_key_v3(std::string& chosen_key, std::string& source_user_id, std::vector<std::string>& dest_user_id, se_key_type keytype);
317  int sekey_readlog(std::string* sn, std::string& output);
319 
329 time_t sekey_gettime();
333 int sekey_recovery_request(std::string& user_id, std::string& serial_number);
334 std::string epoch_to_localtime(time_t t);
335 std::string cryptoperiod_to_days(uint32_t n);
336 uint32_t stoul_wrap(std::string& s);
337 std::string statusmap(se_key_status s);
338 std::string keytypemap(se_key_type t);
339 std::string algomap(uint32_t algorithm);
340 uint32_t algolen(uint32_t algorithm);
342 
352  void sekey_printlog(std::string& msg);
354  int sekey_user_init(std::string& user_id, std::string& username, std::string& sn);
355  int sekey_recovery();
356  int sekey_write_recovery(std::string& user_id, std::string& serial_number);
357  int reset_user_recovery(std::string& user_id, std::string& sn);
358  void req_delete_user(std::string& user_id, std::string& uid, bool erase);
359  void req_delete_user(std::string& user_id, uint32_t algo, uint32_t key_id, std::string& sn, bool erase, int mode);
360  void req_delete_group(std::string& user_id, std::string& gid, bool erase);
361  void req_delete_user_from_group(std::string& user_id, std::string& uid, std::string& group_id, bool erase);
362  int usr_delete_user_from_group(char *buffer);
363  int usr_delete_user(char *buffer);
364  void send_key_update(std::string& user_id, uint32_t kid, uint32_t key_len, bool erase);
365  int usr_delete_group(char *buffer);
366  int usr_store_key(char *buffer);
367  int send_user_init_update(std::string& user_id, std::string& query);
369  int usr_sql_exec(char *buffer, uint32_t bufsize);
370  int execute_update(std::string& filepath);
371  void send_sql_update(std::string& user_id, std::string& query, bool erase);
372  int open_update_file(SEfile& updatefile, std::string& sn, bool overwrite, bool create, int mode);
373  int check_key_transition_validity(se_key_status current_status, se_key_status new_status);
374  int process_update_file();
375  void delete_user_iterator(std::vector<std::string>& users, std::string& user_id, bool erase);
376  void delete_group_iterator(std::vector<std::string>& users, std::string& group_id, bool erase);
377  void sql_update_iterator(std::vector<std::string>& users, std::string& query, bool erase);
378  void delete_user_from_group_iterator(std::vector<std::string>& users, std::string& user_id, std::string& group_id, bool erase);
379  void key_update_iterator(std::vector<std::string>& users, uint32_t kid, uint32_t key_len, bool erase);
380  int rollback_transaction();
381  int commit_transaction();
382  int fill_recovery(std::vector<std::string>& users);
383  int sql_fill_vector(std::string *bind, std::string& query, std::vector<std::string> *container);
384  uint32_t get_u32(sqlite3_stmt *stmt, int index);
385  bool algovalid(uint32_t algorithm);
386  int is_user_present(std::string& user_id);
387  int is_group_present(std::string& group_id);
388  int is_key_present(std::string& key_id);
389  bool deletefile(SEfile *fileptr, std::string& filepath);
390  int file_exists(std::string& filename);
391  int generate_serial_number(char *sn);
392  bool user_allowed();
393  int algocmp(uint32_t algo1, uint32_t algo2);
394  int sqlite3_expanded_sql_wrapper(sqlite3_stmt *stmt, std::string& s);
395  std::string sqlite3_column_text_wrapper(sqlite3_stmt *stmt, int col);
396  bool check_input(std::string& in, uint8_t sel);
398 
400 #endif
se_key::generation
time_t generation
Definition: SEkey.h:211
group_policy::algorithm
uint32_t algorithm
Definition: SEkey.h:181
DELETE_USER
Definition: SEkey.h:23
se_group::users_counter
uint32_t users_counter
Definition: SEkey.h:238
se_key::deactivation
time_t deactivation
Definition: SEkey.h:214
file_exists
int file_exists(std::string &filename)
Check if a SEfile file exists. Automatically translate the plaintext filename to the encrypted filena...
sekey_user_change_name
int sekey_user_change_name(std::string &userID, std::string &newname)
Change the name of a user. Available only for the administrator.
req_delete_user_from_group
void req_delete_user_from_group(std::string &user_id, std::string &uid, std::string &group_id, bool erase)
Function to write in the update file of a user the request to delete a user from a group....
sekey_start
int sekey_start(L0 &l0, L1 *l1ptr)
API to start the SEkey KMS.
Definition: SEkey.cpp:282
userdata_::klen
uint32_t klen
Definition: SEkey.h:130
se_key::suspension
time_t suspension
Definition: SEkey.h:217
sekey_recovery
int sekey_recovery()
Iterate over the recovery table of SEkey processing all the recovery requests. Available only for the...
Definition: SEkey.cpp:977
sekey_add_group
int sekey_add_group(std::string &groupID, std::string &group_name, group_policy policy)
API to add a group to SEkey. Available only for the administrator.
UPDATE_RECORD_HEADER_LEN
#define UPDATE_RECORD_HEADER_LEN
Length of header of each update record in the update, init or recovery file. 1 byte for the type,...
Definition: SEkey.h:18
statement::~statement
~statement()
Definition: SEkey.h:272
is_user_present
int is_user_present(std::string &user_id)
Check if a user is already stored in the SEkey KMS.
se_group::id
std::string id
Definition: SEkey.h:236
SEKEY_INACTIVE_KEY
Definition: SEkey.h:54
keytypemap
string keytypemap(se_key_type t)
Convert a key type to the corresponding string.
Definition: SEkey.cpp:4983
sql_fill_vector
int sql_fill_vector(std::string *bind, std::string &query, std::vector< std::string > *container)
Executes a SQLite query (with one parameter to bind) and stores the results in a vector of strings.
se_key::activation
time_t activation
Definition: SEkey.h:212
SEKEY_DEACTIVATED_KEY
Definition: SEkey.h:57
userdata_::query
std::string query
Definition: SEkey.h:131
SEKEY_CORRUPTED
Definition: SEkey.h:46
SEfile::secure_init
uint16_t secure_init(L1 *l1ptr, uint32_t keyID, uint16_t crypto)
This function is used to initialize the security context of a SEfile object.
Definition: SEfile.cpp:197
fill_recovery
int fill_recovery(std::vector< std::string > &users)
Add one or more users of SEkey to the list of users who need recovery.
SEcube
L1 * SEcube
Definition: SEkey.cpp:22
userdata_::wcard_key
std::unique_ptr< uint8_t[]> wcard_key
Definition: SEkey.h:134
sekey_check_expired_keys
int sekey_check_expired_keys()
Check for expired keys inside SEkey. Expired keys which are still flagged as active will be deactivat...
Definition: SEkey.cpp:2923
se_user::update_cnt
int64_t update_cnt
Definition: SEkey.h:160
sekey_activate_key
int sekey_activate_key(std::string &key_id)
Activate a key. Available only for the administrator.
algolen
uint32_t algolen(uint32_t algorithm)
Return the length (in byte) of the key, given the algorithm. Return 0 if algorithm is unknown.
Definition: SEkey.cpp:4937
SEkey_ID
#define SEkey_ID
The key ID 1 is reserved for the database internally used by SEkey.
Definition: SEkey.h:71
sekey_add_key
int sekey_add_key(std::string &key_id, std::string &key_name, std::string &key_owner, uint32_t cryptoperiod, se_key_type keytype)
Add a key to SEkey. Available only for the administrator.
KEY_DATA
Definition: SEkey.h:24
se_user::name
std::string name
Definition: SEkey.h:152
crypto_filename
uint16_t crypto_filename(char *path, char *enc_name, uint16_t *encoded_length)
This function computes the encrypted name of the file specified as path.
Definition: SEfile.cpp:1410
sql_update_iterator
void sql_update_iterator(std::vector< std::string > &users, std::string &query, bool erase)
Wrapper to execute send_sql_update() for all users inside a list.
get_filename
void get_filename(char *path, char *file_name)
Extract the name of a file from its path.
Definition: SEfile.cpp:1602
se_key_type
se_key_type
Possible key types. Notice that only symmetric_data_encryption is supported, other types are listed h...
Definition: SEkey.h:88
SEKEY_COMMON_GROUP_NOT_FOUND
Definition: SEkey.h:50
statement
Handy RAII wrapper for sqlite3_stmt which requires call to sqlite3_finalize to avoid resource leakage...
Definition: SEkey.h:265
group_policy
The policy class is used to model a security policy adopted by a group. A policy for a group has 3 fe...
Definition: SEkey.h:178
sekey_stop
int sekey_stop()
API to stop the SEkey KMS.
Definition: SEkey.cpp:441
SEKEY_FILE_NOT_FOUND
Definition: SEkey.h:34
SEFILE_BEGIN
#define SEFILE_BEGIN
Definition: SEfile_C_interface.h:88
se_key_status
se_key_status
Possible status assumed by a key. There are specific rules for status transition, see check_key_trans...
Definition: SEkey.h:75
statement::getstmtref
sqlite3_stmt ** getstmtref()
Definition: SEkey.h:276
se_group::users_list
std::vector< se_user > users_list
Definition: SEkey.h:241
se_key::owner
std::string owner
Definition: SEkey.h:206
KEY_ID_MASTER_SLAVE_END
#define KEY_ID_MASTER_SLAVE_END
Maximum range value of master-slave key identifiers.
Definition: SEkey.h:70
sekey_delete_user_group
int sekey_delete_user_group(std::string &user_id, std::string &group_id)
Delete a user from a group. All keys of that group will be deleted from the SEcube of the user....
se_user::k1
uint32_t k1
Definition: SEkey.h:157
send_user_init_update
int send_user_init_update(std::string &user_id, std::string &query)
Send to a new SEkey user the update containing basic info to initialize his SEkey database.
sekey_add_user
int sekey_add_user(std::string &user_id, std::string &username)
Add a new user to SEkey. Available only for the administrator.
userinfo_
Simlpe struct used to store the details about the SEkey user which is using the application....
Definition: SEkey.h:141
se_user::get_id
std::string & get_id()
Definition: SEkey.cpp:133
se_user::init
uint32_t init
Definition: SEkey.h:159
se_user::print_user_details
void print_user_details(std::ofstream &sekey_log)
Definition: SEkey.cpp:145
SEKEY_ERR_AUTH
Definition: SEkey.h:35
statement::statement
statement()
Definition: SEkey.h:270
check_input
bool check_input(std::string &in, uint8_t sel)
Checks if an ID matches the corresponding regular expression.
SEKEY_ERR
Definition: SEkey.h:32
group_policy::max_keys
uint32_t max_keys
Definition: SEkey.h:180
SEKEY_USER_DUP
Definition: SEkey.h:40
sekey_group_change_default_cryptoperiod
int sekey_group_change_default_cryptoperiod(std::string &groupID, uint32_t cryptoperiod)
Change the default cryptoperiod of a specific group. Available only for the administrator.
sekey_user_get_info_all
int sekey_user_get_info_all(std::vector< se_user > *users)
Retrieve the details about all users of SEkey.
group_policy::isvalid
bool isvalid()
Definition: SEkey.cpp:269
SEKEY_BLOCKED
Definition: SEkey.h:49
se_user::sn
std::string sn
Definition: SEkey.h:153
se_key_status::statusmin
KEY_ID_RESERVED_RANGE_END
#define KEY_ID_RESERVED_RANGE_END
Maximum range value of reserved key identifiers (100).
Definition: SEkey.h:66
SEKEY_KEY_DUP
Definition: SEkey.h:37
cryptoperiod_to_days
string cryptoperiod_to_days(uint32_t n)
Convert an integer to number of days, hours, minutes and seconds into a readable string.
Definition: SEkey.cpp:5078
open_update_file
int open_update_file(SEfile &updatefile, std::string &sn, bool overwrite, bool create, int mode)
Open an update file of a specific user.
se_user::groups
std::vector< std::string > groups
Definition: SEkey.h:161
SEfile::secure_seek
uint16_t secure_seek(int32_t offset, int32_t *position, uint8_t whence)
This function is used to move the file pointer of a file managed by a SEfile object.
Definition: SEfile.cpp:639
usr_delete_group
int usr_delete_group(char *buffer)
Function executed only when SEkey is running in user mode. This performs the actions requested by req...
Definition: SEkey.cpp:3675
rollback_transaction
int rollback_transaction()
Rollback a SQLite transaction.
Definition: SEkey.cpp:4448
delete_user_from_group_iterator
void delete_user_from_group_iterator(std::vector< std::string > &users, std::string &user_id, std::string &group_id, bool erase)
Wrapper around req_delete_user_from_group() to invoke the function for each user in the users vector ...
userdata_::algo
uint32_t algo
Definition: SEkey.h:129
SEFILE_OPEN
#define SEFILE_OPEN
Definition: SEfile_C_interface.h:69
se_user::id
std::string id
Definition: SEkey.h:151
SEKEY_KEY_NOT_FOUND
Definition: SEkey.h:42
sekey_group_change_max_keys
int sekey_group_change_max_keys(std::string &groupID, uint32_t maxkeys)
Change the maximum number of keys that a group can be associated to. Available only for the administr...
SEfile::secure_open
uint16_t secure_open(char *path, int32_t mode, int32_t creation)
This function opens or creates a secure file managed with SEfile.
Definition: SEfile.cpp:240
DELETE_GROUP
Definition: SEkey.h:26
RECOVERY
Definition: SEkey.h:118
se_key
The key class is used to model a key object. A key has several properties which are kept private (id,...
Definition: SEkey.h:202
sekey_key_get_info
int sekey_key_get_info(std::string &key_id, se_key *key)
Retrieve the details about a single key.
se_key_status::active
usr_store_key
int usr_store_key(char *buffer)
Function executed only when SEkey is running in user mode. Execute operations requested by send_key_u...
Definition: SEkey.cpp:3640
sekey_find_key_v3
int sekey_find_key_v3(std::string &chosen_key, std::string &source_user_id, std::vector< std::string > &dest_user_id, se_key_type keytype)
Find a suitable key to encrypt data given a sender and multiple recipients.
se_user
The user class is used to model a user object. User's attributes are private but methods are availabl...
Definition: SEkey.h:149
userdata
struct userdata_ userdata
Structure used to enclose all elements required by the APIs to initialize a user device inside SEkey.
SEfile::secure_close
uint16_t secure_close()
This function releases the resources related to the underlying SEfile object (i.e....
Definition: SEfile.cpp:809
SEkey.h
This file includes everything about SEkey.
userdata_::uname
std::string uname
Definition: SEkey.h:126
sekey_recovery_request
int sekey_recovery_request(std::string &user_id, std::string &serial_number)
Explicitly request to SEkey to execute the recovery procedure for a specific user,...
sekey_init_user_SEcube
int sekey_init_user_SEcube(std::string &uid, std::string &userpin, std::string &adminpin, std::vector< std::string > &pin)
API to initialize the SEcube device of a SEkey user. Admin only.
statement::finalize
void finalize()
Definition: SEkey.h:278
userdata_::k2
uint32_t k2
Definition: SEkey.h:128
wildcard_key_ID
#define wildcard_key_ID
The key ID 2 is reserved for internal purposes of SEkey.
Definition: SEkey.h:72
sekey_key_get_info_all
int sekey_key_get_info_all(std::vector< se_key > *keys)
Retrieve the details about all keys of SEkey.
se_key::expiration
time_t expiration
Definition: SEkey.h:213
delete_group_iterator
void delete_group_iterator(std::vector< std::string > &users, std::string &group_id, bool erase)
Wrapper around req_delete_group() to invoke the function for each user in the users vector passed as ...
sekey_write_recovery
int sekey_write_recovery(std::string &user_id, std::string &serial_number)
Generate the recovery file for a specific user. Available only for the administrator.
se_group::keys_counter
uint32_t keys_counter
Definition: SEkey.h:239
usr_delete_user
int usr_delete_user(char *buffer)
Function executed only when SEkey is running in user mode. This performs the actions requested by req...
Definition: SEkey.cpp:3554
se_user::k2
uint32_t k2
Definition: SEkey.h:158
statement::stmt
sqlite3_stmt * stmt
Definition: SEkey.h:267
se_user::set_name
void set_name(std::string &new_name)
Definition: SEkey.cpp:137
SEKEY_RESTART
Definition: SEkey.h:45
filetype
filetype
Used to identify the different types of files used by the update mechanism of SEkey....
Definition: SEkey.h:116
process_update_file
int process_update_file()
Process updates for the current user.
Definition: SEkey.cpp:3812
sekey_add_user_group
int sekey_add_user_group(std::string &userID, std::string &groupID)
Add an existing user to an existing group. Available only for the administrator.
usr_delete_user_from_group
int usr_delete_user_from_group(char *buffer)
Function executed only when SEkey is running in user mode. This performs the actions requested by req...
Definition: SEkey.cpp:3445
sekey_admin_init
int sekey_admin_init(L1 &l1, std::vector< std::string > &pin, std::string &userpin, std::string &adminpin)
Initialize the SEcube of the administrator of SEkey.
se_user::user_pin
std::string user_pin
Definition: SEkey.h:154
sekey_user_get_info
int sekey_user_get_info(std::string &userid, se_user *user)
Retrieve the details about a single user.
se_key::type
se_key_type type
Definition: SEkey.h:208
se_group::name
std::string name
Definition: SEkey.h:237
KEY_ID_MASTER_SLAVE_BEGIN
#define KEY_ID_MASTER_SLAVE_BEGIN
Minimum range value of master-slave key identifiers.
Definition: SEkey.h:69
NAMELEN
#define NAMELEN
This is the maximum length accepted for a name or label (i.e. the username, the label of a group or t...
Definition: SEkey.h:16
req_delete_group
void req_delete_group(std::string &user_id, std::string &gid, bool erase)
Function to write in the update file of a user the request to delete a group from SEkey.
se_key_status::preactive
sekey_group_get_info_all
int sekey_group_get_info_all(std::vector< se_group > *groups)
Retrieve the details about all groups of SEkey (keys and users excluded).
se_key::length
uint32_t length
Definition: SEkey.h:210
sekey_delete_user
int sekey_delete_user(std::string &userID)
Delete a user from SEkey; the user will not be able to use the key management system anymore....
algovalid
bool algovalid(uint32_t algorithm)
Check if the algorithm is valid. In order to be valid, the algorithm should be included in L1Algorith...
Definition: SEkey.cpp:4949
sekey_delete_group
int sekey_delete_group(std::string &groupID)
API to delete a group from SEkey. Available only for the administrator.
send_key_update
void send_key_update(std::string &user_id, uint32_t kid, uint32_t key_len, bool erase)
Function to write in a secure way a key of SEkey to the update file of a user. Available only for the...
userdata_::k1_data
std::unique_ptr< uint8_t[]> k1_data
Definition: SEkey.h:132
NORMAL
Definition: SEkey.h:119
get_u32
uint32_t get_u32(sqlite3_stmt *stmt, int index)
Wrapper around sqlite3_column_int64() to retrieve the corresponding 32 bit unsigned value.
Definition: SEkey.cpp:4647
usr_sql_exec
int usr_sql_exec(char *buffer, uint32_t bufsize)
Function executed only when SEkey is running in user mode. This function will execute a SQL query wri...
sekey_key_change_status
int sekey_key_change_status(std::string &key_id, se_key_status status)
Change the status of a key. Available only for the administrator.
se_group::keys_list
std::vector< se_key > keys_list
Definition: SEkey.h:242
sekey_gettime
time_t sekey_gettime()
SEkey interface to retrieve the timestamp to be set for any KMS need. This API should be customized i...
Definition: SEkey.cpp:3438
MAX_PATHNAME
#define MAX_PATHNAME
Definition: SEfile_C_interface.h:165
databases
std::vector< std::unique_ptr< SEfile > > databases
Definition: SEcureDB.cpp:5
user_allowed
bool user_allowed()
Check if SEkey in user mode is updated to latest version. If not block every operation.
Definition: SEkey.cpp:4608
SEFILE_READ
#define SEFILE_READ
Definition: SEfile_C_interface.h:48
SEFILE_NEWFILE
#define SEFILE_NEWFILE
Definition: SEfile_C_interface.h:68
send_sql_update
void send_sql_update(std::string &user_id, std::string &query, bool erase)
Write a SQL query to the update file of a specific user.
is_group_present
int is_group_present(std::string &group_id)
Same as is_user_present(), simply written for groups. May throw.
se_key::destruction
time_t destruction
Definition: SEkey.h:216
se_key_status::deactivated
sekey_update_userdata
int sekey_update_userdata()
Synchronize the data of SEkey stored on the SEcube of the user with the data stored on the SEcube of ...
Definition: SEkey.cpp:549
KEY_ID_RESERVED_RANGE_BEGIN
#define KEY_ID_RESERVED_RANGE_BEGIN
Minimum value of reserved key identifiers (notice that 1 and 2 are already used by SEkey).
Definition: SEkey.h:65
SEKEY_ERR_PARAMS
Definition: SEkey.h:43
SEKEY_RESTART_REPROG
Definition: SEkey.h:48
req_delete_user
void req_delete_user(std::string &user_id, std::string &uid, bool erase)
Function to write in the update file of a user the request to delete entirely another user from SEkey...
SEKEY_GROUP_DUP
Definition: SEkey.h:39
SEFILE_WRITE
#define SEFILE_WRITE
Definition: SEfile_C_interface.h:49
se_key::algorithm
uint32_t algorithm
Definition: SEkey.h:209
sekey_group_get_info
int sekey_group_get_info(std::string &groupID, se_group *group)
Retrieve the details about a single group (keys and users excluded).
SEfile::secure_read
uint16_t secure_read(uint8_t *dataOut, uint32_t dataOut_len, uint32_t *bytesRead)
This function reads dataOut_len bytes into dataOut from the file descriptor managed by the underlying...
Definition: SEfile.cpp:552
se_key_status::suspended
userdata_::uid
std::string uid
Definition: SEkey.h:125
userdata_::k1
uint32_t k1
Definition: SEkey.h:127
commit_transaction
int commit_transaction()
Commit a SQLite transaction.
Definition: SEkey.cpp:4467
SEKEY_UNCHANGED
Definition: SEkey.h:44
se_key::name
std::string name
Definition: SEkey.h:205
SQL_QUERY
Definition: SEkey.h:25
se_key::cryptoperiod
time_t cryptoperiod
Definition: SEkey.h:218
SEKEY_UNSUPPORTED
Definition: SEkey.h:52
se_user::admin_pin
std::string admin_pin
Definition: SEkey.h:155
SEkey_running
bool SEkey_running
Definition: SEkey.cpp:21
sekey_find_key_v2
int sekey_find_key_v2(std::string &chosen_key, std::string &source_user_id, std::string &group_id, se_key_type keytype)
Find a suitable key to encrypt data to be delivered from a single user to an entire group.
key_update_iterator
void key_update_iterator(std::vector< std::string > &users, uint32_t kid, uint32_t key_len, bool erase)
Wrapper around send_key_update() to invoke the function for each user in the users vector passed as a...
SEKEY_OK
Definition: SEkey.h:31
SEKEY_SUSPENDED_KEY
Definition: SEkey.h:59
SEfile::secure_write
uint16_t secure_write(uint8_t *dataIn, uint32_t dataIn_len)
This function writes the bytes stored at dataIn to the encrypted file managed by the SEfile object on...
Definition: SEfile.cpp:432
SEKEY_FILE_FOUND
Definition: SEkey.h:33
se_key::id
std::string id
Definition: SEkey.h:204
algocmp
int algocmp(uint32_t algo1, uint32_t algo2)
Check if algo1 is stronger than algo2. Return 1 if stronger, return -1 if weaker, 0 if equal.
Definition: SEkey.cpp:4621
algomap
string algomap(uint32_t algo)
Map an algorithm (expressed as integer) to the corresponding algorithm expressed as string.
Definition: SEkey.cpp:5055
IDLEN
#define IDLEN
Maximum length expected (in bytes) for a generic ID (could be a key, a user or a group)....
Definition: SEkey.h:15
se_user::add_group
void add_group(std::string &group)
Definition: SEkey.cpp:141
group_policy::default_cryptoperiod
uint32_t default_cryptoperiod
Definition: SEkey.h:182
stoul_wrap
uint32_t stoul_wrap(std::string &s)
Wrapper around stoul() function.
reset_user_recovery
int reset_user_recovery(std::string &user_id, std::string &sn)
Remove a user from list of users who need a complete recovery of the SEkey database....
sqlite3_column_text_wrapper
string sqlite3_column_text_wrapper(sqlite3_stmt *stmt, int col)
Safe wrapper around the sqlite3_column_text() API of SQLite.
Definition: SEkey.cpp:4676
se_key_status::statusmax
se_group
Implement the concept of group inside SEkey. Class members are kept private and suitable getter/sette...
Definition: SEkey.h:234
sekey_user_init
int sekey_user_init(std::string &user_id, std::string &username, std::string &sn)
Function to add a user to SEkey, embedded by sekey_add_user(). Must not be called explicitly,...
is_key_present
int is_key_present(std::string &key_id)
Same as is_user_present(), simply written for keys. May throw.
SEKEY_COMPROMISED_KEY
Definition: SEkey.h:55
SEKEY_GROUP_NOT_FOUND
Definition: SEkey.h:38
secure_getfilesize
uint16_t secure_getfilesize(char *path, uint32_t *position, L1 *SEcubeptr)
This function is used to get the total logic size of an encrypted file pointed by path....
Definition: SEfile.cpp:1452
sqlite3_expanded_sql_wrapper
int sqlite3_expanded_sql_wrapper(sqlite3_stmt *stmt, std::string &s)
Wrapper around the sqlite3_expanded_sql() function from SQLite.
PINLEN
#define PINLEN
Length (bytes) of the PIN used to login as user or admin to the SEcube.
Definition: SEkey.h:13
statement::getstmt
sqlite3_stmt * getstmt()
Definition: SEkey.h:274
se3_flash_maintenance_routine
void se3_flash_maintenance_routine()
Retrieves the ID of all the keys stored inside the flash of the SEcube. If the ID is not found inside...
Definition: SEkey.cpp:4486
SEfile
A SEfile object is used to manage a file encrypted with SEfile.
Definition: SEfile.h:117
statusmap
string statusmap(se_key_status s)
Convert a key status to the corresponding string. May throw exceptions.
Definition: SEkey.cpp:4957
se_key::safer
bool safer(se_key &chosen)
Definition: SEkey.cpp:89
sekey_key_change_name
int sekey_key_change_name(std::string &key_id, std::string &key_name)
Change the name of a key. Available only for the administrator.
userdata_
Structure used to enclose all elements required by the APIs to initialize a user device inside SEkey.
Definition: SEkey.h:123
se_key::compromise
time_t compromise
Definition: SEkey.h:215
INIT
Definition: SEkey.h:117
check_key_transition_validity
int check_key_transition_validity(se_key_status current_status, se_key_status new_status)
Check if a key status transition is allowed or not.
Definition: SEkey.cpp:4837
SEKEY_DESTROYED_KEY
Definition: SEkey.h:56
se_key::status
se_key_status status
Definition: SEkey.h:207
generate_serial_number
int generate_serial_number(char *sn)
Generate a 32 byte serial number for a SEcube device.
Definition: SEkey.cpp:4696
DELETE_USER_FROM_GROUP
Definition: SEkey.h:22
KEY_ID_SEKEY_BEGIN
#define KEY_ID_SEKEY_BEGIN
Minimum range value of standard SEkey key identifiers (101).
Definition: SEkey.h:67
se_key_status::destroyed
sekey_group_change_name
int sekey_group_change_name(std::string &groupID, std::string &newname)
Change the name of a group. Available only for the administrator.
TRY_LIMIT
#define TRY_LIMIT
Maximum number of attempts updating SEkey in user mode. If the limit is reached and the update failed...
Definition: SEkey.h:17
se_user::set_id
void set_id(std::string &new_id)
Definition: SEkey.cpp:129
sekey_error
sekey_error
Error codes returned by functions of SEkey.
Definition: SEkey.h:30
execute_update
int execute_update(std::string &filepath)
Read an update file (of any type) and process its content.
SEKEY_REPROG
Definition: SEkey.h:47
SEFILE_END
#define SEFILE_END
Definition: SEfile_C_interface.h:90
sekey_printlog
void sekey_printlog(std::string &msg)
Insert the string passed as parameter in the SEkey logfile of the current user or of the administrato...
userdata_::k2_data
std::unique_ptr< uint8_t[]> k2_data
Definition: SEkey.h:133
AES256KEYLEN
#define AES256KEYLEN
Length of an AES-256 key expressed in bytes.
Definition: SEkey.h:14
sekey_find_key_v1
int sekey_find_key_v1(std::string &chosen_key, std::string &source_user_id, std::string &dest_user_id, se_key_type keytype)
Find a suitable key to encrypt data given a couple of users source-destination.
SEKEY_PREACTIVE_KEY
Definition: SEkey.h:58
delete_user_iterator
void delete_user_iterator(std::vector< std::string > &users, std::string &user_id, bool erase)
Wrapper around req_delete_user() to invoke the function for each user in the users vector passed as a...
se_user::algorithm
std::string algorithm
Definition: SEkey.h:156
se_key_status::compromised
deletefile
bool deletefile(SEfile *fileptr, std::string &filepath)
Delete a file encrypted with SEfile. This embeds plaintext filepath translation to encrypted filepath...
Definition: SEkey.cpp:3800
sekey_readlog
int sekey_readlog(std::string *sn, std::string &output)
Retrieve the content of the logfile associated to a specific SEcube.
SEKEY_INVALID_KEY
Definition: SEkey.h:53
userdata_::sn
std::string sn
Definition: SEkey.h:124
KEY_ID_SEKEY_END
#define KEY_ID_SEKEY_END
Maximum range value of standard SEkey key identifiers (2^32 -1 -100000).
Definition: SEkey.h:68
se_group::policy
group_policy policy
Definition: SEkey.h:240
userinfo
struct userinfo_ userinfo
Simlpe struct used to store the details about the SEkey user which is using the application....
SEKEY_USER_GROUP_DUP
Definition: SEkey.h:36
epoch_to_localtime
string epoch_to_localtime(time_t t)
Convert an integer (epoch time) to the local time as readable string.
Definition: SEkey.cpp:5089
SEKEY_USER_NOT_FOUND
Definition: SEkey.h:41