SEcube open-source SDK
|
This is the SEfile header that contains most of the methods, constants and structures used by SEfile. More...
Go to the source code of this file.
Classes | |
struct | SEFILE_HANDLE |
The SEFILE_HANDLE struct This abstract data type is used to hide from higher level of abstraction its implementation. The data stored in here are the current physical file pointer position and the file descriptor OS-dependent data type. More... | |
struct | SEKEY_HEADER |
The header of each file encrypted with SEfile. This is the header that contains info for the SEkey system. It is stored as cleartext and it is not authenticated. The dimension is always SEKEY_HDR_LEN. More... | |
struct | SEFILE_HEADER |
The SEFILE_HEADER struct This data struct is used to define a 31 bytes field inside a sector while taking care of its inner composition. More... | |
struct | SEFILE_SECTOR |
The SEFILE_SECTOR struct This data struct is the actual sector organization. The total size should ALWAYS be equal to SEFILE_SECTOR_SIZE. The first sector is used to hold ONLY the header. Thanks to the union data type, the developer can simply declare a sector and then choose if it is the header sector or not. More... | |
class | SEfile |
A SEfile object is used to manage a file encrypted with SEfile. More... | |
Macros | |
#define | KEY_CHECK_INTERVAL 1 |
Time interval (in seconds) used to check for the validity of the key used to encrypt the file. | |
#define | SEFILE_NONCE_LEN 32 |
#define | SEKEY_HDR_LEN 16 |
Length of header sector reserved to SEkey informations. More... | |
Functions | |
uint16_t | get_secure_context (std::string &filename, std::string *keyid, uint16_t *algo) |
This function retrieves the key ID and the algorithm used to encrypt the file specified by filename. More... | |
uint16_t | secure_mkdir (std::string &path, L1 *SEcubeptr, uint32_t key) |
This function creates a directory with an encrypted name. More... | |
uint16_t | secure_ls (std::string &path, std::vector< std::pair< std::string, std::string >> &list, L1 *SEcubeptr) |
This function identifies which encrypted files and encrypted directories are present in the directory pointed by path and writes them in list. More... | |
uint16_t | secure_getfilesize (char *path, uint32_t *position, L1 *SEcubeptr) |
This function is used to get the total logic size of an encrypted file pointed by path. Logic size will always be smaller than physical size because it takes into account the overhead introduced by SEfile. More... | |
uint16_t | secure_recrypt (std::string path, uint32_t key, L1 *SEcubeptr) |
This function re-encrypts an encrypted file pointed by path with the new key specified as parameter. More... | |
uint16_t | decrypt_filename (std::string &path, char *filename, L1 *SEcubeptr) |
This function is used to compute the plaintext of an encrypted filename stored in path. More... | |
uint16_t | crypt_dirname (std::string &path, char *encDirname, uint32_t *enc_len, L1 *SEcubeptr, uint32_t key) |
This function is used to compute the ciphertext of a directory name stored in dirname. More... | |
uint16_t | decrypt_dirname (std::string &path, char *decDirname, L1 *SEcubeptr) |
This function is used to compute the plaintext of am encrypted directory name stored in dirname. More... | |
uint16_t | encrypt_name (void *buff1, void *buff2, size_t size, uint16_t direction, L1 *SEcubeptr, uint32_t key) |
Internally used by crypt_dirname and decrypt_dirname(). | |
uint16_t | valid_directory_name (std::string &name) |
This function checks if the given name can be a valid SEfile directory name. More... | |
uint16_t | valid_file_name (std::string &name) |
This function checks if the given name can be a valid SEfile file name. More... | |
size_t | pos_to_cipher_block (size_t current_position) |
Internally used by SEfile functions. | |
void | compute_blk_offset (size_t current_offset, uint8_t *nonce) |
Internally used by SEfile functions. | |
void | get_filename (char *path, char *file_name) |
Extract the name of a file from its path. | |
void | get_path (char *full_path, char *path) |
Extract the path of a file removing the file name. | |
Variables | |
bool | override_key_check |
Global flag that is used to bypass the validity check of a key to read or write encrypted data. It is used only to re-encrypt data belonging to a compromised file. | |
This is the SEfile header that contains most of the methods, constants and structures used by SEfile.
#define SEKEY_HDR_LEN 16 |
Length of header sector reserved to SEkey informations.
This is the length of the header required by SEkey. it is embedded in the SEfile header; the length of the SEkey header must be a multiple of the block size used by the cipher (16 bytes for AES256 at the moment) because the size of the data to cipher inside the first sector is 512 - SEFILE_NONCE_LEN - SEKEY_HDR_LEN and it must be a multiple of 16.
uint16_t crypt_dirname | ( | std::string & | path, |
char * | encDirname, | ||
uint32_t * | enc_len, | ||
L1 * | SEcubeptr, | ||
uint32_t | key | ||
) |
This function is used to compute the ciphertext of a directory name stored in dirname.
[in] | path | Path to the directory whose name has to be encrypted. |
[out] | encDirname | A preallocated string where to store the encrypted directory name. |
[out] | enc_len | Where to store how many bytes the encrypted directory name is long. Can be NULL. |
[in] | SEcubeptr | Pointer to the L1 object used to communicate with the SEcube. |
[in] | key | ID of the key to be used to encrypt the name of the new directory. |
uint16_t decrypt_dirname | ( | std::string & | path, |
char * | decDirname, | ||
L1 * | SEcubeptr | ||
) |
This function is used to compute the plaintext of am encrypted directory name stored in dirname.
[in] | dirpath | Path to the directory whose name has to be decrypted. |
[out] | decDirname | A preallocated char array where to store the decrypted directory name. |
[in] | SEcubeptr | Pointer to the L1 object used to communicate with the SEcube. |
uint16_t decrypt_filename | ( | std::string & | path, |
char * | filename, | ||
L1 * | SEcubeptr | ||
) |
This function is used to compute the plaintext of an encrypted filename stored in path.
[in] | path | Where the encrypted file is stored, it can be an absolute or relative path. No encrypted directory names are allowed. |
[out] | filename | A preallocated string where to store the plaintext filename. |
[in] | SEcubeptr | Pointer to the L1 object used to communicate with the SEcube. |
uint16_t get_secure_context | ( | std::string & | filename, |
std::string * | keyid, | ||
uint16_t * | algo | ||
) |
This function retrieves the key ID and the algorithm used to encrypt the file specified by filename.
[in] | filename | Absolute or relative path of the file. |
[out] | keyid | The ID of the key used to encrypt the file. |
[out] | algo | The algorithm used to encrypt the file. |
uint16_t secure_getfilesize | ( | char * | path, |
uint32_t * | position, | ||
L1 * | SEcubeptr | ||
) |
This function is used to get the total logic size of an encrypted file pointed by path. Logic size will always be smaller than physical size because it takes into account the overhead introduced by SEfile.
[in] | path | Absolute or relative path the file. |
[out] | position | Where the size of the file is stored. |
[in] | SEcubeptr | Pointer to the L1 object used to communicate with the SEcube. |
uint16_t secure_ls | ( | std::string & | path, |
std::vector< std::pair< std::string, std::string >> & | list, | ||
L1 * | SEcubeptr | ||
) |
This function identifies which encrypted files and encrypted directories are present in the directory pointed by path and writes them in list.
[in] | path | Absolute or relative path to the directory to browse. |
[out] | list | List of pairs containing the encrypted name and the decrypted name. |
[in] | SEcubeptr | Pointer to the L1 object used to communicate with the SEcube. |
Notice that, if the name of a file or of a directory belonging to the path is not associated to SEfile, then it is copied as it is in the list. This function is not recursive.
uint16_t secure_mkdir | ( | std::string & | path, |
L1 * | SEcubeptr, | ||
uint32_t | key | ||
) |
This function creates a directory with an encrypted name.
[in] | path | Absolute or relative path of the new directory. |
[in] | SEcubeptr | Pointer to the L1 object used to communicate with the SEcube. |
[in] | key | ID of the key to be used to encrypt the name of the new directory. |
uint16_t secure_recrypt | ( | std::string | path, |
uint32_t | key, | ||
L1 * | SEcubeptr | ||
) |
This function re-encrypts an encrypted file pointed by path with the new key specified as parameter.
[in] | path | Absolute or relative path of the file. |
[in] | key | The ID of the key used to encrypt the file. |
[in] | SEcubeptr | Pointer to the L1 object used to communicate with the SEcube. |
This function should be used to re-encrypt a file that was encrypted with a key that is not trusted anymore (i.e. a compromised key).
uint16_t valid_directory_name | ( | std::string & | name | ) |
This function checks if the given name can be a valid SEfile directory name.
[in] | name | Name of the directory. |
This function takes as input the name of a directory and checks if it matches the requirements of an encrypted directory name create with secure_mkdir() (i.e. alphanumeric characters, minimum number of characters, etc.).
uint16_t valid_file_name | ( | std::string & | name | ) |
This function checks if the given name can be a valid SEfile file name.
[in] | name | Name of the file. |
This function takes as input the name of a file and checks if it matches the requirements of an encrypted file name created with crypto_filename() (i.e. alphanumeric characters, minimum number of characters, etc.).