SEcube open-source SDK
Macros | Functions | Variables
SEfile.cpp File Reference

In this file you will find the implementation of the functions already described in SEfile.h and SEfile_C_interface.h. More...

#include "environment.h"
#include "SEfile.h"
#include "../sekey/SEkey.h"

Functions

uint16_t get_secure_context (std::string &filename, std::string *keyid, uint16_t *algo)
 This function retrieves the key ID and the algorithm used to encrypt the file specified by filename. More...
 
uint16_t secure_mkdir (std::string &path, L1 *SEcubeptr, uint32_t key)
 This function creates a directory with an encrypted name. More...
 
uint16_t secure_ls (std::string &path, std::vector< std::pair< std::string, std::string >> &list, L1 *SEcubeptr)
 This function identifies which encrypted files and encrypted directories are present in the directory pointed by path and writes them in list. More...
 
uint16_t crypt_dirname (std::string &path, char *encDirname, uint32_t *enc_len, L1 *SEcubeptr, uint32_t key)
 This function is used to compute the ciphertext of a directory name stored in dirname. More...
 
uint16_t decrypt_dirname (std::string &path, char *decDirname, L1 *SEcubeptr)
 This function is used to compute the plaintext of am encrypted directory name stored in dirname. More...
 
uint16_t encrypt_name (void *buff1, void *buff2, size_t size, uint16_t direction, L1 *SEcubeptr, uint32_t key)
 Internally used by crypt_dirname and decrypt_dirname().
 
uint16_t decrypt_filename (std::string &path, char *filename, L1 *SEcubeptr)
 This function is used to compute the plaintext of an encrypted filename stored in path. More...
 
uint16_t crypto_filename (char *path, char *enc_name, uint16_t *encoded_length)
 This function computes the encrypted name of the file specified as path. More...
 
uint16_t secure_getfilesize (char *path, uint32_t *position, L1 *SEcubeptr)
 This function is used to get the total logic size of an encrypted file pointed by path. Logic size will always be smaller than physical size because it takes into account the overhead introduced by SEfile. More...
 
uint16_t secure_recrypt (std::string path, uint32_t key, L1 *SEcubeptr)
 This function re-encrypts an encrypted file pointed by path with the new key specified as parameter. More...
 
void compute_blk_offset (size_t current_offset, uint8_t *nonce)
 Internally used by SEfile functions.
 
uint16_t valid_directory_name (std::string &name)
 This function checks if the given name can be a valid SEfile directory name. More...
 
uint16_t valid_file_name (std::string &name)
 This function checks if the given name can be a valid SEfile file name. More...
 
size_t pos_to_cipher_block (size_t current_position)
 Internally used by SEfile functions.
 
void get_path (char *full_path, char *path)
 Extract the path of a file removing the file name.
 
void get_filename (char *path, char *file_name)
 Extract the name of a file from its path.
 

Variables

bool override_key_check = false
 Global flag that is used to bypass the validity check of a key to read or write encrypted data. It is used only to re-encrypt data belonging to a compromised file.
 

Detailed Description

In this file you will find the implementation of the functions already described in SEfile.h and SEfile_C_interface.h.

Authors
Matteo Fornero, Francesco Giavatto, Nicolo Maunero, Giulio Scalia
Date
17/09/2016

Function Documentation

◆ crypt_dirname()

uint16_t crypt_dirname ( std::string &  path,
char *  encDirname,
uint32_t *  enc_len,
L1 *  SEcubeptr,
uint32_t  key 
)

This function is used to compute the ciphertext of a directory name stored in dirname.

Parameters
[in]pathPath to the directory whose name has to be encrypted.
[out]encDirnameA preallocated string where to store the encrypted directory name.
[out]enc_lenWhere to store how many bytes the encrypted directory name is long. Can be NULL.
[in]SEcubeptrPointer to the L1 object used to communicate with the SEcube.
[in]keyID of the key to be used to encrypt the name of the new directory.
Returns
The function returns 0 in case of success. See error values for error list.

◆ crypto_filename()

uint16_t crypto_filename ( char *  path,
char *  enc_name,
uint16_t *  encoded_length 
)

This function computes the encrypted name of the file specified as path.

Parameters
[in]pathAbsolute or relative path of a file (it must be plaintext, it cannot be a directory).
[out]enc_namePre-allocated char array where the encrypted filename should be stored.
[out]encoded_lengthLength of the encrypted filename.
Returns
The function returns 0 in case of success. See error values for error list.

The encrypted filename is the SHA-256 digest of the original name. It is expressed as a string of 64 characters (HEX format).

◆ decrypt_dirname()

uint16_t decrypt_dirname ( std::string &  path,
char *  decDirname,
L1 *  SEcubeptr 
)

This function is used to compute the plaintext of am encrypted directory name stored in dirname.

Parameters
[in]dirpathPath to the directory whose name has to be decrypted.
[out]decDirnameA preallocated char array where to store the decrypted directory name.
[in]SEcubeptrPointer to the L1 object used to communicate with the SEcube.
Returns
The function returns 0 in case of success. See error values for error list.

◆ decrypt_filename()

uint16_t decrypt_filename ( std::string &  path,
char *  filename,
L1 *  SEcubeptr 
)

This function is used to compute the plaintext of an encrypted filename stored in path.

Parameters
[in]pathWhere the encrypted file is stored, it can be an absolute or relative path. No encrypted directory names are allowed.
[out]filenameA preallocated string where to store the plaintext filename.
[in]SEcubeptrPointer to the L1 object used to communicate with the SEcube.
Returns
The function returns 0 in case of success. See error values for error list.

◆ get_secure_context()

get_secure_context ( std::string &  filename,
std::string *  keyid,
uint16_t *  algo 
)

This function retrieves the key ID and the algorithm used to encrypt the file specified by filename.

Parameters
[in]filenameAbsolute or relative path of the file.
[out]keyidThe ID of the key used to encrypt the file.
[out]algoThe algorithm used to encrypt the file.
Returns
The function returns 0 in case of success. See error values for error list.

◆ secure_getfilesize()

uint16_t secure_getfilesize ( char *  path,
uint32_t *  position,
L1 *  SEcubeptr 
)

This function is used to get the total logic size of an encrypted file pointed by path. Logic size will always be smaller than physical size because it takes into account the overhead introduced by SEfile.

Parameters
[in]pathAbsolute or relative path the file.
[out]positionWhere the size of the file is stored.
[in]SEcubeptrPointer to the L1 object used to communicate with the SEcube.
Returns
The function returns 0 in case of success. See error values for error list.

◆ secure_ls()

uint16_t secure_ls ( std::string &  path,
std::vector< std::pair< std::string, std::string >> &  list,
L1 *  SEcubeptr 
)

This function identifies which encrypted files and encrypted directories are present in the directory pointed by path and writes them in list.

Parameters
[in]pathAbsolute or relative path to the directory to browse.
[out]listList of pairs containing the encrypted name and the decrypted name.
[in]SEcubeptrPointer to the L1 object used to communicate with the SEcube.
Returns
The function returns a 0 in case of success. See error values for error list.

Notice that, if the name of a file or of a directory belonging to the path is not associated to SEfile, then it is copied as it is in the list. This function is not recursive.

◆ secure_mkdir()

uint16_t secure_mkdir ( std::string &  path,
L1 *  SEcubeptr,
uint32_t  key 
)

This function creates a directory with an encrypted name.

Parameters
[in]pathAbsolute or relative path of the new directory.
[in]SEcubeptrPointer to the L1 object used to communicate with the SEcube.
[in]keyID of the key to be used to encrypt the name of the new directory.
Returns
The function returns 0 in case of success. See error values for error list.

◆ secure_recrypt()

secure_recrypt ( std::string  path,
uint32_t  key,
L1 *  SEcubeptr 
)

This function re-encrypts an encrypted file pointed by path with the new key specified as parameter.

Parameters
[in]pathAbsolute or relative path of the file.
[in]keyThe ID of the key used to encrypt the file.
[in]SEcubeptrPointer to the L1 object used to communicate with the SEcube.
Returns
The function returns 0 in case of success. See error values for error list.

This function should be used to re-encrypt a file that was encrypted with a key that is not trusted anymore (i.e. a compromised key).

◆ valid_directory_name()

uint16_t valid_directory_name ( std::string &  name)

This function checks if the given name can be a valid SEfile directory name.

Parameters
[in]nameName of the directory.
Returns
The function returns 0 in case of success. See error values for error list.

This function takes as input the name of a directory and checks if it matches the requirements of an encrypted directory name create with secure_mkdir() (i.e. alphanumeric characters, minimum number of characters, etc.).

◆ valid_file_name()

uint16_t valid_file_name ( std::string &  name)

This function checks if the given name can be a valid SEfile file name.

Parameters
[in]nameName of the file.
Returns
The function returns 0 in case of success. See error values for error list.

This function takes as input the name of a file and checks if it matches the requirements of an encrypted file name created with crypto_filename() (i.e. alphanumeric characters, minimum number of characters, etc.).