SEcube open-source SDK
SEfile.h
Go to the documentation of this file.
1 
7 #ifndef SEFILE_H_
8 #define SEFILE_H_
9 
10 #include "../sources/L1/L1.h"
11 #include "SEfile_C_interface.h"
12 
13 #define KEY_CHECK_INTERVAL 1
14 #define SEFILE_NONCE_LEN 32
15 extern bool override_key_check;
22 #define SEKEY_HDR_LEN 16
23 
26 #pragma pack(push,1)
27 struct SEFILE_HANDLE {
28  uint32_t log_offset;
29 #if defined(__linux__) || defined(__APPLE__)
30  int32_t fd;
31 #elif _WIN32
32  HANDLE fd;
33 #endif
34  uint8_t nonce_ctr[16];
35  uint8_t nonce_pbkdf2[SEFILE_NONCE_LEN];
36  char name[MAX_PATHNAME]; /*< String that contains the name of the file. This is exploited only by the SEcure Database in order to run other databases apart from the one of SEkey. */
37  SEFILE_HANDLE();
38 };
39 
43 struct SEKEY_HEADER {
44  uint32_t key_id;
45  uint16_t algorithm;
46  uint8_t padding[10];
47 };
48 
52 struct SEFILE_HEADER {
53  uint8_t nonce_pbkdf2[SEFILE_NONCE_LEN];
55  uint8_t nonce_ctr[16];
56  int32_t magic;
57  int16_t ver;
58  int32_t uid;
59  int32_t uid_cnt;
60  uint8_t fname_len;
61 };
62 
69 struct SEFILE_SECTOR {
70  union {
76  };
77  uint16_t len;
78  uint8_t signature[32];
79  SEFILE_SECTOR();
80 };
81 #pragma pack(pop)
82 
83 /* functions not related to SEfile objects that can be called by higher levels */
84 uint16_t get_secure_context(std::string& filename, std::string *keyid, uint16_t *algo);
85 uint16_t secure_mkdir(std::string& path, L1 *SEcubeptr, uint32_t key);
86 uint16_t secure_ls(std::string& path, std::vector<std::pair<std::string, std::string>>& list, L1 *SEcubeptr);
87 uint16_t secure_getfilesize(char *path, uint32_t * position, L1 *SEcubeptr);
88 uint16_t secure_recrypt(std::string path, uint32_t key, L1 *SEcubeptr);
89 
90 /* functions that are not related to SEfile objects that should not be called by higher levels because they are used internally by SEfile methods */
91 uint16_t decrypt_filename(std::string& path, char *filename, L1 *SEcubeptr);
99 uint16_t crypt_dirname(std::string& path, char *encDirname, uint32_t* enc_len, L1 *SEcubeptr, uint32_t key);
100 uint16_t decrypt_dirname(std::string& path, char *decDirname, L1 *SEcubeptr);
101 uint16_t encrypt_name(void* buff1, void* buff2, size_t size, uint16_t direction, L1 *SEcubeptr, uint32_t key);
102 uint16_t valid_directory_name(std::string& name);
103 uint16_t valid_file_name(std::string& name);
104 size_t pos_to_cipher_block(size_t current_position);
105 void compute_blk_offset(size_t current_offset, uint8_t* nonce);
106 void get_filename(char *path, char *file_name);
107 void get_path(char *full_path, char *path);
117 class SEfile{
118 public:
119  uint32_t EnvKeyID;
120  uint16_t EnvCrypto;
123  bool IsOpen;
124  L1 *l1;
125  std::shared_ptr<SEFILE_HANDLE> handleptr;
126  /* Notice that a shared_ptr is used for the SEFILE_HANDLE structure because it is more manageable by other components of the SEcube SDK (i.e. SEkey KMS and the SEcure Database).
127  * Considering SEfile only, having a pointer or having directly the structure inside the class makes no difference...but it makes a difference when using SEfile together with SQLite
128  * for the SEcure Database. Therefore, in order to keep the same object for the normal SEfile version and for the SEfile of the SEcure DB, the smart pointer is better. */
129  SEfile();
130  SEfile(L1 *secube);
131  SEfile(L1 *secube, uint32_t keyID);
132  SEfile(L1 *secube, uint32_t keyID, uint16_t crypto);
133  ~SEfile();
134  /* APIs of SEfile */
135  uint16_t secure_init(L1 *l1ptr, uint32_t keyID, uint16_t crypto);
136  void secure_finit();
145  uint16_t secure_open(char *path, int32_t mode, int32_t creation);
147  uint16_t secure_close();
148  uint16_t secure_read(uint8_t *dataOut, uint32_t dataOut_len, uint32_t *bytesRead);
149  uint16_t secure_write(uint8_t *dataIn, uint32_t dataIn_len);
150  uint16_t secure_seek(int32_t offset, int32_t *position, uint8_t whence);
151  uint16_t secure_truncate(uint32_t size);
152  uint16_t secure_sync();
154 
163  uint16_t secure_create(char *path, std::shared_ptr<SEFILE_HANDLE> hFile, int mode);
165  uint16_t secure_key_check(uint16_t direction);
166  uint16_t get_filesize(uint32_t * length);
167  uint16_t crypt_header(void *buff1, void *buff2, size_t datain_len, uint16_t direction);
168  uint16_t crypt_sectors(void *buff_decrypt, void *buff_crypt, size_t datain_len, size_t current_offset, uint8_t* nonce_ctr, uint8_t* nonce_pbkdf2);
169  uint16_t decrypt_sectors(void *buff_crypt, void *buff_decrypt, size_t datain_len, size_t current_offset, uint8_t* nonce_ctr, uint8_t* nonce_pbkdf2);
171 
181  uint16_t securedb_secure_open(char *path, int32_t mode, int32_t creation);
183  uint16_t securedb_secure_close();
184  uint16_t securedb_secure_read(uint8_t * dataOut, uint32_t dataOut_len, uint32_t *bytesRead);
185  uint16_t securedb_secure_write(uint8_t * dataIn, uint32_t dataIn_len);
186  uint16_t securedb_secure_seek(int32_t offset, int32_t *position, uint8_t whence);
187  uint16_t securedb_secure_truncate(uint32_t size);
188  uint16_t securedb_secure_sync();
189  uint16_t securedb_get_filesize(uint32_t * length);
190  uint16_t securedb_secure_create(char *path, std::shared_ptr<SEFILE_HANDLE> hFile, int mode);
192 
193 };
194 
195 #endif
SEFILE_SECTOR_OVERHEAD
#define SEFILE_SECTOR_OVERHEAD
Definition: SEfile_C_interface.h:161
decrypt_dirname
uint16_t decrypt_dirname(std::string &path, char *decDirname, L1 *SEcubeptr)
This function is used to compute the plaintext of am encrypted directory name stored in dirname.
Definition: SEfile.cpp:1249
get_secure_context
uint16_t get_secure_context(std::string &filename, std::string *keyid, uint16_t *algo)
This function retrieves the key ID and the algorithm used to encrypt the file specified by filename.
Definition: SEfile.cpp:1030
SEFILE_HEADER::ver
int16_t ver
Definition: SEfile.h:57
get_filename
void get_filename(char *path, char *file_name)
Extract the name of a file from its path.
Definition: SEfile.cpp:1602
SEfile::get_filesize
uint16_t get_filesize(uint32_t *length)
This function is used to compute the total logic size of a file that is already open within a SEfile ...
Definition: SEfile.cpp:943
SEfile::l1
L1 * l1
The pointer to the L1 object created by the main application (i.e. to login to the SEcube).
Definition: SEfile.h:124
SEfile::~SEfile
~SEfile()
Destructor. Automatically calls secure_finit() and secure_close().
Definition: SEfile.cpp:74
SEKEY_DEACTIVATED_KEY
Definition: SEkey.h:57
SEfile::secure_init
uint16_t secure_init(L1 *l1ptr, uint32_t keyID, uint16_t crypto)
This function is used to initialize the security context of a SEfile object.
Definition: SEfile.cpp:197
SEcube
L1 * SEcube
Definition: SEkey.cpp:22
sekey_check_expired_keys
int sekey_check_expired_keys()
Check for expired keys inside SEkey. Expired keys which are still flagged as active will be deactivat...
Definition: SEkey.cpp:2923
get_secure_context
uint16_t get_secure_context(std::string &filename, std::string *keyid, uint16_t *algo)
This function retrieves the key ID and the algorithm used to encrypt the file specified by filename.
Definition: SEfile.cpp:1030
override_key_check
bool override_key_check
Global flag that is used to bypass the validity check of a key to read or write encrypted data....
Definition: SEfile.cpp:19
SEFILE_SECTOR_SIZE
#define SEFILE_SECTOR_SIZE
Definition: SEfile_C_interface.h:156
SEfile::secure_finit
void secure_finit()
This function resets the parameters set by the secure_init() to default values (0s and NULL).
Definition: SEfile.cpp:235
crypto_filename
uint16_t crypto_filename(char *path, char *enc_name, uint16_t *encoded_length)
This function computes the encrypted name of the file specified as path.
Definition: SEfile.cpp:1410
SEFILE_HANDLE::nonce_ctr
uint8_t nonce_ctr[16]
Definition: SEfile.h:34
get_filename
void get_filename(char *path, char *file_name)
Extract the name of a file from its path.
Definition: SEfile.cpp:1602
SEFILE_HEADER::uid
int32_t uid
Definition: SEfile.h:58
secure_mkdir
uint16_t secure_mkdir(std::string &path, L1 *SEcubeptr, uint32_t key)
This function creates a directory with an encrypted name.
Definition: SEfile.cpp:1055
SEFILE_BEGIN
#define SEFILE_BEGIN
Definition: SEfile_C_interface.h:92
se_key_status
se_key_status
Possible status assumed by a key. There are specific rules for status transition, see check_key_trans...
Definition: SEkey.h:75
secure_mkdir
uint16_t secure_mkdir(std::string &path, L1 *SEcubeptr, uint32_t key)
This function creates a directory with an encrypted name.
Definition: SEfile.cpp:1055
secure_ls
uint16_t secure_ls(std::string &path, std::vector< std::pair< std::string, std::string >> &list, L1 *SEcubeptr)
This function identifies which encrypted files and encrypted directories are present in the directory...
Definition: SEfile.cpp:1088
SEFILE_SECTOR::SEFILE_SECTOR
SEFILE_SECTOR()
Definition: SEfile.cpp:21
secure_recrypt
uint16_t secure_recrypt(std::string path, uint32_t key, L1 *SEcubeptr)
This function re-encrypts an encrypted file pointed by path with the new key specified as parameter.
Definition: SEfile.cpp:1468
pos_to_cipher_block
size_t pos_to_cipher_block(size_t current_position)
Internally used by SEfile functions.
Definition: SEfile.cpp:1579
valid_file_name
uint16_t valid_file_name(std::string &name)
This function checks if the given name can be a valid SEfile file name.
Definition: SEfile.cpp:1563
valid_directory_name
uint16_t valid_directory_name(std::string &name)
This function checks if the given name can be a valid SEfile directory name.
Definition: SEfile.cpp:1547
SEFILE_HEADER
The SEFILE_HEADER struct This data struct is used to define a 31 bytes field inside a sector while ta...
Definition: SEfile.h:52
SEfile::handleptr
std::shared_ptr< SEFILE_HANDLE > handleptr
Handle to the file on the underlying filesystem.
Definition: SEfile.h:125
se_key_status::statusmin
SEKEY_HDR_LEN
#define SEKEY_HDR_LEN
Length of header sector reserved to SEkey informations.
Definition: SEfile.h:22
se3Algo_
SEcube Algorithm structure.
Definition: L1_base.h:69
encrypt_name
uint16_t encrypt_name(void *buff1, void *buff2, size_t size, uint16_t direction, L1 *SEcubeptr, uint32_t key)
Internally used by crypt_dirname and decrypt_dirname().
Definition: SEfile.cpp:1291
SEfile::secure_seek
uint16_t secure_seek(int32_t offset, int32_t *position, uint8_t whence)
This function is used to move the file pointer of a file managed by a SEfile object.
Definition: SEfile.cpp:639
SEfile::decrypt_sectors
uint16_t decrypt_sectors(void *buff_crypt, void *buff_decrypt, size_t datain_len, size_t current_offset, uint8_t *nonce_ctr, uint8_t *nonce_pbkdf2)
This function decrypts the buff_crypt data by exploiting the functions provided by L1....
Definition: SEfile.cpp:901
secure_recrypt
uint16_t secure_recrypt(std::string path, uint32_t key, L1 *SEcubeptr)
This function re-encrypts an encrypted file pointed by path with the new key specified as parameter.
Definition: SEfile.cpp:1468
SEfile::LastEncryptCheckTime
time_t LastEncryptCheckTime
The last time the validity of the key used by this file was checked, requiring write (encrypt,...
Definition: SEfile.h:121
SEFILE_OPEN
#define SEFILE_OPEN
Definition: SEfile_C_interface.h:72
decrypt_dirname
uint16_t decrypt_dirname(std::string &path, char *decDirname, L1 *SEcubeptr)
This function is used to compute the plaintext of am encrypted directory name stored in dirname.
Definition: SEfile.cpp:1249
SEfile::LastDecryptCheckTime
time_t LastDecryptCheckTime
The last time the validity of the key used by this file was checked, requiring read (decrypt,...
Definition: SEfile.h:122
override_key_check
bool override_key_check
Global flag that is used to bypass the validity check of a key to read or write encrypted data....
Definition: SEfile.cpp:19
SEFILE_HEADER::fname_len
uint8_t fname_len
Definition: SEfile.h:60
SEfile::secure_open
uint16_t secure_open(char *path, int32_t mode, int32_t creation)
This function opens or creates a secure file managed with SEfile.
Definition: SEfile.cpp:240
SEfile::EnvCrypto
uint16_t EnvCrypto
The algorithm to be used with the key.
Definition: SEfile.h:120
SEFILE_HANDLE
The SEFILE_HANDLE struct This abstract data type is used to hide from higher level of abstraction its...
Definition: SEfile.h:27
decrypt_filename
uint16_t decrypt_filename(std::string &path, char *filename, L1 *SEcubeptr)
This function is used to compute the plaintext of an encrypted filename stored in path.
Definition: SEfile.cpp:1305
se_key
The key class is used to model a key object. A key has several properties which are kept private (id,...
Definition: SEkey.h:202
sekey_key_get_info
int sekey_key_get_info(std::string &key_id, se_key *key)
Retrieve the details about a single key.
se_key_status::active
SEFILE_SECTOR::data
uint8_t data[SEFILE_LOGIC_DATA]
Definition: SEfile.h:72
SEFILE_HANDLE::nonce_pbkdf2
uint8_t nonce_pbkdf2[SEFILE_NONCE_LEN]
Definition: SEfile.h:35
crypt_dirname
uint16_t crypt_dirname(std::string &path, char *encDirname, uint32_t *enc_len, L1 *SEcubeptr, uint32_t key)
This function is used to compute the ciphertext of a directory name stored in dirname.
Definition: SEfile.cpp:1197
SEFILE_HEADER::key_header
SEKEY_HEADER key_header
Definition: SEfile.h:54
SEfile::secure_close
uint16_t secure_close()
This function releases the resources related to the underlying SEfile object (i.e....
Definition: SEfile.cpp:809
SEFILE_HEADER::nonce_ctr
uint8_t nonce_ctr[16]
Definition: SEfile.h:55
SEKEY_HEADER::key_id
uint32_t key_id
Definition: SEfile.h:44
SEfile::secure_key_check
uint16_t secure_key_check(uint16_t direction)
This function is used to check if the key setup in the SEfile object can be used to encrypt or decryp...
Definition: SEfile.cpp:78
SEfile.h
This is the SEfile header that contains most of the methods, constants and structures used by SEfile.
valid_directory_name
uint16_t valid_directory_name(std::string &name)
This function checks if the given name can be a valid SEfile directory name.
Definition: SEfile.cpp:1547
SEFILE_SECTOR_DATA_SIZE
#define SEFILE_SECTOR_DATA_SIZE
Definition: SEfile_C_interface.h:159
compute_blk_offset
void compute_blk_offset(size_t current_offset, uint8_t *nonce)
Internally used by SEfile functions.
Definition: SEfile.cpp:1533
SEFILE_BLOCK_SIZE
#define SEFILE_BLOCK_SIZE
Definition: SEfile_C_interface.h:158
SEFILE_HEADER::nonce_pbkdf2
uint8_t nonce_pbkdf2[SEFILE_NONCE_LEN]
Definition: SEfile.h:53
SEFILE_HANDLE::fd
HANDLE fd
Definition: SEfile.h:32
se_key_status::preactive
secure_ls
uint16_t secure_ls(std::string &path, std::vector< std::pair< std::string, std::string >> &list, L1 *SEcubeptr)
This function identifies which encrypted files and encrypted directories are present in the directory...
Definition: SEfile.cpp:1088
SEKEY_HEADER::padding
uint8_t padding[10]
Definition: SEfile.h:46
SEFILE_LOGIC_DATA
#define SEFILE_LOGIC_DATA
Definition: SEfile_C_interface.h:160
SEFILE_CURRENT
#define SEFILE_CURRENT
Definition: SEfile_C_interface.h:93
SEfile::secure_create
uint16_t secure_create(char *path, std::shared_ptr< SEFILE_HANDLE > hFile, int mode)
This function creates a new secure file managed with SEfile. If the file already exists,...
Definition: SEfile.cpp:328
MAX_PATHNAME
#define MAX_PATHNAME
Definition: SEfile_C_interface.h:165
SEFILE_READ
#define SEFILE_READ
Definition: SEfile_C_interface.h:51
SEFILE_NEWFILE
#define SEFILE_NEWFILE
Definition: SEfile_C_interface.h:71
SEfile::IsOpen
bool IsOpen
Flag that is TRUE if the file is open, FALSE otherwise.
Definition: SEfile.h:123
se_key_status::deactivated
SEfile::crypt_sectors
uint16_t crypt_sectors(void *buff_decrypt, void *buff_crypt, size_t datain_len, size_t current_offset, uint8_t *nonce_ctr, uint8_t *nonce_pbkdf2)
This function encrypts the buff_decrypt data by exploiting the functions provided by L1....
Definition: SEfile.cpp:862
SEFILE_WRITE
#define SEFILE_WRITE
Definition: SEfile_C_interface.h:52
get_path
void get_path(char *full_path, char *path)
Extract the path of a file removing the file name.
Definition: SEfile.cpp:1582
SEFILE_HANDLE::log_offset
uint32_t log_offset
Definition: SEfile.h:28
SEfile::secure_read
uint16_t secure_read(uint8_t *dataOut, uint32_t dataOut_len, uint32_t *bytesRead)
This function reads dataOut_len bytes into dataOut from the file descriptor managed by the underlying...
Definition: SEfile.cpp:552
se_key_status::suspended
SEfile::EnvKeyID
uint32_t EnvKeyID
The key ID used by this SEfile instance. This key will be used for encryption and decryption.
Definition: SEfile.h:119
SEkey_running
bool SEkey_running
Definition: SEkey.cpp:21
SEKEY_OK
Definition: SEkey.h:31
SEKEY_SUSPENDED_KEY
Definition: SEkey.h:59
SEfile::secure_write
uint16_t secure_write(uint8_t *dataIn, uint32_t dataIn_len)
This function writes the bytes stored at dataIn to the encrypted file managed by the SEfile object on...
Definition: SEfile.cpp:432
SEFILE_HEADER::uid_cnt
int32_t uid_cnt
Definition: SEfile.h:59
crypt_dirname
uint16_t crypt_dirname(std::string &path, char *encDirname, uint32_t *enc_len, L1 *SEcubeptr, uint32_t key)
This function is used to compute the ciphertext of a directory name stored in dirname.
Definition: SEfile.cpp:1197
valid_file_name
uint16_t valid_file_name(std::string &name)
This function checks if the given name can be a valid SEfile file name.
Definition: SEfile.cpp:1563
SEFILE_SECTOR::header
SEFILE_HEADER header
Definition: SEfile.h:71
SEFILE_SECTOR::len
uint16_t len
Definition: SEfile.h:77
B5_Sha256_Finit
int32_t B5_Sha256_Finit(B5_tSha256Ctx *ctx, uint8_t *rDigest)
De-initialize the current SHA256 context.
Definition: sha256.c:267
B5_Sha256_Update
int32_t B5_Sha256_Update(B5_tSha256Ctx *ctx, const uint8_t *data, int32_t dataLen)
Compute the SHA256 algorithm on input data depending on the current status of the SHA256 context.
Definition: sha256.c:215
se_key_status::statusmax
environment.h
This is a header file required by any application exploiting SEfile and/or SEkey.
SEKEY_COMPROMISED_KEY
Definition: SEkey.h:55
secure_getfilesize
uint16_t secure_getfilesize(char *path, uint32_t *position, L1 *SEcubeptr)
This function is used to get the total logic size of an encrypted file pointed by path....
Definition: SEfile.cpp:1452
SEfile::SEfile
SEfile()
Default constructor. Initializes the secure environment with empty values.
Definition: SEfile.cpp:38
compute_blk_offset
void compute_blk_offset(size_t current_offset, uint8_t *nonce)
Internally used by SEfile functions.
Definition: SEfile.cpp:1533
SEfile
A SEfile object is used to manage a file encrypted with SEfile.
Definition: SEfile.h:117
B5_Sha256_Init
int32_t B5_Sha256_Init(B5_tSha256Ctx *ctx)
Initialize the SHA256 context.
Definition: sha256.c:186
SEKEY_DESTROYED_KEY
Definition: SEkey.h:56
KEY_ID_SEKEY_BEGIN
#define KEY_ID_SEKEY_BEGIN
Minimum range value of standard SEkey key identifiers (101).
Definition: SEkey.h:67
SEfile::secure_truncate
uint16_t secure_truncate(uint32_t size)
This function resizes the file managed by the underlying SEfile object to size bytes....
Definition: SEfile.cpp:757
se_key_status::destroyed
KEY_CHECK_INTERVAL
#define KEY_CHECK_INTERVAL
Time interval (in seconds) used to check for the validity of the key used to encrypt the file.
Definition: SEfile.h:13
encrypt_name
uint16_t encrypt_name(void *buff1, void *buff2, size_t size, uint16_t direction, L1 *SEcubeptr, uint32_t key)
Internally used by crypt_dirname and decrypt_dirname().
Definition: SEfile.cpp:1291
pos_to_cipher_block
size_t pos_to_cipher_block(size_t current_position)
Internally used by SEfile functions.
Definition: SEfile.cpp:1579
SEKEY_HEADER
The header of each file encrypted with SEfile. This is the header that contains info for the SEkey sy...
Definition: SEfile.h:43
decrypt_filename
uint16_t decrypt_filename(std::string &path, char *filename, L1 *SEcubeptr)
This function is used to compute the plaintext of an encrypted filename stored in path.
Definition: SEfile.cpp:1305
SEFILE_SECTOR
The SEFILE_SECTOR struct This data struct is the actual sector organization. The total size should AL...
Definition: SEfile.h:69
SEFILE_END
#define SEFILE_END
Definition: SEfile_C_interface.h:94
SEfile::secure_sync
uint16_t secure_sync()
This function is used in case we want to be sure that the physical file is synced with the OS buffers...
Definition: SEfile.cpp:1011
SEfile::crypt_header
uint16_t crypt_header(void *buff1, void *buff2, size_t datain_len, uint16_t direction)
This function encrypts a header buffer by exploiting the functions provided by L1....
Definition: SEfile.cpp:826
SEKEY_PREACTIVE_KEY
Definition: SEkey.h:58
get_path
void get_path(char *full_path, char *path)
Extract the path of a file removing the file name.
Definition: SEfile.cpp:1582
se_key_status::compromised
SEKEY_INVALID_KEY
Definition: SEkey.h:53
SEFILE_HEADER::magic
int32_t magic
Definition: SEfile.h:56
SEFILE_SECTOR::signature
uint8_t signature[32]
Definition: SEfile.h:78
SEKEY_HEADER::algorithm
uint16_t algorithm
Definition: SEfile.h:45
KEY_ID_SEKEY_END
#define KEY_ID_SEKEY_END
Maximum range value of standard SEkey key identifiers (2^32 -1 -100000).
Definition: SEkey.h:68
SEfile_C_interface.h
This file includes some of the constants, return values and public functions used for implementing a ...
secure_getfilesize
uint16_t secure_getfilesize(char *path, uint32_t *position, L1 *SEcubeptr)
This function is used to get the total logic size of an encrypted file pointed by path....
Definition: SEfile.cpp:1452