SEcube open-source SDK
|
A SEfile object is used to manage a file encrypted with SEfile. More...
#include <SEfile.h>
Public Member Functions | |
SEfile () | |
Default constructor. Initializes the secure environment with empty values. | |
SEfile (L1 *secube) | |
Constructor to initialize the secure environment with empty values, apart from the pointer to the SEcube to be used. | |
SEfile (L1 *secube, uint32_t keyID) | |
Constructor to initialize the secure environment with empty values, apart from the pointer to the SEcube to be used and the ID of the key to be used. | |
SEfile (L1 *secube, uint32_t keyID, uint16_t crypto) | |
Constructor to fully initialize the secure environment. | |
~SEfile () | |
Destructor. Automatically calls secure_finit() and secure_close(). | |
uint16_t | secure_init (L1 *l1ptr, uint32_t keyID, uint16_t crypto) |
This function is used to initialize the security context of a SEfile object. More... | |
void | secure_finit () |
This function resets the parameters set by the secure_init() to default values (0s and NULL). | |
APIs of SEfile | |
These APIs are the most useful to exploit the SEfile library. | |
uint16_t | secure_open (char *path, int32_t mode, int32_t creation) |
This function opens or creates a secure file managed with SEfile. More... | |
uint16_t | secure_close () |
This function releases the resources related to the underlying SEfile object (i.e. closes the file descriptor). More... | |
uint16_t | secure_read (uint8_t *dataOut, uint32_t dataOut_len, uint32_t *bytesRead) |
This function reads dataOut_len bytes into dataOut from the file descriptor managed by the underlying SEfile object. More... | |
uint16_t | secure_write (uint8_t *dataIn, uint32_t dataIn_len) |
This function writes the bytes stored at dataIn to the encrypted file managed by the SEfile object on which this method is called. More... | |
uint16_t | secure_seek (int32_t offset, int32_t *position, uint8_t whence) |
This function is used to move the file pointer of a file managed by a SEfile object. More... | |
uint16_t | secure_truncate (uint32_t size) |
This function resizes the file managed by the underlying SEfile object to size bytes. If size is bigger than its current size the gap is filled with 0s. More... | |
uint16_t | secure_sync () |
This function is used in case we want to be sure that the physical file is synced with the OS buffers. More... | |
Functions for internal purposes of SEfile | |
You should not need to use these functions directly because they are used internally by the SEfile library. | |
uint16_t | secure_create (char *path, std::shared_ptr< SEFILE_HANDLE > hFile, int mode) |
This function creates a new secure file managed with SEfile. If the file already exists, it is overwritten with an empty one, all previous data are lost. More... | |
uint16_t | secure_key_check (uint16_t direction) |
This function is used to check if the key setup in the SEfile object can be used to encrypt or decrypt data. More... | |
uint16_t | get_filesize (uint32_t *length) |
This function is used to compute the total logic size of a file that is already open within a SEfile object. More... | |
uint16_t | crypt_header (void *buff1, void *buff2, size_t datain_len, uint16_t direction) |
This function encrypts a header buffer by exploiting the functions provided by L1.h. More... | |
uint16_t | crypt_sectors (void *buff_decrypt, void *buff_crypt, size_t datain_len, size_t current_offset, uint8_t *nonce_ctr, uint8_t *nonce_pbkdf2) |
This function encrypts the buff_decrypt data by exploiting the functions provided by L1.h. More... | |
uint16_t | decrypt_sectors (void *buff_crypt, void *buff_decrypt, size_t datain_len, size_t current_offset, uint8_t *nonce_ctr, uint8_t *nonce_pbkdf2) |
This function decrypts the buff_crypt data by exploiting the functions provided by L1.h. More... | |
APIs of SEfile for SQLite DB engine | |
These APIs customized to apply SEfile to the SQLite db engine. They are called automatically by the custom VFS of SQLite; they are required by SEkey and by the SEcure Database library. You should not need to use these APIs directly. | |
uint16_t | securedb_secure_open (char *path, int32_t mode, int32_t creation) |
uint16_t | securedb_secure_close () |
uint16_t | securedb_secure_read (uint8_t *dataOut, uint32_t dataOut_len, uint32_t *bytesRead) |
uint16_t | securedb_secure_write (uint8_t *dataIn, uint32_t dataIn_len) |
uint16_t | securedb_secure_seek (int32_t offset, int32_t *position, uint8_t whence) |
uint16_t | securedb_secure_truncate (uint32_t size) |
uint16_t | securedb_secure_sync () |
uint16_t | securedb_get_filesize (uint32_t *length) |
uint16_t | securedb_secure_create (char *path, std::shared_ptr< SEFILE_HANDLE > hFile, int mode) |
Public Attributes | |
uint32_t | EnvKeyID |
The key ID used by this SEfile instance. This key will be used for encryption and decryption. | |
uint16_t | EnvCrypto |
The algorithm to be used with the key. | |
time_t | LastEncryptCheckTime |
The last time the validity of the key used by this file was checked, requiring write (encrypt, requires active key) privilege. | |
time_t | LastDecryptCheckTime |
The last time the validity of the key used by this file was checked, requiring read (decrypt, does not require active key) privilege. | |
bool | IsOpen |
Flag that is TRUE if the file is open, FALSE otherwise. | |
L1 * | l1 |
The pointer to the L1 object created by the main application (i.e. to login to the SEcube). | |
std::shared_ptr< SEFILE_HANDLE > | handleptr |
Handle to the file on the underlying filesystem. | |
A SEfile object is used to manage a file encrypted with SEfile.
Each SEfile object has several attributes that define the security context. A security context is made of a key, an algorithm and a SEcube. These three parameters define how the file must be protected (i.e. AES-256 encrypted using the key with ID 10). There are also other attributes that are used for internal purposes. The class internally uses smart pointers and the RAII approach to guarantee correct memory management. Notice that the attributes are public just for ease of use.
uint16_t SEfile::secure_init | ( | L1 * | l1ptr, |
uint32_t | keyID, | ||
uint16_t | crypto | ||
) |
This function is used to initialize the security context of a SEfile object.
Notice that this function works similarly to the SEfile constructor with the same parameters. If you specify a key that is not stored in the SEcube or an algorithm that is not supported by SEfile, this function will return an error.