Go to the documentation of this file.
10 #include "../sources/L1/L1.h"
13 #define KEY_CHECK_INTERVAL 1
14 #define SEFILE_NONCE_LEN 32
22 #define SEKEY_HDR_LEN 16
29 #if defined(__linux__) || defined(__APPLE__)
84 uint16_t
get_secure_context(std::string& filename, std::string *keyid, uint16_t *algo);
85 uint16_t
secure_mkdir(std::string& path, L1 *SEcubeptr, uint32_t key);
86 uint16_t
secure_ls(std::string& path, std::vector<std::pair<std::string, std::string>>& list, L1 *SEcubeptr);
88 uint16_t
secure_recrypt(std::string path, uint32_t key, L1 *SEcubeptr);
99 uint16_t
crypt_dirname(std::string& path,
char *encDirname, uint32_t* enc_len, L1 *SEcubeptr, uint32_t key);
100 uint16_t
decrypt_dirname(std::string& path,
char *decDirname, L1 *SEcubeptr);
101 uint16_t
encrypt_name(
void* buff1,
void* buff2,
size_t size, uint16_t direction, L1 *SEcubeptr, uint32_t key);
107 void get_path(
char *full_path,
char *path);
131 SEfile(L1 *secube, uint32_t keyID);
132 SEfile(L1 *secube, uint32_t keyID, uint16_t crypto);
135 uint16_t
secure_init(L1 *l1ptr, uint32_t keyID, uint16_t crypto);
145 uint16_t
secure_open(
char *path, int32_t mode, int32_t creation);
148 uint16_t
secure_read(uint8_t *dataOut, uint32_t dataOut_len, uint32_t *bytesRead);
149 uint16_t
secure_write(uint8_t *dataIn, uint32_t dataIn_len);
150 uint16_t
secure_seek(int32_t offset, int32_t *position, uint8_t whence);
163 uint16_t
secure_create(
char *path, std::shared_ptr<SEFILE_HANDLE> hFile,
int mode);
167 uint16_t
crypt_header(
void *buff1,
void *buff2,
size_t datain_len, uint16_t direction);
168 uint16_t
crypt_sectors(
void *buff_decrypt,
void *buff_crypt,
size_t datain_len,
size_t current_offset, uint8_t* nonce_ctr, uint8_t* nonce_pbkdf2);
169 uint16_t
decrypt_sectors(
void *buff_crypt,
void *buff_decrypt,
size_t datain_len,
size_t current_offset, uint8_t* nonce_ctr, uint8_t* nonce_pbkdf2);
181 uint16_t securedb_secure_open(
char *path, int32_t mode, int32_t creation);
183 uint16_t securedb_secure_close();
184 uint16_t securedb_secure_read(uint8_t * dataOut, uint32_t dataOut_len, uint32_t *bytesRead);
185 uint16_t securedb_secure_write(uint8_t * dataIn, uint32_t dataIn_len);
186 uint16_t securedb_secure_seek(int32_t offset, int32_t *position, uint8_t whence);
187 uint16_t securedb_secure_truncate(uint32_t size);
188 uint16_t securedb_secure_sync();
189 uint16_t securedb_get_filesize(uint32_t * length);
190 uint16_t securedb_secure_create(
char *path, std::shared_ptr<SEFILE_HANDLE> hFile,
int mode);
#define SEFILE_SECTOR_OVERHEAD
Definition: SEfile_C_interface.h:161
uint16_t decrypt_dirname(std::string &path, char *decDirname, L1 *SEcubeptr)
This function is used to compute the plaintext of am encrypted directory name stored in dirname.
Definition: SEfile.cpp:1249
uint16_t get_secure_context(std::string &filename, std::string *keyid, uint16_t *algo)
This function retrieves the key ID and the algorithm used to encrypt the file specified by filename.
Definition: SEfile.cpp:1030
int16_t ver
Definition: SEfile.h:57
void get_filename(char *path, char *file_name)
Extract the name of a file from its path.
Definition: SEfile.cpp:1602
uint16_t get_filesize(uint32_t *length)
This function is used to compute the total logic size of a file that is already open within a SEfile ...
Definition: SEfile.cpp:943
L1 * l1
The pointer to the L1 object created by the main application (i.e. to login to the SEcube).
Definition: SEfile.h:124
~SEfile()
Destructor. Automatically calls secure_finit() and secure_close().
Definition: SEfile.cpp:74
uint16_t secure_init(L1 *l1ptr, uint32_t keyID, uint16_t crypto)
This function is used to initialize the security context of a SEfile object.
Definition: SEfile.cpp:197
L1 * SEcube
Definition: SEkey.cpp:22
int sekey_check_expired_keys()
Check for expired keys inside SEkey. Expired keys which are still flagged as active will be deactivat...
Definition: SEkey.cpp:2923
uint16_t get_secure_context(std::string &filename, std::string *keyid, uint16_t *algo)
This function retrieves the key ID and the algorithm used to encrypt the file specified by filename.
Definition: SEfile.cpp:1030
bool override_key_check
Global flag that is used to bypass the validity check of a key to read or write encrypted data....
Definition: SEfile.cpp:19
#define SEFILE_SECTOR_SIZE
Definition: SEfile_C_interface.h:156
void secure_finit()
This function resets the parameters set by the secure_init() to default values (0s and NULL).
Definition: SEfile.cpp:235
uint16_t crypto_filename(char *path, char *enc_name, uint16_t *encoded_length)
This function computes the encrypted name of the file specified as path.
Definition: SEfile.cpp:1410
uint8_t nonce_ctr[16]
Definition: SEfile.h:34
void get_filename(char *path, char *file_name)
Extract the name of a file from its path.
Definition: SEfile.cpp:1602
int32_t uid
Definition: SEfile.h:58
uint16_t secure_mkdir(std::string &path, L1 *SEcubeptr, uint32_t key)
This function creates a directory with an encrypted name.
Definition: SEfile.cpp:1055
#define SEFILE_BEGIN
Definition: SEfile_C_interface.h:96
se_key_status
Possible status assumed by a key. There are specific rules for status transition, see check_key_trans...
Definition: SEkey.h:75
uint16_t secure_mkdir(std::string &path, L1 *SEcubeptr, uint32_t key)
This function creates a directory with an encrypted name.
Definition: SEfile.cpp:1055
uint16_t secure_ls(std::string &path, std::vector< std::pair< std::string, std::string >> &list, L1 *SEcubeptr)
This function identifies which encrypted files and encrypted directories are present in the directory...
Definition: SEfile.cpp:1088
SEFILE_SECTOR()
Definition: SEfile.cpp:21
uint16_t secure_recrypt(std::string path, uint32_t key, L1 *SEcubeptr)
This function re-encrypts an encrypted file pointed by path with the new key specified as parameter.
Definition: SEfile.cpp:1468
size_t pos_to_cipher_block(size_t current_position)
Internally used by SEfile functions.
Definition: SEfile.cpp:1579
uint16_t valid_file_name(std::string &name)
This function checks if the given name can be a valid SEfile file name.
Definition: SEfile.cpp:1563
uint16_t valid_directory_name(std::string &name)
This function checks if the given name can be a valid SEfile directory name.
Definition: SEfile.cpp:1547
The SEFILE_HEADER struct This data struct is used to define a 31 bytes field inside a sector while ta...
Definition: SEfile.h:52
std::shared_ptr< SEFILE_HANDLE > handleptr
Handle to the file on the underlying filesystem.
Definition: SEfile.h:125
#define SEKEY_HDR_LEN
Length of header sector reserved to SEkey informations.
Definition: SEfile.h:22
SEcube Algorithm structure.
Definition: L1_base.h:69
uint16_t encrypt_name(void *buff1, void *buff2, size_t size, uint16_t direction, L1 *SEcubeptr, uint32_t key)
Internally used by crypt_dirname and decrypt_dirname().
Definition: SEfile.cpp:1291
uint16_t secure_seek(int32_t offset, int32_t *position, uint8_t whence)
This function is used to move the file pointer of a file managed by a SEfile object.
Definition: SEfile.cpp:639
uint16_t decrypt_sectors(void *buff_crypt, void *buff_decrypt, size_t datain_len, size_t current_offset, uint8_t *nonce_ctr, uint8_t *nonce_pbkdf2)
This function decrypts the buff_crypt data by exploiting the functions provided by L1....
Definition: SEfile.cpp:901
uint16_t secure_recrypt(std::string path, uint32_t key, L1 *SEcubeptr)
This function re-encrypts an encrypted file pointed by path with the new key specified as parameter.
Definition: SEfile.cpp:1468
time_t LastEncryptCheckTime
The last time the validity of the key used by this file was checked, requiring write (encrypt,...
Definition: SEfile.h:121
#define SEFILE_OPEN
Definition: SEfile_C_interface.h:75
uint16_t decrypt_dirname(std::string &path, char *decDirname, L1 *SEcubeptr)
This function is used to compute the plaintext of am encrypted directory name stored in dirname.
Definition: SEfile.cpp:1249
time_t LastDecryptCheckTime
The last time the validity of the key used by this file was checked, requiring read (decrypt,...
Definition: SEfile.h:122
bool override_key_check
Global flag that is used to bypass the validity check of a key to read or write encrypted data....
Definition: SEfile.cpp:19
uint8_t fname_len
Definition: SEfile.h:60
uint16_t secure_open(char *path, int32_t mode, int32_t creation)
This function opens or creates a secure file managed with SEfile.
Definition: SEfile.cpp:240
uint16_t EnvCrypto
The algorithm to be used with the key.
Definition: SEfile.h:120
The SEFILE_HANDLE struct This abstract data type is used to hide from higher level of abstraction its...
Definition: SEfile.h:27
uint16_t decrypt_filename(std::string &path, char *filename, L1 *SEcubeptr)
This function is used to compute the plaintext of an encrypted filename stored in path.
Definition: SEfile.cpp:1305
The key class is used to model a key object. A key has several properties which are kept private (id,...
Definition: SEkey.h:202
int sekey_key_get_info(std::string &key_id, se_key *key)
Retrieve the details about a single key.
uint8_t data[SEFILE_LOGIC_DATA]
Definition: SEfile.h:72
uint8_t nonce_pbkdf2[SEFILE_NONCE_LEN]
Definition: SEfile.h:35
uint16_t crypt_dirname(std::string &path, char *encDirname, uint32_t *enc_len, L1 *SEcubeptr, uint32_t key)
This function is used to compute the ciphertext of a directory name stored in dirname.
Definition: SEfile.cpp:1197
SEKEY_HEADER key_header
Definition: SEfile.h:54
uint16_t secure_close()
This function releases the resources related to the underlying SEfile object (i.e....
Definition: SEfile.cpp:809
uint8_t nonce_ctr[16]
Definition: SEfile.h:55
uint32_t key_id
Definition: SEfile.h:44
uint16_t secure_key_check(uint16_t direction)
This function is used to check if the key setup in the SEfile object can be used to encrypt or decryp...
Definition: SEfile.cpp:78
This is the SEfile header that contains most of the methods, constants and structures used by SEfile.
uint16_t valid_directory_name(std::string &name)
This function checks if the given name can be a valid SEfile directory name.
Definition: SEfile.cpp:1547
#define SEFILE_SECTOR_DATA_SIZE
Definition: SEfile_C_interface.h:159
void compute_blk_offset(size_t current_offset, uint8_t *nonce)
Internally used by SEfile functions.
Definition: SEfile.cpp:1533
#define SEFILE_BLOCK_SIZE
Definition: SEfile_C_interface.h:158
uint8_t nonce_pbkdf2[SEFILE_NONCE_LEN]
Definition: SEfile.h:53
uint16_t secure_ls(std::string &path, std::vector< std::pair< std::string, std::string >> &list, L1 *SEcubeptr)
This function identifies which encrypted files and encrypted directories are present in the directory...
Definition: SEfile.cpp:1088
uint8_t padding[10]
Definition: SEfile.h:46
#define SEFILE_LOGIC_DATA
Definition: SEfile_C_interface.h:160
#define SEFILE_CURRENT
Definition: SEfile_C_interface.h:97
uint16_t secure_create(char *path, std::shared_ptr< SEFILE_HANDLE > hFile, int mode)
This function creates a new secure file managed with SEfile. If the file already exists,...
Definition: SEfile.cpp:328
#define MAX_PATHNAME
Definition: SEfile_C_interface.h:165
#define SEFILE_READ
Definition: SEfile_C_interface.h:54
#define SEFILE_NEWFILE
Definition: SEfile_C_interface.h:74
bool IsOpen
Flag that is TRUE if the file is open, FALSE otherwise.
Definition: SEfile.h:123
uint16_t crypt_sectors(void *buff_decrypt, void *buff_crypt, size_t datain_len, size_t current_offset, uint8_t *nonce_ctr, uint8_t *nonce_pbkdf2)
This function encrypts the buff_decrypt data by exploiting the functions provided by L1....
Definition: SEfile.cpp:862
#define SEFILE_WRITE
Definition: SEfile_C_interface.h:55
void get_path(char *full_path, char *path)
Extract the path of a file removing the file name.
Definition: SEfile.cpp:1582
uint32_t log_offset
Definition: SEfile.h:28
uint16_t secure_read(uint8_t *dataOut, uint32_t dataOut_len, uint32_t *bytesRead)
This function reads dataOut_len bytes into dataOut from the file descriptor managed by the underlying...
Definition: SEfile.cpp:552
uint32_t EnvKeyID
The key ID used by this SEfile instance. This key will be used for encryption and decryption.
Definition: SEfile.h:119
bool SEkey_running
Definition: SEkey.cpp:21
uint16_t secure_write(uint8_t *dataIn, uint32_t dataIn_len)
This function writes the bytes stored at dataIn to the encrypted file managed by the SEfile object on...
Definition: SEfile.cpp:432
int32_t uid_cnt
Definition: SEfile.h:59
uint16_t crypt_dirname(std::string &path, char *encDirname, uint32_t *enc_len, L1 *SEcubeptr, uint32_t key)
This function is used to compute the ciphertext of a directory name stored in dirname.
Definition: SEfile.cpp:1197
uint16_t valid_file_name(std::string &name)
This function checks if the given name can be a valid SEfile file name.
Definition: SEfile.cpp:1563
SEFILE_HEADER header
Definition: SEfile.h:71
uint16_t len
Definition: SEfile.h:77
int32_t B5_Sha256_Finit(B5_tSha256Ctx *ctx, uint8_t *rDigest)
De-initialize the current SHA256 context.
Definition: sha256.c:267
int32_t B5_Sha256_Update(B5_tSha256Ctx *ctx, const uint8_t *data, int32_t dataLen)
Compute the SHA256 algorithm on input data depending on the current status of the SHA256 context.
Definition: sha256.c:215
This is a header file required by any application exploiting SEfile and/or SEkey.
uint16_t secure_getfilesize(char *path, uint32_t *position, L1 *SEcubeptr)
This function is used to get the total logic size of an encrypted file pointed by path....
Definition: SEfile.cpp:1452
SEfile()
Default constructor. Initializes the secure environment with empty values.
Definition: SEfile.cpp:38
void compute_blk_offset(size_t current_offset, uint8_t *nonce)
Internally used by SEfile functions.
Definition: SEfile.cpp:1533
A SEfile object is used to manage a file encrypted with SEfile.
Definition: SEfile.h:117
int32_t B5_Sha256_Init(B5_tSha256Ctx *ctx)
Initialize the SHA256 context.
Definition: sha256.c:186
#define KEY_ID_SEKEY_BEGIN
Minimum range value of standard SEkey key identifiers (101).
Definition: SEkey.h:67
uint16_t secure_truncate(uint32_t size)
This function resizes the file managed by the underlying SEfile object to size bytes....
Definition: SEfile.cpp:757
#define KEY_CHECK_INTERVAL
Time interval (in seconds) used to check for the validity of the key used to encrypt the file.
Definition: SEfile.h:13
uint16_t encrypt_name(void *buff1, void *buff2, size_t size, uint16_t direction, L1 *SEcubeptr, uint32_t key)
Internally used by crypt_dirname and decrypt_dirname().
Definition: SEfile.cpp:1291
size_t pos_to_cipher_block(size_t current_position)
Internally used by SEfile functions.
Definition: SEfile.cpp:1579
The header of each file encrypted with SEfile. This is the header that contains info for the SEkey sy...
Definition: SEfile.h:43
uint16_t decrypt_filename(std::string &path, char *filename, L1 *SEcubeptr)
This function is used to compute the plaintext of an encrypted filename stored in path.
Definition: SEfile.cpp:1305
The SEFILE_SECTOR struct This data struct is the actual sector organization. The total size should AL...
Definition: SEfile.h:69
#define SEFILE_END
Definition: SEfile_C_interface.h:98
uint16_t secure_sync()
This function is used in case we want to be sure that the physical file is synced with the OS buffers...
Definition: SEfile.cpp:1011
uint16_t crypt_header(void *buff1, void *buff2, size_t datain_len, uint16_t direction)
This function encrypts a header buffer by exploiting the functions provided by L1....
Definition: SEfile.cpp:826
void get_path(char *full_path, char *path)
Extract the path of a file removing the file name.
Definition: SEfile.cpp:1582
int32_t magic
Definition: SEfile.h:56
uint8_t signature[32]
Definition: SEfile.h:78
uint16_t algorithm
Definition: SEfile.h:45
#define KEY_ID_SEKEY_END
Maximum range value of standard SEkey key identifiers (2^32 -1 -100000).
Definition: SEkey.h:68
int32_t fd
Definition: SEfile.h:30
This file includes some of the constants, return values and public functions used for implementing a ...
uint16_t secure_getfilesize(char *path, uint32_t *position, L1 *SEcubeptr)
This function is used to get the total logic size of an encrypted file pointed by path....
Definition: SEfile.cpp:1452