Welcome to little lamb

Code » limb » release » tree

[release] / src / doc / buffer-shldata.h / buffer_shldata_putinit.3.md 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
% limb manual
% buffer_shldata_putinit(3)
% limb 0.1.0
% 2023-07-24

# NAME

buffer\_shldata\_putinit, buffer\_shldata\_put, buffer\_shldata\_putfinal -
buffer\_shldata\_free - encrypt data using the shielded data protocol through
buffer interface

# SYNOPSIS

    #include <limb/buffer-shldata.h>

```pre hl
ssize_t buffer_shldata_putinit(buffer *<em>buf</em>, const char *<em>pwd</em>, size_t <em>plen</em>, unsigned <em>algo</em>, unsigned <em>iter</em>,
                               size_t <em>len</em>, buffer_shldata_ctx *<em>ctx</em>)
ssize_t buffer_shldata_put(buffer *<em>buf</em>, char *<em>data</em>, size_t <em>dlen</em>, int <em>inplace</em>, buffer_shldata_ctx *<em>ctx</em>)
ssize_t buffer_shldata_putfinal(buffer *<em>buf</em>, buffer_shldata_ctx *<em>ctx</em>)

void buffer_shldata_free(buffer_shldata_ctx *<em>ctx</em>)
```

# DESCRIPTION

All those functions are used to protect data with a user-supplied password using
the shielded data protocol, as described in [shldata](5), through the
[buffer.h](0) interface.

First, the `buffer_shldata_putinit`() function must be called to both write to
the buffer pointed by `buf` the necessary parameters that will be needed for
decryption, and to prepare the opaque structure pointed by `ctx` (which must
have been initialized to *BUFFER_SHLDATA_ZERO*) in order to perform data
encryption.

Key derivation will be performed using PBKDF2 from the password pointed by `pwd`
of length `plen`, with the HMAC based on the algorithm indicated in `algo` -
which must be a valid index/constant as defined in [hasher.h](0) - and the
number of iterations indicated in `iter`.

It is recommended, if possible, to indicate the exact length of data to be
encrypted in `len`. It is however possible to use zero if not yet known.

The `buffer_shldata_put`() function can then be used to encrypt data pointed by
`data` of length `dlen` and write the encrypted data into the buffer pointed by
`buf`, using the specified `ctx`.

In `inplace` is non-zero the data might be encrypted in-place before being
written to the buffer, meaning that afterwards the memory pointed by `data` will
contain the /encrypted/ data. Otherwise, memory might be heap-allocated before
encrypting data.

! INFO:
! Note that even with `inplace` set to a non-zero value, the data might be
! encrypted elsewhere in memory, and stored to be written later on - i.e. during
! the call to `buffer_shldata_putfinal`(). This will happen if the length of
! data to encrypt wasn't specified to `buffer_shldata_init`().
! Refer to [shldata_initw](3) for more.

It is possible to call this function as many times as needed.

Then the `buffer_shldata_putfinal`() function must be called to write to the
buffer pointed by `buf` the final additional data (MAC). As described above, if
the length of the data to encrypt wasn't known/given to
`buffer_shldata_putinit`() then encrypted data will also be written then, before
the MAC.

Lastly, the `buffer_shldata_free`() function must be called to free memory
associated with the given `ctx`.

# RETURN VALUE

These functions (except `buffer_shldata_free`()) return the number of bytes
written to the buffer pointed by `buf` on success. Otherwise they return -1 and
set `errno` to indicate the error.

# ERRORS

The `buffer_shldata_putinit`() function may fail for any of the errors described
for [shldata_initw](3), save for *ENOBUFS*.

The `buffer_shldata_put`() and `buffer_shldata_putfinal`() functions may fail
if :

: *EINVAL*
:: The total amount of data given to encrypt was larger than that specified to
:: `buffer_shldata_putinit`().

The `buffer_shldata_put`() function may also fail if :

: *ENOMEM*
:: Out of memory.

The `buffer_shldata_put`() function may also fail for any of the errors
described for [buffer_put](3).

The `buffer_shldata_putfinal`() function may fail for any of the errors
described for [shldata_finalw](3), save for *ENOBUFS*, as well as any of the
errors described for [buffer_putv](3).

# SEE ALSO

[buffer_shldata_getinit](3), [shldata_initw](3)