NAME
shldata_initr, shldata_datasize, shldata_decrypt, shldata_finalr - decrypt data using the shielded data protocol
SYNOPSIS
#include <limb/shldata.h>
ssize_t shldata_initr(const char *sce, size_t slen, const char *pwd, size_t plen, unsigned *algo, unsigned *iter, shldata_ctx *ctx) size_t shldata_datasize(shldata_ctx *ctx) int shldata_decrypt(char *dst, const char *sce, size_t len, shldata_ctx *ctx) ssize_t shldata_finalr(const char *sce, size_t slen, shldata_ctx *ctx)
DESCRIPTION
All those functions are used to read & decrypt data protected with a user-supplied password using the shielded data protocol, as described in shldata(5).
First, the shldata_initr() function will read the memory pointed by sce (up
to a maximum of slen bytes) for derivation parameters. The algorithm and
number of iterations used will be stored in the variables pointed to by algo
and iter respectively.
Then it will derive a secret key from the password pointed by pwd of length
plen and initialize the opaque structure pointed by ctx.
The shldata_datasize() macro returns the length of the encrypted data, and
therefore decrypted data.
The shldata_decrypt() function can then be used to decrypt data pointed by
sce of length slen into the memory pointed by dst (which must be able to
store at least slen bytes), using the specified ctx.
As with ccpl_decrypt(3) it is possible to use the same memory area for both
sce and dst, and have it processed in-place.
It is possible to call this function as many times as needed.
Lastly, the shldata_finalr() function will read the memory pointed by sce
(up to a maximum of slen bytes) to authenticate both the derivation parameters
used during shldata_initr() and the encrypted data.
Once done, it is possible to re-use an opaque structure for a new processing of data. It is also allowed to to so more than once per shielded data file, as per shldata(5).
RETURN VALUE
The shldata_initr(), and shldata_finalr() functions return the number of
bytes read and processed from sce on success. Otherwise they return -1 and set
errno to indicate the error.
For shldata_initr() this obviously means the offset at which encrypted data
begins in sce.
The shldata_datasize() macro returns the length of the data to be decrypted.
The shldata_decrypt() function returns 1 on success, 0 otherwise. It should
never fail, as the only possible reason for failure is that the amount of data
given to be decrypted is larger than the amount of encrypted data, which should
never happen.
ERRORS
The shldata_initr() and shldata_finalr() functions may fail if :
EINVAL
The memory pointed by sce contains invalid data.
ENODATA
There is not enough data available in sce.
The shldata_finalr() function may fail if :
EINVAL
The amount of data decrypted is different from the amount of encrypted data.
EBADMSG
Authentication of the message (derivation parameters and encrypted data) failed. (This could be caused by a wrong password being used.)