Symmetric and asymmetric cryptographic hash operations.
Functions | |
int AAP_API | DEncrypt(HKEYCTX hKey, HHASHCTX hHash, BOOL bFinal, DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen, DWORD dwBufLen) |
int AAP_API | DDecrypt(HKEYCTX hKey, HHASHCTX hHash, BOOL bFinal, DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen) |
int AAP_API | DCreateHash(HSESSIONCTX hSession, int nAlgId, HKEYCTX hKey, DWORD dwFlags, HHASHCTX * hHash) |
int AAP_API | DHashData(HHASHCTX hHash, BYTE *pbData, DWORD dwDataLen, DWORD dwFlags) |
int AAP_API | DSetHashParam(HHASHCTX hHash, DWORD dwParam, BYTE *pbData, DWORD dwDataLen, DWORD dwFlags) |
int AAP_API | DGetHashParam(HHASHCTX hHash, DWORD dwParam, BYTE *pbData, DWORD *pdwDataLen, DWORD dwFlags) |
int AAP_API | DSignHash(HHASHCTX hHash, HKEYCTX hKey, DWORD dwFlags, BYTE *pbSignature, DWORD *pdwSigLen) |
int AAP_API | DDestroyHash(HHASHCTX *phHash) |
int AAP_API | DVerifySignature(HHASHCTX hHash, BYTE *pbSignature, DWORD dwSigLen, HKEYCTX hPubKey, DWORD dwFlags) |
int AAP_API | DDuplicateHash(HHASHCTX hHash, DWORD dwFlag, HHASHCTX *phHash) |
int AAP_API | DGetRandom(HSESSIONCTX hSession, BYTE *pbData, DWORD dwDataLen) |
int AAP_API | DGenEcdhKey(HSESSIONCTX hSession, DWORD dwOP, char *szPriKey, void *pvInData, DWORD dwInDataLen, BYTE *pbOutData, DWORD *pdwOutDataLen, DWORD dwFlags) |
int AAP_API | DCRLCertCheck(HSESSIONCTX hSession, char *szCRL, char *szCertId, char *szVerifyInfo) |
int AAP_API | DMofNSplit(HSESSIONCTX hSession, BYTE bM, BYTE bN, BYTE *pbSecret, DWORD dwSecretLen, DN_M_OF_N_SPLIT_INFO *pstSplitInfo, DWORD dwReserved) |
int AAP_API | DMofNRecover(HSESSIONCTX hSession, DN_M_OF_N_PART *pstParts, DWORD dwPartsCount, BYTE *pbSecret, DWORD dwReserved) |
int AAP_API | DGenerateSVMK(HSESSIONCTX hSession, int nVersion, const BYTE *pbKey, BYTE bM, BYTE bN, DN_SC_M_OF_N_SHADOW *pstShadows, DWORD dwReserved) |
int AAP_API | DRecoverSVMK(HSESSIONCTX hSession, DN_SC_M_OF_N_SHADOW *pstShadows, BYTE bShadowsCount, BYTE *pbKey, DWORD dwReserved) |
int AAP_API DEncrypt | ( | HKEYCTX | hKey, |
HHASHCTX | hHash, | ||
BOOL | bFinal, | ||
DWORD | dwFlags, | ||
BYTE * | pbData, | ||
DWORD * | pdwDataLen, | ||
DWORD | dwBufLen ) |
#include <dinamo.h>
Data encryption. The algorithm used depends on the key entered in the hKey parameter.
[in] | hKey | Key context. | ||||||
[in] | hHash | Hash context if the data is hashed before being encrypted. After the operation is complete, the hash value can be obtained using the DGetHashParam() function. | ||||||
[in] | bFinal | Indicates the last block of a series that has been encrypted. TRUE for last block or FALSE otherwise. | ||||||
[in] | dwFlags | The values in the table below are acceptable for specific cases.
| ||||||
[in,out] | pbData | Pointer to a buffer containing the data to be encrypted. When the function returns, the original data is overwritten by the result of the encryption operation. The buffer size is specified by the dwBufLen parameter, the number of bytes to be processed is specified by the pdwDataLen parameter. The buffer size must be large enough to contain the encrypted data plus padding. | ||||||
[in,out] | pdwDataLen | Pointer to a DWORD that contains the size of the data in pbData . When input parameter, contains the number of bytes to be processed, when output parameter, contains the number of bytes of encrypted data.If the allocated buffer is not enough to receive all the ciphered data (for example, there is no space for padding) the function will fail and return D_MORE_DATA. | ||||||
[in] | dwBufLen | Buffer size passed in pbData . For symmetric operations that require padding, the buffer must be at least the length of the data plus the size of the operation block of the algorithm to be used. |
int AAP_API DDecrypt | ( | HKEYCTX | hKey, |
HHASHCTX | hHash, | ||
BOOL | bFinal, | ||
DWORD | dwFlags, | ||
BYTE * | pbData, | ||
DWORD * | pdwDataLen ) |
#include <dinamo.h>
Decrypts data, often encrypted by the DEncrypt function. The algorithm used depends on the key entered in the hKey parameter.
[in] | hKey | Key context. | ||||||
[in] | hHash | Hash context if the data is subjected to the hash operation after being decrypted. After the operation is complete, the hash value can be obtained using the DGetHashParam() function. | ||||||
[in] | bFinal | Indicates the last block of a series that has been encrypted. TRUE for last block or FALSE otherwise. | ||||||
[in] | dwFlags | The values in the table below are acceptable for specific cases.
| ||||||
[in,out] | pbData | Pointer to a buffer containing the data to be decrypted. When the function returns, the original data is overwritten by the result of the encryption operation. For block symmetric operations, the size of the data must always be a multiple of the block used by the algorithm in question. | ||||||
[in,out] | pdwDataLen | Pointer to a DWORD that contains the size of the data in pbData . When input parameter, contains the number of bytes to be processed, when output parameter, contains the number of bytes of data in clear text. |
int AAP_API DCreateHash | ( | HSESSIONCTX | hSession, |
int | nAlgId, | ||
HKEYCTX | hKey, | ||
DWORD | dwFlags, | ||
HHASHCTX * | hHash ) |
#include <dinamo.h>
Initializes a hash context to be used with a data stream. This context is used for subsequent DHashData(), DHashSessionKey() calls, among others.
[in] | hSession | Context acquired through the DOpenSession() function. | ||||||||||||||||||||||||||||||||||||||||
[in] | nAlgId | Defines the algorithm associated with the hash context.
| ||||||||||||||||||||||||||||||||||||||||
[in] | hKey | Must be passed according to the type of algorithm passed in nAlgId. | ||||||||||||||||||||||||||||||||||||||||
[in] | dwFlags | Reserved for future use (must be 0). | ||||||||||||||||||||||||||||||||||||||||
[out] | hHash | Pointer to the context of the generated hash. After use, it must be released with the DDestroyHash() function. |
#include <dinamo.h>
Adds data to a given hash context. This function can be called several times to add discontinuous data.
[in] | hHash | Hash context generated by the DCreateHash() function. |
[in] | pbData | Buffer containing the data that will be added to the hash context. |
[in] | dwDataLen | Number of bytes to be added. |
[in] | dwFlags | Reserved for future use (must be 0). |
int AAP_API DSetHashParam | ( | HHASHCTX | hHash, |
DWORD | dwParam, | ||
BYTE * | pbData, | ||
DWORD | dwDataLen, | ||
DWORD | dwFlags ) |
#include <dinamo.h>
Changes a hash context created by DCreateHash().
[in] | hHash | Hash context generated by the DCreateHash() function. | ||||||
[in] | dwParam | Defines the hash context parameter to be modified.
| ||||||
[in] | pbData | Pointer to the data or structures specified in dwParam . | ||||||
[in] | dwDataLen | Size of data or structure specified in dwParam . | ||||||
[in] | dwFlags | Reserved for future use (must be 0). |
int AAP_API DGetHashParam | ( | HHASHCTX | hHash, |
DWORD | dwParam, | ||
BYTE * | pbData, | ||
DWORD * | pdwDataLen, | ||
DWORD | dwFlags ) |
#include <dinamo.h>
Returns attributes associated with a given hash context. The hash value can be retrieved using this function.
[in] | hHash | Hash context generated by the DCreateHash() function. | ||||||||
[in] | dwParam | Defines the hash context parameter to be retrieved.
| ||||||||
[in] | pbData | Pointer to the data or structures specified in dwParam . This parameter can be NULL to specify the amount of memory required. | ||||||||
[in,out] | pdwDataLen | Pointer to the buffer size, in bytes, specified in pbData . When the function returns, this parameter will contain the size of the data stored in pbData . | ||||||||
[in] | dwFlags | Reserved for future use (must be 0). |
int AAP_API DSignHash | ( | HHASHCTX | hHash, |
HKEYCTX | hKey, | ||
DWORD | dwFlags, | ||
BYTE * | pbSignature, | ||
DWORD * | pdwSigLen ) |
#include <dinamo.h>
Signs a piece of data from its hash context created with the DCreateHash() function.
[in] | hHash | Hash context generated by the DCreateHash() function. | ||||||||
[in] | hKey | Context of the private key to be used in the signature. | ||||||||
[in] | dwFlags | You must pass 0 or some modifier defined in the list below.
| ||||||||
[out] | pbSignature | Buffer that will receive the signature. This parameter can be NULL to specify the amount of memory required. | ||||||||
[in,out] | pdwSigLen | Pointer to the size of the signature, in bytes. When the function returns, this parameter will contain the size of the data stored in pbSignature. |
Signatures generated with EdDSA keys are made using the PureEdDSA signature algorithm as described in RFC 8032. Therefore, the ALG_IDENTITY_FUNC algorithm must be used in the hash APIs to use the identity function. The maximum data size accepted for signing is DN_SIG_EDDSA_MAX_DATA_LEN bytes.
#include <dinamo.h>
Releases the context of a hash after it has been used. Once this context has been released, it can no longer be used by any function and becomes invalid.
[in] | phHash | Hash context generated by the DCreateHash() function. |
int AAP_API DVerifySignature | ( | HHASHCTX | hHash, |
BYTE * | pbSignature, | ||
DWORD | dwSigLen, | ||
HKEYCTX | hPubKey, | ||
DWORD | dwFlags ) |
#include <dinamo.h>
Checks the signature of the hash associated with a context.
[in] | hHash | Hash context generated by the DCreateHash() function. | ||||||
[in] | pbSignature | Buffer containing the signature to be verified. | ||||||
[in] | dwSigLen | Number of bytes in the signature. | ||||||
[in] | hPubKey | Context for the public key used to verify the signature. | ||||||
[in] | dwFlags | Function behavior modifiers.
|
#include <dinamo.h>
Duplicates the context of a hash, including its internal state.
[in] | hHash | Hash context generated by the DCreateHash() function. |
[in] | dwFlag | Reserved for future use (must be 0). |
[in] | phHash | Pointer to the context of the generated hash. After use, it must be released with the DDestroyHash() function. |
int AAP_API DGetRandom | ( | HSESSIONCTX | hSession, |
BYTE * | pbData, | ||
DWORD | dwDataLen ) |
#include <dinamo.h>
Retrieves a certain number of pseudo-random bytes for cryptographic use.
[in] | hSession | Context acquired through the DOpenSession() function. |
[out] | pbData | Buffer that will be filled with the pseudo-random bytes. |
[in] | dwDataLen | Size in bytes of pbData . |
int AAP_API DGenEcdhKey | ( | HSESSIONCTX | hSession, |
DWORD | dwOP, | ||
char * | szPriKey, | ||
void * | pvInData, | ||
DWORD | dwInDataLen, | ||
BYTE * | pbOutData, | ||
DWORD * | pdwOutDataLen, | ||
DWORD | dwFlags ) |
#include <dinamo.h>
It generates ashared secret/key using the ECDH (Elliptc Curve Diffie-Hellman)key-agreement protocol.
[in] | hSession | Context acquired through the DOpenSession() function. | ||||||
[in] | dwOP | Function behavior modifiers.
| ||||||
[in] | szPriKey | Identifier of the private key within the HSM. This identifier must not contain spaces or special characters. Uppercase and lowercase characters are differentiated ( case sensitive) | ||||||
[in] | pvInData | Pointer to the function's input data. Must be filled in as described in the options for dwOP | ||||||
[in] | dwInDataLen | Size in bytes of pvInData . | ||||||
[out] | pbOutData | Buffer that will receive the output key/secret. This parameter can be NULL to return the amount of memory needed in pdwOutDataLen . This parameter will be ignored when the operation is to write the key to the HSM. | ||||||
[in,out] | pdwOutDataLen | Pointer to buffer size pbOutData in bytes, which will contain the output key/secret. When the function returns, this parameter will contain the size of the data actually stored in pbOutData . This parameter will be ignored when the operation is to write the key to the HSM. | ||||||
[in] | dwFlags | Reserved for future use (must be 0). |
int AAP_API DCRLCertCheck | ( | HSESSIONCTX | hSession, |
char * | szCRL, | ||
char * | szCertId, | ||
char * | szVerifyInfo ) |
#include <dinamo.h>
Validates an X.509 certificate in the HSM using an LCR (List of Revoked Certificates) and a certificate chain.
[in] | hSession | Context acquired through the DOpenSession() function. |
[in] | szCRL | Name of the LCR (List of Revoked Certificates). |
[in] | szCertId | Name of the certificate to be validated. |
[in] | szVerifyInfo | Name of the certificate chain/certificate for validating the certificate specified in szCertId. Can be passed NULL to avoid checking the certificate chain. |
0 (ZERO) if the function is successful.
See the Return Codes section for other values.
int AAP_API DMofNSplit | ( | HSESSIONCTX | hSession, |
BYTE | bM, | ||
BYTE | bN, | ||
BYTE * | pbSecret, | ||
DWORD | dwSecretLen, | ||
DN_M_OF_N_SPLIT_INFO * | pstSplitInfo, | ||
DWORD | dwReserved ) |
#include <dinamo.h>
Divides M from N in a secret. According to Shamir's secret sharing pattern.
[in] | hSession | Context acquired through the DOpenSession() function. |
[in] | bM | Minimum number of parts needed to rebuild the secret. Minimum DN_M_OF_N_S_MIN and maximum DN_M_OF_N_S_MAX. |
[in] | bN | Total number of parts generated. Minimum DN_M_OF_N_S_MIN and maximum DN_M_OF_N_S_MAX. |
[in] | pbSecret | A secret that will be shared in several parts. It should be DN_M_OF_N_S_LEN. NULL can be passed so that a secret is randomly generated by the HSM, in which case the value will be returned in pstSplitInfo . |
[in] | dwSecretLen | Size of data entered in pbSecret . Case pbSecret is NULL pass 0 in this parameter. |
[out] | pstSplitInfo | Output data. |
[in] | dwReserved | Reserved for future use (must be 0). |
0 (ZERO) if the function is successful.
See the Return Codes section for other values.
int AAP_API DMofNRecover | ( | HSESSIONCTX | hSession, |
DN_M_OF_N_PART * | pstParts, | ||
DWORD | dwPartsCount, | ||
BYTE * | pbSecret, | ||
DWORD | dwReserved ) |
#include <dinamo.h>
Reconstructs the secret M of N from the parts of the custodians. According to Shamir's secret sharing pattern.
[in] | hSession | Context acquired through the DOpenSession() function. |
[in] | pstParts | Array of custodian parts. |
[in] | dwPartsCount | Number of parts passed in pstParts . |
[in] | pbSecret | Reconstructed secret. Must have size DN_M_OF_N_S_LEN. |
[in] | dwReserved | Reserved for future use (must be 0). |
0 (ZERO) if the function is successful.
See the Return Codes section for other values.
int AAP_API DGenerateSVMK | ( | HSESSIONCTX | hSession, |
int | nVersion, | ||
const BYTE * | pbKey, | ||
BYTE | bM, | ||
BYTE | bN, | ||
DN_SC_M_OF_N_SHADOW * | pstShadows, | ||
DWORD | dwReserved ) |
#include <dinamo.h>
Generates SVMK (Secret Master Key) according to the Shamir secret sharing standard. The session can be authenticated or anonymous.
[in] | hSession | Context acquired through the DOpenSession() function. | ||||||
[in] | nVersion | Shadow version. According to the table below.
| ||||||
[in] | pbKey | Key that will be shared in several parts. It should have a size as described in dwType . NULL can be passed so that a secret is randomly generated by the HSM (recommended). | ||||||
[in] | bM | Minimum number of parts needed to rebuild the secret. Minimum DN_M_OF_N_S_MIN and maximum DN_M_OF_N_S_MAX. | ||||||
[in] | bN | Total number of parts generated. Minimum DN_M_OF_N_S_MIN and maximum DN_M_OF_N_S_MAX. | ||||||
[out] | pstShadows | Shadows generated. The size of the array must be equal to or greater than bN . | ||||||
[in] | dwReserved | Reserved for future use (must be 0). |
int AAP_API DRecoverSVMK | ( | HSESSIONCTX | hSession, |
DN_SC_M_OF_N_SHADOW * | pstShadows, | ||
BYTE | bShadowsCount, | ||
BYTE * | pbKey, | ||
DWORD | dwReserved ) |
#include <dinamo.h>
Reconstructs the original SVMK (Server Master Key) from the parts of the custodians. According to the Shamir secret sharing standard. The session can be authenticated or anonymous.
[in] | hSession | Context acquired through the DOpenSession() function. | ||||||
[in] | pstShadows | Array of custodian parts. | ||||||
[in] | bShadowsCount | Number of parts passed in pstShadows . | ||||||
[out] | pbKey | Reconstructed key. Must have a size according to the type of shadow entered in the structure pstShadows .
| ||||||
[in] | dwReserved | Reserved for future use (must be 0). |