C/C++ API
HSM Dinamo
Loading...
Looking for...
No entries found
skeep_new_split_recover.c

Example of creating, splitting and recovering a secret using the Safe Keeping module.

See Note on examples.
/* skeep_new_split_recover.c
*
* Example showing how to create a secret, divide it into shares and
* recover it from M parts.
*
* Create a secret
* Divide the secret into N parts where M parts are needed for
* retrieve the secret. Optionally: generate the checksum for each part.
* 3. recover the secret from M parts
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "dinamo.h" /* header of Dinamo */
#define HOST_ADDR "127.0.0.1"
#define USER_ID "master"
#define USER_PWD "12345678"
static int OpenSession(HSESSIONCTX *hSession, const char *cszIp, const char *cszUser,
const char *cszPassword)
{
struct AUTH_PWD authPwd;
/* Initializes the structure for connecting to the HSM */
strncpy(authPwd. szAddr, HOST_ADDR, sizeof(authPwd.szAddr));
authPwd. nPort = DEFAULT_PORT;
strncpy(authPwd. szUserId, USER_ID, sizeof(authPwd.szUserId));
strncpy(authPwd. szPassword, USER_PWD, sizeof(authPwd.szPassword));
return DOpenSession(hSession, SS_USER_PWD,(BYTE *)&authPwd, sizeof(authPwd), ENCRYPTED_CONN);
}
static void PrintError(const char *cszFunction, int nRet)
{
printf("Function failure: %s \nError code: %d\n", cszFunction, nRet);
}
int main()
{
int nRet = 0;
HSESSIONCTX hSession = NULL;
#define M (2) /* Minimum number of shares to retrieve the secret */
#define N (3) /* Total number of shares */
const char *szId = "secret";
BYTE bSecLevel = DN_SKEEP_SEC_LEVEL_160b; /* Secret security level */
WORD wAuthType = DN_SKEEP_TYPE_NMIND; /* Type of authentication for the secret. In this test, it is not the default user and password. */
int i = 0;
SKeepShare shares[N] = {0}; /* Vetor de partes */
SKeepRecoverInfo stRecoverInfo = {0}; /* Estrutura para recuperar o segredo */
/* Initializes the libraries of Dinamo */
nRet = DInitialize(0);
if (nRet)
{
PrintError("DInitialize", nRet);
goto clean;
}
printf("Libraries initialized.\n");
/* Open session with HSM */
nRet = OpenSession(&hSession, HOST_ADDR, USER_ID, USER_PWD);
if (nRet)
{
PrintError("DOpenSession", nRet);
goto clean;
}
printf("Session with Dinamo established.\n");
/*
1. Create a secret
*/
nRet = DSKeepNewSecret(hSession, szId, bSecLevel, wAuthType, 0);
if(nRet)
{
PrintError("DSKeepNewSecret", nRet);
goto clean;
}
printf("Secret successfully created.\n");
/*
2. Divide the secret into parts.
The secret is divided into N parts, of which M parts are necessary
to recover the secret.
*/
nRet = DSKeepSplitSecret(hSession, szId, bSecLevel, wAuthType, M, N, shares, 0);
if (nRet)
{
PrintError("DSKeepSplitSecret", nRet);
goto clean;
}
printf("Secret split successfully.\n");
/*
Optional: Calculate the checksum of each part.
The checksum is used to verify that the part is entered correctly in the
ceremony application.
Ideally, it should be stored with the part and checked beforehand
to recover the secret.
*/
for (i = 0; i < N; i++)
{
char szShareCks[DN_SKEEP_SHARE_CKS_LEN + 1] = {0};
nRet = DSKeepCalcShareCks(DN_SKEEP_GEN_SHARE_CKS, shares[i].szShare, szShareCks);
if (nRet)
{
PrintError("DSKeepSplitSecret", nRet);
goto clean;
}
printf("Share %d: %s [%s]\n", i, shares[i].szShare, szShareCks);
}
/*
3. Recover the secret from M parts
*/
nRet = DSKeepRecoverSecret(hSession, szId, shares, M, &stRecoverInfo, 0);
if (nRet)
{
PrintError("DSKeepRecoverSecret", nRet);
goto clean;
}
printf("Secret successfully retrieved.\n");
printf("Secret: %s\n", stRecoverInfo. szSecret);
/* Remove the secret */
nRet = DSKeepRemoveSecret(hSession, szId, bSecLevel, wAuthType, 0);
if (nRet)
{
PrintError("DSKeepRemoveSecret", nRet);
goto clean;
}
printf("Secret successfully removed.\n");
clean:
DCloseSession(&hSession, 0);
printf("Session closed.\n");
DFinalize();
printf("Libraries finished.\n");
return nRet;
}
dinamo.h
HSM Application Programming Interface (API) Dinamo.
HSESSIONCTX
void * HSESSIONCTX
Definition dinamo.h:68
DEFAULT_PORT
#define DEFAULT_PORT
Definition dinamo.h:1948
WORD
unsigned short WORD
Definition dinamo.h:48
BYTE
unsigned char BYTE
Definition dinamo.h:45
ENCRYPTED_CONN
#define ENCRYPTED_CONN
Definition dinamo.h:585
SS_USER_PWD
#define SS_USER_PWD
Definition dinamo.h:576
DOpenSession
int AAP_API DOpenSession(HSESSIONCTX *phSession, DWORD dwParam, BYTE *pbData, DWORD dwDataLen, DWORD dwFlags)
DCloseSession
int AAP_API DCloseSession(HSESSIONCTX *phSession, DWORD dwFlags)
DInitialize
int AAP_API DInitialize(DWORD dwReserved)
DFinalize
int AAP_API DFinalize()
DSKeepNewSecret
int AAP_API DSKeepNewSecret(HSESSIONCTX hSession, const char *cszId, BYTE bSecLevel, WORD wAuthType, DWORD dwReserved)
DN_SKEEP_SEC_LEVEL_160b
#define DN_SKEEP_SEC_LEVEL_160b
Definition dinamo.h:9083
DN_SKEEP_GEN_SHARE_CKS
#define DN_SKEEP_GEN_SHARE_CKS
Definition dinamo.h:9196
DN_SKEEP_SHARE_CKS_LEN
#define DN_SKEEP_SHARE_CKS_LEN
Definition dinamo.h:9194
DSKeepRemoveSecret
int AAP_API DSKeepRemoveSecret(HSESSIONCTX hSession, const char *cszId, BYTE bSecLevel, WORD wAuthType, DWORD dwReserved)
DSKeepCalcShareCks
int AAP_API DSKeepCalcShareCks(DWORD dwType, const char *cszShare, char *szCks)
DN_SKEEP_TYPE_NMIND
#define DN_SKEEP_TYPE_NMIND
Definition dinamo.h:9086
DSKeepSplitSecret
int AAP_API DSKeepSplitSecret(HSESSIONCTX hSession, const char *cszId, BYTE bSecLevel, WORD wAuthType, BYTE bM, BYTE bN, SKeepShare *pstShares, DWORD dwReserved)
DSKeepRecoverSecret
int AAP_API DSKeepRecoverSecret(HSESSIONCTX hSession, const char *cszId, const SKeepShare *cpstShares, DWORD dwSharesCount, SKeepRecoverInfo *pstRecoverInfo, DWORD dwReserved)
AUTH_PWD
Definition dinamo.h:3089
AUTH_PWD::nPort
int nPort
Definition dinamo.h:3091
AUTH_PWD::szUserId
char szUserId[MAX_USR_LEN]
Definition dinamo.h:3092
AUTH_PWD::szAddr
char szAddr[MAX_ADDR_LEN]
Definition dinamo.h:3090
AUTH_PWD::szPassword
char szPassword[MAX_USR_PWD]
Definition dinamo.h:3093
SKeepRecoverInfo
Definition dinamo.h:3640
SKeepRecoverInfo::szSecret
char szSecret[DN_SKEEP_M_OF_N_S_LEN+1]
Definition dinamo.h:3642
SKeepShare
Definition dinamo.h:3649
Generated by Doxygen / Doxygen Awesome