1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
/*
* Copyright 2015-2018 Yubico AB
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifdef NDEBUG
#undef NDEBUG
#endif
#include <assert.h>
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <yubihsm.h>
const char *key_label = "label";
const uint8_t password[] = "password";
const uint8_t clear[] = "test data";
int main(void) {
yh_connector *connector = NULL;
yh_session *session = NULL;
yh_rc yrc = YHR_GENERIC_ERROR;
uint16_t authkey = 1;
const char *connector_url;
connector_url = getenv("DEFAULT_CONNECTOR_URL");
if (connector_url == NULL) {
connector_url = DEFAULT_CONNECTOR_URL;
}
yrc = yh_init();
assert(yrc == YHR_SUCCESS);
yrc = yh_init_connector(connector_url, &connector);
assert(yrc == YHR_SUCCESS);
yrc = yh_connect(connector, 0);
assert(yrc == YHR_SUCCESS);
yrc = yh_create_session_derived(connector, authkey, password,
sizeof(password) - 1, false, &session);
assert(yrc == YHR_SUCCESS);
uint8_t session_id;
yrc = yh_get_session_id(session, &session_id);
assert(yrc == YHR_SUCCESS);
printf("Successfully established session %02d\n", session_id);
yh_capabilities capabilities = {{0}};
yrc = yh_string_to_capabilities("wrap-data:unwrap-data", &capabilities);
assert(yrc == YHR_SUCCESS);
yh_capabilities delegated_capabilities = {{0}};
uint16_t domain_five = 0;
uint16_t wrapping_key_id = 0; // ID 0 lets the device generate an ID
yrc = yh_string_to_domains("5", &domain_five);
assert(yrc == YHR_SUCCESS);
yrc =
yh_util_generate_wrap_key(session, &wrapping_key_id, key_label, domain_five,
&capabilities, YH_ALGO_AES256_CCM_WRAP,
&delegated_capabilities);
assert(yrc == YHR_SUCCESS);
printf("Generated wrapping key with ID %04x\n", wrapping_key_id);
uint8_t data[1024];
size_t data_len = sizeof(data);
yrc = yh_util_wrap_data(session, wrapping_key_id, clear, sizeof(clear), data,
&data_len);
assert(yrc == YHR_SUCCESS);
printf("Data wrapped to length %zu\n", data_len);
assert(data_len == sizeof(clear) + YH_CCM_WRAP_OVERHEAD);
assert(memcmp(data, clear, sizeof(clear)) != 0);
yrc = yh_util_unwrap_data(session, wrapping_key_id, data, data_len, data,
&data_len);
assert(yrc == YHR_SUCCESS);
assert(data_len == sizeof(clear));
assert(memcmp(data, clear, sizeof(clear)) == 0);
printf("Data unwrapped successfully\n");
yrc = yh_util_close_session(session);
assert(yrc == YHR_SUCCESS);
yrc = yh_destroy_session(&session);
assert(yrc == YHR_SUCCESS);
yh_disconnect(connector);
assert(yrc == YHR_SUCCESS);
yrc = yh_exit();
assert(yrc == YHR_SUCCESS);
return 0;
}
|
