Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

API Calling Example

Key Management API Example

The following uses SM2 user key as an example to demonstrate how to use the preceding APIs for key creation, password change, path addition and deletion for key access, key export and import, and key deletion.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/sha.h>
#include "sdf.h"

#define MAX_KEY_FILE_SIZE (1024 * 1024)
#define EXPORT_SALT "123456789"
#define CA_PATH "./test_sdf"
#define USER_NAME "root"
#define PASSWD "Huawei123."
#define NEWPASSWD "Huawei321."
#define ALG_FLAG_OFFSET 20

int generate_key(void *session, unsigned int key_id, unsigned char *password)
{
    int ret;
    // SM2 signature and encryption key.
    unsigned int sign_info = SDF_SM2_SIGN << ALG_FLAG_OFFSET | key_id;
    unsigned int enc_info = SDF_SM2_ENC << ALG_FLAG_OFFSET | key_id;
    ret = ECM_GenerateKey(session, sign_info, password, strlen(password));
    if (ret != SDR_OK) {
        printf("ECM_GenerateKey sign key failed, ret = 0x%x\n", ret);
        return ret;
    }
    
    ret = ECM_GenerateKey(session, enc_info, password, strlen(password));
    if (ret != SDR_OK) {
        printf("ECM_GenerateKey enc key failed, ret = 0x%x\n", ret);
        return ret;
    }
    return ret;
}
int delete_key(void *session, unsigned int key_id)
{
    int ret;
    unsigned int sign_info = SDF_SM2_SIGN << ALG_FLAG_OFFSET | key_id;
    unsigned int enc_info = SDF_SM2_ENC << ALG_FLAG_OFFSET | key_id;
    ret = ECM_DeleteKey(session, sign_info);
    if (ret != SDR_OK) {
        printf("ECM_DeleteKey key_index %d failed, ret = 0x%x\n", key_id, ret);
        return ret;
    }
    ret = ECM_DeleteKey(session, enc_info);
    if (ret != SDR_OK) {
        printf("ECM_DeleteKey key_index %d failed, ret = 0x%x\n", key_id, ret);
    }
    return ret;
}
int export_import_key(void *session, unsigned int key_id1, unsigned int key_id2)
{
    int ret = -1;
    uint8_t *key_data = NULL;
    uint32_t key_data_len = MAX_KEY_FILE_SIZE;
    unsigned int sign_key_info1 = SDF_SM2_SIGN << ALG_FLAG_OFFSET | key_id1;
    unsigned int sign_key_info2 = SDF_SM2_SIGN << ALG_FLAG_OFFSET | key_id2;
    unsigned int enc_key_info1 = SDF_SM2_ENC << ALG_FLAG_OFFSET | key_id1;
    unsigned int enc_key_info2 = SDF_SM2_ENC << ALG_FLAG_OFFSET | key_id2;
    key_data = (uint8_t *)malloc(key_data_len);
    if (key_data == NULL) {
        printf("malloc failed\n");
        return -1;
    }
    // Exports and imports the signature key.
    ret = ECM_ExportKey(session, sign_key_info1, key_data, &key_data_len, EXPORT_SALT);
    if (ret) {
        printf("ECM_ExportKey sign key failed, ret = 0x%x, %d\n", ret, key_data_len);
        goto free;
    }
    ret = ECM_ImportKey(session, sign_key_info2, key_data, key_data_len, EXPORT_SALT);
    if (ret) {
        printf("ECM_ImportKey sign key failed, ret = 0x%x\n", ret);
        goto free;
    }
    // Exports and imports the encryption key.
    ret = ECM_ExportKey(session, enc_key_info1, key_data, &key_data_len, EXPORT_SALT);
    if (ret) {
        printf("ECM_ExportKey enc key failed, ret = 0x%x, %d\n", ret, key_data_len);
        goto free;
    }
    ret = ECM_ImportKey(session, enc_key_info2, key_data, key_data_len, EXPORT_SALT);
    if (ret) {
        printf("ECM_ImportKey enc key failed, ret = 0x%x\n", ret);
        goto free;
    }
free:
    free(key_data);
    return ret;
}
int change_passwd(void *session, unsigned int key_id, char *passwd, char *new_passwd)
{
    int ret;
    unsigned int sign_info = SDF_SM2_SIGN << ALG_FLAG_OFFSET | key_id;
    unsigned int enc_info = SDF_SM2_ENC << ALG_FLAG_OFFSET | key_id;
    ret = ECM_ChangePassword(session, sign_info, passwd, strlen(passwd), new_passwd, strlen(new_passwd));
    if (ret != SDR_OK) {
        printf("ECM_ChangePassword sign key failed, ret = 0x%x\n", ret);
        return ret;
    }
    ret = ECM_ChangePassword(session, enc_info, passwd, strlen(passwd), new_passwd, strlen(new_passwd));
    if (ret != SDR_OK) {
        printf("ECM_ChangePassword sign key failed, ret = 0x%x\n", ret);
    }
    return ret;
}
void calculate_cainfo(const char *ca_path, const char *user_name, unsigned char hash[32])
{
    char plan[256] = {0};
    memcpy(plan, user_name, strlen(user_name));
    SHA256_CTX sha256;
    SHA256_Init(&sha256);
    SHA256_Update(&sha256, ca_path, strlen(ca_path));
    SHA256_Update(&sha256, plan, 256);
    SHA256_Final(hash, &sha256);
    for (size_t i = 0; i < 32; i++) {
        printf("%02x", hash[i]);
    }
    printf("\n");
}
int set_ca_access_right(void *session, unsigned int key_id, char *ca_path, char *user_name, char *passwd)
{
    int ret;
    unsigned int sign_info = SDF_SM2_SIGN << ALG_FLAG_OFFSET | key_id;
    unsigned int enc_info = SDF_SM2_ENC << ALG_FLAG_OFFSET | key_id;
    unsigned char hash[32] = {0};
    unsigned char hash2[32] = {0};
    calculate_cainfo(ca_path, user_name, hash);
    ret = ECM_SetAccessRight(session, sign_info, hash, passwd, strlen(passwd));
    if (ret != SDR_OK) {
        printf("ECM_SetAccessRight sign key failed, ret = 0x%x\n", ret);
        return ret;
    }
    ret = ECM_SetAccessRight(session, enc_info, hash, passwd, strlen(passwd));
    if (ret != SDR_OK) {
        printf("ECM_SetAccessRight sign key failed, ret = 0x%x\n", ret);
    }
    return ret;
}
int delete_ca_access_right(void *session, unsigned int key_id, char *ca_path, char *user_name, char *passwd)
{
    int ret;
    unsigned int sign_info = SDF_SM2_SIGN << ALG_FLAG_OFFSET | key_id;
    unsigned int enc_info = SDF_SM2_ENC << ALG_FLAG_OFFSET | key_id;
    unsigned char hash[32] = {0};
    calculate_cainfo(ca_path, user_name, hash);
    ret = ECM_DelAccessRight(session, sign_info, hash, passwd, strlen(passwd));
    if (ret != SDR_OK) {
        printf("ECM_SetAccessRight sign key failed, ret = 0x%x\n", ret);
        return ret;
    }
    ret = ECM_DelAccessRight(session, enc_info, hash, passwd, strlen(passwd));
    if (ret != SDR_OK) {
        printf("ECM_SetAccessRight sign key failed, ret = 0x%x\n", ret);
    }
    return ret;
}
int main()
{
    int ret = -1;
    int key_idx1 = 1, key_idx2 = 2;
    void *device = NULL, *session = NULL;
    ret = SDF_OpenDevice(&device);
    if (ret != SDR_OK) {
        printf("sdf open device failed, ret = 0x%x\n", ret);
        return ret;
    }
    ret = ECM_OpenSession(device, &session);
    if (ret != SDR_OK) {
        printf("sdf open session failed, ret = 0x%x\n", ret);
        goto close;
    }
    ret = generate_key(session, key_idx1, PASSWD);
    if (ret != SDR_OK) {
        printf("generate_key failed, ret = 0x%x\n", ret);
        goto close;
    }
    printf("generate key success\n");
    // Changes the password.
    ret = change_passwd(session, key_idx1, PASSWD, NEWPASSWD);
    if (ret != SDR_OK) {
        printf("chage key passwd failed, ret = 0x%x\n", ret);
        goto close;
    }
    printf("change passwd success\n");
    // Adds the CA access permission.
    ret = set_ca_access_right(session, key_idx1, CA_PATH, USER_NAME, NEWPASSWD);
    if (ret != SDR_OK) {
        printf("set ca access right failed, ret = 0x%x\n", ret);
        goto close;
    }
    printf("set ca path success\n");
    // Deletes the CA access permission.
    ret = delete_ca_access_right(session, key_idx1, CA_PATH, USER_NAME, NEWPASSWD);
    if (ret != SDR_OK) {
        printf("delete ca access right failed, ret = 0x%x\n", ret);
        goto close;
    }
    printf("delete ca path success\n");
    // Imports the key to key_idx2.
    ret = export_import_key(session, key_idx1, key_idx2);
    if (ret != SDR_OK) {
        printf("export_import_key failed, ret = 0x%x\n", ret);
        goto close;
    }
    printf("export key %d, import to key %d success\n", key_idx1, key_idx2);
    ret = delete_key(session, key_idx1);
    if (ret != SDR_OK) {
        printf("ECM_DeleteKey failed, ret = 0x%x\n", ret);
        goto close;
    }
    ret = delete_key(session, key_idx2);
    if (ret != SDR_OK) {
        printf("ECM_DeleteKey failed, ret = 0x%x\n", ret);
        goto close;
    }
    printf("delete key success\n");
close:
    if (session != NULL) {
        (void)SDF_CloseSession(session);
    }
    if (device != NULL) {
        (void)SDF_CloseDevice(device);
    }
    return ret;
}

gcc -I/path/to/sdf.h/ test.c -lsdf  -lcrypto

API Calling Demo

  1. Download the API header file of this module.
    git clone https://gitee.com/openeuler/itrustee_sdk.git
  2. You can import the sdf.h header file to the code to develop an application. The following describes how to obtain device information.
    vim test_sdf.c

    Create the test_sdf.c source file and add the following content to the file:

    #include <stdio.h>
#include "sdf.h"

int main()
{
    int ret = -1;
    void *hDeviceHandle = NULL;
    void *hSessionHandle = NULL;
    DEVICEINFO info = {0};
    ret = SDF_OpenDevice(&hDeviceHandle);
    if (ret != SDR_OK) {
        printf("sdf open device failed, ret = 0x%x\n", ret);
        return ret;
    }
    ret = SDF_OpenSession(hDeviceHandle, &hSessionHandle);
    if (ret != SDR_OK) {
        printf("sdf open session failed, ret = 0x%x\n", ret);
        return ret;
    }
    printf("sdf open device and session success\n");
    ret = SDF_GetDeviceInfo(hSessionHandle, &info);
    if (ret != SDR_OK) {
        printf("sdf get device info failed, ret = 0x%x\n", ret);
        return ret;
    }
    printf("sdf get device info success\n");
    printf("Device Name: %s\n", info.DeviceName);
    return 0;
}
  3. After the above steps are complete, compile the code as follows:
    gcc test_sdf.c -lsdf -ldl  -I/path/to/itrustee_sdk/include/SDF/ -o test_sdf
  4. Execute the application, and the device name can be printed.
Parent topic: Developer Guide