hsm_client/c/user_otp_8c-example.html

#include <string.h>

#include <stdlib.h>

#include <stdio.h>

#include <dinamo.h>


/* Parametros da conexao */

#define   HSM_USR_ADM   "master"

#define   HSM_USR       "user"

#define   HSM_IP        "127.0.0.1"

#define   HSM_PWD       "12345678"


int NewHsmUser(HSESSIONCTX hSession, const char *szUser, const char *szPwd)

{

    int nRet = 0;

    struct USER_INFO stUserInfo = { 0 };


    /* Preenche a estrutura de usuário */


    strncpy(stUserInfo.szUserId, szUser, sizeof(stUserInfo.szUserId));

    strncpy(stUserInfo.szPassword, szPwd, sizeof(stUserInfo.szPassword));


    /* Cria um novo usuário no HSM */


    nRet = DCreateUser(hSession, stUserInfo);

    if (nRet)

    {

        printf("DCreateUser : Failed! %d.\n", nRet);

        return nRet;

    }


    return 0;

}


int main(void)

{

    int                 nRet            = 0;

    struct AUTH_PWD_EX  stAuthInfoAdm   = {0};

    struct AUTH_PWD_EX  stAuthInfoUser  = { 0 };

    HSESSIONCTX         hSessionAdm     = NULL;

    HSESSIONCTX         hSessionUser    = NULL;

    OATH_SA_v1          stTokenParam    = { 0 };


    const char cszOTP[] = "992271";


    /*

    * Semente utilizada para gerar o Blob HOTP.

    *

    * Esta semente pode ser transformada de binário para Base32

    * e importada no client(Google Authenticator, por exemplo).

    *

    */

    BYTE pbOtpKey[20] =

    {

        0xD5, 0x17, 0xED, 0x40, 0x1D, 0xF3, 0x03, 0x38, 0x37, 0xE0, 0x8B, 0x62, 0x55, 0xBE, 0xDB, 0xF9,

        0x52, 0x0E, 0xF8, 0x8E,

    };


    /*

        Preenche a estrutura do usuario administrador

    */

    strncpy(stAuthInfoAdm.szAddr, HSM_IP, sizeof(stAuthInfoAdm.szAddr));

    strncpy(stAuthInfoAdm.szUserId, HSM_USR_ADM, sizeof(stAuthInfoAdm.szUserId));

    strncpy(stAuthInfoAdm.szPassword, HSM_PWD, sizeof(stAuthInfoAdm.szPassword));

    stAuthInfoAdm.nPort = DEFAULT_PORT;

    stAuthInfoAdm.nStrongAuthLen = 0;

    stAuthInfoAdm.pbStrongAuth = NULL;

    stAuthInfoAdm.dwAuthType = SA_AUTH_NONE;


    DInitialize(0);


    /*

        Conecta com um usuário com permissões de administração

        para associar um token otp a um usuário comum.

    */


    nRet = DOpenSession(&hSessionAdm,

                        SS_USR_PWD_EX,

                        (BYTE *) &stAuthInfoAdm,

                        sizeof(struct AUTH_PWD_EX),

                        CACHE_BYPASS | LB_BYPASS | ENCRYPTED_CONN  );


    if(nRet)

    {

        printf("DOpenSession (adm) : Failed! %d.\n", nRet);

        goto clean;

    }


    /* Cria um usuário comum de teste */


    nRet = NewHsmUser(hSessionAdm, HSM_USR, HSM_PWD);

    if (nRet)

    {

        printf("NewHsmUser : Failed! %d.\n", nRet);

        goto clean;

    }


    /*  Associa o token ao usuário comum. */


    stTokenParam.type = OATH_SA_v1_type_SHA1;

    memcpy(stTokenParam.key, pbOtpKey, sizeof(pbOtpKey));

    stTokenParam.key_len = sizeof(pbOtpKey);

    stTokenParam.truncation_offset = OATH_SA_v1_HOTP_DYN_TRUNC_OFF;


    nRet = DAssignToken(hSessionAdm,

                        HSM_USR,

                        AT_OATH_TOKEN,

                        (BYTE *)&stTokenParam,

                        sizeof(stTokenParam));

    if( nRet )

    {

        printf("DAssignToken : Failed! %d.\n", nRet);

        goto clean;

    }


    /*

        Preenche a estrutura do usuário comum.

    */

    strncpy(stAuthInfoUser.szAddr, HSM_IP, sizeof(stAuthInfoUser.szAddr));

    strncpy(stAuthInfoUser.szUserId, HSM_USR, sizeof(stAuthInfoUser.szUserId));

    strncpy(stAuthInfoUser.szPassword, HSM_PWD, sizeof(stAuthInfoUser.szPassword));

    stAuthInfoUser.nPort = DEFAULT_PORT;

    stAuthInfoUser.pbStrongAuth = (BYTE *)cszOTP;

    stAuthInfoUser.nStrongAuthLen = (int)sizeof(cszOTP) - 1;

    stAuthInfoUser.dwAuthType = SA_AUTH_OTP;


    nRet = DOpenSession(&hSessionUser,

                        SS_USR_PWD_EX,

                        (BYTE *)&stAuthInfoUser,

                        sizeof(struct AUTH_PWD_EX),

                        CACHE_BYPASS | LB_BYPASS | ENCRYPTED_CONN);


    if (nRet)

    {

        printf("DOpenSession (user) : Failed! %d.\n", nRet);

        goto clean;

    }


    /*

        Re-sincroniza o token OTP do usuário comum.

        Usar quando o token HOTP(evento) não estiver sincronizado.


        Passa-se 2 OTPs consecutivos para que o HSM ajuste a janela de eventos

    */

    nRet = DOATHResync( hSessionAdm,

                        HSM_USR,

                        "758993",

                        "864532",

                        0);

    if (nRet)

    {

        printf("DOATHResync : Failed! %d.\n", nRet);

        goto clean;

    }


    /*

        Desassocia o token do usuário comum.

    */

    nRet = DUnassignToken(  hSessionAdm,

                            AT_OATH_TOKEN,

                            HSM_USR);

    if (nRet)

    {

        printf("DUnassignToken : Failed! %d.\n", nRet);

        goto clean;

    }


    clean:


    DCloseSession(&hSessionUser, 0);


    // Remove o usuário criado

    if (hSessionAdm != NULL)

    {

        DRemoveUser(hSessionAdm, HSM_USR);

    }


    DCloseSession(&hSessionAdm, 0);


    DFinalize();


    return nRet;

}

dinamo.h
Application Programming Interface (API) do HSM Dinamo.

HSESSIONCTX
void * HSESSIONCTX
Definição dinamo.h:68

DEFAULT_PORT
#define DEFAULT_PORT
Definição dinamo.h:1948

CACHE_BYPASS
#define CACHE_BYPASS
Definição dinamo.h:589

SA_AUTH_NONE
#define SA_AUTH_NONE
Definição dinamo.h:594

SA_AUTH_OTP
#define SA_AUTH_OTP
Definição dinamo.h:595

BYTE
unsigned char BYTE
Definição dinamo.h:45

LB_BYPASS
#define LB_BYPASS
Definição dinamo.h:588

OATH_SA_v1_HOTP_DYN_TRUNC_OFF
#define OATH_SA_v1_HOTP_DYN_TRUNC_OFF
Definição dinamo.h:853

ENCRYPTED_CONN
#define ENCRYPTED_CONN
Definição dinamo.h:585

OATH_SA_v1_type_SHA1
#define OATH_SA_v1_type_SHA1
Definição dinamo.h:852

SS_USR_PWD_EX
#define SS_USR_PWD_EX
Definição dinamo.h:579

AT_OATH_TOKEN
#define AT_OATH_TOKEN
Definição dinamo.h:844

DOpenSession
int AAP_API DOpenSession(HSESSIONCTX *phSession, DWORD dwParam, BYTE *pbData, DWORD dwDataLen, DWORD dwFlags)

DCloseSession
int AAP_API DCloseSession(HSESSIONCTX *phSession, DWORD dwFlags)

DInitialize
int AAP_API DInitialize(DWORD dwReserved)

DFinalize
int AAP_API DFinalize()

DRemoveUser
int AAP_API DRemoveUser(HSESSIONCTX hSession, char *szUserId)

DUnassignToken
int AAP_API DUnassignToken(const HSESSIONCTX hSession, const DWORD dwParam, const char *szUserId)

DAssignToken
int AAP_API DAssignToken(const HSESSIONCTX hSession, const char *szUserId, const DWORD dwParam, BYTE *pbData, const DWORD dwDataLen)

DCreateUser
int AAP_API DCreateUser(HSESSIONCTX hSession, struct USER_INFO userInfo)

DOATHResync
int AAP_API DOATHResync(const HSESSIONCTX hSession, char *szUser, char *szOTP1, char *szOTP2, DWORD dwParam)

AUTH_PWD_EX
Definição dinamo.h:3101

AUTH_PWD_EX::nPort
int nPort
Definição dinamo.h:3103

AUTH_PWD_EX::szUserId
char szUserId[MAX_USR_LEN]
Definição dinamo.h:3104

AUTH_PWD_EX::dwAuthType
DWORD dwAuthType
Definição dinamo.h:3106

AUTH_PWD_EX::szAddr
char szAddr[MAX_ADDR_LEN]
Definição dinamo.h:3102

AUTH_PWD_EX::szPassword
char szPassword[MAX_USR_PWD]
Definição dinamo.h:3105

AUTH_PWD_EX::nStrongAuthLen
int nStrongAuthLen
Definição dinamo.h:3112

AUTH_PWD_EX::pbStrongAuth
BYTE * pbStrongAuth
Definição dinamo.h:3111

OATH_SA_v1
Definição dinamo.h:2806

OATH_SA_v1::key_len
BYTE key_len
Definição dinamo.h:2811

OATH_SA_v1::key
BYTE key[MAX_OATH_HMAC_LEN]
Definição dinamo.h:2812

OATH_SA_v1::type
BYTE type
Definição dinamo.h:2807

OATH_SA_v1::truncation_offset
BYTE truncation_offset
Definição dinamo.h:2813

USER_INFO
Definição dinamo.h:3167

USER_INFO::szPassword
char szPassword[MAX_USR_PWD+1]
Definição dinamo.h:3169

USER_INFO::szUserId
char szUserId[MAX_USR_LEN+1]
Definição dinamo.h:3168