From 0419fed02bd3df8618ffd78b4f96ae7fbd956db3 Mon Sep 17 00:00:00 2001 From: zqr2001 <1805768383@qq.com> Date: Fri, 22 Jul 2022 17:31:39 +0800 Subject: [PATCH 1/6] native huks --- .../native_sdk/security/huks/native_hks_api.h | 58 ++ .../security/huks/native_hks_param.h | 56 ++ .../security/huks/native_hks_type.h | 547 ++++++++++++++++++ .../security/huks/native_hks_type_inner.h | 22 + 4 files changed, 683 insertions(+) create mode 100644 zh-cn/native_sdk/security/huks/native_hks_api.h create mode 100644 zh-cn/native_sdk/security/huks/native_hks_param.h create mode 100644 zh-cn/native_sdk/security/huks/native_hks_type.h create mode 100644 zh-cn/native_sdk/security/huks/native_hks_type_inner.h diff --git a/zh-cn/native_sdk/security/huks/native_hks_api.h b/zh-cn/native_sdk/security/huks/native_hks_api.h new file mode 100644 index 00000000..bfefa235 --- /dev/null +++ b/zh-cn/native_sdk/security/huks/native_hks_api.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _NATIVE_HKS_API_H_ +#define _NATIVE_HKS_API_H_ + +#include "native_hks_type.h" + +#ifdef __cplusplus +extern "C" { +#endif + +OH_HKS_API_EXPORT int32_t OH_HksGetSdkVersion(struct OH_HksBlob *sdkVersion); + +OH_HKS_API_EXPORT int32_t OH_HksGenerateKey(const struct OH_HksBlob *keyAlias, + const struct OH_HksParamSet *paramSetIn, struct OH_HksParamSet *paramSetOut); + +OH_HKS_API_EXPORT int32_t OH_HksImportKey(const struct OH_HksBlob *keyAlias, + const struct OH_HksParamSet *paramSet, const struct OH_HksBlob *key); + +OH_HKS_API_EXPORT int32_t OH_HksExportPublicKey(const struct OH_HksBlob *keyAlias, + const struct OH_HksParamSet *paramSet, struct OH_HksBlob *key); + +OH_HKS_API_EXPORT int32_t OH_HksDeleteKey(const struct OH_HksBlob *keyAlias, const struct OH_HksParamSet *paramSet); + +OH_HKS_API_EXPORT int32_t OH_HksGetKeyParamSet(const struct OH_HksBlob *keyAlias, + const struct OH_HksParamSet *paramSetIn, struct OH_HksParamSet *paramSetOut); + +OH_HKS_API_EXPORT int32_t OH_HksKeyExist(const struct OH_HksBlob *keyAlias, const struct OH_HksParamSet *paramSet); + +OH_HKS_API_EXPORT int32_t OH_HksInit(const struct OH_HksBlob *keyAlias, const struct OH_HksParamSet *paramSet, + struct OH_HksBlob *handle); + +OH_HKS_API_EXPORT int32_t OH_HksUpdate(const struct OH_HksBlob *handle, const struct OH_HksParamSet *paramSet, + const struct OH_HksBlob *inData, struct OH_HksBlob *outData); + +OH_HKS_API_EXPORT int32_t OH_HksFinish(const struct OH_HksBlob *handle, const struct OH_HksParamSet *paramSet, + const struct OH_HksBlob *inData, struct OH_HksBlob *outData); + +OH_HKS_API_EXPORT int32_t OH_HksAbort(const struct OH_HksBlob *handle, const struct OH_HksParamSet *paramSet); + +#ifdef __cplusplus +} +#endif + +#endif /* NATIVE_OH_HKS_API_H */ \ No newline at end of file diff --git a/zh-cn/native_sdk/security/huks/native_hks_param.h b/zh-cn/native_sdk/security/huks/native_hks_param.h new file mode 100644 index 00000000..db5b2f47 --- /dev/null +++ b/zh-cn/native_sdk/security/huks/native_hks_param.h @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef NATIVE_HKS_PARAM_H +#define NATIVE_HKS_PARAM_H + +#include "native_hks_type.h" + +#define OH_HKS_PARAM_SET_MAX_SIZE (4 * 1024 * 1024) +#define OH_HKS_DEFAULT_PARAM_SET_SIZE 512 +#define OH_HKS_DEFAULT_PARAM_CNT ((uint32_t)(OH_HKS_DEFAULT_PARAM_SET_SIZE / sizeof(struct OH_HksParam))) +#define OH_HKS_TAG_TYPE_MASK (0xF << 28) + +#ifdef __cplusplus +extern "C" { +#endif + +OH_HKS_API_EXPORT int32_t OH_HksInitParamSet(struct OH_HksParamSet **paramSet); + +OH_HKS_API_EXPORT int32_t OH_HksAddParams(struct OH_HksParamSet *paramSet, + const struct OH_HksParam *params, uint32_t paramCnt); + +OH_HKS_API_EXPORT int32_t OH_HksBuildParamSet(struct OH_HksParamSet **paramSet); + +OH_HKS_API_EXPORT void OH_HksFreeParamSet(struct OH_HksParamSet **paramSet); + +OH_HKS_API_EXPORT int32_t OH_HksGetParamSet(const struct OH_HksParamSet *fromParamSet, uint32_t fromParamSetSize, + struct OH_HksParamSet **paramSet); + +OH_HKS_API_EXPORT int32_t OH_HksGetParam(const struct OH_HksParamSet *paramSet, uint32_t tag, struct OH_HksParam **param); + +OH_HKS_API_EXPORT int32_t OH_HksFreshParamSet(struct OH_HksParamSet *paramSet, bool isCopy); + +int32_t OH_HksCheckParamSetTag(const struct OH_HksParamSet *paramSet); + +int32_t OH_HksCheckParamSet(const struct OH_HksParamSet *paramSet, uint32_t size); + +int32_t OH_HksCheckParamMatch(const struct OH_HksParam *baseParam, const struct OH_HksParam *param); + +#ifdef __cplusplus +} +#endif + +#endif /* NATIVE_HKS_PARAM_H */ \ No newline at end of file diff --git a/zh-cn/native_sdk/security/huks/native_hks_type.h b/zh-cn/native_sdk/security/huks/native_hks_type.h new file mode 100644 index 00000000..62ee3ef3 --- /dev/null +++ b/zh-cn/native_sdk/security/huks/native_hks_type.h @@ -0,0 +1,547 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _NATIVE_HKS_TYPE_H_ +#define _NATIVE_HKS_TYPE_H_ + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef OH_HKS_API_PUBLIC + #if defined(WIN32) || defined(_WIN32) || defined(__CYGWIN__) || defined(__ICCARM__) /* __ICCARM__ for iar */ + #define OH_HKS_API_EXPORT + #else + #define OH_HKS_API_EXPORT __attribute__ ((visibility("default"))) + #endif +#else + #define OH_HKS_API_EXPORT __attribute__ ((visibility("default"))) +#endif + +#define OH_HKS_SDK_VERSION "2.0.0.4" + +/* + * Align to 4-tuple + * Before calling this function, ensure that the size does not overflow after 3 is added. + */ +#define OH_HKS_ALIGN_SIZE(size) ((((uint32_t)(size) + 3) >> 2) << 2) +#define OH_HKS_DEFAULT_ALIGN_MASK_SIZE 3 + +#define OH_HKS_AE_TAG_LEN 16 +#define OH_HKS_BITS_PER_BYTE 8 +#define OH_HKS_MAX_KEY_SIZE 2048 +#define OH_HKS_AE_TAG_LEN 16 +#define OH_HKS_AE_NONCE_LEN 12 +#define OH_HKS_MAX_KEY_ALIAS_LEN 64 +#define OH_HKS_MAX_PROCESS_NAME_LEN 50 +#define OH_HKS_MAX_RANDOM_LEN 1024 +#define OH_HKS_KEY_BYTES(keySize) (((keySize) + OH_HKS_BITS_PER_BYTE - 1) / OH_HKS_BITS_PER_BYTE) +#define OH_HKS_SIGNATURE_MIN_SIZE 64 +#define OH_HKS_ARRAY_SIZE(arr) ((sizeof(arr)) / (sizeof((arr)[0]))) +#define OH_HKS_MAX_OUT_BLOB_SIZE (5 * 1024 * 1024) +#define OH_HKS_WRAPPED_FORMAT_MAX_SIZE (1024 * 1024) +#define OH_HKS_IMPORT_WRAPPED_KEY_TOTAL_BLOBS 10 + +enum OH_HksKeyType { + OH_HKS_KEY_TYPE_RSA_PUBLIC_KEY = 0x01001000, + OH_HKS_KEY_TYPE_RSA_KEYPAIR = 0x01002000, + + OH_HKS_KEY_TYPE_ECC_P256_PUBLIC_KEY = 0x02021000, + OH_HKS_KEY_TYPE_ECC_P256_KEYPAIR = 0x02022000, + OH_HKS_KEY_TYPE_ECC_P384_PUBLIC_KEY = 0x02031000, + OH_HKS_KEY_TYPE_ECC_P384_KEYPAIR = 0x02032000, + OH_HKS_KEY_TYPE_ECC_P521_PUBLIC_KEY = 0x02051000, + OH_HKS_KEY_TYPE_ECC_P521_KEYPAIR = 0x02052000, + + OH_HKS_KEY_TYPE_ED25519_PUBLIC_KEY = 0x02101000, + OH_HKS_KEY_TYPE_ED25519_KEYPAIR = 0x02102000, + OH_HKS_KEY_TYPE_X25519_PUBLIC_KEY = 0x02111000, + OH_HKS_KEY_TYPE_X25519_KEYPAIR = 0x02112000, + + OH_HKS_KEY_TYPE_AES = 0x03000000, + OH_HKS_KEY_TYPE_CHACHA20 = 0x04010000, + OH_HKS_KEY_TYPE_CHACHA20_POLY1305 = 0x04020000, + + OH_HKS_KEY_TYPE_HMAC = 0x05000000, + OH_HKS_KEY_TYPE_HKDF = 0x06000000, + OH_HKS_KEY_TYPE_PBKDF2 = 0x07000000, +}; + +enum OH_HksKeyPurpose { + OH_HKS_KEY_PURPOSE_ENCRYPT = 1, /* Usable with RSA, EC, AES, and SM4 keys. */ + OH_HKS_KEY_PURPOSE_DECRYPT = 2, /* Usable with RSA, EC, AES, and SM4 keys. */ + OH_HKS_KEY_PURPOSE_SIGN = 4, /* Usable with RSA, EC keys. */ + OH_HKS_KEY_PURPOSE_VERIFY = 8, /* Usable with RSA, EC keys. */ + OH_HKS_KEY_PURPOSE_DERIVE = 16, /* Usable with EC keys. */ + OH_HKS_KEY_PURPOSE_WRAP = 32, /* Usable with wrap key. */ + OH_HKS_KEY_PURPOSE_UNWRAP = 64, /* Usable with unwrap key. */ + OH_HKS_KEY_PURPOSE_MAC = 128, /* Usable with mac. */ + OH_HKS_KEY_PURPOSE_AGREE = 256, /* Usable with agree. */ +}; + +enum OH_HksKeyDigest { + OH_HKS_DIGEST_NONE = 0, + OH_HKS_DIGEST_MD5 = 1, + OH_HKS_DIGEST_SM3 = 2, + OH_HKS_DIGEST_SHA1 = 10, + OH_HKS_DIGEST_SHA224 = 11, + OH_HKS_DIGEST_SHA256 = 12, + OH_HKS_DIGEST_SHA384 = 13, + OH_HKS_DIGEST_SHA512 = 14, +}; + +enum OH_HksKeyPadding { + OH_HKS_PADDING_NONE = 0, + OH_HKS_PADDING_OAEP = 1, + OH_HKS_PADDING_PSS = 2, + OH_HKS_PADDING_PKCS1_V1_5 = 3, + OH_HKS_PADDING_PKCS5 = 4, + OH_HKS_PADDING_PKCS7 = 5, +}; + +enum OH_HksCipherMode { + OH_HKS_MODE_ECB = 1, + OH_HKS_MODE_CBC = 2, + OH_HKS_MODE_CTR = 3, + OH_HKS_MODE_OFB = 4, + OH_HKS_MODE_CCM = 31, + OH_HKS_MODE_GCM = 32, +}; + +enum OH_HksKeySize { + OH_HKS_RSA_KEY_SIZE_1024 = 1024, + OH_HKS_RSA_KEY_SIZE_2048 = 2048, + OH_HKS_RSA_KEY_SIZE_3072 = 3072, + OH_HKS_RSA_KEY_SIZE_4096 = 4096, + + OH_HKS_ECC_KEY_SIZE_256 = 256, + OH_HKS_ECC_KEY_SIZE_384 = 384, + OH_HKS_ECC_KEY_SIZE_521 = 521, + + OH_HKS_AES_KEY_SIZE_128 = 128, + OH_HKS_AES_KEY_SIZE_192 = 192, + OH_HKS_AES_KEY_SIZE_256 = 256, + OH_HKS_AES_KEY_SIZE_512 = 512, + + OH_HKS_CURVE25519_KEY_SIZE_256 = 256, + + OH_HKS_SM2_KEY_SIZE_256 = 256, + OH_HKS_SM4_KEY_SIZE_128 = 128, +}; + +enum OH_HksKeyAlg { + OH_HKS_ALG_RSA = 1, + OH_HKS_ALG_ECC = 2, + + OH_HKS_ALG_AES = 20, + OH_HKS_ALG_HMAC = 50, + OH_HKS_ALG_HKDF = 51, + OH_HKS_ALG_PBKDF2 = 52, + + OH_HKS_ALG_ECDH = 100, + OH_HKS_ALG_X25519 = 101, + OH_HKS_ALG_ED25519 = 102, + + OH_HKS_ALG_SM2 = 150, + OH_HKS_ALG_SM3 = 151, + OH_HKS_ALG_SM4 = 152, +}; + +enum OH_HuksAlgSuite { + /* Algorithm suites of unwrapping wrapped-key by huks */ + /* Unwrap suite of key agreement type */ + /* WrappedData format(Bytes Array): + * | x25519_plain_pubkey_length (4 Byte) | x25519_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad + * | agreekey_nonce_length (4 Byte) | agreekey_nonce | agreekey_aead_tag_len(4 Byte) | agreekey_aead_tag + * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad + * | kek_nonce_length (4 Byte) | kek_nonce | kek_aead_tag_len (4 Byte) | kek_aead_tag + * | key_material_size_len (4 Byte) | key_material_size | key_mat_enc_length (4 Byte) | key_mat_enc_data + */ + OH_HKS_UNWRAP_SUITE_X25519_AES_256_GCM_NOPADDING = 1, + + /* WrappedData format(Bytes Array): + * | ECC_plain_pubkey_length (4 Byte) | ECC_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad + * | agreekey_nonce_length (4 Byte) | agreekey_nonce | agreekey_aead_tag_len(4 Byte) | agreekey_aead_tag + * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad + * | kek_nonce_length (4 Byte) | kek_nonce | kek_aead_tag_len (4 Byte) | kek_aead_tag + * | key_material_size_len (4 Byte) | key_material_size | key_mat_enc_length (4 Byte) | key_mat_enc_data + */ + OH_HKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING = 2, +}; + +enum OH_HksKeyGenerateType { + OH_HKS_KEY_GENERATE_TYPE_DEFAULT = 0, + OH_HKS_KEY_GENERATE_TYPE_DERIVE = 1, + OH_HKS_KEY_GENERATE_TYPE_AGREE = 2, +}; + +enum OH_HksKeyFlag { + OH_HKS_KEY_FLAG_IMPORT_KEY = 1, + OH_HKS_KEY_FLAG_GENERATE_KEY = 2, + OH_HKS_KEY_FLAG_AGREE_KEY = 3, + OH_HKS_KEY_FLAG_DERIVE_KEY = 4, +}; + +enum OH_HksKeyStorageType { + OH_HKS_STORAGE_TEMP = 0, + OH_HKS_STORAGE_PERSISTENT = 1, +}; + +enum OH_HksImportKeyType { + OH_HKS_KEY_TYPE_PUBLIC_KEY = 0, + OH_HKS_KEY_TYPE_PRIVATE_KEY = 1, + OH_HKS_KEY_TYPE_KEY_PAIR = 2, +}; + +enum OH_HksErrorCode { + OH_HKS_SUCCESS = 0, + OH_HKS_FAILURE = -1, + OH_HKS_ERROR_BAD_STATE = -2, + OH_HKS_ERROR_INVALID_ARGUMENT = -3, + OH_HKS_ERROR_NOT_SUPPORTED = -4, + OH_HKS_ERROR_NO_PERMISSION = -5, + OH_HKS_ERROR_INSUFFICIENT_DATA = -6, + OH_HKS_ERROR_BUFFER_TOO_SMALL = -7, + OH_HKS_ERROR_INSUFFICIENT_MEMORY = -8, + OH_HKS_ERROR_COMMUNICATION_FAILURE = -9, + OH_HKS_ERROR_STORAGE_FAILURE = -10, + OH_HKS_ERROR_HARDWARE_FAILURE = -11, + OH_HKS_ERROR_ALREADY_EXISTS = -12, + OH_HKS_ERROR_NOT_EXIST = -13, + OH_HKS_ERROR_NULL_POINTER = -14, + OH_HKS_ERROR_FILE_SIZE_FAIL = -15, + OH_HKS_ERROR_READ_FILE_FAIL = -16, + OH_HKS_ERROR_INVALID_PUBLIC_KEY = -17, + OH_HKS_ERROR_INVALID_PRIVATE_KEY = -18, + OH_HKS_ERROR_INVALID_KEY_INFO = -19, + OH_HKS_ERROR_HASH_NOT_EQUAL = -20, + OH_HKS_ERROR_MALLOC_FAIL = -21, + OH_HKS_ERROR_WRITE_FILE_FAIL = -22, + OH_HKS_ERROR_REMOVE_FILE_FAIL = -23, + OH_HKS_ERROR_OPEN_FILE_FAIL = -24, + OH_HKS_ERROR_CLOSE_FILE_FAIL = -25, + OH_HKS_ERROR_MAKE_DIR_FAIL = -26, + OH_HKS_ERROR_INVALID_KEY_FILE = -27, + OH_HKS_ERROR_IPC_MSG_FAIL = -28, + OH_HKS_ERROR_REQUEST_OVERFLOWS = -29, + OH_HKS_ERROR_PARAM_NOT_EXIST = -30, + OH_HKS_ERROR_CRYPTO_ENGINE_ERROR = -31, + OH_HKS_ERROR_COMMUNICATION_TIMEOUT = -32, + OH_HKS_ERROR_IPC_INIT_FAIL = -33, + OH_HKS_ERROR_IPC_DLOPEN_FAIL = -34, + OH_HKS_ERROR_EFUSE_READ_FAIL = -35, + OH_HKS_ERROR_NEW_ROOT_KEY_MATERIAL_EXIST = -36, + OH_HKS_ERROR_UPDATE_ROOT_KEY_MATERIAL_FAIL = -37, + OH_HKS_ERROR_VERIFICATION_FAILED = -38, + OH_HKS_ERROR_SESSION_REACHED_LIMIT = -39, + + OH_HKS_ERROR_CHECK_GET_ALG_FAIL = -100, + OH_HKS_ERROR_CHECK_GET_KEY_SIZE_FAIL = -101, + OH_HKS_ERROR_CHECK_GET_PADDING_FAIL = -102, + OH_HKS_ERROR_CHECK_GET_PURPOSE_FAIL = -103, + OH_HKS_ERROR_CHECK_GET_DIGEST_FAIL = -104, + OH_HKS_ERROR_CHECK_GET_MODE_FAIL = -105, + OH_HKS_ERROR_CHECK_GET_NONCE_FAIL = -106, + OH_HKS_ERROR_CHECK_GET_AAD_FAIL = -107, + OH_HKS_ERROR_CHECK_GET_IV_FAIL = -108, + OH_HKS_ERROR_CHECK_GET_AE_TAG_FAIL = -109, + OH_HKS_ERROR_CHECK_GET_SALT_FAIL = -110, + OH_HKS_ERROR_CHECK_GET_ITERATION_FAIL = -111, + OH_HKS_ERROR_INVALID_ALGORITHM = -112, + OH_HKS_ERROR_INVALID_KEY_SIZE = -113, + OH_HKS_ERROR_INVALID_PADDING = -114, + OH_HKS_ERROR_INVALID_PURPOSE = -115, + OH_HKS_ERROR_INVALID_MODE = -116, + OH_HKS_ERROR_INVALID_DIGEST = -117, + OH_HKS_ERROR_INVALID_SIGNATURE_SIZE = -118, + OH_HKS_ERROR_INVALID_IV = -119, + OH_HKS_ERROR_INVALID_AAD = -120, + OH_HKS_ERROR_INVALID_NONCE = -121, + OH_HKS_ERROR_INVALID_AE_TAG = -122, + OH_HKS_ERROR_INVALID_SALT = -123, + OH_HKS_ERROR_INVALID_ITERATION = -124, + OH_HKS_ERROR_INVALID_OPERATION = -125, + OH_HKS_ERROR_INVALID_WRAPPED_FORMAT = -126, + OH_HKS_ERROR_INVALID_USAGE_OF_KEY = -127, + + OH_HKS_ERROR_INTERNAL_ERROR = -999, + OH_HKS_ERROR_UNKNOWN_ERROR = -1000, +}; + +enum OH_HksTagType { + OH_HKS_TAG_TYPE_INVALID = 0 << 28, + OH_HKS_TAG_TYPE_INT = 1 << 28, + OH_HKS_TAG_TYPE_UINT = 2 << 28, + OH_HKS_TAG_TYPE_ULONG = 3 << 28, + OH_HKS_TAG_TYPE_BOOL = 4 << 28, + OH_HKS_TAG_TYPE_BYTES = 5 << 28, +}; + +enum OH_HksSendType { + OH_HKS_SEND_TYPE_ASYNC = 0, + OH_HKS_SEND_TYPE_SYNC, +}; + +enum OH_HksTag { + /* Invalid TAG */ + OH_HKS_TAG_INVALID = OH_HKS_TAG_TYPE_INVALID | 0, + + /* Base algrithom TAG: 1 - 200 */ + OH_HKS_TAG_ALGORITHM = OH_HKS_TAG_TYPE_UINT | 1, + OH_HKS_TAG_PURPOSE = OH_HKS_TAG_TYPE_UINT | 2, + OH_HKS_TAG_KEY_SIZE = OH_HKS_TAG_TYPE_UINT | 3, + OH_HKS_TAG_DIGEST = OH_HKS_TAG_TYPE_UINT | 4, + OH_HKS_TAG_PADDING = OH_HKS_TAG_TYPE_UINT | 5, + OH_HKS_TAG_BLOCK_MODE = OH_HKS_TAG_TYPE_UINT | 6, + OH_HKS_TAG_KEY_TYPE = OH_HKS_TAG_TYPE_UINT | 7, + OH_HKS_TAG_ASSOCIATED_DATA = OH_HKS_TAG_TYPE_BYTES | 8, + OH_HKS_TAG_NONCE = OH_HKS_TAG_TYPE_BYTES | 9, + OH_HKS_TAG_IV = OH_HKS_TAG_TYPE_BYTES | 10, + + /* Key derivation TAG */ + OH_HKS_TAG_INFO = OH_HKS_TAG_TYPE_BYTES | 11, + OH_HKS_TAG_SALT = OH_HKS_TAG_TYPE_BYTES | 12, + OH_HKS_TAG_PWD = OH_HKS_TAG_TYPE_BYTES | 13, + OH_HKS_TAG_ITERATION = OH_HKS_TAG_TYPE_UINT | 14, + + OH_HKS_TAG_KEY_GENERATE_TYPE = OH_HKS_TAG_TYPE_UINT | 15, /* choose from enum OH_HksKeyGenerateType */ + OH_HKS_TAG_DERIVE_MAIN_KEY = OH_HKS_TAG_TYPE_BYTES | 16, + OH_HKS_TAG_DERIVE_FACTOR = OH_HKS_TAG_TYPE_BYTES | 17, + OH_HKS_TAG_DERIVE_ALG = OH_HKS_TAG_TYPE_UINT | 18, + OH_HKS_TAG_AGREE_ALG = OH_HKS_TAG_TYPE_UINT | 19, + OH_HKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS = OH_HKS_TAG_TYPE_BOOL | 20, + OH_HKS_TAG_AGREE_PRIVATE_KEY_ALIAS = OH_HKS_TAG_TYPE_BYTES | 21, + OH_HKS_TAG_AGREE_PUBLIC_KEY = OH_HKS_TAG_TYPE_BYTES | 22, + OH_HKS_TAG_KEY_ALIAS = OH_HKS_TAG_TYPE_BYTES | 23, + OH_HKS_TAG_DERIVE_KEY_SIZE = OH_HKS_TAG_TYPE_UINT | 24, + OH_HKS_TAG_IMPORT_KEY_TYPE = OH_HKS_TAG_TYPE_UINT | 25, /* choose from enum OH_HksImportKeyType */ + OH_HKS_TAG_UNWRAP_ALGORITHM_SUITE = OH_HKS_TAG_TYPE_UINT | 26, + + /* + * Key authentication related TAG: 201 - 300 + * + * Start of validity + */ + OH_HKS_TAG_ACTIVE_DATETIME = OH_HKS_TAG_TYPE_ULONG | 201, + + /* Date when new "messages" should not be created. */ + OH_HKS_TAG_ORIGINATION_EXPIRE_DATETIME = OH_HKS_TAG_TYPE_ULONG | 202, + + /* Date when existing "messages" should not be used. */ + OH_HKS_TAG_USAGE_EXPIRE_DATETIME = OH_HKS_TAG_TYPE_ULONG | 203, + + /* Key creation time */ + OH_HKS_TAG_CREATION_DATETIME = OH_HKS_TAG_TYPE_ULONG | 204, + + /* Other authentication related TAG: 301 - 500 */ + OH_HKS_TAG_ALL_USERS = OH_HKS_TAG_TYPE_BOOL | 301, + OH_HKS_TAG_USER_ID = OH_HKS_TAG_TYPE_UINT | 302, + OH_HKS_TAG_NO_AUTH_REQUIRED = OH_HKS_TAG_TYPE_BOOL | 303, + OH_HKS_TAG_USER_AUTH_TYPE = OH_HKS_TAG_TYPE_UINT | 304, + OH_HKS_TAG_AUTH_TIMEOUT = OH_HKS_TAG_TYPE_UINT | 305, + OH_HKS_TAG_AUTH_TOKEN = OH_HKS_TAG_TYPE_BYTES | 306, + + /* Attestation related TAG: 501 - 600 */ + OH_HKS_TAG_ATTESTATION_CHALLENGE = OH_HKS_TAG_TYPE_BYTES | 501, + OH_HKS_TAG_ATTESTATION_APPLICATION_ID = OH_HKS_TAG_TYPE_BYTES | 502, + OH_HKS_TAG_ATTESTATION_ID_BRAND = OH_HKS_TAG_TYPE_BYTES | 503, + OH_HKS_TAG_ATTESTATION_ID_DEVICE = OH_HKS_TAG_TYPE_BYTES | 504, + OH_HKS_TAG_ATTESTATION_ID_PRODUCT = OH_HKS_TAG_TYPE_BYTES | 505, + OH_HKS_TAG_ATTESTATION_ID_SERIAL = OH_HKS_TAG_TYPE_BYTES | 506, + OH_HKS_TAG_ATTESTATION_ID_IMEI = OH_HKS_TAG_TYPE_BYTES | 507, + OH_HKS_TAG_ATTESTATION_ID_MEID = OH_HKS_TAG_TYPE_BYTES | 508, + OH_HKS_TAG_ATTESTATION_ID_MANUFACTURER = OH_HKS_TAG_TYPE_BYTES | 509, + OH_HKS_TAG_ATTESTATION_ID_MODEL = OH_HKS_TAG_TYPE_BYTES | 510, + OH_HKS_TAG_ATTESTATION_ID_ALIAS = OH_HKS_TAG_TYPE_BYTES | 511, + OH_HKS_TAG_ATTESTATION_ID_SOCID = OH_HKS_TAG_TYPE_BYTES | 512, + OH_HKS_TAG_ATTESTATION_ID_UDID = OH_HKS_TAG_TYPE_BYTES | 513, + OH_HKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO = OH_HKS_TAG_TYPE_BYTES | 514, + OH_HKS_TAG_ATTESTATION_ID_VERSION_INFO = OH_HKS_TAG_TYPE_BYTES | 515, + + /* + * Other reserved TAG: 601 - 1000 + * + * Extention TAG: 1001 - 9999 + */ + OH_HKS_TAG_IS_KEY_ALIAS = OH_HKS_TAG_TYPE_BOOL | 1001, + OH_HKS_TAG_KEY_STORAGE_FLAG = OH_HKS_TAG_TYPE_UINT | 1002, /* choose from enum OH_HksKeyStorageType */ + OH_HKS_TAG_IS_ALLOWED_WRAP = OH_HKS_TAG_TYPE_BOOL | 1003, + OH_HKS_TAG_KEY_WRAP_TYPE = OH_HKS_TAG_TYPE_UINT | 1004, + OH_HKS_TAG_KEY_AUTH_ID = OH_HKS_TAG_TYPE_BYTES | 1005, + OH_HKS_TAG_KEY_ROLE = OH_HKS_TAG_TYPE_UINT | 1006, + OH_HKS_TAG_KEY_FLAG = OH_HKS_TAG_TYPE_UINT | 1007, /* choose from enum OH_HksKeyFlag */ + OH_HKS_TAG_IS_ASYNCHRONIZED = OH_HKS_TAG_TYPE_UINT | 1008, + OH_HKS_TAG_SECURE_KEY_ALIAS = OH_HKS_TAG_TYPE_BOOL | 1009, + OH_HKS_TAG_SECURE_KEY_UUID = OH_HKS_TAG_TYPE_BYTES | 1010, + OH_HKS_TAG_KEY_DOMAIN = OH_HKS_TAG_TYPE_UINT | 1011, + + /* Inner-use TAG: 10001 - 10999 */ + OH_HKS_TAG_PROCESS_NAME = OH_HKS_TAG_TYPE_BYTES | 10001, + OH_HKS_TAG_PACKAGE_NAME = OH_HKS_TAG_TYPE_BYTES | 10002, + OH_HKS_TAG_ACCESS_TIME = OH_HKS_TAG_TYPE_UINT | 10003, + OH_HKS_TAG_USES_TIME = OH_HKS_TAG_TYPE_UINT | 10004, + OH_HKS_TAG_CRYPTO_CTX = OH_HKS_TAG_TYPE_ULONG | 10005, + OH_HKS_TAG_KEY = OH_HKS_TAG_TYPE_BYTES | 10006, + OH_HKS_TAG_KEY_VERSION = OH_HKS_TAG_TYPE_UINT | 10007, + OH_HKS_TAG_PAYLOAD_LEN = OH_HKS_TAG_TYPE_UINT | 10008, + OH_HKS_TAG_AE_TAG = OH_HKS_TAG_TYPE_BYTES | 10009, + OH_HKS_TAG_IS_KEY_HANDLE = OH_HKS_TAG_TYPE_ULONG | 10010, + + /* Os version related TAG */ + OH_HKS_TAG_OS_VERSION = OH_HKS_TAG_TYPE_UINT | 10101, + OH_HKS_TAG_OS_PATCHLEVEL = OH_HKS_TAG_TYPE_UINT | 10102, + + /* + * Reversed TAGs for SOTER: 11000 - 12000 + * + * Other TAGs: 20001 - N + * TAGs used for paramSetOut + */ + OH_HKS_TAG_SYMMETRIC_KEY_DATA = OH_HKS_TAG_TYPE_BYTES | 20001, + OH_HKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA = OH_HKS_TAG_TYPE_BYTES | 20002, + OH_HKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA = OH_HKS_TAG_TYPE_BYTES | 20003, +}; + +struct OH_HksBlob { + uint32_t size; + uint8_t *data; +}; + +struct OH_HksParam { + uint32_t tag; + union { + bool boolParam; + int32_t int32Param; + uint32_t uint32Param; + uint64_t uint64Param; + struct OH_HksBlob blob; + }; +}; + +struct OH_HksParamSet { + uint32_t paramSetSize; + uint32_t paramsCnt; + struct OH_HksParam params[]; +}; + +struct OH_HksCertChain { + struct OH_HksBlob *certs; + uint32_t certsCount; +}; + +struct OH_HksKeyInfo { + struct OH_HksBlob alias; + struct OH_HksParamSet *paramSet; +}; + +struct OH_HksPubKeyInfo { + enum OH_HksKeyAlg keyAlg; + uint32_t keySize; + uint32_t nOrXSize; + uint32_t eOrYSize; + uint32_t placeHolder; +}; + +struct OH_HksKeyMaterialRsa { + enum OH_HksKeyAlg keyAlg; + uint32_t keySize; + uint32_t nSize; + uint32_t eSize; + uint32_t dSize; +}; + +struct OH_HksKeyMaterialEcc { + enum OH_HksKeyAlg keyAlg; + uint32_t keySize; + uint32_t xSize; + uint32_t ySize; + uint32_t zSize; +}; + +struct OH_HksKeyMaterialDsa { + enum OH_HksKeyAlg keyAlg; + uint32_t keySize; + uint32_t xSize; + uint32_t ySize; + uint32_t pSize; + uint32_t qSize; + uint32_t gSize; +}; + +struct OH_HksKeyMaterialDh { + enum OH_HksKeyAlg keyAlg; + uint32_t keySize; + uint32_t pubKeySize; + uint32_t priKeySize; + uint32_t reserved; +}; + +struct OH_HksKeyMaterial25519 { + enum OH_HksKeyAlg keyAlg; + uint32_t keySize; + uint32_t pubKeySize; + uint32_t priKeySize; + uint32_t reserved; +}; + +#define OH_HKS_DERIVE_DEFAULT_SALT_LEN 16 +#define OH_HKS_HMAC_DIGEST_SHA512_LEN 64 +#define OH_HKS_DEFAULT_RANDOM_LEN 16 +#define OH_HKS_MAX_KEY_AUTH_ID_LEN 64 +#define OH_HKS_KEY_MATERIAL_NUM 3 +#define OH_HKS_MAX_KEY_LEN (OH_HKS_KEY_BYTES(OH_HKS_RSA_KEY_SIZE_4096) * OH_HKS_KEY_MATERIAL_NUM) +#define OH_HKS_MAX_KEY_MATERIAL_LEN (sizeof(struct OH_HksPubKeyInfo) + OH_HKS_MAX_KEY_LEN + OH_HKS_AE_TAG_LEN) + +struct OH_HksStoreHeaderInfo { + uint16_t version; + uint16_t keyCount; + uint32_t totalLen; /* key buffer total len */ + uint32_t sealingAlg; + uint8_t salt[OH_HKS_DERIVE_DEFAULT_SALT_LEN]; + uint8_t hmac[OH_HKS_HMAC_DIGEST_SHA512_LEN]; +}; + +struct OH_HksStoreKeyInfo { + uint16_t keyInfoLen; /* current keyinfo len */ + uint16_t keySize; /* keySize of key from crypto hal after encrypted */ + uint8_t random[OH_HKS_DEFAULT_RANDOM_LEN]; + uint8_t flag; /* import or generate key */ + uint8_t keyAlg; + uint8_t keyMode; + uint8_t digest; + uint8_t padding; + uint8_t rsv; + uint16_t keyLen; /* keyLen from paramset, e.g. aes-256 */ + uint32_t purpose; + uint32_t role; + uint16_t domain; + uint8_t aliasSize; + uint8_t authIdSize; +}; + +struct OH_Hks25519KeyPair { + uint32_t publicBufferSize; + uint32_t privateBufferSize; +}; + +#ifdef __cplusplus +} +#endif + +#endif /* NATIVE_OH_HKS_TYPE_H */ \ No newline at end of file diff --git a/zh-cn/native_sdk/security/huks/native_hks_type_inner.h b/zh-cn/native_sdk/security/huks/native_hks_type_inner.h new file mode 100644 index 00000000..0ef31ade --- /dev/null +++ b/zh-cn/native_sdk/security/huks/native_hks_type_inner.h @@ -0,0 +1,22 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef NATIVE_HKS_TYPE_INNER_H +#define NATIVE_HKS_TYPE_INNER_H + +#include "native_hks_type.h" +#include "securec.h" + +#endif /* NATIVE_HKS_TYPE_INNER_H */ \ No newline at end of file -- Gitee From 9789287de2b34c504d4af56a1ae125c8b1b062c7 Mon Sep 17 00:00:00 2001 From: zqr2001 <1805768383@qq.com> Date: Fri, 22 Jul 2022 17:43:01 +0800 Subject: [PATCH 2/6] native huks modified --- .../native_sdk/security/huks/native_hks_api.h | 58 -- .../security/huks/native_hks_type.h | 547 ------------------ .../security/huks/native_huks_api.h | 58 ++ ...native_hks_param.h => native_huks_param.h} | 38 +- .../security/huks/native_huks_type.h | 547 ++++++++++++++++++ ..._type_inner.h => native_huks_type_inner.h} | 8 +- 6 files changed, 628 insertions(+), 628 deletions(-) delete mode 100644 zh-cn/native_sdk/security/huks/native_hks_api.h delete mode 100644 zh-cn/native_sdk/security/huks/native_hks_type.h create mode 100644 zh-cn/native_sdk/security/huks/native_huks_api.h rename zh-cn/native_sdk/security/huks/{native_hks_param.h => native_huks_param.h} (34%) create mode 100644 zh-cn/native_sdk/security/huks/native_huks_type.h rename zh-cn/native_sdk/security/huks/{native_hks_type_inner.h => native_huks_type_inner.h} (82%) diff --git a/zh-cn/native_sdk/security/huks/native_hks_api.h b/zh-cn/native_sdk/security/huks/native_hks_api.h deleted file mode 100644 index bfefa235..00000000 --- a/zh-cn/native_sdk/security/huks/native_hks_api.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (c) 2021-2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef _NATIVE_HKS_API_H_ -#define _NATIVE_HKS_API_H_ - -#include "native_hks_type.h" - -#ifdef __cplusplus -extern "C" { -#endif - -OH_HKS_API_EXPORT int32_t OH_HksGetSdkVersion(struct OH_HksBlob *sdkVersion); - -OH_HKS_API_EXPORT int32_t OH_HksGenerateKey(const struct OH_HksBlob *keyAlias, - const struct OH_HksParamSet *paramSetIn, struct OH_HksParamSet *paramSetOut); - -OH_HKS_API_EXPORT int32_t OH_HksImportKey(const struct OH_HksBlob *keyAlias, - const struct OH_HksParamSet *paramSet, const struct OH_HksBlob *key); - -OH_HKS_API_EXPORT int32_t OH_HksExportPublicKey(const struct OH_HksBlob *keyAlias, - const struct OH_HksParamSet *paramSet, struct OH_HksBlob *key); - -OH_HKS_API_EXPORT int32_t OH_HksDeleteKey(const struct OH_HksBlob *keyAlias, const struct OH_HksParamSet *paramSet); - -OH_HKS_API_EXPORT int32_t OH_HksGetKeyParamSet(const struct OH_HksBlob *keyAlias, - const struct OH_HksParamSet *paramSetIn, struct OH_HksParamSet *paramSetOut); - -OH_HKS_API_EXPORT int32_t OH_HksKeyExist(const struct OH_HksBlob *keyAlias, const struct OH_HksParamSet *paramSet); - -OH_HKS_API_EXPORT int32_t OH_HksInit(const struct OH_HksBlob *keyAlias, const struct OH_HksParamSet *paramSet, - struct OH_HksBlob *handle); - -OH_HKS_API_EXPORT int32_t OH_HksUpdate(const struct OH_HksBlob *handle, const struct OH_HksParamSet *paramSet, - const struct OH_HksBlob *inData, struct OH_HksBlob *outData); - -OH_HKS_API_EXPORT int32_t OH_HksFinish(const struct OH_HksBlob *handle, const struct OH_HksParamSet *paramSet, - const struct OH_HksBlob *inData, struct OH_HksBlob *outData); - -OH_HKS_API_EXPORT int32_t OH_HksAbort(const struct OH_HksBlob *handle, const struct OH_HksParamSet *paramSet); - -#ifdef __cplusplus -} -#endif - -#endif /* NATIVE_OH_HKS_API_H */ \ No newline at end of file diff --git a/zh-cn/native_sdk/security/huks/native_hks_type.h b/zh-cn/native_sdk/security/huks/native_hks_type.h deleted file mode 100644 index 62ee3ef3..00000000 --- a/zh-cn/native_sdk/security/huks/native_hks_type.h +++ /dev/null @@ -1,547 +0,0 @@ -/* - * Copyright (c) 2021-2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef _NATIVE_HKS_TYPE_H_ -#define _NATIVE_HKS_TYPE_H_ - -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#ifndef OH_HKS_API_PUBLIC - #if defined(WIN32) || defined(_WIN32) || defined(__CYGWIN__) || defined(__ICCARM__) /* __ICCARM__ for iar */ - #define OH_HKS_API_EXPORT - #else - #define OH_HKS_API_EXPORT __attribute__ ((visibility("default"))) - #endif -#else - #define OH_HKS_API_EXPORT __attribute__ ((visibility("default"))) -#endif - -#define OH_HKS_SDK_VERSION "2.0.0.4" - -/* - * Align to 4-tuple - * Before calling this function, ensure that the size does not overflow after 3 is added. - */ -#define OH_HKS_ALIGN_SIZE(size) ((((uint32_t)(size) + 3) >> 2) << 2) -#define OH_HKS_DEFAULT_ALIGN_MASK_SIZE 3 - -#define OH_HKS_AE_TAG_LEN 16 -#define OH_HKS_BITS_PER_BYTE 8 -#define OH_HKS_MAX_KEY_SIZE 2048 -#define OH_HKS_AE_TAG_LEN 16 -#define OH_HKS_AE_NONCE_LEN 12 -#define OH_HKS_MAX_KEY_ALIAS_LEN 64 -#define OH_HKS_MAX_PROCESS_NAME_LEN 50 -#define OH_HKS_MAX_RANDOM_LEN 1024 -#define OH_HKS_KEY_BYTES(keySize) (((keySize) + OH_HKS_BITS_PER_BYTE - 1) / OH_HKS_BITS_PER_BYTE) -#define OH_HKS_SIGNATURE_MIN_SIZE 64 -#define OH_HKS_ARRAY_SIZE(arr) ((sizeof(arr)) / (sizeof((arr)[0]))) -#define OH_HKS_MAX_OUT_BLOB_SIZE (5 * 1024 * 1024) -#define OH_HKS_WRAPPED_FORMAT_MAX_SIZE (1024 * 1024) -#define OH_HKS_IMPORT_WRAPPED_KEY_TOTAL_BLOBS 10 - -enum OH_HksKeyType { - OH_HKS_KEY_TYPE_RSA_PUBLIC_KEY = 0x01001000, - OH_HKS_KEY_TYPE_RSA_KEYPAIR = 0x01002000, - - OH_HKS_KEY_TYPE_ECC_P256_PUBLIC_KEY = 0x02021000, - OH_HKS_KEY_TYPE_ECC_P256_KEYPAIR = 0x02022000, - OH_HKS_KEY_TYPE_ECC_P384_PUBLIC_KEY = 0x02031000, - OH_HKS_KEY_TYPE_ECC_P384_KEYPAIR = 0x02032000, - OH_HKS_KEY_TYPE_ECC_P521_PUBLIC_KEY = 0x02051000, - OH_HKS_KEY_TYPE_ECC_P521_KEYPAIR = 0x02052000, - - OH_HKS_KEY_TYPE_ED25519_PUBLIC_KEY = 0x02101000, - OH_HKS_KEY_TYPE_ED25519_KEYPAIR = 0x02102000, - OH_HKS_KEY_TYPE_X25519_PUBLIC_KEY = 0x02111000, - OH_HKS_KEY_TYPE_X25519_KEYPAIR = 0x02112000, - - OH_HKS_KEY_TYPE_AES = 0x03000000, - OH_HKS_KEY_TYPE_CHACHA20 = 0x04010000, - OH_HKS_KEY_TYPE_CHACHA20_POLY1305 = 0x04020000, - - OH_HKS_KEY_TYPE_HMAC = 0x05000000, - OH_HKS_KEY_TYPE_HKDF = 0x06000000, - OH_HKS_KEY_TYPE_PBKDF2 = 0x07000000, -}; - -enum OH_HksKeyPurpose { - OH_HKS_KEY_PURPOSE_ENCRYPT = 1, /* Usable with RSA, EC, AES, and SM4 keys. */ - OH_HKS_KEY_PURPOSE_DECRYPT = 2, /* Usable with RSA, EC, AES, and SM4 keys. */ - OH_HKS_KEY_PURPOSE_SIGN = 4, /* Usable with RSA, EC keys. */ - OH_HKS_KEY_PURPOSE_VERIFY = 8, /* Usable with RSA, EC keys. */ - OH_HKS_KEY_PURPOSE_DERIVE = 16, /* Usable with EC keys. */ - OH_HKS_KEY_PURPOSE_WRAP = 32, /* Usable with wrap key. */ - OH_HKS_KEY_PURPOSE_UNWRAP = 64, /* Usable with unwrap key. */ - OH_HKS_KEY_PURPOSE_MAC = 128, /* Usable with mac. */ - OH_HKS_KEY_PURPOSE_AGREE = 256, /* Usable with agree. */ -}; - -enum OH_HksKeyDigest { - OH_HKS_DIGEST_NONE = 0, - OH_HKS_DIGEST_MD5 = 1, - OH_HKS_DIGEST_SM3 = 2, - OH_HKS_DIGEST_SHA1 = 10, - OH_HKS_DIGEST_SHA224 = 11, - OH_HKS_DIGEST_SHA256 = 12, - OH_HKS_DIGEST_SHA384 = 13, - OH_HKS_DIGEST_SHA512 = 14, -}; - -enum OH_HksKeyPadding { - OH_HKS_PADDING_NONE = 0, - OH_HKS_PADDING_OAEP = 1, - OH_HKS_PADDING_PSS = 2, - OH_HKS_PADDING_PKCS1_V1_5 = 3, - OH_HKS_PADDING_PKCS5 = 4, - OH_HKS_PADDING_PKCS7 = 5, -}; - -enum OH_HksCipherMode { - OH_HKS_MODE_ECB = 1, - OH_HKS_MODE_CBC = 2, - OH_HKS_MODE_CTR = 3, - OH_HKS_MODE_OFB = 4, - OH_HKS_MODE_CCM = 31, - OH_HKS_MODE_GCM = 32, -}; - -enum OH_HksKeySize { - OH_HKS_RSA_KEY_SIZE_1024 = 1024, - OH_HKS_RSA_KEY_SIZE_2048 = 2048, - OH_HKS_RSA_KEY_SIZE_3072 = 3072, - OH_HKS_RSA_KEY_SIZE_4096 = 4096, - - OH_HKS_ECC_KEY_SIZE_256 = 256, - OH_HKS_ECC_KEY_SIZE_384 = 384, - OH_HKS_ECC_KEY_SIZE_521 = 521, - - OH_HKS_AES_KEY_SIZE_128 = 128, - OH_HKS_AES_KEY_SIZE_192 = 192, - OH_HKS_AES_KEY_SIZE_256 = 256, - OH_HKS_AES_KEY_SIZE_512 = 512, - - OH_HKS_CURVE25519_KEY_SIZE_256 = 256, - - OH_HKS_SM2_KEY_SIZE_256 = 256, - OH_HKS_SM4_KEY_SIZE_128 = 128, -}; - -enum OH_HksKeyAlg { - OH_HKS_ALG_RSA = 1, - OH_HKS_ALG_ECC = 2, - - OH_HKS_ALG_AES = 20, - OH_HKS_ALG_HMAC = 50, - OH_HKS_ALG_HKDF = 51, - OH_HKS_ALG_PBKDF2 = 52, - - OH_HKS_ALG_ECDH = 100, - OH_HKS_ALG_X25519 = 101, - OH_HKS_ALG_ED25519 = 102, - - OH_HKS_ALG_SM2 = 150, - OH_HKS_ALG_SM3 = 151, - OH_HKS_ALG_SM4 = 152, -}; - -enum OH_HuksAlgSuite { - /* Algorithm suites of unwrapping wrapped-key by huks */ - /* Unwrap suite of key agreement type */ - /* WrappedData format(Bytes Array): - * | x25519_plain_pubkey_length (4 Byte) | x25519_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad - * | agreekey_nonce_length (4 Byte) | agreekey_nonce | agreekey_aead_tag_len(4 Byte) | agreekey_aead_tag - * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad - * | kek_nonce_length (4 Byte) | kek_nonce | kek_aead_tag_len (4 Byte) | kek_aead_tag - * | key_material_size_len (4 Byte) | key_material_size | key_mat_enc_length (4 Byte) | key_mat_enc_data - */ - OH_HKS_UNWRAP_SUITE_X25519_AES_256_GCM_NOPADDING = 1, - - /* WrappedData format(Bytes Array): - * | ECC_plain_pubkey_length (4 Byte) | ECC_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad - * | agreekey_nonce_length (4 Byte) | agreekey_nonce | agreekey_aead_tag_len(4 Byte) | agreekey_aead_tag - * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad - * | kek_nonce_length (4 Byte) | kek_nonce | kek_aead_tag_len (4 Byte) | kek_aead_tag - * | key_material_size_len (4 Byte) | key_material_size | key_mat_enc_length (4 Byte) | key_mat_enc_data - */ - OH_HKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING = 2, -}; - -enum OH_HksKeyGenerateType { - OH_HKS_KEY_GENERATE_TYPE_DEFAULT = 0, - OH_HKS_KEY_GENERATE_TYPE_DERIVE = 1, - OH_HKS_KEY_GENERATE_TYPE_AGREE = 2, -}; - -enum OH_HksKeyFlag { - OH_HKS_KEY_FLAG_IMPORT_KEY = 1, - OH_HKS_KEY_FLAG_GENERATE_KEY = 2, - OH_HKS_KEY_FLAG_AGREE_KEY = 3, - OH_HKS_KEY_FLAG_DERIVE_KEY = 4, -}; - -enum OH_HksKeyStorageType { - OH_HKS_STORAGE_TEMP = 0, - OH_HKS_STORAGE_PERSISTENT = 1, -}; - -enum OH_HksImportKeyType { - OH_HKS_KEY_TYPE_PUBLIC_KEY = 0, - OH_HKS_KEY_TYPE_PRIVATE_KEY = 1, - OH_HKS_KEY_TYPE_KEY_PAIR = 2, -}; - -enum OH_HksErrorCode { - OH_HKS_SUCCESS = 0, - OH_HKS_FAILURE = -1, - OH_HKS_ERROR_BAD_STATE = -2, - OH_HKS_ERROR_INVALID_ARGUMENT = -3, - OH_HKS_ERROR_NOT_SUPPORTED = -4, - OH_HKS_ERROR_NO_PERMISSION = -5, - OH_HKS_ERROR_INSUFFICIENT_DATA = -6, - OH_HKS_ERROR_BUFFER_TOO_SMALL = -7, - OH_HKS_ERROR_INSUFFICIENT_MEMORY = -8, - OH_HKS_ERROR_COMMUNICATION_FAILURE = -9, - OH_HKS_ERROR_STORAGE_FAILURE = -10, - OH_HKS_ERROR_HARDWARE_FAILURE = -11, - OH_HKS_ERROR_ALREADY_EXISTS = -12, - OH_HKS_ERROR_NOT_EXIST = -13, - OH_HKS_ERROR_NULL_POINTER = -14, - OH_HKS_ERROR_FILE_SIZE_FAIL = -15, - OH_HKS_ERROR_READ_FILE_FAIL = -16, - OH_HKS_ERROR_INVALID_PUBLIC_KEY = -17, - OH_HKS_ERROR_INVALID_PRIVATE_KEY = -18, - OH_HKS_ERROR_INVALID_KEY_INFO = -19, - OH_HKS_ERROR_HASH_NOT_EQUAL = -20, - OH_HKS_ERROR_MALLOC_FAIL = -21, - OH_HKS_ERROR_WRITE_FILE_FAIL = -22, - OH_HKS_ERROR_REMOVE_FILE_FAIL = -23, - OH_HKS_ERROR_OPEN_FILE_FAIL = -24, - OH_HKS_ERROR_CLOSE_FILE_FAIL = -25, - OH_HKS_ERROR_MAKE_DIR_FAIL = -26, - OH_HKS_ERROR_INVALID_KEY_FILE = -27, - OH_HKS_ERROR_IPC_MSG_FAIL = -28, - OH_HKS_ERROR_REQUEST_OVERFLOWS = -29, - OH_HKS_ERROR_PARAM_NOT_EXIST = -30, - OH_HKS_ERROR_CRYPTO_ENGINE_ERROR = -31, - OH_HKS_ERROR_COMMUNICATION_TIMEOUT = -32, - OH_HKS_ERROR_IPC_INIT_FAIL = -33, - OH_HKS_ERROR_IPC_DLOPEN_FAIL = -34, - OH_HKS_ERROR_EFUSE_READ_FAIL = -35, - OH_HKS_ERROR_NEW_ROOT_KEY_MATERIAL_EXIST = -36, - OH_HKS_ERROR_UPDATE_ROOT_KEY_MATERIAL_FAIL = -37, - OH_HKS_ERROR_VERIFICATION_FAILED = -38, - OH_HKS_ERROR_SESSION_REACHED_LIMIT = -39, - - OH_HKS_ERROR_CHECK_GET_ALG_FAIL = -100, - OH_HKS_ERROR_CHECK_GET_KEY_SIZE_FAIL = -101, - OH_HKS_ERROR_CHECK_GET_PADDING_FAIL = -102, - OH_HKS_ERROR_CHECK_GET_PURPOSE_FAIL = -103, - OH_HKS_ERROR_CHECK_GET_DIGEST_FAIL = -104, - OH_HKS_ERROR_CHECK_GET_MODE_FAIL = -105, - OH_HKS_ERROR_CHECK_GET_NONCE_FAIL = -106, - OH_HKS_ERROR_CHECK_GET_AAD_FAIL = -107, - OH_HKS_ERROR_CHECK_GET_IV_FAIL = -108, - OH_HKS_ERROR_CHECK_GET_AE_TAG_FAIL = -109, - OH_HKS_ERROR_CHECK_GET_SALT_FAIL = -110, - OH_HKS_ERROR_CHECK_GET_ITERATION_FAIL = -111, - OH_HKS_ERROR_INVALID_ALGORITHM = -112, - OH_HKS_ERROR_INVALID_KEY_SIZE = -113, - OH_HKS_ERROR_INVALID_PADDING = -114, - OH_HKS_ERROR_INVALID_PURPOSE = -115, - OH_HKS_ERROR_INVALID_MODE = -116, - OH_HKS_ERROR_INVALID_DIGEST = -117, - OH_HKS_ERROR_INVALID_SIGNATURE_SIZE = -118, - OH_HKS_ERROR_INVALID_IV = -119, - OH_HKS_ERROR_INVALID_AAD = -120, - OH_HKS_ERROR_INVALID_NONCE = -121, - OH_HKS_ERROR_INVALID_AE_TAG = -122, - OH_HKS_ERROR_INVALID_SALT = -123, - OH_HKS_ERROR_INVALID_ITERATION = -124, - OH_HKS_ERROR_INVALID_OPERATION = -125, - OH_HKS_ERROR_INVALID_WRAPPED_FORMAT = -126, - OH_HKS_ERROR_INVALID_USAGE_OF_KEY = -127, - - OH_HKS_ERROR_INTERNAL_ERROR = -999, - OH_HKS_ERROR_UNKNOWN_ERROR = -1000, -}; - -enum OH_HksTagType { - OH_HKS_TAG_TYPE_INVALID = 0 << 28, - OH_HKS_TAG_TYPE_INT = 1 << 28, - OH_HKS_TAG_TYPE_UINT = 2 << 28, - OH_HKS_TAG_TYPE_ULONG = 3 << 28, - OH_HKS_TAG_TYPE_BOOL = 4 << 28, - OH_HKS_TAG_TYPE_BYTES = 5 << 28, -}; - -enum OH_HksSendType { - OH_HKS_SEND_TYPE_ASYNC = 0, - OH_HKS_SEND_TYPE_SYNC, -}; - -enum OH_HksTag { - /* Invalid TAG */ - OH_HKS_TAG_INVALID = OH_HKS_TAG_TYPE_INVALID | 0, - - /* Base algrithom TAG: 1 - 200 */ - OH_HKS_TAG_ALGORITHM = OH_HKS_TAG_TYPE_UINT | 1, - OH_HKS_TAG_PURPOSE = OH_HKS_TAG_TYPE_UINT | 2, - OH_HKS_TAG_KEY_SIZE = OH_HKS_TAG_TYPE_UINT | 3, - OH_HKS_TAG_DIGEST = OH_HKS_TAG_TYPE_UINT | 4, - OH_HKS_TAG_PADDING = OH_HKS_TAG_TYPE_UINT | 5, - OH_HKS_TAG_BLOCK_MODE = OH_HKS_TAG_TYPE_UINT | 6, - OH_HKS_TAG_KEY_TYPE = OH_HKS_TAG_TYPE_UINT | 7, - OH_HKS_TAG_ASSOCIATED_DATA = OH_HKS_TAG_TYPE_BYTES | 8, - OH_HKS_TAG_NONCE = OH_HKS_TAG_TYPE_BYTES | 9, - OH_HKS_TAG_IV = OH_HKS_TAG_TYPE_BYTES | 10, - - /* Key derivation TAG */ - OH_HKS_TAG_INFO = OH_HKS_TAG_TYPE_BYTES | 11, - OH_HKS_TAG_SALT = OH_HKS_TAG_TYPE_BYTES | 12, - OH_HKS_TAG_PWD = OH_HKS_TAG_TYPE_BYTES | 13, - OH_HKS_TAG_ITERATION = OH_HKS_TAG_TYPE_UINT | 14, - - OH_HKS_TAG_KEY_GENERATE_TYPE = OH_HKS_TAG_TYPE_UINT | 15, /* choose from enum OH_HksKeyGenerateType */ - OH_HKS_TAG_DERIVE_MAIN_KEY = OH_HKS_TAG_TYPE_BYTES | 16, - OH_HKS_TAG_DERIVE_FACTOR = OH_HKS_TAG_TYPE_BYTES | 17, - OH_HKS_TAG_DERIVE_ALG = OH_HKS_TAG_TYPE_UINT | 18, - OH_HKS_TAG_AGREE_ALG = OH_HKS_TAG_TYPE_UINT | 19, - OH_HKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS = OH_HKS_TAG_TYPE_BOOL | 20, - OH_HKS_TAG_AGREE_PRIVATE_KEY_ALIAS = OH_HKS_TAG_TYPE_BYTES | 21, - OH_HKS_TAG_AGREE_PUBLIC_KEY = OH_HKS_TAG_TYPE_BYTES | 22, - OH_HKS_TAG_KEY_ALIAS = OH_HKS_TAG_TYPE_BYTES | 23, - OH_HKS_TAG_DERIVE_KEY_SIZE = OH_HKS_TAG_TYPE_UINT | 24, - OH_HKS_TAG_IMPORT_KEY_TYPE = OH_HKS_TAG_TYPE_UINT | 25, /* choose from enum OH_HksImportKeyType */ - OH_HKS_TAG_UNWRAP_ALGORITHM_SUITE = OH_HKS_TAG_TYPE_UINT | 26, - - /* - * Key authentication related TAG: 201 - 300 - * - * Start of validity - */ - OH_HKS_TAG_ACTIVE_DATETIME = OH_HKS_TAG_TYPE_ULONG | 201, - - /* Date when new "messages" should not be created. */ - OH_HKS_TAG_ORIGINATION_EXPIRE_DATETIME = OH_HKS_TAG_TYPE_ULONG | 202, - - /* Date when existing "messages" should not be used. */ - OH_HKS_TAG_USAGE_EXPIRE_DATETIME = OH_HKS_TAG_TYPE_ULONG | 203, - - /* Key creation time */ - OH_HKS_TAG_CREATION_DATETIME = OH_HKS_TAG_TYPE_ULONG | 204, - - /* Other authentication related TAG: 301 - 500 */ - OH_HKS_TAG_ALL_USERS = OH_HKS_TAG_TYPE_BOOL | 301, - OH_HKS_TAG_USER_ID = OH_HKS_TAG_TYPE_UINT | 302, - OH_HKS_TAG_NO_AUTH_REQUIRED = OH_HKS_TAG_TYPE_BOOL | 303, - OH_HKS_TAG_USER_AUTH_TYPE = OH_HKS_TAG_TYPE_UINT | 304, - OH_HKS_TAG_AUTH_TIMEOUT = OH_HKS_TAG_TYPE_UINT | 305, - OH_HKS_TAG_AUTH_TOKEN = OH_HKS_TAG_TYPE_BYTES | 306, - - /* Attestation related TAG: 501 - 600 */ - OH_HKS_TAG_ATTESTATION_CHALLENGE = OH_HKS_TAG_TYPE_BYTES | 501, - OH_HKS_TAG_ATTESTATION_APPLICATION_ID = OH_HKS_TAG_TYPE_BYTES | 502, - OH_HKS_TAG_ATTESTATION_ID_BRAND = OH_HKS_TAG_TYPE_BYTES | 503, - OH_HKS_TAG_ATTESTATION_ID_DEVICE = OH_HKS_TAG_TYPE_BYTES | 504, - OH_HKS_TAG_ATTESTATION_ID_PRODUCT = OH_HKS_TAG_TYPE_BYTES | 505, - OH_HKS_TAG_ATTESTATION_ID_SERIAL = OH_HKS_TAG_TYPE_BYTES | 506, - OH_HKS_TAG_ATTESTATION_ID_IMEI = OH_HKS_TAG_TYPE_BYTES | 507, - OH_HKS_TAG_ATTESTATION_ID_MEID = OH_HKS_TAG_TYPE_BYTES | 508, - OH_HKS_TAG_ATTESTATION_ID_MANUFACTURER = OH_HKS_TAG_TYPE_BYTES | 509, - OH_HKS_TAG_ATTESTATION_ID_MODEL = OH_HKS_TAG_TYPE_BYTES | 510, - OH_HKS_TAG_ATTESTATION_ID_ALIAS = OH_HKS_TAG_TYPE_BYTES | 511, - OH_HKS_TAG_ATTESTATION_ID_SOCID = OH_HKS_TAG_TYPE_BYTES | 512, - OH_HKS_TAG_ATTESTATION_ID_UDID = OH_HKS_TAG_TYPE_BYTES | 513, - OH_HKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO = OH_HKS_TAG_TYPE_BYTES | 514, - OH_HKS_TAG_ATTESTATION_ID_VERSION_INFO = OH_HKS_TAG_TYPE_BYTES | 515, - - /* - * Other reserved TAG: 601 - 1000 - * - * Extention TAG: 1001 - 9999 - */ - OH_HKS_TAG_IS_KEY_ALIAS = OH_HKS_TAG_TYPE_BOOL | 1001, - OH_HKS_TAG_KEY_STORAGE_FLAG = OH_HKS_TAG_TYPE_UINT | 1002, /* choose from enum OH_HksKeyStorageType */ - OH_HKS_TAG_IS_ALLOWED_WRAP = OH_HKS_TAG_TYPE_BOOL | 1003, - OH_HKS_TAG_KEY_WRAP_TYPE = OH_HKS_TAG_TYPE_UINT | 1004, - OH_HKS_TAG_KEY_AUTH_ID = OH_HKS_TAG_TYPE_BYTES | 1005, - OH_HKS_TAG_KEY_ROLE = OH_HKS_TAG_TYPE_UINT | 1006, - OH_HKS_TAG_KEY_FLAG = OH_HKS_TAG_TYPE_UINT | 1007, /* choose from enum OH_HksKeyFlag */ - OH_HKS_TAG_IS_ASYNCHRONIZED = OH_HKS_TAG_TYPE_UINT | 1008, - OH_HKS_TAG_SECURE_KEY_ALIAS = OH_HKS_TAG_TYPE_BOOL | 1009, - OH_HKS_TAG_SECURE_KEY_UUID = OH_HKS_TAG_TYPE_BYTES | 1010, - OH_HKS_TAG_KEY_DOMAIN = OH_HKS_TAG_TYPE_UINT | 1011, - - /* Inner-use TAG: 10001 - 10999 */ - OH_HKS_TAG_PROCESS_NAME = OH_HKS_TAG_TYPE_BYTES | 10001, - OH_HKS_TAG_PACKAGE_NAME = OH_HKS_TAG_TYPE_BYTES | 10002, - OH_HKS_TAG_ACCESS_TIME = OH_HKS_TAG_TYPE_UINT | 10003, - OH_HKS_TAG_USES_TIME = OH_HKS_TAG_TYPE_UINT | 10004, - OH_HKS_TAG_CRYPTO_CTX = OH_HKS_TAG_TYPE_ULONG | 10005, - OH_HKS_TAG_KEY = OH_HKS_TAG_TYPE_BYTES | 10006, - OH_HKS_TAG_KEY_VERSION = OH_HKS_TAG_TYPE_UINT | 10007, - OH_HKS_TAG_PAYLOAD_LEN = OH_HKS_TAG_TYPE_UINT | 10008, - OH_HKS_TAG_AE_TAG = OH_HKS_TAG_TYPE_BYTES | 10009, - OH_HKS_TAG_IS_KEY_HANDLE = OH_HKS_TAG_TYPE_ULONG | 10010, - - /* Os version related TAG */ - OH_HKS_TAG_OS_VERSION = OH_HKS_TAG_TYPE_UINT | 10101, - OH_HKS_TAG_OS_PATCHLEVEL = OH_HKS_TAG_TYPE_UINT | 10102, - - /* - * Reversed TAGs for SOTER: 11000 - 12000 - * - * Other TAGs: 20001 - N - * TAGs used for paramSetOut - */ - OH_HKS_TAG_SYMMETRIC_KEY_DATA = OH_HKS_TAG_TYPE_BYTES | 20001, - OH_HKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA = OH_HKS_TAG_TYPE_BYTES | 20002, - OH_HKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA = OH_HKS_TAG_TYPE_BYTES | 20003, -}; - -struct OH_HksBlob { - uint32_t size; - uint8_t *data; -}; - -struct OH_HksParam { - uint32_t tag; - union { - bool boolParam; - int32_t int32Param; - uint32_t uint32Param; - uint64_t uint64Param; - struct OH_HksBlob blob; - }; -}; - -struct OH_HksParamSet { - uint32_t paramSetSize; - uint32_t paramsCnt; - struct OH_HksParam params[]; -}; - -struct OH_HksCertChain { - struct OH_HksBlob *certs; - uint32_t certsCount; -}; - -struct OH_HksKeyInfo { - struct OH_HksBlob alias; - struct OH_HksParamSet *paramSet; -}; - -struct OH_HksPubKeyInfo { - enum OH_HksKeyAlg keyAlg; - uint32_t keySize; - uint32_t nOrXSize; - uint32_t eOrYSize; - uint32_t placeHolder; -}; - -struct OH_HksKeyMaterialRsa { - enum OH_HksKeyAlg keyAlg; - uint32_t keySize; - uint32_t nSize; - uint32_t eSize; - uint32_t dSize; -}; - -struct OH_HksKeyMaterialEcc { - enum OH_HksKeyAlg keyAlg; - uint32_t keySize; - uint32_t xSize; - uint32_t ySize; - uint32_t zSize; -}; - -struct OH_HksKeyMaterialDsa { - enum OH_HksKeyAlg keyAlg; - uint32_t keySize; - uint32_t xSize; - uint32_t ySize; - uint32_t pSize; - uint32_t qSize; - uint32_t gSize; -}; - -struct OH_HksKeyMaterialDh { - enum OH_HksKeyAlg keyAlg; - uint32_t keySize; - uint32_t pubKeySize; - uint32_t priKeySize; - uint32_t reserved; -}; - -struct OH_HksKeyMaterial25519 { - enum OH_HksKeyAlg keyAlg; - uint32_t keySize; - uint32_t pubKeySize; - uint32_t priKeySize; - uint32_t reserved; -}; - -#define OH_HKS_DERIVE_DEFAULT_SALT_LEN 16 -#define OH_HKS_HMAC_DIGEST_SHA512_LEN 64 -#define OH_HKS_DEFAULT_RANDOM_LEN 16 -#define OH_HKS_MAX_KEY_AUTH_ID_LEN 64 -#define OH_HKS_KEY_MATERIAL_NUM 3 -#define OH_HKS_MAX_KEY_LEN (OH_HKS_KEY_BYTES(OH_HKS_RSA_KEY_SIZE_4096) * OH_HKS_KEY_MATERIAL_NUM) -#define OH_HKS_MAX_KEY_MATERIAL_LEN (sizeof(struct OH_HksPubKeyInfo) + OH_HKS_MAX_KEY_LEN + OH_HKS_AE_TAG_LEN) - -struct OH_HksStoreHeaderInfo { - uint16_t version; - uint16_t keyCount; - uint32_t totalLen; /* key buffer total len */ - uint32_t sealingAlg; - uint8_t salt[OH_HKS_DERIVE_DEFAULT_SALT_LEN]; - uint8_t hmac[OH_HKS_HMAC_DIGEST_SHA512_LEN]; -}; - -struct OH_HksStoreKeyInfo { - uint16_t keyInfoLen; /* current keyinfo len */ - uint16_t keySize; /* keySize of key from crypto hal after encrypted */ - uint8_t random[OH_HKS_DEFAULT_RANDOM_LEN]; - uint8_t flag; /* import or generate key */ - uint8_t keyAlg; - uint8_t keyMode; - uint8_t digest; - uint8_t padding; - uint8_t rsv; - uint16_t keyLen; /* keyLen from paramset, e.g. aes-256 */ - uint32_t purpose; - uint32_t role; - uint16_t domain; - uint8_t aliasSize; - uint8_t authIdSize; -}; - -struct OH_Hks25519KeyPair { - uint32_t publicBufferSize; - uint32_t privateBufferSize; -}; - -#ifdef __cplusplus -} -#endif - -#endif /* NATIVE_OH_HKS_TYPE_H */ \ No newline at end of file diff --git a/zh-cn/native_sdk/security/huks/native_huks_api.h b/zh-cn/native_sdk/security/huks/native_huks_api.h new file mode 100644 index 00000000..a67ffb4c --- /dev/null +++ b/zh-cn/native_sdk/security/huks/native_huks_api.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _NATIVE_HUKS_API_H_ +#define _NATIVE_HUKS_API_H_ + +#include "native_hks_type.h" + +#ifdef __cplusplus +extern "C" { +#endif + +OH_HUKS_API_EXPORT int32_t OH_Huks_GetSdkVersion(struct OH_Huks_Blob *sdkVersion); + +OH_HUKS_API_EXPORT int32_t OH_Huks_GenerateKey(const struct OH_Huks_Blob *keyAlias, + const struct OH_Huks_ParamSet *paramSetIn, struct OH_Huks_ParamSet *paramSetOut); + +OH_HUKS_API_EXPORT int32_t OH_Huks_ImportKey(const struct OH_Huks_Blob *keyAlias, + const struct OH_Huks_ParamSet *paramSet, const struct OH_Huks_Blob *key); + +OH_HUKS_API_EXPORT int32_t OH_Huks_ExportPublicKey(const struct OH_Huks_Blob *keyAlias, + const struct OH_Huks_ParamSet *paramSet, struct OH_Huks_Blob *key); + +OH_HUKS_API_EXPORT int32_t OH_Huks_DeleteKey(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet); + +OH_HUKS_API_EXPORT int32_t OH_Huks_GetKeyParamSet(const struct OH_Huks_Blob *keyAlias, + const struct OH_Huks_ParamSet *paramSetIn, struct OH_Huks_ParamSet *paramSetOut); + +OH_HUKS_API_EXPORT int32_t OH_Huks_KeyExist(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet); + +OH_HUKS_API_EXPORT int32_t OH_Huks_Init(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet, + struct OH_Huks_Blob *handle); + +OH_HUKS_API_EXPORT int32_t OH_Huks_Update(const struct OH_Huks_Blob *handle, const struct OH_Huks_ParamSet *paramSet, + const struct OH_Huks_Blob *inData, struct OH_Huks_Blob *outData); + +OH_HUKS_API_EXPORT int32_t OH_Huks_Finish(const struct OH_Huks_Blob *handle, const struct OH_Huks_ParamSet *paramSet, + const struct OH_Huks_Blob *inData, struct OH_Huks_Blob *outData); + +OH_HUKS_API_EXPORT int32_t OH_Huks_Abort(const struct OH_Huks_Blob *handle, const struct OH_Huks_ParamSet *paramSet); + +#ifdef __cplusplus +} +#endif + +#endif /* NATIVE_HUKS_API_H */ \ No newline at end of file diff --git a/zh-cn/native_sdk/security/huks/native_hks_param.h b/zh-cn/native_sdk/security/huks/native_huks_param.h similarity index 34% rename from zh-cn/native_sdk/security/huks/native_hks_param.h rename to zh-cn/native_sdk/security/huks/native_huks_param.h index db5b2f47..936f8f0a 100644 --- a/zh-cn/native_sdk/security/huks/native_hks_param.h +++ b/zh-cn/native_sdk/security/huks/native_huks_param.h @@ -13,44 +13,44 @@ * limitations under the License. */ -#ifndef NATIVE_HKS_PARAM_H -#define NATIVE_HKS_PARAM_H +#ifndef NATIVE_HUKS_PARAM_H +#define NATIVE_HUKS_PARAM_H #include "native_hks_type.h" -#define OH_HKS_PARAM_SET_MAX_SIZE (4 * 1024 * 1024) -#define OH_HKS_DEFAULT_PARAM_SET_SIZE 512 -#define OH_HKS_DEFAULT_PARAM_CNT ((uint32_t)(OH_HKS_DEFAULT_PARAM_SET_SIZE / sizeof(struct OH_HksParam))) -#define OH_HKS_TAG_TYPE_MASK (0xF << 28) +#define OH_HUKS_PARAM_SET_MAX_SIZE (4 * 1024 * 1024) +#define OH_HUKS_DEFAULT_PARAM_SET_SIZE 512 +#define OH_HUKS_DEFAULT_PARAM_CNT ((uint32_t)(OH_HUKS_DEFAULT_PARAM_SET_SIZE / sizeof(struct OH_Huks_Param))) +#define OH_HUKS_TAG_TYPE_MASK (0xF << 28) #ifdef __cplusplus extern "C" { #endif -OH_HKS_API_EXPORT int32_t OH_HksInitParamSet(struct OH_HksParamSet **paramSet); +OH_HUKS_API_EXPORT int32_t OH_Huks_InitParamSet(struct OH_Huks_ParamSet **paramSet); -OH_HKS_API_EXPORT int32_t OH_HksAddParams(struct OH_HksParamSet *paramSet, - const struct OH_HksParam *params, uint32_t paramCnt); +OH_HUKS_API_EXPORT int32_t OH_Huks_AddParams(struct OH_Huks_ParamSet *paramSet, + const struct OH_Huks_Param *params, uint32_t paramCnt); -OH_HKS_API_EXPORT int32_t OH_HksBuildParamSet(struct OH_HksParamSet **paramSet); +OH_HUKS_API_EXPORT int32_t OH_Huks_BuildParamSet(struct OH_Huks_ParamSet **paramSet); -OH_HKS_API_EXPORT void OH_HksFreeParamSet(struct OH_HksParamSet **paramSet); +OH_HUKS_API_EXPORT void OH_Huks_FreeParamSet(struct OH_Huks_ParamSet **paramSet); -OH_HKS_API_EXPORT int32_t OH_HksGetParamSet(const struct OH_HksParamSet *fromParamSet, uint32_t fromParamSetSize, - struct OH_HksParamSet **paramSet); +OH_HUKS_API_EXPORT int32_t OH_Huks_GetParamSet(const struct OH_Huks_ParamSet *fromParamSet, uint32_t fromParamSetSize, + struct OH_Huks_ParamSet **paramSet); -OH_HKS_API_EXPORT int32_t OH_HksGetParam(const struct OH_HksParamSet *paramSet, uint32_t tag, struct OH_HksParam **param); +OH_HUKS_API_EXPORT int32_t OH_Huks_GetParam(const struct OH_Huks_ParamSet *paramSet, uint32_t tag, struct OH_Huks_Param **param); -OH_HKS_API_EXPORT int32_t OH_HksFreshParamSet(struct OH_HksParamSet *paramSet, bool isCopy); +OH_HUKS_API_EXPORT int32_t OH_Huks_FreshParamSet(struct OH_Huks_ParamSet *paramSet, bool isCopy); -int32_t OH_HksCheckParamSetTag(const struct OH_HksParamSet *paramSet); +int32_t OH_Huks_CheckParamSetTag(const struct OH_Huks_ParamSet *paramSet); -int32_t OH_HksCheckParamSet(const struct OH_HksParamSet *paramSet, uint32_t size); +int32_t OH_Huks_CheckParamSet(const struct OH_Huks_ParamSet *paramSet, uint32_t size); -int32_t OH_HksCheckParamMatch(const struct OH_HksParam *baseParam, const struct OH_HksParam *param); +int32_t OH_Huks_CheckParamMatch(const struct OH_Huks_Param *baseParam, const struct OH_Huks_Param *param); #ifdef __cplusplus } #endif -#endif /* NATIVE_HKS_PARAM_H */ \ No newline at end of file +#endif /* NATIVE_HUKS_PARAM_H */ \ No newline at end of file diff --git a/zh-cn/native_sdk/security/huks/native_huks_type.h b/zh-cn/native_sdk/security/huks/native_huks_type.h new file mode 100644 index 00000000..078e953d --- /dev/null +++ b/zh-cn/native_sdk/security/huks/native_huks_type.h @@ -0,0 +1,547 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _NATIVE_HUKS_TYPE_H_ +#define _NATIVE_HUKS_TYPE_H_ + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef OH_HUKS_API_PUBLIC + #if defined(WIN32) || defined(_WIN32) || defined(__CYGWIN__) || defined(__ICCARM__) /* __ICCARM__ for iar */ + #define OH_HUKS_API_EXPORT + #else + #define OH_HUKS_API_EXPORT __attribute__ ((visibility("default"))) + #endif +#else + #define OH_HUKS_API_EXPORT __attribute__ ((visibility("default"))) +#endif + +#define OH_HUKS_SDK_VERSION "2.0.0.4" + +/* + * Align to 4-tuple + * Before calling this function, ensure that the size does not overflow after 3 is added. + */ +#define OH_HUKS_ALIGN_SIZE(size) ((((uint32_t)(size) + 3) >> 2) << 2) +#define OH_HUKS_DEFAULT_ALIGN_MASK_SIZE 3 + +#define OH_HUKS_AE_TAG_LEN 16 +#define OH_HUKS_BITS_PER_BYTE 8 +#define OH_HUKS_MAX_KEY_SIZE 2048 +#define OH_HUKS_AE_TAG_LEN 16 +#define OH_HUKS_AE_NONCE_LEN 12 +#define OH_HUKS_MAX_KEY_ALIAS_LEN 64 +#define OH_HUKS_MAX_PROCESS_NAME_LEN 50 +#define OH_HUKS_MAX_RANDOM_LEN 1024 +#define OH_HUKS_KEY_BYTES(keySize) (((keySize) + OH_HUKS_BITS_PER_BYTE - 1) / OH_HUKS_BITS_PER_BYTE) +#define OH_HUKS_SIGNATURE_MIN_SIZE 64 +#define OH_HUKS_ARRAY_SIZE(arr) ((sizeof(arr)) / (sizeof((arr)[0]))) +#define OH_HUKS_MAX_OUT_BLOB_SIZE (5 * 1024 * 1024) +#define OH_HUKS_WRAPPED_FORMAT_MAX_SIZE (1024 * 1024) +#define OH_HUKS_IMPORT_WRAPPED_KEY_TOTAL_BLOBS 10 + +enum OH_Huks_KeyType { + OH_HUKS_KEY_TYPE_RSA_PUBLIC_KEY = 0x01001000, + OH_HUKS_KEY_TYPE_RSA_KEYPAIR = 0x01002000, + + OH_HUKS_KEY_TYPE_ECC_P256_PUBLIC_KEY = 0x02021000, + OH_HUKS_KEY_TYPE_ECC_P256_KEYPAIR = 0x02022000, + OH_HUKS_KEY_TYPE_ECC_P384_PUBLIC_KEY = 0x02031000, + OH_HUKS_KEY_TYPE_ECC_P384_KEYPAIR = 0x02032000, + OH_HUKS_KEY_TYPE_ECC_P521_PUBLIC_KEY = 0x02051000, + OH_HUKS_KEY_TYPE_ECC_P521_KEYPAIR = 0x02052000, + + OH_HUKS_KEY_TYPE_ED25519_PUBLIC_KEY = 0x02101000, + OH_HUKS_KEY_TYPE_ED25519_KEYPAIR = 0x02102000, + OH_HUKS_KEY_TYPE_X25519_PUBLIC_KEY = 0x02111000, + OH_HUKS_KEY_TYPE_X25519_KEYPAIR = 0x02112000, + + OH_HUKS_KEY_TYPE_AES = 0x03000000, + OH_HUKS_KEY_TYPE_CHACHA20 = 0x04010000, + OH_HUKS_KEY_TYPE_CHACHA20_POLY1305 = 0x04020000, + + OH_HUKS_KEY_TYPE_HMAC = 0x05000000, + OH_HUKS_KEY_TYPE_HKDF = 0x06000000, + OH_HUKS_KEY_TYPE_PBKDF2 = 0x07000000, +}; + +enum OH_Huks_KeyPurpose { + OH_HUKS_KEY_PURPOSE_ENCRYPT = 1, /* Usable with RSA, EC, AES, and SM4 keys. */ + OH_HUKS_KEY_PURPOSE_DECRYPT = 2, /* Usable with RSA, EC, AES, and SM4 keys. */ + OH_HUKS_KEY_PURPOSE_SIGN = 4, /* Usable with RSA, EC keys. */ + OH_HUKS_KEY_PURPOSE_VERIFY = 8, /* Usable with RSA, EC keys. */ + OH_HUKS_KEY_PURPOSE_DERIVE = 16, /* Usable with EC keys. */ + OH_HUKS_KEY_PURPOSE_WRAP = 32, /* Usable with wrap key. */ + OH_HUKS_KEY_PURPOSE_UNWRAP = 64, /* Usable with unwrap key. */ + OH_HUKS_KEY_PURPOSE_MAC = 128, /* Usable with mac. */ + OH_HUKS_KEY_PURPOSE_AGREE = 256, /* Usable with agree. */ +}; + +enum OH_Huks_KeyDigest { + OH_HUKS_DIGEST_NONE = 0, + OH_HUKS_DIGEST_MD5 = 1, + OH_HUKS_DIGEST_SM3 = 2, + OH_HUKS_DIGEST_SHA1 = 10, + OH_HUKS_DIGEST_SHA224 = 11, + OH_HUKS_DIGEST_SHA256 = 12, + OH_HUKS_DIGEST_SHA384 = 13, + OH_HUKS_DIGEST_SHA512 = 14, +}; + +enum OH_Huks_KeyPadding { + OH_HUKS_PADDING_NONE = 0, + OH_HUKS_PADDING_OAEP = 1, + OH_HUKS_PADDING_PSS = 2, + OH_HUKS_PADDING_PKCS1_V1_5 = 3, + OH_HUKS_PADDING_PKCS5 = 4, + OH_HUKS_PADDING_PKCS7 = 5, +}; + +enum OH_Huks_CipherMode { + OH_HUKS_MODE_ECB = 1, + OH_HUKS_MODE_CBC = 2, + OH_HUKS_MODE_CTR = 3, + OH_HUKS_MODE_OFB = 4, + OH_HUKS_MODE_CCM = 31, + OH_HUKS_MODE_GCM = 32, +}; + +enum OH_Huks_KeySize { + OH_HUKS_RSA_KEY_SIZE_1024 = 1024, + OH_HUKS_RSA_KEY_SIZE_2048 = 2048, + OH_HUKS_RSA_KEY_SIZE_3072 = 3072, + OH_HUKS_RSA_KEY_SIZE_4096 = 4096, + + OH_HUKS_ECC_KEY_SIZE_256 = 256, + OH_HUKS_ECC_KEY_SIZE_384 = 384, + OH_HUKS_ECC_KEY_SIZE_521 = 521, + + OH_HUKS_AES_KEY_SIZE_128 = 128, + OH_HUKS_AES_KEY_SIZE_192 = 192, + OH_HUKS_AES_KEY_SIZE_256 = 256, + OH_HUKS_AES_KEY_SIZE_512 = 512, + + OH_HUKS_CURVE25519_KEY_SIZE_256 = 256, + + OH_HUKS_SM2_KEY_SIZE_256 = 256, + OH_HUKS_SM4_KEY_SIZE_128 = 128, +}; + +enum OH_Huks_KeyAlg { + OH_HUKS_ALG_RSA = 1, + OH_HUKS_ALG_ECC = 2, + + OH_HUKS_ALG_AES = 20, + OH_HUKS_ALG_HMAC = 50, + OH_HUKS_ALG_HKDF = 51, + OH_HUKS_ALG_PBKDF2 = 52, + + OH_HUKS_ALG_ECDH = 100, + OH_HUKS_ALG_X25519 = 101, + OH_HUKS_ALG_ED25519 = 102, + + OH_HUKS_ALG_SM2 = 150, + OH_HUKS_ALG_SM3 = 151, + OH_HUKS_ALG_SM4 = 152, +}; + +enum OH_Huks_AlgSuite { + /* Algorithm suites of unwrapping wrapped-key by huks */ + /* Unwrap suite of key agreement type */ + /* WrappedData format(Bytes Array): + * | x25519_plain_pubkey_length (4 Byte) | x25519_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad + * | agreekey_nonce_length (4 Byte) | agreekey_nonce | agreekey_aead_tag_len(4 Byte) | agreekey_aead_tag + * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad + * | kek_nonce_length (4 Byte) | kek_nonce | kek_aead_tag_len (4 Byte) | kek_aead_tag + * | key_material_size_len (4 Byte) | key_material_size | key_mat_enc_length (4 Byte) | key_mat_enc_data + */ + OH_HUKS_UNWRAP_SUITE_X25519_AES_256_GCM_NOPADDING = 1, + + /* WrappedData format(Bytes Array): + * | ECC_plain_pubkey_length (4 Byte) | ECC_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad + * | agreekey_nonce_length (4 Byte) | agreekey_nonce | agreekey_aead_tag_len(4 Byte) | agreekey_aead_tag + * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad + * | kek_nonce_length (4 Byte) | kek_nonce | kek_aead_tag_len (4 Byte) | kek_aead_tag + * | key_material_size_len (4 Byte) | key_material_size | key_mat_enc_length (4 Byte) | key_mat_enc_data + */ + OH_HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING = 2, +}; + +enum OH_Huks_KeyGenerateType { + OH_HUKS_KEY_GENERATE_TYPE_DEFAULT = 0, + OH_HUKS_KEY_GENERATE_TYPE_DERIVE = 1, + OH_HUKS_KEY_GENERATE_TYPE_AGREE = 2, +}; + +enum OH_Huks_KeyFlag { + OH_HUKS_KEY_FLAG_IMPORT_KEY = 1, + OH_HUKS_KEY_FLAG_GENERATE_KEY = 2, + OH_HUKS_KEY_FLAG_AGREE_KEY = 3, + OH_HUKS_KEY_FLAG_DERIVE_KEY = 4, +}; + +enum OH_Huks_KeyStorageType { + OH_HUKS_STORAGE_TEMP = 0, + OH_HUKS_STORAGE_PERSISTENT = 1, +}; + +enum OH_Huks_ImportKeyType { + OH_HUKS_KEY_TYPE_PUBLIC_KEY = 0, + OH_HUKS_KEY_TYPE_PRIVATE_KEY = 1, + OH_HUKS_KEY_TYPE_KEY_PAIR = 2, +}; + +enum OH_Huks_ErrorCode { + OH_HUKS_SUCCESS = 0, + OH_HUKS_FAILURE = -1, + OH_HUKS_ERROR_BAD_STATE = -2, + OH_HUKS_ERROR_INVALID_ARGUMENT = -3, + OH_HUKS_ERROR_NOT_SUPPORTED = -4, + OH_HUKS_ERROR_NO_PERMISSION = -5, + OH_HUKS_ERROR_INSUFFICIENT_DATA = -6, + OH_HUKS_ERROR_BUFFER_TOO_SMALL = -7, + OH_HUKS_ERROR_INSUFFICIENT_MEMORY = -8, + OH_HUKS_ERROR_COMMUNICATION_FAILURE = -9, + OH_HUKS_ERROR_STORAGE_FAILURE = -10, + OH_HUKS_ERROR_HARDWARE_FAILURE = -11, + OH_HUKS_ERROR_ALREADY_EXISTS = -12, + OH_HUKS_ERROR_NOT_EXIST = -13, + OH_HUKS_ERROR_NULL_POINTER = -14, + OH_HUKS_ERROR_FILE_SIZE_FAIL = -15, + OH_HUKS_ERROR_READ_FILE_FAIL = -16, + OH_HUKS_ERROR_INVALID_PUBLIC_KEY = -17, + OH_HUKS_ERROR_INVALID_PRIVATE_KEY = -18, + OH_HUKS_ERROR_INVALID_KEY_INFO = -19, + OH_HUKS_ERROR_HASH_NOT_EQUAL = -20, + OH_HUKS_ERROR_MALLOC_FAIL = -21, + OH_HUKS_ERROR_WRITE_FILE_FAIL = -22, + OH_HUKS_ERROR_REMOVE_FILE_FAIL = -23, + OH_HUKS_ERROR_OPEN_FILE_FAIL = -24, + OH_HUKS_ERROR_CLOSE_FILE_FAIL = -25, + OH_HUKS_ERROR_MAKE_DIR_FAIL = -26, + OH_HUKS_ERROR_INVALID_KEY_FILE = -27, + OH_HUKS_ERROR_IPC_MSG_FAIL = -28, + OH_HUKS_ERROR_REQUEST_OVERFLOWS = -29, + OH_HUKS_ERROR_PARAM_NOT_EXIST = -30, + OH_HUKS_ERROR_CRYPTO_ENGINE_ERROR = -31, + OH_HUKS_ERROR_COMMUNICATION_TIMEOUT = -32, + OH_HUKS_ERROR_IPC_INIT_FAIL = -33, + OH_HUKS_ERROR_IPC_DLOPEN_FAIL = -34, + OH_HUKS_ERROR_EFUSE_READ_FAIL = -35, + OH_HUKS_ERROR_NEW_ROOT_KEY_MATERIAL_EXIST = -36, + OH_HUKS_ERROR_UPDATE_ROOT_KEY_MATERIAL_FAIL = -37, + OH_HUKS_ERROR_VERIFICATION_FAILED = -38, + OH_HUKS_ERROR_SESSION_REACHED_LIMIT = -39, + + OH_HUKS_ERROR_CHECK_GET_ALG_FAIL = -100, + OH_HUKS_ERROR_CHECK_GET_KEY_SIZE_FAIL = -101, + OH_HUKS_ERROR_CHECK_GET_PADDING_FAIL = -102, + OH_HUKS_ERROR_CHECK_GET_PURPOSE_FAIL = -103, + OH_HUKS_ERROR_CHECK_GET_DIGEST_FAIL = -104, + OH_HUKS_ERROR_CHECK_GET_MODE_FAIL = -105, + OH_HUKS_ERROR_CHECK_GET_NONCE_FAIL = -106, + OH_HUKS_ERROR_CHECK_GET_AAD_FAIL = -107, + OH_HUKS_ERROR_CHECK_GET_IV_FAIL = -108, + OH_HUKS_ERROR_CHECK_GET_AE_TAG_FAIL = -109, + OH_HUKS_ERROR_CHECK_GET_SALT_FAIL = -110, + OH_HUKS_ERROR_CHECK_GET_ITERATION_FAIL = -111, + OH_HUKS_ERROR_INVALID_ALGORITHM = -112, + OH_HUKS_ERROR_INVALID_KEY_SIZE = -113, + OH_HUKS_ERROR_INVALID_PADDING = -114, + OH_HUKS_ERROR_INVALID_PURPOSE = -115, + OH_HUKS_ERROR_INVALID_MODE = -116, + OH_HUKS_ERROR_INVALID_DIGEST = -117, + OH_HUKS_ERROR_INVALID_SIGNATURE_SIZE = -118, + OH_HUKS_ERROR_INVALID_IV = -119, + OH_HUKS_ERROR_INVALID_AAD = -120, + OH_HUKS_ERROR_INVALID_NONCE = -121, + OH_HUKS_ERROR_INVALID_AE_TAG = -122, + OH_HUKS_ERROR_INVALID_SALT = -123, + OH_HUKS_ERROR_INVALID_ITERATION = -124, + OH_HUKS_ERROR_INVALID_OPERATION = -125, + OH_HUKS_ERROR_INVALID_WRAPPED_FORMAT = -126, + OH_HUKS_ERROR_INVALID_USAGE_OF_KEY = -127, + + OH_HUKS_ERROR_INTERNAL_ERROR = -999, + OH_HUKS_ERROR_UNKNOWN_ERROR = -1000, +}; + +enum OH_Huks_TagType { + OH_HUKS_TAG_TYPE_INVALID = 0 << 28, + OH_HUKS_TAG_TYPE_INT = 1 << 28, + OH_HUKS_TAG_TYPE_UINT = 2 << 28, + OH_HUKS_TAG_TYPE_ULONG = 3 << 28, + OH_HUKS_TAG_TYPE_BOOL = 4 << 28, + OH_HUKS_TAG_TYPE_BYTES = 5 << 28, +}; + +enum OH_Huks_SendType { + OH_HUKS_SEND_TYPE_ASYNC = 0, + OH_HUKS_SEND_TYPE_SYNC, +}; + +enum OH_Huks_Tag { + /* Invalid TAG */ + OH_HUKS_TAG_INVALID = OH_HUKS_TAG_TYPE_INVALID | 0, + + /* Base algrithom TAG: 1 - 200 */ + OH_HUKS_TAG_ALGORITHM = OH_HUKS_TAG_TYPE_UINT | 1, + OH_HUKS_TAG_PURPOSE = OH_HUKS_TAG_TYPE_UINT | 2, + OH_HUKS_TAG_KEY_SIZE = OH_HUKS_TAG_TYPE_UINT | 3, + OH_HUKS_TAG_DIGEST = OH_HUKS_TAG_TYPE_UINT | 4, + OH_HUKS_TAG_PADDING = OH_HUKS_TAG_TYPE_UINT | 5, + OH_HUKS_TAG_BLOCK_MODE = OH_HUKS_TAG_TYPE_UINT | 6, + OH_HUKS_TAG_KEY_TYPE = OH_HUKS_TAG_TYPE_UINT | 7, + OH_HUKS_TAG_ASSOCIATED_DATA = OH_HUKS_TAG_TYPE_BYTES | 8, + OH_HUKS_TAG_NONCE = OH_HUKS_TAG_TYPE_BYTES | 9, + OH_HUKS_TAG_IV = OH_HUKS_TAG_TYPE_BYTES | 10, + + /* Key derivation TAG */ + OH_HUKS_TAG_INFO = OH_HUKS_TAG_TYPE_BYTES | 11, + OH_HUKS_TAG_SALT = OH_HUKS_TAG_TYPE_BYTES | 12, + OH_HUKS_TAG_PWD = OH_HUKS_TAG_TYPE_BYTES | 13, + OH_HUKS_TAG_ITERATION = OH_HUKS_TAG_TYPE_UINT | 14, + + OH_HUKS_TAG_KEY_GENERATE_TYPE = OH_HUKS_TAG_TYPE_UINT | 15, /* choose from enum OH_Huks_KeyGenerateType */ + OH_HUKS_TAG_DERIVE_MAIN_KEY = OH_HUKS_TAG_TYPE_BYTES | 16, + OH_HUKS_TAG_DERIVE_FACTOR = OH_HUKS_TAG_TYPE_BYTES | 17, + OH_HUKS_TAG_DERIVE_ALG = OH_HUKS_TAG_TYPE_UINT | 18, + OH_HUKS_TAG_AGREE_ALG = OH_HUKS_TAG_TYPE_UINT | 19, + OH_HUKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS = OH_HUKS_TAG_TYPE_BOOL | 20, + OH_HUKS_TAG_AGREE_PRIVATE_KEY_ALIAS = OH_HUKS_TAG_TYPE_BYTES | 21, + OH_HUKS_TAG_AGREE_PUBLIC_KEY = OH_HUKS_TAG_TYPE_BYTES | 22, + OH_HUKS_TAG_KEY_ALIAS = OH_HUKS_TAG_TYPE_BYTES | 23, + OH_HUKS_TAG_DERIVE_KEY_SIZE = OH_HUKS_TAG_TYPE_UINT | 24, + OH_HUKS_TAG_IMPORT_KEY_TYPE = OH_HUKS_TAG_TYPE_UINT | 25, /* choose from enum OH_Huks_ImportKeyType */ + OH_HUKS_TAG_UNWRAP_ALGORITHM_SUITE = OH_HUKS_TAG_TYPE_UINT | 26, + + /* + * Key authentication related TAG: 201 - 300 + * + * Start of validity + */ + OH_HUKS_TAG_ACTIVE_DATETIME = OH_HUKS_TAG_TYPE_ULONG | 201, + + /* Date when new "messages" should not be created. */ + OH_HUKS_TAG_ORIGINATION_EXPIRE_DATETIME = OH_HUKS_TAG_TYPE_ULONG | 202, + + /* Date when existing "messages" should not be used. */ + OH_HUKS_TAG_USAGE_EXPIRE_DATETIME = OH_HUKS_TAG_TYPE_ULONG | 203, + + /* Key creation time */ + OH_HUKS_TAG_CREATION_DATETIME = OH_HUKS_TAG_TYPE_ULONG | 204, + + /* Other authentication related TAG: 301 - 500 */ + OH_HUKS_TAG_ALL_USERS = OH_HUKS_TAG_TYPE_BOOL | 301, + OH_HUKS_TAG_USER_ID = OH_HUKS_TAG_TYPE_UINT | 302, + OH_HUKS_TAG_NO_AUTH_REQUIRED = OH_HUKS_TAG_TYPE_BOOL | 303, + OH_HUKS_TAG_USER_AUTH_TYPE = OH_HUKS_TAG_TYPE_UINT | 304, + OH_HUKS_TAG_AUTH_TIMEOUT = OH_HUKS_TAG_TYPE_UINT | 305, + OH_HUKS_TAG_AUTH_TOKEN = OH_HUKS_TAG_TYPE_BYTES | 306, + + /* Attestation related TAG: 501 - 600 */ + OH_HUKS_TAG_ATTESTATION_CHALLENGE = OH_HUKS_TAG_TYPE_BYTES | 501, + OH_HUKS_TAG_ATTESTATION_APPLICATION_ID = OH_HUKS_TAG_TYPE_BYTES | 502, + OH_HUKS_TAG_ATTESTATION_ID_BRAND = OH_HUKS_TAG_TYPE_BYTES | 503, + OH_HUKS_TAG_ATTESTATION_ID_DEVICE = OH_HUKS_TAG_TYPE_BYTES | 504, + OH_HUKS_TAG_ATTESTATION_ID_PRODUCT = OH_HUKS_TAG_TYPE_BYTES | 505, + OH_HUKS_TAG_ATTESTATION_ID_SERIAL = OH_HUKS_TAG_TYPE_BYTES | 506, + OH_HUKS_TAG_ATTESTATION_ID_IMEI = OH_HUKS_TAG_TYPE_BYTES | 507, + OH_HUKS_TAG_ATTESTATION_ID_MEID = OH_HUKS_TAG_TYPE_BYTES | 508, + OH_HUKS_TAG_ATTESTATION_ID_MANUFACTURER = OH_HUKS_TAG_TYPE_BYTES | 509, + OH_HUKS_TAG_ATTESTATION_ID_MODEL = OH_HUKS_TAG_TYPE_BYTES | 510, + OH_HUKS_TAG_ATTESTATION_ID_ALIAS = OH_HUKS_TAG_TYPE_BYTES | 511, + OH_HUKS_TAG_ATTESTATION_ID_SOCID = OH_HUKS_TAG_TYPE_BYTES | 512, + OH_HUKS_TAG_ATTESTATION_ID_UDID = OH_HUKS_TAG_TYPE_BYTES | 513, + OH_HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO = OH_HUKS_TAG_TYPE_BYTES | 514, + OH_HUKS_TAG_ATTESTATION_ID_VERSION_INFO = OH_HUKS_TAG_TYPE_BYTES | 515, + + /* + * Other reserved TAG: 601 - 1000 + * + * Extention TAG: 1001 - 9999 + */ + OH_HUKS_TAG_IS_KEY_ALIAS = OH_HUKS_TAG_TYPE_BOOL | 1001, + OH_HUKS_TAG_KEY_STORAGE_FLAG = OH_HUKS_TAG_TYPE_UINT | 1002, /* choose from enum OH_Huks_KeyStorageType */ + OH_HUKS_TAG_IS_ALLOWED_WRAP = OH_HUKS_TAG_TYPE_BOOL | 1003, + OH_HUKS_TAG_KEY_WRAP_TYPE = OH_HUKS_TAG_TYPE_UINT | 1004, + OH_HUKS_TAG_KEY_AUTH_ID = OH_HUKS_TAG_TYPE_BYTES | 1005, + OH_HUKS_TAG_KEY_ROLE = OH_HUKS_TAG_TYPE_UINT | 1006, + OH_HUKS_TAG_KEY_FLAG = OH_HUKS_TAG_TYPE_UINT | 1007, /* choose from enum OH_Huks_KeyFlag */ + OH_HUKS_TAG_IS_ASYNCHRONIZED = OH_HUKS_TAG_TYPE_UINT | 1008, + OH_HUKS_TAG_SECURE_KEY_ALIAS = OH_HUKS_TAG_TYPE_BOOL | 1009, + OH_HUKS_TAG_SECURE_KEY_UUID = OH_HUKS_TAG_TYPE_BYTES | 1010, + OH_HUKS_TAG_KEY_DOMAIN = OH_HUKS_TAG_TYPE_UINT | 1011, + + /* Inner-use TAG: 10001 - 10999 */ + OH_HUKS_TAG_PROCESS_NAME = OH_HUKS_TAG_TYPE_BYTES | 10001, + OH_HUKS_TAG_PACKAGE_NAME = OH_HUKS_TAG_TYPE_BYTES | 10002, + OH_HUKS_TAG_ACCESS_TIME = OH_HUKS_TAG_TYPE_UINT | 10003, + OH_HUKS_TAG_USES_TIME = OH_HUKS_TAG_TYPE_UINT | 10004, + OH_HUKS_TAG_CRYPTO_CTX = OH_HUKS_TAG_TYPE_ULONG | 10005, + OH_HUKS_TAG_KEY = OH_HUKS_TAG_TYPE_BYTES | 10006, + OH_HUKS_TAG_KEY_VERSION = OH_HUKS_TAG_TYPE_UINT | 10007, + OH_HUKS_TAG_PAYLOAD_LEN = OH_HUKS_TAG_TYPE_UINT | 10008, + OH_HUKS_TAG_AE_TAG = OH_HUKS_TAG_TYPE_BYTES | 10009, + OH_HUKS_TAG_IS_KEY_HANDLE = OH_HUKS_TAG_TYPE_ULONG | 10010, + + /* Os version related TAG */ + OH_HUKS_TAG_OS_VERSION = OH_HUKS_TAG_TYPE_UINT | 10101, + OH_HUKS_TAG_OS_PATCHLEVEL = OH_HUKS_TAG_TYPE_UINT | 10102, + + /* + * Reversed TAGs for SOTER: 11000 - 12000 + * + * Other TAGs: 20001 - N + * TAGs used for paramSetOut + */ + OH_HUKS_TAG_SYMMETRIC_KEY_DATA = OH_HUKS_TAG_TYPE_BYTES | 20001, + OH_HUKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA = OH_HUKS_TAG_TYPE_BYTES | 20002, + OH_HUKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA = OH_HUKS_TAG_TYPE_BYTES | 20003, +}; + +struct OH_Huks_Blob { + uint32_t size; + uint8_t *data; +}; + +struct OH_Huks_Param { + uint32_t tag; + union { + bool boolParam; + int32_t int32Param; + uint32_t uint32Param; + uint64_t uint64Param; + struct OH_Huks_Blob blob; + }; +}; + +struct OH_Huks_ParamSet { + uint32_t paramSetSize; + uint32_t paramsCnt; + struct OH_Huks_Param params[]; +}; + +struct OH_Huks_CertChain { + struct OH_Huks_Blob *certs; + uint32_t certsCount; +}; + +struct OH_Huks_KeyInfo { + struct OH_Huks_Blob alias; + struct OH_Huks_ParamSet *paramSet; +}; + +struct OH_Huks_PubKeyInfo { + enum OH_Huks_KeyAlg keyAlg; + uint32_t keySize; + uint32_t nOrXSize; + uint32_t eOrYSize; + uint32_t placeHolder; +}; + +struct OH_Huks_KeyMaterialRsa { + enum OH_Huks_KeyAlg keyAlg; + uint32_t keySize; + uint32_t nSize; + uint32_t eSize; + uint32_t dSize; +}; + +struct OH_Huks_KeyMaterialEcc { + enum OH_Huks_KeyAlg keyAlg; + uint32_t keySize; + uint32_t xSize; + uint32_t ySize; + uint32_t zSize; +}; + +struct OH_Huks_KeyMaterialDsa { + enum OH_Huks_KeyAlg keyAlg; + uint32_t keySize; + uint32_t xSize; + uint32_t ySize; + uint32_t pSize; + uint32_t qSize; + uint32_t gSize; +}; + +struct OH_Huks_KeyMaterialDh { + enum OH_Huks_KeyAlg keyAlg; + uint32_t keySize; + uint32_t pubKeySize; + uint32_t priKeySize; + uint32_t reserved; +}; + +struct OH_Huks_KeyMaterial25519 { + enum OH_Huks_KeyAlg keyAlg; + uint32_t keySize; + uint32_t pubKeySize; + uint32_t priKeySize; + uint32_t reserved; +}; + +#define OH_HUKS_DERIVE_DEFAULT_SALT_LEN 16 +#define OH_HUKS_HMAC_DIGEST_SHA512_LEN 64 +#define OH_HUKS_DEFAULT_RANDOM_LEN 16 +#define OH_HUKS_MAX_KEY_AUTH_ID_LEN 64 +#define OH_HUKS_KEY_MATERIAL_NUM 3 +#define OH_HUKS_MAX_KEY_LEN (OH_HUKS_KEY_BYTES(OH_HUKS_RSA_KEY_SIZE_4096) * OH_HUKS_KEY_MATERIAL_NUM) +#define OH_HUKS_MAX_KEY_MATERIAL_LEN (sizeof(struct OH_Huks_PubKeyInfo) + OH_HUKS_MAX_KEY_LEN + OH_HUKS_AE_TAG_LEN) + +struct OH_Huks_StoreHeaderInfo { + uint16_t version; + uint16_t keyCount; + uint32_t totalLen; /* key buffer total len */ + uint32_t sealingAlg; + uint8_t salt[OH_HUKS_DERIVE_DEFAULT_SALT_LEN]; + uint8_t hmac[OH_HUKS_HMAC_DIGEST_SHA512_LEN]; +}; + +struct OH_Huks_StoreKeyInfo { + uint16_t keyInfoLen; /* current keyinfo len */ + uint16_t keySize; /* keySize of key from crypto hal after encrypted */ + uint8_t random[OH_HUKS_DEFAULT_RANDOM_LEN]; + uint8_t flag; /* import or generate key */ + uint8_t keyAlg; + uint8_t keyMode; + uint8_t digest; + uint8_t padding; + uint8_t rsv; + uint16_t keyLen; /* keyLen from paramset, e.g. aes-256 */ + uint32_t purpose; + uint32_t role; + uint16_t domain; + uint8_t aliasSize; + uint8_t authIdSize; +}; + +struct OH_Huks_25519KeyPair { + uint32_t publicBufferSize; + uint32_t privateBufferSize; +}; + +#ifdef __cplusplus +} +#endif + +#endif /* NATIVE_OH_HUKS_TYPE_H */ \ No newline at end of file diff --git a/zh-cn/native_sdk/security/huks/native_hks_type_inner.h b/zh-cn/native_sdk/security/huks/native_huks_type_inner.h similarity index 82% rename from zh-cn/native_sdk/security/huks/native_hks_type_inner.h rename to zh-cn/native_sdk/security/huks/native_huks_type_inner.h index 0ef31ade..904ae211 100644 --- a/zh-cn/native_sdk/security/huks/native_hks_type_inner.h +++ b/zh-cn/native_sdk/security/huks/native_huks_type_inner.h @@ -13,10 +13,10 @@ * limitations under the License. */ -#ifndef NATIVE_HKS_TYPE_INNER_H -#define NATIVE_HKS_TYPE_INNER_H +#ifndef NATIVE_HUKS_TYPE_INNER_H +#define NATIVE_HUKS_TYPE_INNER_H -#include "native_hks_type.h" +#include "native_huks_type.h" #include "securec.h" -#endif /* NATIVE_HKS_TYPE_INNER_H */ \ No newline at end of file +#endif /* NATIVE_HUKS_TYPE_INNER_H */ \ No newline at end of file -- Gitee From 329b7ca5809b193e5a3f579813a1215f5dcc9f34 Mon Sep 17 00:00:00 2001 From: zqr2001 <1805768383@qq.com> Date: Mon, 25 Jul 2022 09:39:09 +0800 Subject: [PATCH 3/6] add comment --- .../security/huks/native_huks_api.h | 150 ++++- .../security/huks/native_huks_param.h | 104 +++- .../security/huks/native_huks_type.h | 583 ++++++++++++++++-- .../security/huks/native_huks_type_inner.h | 9 + 4 files changed, 772 insertions(+), 74 deletions(-) diff --git a/zh-cn/native_sdk/security/huks/native_huks_api.h b/zh-cn/native_sdk/security/huks/native_huks_api.h index a67ffb4c..81639c92 100644 --- a/zh-cn/native_sdk/security/huks/native_huks_api.h +++ b/zh-cn/native_sdk/security/huks/native_huks_api.h @@ -13,6 +13,26 @@ * limitations under the License. */ +/** + * @addtogroup huks + * @{ + * + * @brief 描述huks向应用提供密钥库能力,包括密钥管理及密钥的密码学操作等功能。 + * 管理的密钥可以由应用导入或者由应用调用HUKS接口生成。 + * + * @since 8 + * @version 1.0 + */ + +/** + * @file native_huks_api.h + * + * @brief 声明用于访问huks的API。 + * + * @since 8 + * @version 1.0 + */ + #ifndef _NATIVE_HUKS_API_H_ #define _NATIVE_HUKS_API_H_ @@ -22,37 +42,147 @@ extern "C" { #endif +/** + * @brief 获取huks的版本信息。 + * + * @param sdkVersion 用于存储获取到的版本信息。 + * @return 返回执行的状态代码。 + * @since 8 + * @version 1.0 + */ OH_HUKS_API_EXPORT int32_t OH_Huks_GetSdkVersion(struct OH_Huks_Blob *sdkVersion); +/** + * @brief 生成密钥。 + * + * @param keyAlias 表示给要生成的密钥取的别名。 + * @param paramSetIn 表示生成密钥需要的输入参数集。 + * @param paramSetOut 生成密钥为临时类型时存放着密钥数据;非临时类型可为空。 + * @return 返回执行的状态代码。 + * @since 8 + * @version 1.0 + */ OH_HUKS_API_EXPORT int32_t OH_Huks_GenerateKey(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSetIn, struct OH_Huks_ParamSet *paramSetOut); +/** + * @brief 导入密钥。 + * + * @param keyAlias 表示给要导入的密钥取的别名。 + * @param paramSet 表示导入密钥需要的输入参数集。 + * @param key 表示导入的密钥数据。 + * @return 返回执行的状态代码。 + * @since 8 + * @version 1.0 + */ OH_HUKS_API_EXPORT int32_t OH_Huks_ImportKey(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet, const struct OH_Huks_Blob *key); +/** + * @brief 导出公钥。 + * + * @param keyAlias 表示要导出公钥对应的密钥别名。 + * @param paramSet 表示导出公钥需要的输入参数集。 + * @param key 表示要导入的密钥数据。 + * @return 返回执行的状态代码。 + * @since 8 + * @version 1.0 + */ OH_HUKS_API_EXPORT int32_t OH_Huks_ExportPublicKey(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet, struct OH_Huks_Blob *key); -OH_HUKS_API_EXPORT int32_t OH_Huks_DeleteKey(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet); +/** + * @brief 删除密钥。 + * + * @param keyAlias 表示要删除密钥的别名。 + * @param paramSet 表示要删除密钥需要的输入参数集。 + * @return 返回执行的状态代码。 + * @since 8 + * @version 1.0 + */ +OH_HUKS_API_EXPORT int32_t OH_Huks_DeleteKey(const struct OH_Huks_Blob *keyAlias, + const struct OH_Huks_ParamSet *paramSet); +/** + * @brief 获取生成密钥时的参数集。 + * + * @param keyAlias 表示要获取参数集的密钥别名 + * @param paramSetIn 表示要获取参数集需要的输入参数集。 + * @param paramSetOut 表示获取到的输出参数集。 + * @return 返回执行的状态代码。 + * @since 8 + * @version 1.0 + */ OH_HUKS_API_EXPORT int32_t OH_Huks_GetKeyParamSet(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSetIn, struct OH_Huks_ParamSet *paramSetOut); -OH_HUKS_API_EXPORT int32_t OH_Huks_KeyExist(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet); +/** + * @brief 查询存储中密钥是否存在。 + * + * @param keyAlias 表示密钥别名。 + * @param paramSet 表示查询需要的输入参数集。 + * @return 返回执行的状态代码。 + * @since 8 + * @version 1.0 + */ +OH_HUKS_API_EXPORT int32_t OH_Huks_KeyExist(const struct OH_Huks_Blob *keyAlias, + const struct OH_Huks_ParamSet *paramSet); -OH_HUKS_API_EXPORT int32_t OH_Huks_Init(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet, - struct OH_Huks_Blob *handle); +/** + * @brief 使用密钥对数据进行算法操作的init动作。 + * + * @param keyAlias 表示使用密钥的别名。 + * @param paramSet 表示init需要的输入参数集。 + * @param handle 表示使init、update、finish和abort联系起来的输出特征值。 + * @return 返回执行的状态代码。 + * @since 8 + * @version 1.0 + */ +OH_HUKS_API_EXPORT int32_t OH_Huks_Init(const struct OH_Huks_Blob *keyAlias, + const struct OH_Huks_ParamSet *paramSet, struct OH_Huks_Blob *handle); -OH_HUKS_API_EXPORT int32_t OH_Huks_Update(const struct OH_Huks_Blob *handle, const struct OH_Huks_ParamSet *paramSet, - const struct OH_Huks_Blob *inData, struct OH_Huks_Blob *outData); +/** + * @brief 使用密钥对数据进行算法操作的update动作。 + * + * @param handle 表示使init、update、finish和abort联系起来的输入特征值。 + * @param paramSet 表示update需要的输入参数集。 + * @param inData 表示要处理的输入数据,如果数据过大,可分片多次调用update。 + * @param outData 表示经过算法操作处理后的输出数据。 + * @return 返回执行的状态代码。 + * @since 8 + * @version 1.0 + */ +OH_HUKS_API_EXPORT int32_t OH_Huks_Update(const struct OH_Huks_Blob *handle, + const struct OH_Huks_ParamSet *paramSet, const struct OH_Huks_Blob *inData, struct OH_Huks_Blob *outData); -OH_HUKS_API_EXPORT int32_t OH_Huks_Finish(const struct OH_Huks_Blob *handle, const struct OH_Huks_ParamSet *paramSet, - const struct OH_Huks_Blob *inData, struct OH_Huks_Blob *outData); +/** + * @brief 使用密钥对数据进行算法操作的finish动作。 + * + * @param handle 表示使init、update、finish和abort联系起来的输入特征值。 + * @param paramSet 表示finish需要的输入参数集。 + * @param inData 表示要处理的输入数据。 + * @param outData 表示经过算法操作处理后的输出数据。 + * @return 返回执行的状态代码。 + * @since 8 + * @version 1.0 + */ +OH_HUKS_API_EXPORT int32_t OH_Huks_Finish(const struct OH_Huks_Blob *handle, + const struct OH_Huks_ParamSet *paramSet, const struct OH_Huks_Blob *inData, struct OH_Huks_Blob *outData); -OH_HUKS_API_EXPORT int32_t OH_Huks_Abort(const struct OH_Huks_Blob *handle, const struct OH_Huks_ParamSet *paramSet); +/** + * @brief update、finish异常退出的清理动作。 + * + * @param handle 表示使init、update、finish和abort联系起来的输入特征值。 + * @param paramSet 表示abort需要的输入参数集。 + * @return 返回执行的状态代码。 + * @since 8 + * @version 1.0 + */ +OH_HUKS_API_EXPORT int32_t OH_Huks_Abort(const struct OH_Huks_Blob *handle, + const struct OH_Huks_ParamSet *paramSet); #ifdef __cplusplus } #endif -#endif /* NATIVE_HUKS_API_H */ \ No newline at end of file +#endif /* NATIVE_HUKS_API_H */ diff --git a/zh-cn/native_sdk/security/huks/native_huks_param.h b/zh-cn/native_sdk/security/huks/native_huks_param.h index 936f8f0a..5da98b19 100644 --- a/zh-cn/native_sdk/security/huks/native_huks_param.h +++ b/zh-cn/native_sdk/security/huks/native_huks_param.h @@ -13,6 +13,15 @@ * limitations under the License. */ +/** + * @file native_huks_param.h + * + * @brief 提供参数集构造、使用和销毁的API。 + * + * @since 8 + * @version 1.0 + */ + #ifndef NATIVE_HUKS_PARAM_H #define NATIVE_HUKS_PARAM_H @@ -27,26 +36,115 @@ extern "C" { #endif +/** + * @brief 初始化参数集。 + * + * @param paramSet 表示指向要初始化的参数集的指针。 + * @return 返回执行的状态代码。 + * @since 8 + * @version 1.0 + */ OH_HUKS_API_EXPORT int32_t OH_Huks_InitParamSet(struct OH_Huks_ParamSet **paramSet); +/** + * @brief 添加参数到参数集里面。 + * + * @param paramSet 表示指向要被添加参数的参数集的指针。 + * @param params 表示指向要添加的参数的指针。 + * @param paramCnt 表示要添加参数的个数。 + * @return 返回执行的状态代码。 + * @since 8 + * @version 1.0 + */ OH_HUKS_API_EXPORT int32_t OH_Huks_AddParams(struct OH_Huks_ParamSet *paramSet, const struct OH_Huks_Param *params, uint32_t paramCnt); +/** + * @brief 构造正式的参数集。 + * + * @param paramSet 表示指向要被正式构造的参数集的指针。 + * @return 返回执行的状态代码。 + * @since 8 + * @version 1.0 + */ OH_HUKS_API_EXPORT int32_t OH_Huks_BuildParamSet(struct OH_Huks_ParamSet **paramSet); +/** + * @brief 销毁参数集。 + * + * @param paramSet 表示指向要被销毁的参数集的指针。 + * @since 8 + * @version 1.0 + */ OH_HUKS_API_EXPORT void OH_Huks_FreeParamSet(struct OH_Huks_ParamSet **paramSet); -OH_HUKS_API_EXPORT int32_t OH_Huks_GetParamSet(const struct OH_Huks_ParamSet *fromParamSet, uint32_t fromParamSetSize, - struct OH_Huks_ParamSet **paramSet); +/** + * @brief 复制参数集。 + * + * @param fromParamSet 表示指向要被复制的参数集的指针。 + * @param fromParamSetSize 表示被复制的参数集占用内存的大小。 + * @param paramSet 表示指向生成新的参数集的指针。 + * @return 返回执行的状态代码。 + * @since 8 + * @version 1.0 + */ +OH_HUKS_API_EXPORT int32_t OH_Huks_GetParamSet(const struct OH_Huks_ParamSet *fromParamSet, + uint32_t fromParamSetSize, struct OH_Huks_ParamSet **paramSet); -OH_HUKS_API_EXPORT int32_t OH_Huks_GetParam(const struct OH_Huks_ParamSet *paramSet, uint32_t tag, struct OH_Huks_Param **param); +/** + * @brief 从参数集中获取参数。 + * + * @param paramSet 表示指向参数集的指针。 + * @param tag 表示要获取的参数对应的特征值。 + * @param param 表示指向获取到的参数的指针。 + * @return 返回执行的状态代码。 + * @since 8 + * @version 1.0 + */ +OH_HUKS_API_EXPORT int32_t OH_Huks_GetParam(const struct OH_Huks_ParamSet *paramSet, uint32_t tag, + struct OH_Huks_Param **param); +/** + * @brief 刷新参数集。 + * + * @param paramSet 表示指向参数集的指针。 + * @param isCopy 表示是否要刷新参数集内存中的struct HksBlob型的参数数据。 + * @return 返回执行的状态代码。 + * @since 8 + * @version 1.0 + */ OH_HUKS_API_EXPORT int32_t OH_Huks_FreshParamSet(struct OH_Huks_ParamSet *paramSet, bool isCopy); +/** + * @brief 检查参数集中的参数是否有效、是否有重复。 + * + * @param paramSet 表示指向参数集的指针。 + * @return 返回执行的状态代码。 + * @since 8 + * @version 1.0 + */ int32_t OH_Huks_CheckParamSetTag(const struct OH_Huks_ParamSet *paramSet); +/** + * @brief 检查参数集是否有效。 + * + * @param paramSet 表示指向参数集的指针。 + * @param size 表示参数集占用的内存大小。 + * @return 返回执行的状态代码。 + * @since 8 + * @version 1.0 + */ int32_t OH_Huks_CheckParamSet(const struct OH_Huks_ParamSet *paramSet, uint32_t size); +/** + * @brief 比较两个参数是否相同 + * + * @param baseParam 表示指向被比较的参数的指针。 + * @param param 表示指向比较的参数的指针。 + * @return 返回执行的状态代码。 + * @since 8 + * @version 1.0 + */ int32_t OH_Huks_CheckParamMatch(const struct OH_Huks_Param *baseParam, const struct OH_Huks_Param *param); #ifdef __cplusplus diff --git a/zh-cn/native_sdk/security/huks/native_huks_type.h b/zh-cn/native_sdk/security/huks/native_huks_type.h index 078e953d..c38b04fd 100644 --- a/zh-cn/native_sdk/security/huks/native_huks_type.h +++ b/zh-cn/native_sdk/security/huks/native_huks_type.h @@ -13,6 +13,15 @@ * limitations under the License. */ +/** + * @file native_huks_type.h + * + * @brief 提供huks中的枚举变量、结构体定义与宏定义。 + * + * @since 8 + * @version 1.0 + */ + #ifndef _NATIVE_HUKS_TYPE_H_ #define _NATIVE_HUKS_TYPE_H_ @@ -36,9 +45,14 @@ extern "C" { #define OH_HUKS_SDK_VERSION "2.0.0.4" -/* - * Align to 4-tuple + +/** + * @brief Align to 4-tuple。 + * * Before calling this function, ensure that the size does not overflow after 3 is added. + * + * @since 8 + * @version 1.0 */ #define OH_HUKS_ALIGN_SIZE(size) ((((uint32_t)(size) + 3) >> 2) << 2) #define OH_HUKS_DEFAULT_ALIGN_MASK_SIZE 3 @@ -58,115 +72,188 @@ extern "C" { #define OH_HUKS_WRAPPED_FORMAT_MAX_SIZE (1024 * 1024) #define OH_HUKS_IMPORT_WRAPPED_KEY_TOTAL_BLOBS 10 -enum OH_Huks_KeyType { - OH_HUKS_KEY_TYPE_RSA_PUBLIC_KEY = 0x01001000, - OH_HUKS_KEY_TYPE_RSA_KEYPAIR = 0x01002000, - - OH_HUKS_KEY_TYPE_ECC_P256_PUBLIC_KEY = 0x02021000, - OH_HUKS_KEY_TYPE_ECC_P256_KEYPAIR = 0x02022000, - OH_HUKS_KEY_TYPE_ECC_P384_PUBLIC_KEY = 0x02031000, - OH_HUKS_KEY_TYPE_ECC_P384_KEYPAIR = 0x02032000, - OH_HUKS_KEY_TYPE_ECC_P521_PUBLIC_KEY = 0x02051000, - OH_HUKS_KEY_TYPE_ECC_P521_KEYPAIR = 0x02052000, - - OH_HUKS_KEY_TYPE_ED25519_PUBLIC_KEY = 0x02101000, - OH_HUKS_KEY_TYPE_ED25519_KEYPAIR = 0x02102000, - OH_HUKS_KEY_TYPE_X25519_PUBLIC_KEY = 0x02111000, - OH_HUKS_KEY_TYPE_X25519_KEYPAIR = 0x02112000, - - OH_HUKS_KEY_TYPE_AES = 0x03000000, - OH_HUKS_KEY_TYPE_CHACHA20 = 0x04010000, - OH_HUKS_KEY_TYPE_CHACHA20_POLY1305 = 0x04020000, - - OH_HUKS_KEY_TYPE_HMAC = 0x05000000, - OH_HUKS_KEY_TYPE_HKDF = 0x06000000, - OH_HUKS_KEY_TYPE_PBKDF2 = 0x07000000, -}; - +/** + * @brief 枚举密钥用途。 + * + * @since 8 + * @version 1.0 + */ enum OH_Huks_KeyPurpose { - OH_HUKS_KEY_PURPOSE_ENCRYPT = 1, /* Usable with RSA, EC, AES, and SM4 keys. */ - OH_HUKS_KEY_PURPOSE_DECRYPT = 2, /* Usable with RSA, EC, AES, and SM4 keys. */ - OH_HUKS_KEY_PURPOSE_SIGN = 4, /* Usable with RSA, EC keys. */ - OH_HUKS_KEY_PURPOSE_VERIFY = 8, /* Usable with RSA, EC keys. */ - OH_HUKS_KEY_PURPOSE_DERIVE = 16, /* Usable with EC keys. */ - OH_HUKS_KEY_PURPOSE_WRAP = 32, /* Usable with wrap key. */ - OH_HUKS_KEY_PURPOSE_UNWRAP = 64, /* Usable with unwrap key. */ - OH_HUKS_KEY_PURPOSE_MAC = 128, /* Usable with mac. */ - OH_HUKS_KEY_PURPOSE_AGREE = 256, /* Usable with agree. */ + /** 加密, 支持的密钥类型有RSA、EC、AES和SM4。 */ + OH_HUKS_KEY_PURPOSE_ENCRYPT = 1, + /** 解密, 支持的密钥类型有RSA、EC、AES和SM4。 */ + OH_HUKS_KEY_PURPOSE_DECRYPT = 2, + /** 签名, 支持的密钥类型有RSA和EC。 */ + OH_HUKS_KEY_PURPOSE_SIGN = 4, + /** 验签, 支持的密钥类型有RSA和EC。 */ + OH_HUKS_KEY_PURPOSE_VERIFY = 8, + /** 派生, 支持的密钥类型有EC。 */ + OH_HUKS_KEY_PURPOSE_DERIVE = 16, + /** 包装, 支持的密钥类型有wrap。 */ + OH_HUKS_KEY_PURPOSE_WRAP = 32, + /** 解包, 支持的密钥类型有unwrap。 */ + OH_HUKS_KEY_PURPOSE_UNWRAP = 64, + /** 消息认证码。 */ + OH_HUKS_KEY_PURPOSE_MAC = 128, + /** 协商。 */ + OH_HUKS_KEY_PURPOSE_AGREE = 256, }; +/** + * @brief 枚举摘要算法类型。 + * + * @since 8 + * @version 1.0 + */ enum OH_Huks_KeyDigest { + /** 不使用摘要。 */ OH_HUKS_DIGEST_NONE = 0, + /** 信息摘要MD5。 */ OH_HUKS_DIGEST_MD5 = 1, + /** 国密摘要SM3。 */ OH_HUKS_DIGEST_SM3 = 2, + /** 安全哈希SHA1。 */ OH_HUKS_DIGEST_SHA1 = 10, + /** 安全哈希SHA224。 */ OH_HUKS_DIGEST_SHA224 = 11, + /** 安全哈希SHA256。 */ OH_HUKS_DIGEST_SHA256 = 12, + /** 安全哈希SHA384。 */ OH_HUKS_DIGEST_SHA384 = 13, + /** 安全哈希SHA512。 */ OH_HUKS_DIGEST_SHA512 = 14, }; +/** + * @brief 枚举数据填充方式。 + * + * @since 8 + * @version 1.0 + */ enum OH_Huks_KeyPadding { + /** 不填充。 */ OH_HUKS_PADDING_NONE = 0, + /** 最优非对称加密填充。 */ OH_HUKS_PADDING_OAEP = 1, + /** 概率签名方案填充。 */ OH_HUKS_PADDING_PSS = 2, + /** 公钥加密标准PKCS1_V1_5填充。 */ OH_HUKS_PADDING_PKCS1_V1_5 = 3, + /** 公钥加密标准PKCS5填充。 */ OH_HUKS_PADDING_PKCS5 = 4, + /** 公钥加密标准PKCS7填充。 */ OH_HUKS_PADDING_PKCS7 = 5, }; +/** + * @brief 枚举加密工作模式。 + * + * @since 8 + * @version 1.0 + */ enum OH_Huks_CipherMode { + /** 电子密码本模式。 */ OH_HUKS_MODE_ECB = 1, + /** 密文分组链接模式。 */ OH_HUKS_MODE_CBC = 2, + /** 计数器模式。 */ OH_HUKS_MODE_CTR = 3, + /** 输出反馈模。 */ OH_HUKS_MODE_OFB = 4, + /** 认证加密CCM模式。 */ OH_HUKS_MODE_CCM = 31, + /** 认证加密GCM模式。 */ OH_HUKS_MODE_GCM = 32, }; +/** + * @brief 枚举不同算法支持的密钥长度。 + * + * @since 8 + * @version 1.0 + */ enum OH_Huks_KeySize { + /** RSA算法支持的密钥长度为1024位。 */ OH_HUKS_RSA_KEY_SIZE_1024 = 1024, + /** RSA算法支持的密钥长度为2048位。 */ OH_HUKS_RSA_KEY_SIZE_2048 = 2048, + /** RSA算法支持的密钥长度为3072位。 */ OH_HUKS_RSA_KEY_SIZE_3072 = 3072, + /** RSA算法支持的密钥长度为4096位。 */ OH_HUKS_RSA_KEY_SIZE_4096 = 4096, + /** ECC算法支持的密钥长度为256位。 */ OH_HUKS_ECC_KEY_SIZE_256 = 256, + /** ECC算法支持的密钥长度为384位。 */ OH_HUKS_ECC_KEY_SIZE_384 = 384, + /** ECC算法支持的密钥长度为521位。 */ OH_HUKS_ECC_KEY_SIZE_521 = 521, + /** AES算法支持的密钥长度为128位。 */ OH_HUKS_AES_KEY_SIZE_128 = 128, + /** AES算法支持的密钥长度为192位。 */ OH_HUKS_AES_KEY_SIZE_192 = 192, + /** AES算法支持的密钥长度为256位。 */ OH_HUKS_AES_KEY_SIZE_256 = 256, + /** AES算法支持的密钥长度为512位。 */ OH_HUKS_AES_KEY_SIZE_512 = 512, + /** CURVE25519算法支持的密钥长度为256位。 */ OH_HUKS_CURVE25519_KEY_SIZE_256 = 256, + /** SM2算法支持的密钥长度为256位。 */ OH_HUKS_SM2_KEY_SIZE_256 = 256, + /** SM4算法支持的密钥长度为128位。 */ OH_HUKS_SM4_KEY_SIZE_128 = 128, }; +/** + * @brief 枚举支持的算法类型。 + * + * @since 8 + * @version 1.0 + */ enum OH_Huks_KeyAlg { + /** 非对称密钥算法RSA。 */ OH_HUKS_ALG_RSA = 1, + /** 非对称密钥算法ECC。 */ OH_HUKS_ALG_ECC = 2, + /** 对称密钥算法AES。 */ OH_HUKS_ALG_AES = 20, + /** 消息认证码算法HMAC。 */ OH_HUKS_ALG_HMAC = 50, + /** 基于HMAC的密钥推导函数算法HKDF。 */ OH_HUKS_ALG_HKDF = 51, + /** 伪随机函数以导出密钥算法PBKDF2。 */ OH_HUKS_ALG_PBKDF2 = 52, + /** 密钥协商算法ECDH。 */ OH_HUKS_ALG_ECDH = 100, + /** 密钥协商算法X25519。 */ OH_HUKS_ALG_X25519 = 101, + /** 签名验签算法ED25519。 */ OH_HUKS_ALG_ED25519 = 102, + /** 国密算法SM2。*/ OH_HUKS_ALG_SM2 = 150, + /** 国密算法SM3。*/ OH_HUKS_ALG_SM3 = 151, + /** 国密算法SM4。*/ OH_HUKS_ALG_SM4 = 152, }; +/** + * @brief 枚举解包套件的算法类型 + * + * @since 8 + * @version 1.0 + */ enum OH_Huks_AlgSuite { - /* Algorithm suites of unwrapping wrapped-key by huks */ - /* Unwrap suite of key agreement type */ - /* WrappedData format(Bytes Array): + /** Algorithm suites of unwrapping wrapped-key by huks + * Unwrap suite of key agreement type + */ + /** WrappedData format(Bytes Array): * | x25519_plain_pubkey_length (4 Byte) | x25519_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad * | agreekey_nonce_length (4 Byte) | agreekey_nonce | agreekey_aead_tag_len(4 Byte) | agreekey_aead_tag * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad @@ -185,318 +272,651 @@ enum OH_Huks_AlgSuite { OH_HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING = 2, }; +/** + * @brief 枚举生成的密钥类型。 + * + * @since 8 + * @version 1.0 + */ enum OH_Huks_KeyGenerateType { + /** 默认类型。 / OH_HUKS_KEY_GENERATE_TYPE_DEFAULT = 0, + /** 派生类型。/ OH_HUKS_KEY_GENERATE_TYPE_DERIVE = 1, + /** 协商类型。*/ OH_HUKS_KEY_GENERATE_TYPE_AGREE = 2, }; +/** + * @brief 枚举密钥的标记类型。 + * + * @since 8 + * @version 1.0 + */ enum OH_Huks_KeyFlag { + /** 导入密钥的标记。/ OH_HUKS_KEY_FLAG_IMPORT_KEY = 1, + /** 生成密钥的标记。*/ OH_HUKS_KEY_FLAG_GENERATE_KEY = 2, + /** 协商密钥的标记。*/ OH_HUKS_KEY_FLAG_AGREE_KEY = 3, + /** 派生密钥的标记。*/ OH_HUKS_KEY_FLAG_DERIVE_KEY = 4, }; +/** + * @brief 枚举密钥的存储类型。 + * + * @since 8 + * @version 1.0 + */ enum OH_Huks_KeyStorageType { + /** 临时性存储。*/ OH_HUKS_STORAGE_TEMP = 0, + /** 永久性存储。*/ OH_HUKS_STORAGE_PERSISTENT = 1, }; +/** + * @brief 枚举导入密钥的类型。 + * + * @since 8 + * @version 1.0 + */ enum OH_Huks_ImportKeyType { + /** 公钥类型。 */ OH_HUKS_KEY_TYPE_PUBLIC_KEY = 0, + /** 私钥类型。 */ OH_HUKS_KEY_TYPE_PRIVATE_KEY = 1, + /** 密钥对类型。 */ OH_HUKS_KEY_TYPE_KEY_PAIR = 2, }; +/** + * @brief 枚举状态返回码。 + * + * @since 8 + * @version 1.0 + */ enum OH_Huks_ErrorCode { + /** 成功。 */ OH_HUKS_SUCCESS = 0, + /** 失败。 */ OH_HUKS_FAILURE = -1, + /** 不好的状态。 */ OH_HUKS_ERROR_BAD_STATE = -2, + /** 无效的参数。 */ OH_HUKS_ERROR_INVALID_ARGUMENT = -3, + /** 不支持。 */ OH_HUKS_ERROR_NOT_SUPPORTED = -4, + /** 没有权限。 */ OH_HUKS_ERROR_NO_PERMISSION = -5, + /** 数据大小不足。 */ OH_HUKS_ERROR_INSUFFICIENT_DATA = -6, + /** 缓存区过小。 */ OH_HUKS_ERROR_BUFFER_TOO_SMALL = -7, + /** 内存不足。 */ OH_HUKS_ERROR_INSUFFICIENT_MEMORY = -8, + /** 通信失败。 */ OH_HUKS_ERROR_COMMUNICATION_FAILURE = -9, + /** 存储区出错。 */ OH_HUKS_ERROR_STORAGE_FAILURE = -10, + /** 硬件出错。 */ OH_HUKS_ERROR_HARDWARE_FAILURE = -11, + /** 已存在。 */ OH_HUKS_ERROR_ALREADY_EXISTS = -12, + /** 不存在。 */ OH_HUKS_ERROR_NOT_EXIST = -13, + /** 空指针。 */ OH_HUKS_ERROR_NULL_POINTER = -14, + /** 获取到的文件大小失败。 */ OH_HUKS_ERROR_FILE_SIZE_FAIL = -15, + /** 读文件失败。 */ OH_HUKS_ERROR_READ_FILE_FAIL = -16, + /** 无效的公钥。 */ OH_HUKS_ERROR_INVALID_PUBLIC_KEY = -17, + /** 无效的私钥。 */ OH_HUKS_ERROR_INVALID_PRIVATE_KEY = -18, + /** 无效的密钥数据。 */ OH_HUKS_ERROR_INVALID_KEY_INFO = -19, + /** 哈希值不相同。 */ OH_HUKS_ERROR_HASH_NOT_EQUAL = -20, + /** 创建内存失败。 */ OH_HUKS_ERROR_MALLOC_FAIL = -21, + /** 写文件失败。 */ OH_HUKS_ERROR_WRITE_FILE_FAIL = -22, + /** 删除文件失败。 */ OH_HUKS_ERROR_REMOVE_FILE_FAIL = -23, + /** 打开文件失败。 */ OH_HUKS_ERROR_OPEN_FILE_FAIL = -24, + /** 关闭文件失败。 */ OH_HUKS_ERROR_CLOSE_FILE_FAIL = -25, + /** 创建目录失败。 */ OH_HUKS_ERROR_MAKE_DIR_FAIL = -26, + /** 无效的密钥文件。 */ OH_HUKS_ERROR_INVALID_KEY_FILE = -27, + /** 进程间通信失败。 */ OH_HUKS_ERROR_IPC_MSG_FAIL = -28, + /** 请求溢出。 */ OH_HUKS_ERROR_REQUEST_OVERFLOWS = -29, + /** 参数不存在。 */ OH_HUKS_ERROR_PARAM_NOT_EXIST = -30, + /** 引擎侧失败。 */ OH_HUKS_ERROR_CRYPTO_ENGINE_ERROR = -31, + /** 通信超时。 */ OH_HUKS_ERROR_COMMUNICATION_TIMEOUT = -32, + /** IPC初始化失败。 */ OH_HUKS_ERROR_IPC_INIT_FAIL = -33, + /** IPC DLOPEN失败。 */ OH_HUKS_ERROR_IPC_DLOPEN_FAIL = -34, + /** 溢出读数据报错。 */ OH_HUKS_ERROR_EFUSE_READ_FAIL = -35, + /** 新的root密钥材料已存在。 */ OH_HUKS_ERROR_NEW_ROOT_KEY_MATERIAL_EXIST = -36, + /** 更新root密钥材料失败。 */ OH_HUKS_ERROR_UPDATE_ROOT_KEY_MATERIAL_FAIL = -37, + /** 验证失败。 */ OH_HUKS_ERROR_VERIFICATION_FAILED = -38, + /** 会话数已达到极限。 */ OH_HUKS_ERROR_SESSION_REACHED_LIMIT = -39, + /** 获取算法参数失败。 */ OH_HUKS_ERROR_CHECK_GET_ALG_FAIL = -100, + /** 获取密钥大小失败。 */ OH_HUKS_ERROR_CHECK_GET_KEY_SIZE_FAIL = -101, + /** 获取填充方式失败。 */ OH_HUKS_ERROR_CHECK_GET_PADDING_FAIL = -102, + /** 获取用途失败。 */ OH_HUKS_ERROR_CHECK_GET_PURPOSE_FAIL = -103, + /** 获取摘要算法失败。 */ OH_HUKS_ERROR_CHECK_GET_DIGEST_FAIL = -104, + /** 获取工作模式失败。 */ OH_HUKS_ERROR_CHECK_GET_MODE_FAIL = -105, + /** 获取nonce值失败。 */ OH_HUKS_ERROR_CHECK_GET_NONCE_FAIL = -106, + /** 获取认证数据失败。 */ OH_HUKS_ERROR_CHECK_GET_AAD_FAIL = -107, + /** 获取IV值失败。 */ OH_HUKS_ERROR_CHECK_GET_IV_FAIL = -108, + /** 获取AE标签值失败。 */ OH_HUKS_ERROR_CHECK_GET_AE_TAG_FAIL = -109, + /** 获取盐值失败。 */ OH_HUKS_ERROR_CHECK_GET_SALT_FAIL = -110, + /** 获取迭代值失败。 */ OH_HUKS_ERROR_CHECK_GET_ITERATION_FAIL = -111, + /** 无效的算法。 */ OH_HUKS_ERROR_INVALID_ALGORITHM = -112, + /** 无效的密钥长度。 */ OH_HUKS_ERROR_INVALID_KEY_SIZE = -113, + /** 无效的填充方式。 */ OH_HUKS_ERROR_INVALID_PADDING = -114, + /** 无效的用途。 */ OH_HUKS_ERROR_INVALID_PURPOSE = -115, + /** 无效的工作模式。 */ OH_HUKS_ERROR_INVALID_MODE = -116, + /** 无效的摘要算法。 */ OH_HUKS_ERROR_INVALID_DIGEST = -117, + /** 无效的签名数据大小。 */ OH_HUKS_ERROR_INVALID_SIGNATURE_SIZE = -118, + /** 无效的IV值。 */ OH_HUKS_ERROR_INVALID_IV = -119, + /** 无效的AAD数据。 */ OH_HUKS_ERROR_INVALID_AAD = -120, + /** 无效的NONCE值。 */ OH_HUKS_ERROR_INVALID_NONCE = -121, + /** 无效的AE标签值。 */ OH_HUKS_ERROR_INVALID_AE_TAG = -122, + /** 无效的盐值。 */ OH_HUKS_ERROR_INVALID_SALT = -123, + /** 无效的迭代值。 */ OH_HUKS_ERROR_INVALID_ITERATION = -124, + /** 无效的操作。 */ OH_HUKS_ERROR_INVALID_OPERATION = -125, + /** 无效的数据包装格式。 */ OH_HUKS_ERROR_INVALID_WRAPPED_FORMAT = -126, + /** 无效的密钥使用。 */ OH_HUKS_ERROR_INVALID_USAGE_OF_KEY = -127, + /** 内部出错。 */ OH_HUKS_ERROR_INTERNAL_ERROR = -999, + /** 未知出错。 */ OH_HUKS_ERROR_UNKNOWN_ERROR = -1000, }; +/** + * @brief 枚举标签类型。 + * + * @since 8 + * @version 1.0 + */ enum OH_Huks_TagType { + /** 无效类型。 */ OH_HUKS_TAG_TYPE_INVALID = 0 << 28, + /** int类型。 */ OH_HUKS_TAG_TYPE_INT = 1 << 28, + /** uint类型。 */ OH_HUKS_TAG_TYPE_UINT = 2 << 28, + /** ulong类型。 */ OH_HUKS_TAG_TYPE_ULONG = 3 << 28, + /** bool类型。 */ OH_HUKS_TAG_TYPE_BOOL = 4 << 28, + /** bytes类型。 */ OH_HUKS_TAG_TYPE_BYTES = 5 << 28, }; +/** + * @brief 枚举发送消息的方式 + * + * @since 8 + * @version 1.0 + */ enum OH_Huks_SendType { + /** 异步。 */ OH_HUKS_SEND_TYPE_ASYNC = 0, + /** 同步。 */ OH_HUKS_SEND_TYPE_SYNC, }; +/** + * @brief 枚举标签值。 + * + * @since 8 + * @version 1.0 + */ enum OH_Huks_Tag { - /* Invalid TAG */ + /** 无效标签值。 */ OH_HUKS_TAG_INVALID = OH_HUKS_TAG_TYPE_INVALID | 0, - /* Base algrithom TAG: 1 - 200 */ + /** 基础算法中用到的标签值是从1到200。 */ + /** 算法类型。 */ OH_HUKS_TAG_ALGORITHM = OH_HUKS_TAG_TYPE_UINT | 1, + /** 用途。 */ OH_HUKS_TAG_PURPOSE = OH_HUKS_TAG_TYPE_UINT | 2, + /** 密钥长度 。 */ OH_HUKS_TAG_KEY_SIZE = OH_HUKS_TAG_TYPE_UINT | 3, + /** 摘要算法。 */ OH_HUKS_TAG_DIGEST = OH_HUKS_TAG_TYPE_UINT | 4, + /** 填充方式。 */ OH_HUKS_TAG_PADDING = OH_HUKS_TAG_TYPE_UINT | 5, + /** 工作模式。 */ OH_HUKS_TAG_BLOCK_MODE = OH_HUKS_TAG_TYPE_UINT | 6, + /** 密钥类型。 */ OH_HUKS_TAG_KEY_TYPE = OH_HUKS_TAG_TYPE_UINT | 7, + /** 认证数据。 */ OH_HUKS_TAG_ASSOCIATED_DATA = OH_HUKS_TAG_TYPE_BYTES | 8, + /** NONCE值。 */ OH_HUKS_TAG_NONCE = OH_HUKS_TAG_TYPE_BYTES | 9, + /** IV矢量。 */ OH_HUKS_TAG_IV = OH_HUKS_TAG_TYPE_BYTES | 10, - /* Key derivation TAG */ + /** 用于密钥派生的标签值。 */ + /** 派生信息。 */ OH_HUKS_TAG_INFO = OH_HUKS_TAG_TYPE_BYTES | 11, + /** 派生盐值。 */ OH_HUKS_TAG_SALT = OH_HUKS_TAG_TYPE_BYTES | 12, + /** 派生密码。 */ OH_HUKS_TAG_PWD = OH_HUKS_TAG_TYPE_BYTES | 13, + /** 派生迭代数。 */ OH_HUKS_TAG_ITERATION = OH_HUKS_TAG_TYPE_UINT | 14, - OH_HUKS_TAG_KEY_GENERATE_TYPE = OH_HUKS_TAG_TYPE_UINT | 15, /* choose from enum OH_Huks_KeyGenerateType */ + /** 生成密钥的类型,类型可在枚举OH_Huks_KeyGenerateType中选择。 */ + OH_HUKS_TAG_KEY_GENERATE_TYPE = OH_HUKS_TAG_TYPE_UINT | 15, + /** 派生main密钥。 */ OH_HUKS_TAG_DERIVE_MAIN_KEY = OH_HUKS_TAG_TYPE_BYTES | 16, + /** 派生因素。 */ OH_HUKS_TAG_DERIVE_FACTOR = OH_HUKS_TAG_TYPE_BYTES | 17, + /** 派生算法。 */ OH_HUKS_TAG_DERIVE_ALG = OH_HUKS_TAG_TYPE_UINT | 18, + /** 协商算法。 */ OH_HUKS_TAG_AGREE_ALG = OH_HUKS_TAG_TYPE_UINT | 19, + /** 是否带有用于协商的公钥。 */ OH_HUKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS = OH_HUKS_TAG_TYPE_BOOL | 20, + /** 用于协商的私钥别名。 */ OH_HUKS_TAG_AGREE_PRIVATE_KEY_ALIAS = OH_HUKS_TAG_TYPE_BYTES | 21, + /** 用于协商的公钥。 */ OH_HUKS_TAG_AGREE_PUBLIC_KEY = OH_HUKS_TAG_TYPE_BYTES | 22, + /** 密钥别名。 */ OH_HUKS_TAG_KEY_ALIAS = OH_HUKS_TAG_TYPE_BYTES | 23, + /** 派生密钥大小。 */ OH_HUKS_TAG_DERIVE_KEY_SIZE = OH_HUKS_TAG_TYPE_UINT | 24, - OH_HUKS_TAG_IMPORT_KEY_TYPE = OH_HUKS_TAG_TYPE_UINT | 25, /* choose from enum OH_Huks_ImportKeyType */ + /** 导入密钥类型, 类型可在枚举OH_Huks_ImportKeyType中选择。 */ + OH_HUKS_TAG_IMPORT_KEY_TYPE = OH_HUKS_TAG_TYPE_UINT | 25, + /** 解包套件算法。 */ OH_HUKS_TAG_UNWRAP_ALGORITHM_SUITE = OH_HUKS_TAG_TYPE_UINT | 26, - /* + /** * Key authentication related TAG: 201 - 300 * * Start of validity */ + /** 密钥认证需要用到的标签值从201到300。 */ + /** 活跃时间。 */ OH_HUKS_TAG_ACTIVE_DATETIME = OH_HUKS_TAG_TYPE_ULONG | 201, - /* Date when new "messages" should not be created. */ + /** Date when new "messages" should not be created. */ + /** 发放过期日期。 */ OH_HUKS_TAG_ORIGINATION_EXPIRE_DATETIME = OH_HUKS_TAG_TYPE_ULONG | 202, - /* Date when existing "messages" should not be used. */ + /** Date when existing "messages" should not be used. */ + /** 使用过期日期。 */ OH_HUKS_TAG_USAGE_EXPIRE_DATETIME = OH_HUKS_TAG_TYPE_ULONG | 203, - /* Key creation time */ + /** 密钥创建的时间。 */ OH_HUKS_TAG_CREATION_DATETIME = OH_HUKS_TAG_TYPE_ULONG | 204, - /* Other authentication related TAG: 301 - 500 */ + /** Other authentication related TAG: 301 - 500 */ + /** 所有使用者。 */ OH_HUKS_TAG_ALL_USERS = OH_HUKS_TAG_TYPE_BOOL | 301, + /** 用户ID。 */ OH_HUKS_TAG_USER_ID = OH_HUKS_TAG_TYPE_UINT | 302, + /** 无认证请求。 */ OH_HUKS_TAG_NO_AUTH_REQUIRED = OH_HUKS_TAG_TYPE_BOOL | 303, + /** 用户认证类型。 */ OH_HUKS_TAG_USER_AUTH_TYPE = OH_HUKS_TAG_TYPE_UINT | 304, + /** 认证超时。 */ OH_HUKS_TAG_AUTH_TIMEOUT = OH_HUKS_TAG_TYPE_UINT | 305, + /** 认证token。 */ OH_HUKS_TAG_AUTH_TOKEN = OH_HUKS_TAG_TYPE_BYTES | 306, - /* Attestation related TAG: 501 - 600 */ + /** Attestation related TAG: 501 - 600 */ + /** 挑战值。 */ OH_HUKS_TAG_ATTESTATION_CHALLENGE = OH_HUKS_TAG_TYPE_BYTES | 501, + /** 应用ID。 */ OH_HUKS_TAG_ATTESTATION_APPLICATION_ID = OH_HUKS_TAG_TYPE_BYTES | 502, + /** 商标名。 */ OH_HUKS_TAG_ATTESTATION_ID_BRAND = OH_HUKS_TAG_TYPE_BYTES | 503, + /** 设备名。 */ OH_HUKS_TAG_ATTESTATION_ID_DEVICE = OH_HUKS_TAG_TYPE_BYTES | 504, + /** 产品名。 */ OH_HUKS_TAG_ATTESTATION_ID_PRODUCT = OH_HUKS_TAG_TYPE_BYTES | 505, + /** 序号。 */ OH_HUKS_TAG_ATTESTATION_ID_SERIAL = OH_HUKS_TAG_TYPE_BYTES | 506, + /** IMEI。 */ OH_HUKS_TAG_ATTESTATION_ID_IMEI = OH_HUKS_TAG_TYPE_BYTES | 507, + /** MEID。 */ OH_HUKS_TAG_ATTESTATION_ID_MEID = OH_HUKS_TAG_TYPE_BYTES | 508, + /** 生产商。 */ OH_HUKS_TAG_ATTESTATION_ID_MANUFACTURER = OH_HUKS_TAG_TYPE_BYTES | 509, + /** 模型。 */ OH_HUKS_TAG_ATTESTATION_ID_MODEL = OH_HUKS_TAG_TYPE_BYTES | 510, + /** 别名。 */ OH_HUKS_TAG_ATTESTATION_ID_ALIAS = OH_HUKS_TAG_TYPE_BYTES | 511, + /** SOCID。 */ OH_HUKS_TAG_ATTESTATION_ID_SOCID = OH_HUKS_TAG_TYPE_BYTES | 512, + /** UDID。 */ OH_HUKS_TAG_ATTESTATION_ID_UDID = OH_HUKS_TAG_TYPE_BYTES | 513, + /** 安全等级信息。 */ OH_HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO = OH_HUKS_TAG_TYPE_BYTES | 514, + /** 版本信息。 */ OH_HUKS_TAG_ATTESTATION_ID_VERSION_INFO = OH_HUKS_TAG_TYPE_BYTES | 515, - /* + /** * Other reserved TAG: 601 - 1000 * * Extention TAG: 1001 - 9999 */ + /** 是否密钥别名。 */ OH_HUKS_TAG_IS_KEY_ALIAS = OH_HUKS_TAG_TYPE_BOOL | 1001, - OH_HUKS_TAG_KEY_STORAGE_FLAG = OH_HUKS_TAG_TYPE_UINT | 1002, /* choose from enum OH_Huks_KeyStorageType */ + /** 密钥存储标记, 类型可在枚举OH_Huks_KeyStorageType选择。 */ + OH_HUKS_TAG_KEY_STORAGE_FLAG = OH_HUKS_TAG_TYPE_UINT | 1002, + /** 是否运行打包数据。 */ OH_HUKS_TAG_IS_ALLOWED_WRAP = OH_HUKS_TAG_TYPE_BOOL | 1003, + /** 打包数据类型。 */ OH_HUKS_TAG_KEY_WRAP_TYPE = OH_HUKS_TAG_TYPE_UINT | 1004, + /** 密钥认证ID。 */ OH_HUKS_TAG_KEY_AUTH_ID = OH_HUKS_TAG_TYPE_BYTES | 1005, + /** 密钥作用。 */ OH_HUKS_TAG_KEY_ROLE = OH_HUKS_TAG_TYPE_UINT | 1006, - OH_HUKS_TAG_KEY_FLAG = OH_HUKS_TAG_TYPE_UINT | 1007, /* choose from enum OH_Huks_KeyFlag */ + /** 密钥标记, , 类型可在枚举OH_Huks_KeyFlag选择。 */ + OH_HUKS_TAG_KEY_FLAG = OH_HUKS_TAG_TYPE_UINT | 1007, + /** 是否异步。 */ OH_HUKS_TAG_IS_ASYNCHRONIZED = OH_HUKS_TAG_TYPE_UINT | 1008, + /** 安全密钥别名。 */ OH_HUKS_TAG_SECURE_KEY_ALIAS = OH_HUKS_TAG_TYPE_BOOL | 1009, + /** 安全密钥UUID。 */ OH_HUKS_TAG_SECURE_KEY_UUID = OH_HUKS_TAG_TYPE_BYTES | 1010, + /** 密钥领域。 */ OH_HUKS_TAG_KEY_DOMAIN = OH_HUKS_TAG_TYPE_UINT | 1011, - /* Inner-use TAG: 10001 - 10999 */ + /** huks内部使用的标签值是从10001到10999 */ + /** 进程名。 */ OH_HUKS_TAG_PROCESS_NAME = OH_HUKS_TAG_TYPE_BYTES | 10001, + /** 数据包名。 */ OH_HUKS_TAG_PACKAGE_NAME = OH_HUKS_TAG_TYPE_BYTES | 10002, + /** 访问时间。 */ OH_HUKS_TAG_ACCESS_TIME = OH_HUKS_TAG_TYPE_UINT | 10003, + /** 使用时间。 */ OH_HUKS_TAG_USES_TIME = OH_HUKS_TAG_TYPE_UINT | 10004, + /** 密码算法的CTX。 */ OH_HUKS_TAG_CRYPTO_CTX = OH_HUKS_TAG_TYPE_ULONG | 10005, + /** 密钥数据。 */ OH_HUKS_TAG_KEY = OH_HUKS_TAG_TYPE_BYTES | 10006, + /** 密钥数据的版本。 */ OH_HUKS_TAG_KEY_VERSION = OH_HUKS_TAG_TYPE_UINT | 10007, + /** 负荷数据的长度。 */ OH_HUKS_TAG_PAYLOAD_LEN = OH_HUKS_TAG_TYPE_UINT | 10008, + /** AEAD。 */ OH_HUKS_TAG_AE_TAG = OH_HUKS_TAG_TYPE_BYTES | 10009, + /** 是否密钥的handle值。 */ OH_HUKS_TAG_IS_KEY_HANDLE = OH_HUKS_TAG_TYPE_ULONG | 10010, - /* Os version related TAG */ + /** os版本。 */ OH_HUKS_TAG_OS_VERSION = OH_HUKS_TAG_TYPE_UINT | 10101, + /** os补丁等级。 */ OH_HUKS_TAG_OS_PATCHLEVEL = OH_HUKS_TAG_TYPE_UINT | 10102, - /* + /** * Reversed TAGs for SOTER: 11000 - 12000 * * Other TAGs: 20001 - N * TAGs used for paramSetOut */ + /** 对称密钥数据 */ OH_HUKS_TAG_SYMMETRIC_KEY_DATA = OH_HUKS_TAG_TYPE_BYTES | 20001, + /** 非对称公钥数据。 */ OH_HUKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA = OH_HUKS_TAG_TYPE_BYTES | 20002, + /** 非对称私钥数据。 */ OH_HUKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA = OH_HUKS_TAG_TYPE_BYTES | 20003, }; +/** + * @brief 定义存放数据的结构体类型。 + * + * @since 8 + * @version 1.0 + */ struct OH_Huks_Blob { + /** 数据大小 */ uint32_t size; + /** 指向数据内存的指针 */ uint8_t *data; }; +/** + * @brief 定义参数集中的参数结构体类型。 + * + * @since 8 + * @version 1.0 + */ struct OH_Huks_Param { + /** 标签值 */ uint32_t tag; +/** + * @brief 定义参数联合体。 + * + * @since 8 + * @version 1.0 + */ union { + /** bool型参数。 */ bool boolParam; + /** int32_t型参数。 */ int32_t int32Param; + /** uint32_t型参数。 */ uint32_t uint32Param; + /** uint64_t型参数。 */ uint64_t uint64Param; + /** struct OH_Huks_Blob型参数。 */ struct OH_Huks_Blob blob; }; }; +/** + * @brief 定义参数集的结构体类型。 + * + * @since 8 + * @version 1.0 + */ struct OH_Huks_ParamSet { + /** 参数集的内存大小。 */ uint32_t paramSetSize; + /** 参数的个数。*/ uint32_t paramsCnt; + /** 参数数组。*/ struct OH_Huks_Param params[]; }; +/** + * @brief 定义证书链的结构体类型。 + * + * @since 8 + * @version 1.0 + */ struct OH_Huks_CertChain { + /** 指向证书数据的指针。 */ struct OH_Huks_Blob *certs; + /** 证书本数。 */ uint32_t certsCount; }; +/** + * @brief 定义密钥信息的结构体类型。 + * + * @since 8 + * @version 1.0 + */ struct OH_Huks_KeyInfo { + /** 密钥的别名。 */ struct OH_Huks_Blob alias; + /** 指向密钥参数集的指针。 */ struct OH_Huks_ParamSet *paramSet; }; +/** + * @brief 定义公钥信息的结构体类型。 + * + * @since 8 + * @version 1.0 + */ struct OH_Huks_PubKeyInfo { + /** 公钥的算法类型。 */ enum OH_Huks_KeyAlg keyAlg; + /** 公钥的长度。 */ uint32_t keySize; + /** n或X值的长度。 */ uint32_t nOrXSize; + /** e或Y值的长度。 */ uint32_t eOrYSize; + /** 占位符大小。 */ uint32_t placeHolder; }; +/** + * @brief 定义Rsa密钥的结构体类型。 + * + * @since 8 + * @version 1.0 + */ struct OH_Huks_KeyMaterialRsa { + /** 密钥的算法类型。 */ enum OH_Huks_KeyAlg keyAlg; + /** 密钥的长度。 */ uint32_t keySize; + /** n值的长度。 */ uint32_t nSize; + /** e值的长度。 */ uint32_t eSize; + /** d值的长度。 */ uint32_t dSize; }; +/** + * @brief 定义Ecc密钥的结构体类型。 + * + * @since 8 + * @version 1.0 + */ struct OH_Huks_KeyMaterialEcc { + /** 密钥的算法类型。 */ enum OH_Huks_KeyAlg keyAlg; + /** 密钥的长度。 */ uint32_t keySize; + /** x值的长度。 */ uint32_t xSize; + /** y值的长度。 */ uint32_t ySize; + /** z值的长度。 */ uint32_t zSize; }; +/** + * @brief 定义Dsa密钥的结构体类型。 + * + * @since 8 + * @version 1.0 + */ struct OH_Huks_KeyMaterialDsa { + /** 密钥的算法类型。 */ enum OH_Huks_KeyAlg keyAlg; + /** 密钥的长度。 */ uint32_t keySize; + /** x值的长度。 */ uint32_t xSize; + /** y值的长度。 */ uint32_t ySize; + /** p值的长度。 */ uint32_t pSize; + /** q值的长度。 */ uint32_t qSize; + /** g值的长度。 */ uint32_t gSize; }; +/** + * @brief 定义Dh密钥的结构体类型。 + * + * @since 8 + * @version 1.0 + */ struct OH_Huks_KeyMaterialDh { + /** 密钥的算法类型。 */ enum OH_Huks_KeyAlg keyAlg; + /** Dh密钥的长度。 */ uint32_t keySize; + /** 公钥的长度。 */ uint32_t pubKeySize; + /** 私钥的长度。 */ uint32_t priKeySize; + /** 保留。 */ uint32_t reserved; }; +/** + * @brief 定义25519类型密钥的结构体类型。 + * + * @since 8 + * @version 1.0 + */ struct OH_Huks_KeyMaterial25519 { + /** 密钥的算法类型。 */ enum OH_Huks_KeyAlg keyAlg; + /** 25519类型密钥的长度。 */ uint32_t keySize; + /** 公钥的长度。 */ uint32_t pubKeySize; + /** 私钥的长度。 */ uint32_t priKeySize; + /** 保留。 */ uint32_t reserved; }; @@ -508,35 +928,76 @@ struct OH_Huks_KeyMaterial25519 { #define OH_HUKS_MAX_KEY_LEN (OH_HUKS_KEY_BYTES(OH_HUKS_RSA_KEY_SIZE_4096) * OH_HUKS_KEY_MATERIAL_NUM) #define OH_HUKS_MAX_KEY_MATERIAL_LEN (sizeof(struct OH_Huks_PubKeyInfo) + OH_HUKS_MAX_KEY_LEN + OH_HUKS_AE_TAG_LEN) +/** + * @brief 定义存储区头部信息的结构体类型。 + * + * @since 8 + * @version 1.0 + */ struct OH_Huks_StoreHeaderInfo { + /** 版本号。 */ uint16_t version; + /** 存储的密钥数量。 */ uint16_t keyCount; - uint32_t totalLen; /* key buffer total len */ + /** 存储的密钥总的内存大小。 */ + uint32_t totalLen; + /** 存储的密封算法。 */ uint32_t sealingAlg; + /** 存储的盐值。 */ uint8_t salt[OH_HUKS_DERIVE_DEFAULT_SALT_LEN]; + /** 存储的hmac摘要值。 */ uint8_t hmac[OH_HUKS_HMAC_DIGEST_SHA512_LEN]; }; +/** + * @brief 定义存储密钥的信息的结构体类型。 + * + * @since 8 + * @version 1.0 + */ struct OH_Huks_StoreKeyInfo { - uint16_t keyInfoLen; /* current keyinfo len */ - uint16_t keySize; /* keySize of key from crypto hal after encrypted */ + /** 当前密钥信息的内存大小。 */ + uint16_t keyInfoLen; + /** 加密后的密钥长度。 */ + uint16_t keySize; + /** 密钥的随机值。 */ uint8_t random[OH_HUKS_DEFAULT_RANDOM_LEN]; + /** 标记是导入的密钥还是业务生成的密钥。 */ uint8_t flag; /* import or generate key */ + /** 密钥算法类型。 */ uint8_t keyAlg; + /** 密钥工作模式。 */ uint8_t keyMode; + /** 摘要算法。 */ uint8_t digest; + /** 数据填充方式。 */ uint8_t padding; + /** 保留。 */ uint8_t rsv; - uint16_t keyLen; /* keyLen from paramset, e.g. aes-256 */ + /** 密钥长度,该值来源于输入参数集。 */ + uint16_t keyLen; + /** 用途。 */ uint32_t purpose; + /** 作用。*/ uint32_t role; + /** 领域值。 */ uint16_t domain; + /** 密钥别名数据的长度。 */ uint8_t aliasSize; + /** 认证id的数据长度。 */ uint8_t authIdSize; }; +/** + * @brief 定义25519类型算法协商密钥对的结构体类型。 + * + * @since 8 + * @version 1.0 + */ struct OH_Huks_25519KeyPair { + /** 公钥占用内存的大小 */ uint32_t publicBufferSize; + /** 私钥占用内存的大小 */ uint32_t privateBufferSize; }; @@ -544,4 +1005,4 @@ struct OH_Huks_25519KeyPair { } #endif -#endif /* NATIVE_OH_HUKS_TYPE_H */ \ No newline at end of file +#endif /* NATIVE_OH_HUKS_TYPE_H */ diff --git a/zh-cn/native_sdk/security/huks/native_huks_type_inner.h b/zh-cn/native_sdk/security/huks/native_huks_type_inner.h index 904ae211..9a0b8b5d 100644 --- a/zh-cn/native_sdk/security/huks/native_huks_type_inner.h +++ b/zh-cn/native_sdk/security/huks/native_huks_type_inner.h @@ -13,6 +13,15 @@ * limitations under the License. */ +/** + * @file native_huks_type_inner.h + * + * @brief 提供huks内部需要使用的头文件。 + * + * @since 8 + * @version 1.0 + */ + #ifndef NATIVE_HUKS_TYPE_INNER_H #define NATIVE_HUKS_TYPE_INNER_H -- Gitee From a330450eb3540bf05972155b12a881e7b0e322c3 Mon Sep 17 00:00:00 2001 From: zqr2001 <1805768383@qq.com> Date: Mon, 25 Jul 2022 09:45:08 +0800 Subject: [PATCH 4/6] comment modified --- zh-cn/native_sdk/security/huks/native_huks_type.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/zh-cn/native_sdk/security/huks/native_huks_type.h b/zh-cn/native_sdk/security/huks/native_huks_type.h index c38b04fd..e4ca7050 100644 --- a/zh-cn/native_sdk/security/huks/native_huks_type.h +++ b/zh-cn/native_sdk/security/huks/native_huks_type.h @@ -279,11 +279,11 @@ enum OH_Huks_AlgSuite { * @version 1.0 */ enum OH_Huks_KeyGenerateType { - /** 默认类型。 / + /** 默认类型。 */ OH_HUKS_KEY_GENERATE_TYPE_DEFAULT = 0, - /** 派生类型。/ + /** 派生类型。 */ OH_HUKS_KEY_GENERATE_TYPE_DERIVE = 1, - /** 协商类型。*/ + /** 协商类型。 */ OH_HUKS_KEY_GENERATE_TYPE_AGREE = 2, }; @@ -294,7 +294,7 @@ enum OH_Huks_KeyGenerateType { * @version 1.0 */ enum OH_Huks_KeyFlag { - /** 导入密钥的标记。/ + /** 导入密钥的标记。*/ OH_HUKS_KEY_FLAG_IMPORT_KEY = 1, /** 生成密钥的标记。*/ OH_HUKS_KEY_FLAG_GENERATE_KEY = 2, -- Gitee From e90f6984e12a9e874dd15ebdd56d465ba6577037 Mon Sep 17 00:00:00 2001 From: zqr2001 <1805768383@qq.com> Date: Mon, 25 Jul 2022 10:11:04 +0800 Subject: [PATCH 5/6] capi Signed-off-by: zqr2001 <1805768383@qq.com> --- zh-cn/native_sdk/security/huks/native_huks_api.h | 2 +- zh-cn/native_sdk/security/huks/native_huks_type.h | 9 +++------ 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/zh-cn/native_sdk/security/huks/native_huks_api.h b/zh-cn/native_sdk/security/huks/native_huks_api.h index 81639c92..cde82d8e 100644 --- a/zh-cn/native_sdk/security/huks/native_huks_api.h +++ b/zh-cn/native_sdk/security/huks/native_huks_api.h @@ -153,7 +153,7 @@ OH_HUKS_API_EXPORT int32_t OH_Huks_Init(const struct OH_Huks_Blob *keyAlias, * @version 1.0 */ OH_HUKS_API_EXPORT int32_t OH_Huks_Update(const struct OH_Huks_Blob *handle, - const struct OH_Huks_ParamSet *paramSet, const struct OH_Huks_Blob *inData, struct OH_Huks_Blob *outData); + const struct OH_Huks_ParamSet *paramSet, const struct OH_Huks_Blob *inData, struct OH_Huks_Blob *outData); /** * @brief 使用密钥对数据进行算法操作的finish动作。 diff --git a/zh-cn/native_sdk/security/huks/native_huks_type.h b/zh-cn/native_sdk/security/huks/native_huks_type.h index e4ca7050..25f6c520 100644 --- a/zh-cn/native_sdk/security/huks/native_huks_type.h +++ b/zh-cn/native_sdk/security/huks/native_huks_type.h @@ -54,7 +54,6 @@ extern "C" { * @since 8 * @version 1.0 */ -#define OH_HUKS_ALIGN_SIZE(size) ((((uint32_t)(size) + 3) >> 2) << 2) #define OH_HUKS_DEFAULT_ALIGN_MASK_SIZE 3 #define OH_HUKS_AE_TAG_LEN 16 @@ -65,9 +64,7 @@ extern "C" { #define OH_HUKS_MAX_KEY_ALIAS_LEN 64 #define OH_HUKS_MAX_PROCESS_NAME_LEN 50 #define OH_HUKS_MAX_RANDOM_LEN 1024 -#define OH_HUKS_KEY_BYTES(keySize) (((keySize) + OH_HUKS_BITS_PER_BYTE - 1) / OH_HUKS_BITS_PER_BYTE) #define OH_HUKS_SIGNATURE_MIN_SIZE 64 -#define OH_HUKS_ARRAY_SIZE(arr) ((sizeof(arr)) / (sizeof((arr)[0]))) #define OH_HUKS_MAX_OUT_BLOB_SIZE (5 * 1024 * 1024) #define OH_HUKS_WRAPPED_FORMAT_MAX_SIZE (1024 * 1024) #define OH_HUKS_IMPORT_WRAPPED_KEY_TOTAL_BLOBS 10 @@ -250,7 +247,7 @@ enum OH_Huks_KeyAlg { * @version 1.0 */ enum OH_Huks_AlgSuite { - /** Algorithm suites of unwrapping wrapped-key by huks + /** Algorithm suites of unwrapping wrapped-key by huks * Unwrap suite of key agreement type */ /** WrappedData format(Bytes Array): @@ -580,7 +577,7 @@ enum OH_Huks_Tag { /** 派生密钥大小。 */ OH_HUKS_TAG_DERIVE_KEY_SIZE = OH_HUKS_TAG_TYPE_UINT | 24, /** 导入密钥类型, 类型可在枚举OH_Huks_ImportKeyType中选择。 */ - OH_HUKS_TAG_IMPORT_KEY_TYPE = OH_HUKS_TAG_TYPE_UINT | 25, + OH_HUKS_TAG_IMPORT_KEY_TYPE = OH_HUKS_TAG_TYPE_UINT | 25, /** 解包套件算法。 */ OH_HUKS_TAG_UNWRAP_ALGORITHM_SUITE = OH_HUKS_TAG_TYPE_UINT | 26, @@ -925,7 +922,7 @@ struct OH_Huks_KeyMaterial25519 { #define OH_HUKS_DEFAULT_RANDOM_LEN 16 #define OH_HUKS_MAX_KEY_AUTH_ID_LEN 64 #define OH_HUKS_KEY_MATERIAL_NUM 3 -#define OH_HUKS_MAX_KEY_LEN (OH_HUKS_KEY_BYTES(OH_HUKS_RSA_KEY_SIZE_4096) * OH_HUKS_KEY_MATERIAL_NUM) +#define OH_HUKS_MAX_KEY_LEN ((((OH_HUKS_RSA_KEY_SIZE_4096) + OH_HUKS_BITS_PER_BYTE - 1) / OH_HUKS_BITS_PER_BYTE) * OH_HUKS_KEY_MATERIAL_NUM) #define OH_HUKS_MAX_KEY_MATERIAL_LEN (sizeof(struct OH_Huks_PubKeyInfo) + OH_HUKS_MAX_KEY_LEN + OH_HUKS_AE_TAG_LEN) /** -- Gitee From db085657420d4f3080cac890bc2b7cb28821398f Mon Sep 17 00:00:00 2001 From: zqr2001 <1805768383@qq.com> Date: Mon, 25 Jul 2022 10:41:19 +0800 Subject: [PATCH 6/6] capi final Signed-off-by: zqr2001 1805768383@qq.com --- zh-cn/native_sdk/security/huks/native_huks_type.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zh-cn/native_sdk/security/huks/native_huks_type.h b/zh-cn/native_sdk/security/huks/native_huks_type.h index 25f6c520..0d0550f7 100644 --- a/zh-cn/native_sdk/security/huks/native_huks_type.h +++ b/zh-cn/native_sdk/security/huks/native_huks_type.h @@ -922,7 +922,7 @@ struct OH_Huks_KeyMaterial25519 { #define OH_HUKS_DEFAULT_RANDOM_LEN 16 #define OH_HUKS_MAX_KEY_AUTH_ID_LEN 64 #define OH_HUKS_KEY_MATERIAL_NUM 3 -#define OH_HUKS_MAX_KEY_LEN ((((OH_HUKS_RSA_KEY_SIZE_4096) + OH_HUKS_BITS_PER_BYTE - 1) / OH_HUKS_BITS_PER_BYTE) * OH_HUKS_KEY_MATERIAL_NUM) +#define OH_HUKS_MAX_KEY_LEN ((((4096) + OH_HUKS_BITS_PER_BYTE - 1) / OH_HUKS_BITS_PER_BYTE) * OH_HUKS_KEY_MATERIAL_NUM) #define OH_HUKS_MAX_KEY_MATERIAL_LEN (sizeof(struct OH_Huks_PubKeyInfo) + OH_HUKS_MAX_KEY_LEN + OH_HUKS_AE_TAG_LEN) /** -- Gitee