diff --git a/zh-cn/native_sdk/security/huks/native_hks_api.h b/zh-cn/native_sdk/security/huks/native_hks_api.h new file mode 100644 index 0000000000000000000000000000000000000000..bfefa23551df571fee4fa1c67656bc8431600f25 --- /dev/null +++ b/zh-cn/native_sdk/security/huks/native_hks_api.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _NATIVE_HKS_API_H_ +#define _NATIVE_HKS_API_H_ + +#include "native_hks_type.h" + +#ifdef __cplusplus +extern "C" { +#endif + +OH_HKS_API_EXPORT int32_t OH_HksGetSdkVersion(struct OH_HksBlob *sdkVersion); + +OH_HKS_API_EXPORT int32_t OH_HksGenerateKey(const struct OH_HksBlob *keyAlias, + const struct OH_HksParamSet *paramSetIn, struct OH_HksParamSet *paramSetOut); + +OH_HKS_API_EXPORT int32_t OH_HksImportKey(const struct OH_HksBlob *keyAlias, + const struct OH_HksParamSet *paramSet, const struct OH_HksBlob *key); + +OH_HKS_API_EXPORT int32_t OH_HksExportPublicKey(const struct OH_HksBlob *keyAlias, + const struct OH_HksParamSet *paramSet, struct OH_HksBlob *key); + +OH_HKS_API_EXPORT int32_t OH_HksDeleteKey(const struct OH_HksBlob *keyAlias, const struct OH_HksParamSet *paramSet); + +OH_HKS_API_EXPORT int32_t OH_HksGetKeyParamSet(const struct OH_HksBlob *keyAlias, + const struct OH_HksParamSet *paramSetIn, struct OH_HksParamSet *paramSetOut); + +OH_HKS_API_EXPORT int32_t OH_HksKeyExist(const struct OH_HksBlob *keyAlias, const struct OH_HksParamSet *paramSet); + +OH_HKS_API_EXPORT int32_t OH_HksInit(const struct OH_HksBlob *keyAlias, const struct OH_HksParamSet *paramSet, + struct OH_HksBlob *handle); + +OH_HKS_API_EXPORT int32_t OH_HksUpdate(const struct OH_HksBlob *handle, const struct OH_HksParamSet *paramSet, + const struct OH_HksBlob *inData, struct OH_HksBlob *outData); + +OH_HKS_API_EXPORT int32_t OH_HksFinish(const struct OH_HksBlob *handle, const struct OH_HksParamSet *paramSet, + const struct OH_HksBlob *inData, struct OH_HksBlob *outData); + +OH_HKS_API_EXPORT int32_t OH_HksAbort(const struct OH_HksBlob *handle, const struct OH_HksParamSet *paramSet); + +#ifdef __cplusplus +} +#endif + +#endif /* NATIVE_OH_HKS_API_H */ \ No newline at end of file diff --git a/zh-cn/native_sdk/security/huks/native_hks_param.h b/zh-cn/native_sdk/security/huks/native_hks_param.h new file mode 100644 index 0000000000000000000000000000000000000000..db5b2f47654736f22786e2b588038988b13a5690 --- /dev/null +++ b/zh-cn/native_sdk/security/huks/native_hks_param.h @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef NATIVE_HKS_PARAM_H +#define NATIVE_HKS_PARAM_H + +#include "native_hks_type.h" + +#define OH_HKS_PARAM_SET_MAX_SIZE (4 * 1024 * 1024) +#define OH_HKS_DEFAULT_PARAM_SET_SIZE 512 +#define OH_HKS_DEFAULT_PARAM_CNT ((uint32_t)(OH_HKS_DEFAULT_PARAM_SET_SIZE / sizeof(struct OH_HksParam))) +#define OH_HKS_TAG_TYPE_MASK (0xF << 28) + +#ifdef __cplusplus +extern "C" { +#endif + +OH_HKS_API_EXPORT int32_t OH_HksInitParamSet(struct OH_HksParamSet **paramSet); + +OH_HKS_API_EXPORT int32_t OH_HksAddParams(struct OH_HksParamSet *paramSet, + const struct OH_HksParam *params, uint32_t paramCnt); + +OH_HKS_API_EXPORT int32_t OH_HksBuildParamSet(struct OH_HksParamSet **paramSet); + +OH_HKS_API_EXPORT void OH_HksFreeParamSet(struct OH_HksParamSet **paramSet); + +OH_HKS_API_EXPORT int32_t OH_HksGetParamSet(const struct OH_HksParamSet *fromParamSet, uint32_t fromParamSetSize, + struct OH_HksParamSet **paramSet); + +OH_HKS_API_EXPORT int32_t OH_HksGetParam(const struct OH_HksParamSet *paramSet, uint32_t tag, struct OH_HksParam **param); + +OH_HKS_API_EXPORT int32_t OH_HksFreshParamSet(struct OH_HksParamSet *paramSet, bool isCopy); + +int32_t OH_HksCheckParamSetTag(const struct OH_HksParamSet *paramSet); + +int32_t OH_HksCheckParamSet(const struct OH_HksParamSet *paramSet, uint32_t size); + +int32_t OH_HksCheckParamMatch(const struct OH_HksParam *baseParam, const struct OH_HksParam *param); + +#ifdef __cplusplus +} +#endif + +#endif /* NATIVE_HKS_PARAM_H */ \ No newline at end of file diff --git a/zh-cn/native_sdk/security/huks/native_hks_type.h b/zh-cn/native_sdk/security/huks/native_hks_type.h new file mode 100644 index 0000000000000000000000000000000000000000..62ee3ef3ac8e7557349e33b56badb59618f95041 --- /dev/null +++ b/zh-cn/native_sdk/security/huks/native_hks_type.h @@ -0,0 +1,547 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _NATIVE_HKS_TYPE_H_ +#define _NATIVE_HKS_TYPE_H_ + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef OH_HKS_API_PUBLIC + #if defined(WIN32) || defined(_WIN32) || defined(__CYGWIN__) || defined(__ICCARM__) /* __ICCARM__ for iar */ + #define OH_HKS_API_EXPORT + #else + #define OH_HKS_API_EXPORT __attribute__ ((visibility("default"))) + #endif +#else + #define OH_HKS_API_EXPORT __attribute__ ((visibility("default"))) +#endif + +#define OH_HKS_SDK_VERSION "2.0.0.4" + +/* + * Align to 4-tuple + * Before calling this function, ensure that the size does not overflow after 3 is added. + */ +#define OH_HKS_ALIGN_SIZE(size) ((((uint32_t)(size) + 3) >> 2) << 2) +#define OH_HKS_DEFAULT_ALIGN_MASK_SIZE 3 + +#define OH_HKS_AE_TAG_LEN 16 +#define OH_HKS_BITS_PER_BYTE 8 +#define OH_HKS_MAX_KEY_SIZE 2048 +#define OH_HKS_AE_TAG_LEN 16 +#define OH_HKS_AE_NONCE_LEN 12 +#define OH_HKS_MAX_KEY_ALIAS_LEN 64 +#define OH_HKS_MAX_PROCESS_NAME_LEN 50 +#define OH_HKS_MAX_RANDOM_LEN 1024 +#define OH_HKS_KEY_BYTES(keySize) (((keySize) + OH_HKS_BITS_PER_BYTE - 1) / OH_HKS_BITS_PER_BYTE) +#define OH_HKS_SIGNATURE_MIN_SIZE 64 +#define OH_HKS_ARRAY_SIZE(arr) ((sizeof(arr)) / (sizeof((arr)[0]))) +#define OH_HKS_MAX_OUT_BLOB_SIZE (5 * 1024 * 1024) +#define OH_HKS_WRAPPED_FORMAT_MAX_SIZE (1024 * 1024) +#define OH_HKS_IMPORT_WRAPPED_KEY_TOTAL_BLOBS 10 + +enum OH_HksKeyType { + OH_HKS_KEY_TYPE_RSA_PUBLIC_KEY = 0x01001000, + OH_HKS_KEY_TYPE_RSA_KEYPAIR = 0x01002000, + + OH_HKS_KEY_TYPE_ECC_P256_PUBLIC_KEY = 0x02021000, + OH_HKS_KEY_TYPE_ECC_P256_KEYPAIR = 0x02022000, + OH_HKS_KEY_TYPE_ECC_P384_PUBLIC_KEY = 0x02031000, + OH_HKS_KEY_TYPE_ECC_P384_KEYPAIR = 0x02032000, + OH_HKS_KEY_TYPE_ECC_P521_PUBLIC_KEY = 0x02051000, + OH_HKS_KEY_TYPE_ECC_P521_KEYPAIR = 0x02052000, + + OH_HKS_KEY_TYPE_ED25519_PUBLIC_KEY = 0x02101000, + OH_HKS_KEY_TYPE_ED25519_KEYPAIR = 0x02102000, + OH_HKS_KEY_TYPE_X25519_PUBLIC_KEY = 0x02111000, + OH_HKS_KEY_TYPE_X25519_KEYPAIR = 0x02112000, + + OH_HKS_KEY_TYPE_AES = 0x03000000, + OH_HKS_KEY_TYPE_CHACHA20 = 0x04010000, + OH_HKS_KEY_TYPE_CHACHA20_POLY1305 = 0x04020000, + + OH_HKS_KEY_TYPE_HMAC = 0x05000000, + OH_HKS_KEY_TYPE_HKDF = 0x06000000, + OH_HKS_KEY_TYPE_PBKDF2 = 0x07000000, +}; + +enum OH_HksKeyPurpose { + OH_HKS_KEY_PURPOSE_ENCRYPT = 1, /* Usable with RSA, EC, AES, and SM4 keys. */ + OH_HKS_KEY_PURPOSE_DECRYPT = 2, /* Usable with RSA, EC, AES, and SM4 keys. */ + OH_HKS_KEY_PURPOSE_SIGN = 4, /* Usable with RSA, EC keys. */ + OH_HKS_KEY_PURPOSE_VERIFY = 8, /* Usable with RSA, EC keys. */ + OH_HKS_KEY_PURPOSE_DERIVE = 16, /* Usable with EC keys. */ + OH_HKS_KEY_PURPOSE_WRAP = 32, /* Usable with wrap key. */ + OH_HKS_KEY_PURPOSE_UNWRAP = 64, /* Usable with unwrap key. */ + OH_HKS_KEY_PURPOSE_MAC = 128, /* Usable with mac. */ + OH_HKS_KEY_PURPOSE_AGREE = 256, /* Usable with agree. */ +}; + +enum OH_HksKeyDigest { + OH_HKS_DIGEST_NONE = 0, + OH_HKS_DIGEST_MD5 = 1, + OH_HKS_DIGEST_SM3 = 2, + OH_HKS_DIGEST_SHA1 = 10, + OH_HKS_DIGEST_SHA224 = 11, + OH_HKS_DIGEST_SHA256 = 12, + OH_HKS_DIGEST_SHA384 = 13, + OH_HKS_DIGEST_SHA512 = 14, +}; + +enum OH_HksKeyPadding { + OH_HKS_PADDING_NONE = 0, + OH_HKS_PADDING_OAEP = 1, + OH_HKS_PADDING_PSS = 2, + OH_HKS_PADDING_PKCS1_V1_5 = 3, + OH_HKS_PADDING_PKCS5 = 4, + OH_HKS_PADDING_PKCS7 = 5, +}; + +enum OH_HksCipherMode { + OH_HKS_MODE_ECB = 1, + OH_HKS_MODE_CBC = 2, + OH_HKS_MODE_CTR = 3, + OH_HKS_MODE_OFB = 4, + OH_HKS_MODE_CCM = 31, + OH_HKS_MODE_GCM = 32, +}; + +enum OH_HksKeySize { + OH_HKS_RSA_KEY_SIZE_1024 = 1024, + OH_HKS_RSA_KEY_SIZE_2048 = 2048, + OH_HKS_RSA_KEY_SIZE_3072 = 3072, + OH_HKS_RSA_KEY_SIZE_4096 = 4096, + + OH_HKS_ECC_KEY_SIZE_256 = 256, + OH_HKS_ECC_KEY_SIZE_384 = 384, + OH_HKS_ECC_KEY_SIZE_521 = 521, + + OH_HKS_AES_KEY_SIZE_128 = 128, + OH_HKS_AES_KEY_SIZE_192 = 192, + OH_HKS_AES_KEY_SIZE_256 = 256, + OH_HKS_AES_KEY_SIZE_512 = 512, + + OH_HKS_CURVE25519_KEY_SIZE_256 = 256, + + OH_HKS_SM2_KEY_SIZE_256 = 256, + OH_HKS_SM4_KEY_SIZE_128 = 128, +}; + +enum OH_HksKeyAlg { + OH_HKS_ALG_RSA = 1, + OH_HKS_ALG_ECC = 2, + + OH_HKS_ALG_AES = 20, + OH_HKS_ALG_HMAC = 50, + OH_HKS_ALG_HKDF = 51, + OH_HKS_ALG_PBKDF2 = 52, + + OH_HKS_ALG_ECDH = 100, + OH_HKS_ALG_X25519 = 101, + OH_HKS_ALG_ED25519 = 102, + + OH_HKS_ALG_SM2 = 150, + OH_HKS_ALG_SM3 = 151, + OH_HKS_ALG_SM4 = 152, +}; + +enum OH_HuksAlgSuite { + /* Algorithm suites of unwrapping wrapped-key by huks */ + /* Unwrap suite of key agreement type */ + /* WrappedData format(Bytes Array): + * | x25519_plain_pubkey_length (4 Byte) | x25519_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad + * | agreekey_nonce_length (4 Byte) | agreekey_nonce | agreekey_aead_tag_len(4 Byte) | agreekey_aead_tag + * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad + * | kek_nonce_length (4 Byte) | kek_nonce | kek_aead_tag_len (4 Byte) | kek_aead_tag + * | key_material_size_len (4 Byte) | key_material_size | key_mat_enc_length (4 Byte) | key_mat_enc_data + */ + OH_HKS_UNWRAP_SUITE_X25519_AES_256_GCM_NOPADDING = 1, + + /* WrappedData format(Bytes Array): + * | ECC_plain_pubkey_length (4 Byte) | ECC_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad + * | agreekey_nonce_length (4 Byte) | agreekey_nonce | agreekey_aead_tag_len(4 Byte) | agreekey_aead_tag + * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad + * | kek_nonce_length (4 Byte) | kek_nonce | kek_aead_tag_len (4 Byte) | kek_aead_tag + * | key_material_size_len (4 Byte) | key_material_size | key_mat_enc_length (4 Byte) | key_mat_enc_data + */ + OH_HKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING = 2, +}; + +enum OH_HksKeyGenerateType { + OH_HKS_KEY_GENERATE_TYPE_DEFAULT = 0, + OH_HKS_KEY_GENERATE_TYPE_DERIVE = 1, + OH_HKS_KEY_GENERATE_TYPE_AGREE = 2, +}; + +enum OH_HksKeyFlag { + OH_HKS_KEY_FLAG_IMPORT_KEY = 1, + OH_HKS_KEY_FLAG_GENERATE_KEY = 2, + OH_HKS_KEY_FLAG_AGREE_KEY = 3, + OH_HKS_KEY_FLAG_DERIVE_KEY = 4, +}; + +enum OH_HksKeyStorageType { + OH_HKS_STORAGE_TEMP = 0, + OH_HKS_STORAGE_PERSISTENT = 1, +}; + +enum OH_HksImportKeyType { + OH_HKS_KEY_TYPE_PUBLIC_KEY = 0, + OH_HKS_KEY_TYPE_PRIVATE_KEY = 1, + OH_HKS_KEY_TYPE_KEY_PAIR = 2, +}; + +enum OH_HksErrorCode { + OH_HKS_SUCCESS = 0, + OH_HKS_FAILURE = -1, + OH_HKS_ERROR_BAD_STATE = -2, + OH_HKS_ERROR_INVALID_ARGUMENT = -3, + OH_HKS_ERROR_NOT_SUPPORTED = -4, + OH_HKS_ERROR_NO_PERMISSION = -5, + OH_HKS_ERROR_INSUFFICIENT_DATA = -6, + OH_HKS_ERROR_BUFFER_TOO_SMALL = -7, + OH_HKS_ERROR_INSUFFICIENT_MEMORY = -8, + OH_HKS_ERROR_COMMUNICATION_FAILURE = -9, + OH_HKS_ERROR_STORAGE_FAILURE = -10, + OH_HKS_ERROR_HARDWARE_FAILURE = -11, + OH_HKS_ERROR_ALREADY_EXISTS = -12, + OH_HKS_ERROR_NOT_EXIST = -13, + OH_HKS_ERROR_NULL_POINTER = -14, + OH_HKS_ERROR_FILE_SIZE_FAIL = -15, + OH_HKS_ERROR_READ_FILE_FAIL = -16, + OH_HKS_ERROR_INVALID_PUBLIC_KEY = -17, + OH_HKS_ERROR_INVALID_PRIVATE_KEY = -18, + OH_HKS_ERROR_INVALID_KEY_INFO = -19, + OH_HKS_ERROR_HASH_NOT_EQUAL = -20, + OH_HKS_ERROR_MALLOC_FAIL = -21, + OH_HKS_ERROR_WRITE_FILE_FAIL = -22, + OH_HKS_ERROR_REMOVE_FILE_FAIL = -23, + OH_HKS_ERROR_OPEN_FILE_FAIL = -24, + OH_HKS_ERROR_CLOSE_FILE_FAIL = -25, + OH_HKS_ERROR_MAKE_DIR_FAIL = -26, + OH_HKS_ERROR_INVALID_KEY_FILE = -27, + OH_HKS_ERROR_IPC_MSG_FAIL = -28, + OH_HKS_ERROR_REQUEST_OVERFLOWS = -29, + OH_HKS_ERROR_PARAM_NOT_EXIST = -30, + OH_HKS_ERROR_CRYPTO_ENGINE_ERROR = -31, + OH_HKS_ERROR_COMMUNICATION_TIMEOUT = -32, + OH_HKS_ERROR_IPC_INIT_FAIL = -33, + OH_HKS_ERROR_IPC_DLOPEN_FAIL = -34, + OH_HKS_ERROR_EFUSE_READ_FAIL = -35, + OH_HKS_ERROR_NEW_ROOT_KEY_MATERIAL_EXIST = -36, + OH_HKS_ERROR_UPDATE_ROOT_KEY_MATERIAL_FAIL = -37, + OH_HKS_ERROR_VERIFICATION_FAILED = -38, + OH_HKS_ERROR_SESSION_REACHED_LIMIT = -39, + + OH_HKS_ERROR_CHECK_GET_ALG_FAIL = -100, + OH_HKS_ERROR_CHECK_GET_KEY_SIZE_FAIL = -101, + OH_HKS_ERROR_CHECK_GET_PADDING_FAIL = -102, + OH_HKS_ERROR_CHECK_GET_PURPOSE_FAIL = -103, + OH_HKS_ERROR_CHECK_GET_DIGEST_FAIL = -104, + OH_HKS_ERROR_CHECK_GET_MODE_FAIL = -105, + OH_HKS_ERROR_CHECK_GET_NONCE_FAIL = -106, + OH_HKS_ERROR_CHECK_GET_AAD_FAIL = -107, + OH_HKS_ERROR_CHECK_GET_IV_FAIL = -108, + OH_HKS_ERROR_CHECK_GET_AE_TAG_FAIL = -109, + OH_HKS_ERROR_CHECK_GET_SALT_FAIL = -110, + OH_HKS_ERROR_CHECK_GET_ITERATION_FAIL = -111, + OH_HKS_ERROR_INVALID_ALGORITHM = -112, + OH_HKS_ERROR_INVALID_KEY_SIZE = -113, + OH_HKS_ERROR_INVALID_PADDING = -114, + OH_HKS_ERROR_INVALID_PURPOSE = -115, + OH_HKS_ERROR_INVALID_MODE = -116, + OH_HKS_ERROR_INVALID_DIGEST = -117, + OH_HKS_ERROR_INVALID_SIGNATURE_SIZE = -118, + OH_HKS_ERROR_INVALID_IV = -119, + OH_HKS_ERROR_INVALID_AAD = -120, + OH_HKS_ERROR_INVALID_NONCE = -121, + OH_HKS_ERROR_INVALID_AE_TAG = -122, + OH_HKS_ERROR_INVALID_SALT = -123, + OH_HKS_ERROR_INVALID_ITERATION = -124, + OH_HKS_ERROR_INVALID_OPERATION = -125, + OH_HKS_ERROR_INVALID_WRAPPED_FORMAT = -126, + OH_HKS_ERROR_INVALID_USAGE_OF_KEY = -127, + + OH_HKS_ERROR_INTERNAL_ERROR = -999, + OH_HKS_ERROR_UNKNOWN_ERROR = -1000, +}; + +enum OH_HksTagType { + OH_HKS_TAG_TYPE_INVALID = 0 << 28, + OH_HKS_TAG_TYPE_INT = 1 << 28, + OH_HKS_TAG_TYPE_UINT = 2 << 28, + OH_HKS_TAG_TYPE_ULONG = 3 << 28, + OH_HKS_TAG_TYPE_BOOL = 4 << 28, + OH_HKS_TAG_TYPE_BYTES = 5 << 28, +}; + +enum OH_HksSendType { + OH_HKS_SEND_TYPE_ASYNC = 0, + OH_HKS_SEND_TYPE_SYNC, +}; + +enum OH_HksTag { + /* Invalid TAG */ + OH_HKS_TAG_INVALID = OH_HKS_TAG_TYPE_INVALID | 0, + + /* Base algrithom TAG: 1 - 200 */ + OH_HKS_TAG_ALGORITHM = OH_HKS_TAG_TYPE_UINT | 1, + OH_HKS_TAG_PURPOSE = OH_HKS_TAG_TYPE_UINT | 2, + OH_HKS_TAG_KEY_SIZE = OH_HKS_TAG_TYPE_UINT | 3, + OH_HKS_TAG_DIGEST = OH_HKS_TAG_TYPE_UINT | 4, + OH_HKS_TAG_PADDING = OH_HKS_TAG_TYPE_UINT | 5, + OH_HKS_TAG_BLOCK_MODE = OH_HKS_TAG_TYPE_UINT | 6, + OH_HKS_TAG_KEY_TYPE = OH_HKS_TAG_TYPE_UINT | 7, + OH_HKS_TAG_ASSOCIATED_DATA = OH_HKS_TAG_TYPE_BYTES | 8, + OH_HKS_TAG_NONCE = OH_HKS_TAG_TYPE_BYTES | 9, + OH_HKS_TAG_IV = OH_HKS_TAG_TYPE_BYTES | 10, + + /* Key derivation TAG */ + OH_HKS_TAG_INFO = OH_HKS_TAG_TYPE_BYTES | 11, + OH_HKS_TAG_SALT = OH_HKS_TAG_TYPE_BYTES | 12, + OH_HKS_TAG_PWD = OH_HKS_TAG_TYPE_BYTES | 13, + OH_HKS_TAG_ITERATION = OH_HKS_TAG_TYPE_UINT | 14, + + OH_HKS_TAG_KEY_GENERATE_TYPE = OH_HKS_TAG_TYPE_UINT | 15, /* choose from enum OH_HksKeyGenerateType */ + OH_HKS_TAG_DERIVE_MAIN_KEY = OH_HKS_TAG_TYPE_BYTES | 16, + OH_HKS_TAG_DERIVE_FACTOR = OH_HKS_TAG_TYPE_BYTES | 17, + OH_HKS_TAG_DERIVE_ALG = OH_HKS_TAG_TYPE_UINT | 18, + OH_HKS_TAG_AGREE_ALG = OH_HKS_TAG_TYPE_UINT | 19, + OH_HKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS = OH_HKS_TAG_TYPE_BOOL | 20, + OH_HKS_TAG_AGREE_PRIVATE_KEY_ALIAS = OH_HKS_TAG_TYPE_BYTES | 21, + OH_HKS_TAG_AGREE_PUBLIC_KEY = OH_HKS_TAG_TYPE_BYTES | 22, + OH_HKS_TAG_KEY_ALIAS = OH_HKS_TAG_TYPE_BYTES | 23, + OH_HKS_TAG_DERIVE_KEY_SIZE = OH_HKS_TAG_TYPE_UINT | 24, + OH_HKS_TAG_IMPORT_KEY_TYPE = OH_HKS_TAG_TYPE_UINT | 25, /* choose from enum OH_HksImportKeyType */ + OH_HKS_TAG_UNWRAP_ALGORITHM_SUITE = OH_HKS_TAG_TYPE_UINT | 26, + + /* + * Key authentication related TAG: 201 - 300 + * + * Start of validity + */ + OH_HKS_TAG_ACTIVE_DATETIME = OH_HKS_TAG_TYPE_ULONG | 201, + + /* Date when new "messages" should not be created. */ + OH_HKS_TAG_ORIGINATION_EXPIRE_DATETIME = OH_HKS_TAG_TYPE_ULONG | 202, + + /* Date when existing "messages" should not be used. */ + OH_HKS_TAG_USAGE_EXPIRE_DATETIME = OH_HKS_TAG_TYPE_ULONG | 203, + + /* Key creation time */ + OH_HKS_TAG_CREATION_DATETIME = OH_HKS_TAG_TYPE_ULONG | 204, + + /* Other authentication related TAG: 301 - 500 */ + OH_HKS_TAG_ALL_USERS = OH_HKS_TAG_TYPE_BOOL | 301, + OH_HKS_TAG_USER_ID = OH_HKS_TAG_TYPE_UINT | 302, + OH_HKS_TAG_NO_AUTH_REQUIRED = OH_HKS_TAG_TYPE_BOOL | 303, + OH_HKS_TAG_USER_AUTH_TYPE = OH_HKS_TAG_TYPE_UINT | 304, + OH_HKS_TAG_AUTH_TIMEOUT = OH_HKS_TAG_TYPE_UINT | 305, + OH_HKS_TAG_AUTH_TOKEN = OH_HKS_TAG_TYPE_BYTES | 306, + + /* Attestation related TAG: 501 - 600 */ + OH_HKS_TAG_ATTESTATION_CHALLENGE = OH_HKS_TAG_TYPE_BYTES | 501, + OH_HKS_TAG_ATTESTATION_APPLICATION_ID = OH_HKS_TAG_TYPE_BYTES | 502, + OH_HKS_TAG_ATTESTATION_ID_BRAND = OH_HKS_TAG_TYPE_BYTES | 503, + OH_HKS_TAG_ATTESTATION_ID_DEVICE = OH_HKS_TAG_TYPE_BYTES | 504, + OH_HKS_TAG_ATTESTATION_ID_PRODUCT = OH_HKS_TAG_TYPE_BYTES | 505, + OH_HKS_TAG_ATTESTATION_ID_SERIAL = OH_HKS_TAG_TYPE_BYTES | 506, + OH_HKS_TAG_ATTESTATION_ID_IMEI = OH_HKS_TAG_TYPE_BYTES | 507, + OH_HKS_TAG_ATTESTATION_ID_MEID = OH_HKS_TAG_TYPE_BYTES | 508, + OH_HKS_TAG_ATTESTATION_ID_MANUFACTURER = OH_HKS_TAG_TYPE_BYTES | 509, + OH_HKS_TAG_ATTESTATION_ID_MODEL = OH_HKS_TAG_TYPE_BYTES | 510, + OH_HKS_TAG_ATTESTATION_ID_ALIAS = OH_HKS_TAG_TYPE_BYTES | 511, + OH_HKS_TAG_ATTESTATION_ID_SOCID = OH_HKS_TAG_TYPE_BYTES | 512, + OH_HKS_TAG_ATTESTATION_ID_UDID = OH_HKS_TAG_TYPE_BYTES | 513, + OH_HKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO = OH_HKS_TAG_TYPE_BYTES | 514, + OH_HKS_TAG_ATTESTATION_ID_VERSION_INFO = OH_HKS_TAG_TYPE_BYTES | 515, + + /* + * Other reserved TAG: 601 - 1000 + * + * Extention TAG: 1001 - 9999 + */ + OH_HKS_TAG_IS_KEY_ALIAS = OH_HKS_TAG_TYPE_BOOL | 1001, + OH_HKS_TAG_KEY_STORAGE_FLAG = OH_HKS_TAG_TYPE_UINT | 1002, /* choose from enum OH_HksKeyStorageType */ + OH_HKS_TAG_IS_ALLOWED_WRAP = OH_HKS_TAG_TYPE_BOOL | 1003, + OH_HKS_TAG_KEY_WRAP_TYPE = OH_HKS_TAG_TYPE_UINT | 1004, + OH_HKS_TAG_KEY_AUTH_ID = OH_HKS_TAG_TYPE_BYTES | 1005, + OH_HKS_TAG_KEY_ROLE = OH_HKS_TAG_TYPE_UINT | 1006, + OH_HKS_TAG_KEY_FLAG = OH_HKS_TAG_TYPE_UINT | 1007, /* choose from enum OH_HksKeyFlag */ + OH_HKS_TAG_IS_ASYNCHRONIZED = OH_HKS_TAG_TYPE_UINT | 1008, + OH_HKS_TAG_SECURE_KEY_ALIAS = OH_HKS_TAG_TYPE_BOOL | 1009, + OH_HKS_TAG_SECURE_KEY_UUID = OH_HKS_TAG_TYPE_BYTES | 1010, + OH_HKS_TAG_KEY_DOMAIN = OH_HKS_TAG_TYPE_UINT | 1011, + + /* Inner-use TAG: 10001 - 10999 */ + OH_HKS_TAG_PROCESS_NAME = OH_HKS_TAG_TYPE_BYTES | 10001, + OH_HKS_TAG_PACKAGE_NAME = OH_HKS_TAG_TYPE_BYTES | 10002, + OH_HKS_TAG_ACCESS_TIME = OH_HKS_TAG_TYPE_UINT | 10003, + OH_HKS_TAG_USES_TIME = OH_HKS_TAG_TYPE_UINT | 10004, + OH_HKS_TAG_CRYPTO_CTX = OH_HKS_TAG_TYPE_ULONG | 10005, + OH_HKS_TAG_KEY = OH_HKS_TAG_TYPE_BYTES | 10006, + OH_HKS_TAG_KEY_VERSION = OH_HKS_TAG_TYPE_UINT | 10007, + OH_HKS_TAG_PAYLOAD_LEN = OH_HKS_TAG_TYPE_UINT | 10008, + OH_HKS_TAG_AE_TAG = OH_HKS_TAG_TYPE_BYTES | 10009, + OH_HKS_TAG_IS_KEY_HANDLE = OH_HKS_TAG_TYPE_ULONG | 10010, + + /* Os version related TAG */ + OH_HKS_TAG_OS_VERSION = OH_HKS_TAG_TYPE_UINT | 10101, + OH_HKS_TAG_OS_PATCHLEVEL = OH_HKS_TAG_TYPE_UINT | 10102, + + /* + * Reversed TAGs for SOTER: 11000 - 12000 + * + * Other TAGs: 20001 - N + * TAGs used for paramSetOut + */ + OH_HKS_TAG_SYMMETRIC_KEY_DATA = OH_HKS_TAG_TYPE_BYTES | 20001, + OH_HKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA = OH_HKS_TAG_TYPE_BYTES | 20002, + OH_HKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA = OH_HKS_TAG_TYPE_BYTES | 20003, +}; + +struct OH_HksBlob { + uint32_t size; + uint8_t *data; +}; + +struct OH_HksParam { + uint32_t tag; + union { + bool boolParam; + int32_t int32Param; + uint32_t uint32Param; + uint64_t uint64Param; + struct OH_HksBlob blob; + }; +}; + +struct OH_HksParamSet { + uint32_t paramSetSize; + uint32_t paramsCnt; + struct OH_HksParam params[]; +}; + +struct OH_HksCertChain { + struct OH_HksBlob *certs; + uint32_t certsCount; +}; + +struct OH_HksKeyInfo { + struct OH_HksBlob alias; + struct OH_HksParamSet *paramSet; +}; + +struct OH_HksPubKeyInfo { + enum OH_HksKeyAlg keyAlg; + uint32_t keySize; + uint32_t nOrXSize; + uint32_t eOrYSize; + uint32_t placeHolder; +}; + +struct OH_HksKeyMaterialRsa { + enum OH_HksKeyAlg keyAlg; + uint32_t keySize; + uint32_t nSize; + uint32_t eSize; + uint32_t dSize; +}; + +struct OH_HksKeyMaterialEcc { + enum OH_HksKeyAlg keyAlg; + uint32_t keySize; + uint32_t xSize; + uint32_t ySize; + uint32_t zSize; +}; + +struct OH_HksKeyMaterialDsa { + enum OH_HksKeyAlg keyAlg; + uint32_t keySize; + uint32_t xSize; + uint32_t ySize; + uint32_t pSize; + uint32_t qSize; + uint32_t gSize; +}; + +struct OH_HksKeyMaterialDh { + enum OH_HksKeyAlg keyAlg; + uint32_t keySize; + uint32_t pubKeySize; + uint32_t priKeySize; + uint32_t reserved; +}; + +struct OH_HksKeyMaterial25519 { + enum OH_HksKeyAlg keyAlg; + uint32_t keySize; + uint32_t pubKeySize; + uint32_t priKeySize; + uint32_t reserved; +}; + +#define OH_HKS_DERIVE_DEFAULT_SALT_LEN 16 +#define OH_HKS_HMAC_DIGEST_SHA512_LEN 64 +#define OH_HKS_DEFAULT_RANDOM_LEN 16 +#define OH_HKS_MAX_KEY_AUTH_ID_LEN 64 +#define OH_HKS_KEY_MATERIAL_NUM 3 +#define OH_HKS_MAX_KEY_LEN (OH_HKS_KEY_BYTES(OH_HKS_RSA_KEY_SIZE_4096) * OH_HKS_KEY_MATERIAL_NUM) +#define OH_HKS_MAX_KEY_MATERIAL_LEN (sizeof(struct OH_HksPubKeyInfo) + OH_HKS_MAX_KEY_LEN + OH_HKS_AE_TAG_LEN) + +struct OH_HksStoreHeaderInfo { + uint16_t version; + uint16_t keyCount; + uint32_t totalLen; /* key buffer total len */ + uint32_t sealingAlg; + uint8_t salt[OH_HKS_DERIVE_DEFAULT_SALT_LEN]; + uint8_t hmac[OH_HKS_HMAC_DIGEST_SHA512_LEN]; +}; + +struct OH_HksStoreKeyInfo { + uint16_t keyInfoLen; /* current keyinfo len */ + uint16_t keySize; /* keySize of key from crypto hal after encrypted */ + uint8_t random[OH_HKS_DEFAULT_RANDOM_LEN]; + uint8_t flag; /* import or generate key */ + uint8_t keyAlg; + uint8_t keyMode; + uint8_t digest; + uint8_t padding; + uint8_t rsv; + uint16_t keyLen; /* keyLen from paramset, e.g. aes-256 */ + uint32_t purpose; + uint32_t role; + uint16_t domain; + uint8_t aliasSize; + uint8_t authIdSize; +}; + +struct OH_Hks25519KeyPair { + uint32_t publicBufferSize; + uint32_t privateBufferSize; +}; + +#ifdef __cplusplus +} +#endif + +#endif /* NATIVE_OH_HKS_TYPE_H */ \ No newline at end of file diff --git a/zh-cn/native_sdk/security/huks/native_hks_type_inner.h b/zh-cn/native_sdk/security/huks/native_hks_type_inner.h new file mode 100644 index 0000000000000000000000000000000000000000..0ef31ade90cabaea25782f992607319ad325d9eb --- /dev/null +++ b/zh-cn/native_sdk/security/huks/native_hks_type_inner.h @@ -0,0 +1,22 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef NATIVE_HKS_TYPE_INNER_H +#define NATIVE_HKS_TYPE_INNER_H + +#include "native_hks_type.h" +#include "securec.h" + +#endif /* NATIVE_HKS_TYPE_INNER_H */ \ No newline at end of file