From 1ddd321e7547d0ab9bf917043e03e5bf74e7f1f2 Mon Sep 17 00:00:00 2001 From: y30053096 Date: Wed, 26 Mar 2025 14:29:00 +0800 Subject: [PATCH] add api20 for huks Signed-off-by: y30053096 Change-Id: I4087330674778d6afaff02ecb12886d5bac59cd5 --- security/huks/include/native_huks_api.h | 51 ++++++++++++++++++++++++ security/huks/include/native_huks_type.h | 40 +++++++++++++++++++ 2 files changed, 91 insertions(+) diff --git a/security/huks/include/native_huks_api.h b/security/huks/include/native_huks_api.h index 37d74511b..2aef6aeb1 100644 --- a/security/huks/include/native_huks_api.h +++ b/security/huks/include/native_huks_api.h @@ -437,6 +437,57 @@ struct OH_Huks_Result OH_Huks_FinishSession(const struct OH_Huks_Blob *handle, struct OH_Huks_Result OH_Huks_AbortSession(const struct OH_Huks_Blob *handle, const struct OH_Huks_ParamSet *paramSet); +/** + * @brief Export the wrapped key encrypted by the key derived from hardware unique key + * + * @param keyAlias Indicates the pointer to the alias of the key to import. + *    The alias must be unique in the process of the service. Otherwise, the key will be overwritten. + * @param paramSet Indicates the pointer to the parameters of the key to import. + * @param wrappedKey Indicates the - indicates the wrapped key to export. + * @return {@link OH_Huks_ErrCode#OH_HUKS_SUCCESS} 0 - If the operation is successful. + *         {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_ILLEGAL_ARGUMENT} 401 - If keyAlias or paramSet or key is invalid. + *        {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_NOT_SUPPORTED_API} 801 - api is not supported + *         {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT} 12000002 - If failed to + *             get key argument. + *         {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT} 12000003 - If the key argument + *             is invalid. + *         {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_FILE_OPERATION_FAIL} 12000004 - If failed to remove file, + *             or if failed to write file. + *         {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_COMMUNICATION_FAIL} 12000005 - If Ipc commuication failed. + *         {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_CRYPTO_FAIL} 12000006 - If crypto engine failed. + *         {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INTERNAL_ERROR} 12000012 - If system error ocurred. + *         {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INSUFFICIENT_MEMORY} 12000014 - If the memory is insufficient. + * @since 20 + */ + +struct OH_Huks_Result OH_Huks_WrapKey(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet , + struct OH_Huks_Blob *wrappedKey); + +/** + * @brief Imxport the wrap key encrypted by the key derived from hardware unique key + * + * @param keyAlias Indicates the pointer to the alias of the key to import. + *    The alias must be unique in the process of the service. Otherwise, the key will be overwritten. + * @param paramSet Indicates the pointer to the parameters of the key to import. + * @param wrappedKey Indicates the - indicates the wrapped key to import. + * @return {@link OH_Huks_ErrCode#OH_HUKS_SUCCESS} 0 - If the operation is successful. + *         {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_ILLEGAL_ARGUMENT} 401 - If keyAlias or paramSet or key is invalid. + *        {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_NOT_SUPPORTED_API} 801 - api is not supported + *         {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT} 12000002 - If failed to + *             get key argument. + *         {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT} 12000003 - If the key argument + *             is invalid. + *         {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_FILE_OPERATION_FAIL} 12000004 - If failed to remove file, + *             or if failed to write file. + *         {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_COMMUNICATION_FAIL} 12000005 - If Ipc commuication failed. + *         {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_CRYPTO_FAIL} 12000006 - If crypto engine failed. + *         {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INTERNAL_ERROR} 12000012 - If system error ocurred. + *         {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INSUFFICIENT_MEMORY} 12000014 - If the memory is insufficient. + * @since 20 + */ +struct OH_Huks_Result OH_Huks_UnwrapKey(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet, + struct OH_Huks_Blob *wrappedKey); + #ifdef __cplusplus } #endif diff --git a/security/huks/include/native_huks_type.h b/security/huks/include/native_huks_type.h index b3c1838c9..0ec7dac9f 100644 --- a/security/huks/include/native_huks_type.h +++ b/security/huks/include/native_huks_type.h @@ -488,6 +488,40 @@ enum OH_Huks_UserAuthType { OH_HUKS_USER_AUTH_TYPE_FACE = 1 << 1, /** PIN authentication. */ OH_HUKS_USER_AUTH_TYPE_PIN = 1 << 2, + /** + * Enum for tui pin auth type. + * + * @since 20 + */ + OH_HUKS_USER_AUTH_TYPE_TUI_PIN = 1 << 3, +}; + +/** + * Enum for the prime number of RSA private key. + * + * @since 20 + */ +enum OH_Huks_KeyWrapType { + /** + * The RSA private key include two primes + * + * @since 20 + */ + OH_HUKS_KEY_WRAP_TYPE_HUK_BASED = 2, +}; + +/** + * @brief Enum for the prime number of RSA private key. + * + * @since 20 + */ +enum OH_Huks_RsaPrimeNumType { + /** + * The RSA private key include two primes + * + * @since 20 + */ + OH_HUKS_RSA_PRIME_NUM2 = 2, }; /** @@ -716,6 +750,12 @@ enum OH_Huks_Tag { OH_HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO = OH_HUKS_TAG_TYPE_BYTES | 514, /** Version information used in the attestation. */ OH_HUKS_TAG_ATTESTATION_ID_VERSION_INFO = OH_HUKS_TAG_TYPE_BYTES | 515, + /** + *@brief The prime number of RSA private key. + * + * @since 20 + */ + OH_HUKS_TAG_RSA_PRIME_NUM = OH_HUKS_TAG_TYPE_UINT | 519, /** * 601 to 1000 are reserved for other tags. -- Gitee