diff --git a/security/huks/include/native_huks_api.h b/security/huks/include/native_huks_api.h index c8182d2833d77b6c97a41f4c1b3ed744c18b3ad0..585031dde4718d01b367c76a374e8396947c776a 100644 --- a/security/huks/include/native_huks_api.h +++ b/security/huks/include/native_huks_api.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2024 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -453,6 +453,60 @@ struct OH_Huks_Result OH_Huks_AbortSession(const struct OH_Huks_Blob *handle, struct OH_Huks_Result OH_Huks_ListAliases(const struct OH_Huks_ParamSet *paramSet, struct OH_Huks_KeyAliasSet **outData); +/** + * @brief Export the wrapped key encrypted by a specific key. + * @param keyAlias Indicates the pointer to the alias of the key to export. + * @param paramSet Indicates the pointer to the export parameters. + * @param wrappedKey Indicates the - indicates the wrapped key to export. + * @return {@link OH_Huks_ErrCode#OH_HUKS_SUCCESS} 0 - If the operation is successful. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_NOT_SUPPORTED_API} 801 - api is not supported + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT} 12000002 - If failed to + * get key argument. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT} 12000003 - If the key argument + * is invalid. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_FILE_OPERATION_FAIL} 12000004 - If failed to remove file, + * or if failed to write file. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_COMMUNICATION_FAIL} 12000005 - If Ipc commuication failed. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_CRYPTO_FAIL} 12000006 - If crypto engine failed. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INTERNAL_ERROR} 12000012 - If system error ocurred. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INSUFFICIENT_MEMORY} 12000014 - If the memory is insufficient. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_ILLEGAL_ARGUMENT} 12000018 - If keyAlias or paramSet or wrappedKey is invalid. + * @since 20 + * @version 1.0 + */ + struct OH_Huks_Result OH_Huks_WrapKey(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet, + struct OH_Huks_Blob *wrappedKey); + +/** + * @brief Import the wrapped key encrypted by a specific key. + * @param keyAlias Indicates the pointer to the alias of the key to import. + * The alias must be unique in the process of the service. Otherwise, the key will be overwritten. + * @param paramSet Indicates the pointer to the import parameters. + * @param wrappedKey Indicates the - indicates the wrapped key to import. + * @return {@link OH_Huks_ErrCode#OH_HUKS_SUCCESS} 0 - If the operation is successful. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_NOT_SUPPORTED_API} 801 - api is not supported + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT} 12000002 - If failed to + * get key argument. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT} 12000003 - If the key argument + * is invalid. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_FILE_OPERATION_FAIL} 12000004 - If failed to remove file, + * or if failed to write file. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_COMMUNICATION_FAIL} 12000005 - If Ipc commuication failed. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_CRYPTO_FAIL} 12000006 - If crypto engine failed. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_KEY_AUTH_PERMANENTLY_INVALIDATED} 12000007 - If auth token info + * verify failed. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_KEY_AUTH_VERIFY_FAILED} 12000008 - If auth token verify failed. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_KEY_AUTH_TIME_OUT} 12000009 - If authentication token timed out. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INTERNAL_ERROR} 12000012 - If system error ocurred. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INSUFFICIENT_MEMORY} 12000014 - If the memory is insufficient. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_CALL_SERVICE_FAILED} 12000015 - If connect userIam failed. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_ILLEGAL_ARGUMENT} 12000018 - If keyAlias or paramSet or wrappedKey is invalid. + * @since 20 + * @version 1.0 + */ +struct OH_Huks_Result OH_Huks_UnwrapKey(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet, + const struct OH_Huks_Blob *wrappedKey); + #ifdef __cplusplus } #endif diff --git a/security/huks/include/native_huks_type.h b/security/huks/include/native_huks_type.h index b3c1838c969889380fb9084428d64a5ca9fd095d..3556182a2b22de827cf1ac22f5dbd64236a44a47 100644 --- a/security/huks/include/native_huks_type.h +++ b/security/huks/include/native_huks_type.h @@ -451,6 +451,12 @@ enum OH_Huks_ErrCode { * @since 11 */ OH_HUKS_ERR_CODE_DEVICE_PASSWORD_UNSET = 12000016, + /** + * The input parameter is invalid. + * + * @since 20 + */ + OH_HUKS_ERR_CODE_INVALID_ARGUMENT = 12000018 }; /** @@ -488,6 +494,8 @@ enum OH_Huks_UserAuthType { OH_HUKS_USER_AUTH_TYPE_FACE = 1 << 1, /** PIN authentication. */ OH_HUKS_USER_AUTH_TYPE_PIN = 1 << 2, + /** TUI PIN authentication. */ + OH_HUKS_USER_AUTH_TYPE_TUI_PIN = 1 << 5, }; /** @@ -601,6 +609,21 @@ enum OH_Huks_SecureSignType { OH_HUKS_SECURE_SIGN_WITH_AUTHINFO = 1, }; +/** + * @brief Enumerates for key wrap type. + * + * @since 20 + * @version 1.0 + */ + enum OH_Huks_KeyWrapType { + /** + * The hardware unique key wrap type. + * + * @since 20 + */ + OH_HUKS_KEY_WRAP_TYPE_HUK_BASED = 2, +}; + /** * @brief Enumerates the tag values used in parameter sets. *