diff --git a/security/huks/include/native_huks_api.h b/security/huks/include/native_huks_api.h index eb7a334f02e27b882aaab3625a3c1f631cc73c17..ac7192d0b4b3006af9f4eefe41c83ad902e5b6a2 100644 --- a/security/huks/include/native_huks_api.h +++ b/security/huks/include/native_huks_api.h @@ -73,6 +73,23 @@ struct OH_Huks_Result OH_Huks_GetSdkVersion(struct OH_Huks_Blob *sdkVersion); struct OH_Huks_Result OH_Huks_GenerateKeyItem(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSetIn, struct OH_Huks_ParamSet *paramSetOut); +/** + * @brief Generates a key as user. + * + * @permission ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS + * @param userId Indicates the userId of the owner of the key. + * @param keyAlias Indicates the pointer to the alias of the key to generate. + * The alias must be unique in the process of the service. Otherwise, the key will be overwritten. + * @param paramSetIn Indicates the pointer to the parameter set for generating the key. + * @param paramSetOut Indicates the pointer to a temporary key generated. If the generated key is + * not of a temporary type, this parameter is a null pointer. + * @return Returns {@link OH_Huks_ErrCode#OH_HUKS_SUCCESS} if the operation is successful; + * returns an error code otherwise. + * @since 12 + */ +struct OH_Huks_Result OH_Huks_GenerateKeyItemAsUser(int userId, const struct OH_Huks_Blob *keyAlias, + const struct OH_Huks_ParamSet *paramSetIn, struct OH_Huks_ParamSet *paramSetOut); + /** * @brief Imports a key in plaintext. * @@ -89,6 +106,23 @@ struct OH_Huks_Result OH_Huks_GenerateKeyItem(const struct OH_Huks_Blob *keyAlia struct OH_Huks_Result OH_Huks_ImportKeyItem(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet, const struct OH_Huks_Blob *key); +/** + * @brief Imports a key in plaintext as user. + * + * @permission ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS + * @param userId Indicates the userId of the owner of the key. + * @param keyAlias Indicates the pointer to the alias of the key to import. + * The alias must be unique in the process of the service. Otherwise, the key will be overwritten. + * @param paramSet Indicates the pointer to the parameters of the key to import. + * @param key Indicates the pointer to the key to import. The key must be in the format required by the HUKS. + * For details, see {@link HuksTypeApi}. + * @return Returns {@link OH_Huks_ErrCode#OH_HUKS_SUCCESS} if the operation is successful; + * returns an error code otherwise. + * @since 12 + */ +struct OH_Huks_Result OH_Huks_ImportKeyItemAsUser(int userId, const struct OH_Huks_Blob *keyAlias, + const struct OH_Huks_ParamSet *paramSet, const struct OH_Huks_Blob *key); + /** * @brief Imports a wrapped key. * @@ -108,6 +142,26 @@ struct OH_Huks_Result OH_Huks_ImportWrappedKeyItem(const struct OH_Huks_Blob *ke const struct OH_Huks_Blob *wrappingKeyAlias, const struct OH_Huks_ParamSet *paramSet, const struct OH_Huks_Blob *wrappedKeyData); +/** + * @brief Imports a wrapped key as user. + * + * @permission ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS + * @param userId Indicates the userId of the owner of the key. + * @param keyAlias Indicates the pointer to the alias of the key to import. + * The alias must be unique in the process of the service. Otherwise, the key will be overwritten. + * @param wrappingKeyAlias Indicates the pointer to the alias of the wrapping key, + * which is obtained through key agreement and used to decrypt the key to import. + * @param paramSet Indicates the pointer to the parameters of the wrapped key to import. + * @param wrappedKeyData Indicates the pointer to the wrapped key to import. + * The key must be in the format required by the HUKS. For details, see {@link OH_Huks_AlgSuite}. + * @return Returns {@link OH_Huks_ErrCode#OH_HUKS_SUCCESS} if the operation is successful; + * returns an error code otherwise. + * @since 12 + */ +struct OH_Huks_Result OH_Huks_ImportWrappedKeyItemAsUser(int userId, const struct OH_Huks_Blob *keyAlias, + const struct OH_Huks_Blob *wrappingKeyAlias, const struct OH_Huks_ParamSet *paramSet, + const struct OH_Huks_Blob *wrappedKeyData); + /** * @brief Exports a public key. * @@ -123,6 +177,22 @@ struct OH_Huks_Result OH_Huks_ImportWrappedKeyItem(const struct OH_Huks_Blob *ke struct OH_Huks_Result OH_Huks_ExportPublicKeyItem(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet, struct OH_Huks_Blob *key); +/** + * @brief Exports a public key as user. + * + * @permission ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS + * @param userId Indicates the userId of the owner of the key. + * @param keyAlias Indicates the pointer to the alias of the public key to export. + * The alias must be the same as the alias for the key generated. + * @param paramSet Indicates the pointer to the parameters required for exporting the public key. + * @param key Indicates the pointer to the public key exported. + * @return Returns {@link OH_Huks_ErrCode#OH_HUKS_SUCCESS} if the operation is successful; + * returns an error code otherwise. + * @since 12 + */ +struct OH_Huks_Result OH_Huks_ExportPublicKeyItemAsUser(int userId, const struct OH_Huks_Blob *keyAlias, + const struct OH_Huks_ParamSet *paramSet, struct OH_Huks_Blob *key); + /** * @brief Deletes a key. * @@ -138,6 +208,22 @@ struct OH_Huks_Result OH_Huks_ExportPublicKeyItem(const struct OH_Huks_Blob *key struct OH_Huks_Result OH_Huks_DeleteKeyItem(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet); +/** + * @brief Deletes a key as user. + * + * @permission ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS + * @param userId Indicates the userId of the owner of the key. + * @param keyAlias Indicates the pointer to the alias of the key to delete. + * The alias must be the same as the alias for the key generated. + * @param paramSet Indicates the pointer to the parameters required for deleting the key. + * By default, this parameter is a null pointer. + * @return Returns {@link OH_Huks_ErrCode#OH_HUKS_SUCCESS} if the operation is successful; + * returns an error code otherwise. + * @since 12 + */ +struct OH_Huks_Result OH_Huks_DeleteKeyItemAsUser(int userId, const struct OH_Huks_Blob *keyAlias, + const struct OH_Huks_ParamSet *paramSet); + /** * @brief Obtains the attributes of a key. * @@ -153,6 +239,22 @@ struct OH_Huks_Result OH_Huks_DeleteKeyItem(const struct OH_Huks_Blob *keyAlias, struct OH_Huks_Result OH_Huks_GetKeyItemParamSet(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSetIn, struct OH_Huks_ParamSet *paramSetOut); +/** + * @brief Obtains the attributes of a key as user. + * + * @permission ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS + * @param userId Indicates the userId of the owner of the key. + * @param keyAlias Indicates the pointer to the alias of the target key. + * @param paramSetIn Indicates the pointer to the attribute tag required for + * obtaining the attributes. By default, this parameter is a null pointer. + * @param paramSetOut Indicates the pointer to the attributes obtained. + * @return Returns {@link OH_Huks_ErrCode#OH_HUKS_SUCCESS} if the operation is successful; + * returns an error code otherwise. + * @since 12 + */ +struct OH_Huks_Result OH_Huks_GetKeyItemParamSetAsUser(int userId, const struct OH_Huks_Blob *keyAlias, + const struct OH_Huks_ParamSet *paramSetIn, struct OH_Huks_ParamSet *paramSetOut); + /** * @brief Checks whether a key exists. * @@ -168,6 +270,22 @@ struct OH_Huks_Result OH_Huks_GetKeyItemParamSet(const struct OH_Huks_Blob *keyA struct OH_Huks_Result OH_Huks_IsKeyItemExist(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet); +/** + * @brief Checks whether a key exists as user. + * + * @permission ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS + * @param userId Indicates the userId of the owner of the key. + * @param keyAlias Indicates the pointer to the alias of the target key. + * @param paramSet Indicates the pointer to the attribute tag required for checking the key. + * By default, this parameter is a null pointer. + * @return Returns {@link OH_Huks_ErrCode#OH_HUKS_SUCCESS} if the key exists. + * @return Returns {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_ITEM_NOT_EXIST} if the key does not exist. + * @return Returns any other error code for other cases. + * @since 12 + */ +struct OH_Huks_Result OH_Huks_IsKeyItemExistAsUser(int userId, const struct OH_Huks_Blob *keyAlias, + const struct OH_Huks_ParamSet *paramSet); + /** * @brief Obtain the key certificate chain. * @@ -183,6 +301,22 @@ struct OH_Huks_Result OH_Huks_IsKeyItemExist(const struct OH_Huks_Blob *keyAlias struct OH_Huks_Result OH_Huks_AttestKeyItem(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet, struct OH_Huks_CertChain *certChain); +/** + * @brief Obtain the key certificate chain as user. + * + * @permission ohos.permission.ATTEST_KEY + * @permission ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS + * @param userId Indicates the userId of the owner of the key. + * @param keyAlias Indicates the pointer to the alias of the target key. + * @param paramSet Indicates the pointer to the parameters required for obtaining the key certificate. + * @param certChain Indicates the pointer to the key certificate chain obtained. + * @return Returns {@link OH_Huks_ErrCode#OH_HUKS_SUCCESS} if the operation is successful; + * returns an error code otherwise. + * @since 12 + */ +struct OH_Huks_Result OH_Huks_AttestKeyItemAsUser(int userId, const struct OH_Huks_Blob *keyAlias, + const struct OH_Huks_ParamSet *paramSet, struct OH_Huks_CertChain *certChain); + /** * @brief Obtain the key certificate chain. * @@ -198,6 +332,22 @@ struct OH_Huks_Result OH_Huks_AttestKeyItem(const struct OH_Huks_Blob *keyAlias, struct OH_Huks_Result OH_Huks_AnonAttestKeyItem(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet, struct OH_Huks_CertChain *certChain); +/** + * @brief Obtain the key certificate chain as user. + * + * @permission ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS + * @param userId Indicates the userId of the owner of the key. + * @param keyAlias Indicates the pointer to the alias of the target key. + * @param paramSet Indicates the pointer to the parameters required for obtaining the key certificate. + * @param certChain Indicates the pointer to the key certificate chain obtained. + * @return Returns {@link OH_Huks_ErrCode#OH_HUKS_SUCCESS} if the operation is successful; + * returns an error code otherwise. + * @since 12 + * @note this is a networking duration interface caller need to get the certChain in asynchronous thread + */ +struct OH_Huks_Result OH_Huks_AnonAttestKeyItemAsUser(int userId, const struct OH_Huks_Blob *keyAlias, + const struct OH_Huks_ParamSet *paramSet, struct OH_Huks_CertChain *certChain); + /** * @brief Initializes the key session interface and obtains a handle (mandatory) and challenge value (optional). * @@ -218,6 +368,27 @@ struct OH_Huks_Result OH_Huks_AnonAttestKeyItem(const struct OH_Huks_Blob *keyAl struct OH_Huks_Result OH_Huks_InitSession(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet, struct OH_Huks_Blob *handle, struct OH_Huks_Blob *token); +/** + * @brief Initializes the key session interface and obtains a handle (mandatory) and challenge value (optional) as user. + * + * @permission ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS + * @param userId Indicates the userId of the owner of the key. + * @param keyAlias Indicates the pointer to the alias of the target key. + * @param paramSet Indicates the pointer to the parameters for the initialization operation. + * @param handle Indicates the pointer to the handle of the key session obtained. + * This handle is required for subsequent operations, including {@link OH_Huks_UpdateSession}, + * {@link OH_Huks_FinishSession}, and {@link OH_Huks_AbortSession}. + * @param challenge Indicates the pointer to the challenge value obtained. + * @return Returns {@link OH_Huks_ErrCode#OH_HUKS_SUCCESS} if the operation is successful; + * returns an error code otherwise. + * @since 12 + * @see OH_Huks_UpdateSession + * @see OH_Huks_FinishSession + * @see OH_Huks_AbortSession + */ +struct OH_Huks_Result OH_Huks_InitSessionAsUser(int userId, const struct OH_Huks_Blob *keyAlias, + const struct OH_Huks_ParamSet *paramSet, struct OH_Huks_Blob *handle, struct OH_Huks_Blob *token); + /** * @brief Adds data by segment for the key operation, performs the related key operation, * and outputs the processed data. diff --git a/security/huks/libhuks.ndk.json b/security/huks/libhuks.ndk.json index a07592c0bea1c6ccaa40c94fc8f10ad7826cc55d..fd63c3880b81e40a47ac4b532483b4f35b5798d0 100644 --- a/security/huks/libhuks.ndk.json +++ b/security/huks/libhuks.ndk.json @@ -5,30 +5,63 @@ { "name": "OH_Huks_GenerateKeyItem" }, + { + "name": "OH_Huks_GenerateKeyItemAsUser" + }, { "name": "OH_Huks_ImportKeyItem" }, + { + "name": "OH_Huks_ImportKeyItemAsUser" + }, { "name": "OH_Huks_ImportWrappedKeyItem" }, + { + "name": "OH_Huks_ImportWrappedKeyItemAsUser" + }, { "name": "OH_Huks_ExportPublicKeyItem" }, + { + "name": "OH_Huks_ExportPublicKeyItemAsUser" + }, { "name": "OH_Huks_DeleteKeyItem" }, + { + "name": "OH_Huks_DeleteKeyItemAsUser" + }, { "name": "OH_Huks_GetKeyItemParamSet" }, + { + "name": "OH_Huks_GetKeyItemParamSetAsUser" + }, { "name": "OH_Huks_IsKeyItemExist" }, + { + "name": "OH_Huks_IsKeyItemExistAsUser" + }, { "name": "OH_Huks_AttestKeyItem" }, + { + "name": "OH_Huks_AttestKeyItemAsUser" + }, + { + "name": "OH_Huks_AnonAttestKeyItem" + }, + { + "name": "OH_Huks_AnonAttestKeyItemAsUser" + }, { "name": "OH_Huks_InitSession" }, + { + "name": "OH_Huks_InitSessionAsUser" + }, { "name": "OH_Huks_UpdateSession" },