diff --git a/security/huks/include/native_huks_api.h b/security/huks/include/native_huks_api.h index 9a5e1578241d56756d68b17458787a79a774b19e..229eaf3d1cb51c17378195dcdd8b9394dc610dc2 100644 --- a/security/huks/include/native_huks_api.h +++ b/security/huks/include/native_huks_api.h @@ -91,6 +91,38 @@ struct OH_Huks_Result OH_Huks_GetSdkVersion(struct OH_Huks_Blob *sdkVersion); * @since 9 * @version 1.0 */ +/** + * @brief Generates a key. + * + * @param keyAlias Indicates the pointer to the alias of the key to generate. + * The alias must be unique in the process of the service. Otherwise, the key will be overwritten. + * @param paramSetIn Indicates the pointer to the parameter set for generating the key. + * @param paramSetOut Indicates the pointer to a temporary key generated. If the generated key is + * not of a temporary type, this parameter is a null pointer. + * @return {@link OH_Huks_ErrCode#OH_HUKS_SUCCESS} 0 - If the operation is successful. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_ILLEGAL_ARGUMENT} 401 - If keyAlias or paramSetIn or + * paramSetOut is invalid. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INTERNAL_ERROR} 12000012 - If Device environment or + * input parameter abnormal.. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_FILE_OPERATION_FAIL} 12000004 - If failed to remove file, + * or if failed to write file. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT} 12000003 - If the key argument + * is invalid. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_ITEM_NOT_EXIST} 12000011 - If the base key file is not exit. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT} 12000002 - If failed to + * get key argument. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_COMMUNICATION_FAIL} 12000005 - If Ipc commuication failed. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_CRYPTO_FAIL} 12000006 - If crypto engine failed. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INSUFFICIENT_MEMORY} 12000014 - If the memory is insufficient. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_CALL_SERVICE_FAILED} 12000015 - If Failed to obtain + * the security information via UserIAM. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_DEVICE_PASSWORD_UNSET} 12000016 - If device password is required + * but not set. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_FEATURE_NOT_SUPPORTED} 12000001 - If the feature is not support. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_KEY_ALREADY_EXIST} 12000017 - If the key with same alias is + * already exist. + * @since 20 + */ struct OH_Huks_Result OH_Huks_GenerateKeyItem(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSetIn, struct OH_Huks_ParamSet *paramSetOut); @@ -120,6 +152,33 @@ struct OH_Huks_Result OH_Huks_GenerateKeyItem(const struct OH_Huks_Blob *keyAlia * @since 9 * @version 1.0 */ +/** + * @brief Imports a key in plaintext. + * + * @param keyAlias Indicates the pointer to the alias of the key to import. + * The alias must be unique in the process of the service. Otherwise, the key will be overwritten. + * @param paramSet Indicates the pointer to the parameters of the key to import. + * @param key Indicates the pointer to the key to import. The key must be in the format required by the HUKS. + * For details, see {@link HuksTypeApi}. + * @return {@link OH_Huks_ErrCode#OH_HUKS_SUCCESS} 0 - If the operation is successful. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_ILLEGAL_ARGUMENT} 401 - If keyAlias or paramSet or key is invalid. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INTERNAL_ERROR} 12000012 - If Device environment or + * input parameter abnormal.. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_FILE_OPERATION_FAIL} 12000004 - If failed to remove file, + * or if failed to write file. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT} 12000003 - If the key argument + * is invalid. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT} 12000002 - If failed to + * get key argument. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_COMMUNICATION_FAIL} 12000005 - If Ipc commuication failed. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INSUFFICIENT_MEMORY} 12000014 - If the memory is insufficient. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_CALL_SERVICE_FAILED} 12000015 - If Failed to obtain + * the security information via UserIAM. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_FEATURE_NOT_SUPPORTED} 12000001 - If the feature is not support. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_KEY_ALREADY_EXIST} 12000017 - If the key with same alias is + * already exist. + * @since 20 + */ struct OH_Huks_Result OH_Huks_ImportKeyItem(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet, const struct OH_Huks_Blob *key); @@ -153,6 +212,37 @@ struct OH_Huks_Result OH_Huks_ImportKeyItem(const struct OH_Huks_Blob *keyAlias, * @since 9 * @version 1.0 */ +/** + * @brief Imports a wrapped key. + * + * @param keyAlias Indicates the pointer to the alias of the key to import. + * The alias must be unique in the process of the service. Otherwise, the key will be overwritten. + * @param wrappingKeyAlias Indicates the pointer to the alias of the wrapping key, + * which is obtained through key agreement and used to decrypt the key to import. + * @param paramSet Indicates the pointer to the parameters of the wrapped key to import. + * @param wrappedKeyData Indicates the pointer to the wrapped key to import. + * The key must be in the format required by the HUKS. For details, see {@link OH_Huks_AlgSuite}. + * @return {@link OH_Huks_ErrCode#OH_HUKS_SUCCESS} 0 - If the operation is successful. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_ILLEGAL_ARGUMENT} 401 - If keyAlias or wrappingKeyAlias or + * paramSet or wrappedKeyData is invalid. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INTERNAL_ERROR} 12000012 - If Device environment or + * input parameter abnormal.. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_FILE_OPERATION_FAIL} 12000004 - If failed to remove file, + * or if failed to write file. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT} 12000003 - If the key argument + * is invalid. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT} 12000002 - If failed to + * get key argument. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_COMMUNICATION_FAIL} 12000005 - If Ipc commuication failed. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_CRYPTO_FAIL} 12000006 - If crypto engine failed. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INSUFFICIENT_MEMORY} 12000014 - If the memory is insufficient. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_CALL_SERVICE_FAILED} 12000015 - If Failed to obtain + * the security information via UserIAM. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_FEATURE_NOT_SUPPORTED} 12000001 - If the feature is not support. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_KEY_ALREADY_EXIST} 12000017 - If the key with same alias is + * already exist. + * @since 20 + */ struct OH_Huks_Result OH_Huks_ImportWrappedKeyItem(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_Blob *wrappingKeyAlias, const struct OH_Huks_ParamSet *paramSet, const struct OH_Huks_Blob *wrappedKeyData); @@ -421,6 +511,42 @@ struct OH_Huks_Result OH_Huks_UpdateSession(const struct OH_Huks_Blob *handle, * @see OH_Huks_UpdateSession * @see OH_Huks_AbortSession */ +/** + * @brief Ends the key session. + * + * @param handle Indicates the pointer to the key session handle, which is generated by {@link OH_Huks_InitSession}. + * @param paramSet Indicates the pointer to the parameters required for the key operation. + * @param inData Indicates the pointer to the data to be processed. + * @param outData Indicates the pointer to the output data. + * @return {@link OH_Huks_ErrCode#OH_HUKS_SUCCESS} 0 - If the operation is successful. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_ILLEGAL_ARGUMENT} 401 - If handle or paramSet or inData or + * outData is invalid. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INTERNAL_ERROR} 12000012 - If Device environment or + * input parameter abnormal.. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT} 12000003 - If the key argument + * is invalid. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_ITEM_NOT_EXIST} 12000011 - If the key file is not exit, + * or if the handle is not exist. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT} 12000002 - If failed to + * get key argument. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_COMMUNICATION_FAIL} 12000005 - If Ipc commuication failed. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_CREDENTIAL_NOT_EXIST} 12000013 - If credemtial is not exist. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_CRYPTO_FAIL} 12000006 - If crypto engine failed. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_KEY_AUTH_VERIFY_FAILED} 12000008 - If auth token verify failed. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_KEY_AUTH_PERMANENTLY_INVALIDATED} 12000007 - If auth token info + * verify failed. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_KEY_AUTH_TIME_OUT} 12000009 - If authentication token timed out. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_INSUFFICIENT_MEMORY} 12000014 - If the memory is insufficient. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_DEVICE_PASSWORD_UNSET} 12000016 - If device password is required + * but not set. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_FEATURE_NOT_SUPPORTED} 12000001 - If the feature is not support. + * {@link OH_Huks_ErrCode#OH_HUKS_ERR_CODE_KEY_ALREADY_EXIST} 12000017 - If the key with same alias is + * already exist. + * @since 20 + * @see OH_Huks_InitSession + * @see OH_Huks_UpdateSession + * @see OH_Huks_AbortSession + */ struct OH_Huks_Result OH_Huks_FinishSession(const struct OH_Huks_Blob *handle, const struct OH_Huks_ParamSet *paramSet, const struct OH_Huks_Blob *inData, struct OH_Huks_Blob *outData); diff --git a/security/huks/include/native_huks_type.h b/security/huks/include/native_huks_type.h index daa053133ae825f8ceac36303ec3251b066f7ba3..1b9cfa2eeb1c8a72e729c1bdc7f7a4d4429ecfc7 100644 --- a/security/huks/include/native_huks_type.h +++ b/security/huks/include/native_huks_type.h @@ -450,6 +450,12 @@ enum OH_Huks_ErrCode { * @since 11 */ OH_HUKS_ERR_CODE_DEVICE_PASSWORD_UNSET = 12000016, + /** + * The key with same alias is already exist. + * + * @since 20 + */ + OH_HUKS_ERR_CODE_KEY_ALREADY_EXIST = 12000017, /** * The input parameter is invalid.. *