From 7d9e9d165199c793b5318835cc244921eda17e74 Mon Sep 17 00:00:00 2001 From: CooperTang <454519546@qq.com> Date: Tue, 5 Sep 2023 16:10:44 +0800 Subject: [PATCH 1/3] =?UTF-8?q?p1=E6=AE=B5=E8=90=BD=E6=8F=90=E4=BA=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../security/huks-guidelines.md | 66 +++++++++++-------- 1 file changed, 37 insertions(+), 29 deletions(-) diff --git a/zh-cn/application-dev/security/huks-guidelines.md b/zh-cn/application-dev/security/huks-guidelines.md index 2bc815d539..7a8748ab5e 100644 --- a/zh-cn/application-dev/security/huks-guidelines.md +++ b/zh-cn/application-dev/security/huks-guidelines.md @@ -112,14 +112,16 @@ async function TestGenKey() { **代码示例:** ```js +import huks from '@ohos.security.huks' + /* * 以导入AES256密钥为例 */ - + /* 密钥 */ let plainTextSize32 = new Uint8Array([ - 0xfb, 0x8b, 0x9f, 0x12, 0xa0, 0x83, 0x19, 0xbe, 0x6a, 0x6f, 0x63, 0x2a, 0x7c, 0x86, 0xba, 0xca, - 0x64, 0x0b, 0x88, 0x96, 0xe2, 0xfa, 0x77, 0xbc, 0x71, 0xe3, 0x0f, 0x0f, 0x9e, 0x3c, 0xe5, 0xf9 + 0xfb, 0x8b, 0x9f, 0x12, 0xa0, 0x83, 0x19, 0xbe, 0x6a, 0x6f, 0x63, 0x2a, 0x7c, 0x86, 0xba, 0xca, + 0x64, 0x0b, 0x88, 0x96, 0xe2, 0xfa, 0x77, 0xbc, 0x71, 0xe3, 0x0f, 0x0f, 0x9e, 0x3c, 0xe5, 0xf9 ]); /* @@ -129,39 +131,45 @@ let keyAlias = 'AES256Alias_sample'; /* * 封装密钥属性集和密钥材料 - */ -let properties = new Array(); -properties[0] = { - tag: huks.HuksTag.HUKS_TAG_ALGORITHM, - value: huks.HuksKeyAlg.HUKS_ALG_AES -}; -properties[1] = { - tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, - value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 -}; -properties[2] = { - tag: huks.HuksTag.HUKS_TAG_PURPOSE, - value: - huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT -}; -let options = { - properties: properties, - inData: plainTextSize32 + */ +class propertyType { + tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM; + value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose = huks.HuksKeyAlg.HUKS_ALG_RSA; +} + +let properties: propertyType[] = [ + { + tag: huks.HuksTag.HUKS_TAG_ALGORITHM, + value:huks.HuksKeyAlg.HUKS_ALG_AES + }, + { + tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, + value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 + }, + { + tag: huks.HuksTag.HUKS_TAG_PURPOSE, + value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT + }, +] + +let options: huks.HuksOptions = { + properties: properties, + inData: plainTextSize32 }; /* * 导入密钥 */ try { - huks.importKeyItem(keyAlias, options, function (error, data) { - if (error) { - console.error(`callback: importKeyItem failed, code: ${error.code}, msg: ${error.message}`); - } else { - console.info(`callback: importKeyItem success`); - } - }); + huks.importKeyItem(keyAlias, options, (error, data) => { + if (error) { + console.error(`callback: importKeyItem failed, code: ${error.code}, msg: ${error.message}`); + } else { + console.info(`callback: importKeyItem success`); + } + }); } catch (error) { - console.error(`callback: importKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`); + console.error(`callback: importKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`); } ``` -- Gitee From b6816df776c5aaec9c3fae539960578c64189ba6 Mon Sep 17 00:00:00 2001 From: CooperTang <454519546@qq.com> Date: Tue, 5 Sep 2023 16:49:34 +0800 Subject: [PATCH 2/3] =?UTF-8?q?p2=E6=AE=B5=E8=90=BD=E6=8F=90=E4=BA=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../security/huks-guidelines.md | 45 +++++++++++-------- 1 file changed, 26 insertions(+), 19 deletions(-) diff --git a/zh-cn/application-dev/security/huks-guidelines.md b/zh-cn/application-dev/security/huks-guidelines.md index 7a8748ab5e..54d7057807 100644 --- a/zh-cn/application-dev/security/huks-guidelines.md +++ b/zh-cn/application-dev/security/huks-guidelines.md @@ -183,30 +183,37 @@ try { import huks from '@ohos.security.huks'; let keyAlias = 'AES256Alias_sample'; -let isKeyExist; +let isKeyExist = false; -let keyProperties = new Array(); -keyProperties[0] = { - tag: huks.HuksTag.HUKS_TAG_ALGORITHM, - value: huks.HuksKeyAlg.HUKS_ALG_AES, +class keyPropertyType { + tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM; + value: huks.HuksKeyAlg = huks.HuksKeyAlg.HUKS_ALG_RSA; } -let huksOptions = { - properties: keyProperties, // 非空填充 - inData: new Uint8Array(new Array()) // 非空填充 + +let keyProperties : keyPropertyType[] = [ + { + tag: huks.HuksTag.HUKS_TAG_ALGORITHM, + value: huks.HuksKeyAlg.HUKS_ALG_AES + }, +] + +let huksOptions: huks.HuksOptions = { + properties: keyProperties, // 非空填充 + inData: new Uint8Array(new Array()) // 非空填充 } try { - huks.isKeyItemExist(keyAlias, huksOptions, function (error, data) { - if (error) { - console.error(`callback: isKeyItemExist failed, code: ${error.code}, msg: ${error.message}`); - } else { - if (data !== null && data.valueOf() !== null) { - isKeyExist = data.valueOf(); - console.info(`callback: isKeyItemExist success, isKeyExist = ${isKeyExist}`); - } - } - }); + huks.isKeyItemExist(keyAlias, huksOptions, (error, data) => { + if (error) { + console.error(`callback: isKeyItemExist failed, code: ${error.code}, msg: ${error.message}`); + } else { + if (data !== null && data.valueOf() !== null) { + isKeyExist = data.valueOf(); + console.info(`callback: isKeyItemExist success, isKeyExist = ${isKeyExist}`); + } + } + }); } catch (error) { - console.error(`callback: isKeyItemExist input arg invalid, code: ${error.code}, msg: ${error.message}`); + console.error(`callback: isKeyItemExist input arg invalid, code: ${error.code}, msg: ${error.message}`); } ``` -- Gitee From 8fd069174192ecdca6d650391be59115d6ca3b52 Mon Sep 17 00:00:00 2001 From: CooperTang <454519546@qq.com> Date: Wed, 6 Sep 2023 17:10:01 +0800 Subject: [PATCH 3/3] =?UTF-8?q?p1=20p2=20p10=20p11=20p13=20p14=E6=AE=B5?= =?UTF-8?q?=E8=90=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../security/huks-guidelines.md | 986 +++++++++--------- 1 file changed, 520 insertions(+), 466 deletions(-) diff --git a/zh-cn/application-dev/security/huks-guidelines.md b/zh-cn/application-dev/security/huks-guidelines.md index 54d7057807..085b4a80cc 100644 --- a/zh-cn/application-dev/security/huks-guidelines.md +++ b/zh-cn/application-dev/security/huks-guidelines.md @@ -190,7 +190,7 @@ class keyPropertyType { value: huks.HuksKeyAlg = huks.HuksKeyAlg.HUKS_ALG_RSA; } -let keyProperties : keyPropertyType[] = [ +let keyProperties: keyPropertyType[] = [ { tag: huks.HuksTag.HUKS_TAG_ALGORITHM, value: huks.HuksKeyAlg.HUKS_ALG_AES @@ -1930,6 +1930,7 @@ async function testInitAndAuthFinger() { * 以下以SM4 128密钥的Callback操作使用为例 */ import huks from '@ohos.security.huks'; +import { BusinessError } from '@ohos.base'; /* * 确定密钥别名和封装密钥属性参数集 @@ -1937,139 +1938,149 @@ import huks from '@ohos.security.huks'; let srcKeyAlias = 'sm4_key_fingerprint_access'; let IV = '1234567890123456'; let cipherInData = 'Hks_SM4_Cipher_Test_101010101010101010110_string'; -let handle; -let fingerAuthToken; -let updateResult = new Array(); -let finishOutData; +let handle: number; +let fingerAuthToken: Uint8Array; +let finishOutData: Uint8Array; -/* 集成生成密钥参数集 & 加密参数集 */ -let propertiesEncrypt = new Array(); -propertiesEncrypt[0] = { - tag: huks.HuksTag.HUKS_TAG_ALGORITHM, - value: huks.HuksKeyAlg.HUKS_ALG_SM4, -} -propertiesEncrypt[1] = { - tag: huks.HuksTag.HUKS_TAG_PURPOSE, - value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT, -} -propertiesEncrypt[2] = { - tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, - value: huks.HuksKeySize.HUKS_SM4_KEY_SIZE_128, -} -propertiesEncrypt[3] = { - tag: huks.HuksTag.HUKS_TAG_PADDING, - value: huks.HuksKeyPadding.HUKS_PADDING_NONE, -} -propertiesEncrypt[4] = { - tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, - value: huks.HuksCipherMode.HUKS_MODE_CBC, -} -propertiesEncrypt[5] = { - tag: huks.HuksTag.HUKS_TAG_IV, - value: StringToUint8Array(IV), -} -let encryptOptions = { - properties: propertiesEncrypt, - inData: new Uint8Array(new Array()) +class throwObject { + isThrow: boolean = false; } -function StringToUint8Array(str) { - let arr = []; - for (let i = 0, j = str.length; i < j; ++i) { - arr.push(str.charCodeAt(i)); - } - return new Uint8Array(arr); +/* 集成生成密钥参数集 & 加密参数集 */ +class propertyEncryptType { + tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM; + value: huks.HuksKeyAlg | huks.HuksKeyPurpose | huks.HuksKeySize | huks.HuksKeyPadding | huks.HuksCipherMode + | Uint8Array = huks.HuksKeyAlg.HUKS_ALG_SM4; } -function updateSession(handle, huksOptions, token, throwObject) { - return new Promise((resolve, reject) => { - try { - huks.updateSession(handle, huksOptions, token, function (error, data) { - if (error) { - reject(error); - } else { - resolve(data); - } - }); - } catch (error) { - throwObject.isThrow = true; - throw(error); - } - }); +let propertiesEncrypt: propertyEncryptType[] = [ + { + tag: huks.HuksTag.HUKS_TAG_ALGORITHM, + value: huks.HuksKeyAlg.HUKS_ALG_SM4, + }, + { + tag: huks.HuksTag.HUKS_TAG_PURPOSE, + value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT, + }, + { + tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, + value: huks.HuksKeySize.HUKS_SM4_KEY_SIZE_128, + }, + { + tag: huks.HuksTag.HUKS_TAG_PADDING, + value: huks.HuksKeyPadding.HUKS_PADDING_NONE, + }, + { + tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, + value: huks.HuksCipherMode.HUKS_MODE_CBC, + }, + { + tag: huks.HuksTag.HUKS_TAG_IV, + value: StringToUint8Array(IV), + } +] + +let encryptOptions: huks.HuksOptions = { + properties: propertiesEncrypt, + inData: new Uint8Array(new Array()) } -async function publicUpdateFunc(handle, token, huksOptions) { - console.info(`enter callback doUpdate`); - let throwObject = {isThrow: false}; - try { - await updateSession(handle, huksOptions, token, throwObject) - .then ((data) => { - console.info(`callback: doUpdate success, data = ${JSON.stringify(data)}`); - }) - .catch(error => { - if (throwObject.isThrow) { - throw(error); - } else { - console.error(`callback: doUpdate failed, code: ${error.code}, msg: ${error.message}`); - } - }); - } catch (error) { - console.error(`callback: doUpdate input arg invalid, code: ${error.code}, msg: ${error.message}`); - } +function StringToUint8Array(str: string) { + let arr: number[] = []; + for (let i = 0, j = str.length; i < j; ++i) { + arr.push(str.charCodeAt(i)); + } +return new Uint8Array(arr); +} + +function updateSession(handle: number, huksOptions: huks.HuksOptions, token: Uint8Array, throwObject: throwObject) { + return new Promise((resolve, reject) => { + try { + huks.updateSession(handle, huksOptions, token, (error, data) => { + if (error) { + reject(error); + } else { + resolve(data); + } + }); + } catch (error) { + throwObject.isThrow = true; + throw(error as Error); + } + }); } -function finishSession(handle, huksOptions, token, throwObject) { - return new Promise((resolve, reject) => { - try { - huks.finishSession(handle, huksOptions, token, function (error, data) { - if (error) { - reject(error); - } else { - resolve(data); - } - }); - } catch (error) { - throwObject.isThrow = true; - throw(error); +async function publicUpdateFunc(handle: number, token: Uint8Array, huksOptions: huks.HuksOptions) { + console.info(`enter callback doUpdate`); + let throwObject: throwObject = {isThrow: false}; +try { + await updateSession(handle, huksOptions, token, throwObject) + .then ((data) => { + console.info(`callback: doUpdate success, data = ${JSON.stringify(data)}`); + }) + .catch((error: BusinessError) => { + if (throwObject.isThrow) { + throw(error as Error); + } else { + console.error(`callback: doUpdate failed, code: ${error.code}, msg: ${error.message}`); } - }); + }); + } catch (error) { + console.error(`callback: doUpdate input arg invalid, code: ${error.code}, msg: ${error.message}`); +} +} + +function finishSession(handle: number, huksOptions: huks.HuksOptions, token: Uint8Array, throwObject: throwObject) { + return new Promise((resolve, reject) => { + try { + huks.finishSession(handle, huksOptions, token, (error, data) => { + if (error) { + reject(error); + } else { + resolve(data); + } + }); + } catch (error) { + throwObject.isThrow = true; + throw(error as Error); + } + }); } -async function publicFinishFunc(handle, token, huksOptions) { - console.info(`enter callback doFinish`); - let throwObject = {isThrow: false}; - try { - await finishSession(handle, huksOptions, token, throwObject) - .then ((data) => { - finishOutData = data.outData; - console.info(`callback: doFinish success, data = ${JSON.stringify(data)}`); - }) - .catch(error => { - if (throwObject.isThrow) { - throw(error); - } else { - console.error(`callback: doFinish failed, code: ${error.code}, msg: ${error.message}`); - } - }); - } catch (error) { - console.error(`callback: doFinish input arg invalid, code: ${error.code}, msg: ${error.message}`); - } +async function publicFinishFunc(handle: number, token: Uint8Array, huksOptions: huks.HuksOptions) { + console.info(`enter callback doFinish`); + let throwObject: throwObject = {isThrow: false}; +try { + await finishSession(handle, huksOptions, token, throwObject) + .then ((data) => { + finishOutData = data.outData as Uint8Array; + console.info(`callback: doFinish success, data = ${JSON.stringify(data)}`); + }) + .catch((error: BusinessError) => { + if (throwObject.isThrow) { + throw(error as Error); + } else { + console.error(`callback: doFinish failed, code: ${error.code}, msg: ${error.message}`); + } + }); + } catch (error) { + console.error(`callback: doFinish input arg invalid, code: ${error.code}, msg: ${error.message}`); +} } async function testSm4Cipher() { - encryptOptions.inData = StringToUint8Array(cipherInData); - /* 传入认证令牌 */ - await publicUpdateFunc(handle, fingerAuthToken, encryptOptions); - let encryptUpdateResult = updateResult; - - encryptOptions.inData = new Uint8Array(new Array()); - /* 传入认证令牌 */ - await publicFinishFunc(handle, fingerAuthToken, encryptOptions); - if (finishOutData === cipherInData) { - console.info('test finish encrypt err '); - } else { - console.info('test finish encrypt success'); - } + encryptOptions.inData = StringToUint8Array(cipherInData); + /* 传入认证令牌 */ + await publicUpdateFunc(handle, fingerAuthToken, encryptOptions); + + encryptOptions.inData = new Uint8Array(new Array()); + /* 传入认证令牌 */ + await publicFinishFunc(handle, fingerAuthToken, encryptOptions); + if (finishOutData === StringToUint8Array(cipherInData)) { + console.info('test finish encrypt err '); + } else { + console.info('test finish encrypt success'); + } } ``` @@ -2104,99 +2115,108 @@ async function testSm4Cipher() { ```js import huks from '@ohos.security.huks'; +import { BusinessError } from '@ohos.base'; /* * 确定密钥别名和封装密钥属性参数集 */ let keyAlias = 'dh_key_fingerprint_access'; -let properties = new Array(); -properties[0] = { - tag: huks.HuksTag.HUKS_TAG_ALGORITHM, - value: huks.HuksKeyAlg.HUKS_ALG_SM4, -} -properties[1] = { - tag: huks.HuksTag.HUKS_TAG_PURPOSE, - value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT, -} -properties[2] = { - tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, - value: huks.HuksKeySize.HUKS_SM4_KEY_SIZE_128, -} -properties[3] = { - tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, - value: huks.HuksCipherMode.HUKS_MODE_CBC, -} -properties[4] = { - tag: huks.HuksTag.HUKS_TAG_PADDING, - value: huks.HuksKeyPadding.HUKS_PADDING_NONE, -} -// 指定密钥身份认证的类型:指纹 -properties[5] = { - tag: huks.HuksTag.HUKS_TAG_USER_AUTH_TYPE, - value: huks.HuksUserAuthType.HUKS_USER_AUTH_TYPE_FINGERPRINT -} -// 指定密钥安全授权的类型(失效类型):新录入生物特征(指纹)后无效 -properties[6] = { - tag: huks.HuksTag.HUKS_TAG_KEY_AUTH_ACCESS_TYPE, - value: huks.HuksAuthAccessType.HUKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL -} -// 指定挑战值的类型:默认类型 -properties[7] = { - tag: huks.HuksTag.HUKS_TAG_CHALLENGE_TYPE, - value: huks.HuksChallengeType.HUKS_CHALLENGE_TYPE_NORMAL + +class throwObject { + isThrow: boolean = false; } -// 指定某种算法用途时需要用户身份认证访问控制:比如解密需要 -properties[8] = { - tag: huks.HuksTag.HUKS_TAG_KEY_AUTH_PURPOSE, - value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT + +class propertyType { + tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM; + value: huks.HuksKeyAlg | huks.HuksKeyPurpose | huks.HuksKeySize | huks.HuksCipherMode | huks.HuksKeyPadding + | huks.HuksUserAuthType | huks.HuksAuthAccessType | huks.HuksChallengeType = huks.HuksKeyAlg.HUKS_ALG_SM4 } -let huksOptions = { - properties: properties, - inData: new Uint8Array(new Array()) +let properties: propertyType[] = [ + { + tag: huks.HuksTag.HUKS_TAG_ALGORITHM, + value: huks.HuksKeyAlg.HUKS_ALG_SM4, + }, + { + tag: huks.HuksTag.HUKS_TAG_PURPOSE, + value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT, + }, + { + tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, + value: huks.HuksKeySize.HUKS_SM4_KEY_SIZE_128, + }, + { + tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, + value: huks.HuksCipherMode.HUKS_MODE_CBC, + }, + { + tag: huks.HuksTag.HUKS_TAG_PADDING, + value: huks.HuksKeyPadding.HUKS_PADDING_NONE, + }, + { + tag: huks.HuksTag.HUKS_TAG_USER_AUTH_TYPE, + value: huks.HuksUserAuthType.HUKS_USER_AUTH_TYPE_FINGERPRINT + }, + { + tag: huks.HuksTag.HUKS_TAG_KEY_AUTH_ACCESS_TYPE, + value: huks.HuksAuthAccessType.HUKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL + }, + { + tag: huks.HuksTag.HUKS_TAG_CHALLENGE_TYPE, + value: huks.HuksChallengeType.HUKS_CHALLENGE_TYPE_NORMAL + }, + { + tag: huks.HuksTag.HUKS_TAG_KEY_AUTH_PURPOSE, + value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT + } +] + +let huksOptions: huks.HuksOptions = { + properties: properties, + inData: new Uint8Array(new Array()) } /* * 生成密钥 */ -async function generateKeyItem(keyAlias, huksOptions, throwObject) { - return new Promise((resolve, reject) => { - try { - huks.generateKeyItem(keyAlias, huksOptions, function (error, data) { - if (error) { - reject(error); - } else { - resolve(data); - } - }); - } catch (error) { - throwObject.isThrow = true; - throw(error); - } - }); +async function generateKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { + return new Promise((resolve, reject) => { + try { + huks.generateKeyItem(keyAlias, huksOptions, (error, data) => { + if (error) { + reject(error); + } else { + resolve(data); + } + }); + } catch (error) { + throwObject.isThrow = true; + throw(error as Error); + } + }); } -async function publicGenKeyFunc(keyAlias, huksOptions) { - console.info(`enter callback generateKeyItem`); - let throwObject = {isThrow: false}; - try { - await generateKeyItem(keyAlias, huksOptions, throwObject) - .then((data) => { - console.info(`callback: generateKeyItem success, data = ${JSON.stringify(data)}`); - }) - .catch(error => { - if (throwObject.isThrow) { - throw(error); - } else { - console.error(`callback: generateKeyItem failed, code: ${error.code}, msg: ${error.message}`); - } - }); - } catch (error) { - console.error(`callback: generateKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`); - } +async function publicGenKeyFunc(keyAlias: string, huksOptions: huks.HuksOptions) { + console.info(`enter callback generateKeyItem`); + let throwObject: throwObject = {isThrow: false}; +try { + await generateKeyItem(keyAlias, huksOptions, throwObject) + .then((data) => { + console.info(`callback: generateKeyItem success, data = ${JSON.stringify(data)}`); + }) + .catch((error: BusinessError) => { + if (throwObject.isThrow) { + throw(error as Error); + } else { + console.error(`callback: generateKeyItem failed, code: ${error.code}, msg: ${error.message}`); + } + }); + } catch (error) { + console.error(`callback: generateKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`); +} } async function TestGenKeyForFingerprintAccessControl() { - await publicGenKeyFunc(keyAlias, huksOptions); + await publicGenKeyFunc(keyAlias, huksOptions); } ``` @@ -2342,8 +2362,9 @@ async function testSm4Cipher() { 3. 使用密钥-解密场景-解密时需要进行用户身份认证访问控制 ```js - import huks from '@ohos.security.huks'; +import huks from '@ohos.security.huks'; import userIAM_userAuth from '@ohos.userIAM.userAuth'; +import { BusinessError } from '@ohos.base'; /* * 确定密钥别名和封装密钥属性参数集 @@ -2351,171 +2372,184 @@ import userIAM_userAuth from '@ohos.userIAM.userAuth'; let srcKeyAlias = 'sm4_key_fingerprint_access'; let cipherText = 'r56ywtTJUQC6JFJ2VV2kZw=='; // 加密时得到的密文数据, 业务需根据实际加密结果修改 let IV = '1234567890123456'; -let handle; -let finishOutData; // 解密后的明文数据 -let fingerAuthToken; -let challenge; +let handle: number; +let finishOutData: Uint8Array; // 解密后的明文数据 +let fingerAuthToken: Uint8Array; +let challenge: Uint8Array; let authType = userIAM_userAuth.UserAuthType.FINGERPRINT; let authTrustLevel = userIAM_userAuth.AuthTrustLevel.ATL1; -function StringToUint8Array(str) { - let arr = []; - for (let i = 0, j = str.length; i < j; ++i) { - arr.push(str.charCodeAt(i)); - } - return new Uint8Array(arr); +class throwObject { + isThrow: boolean = false; +} + +function StringToUint8Array(str: string) { + let arr: number[] = []; + for (let i = 0, j = str.length; i < j; ++i) { + arr.push(str.charCodeAt(i)); + } +return new Uint8Array(arr); } /* 集成生成密钥参数集 & 加密参数集 */ -let propertiesDecrypt = new Array(); -propertiesDecrypt[0] = { - tag: huks.HuksTag.HUKS_TAG_ALGORITHM, - value: huks.HuksKeyAlg.HUKS_ALG_SM4, -} -propertiesDecrypt[1] = { - tag: huks.HuksTag.HUKS_TAG_PURPOSE, - value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT, -} -propertiesDecrypt[2] = { - tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, - value: huks.HuksKeySize.HUKS_SM4_KEY_SIZE_128, -} -propertiesDecrypt[3] = { - tag: huks.HuksTag.HUKS_TAG_PADDING, - value: huks.HuksKeyPadding.HUKS_PADDING_NONE, +class propertyDecryptType { + tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM + value: huks.HuksKeyAlg | huks.HuksKeyPurpose | huks.HuksKeySize | huks.HuksKeyPadding | huks.HuksCipherMode + | Uint8Array = huks.HuksKeyAlg.HUKS_ALG_SM4 } -propertiesDecrypt[4] = { - tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, - value: huks.HuksCipherMode.HUKS_MODE_CBC, -} -propertiesDecrypt[5] = { - tag: huks.HuksTag.HUKS_TAG_IV, - value: StringToUint8Array(IV), -} -let decryptOptions = { - properties: propertiesDecrypt, - inData: new Uint8Array(new Array()) + +let propertiesDecrypt: propertyDecryptType[] = [ + { + tag: huks.HuksTag.HUKS_TAG_ALGORITHM, + value: huks.HuksKeyAlg.HUKS_ALG_SM4, + }, + { + tag: huks.HuksTag.HUKS_TAG_PURPOSE, + value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT, + }, + { + tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, + value: huks.HuksKeySize.HUKS_SM4_KEY_SIZE_128, + }, + { + tag: huks.HuksTag.HUKS_TAG_PADDING, + value: huks.HuksKeyPadding.HUKS_PADDING_NONE, + }, + { + tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, + value: huks.HuksCipherMode.HUKS_MODE_CBC, + }, + { + tag: huks.HuksTag.HUKS_TAG_IV, + value: StringToUint8Array(IV), + } +] + +let decryptOptions: huks.HuksOptions = { + properties: propertiesDecrypt, + inData: new Uint8Array(new Array()) +} + +function initSession(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { + return new Promise((resolve, reject) => { + try { + huks.initSession(keyAlias, huksOptions, (error, data) => { + if (error) { + reject(error); + } else { + resolve(data); + } + }); + } catch (error) { + throwObject.isThrow = true; + throw(error as Error); + } + }); } -function initSession(keyAlias, huksOptions, throwObject) { - return new Promise((resolve, reject) => { - try { - huks.initSession(keyAlias, huksOptions, function (error, data) { - if (error) { - reject(error); - } else { - resolve(data); - } - }); - } catch (error) { - throwObject.isThrow = true; - throw(error); +async function publicInitFunc(keyAlias: string, huksOptions: huks.HuksOptions) { + console.info(`enter callback doInit`); + let throwObject: throwObject = {isThrow: false}; +try { + await initSession(keyAlias, huksOptions, throwObject) + .then ((data) => { + console.info(`callback: doInit success, data = ${JSON.stringify(data)}`); + handle = data.handle; + challenge = data.challenge as Uint8Array; + }) + .catch((error: BusinessError) => { + if (throwObject.isThrow) { + throw(error as Error); + } else { + console.error(`callback: doInit failed, code: ${error.code}, msg: ${error.message}`); } - }); + }); + } catch (error) { + console.error(`callback: doInit input arg invalid, code: ${error.code}, msg: ${error.message}`); } - -async function publicInitFunc(keyAlias, huksOptions) { - console.info(`enter callback doInit`); - let throwObject = {isThrow: false}; - try { - await initSession(keyAlias, huksOptions, throwObject) - .then ((data) => { - console.info(`callback: doInit success, data = ${JSON.stringify(data)}`); - handle = data.handle; - challenge = data.challenge; - }) - .catch((error) => { - if (throwObject.isThrow) { - throw(error); - } else { - console.error(`callback: doInit failed, code: ${error.code}, msg: ${error.message}`); - } - }); - } catch (error) { - console.error(`callback: doInit input arg invalid, code: ${error.code}, msg: ${error.message}`); - } } -function userIAMAuthFinger(huksChallenge) { - // 获取认证对象 - let auth; - try { - auth = userIAM_userAuth.getAuthInstance(huksChallenge, authType, authTrustLevel); - console.log("get auth instance success"); - } catch (error) { - console.log("get auth instance failed" + error); - } +function userIAMAuthFinger(huksChallenge: Uint8Array) { + // 获取认证对象 + let auth: userIAM_userAuth.AuthInstance ; + try { + auth = userIAM_userAuth.getAuthInstance(huksChallenge, authType, authTrustLevel); + console.log("get auth instance success"); + } catch (error) { + console.log("get auth instance failed" + error); + return; +} - // 订阅认证结果 - try { - auth.on("result", { - callback: (result) => { - /* 认证成功获取认证令牌 */ - fingerAuthToken = result.token; - } - }); - console.log("subscribe authentication event success"); +// 订阅认证结果 +try { + auth.on("result", { + callback: (result) => { + /* 认证成功获取认证令牌 */ + fingerAuthToken = (result as userIAM_userAuth.AuthResultInfo).token as Uint8Array; + } + }); + console.log("subscribe authentication event success"); } catch (error) { - console.log("subscribe authentication event failed " + error); + console.log("subscribe authentication event failed " + error); } // 开始认证 try { - auth.start(); - console.info("authV9 start auth success"); + auth.start(); + console.info("authV9 start auth success"); } catch (error) { - console.info("authV9 start auth failed, error = " + error); -} + console.info("authV9 start auth failed, error = " + error); +} +} + +function finishSession(handle: number, huksOptions: huks.HuksOptions, token: Uint8Array, throwObject: throwObject) { + return new Promise((resolve, reject) => { + try { + huks.finishSession(handle, huksOptions, token, (error, data) => { + if (error) { + reject(error); + } else { + resolve(data); + } + }); + } catch (error) { + throwObject.isThrow = true; + throw(error as Error); + } + }); } -function finishSession(handle, huksOptions, token, throwObject) { - return new Promise((resolve, reject) => { - try { - huks.finishSession(handle, huksOptions, token, function (error, data) { - if (error) { - reject(error); - } else { - resolve(data); - } - }); - } catch (error) { - throwObject.isThrow = true; - throw(error); +async function publicFinishFunc(handle: number, token: Uint8Array, huksOptions: huks.HuksOptions) { + console.info(`enter callback doFinish`); + let throwObject: throwObject = {isThrow: false}; +try { + await finishSession(handle, huksOptions, token, throwObject) + .then ((data) => { + finishOutData = data.outData as Uint8Array; + console.info(`callback: doFinish success, data = ${JSON.stringify(data)}`); + }) + .catch((error: BusinessError) => { + if (throwObject.isThrow) { + throw(error as Error); + } else { + console.error(`callback: doFinish failed, code: ${error.code}, msg: ${error.message}`); } - }); + }); + } catch (error) { + console.error(`callback: doFinish input arg invalid, code: ${error.code}, msg: ${error.message}`); } - -async function publicFinishFunc(handle, token, huksOptions) { - console.info(`enter callback doFinish`); - let throwObject = {isThrow: false}; - try { - await finishSession(handle, huksOptions, token, throwObject) - .then ((data) => { - finishOutData = data.outData; - console.info(`callback: doFinish success, data = ${JSON.stringify(data)}`); - }) - .catch(error => { - if (throwObject.isThrow) { - throw(error); - } else { - console.error(`callback: doFinish failed, code: ${error.code}, msg: ${error.message}`); - } - }); - } catch (error) { - console.error(`callback: doFinish input arg invalid, code: ${error.code}, msg: ${error.message}`); - } } async function testSm4Cipher() { - /* 初始化密钥会话获取挑战值 */ - await publicInitFunc(srcKeyAlias, decryptOptions); + /* 初始化密钥会话获取挑战值 */ + await publicInitFunc(srcKeyAlias, decryptOptions); - /* 调用userIAM进行身份认证 */ - userIAMAuthFinger(challenge); + /* 调用userIAM进行身份认证 */ + userIAMAuthFinger(challenge); - /* 认证成功后进行解密, 需要传入Auth获取到的authToken值 */ - decryptOptions.inData = StringToUint8Array(cipherText); - await publicFinishFunc(handle, fingerAuthToken, decryptOptions); + /* 认证成功后进行解密, 需要传入Auth获取到的authToken值 */ + decryptOptions.inData = StringToUint8Array(cipherText); + await publicFinishFunc(handle, fingerAuthToken, decryptOptions); } ``` @@ -2543,6 +2577,7 @@ HUKS为密钥提供合法性证明能力,主要应用于非对称密钥的公 * 以下以attestKey Callback接口操作验证为例 */ import huks from '@ohos.security.huks'; +import { BusinessError } from '@ohos.base'; /* * 确定密钥别名和封装密钥属性参数集 @@ -2553,156 +2588,175 @@ let aliasUint8 = StringToUint8Array(keyAliasString); let securityLevel = StringToUint8Array('sec_level'); let challenge = StringToUint8Array('challenge_data'); let versionInfo = StringToUint8Array('version_info'); -let attestCertChain; +let attestCertChain: Array; -let genKeyProperties = new Array(); -genKeyProperties[0] = { - tag: huks.HuksTag.HUKS_TAG_ALGORITHM, - value: huks.HuksKeyAlg.HUKS_ALG_RSA -}; -genKeyProperties[1] = { - tag: huks.HuksTag.HUKS_TAG_KEY_STORAGE_FLAG, - value: huks.HuksKeyStorageType.HUKS_STORAGE_PERSISTENT -}; -genKeyProperties[2] = { - tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, - value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 -}; -genKeyProperties[3] = { - tag: huks.HuksTag.HUKS_TAG_PURPOSE, - value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY -}; -genKeyProperties[4] = { - tag: huks.HuksTag.HUKS_TAG_DIGEST, - value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 -}; -genKeyProperties[5] = { - tag: huks.HuksTag.HUKS_TAG_PADDING, - value: huks.HuksKeyPadding.HUKS_PADDING_PSS -}; -genKeyProperties[6] = { - tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, - value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT -}; -genKeyProperties[7] = { - tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, - value: huks.HuksCipherMode.HUKS_MODE_ECB -}; -let genOptions = { - properties: genKeyProperties -}; +class throwObject { + isThrow: boolean = false; +} -let attestKeyproperties = new Array(); -attestKeyproperties[0] = { - tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, - value: securityLevel -}; -attestKeyproperties[1] = { - tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, - value: challenge -}; -attestKeyproperties[2] = { - tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, - value: versionInfo -}; -attestKeyproperties[3] = { - tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, - value: aliasUint8 -}; -let huksOptions = { - properties: attestKeyproperties +class genKeyPropertyType { + tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM; + value: huks.HuksKeyAlg | huks.HuksKeyStorageType | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyDigest + | huks.HuksKeyPadding | huks.HuksKeyGenerateType | huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_RSA +} + +let genKeyProperties: genKeyPropertyType[] = [ + { + tag: huks.HuksTag.HUKS_TAG_ALGORITHM, + value: huks.HuksKeyAlg.HUKS_ALG_RSA + }, + { + tag: huks.HuksTag.HUKS_TAG_KEY_STORAGE_FLAG, + value: huks.HuksKeyStorageType.HUKS_STORAGE_PERSISTENT + }, + { + tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, + value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 + }, + { + tag: huks.HuksTag.HUKS_TAG_PURPOSE, + value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY + }, + { + tag: huks.HuksTag.HUKS_TAG_DIGEST, + value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 + }, + { + tag: huks.HuksTag.HUKS_TAG_PADDING, + value: huks.HuksKeyPadding.HUKS_PADDING_PSS + }, + { + tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, + value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT + }, + { + tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, + value: huks.HuksCipherMode.HUKS_MODE_ECB + } +] + +let genOptions: huks.HuksOptions = { + properties: genKeyProperties }; -function StringToUint8Array(str) { - let arr = []; - for (let i = 0, j = str.length; i < j; ++i) { - arr.push(str.charCodeAt(i)); - } - return new Uint8Array(arr); +class attestKeypropertyType { + tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO; + value: Uint8Array = securityLevel; } -function generateKeyItem(keyAlias, huksOptions, throwObject) { - return new Promise((resolve, reject) => { - try { - huks.generateKeyItem(keyAlias, huksOptions, function (error, data) { - if (error) { - reject(error); - } else { - resolve(data); - } - }); - } catch (error) { - throwObject.isThrow = true; - throw(error); - } - }); -} +let attestKeyproperties: attestKeypropertyType[] = [ + { + tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, + value: securityLevel + }, + { + tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, + value: challenge + }, + { + tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, + value: versionInfo + }, + { + tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, + value: aliasUint8 + } +] -async function publicGenKeyFunc(keyAlias, huksOptions) { - console.info(`enter callback generateKeyItem`); - let throwObject = {isThrow: false}; - try { - await generateKeyItem(keyAlias, huksOptions, throwObject) - .then((data) => { - console.info(`callback: generateKeyItem success, data = ${JSON.stringify(data)}`); - }) - .catch(error => { - if (throwObject.isThrow) { - throw(error); - } else { - console.error(`callback: generateKeyItem failed, code: ${error.code}, msg: ${error.message}`); - } - }); - } catch (error) { - console.error(`callback: generateKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`); - } +let huksOptions: huks.HuksOptions = { + properties: attestKeyproperties +}; + +function StringToUint8Array(str: string) { + let arr: number[] = []; + for (let i = 0, j = str.length; i < j; ++i) { + arr.push(str.charCodeAt(i)); + } +return new Uint8Array(arr); +} + +function generateKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { + return new Promise((resolve, reject) => { + try { + huks.generateKeyItem(keyAlias, huksOptions, (error, data) => { + if (error) { + reject(error); + } else { + resolve(data); + } + }); + } catch (error) { + throwObject.isThrow = true; + throw(error as Error); + } + }); } -function attestKeyItem(keyAlias, huksOptions, throwObject) { - return new Promise((resolve, reject) => { - try { - huks.attestKeyItem(keyAlias, huksOptions, function (error, data) { - if (error) { - reject(error); - } else { - resolve(data); - } - }); - } catch (error) { - throwObject.isThrow = true; - throw(error); +async function publicGenKeyFunc(keyAlias: string, huksOptions: huks.HuksOptions) { + console.info(`enter callback generateKeyItem`); + let throwObject: throwObject = {isThrow: false}; +try { + await generateKeyItem(keyAlias, huksOptions, throwObject) + .then((data) => { + console.info(`callback: generateKeyItem success, data = ${JSON.stringify(data)}`); + }) + .catch((error: BusinessError) => { + if (throwObject.isThrow) { + throw(error as Error); + } else { + console.error(`callback: generateKeyItem failed, code: ${error.code}, msg: ${error.message}`); } - }); + }); + } catch (error) { + console.error(`callback: generateKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`); +} +} + +function attestKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { + return new Promise((resolve, reject) => { + try { + huks.attestKeyItem(keyAlias, huksOptions, (error, data) => { + if (error) { + reject(error); + } else { + resolve(data); + } + }); + } catch (error) { + throwObject.isThrow = true; + throw(error as Error); + } + }); } -async function publicAttestKey(keyAlias, huksOptions) { - console.info(`enter callback attestKeyItem`); - let throwObject = {isThrow: false}; - try { - await attestKeyItem(keyAlias, huksOptions, throwObject) - .then ((data) => { - console.info(`callback: attestKeyItem success, data = ${JSON.stringify(data)}`); - if (data !== null && data.certChains !== null) { - attestCertChain = data.certChains; - } - }) - .catch(error => { - if (throwObject.isThrow) { - throw(error); - } else { - console.error(`callback: attestKeyItem failed, code: ${error.code}, msg: ${error.message}`); - } - }); - } catch (error) { - console.error(`callback: attestKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`); - } +async function publicAttestKey(keyAlias: string, huksOptions: huks.HuksOptions) { + console.info(`enter callback attestKeyItem`); + let throwObject: throwObject = {isThrow: false}; +try { + await attestKeyItem(keyAlias, huksOptions, throwObject) + .then ((data) => { + console.info(`callback: attestKeyItem success, data = ${JSON.stringify(data)}`); + if (data !== null && data.certChains !== null) { + attestCertChain = data.certChains as string[]; + } + }) + .catch((error: BusinessError) => { + if (throwObject.isThrow) { + throw(error as Error); + } else { + console.error(`callback: attestKeyItem failed, code: ${error.code}, msg: ${error.message}`); + } + }); + } catch (error) { + console.error(`callback: attestKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`); +} } async function AttestKeyTest() { - await publicGenKeyFunc(aliasString, genOptions); + await publicGenKeyFunc(aliasString, genOptions); - await publicAttestKey(aliasString, huksOptions); - console.info('attest certChain data: ' + attestCertChain) + await publicAttestKey(aliasString, huksOptions); + console.info('attest certChain data: ' + attestCertChain) } ``` -- Gitee