Skip to content

D
Docs

OpenHarmony / Docs
大约 2 年 前同步成功

通知 161
Star 293
Fork 28
D
Docs
未验证 提交 65ad2d8d 编写于 作者: O openharmony_ci 提交者: Gitee
浏览文件
操作

!5912 [翻译完成】#I5AYBB 

Merge pull request !5912 from Annie_wang/PR5016
上级 17862582 1063681d
隐藏空白更改
内联 并排
Showing with 549 addition and 292 deletion
en/application-dev/reference/apis/js-apis-huks.md
浏览文件 @ 65ad2d8d
# HUKS # HUKS
> ![icon-note.gif](public_sys-resources/icon-note.gif) **NOTE**<br/> > ![icon-note.gif](public_sys-resources/icon-note.gif) **NOTE**<br>
> >
> The initial APIs of this module are supported since API version 8. Newly added APIs will be marked with a superscript to indicate their earliest API version. > The initial APIs of this module are supported since API version 8. Newly added APIs will be marked with a superscript to indicate their earliest API version.
OpenHarmony Universal KeyStore (HUKS) provides KeyStore (KS) capabilities for applications, including key management and key cryptography operations. Provides KeyStore (KS) capabilities for applications, including key management and key cryptography operations.
HUKS also provides APIs for applications to import or generate keys. The keys managed by OpenHarmony Universal KeyStore (HUKS) can be imported by applications or generated by calling the HUKS APIs.
## Modules to Import ## Modules to Import
...@@ -20,73 +20,75 @@ Enumerates the error codes. ...@@ -20,73 +20,75 @@ Enumerates the error codes.
| Name | Value | Description| | Name | Value | Description|
| -------------------------- | ----- | ---- | | -------------------------- | ----- | ---- |
| HUKS_SUCCESS | 0 |Success. | | HUKS_SUCCESS | 0 |Success.|
| HUKS_FAILURE | -1 |Failure. | | HUKS_FAILURE | -1 |Failure.|
| HUKS_ERROR_BAD_STATE | -2 |Incorrect state. | | HUKS_ERROR_BAD_STATE | -2 |Incorrect state.|
| HUKS_ERROR_INVALID_ARGUMENT | -3 |Invalid argument. | | HUKS_ERROR_INVALID_ARGUMENT | -3 |Invalid argument.|
| HUKS_ERROR_NOT_SUPPORTED | -4 |Not supported. | | HUKS_ERROR_NOT_SUPPORTED | -4 |Not supported.|
| HUKS_ERROR_NO_PERMISSION | -5 |No permission. | | HUKS_ERROR_NO_PERMISSION | -5 |No permission.|
| HUKS_ERROR_INSUFFICIENT_DATA | -6 |Insufficient data. | | HUKS_ERROR_INSUFFICIENT_DATA | -6 |Insufficient data.|
| HUKS_ERROR_BUFFER_TOO_SMALL | -7 |Insufficient buffer. | | HUKS_ERROR_BUFFER_TOO_SMALL | -7 |Insufficient buffer.|
| HUKS_ERROR_INSUFFICIENT_MEMORY | -8 |Insufficient memory. | | HUKS_ERROR_INSUFFICIENT_MEMORY | -8 |Insufficient memory.|
| HUKS_ERROR_COMMUNICATION_FAILURE | -9 |Communication failure. | | HUKS_ERROR_COMMUNICATION_FAILURE | -9 |Communication failure.|
| HUKS_ERROR_STORAGE_FAILURE | -10 |Storage failure. | | HUKS_ERROR_STORAGE_FAILURE | -10 |Storage failure.|
| HUKS_ERROR_HARDWARE_FAILURE | -11 |Hardware fault. | | HUKS_ERROR_HARDWARE_FAILURE | -11 |Hardware fault.|
| HUKS_ERROR_ALREADY_EXISTS | -12 |The object already exists. | | HUKS_ERROR_ALREADY_EXISTS | -12 |The object already exists.|
| HUKS_ERROR_NOT_EXIST | -13 |The object does not exist. | | HUKS_ERROR_NOT_EXIST | -13 |The object does not exist.|
| HUKS_ERROR_NULL_POINTER | -14 |Null pointer. | | HUKS_ERROR_NULL_POINTER | -14 |Null pointer.|
| HUKS_ERROR_FILE_SIZE_FAIL | -15 |Incorrect file size. | | HUKS_ERROR_FILE_SIZE_FAIL | -15 |Incorrect file size.|
| HUKS_ERROR_READ_FILE_FAIL | -16 |Failed to read the file. | | HUKS_ERROR_READ_FILE_FAIL | -16 |Failed to read the file.|
| HUKS_ERROR_INVALID_PUBLIC_KEY | -17 |Invalid public key. | | HUKS_ERROR_INVALID_PUBLIC_KEY | -17 |Invalid public key.|
| HUKS_ERROR_INVALID_PRIVATE_KEY | -18 |Invalid private key. | | HUKS_ERROR_INVALID_PRIVATE_KEY | -18 |Invalid private key.|
| HUKS_ERROR_INVALID_KEY_INFO | -19 |Invalid key information. | | HUKS_ERROR_INVALID_KEY_INFO | -19 |Invalid key information.|
| HUKS_ERROR_HASH_NOT_EQUAL | -20 |The hash values are not equal. | | HUKS_ERROR_HASH_NOT_EQUAL | -20 |The hash values are not equal.|
| HUKS_ERROR_MALLOC_FAIL | -21 |MALLOC failed. | | HUKS_ERROR_MALLOC_FAIL | -21 |MALLOC failed.|
| HUKS_ERROR_WRITE_FILE_FAIL | -22 |Failed to write the file. | | HUKS_ERROR_WRITE_FILE_FAIL | -22 |Failed to write the file.|
| HUKS_ERROR_REMOVE_FILE_FAIL | -23 |Failed to delete the file. | | HUKS_ERROR_REMOVE_FILE_FAIL | -23 |Failed to delete the file.|
| HUKS_ERROR_OPEN_FILE_FAIL | -24 |Failed to open the file. | | HUKS_ERROR_OPEN_FILE_FAIL | -24 |Failed to open the file.|
| HUKS_ERROR_CLOSE_FILE_FAIL | -25 |Failed to close the file. | | HUKS_ERROR_CLOSE_FILE_FAIL | -25 |Failed to close the file.|
| HUKS_ERROR_MAKE_DIR_FAIL | -26 |Failed to create the directory. | | HUKS_ERROR_MAKE_DIR_FAIL | -26 |Failed to create the directory.|
| HUKS_ERROR_INVALID_KEY_FILE | -27 |Invalid key file. | | HUKS_ERROR_INVALID_KEY_FILE | -27 |Invalid key file.|
| HUKS_ERROR_IPC_MSG_FAIL | -28 |Incorrect IPC information. | | HUKS_ERROR_IPC_MSG_FAIL | -28 |Incorrect IPC information.|
| HUKS_ERROR_REQUEST_OVERFLOWS | -29 |Request overflows. | | HUKS_ERROR_REQUEST_OVERFLOWS | -29 |Request overflows.|
| HUKS_ERROR_PARAM_NOT_EXIST | -30 |The parameter does not exist. | | HUKS_ERROR_PARAM_NOT_EXIST | -30 |The parameter does not exist.|
| HUKS_ERROR_CRYPTO_ENGINE_ERROR | -31 |CRYPTO ENGINE error. | | HUKS_ERROR_CRYPTO_ENGINE_ERROR | -31 |CRYPTO ENGINE error.|
| HUKS_ERROR_COMMUNICATION_TIMEOUT | -32 |Communication timed out. | | HUKS_ERROR_COMMUNICATION_TIMEOUT | -32 |Communication timed out.|
| HUKS_ERROR_IPC_INIT_FAIL | -33 |IPC initialization failed. | | HUKS_ERROR_IPC_INIT_FAIL | -33 |IPC initialization failed.|
| HUKS_ERROR_IPC_DLOPEN_FAIL | -34 |IPC DLOPEN failed. | | HUKS_ERROR_IPC_DLOPEN_FAIL | -34 |IPC DLOPEN failed.|
| HUKS_ERROR_EFUSE_READ_FAIL | -35 |Failed to read eFUSE. | | HUKS_ERROR_EFUSE_READ_FAIL | -35 |Failed to read eFUSE.|
| HUKS_ERROR_NEW_ROOT_KEY_MATERIAL_EXIST | -36 |New root key material exists. | | HUKS_ERROR_NEW_ROOT_KEY_MATERIAL_EXIST | -36 |New root key material exists.|
| HUKS_ERROR_UPDATE_ROOT_KEY_MATERIAL_FAIL | -37 |Failed to update the root key material. | | HUKS_ERROR_UPDATE_ROOT_KEY_MATERIAL_FAIL | -37 |Failed to update the root key material.|
| HUKS_ERROR_VERIFICATION_FAILED | -38 |Failed to verify the certificate chain. | | HUKS_ERROR_VERIFICATION_FAILED | -38 |Failed to verify the certificate chain.|
| HUKS_ERROR_CHECK_GET_ALG_FAIL | -100 |Failed to check whether the ALG is obtained. | | HUKS_ERROR_CHECK_GET_ALG_FAIL | -100 |Failed to check whether the ALG is obtained. |
| HUKS_ERROR_CHECK_GET_KEY_SIZE_FAIL | -101 |Failed to check whether the key size is obtained. | | HUKS_ERROR_CHECK_GET_KEY_SIZE_FAIL | -101 |Failed to check whether the key size is obtained.|
| HUKS_ERROR_CHECK_GET_PADDING_FAIL | -102 |Failed to check whether padding is obtained. | | HUKS_ERROR_CHECK_GET_PADDING_FAIL | -102 |Failed to check whether padding is obtained.|
| HUKS_ERROR_CHECK_GET_PURPOSE_FAIL | -103 |Failed to check whether the purpose is obtained. | | HUKS_ERROR_CHECK_GET_PURPOSE_FAIL | -103 |Failed to check whether the purpose is obtained.|
| HUKS_ERROR_CHECK_GET_DIGEST_FAIL | -104 |Failed to check whether digest is obtained. | | HUKS_ERROR_CHECK_GET_DIGEST_FAIL | -104 |Failed to check whether digest is obtained.|
| HUKS_ERROR_CHECK_GET_MODE_FAIL | -105 |Failed to check whether the mode is obtained. | | HUKS_ERROR_CHECK_GET_MODE_FAIL | -105 |Failed to check whether the mode is obtained.|
| HUKS_ERROR_CHECK_GET_NONCE_FAIL | -106 |Failed to check whether the nonce is obtained. | | HUKS_ERROR_CHECK_GET_NONCE_FAIL | -106 |Failed to check whether the nonce is obtained.|
| HUKS_ERROR_CHECK_GET_AAD_FAIL | -107 |Failed to check whether the AAD is obtained. | | HUKS_ERROR_CHECK_GET_AAD_FAIL | -107 |Failed to check whether the AAD is obtained.|
| HUKS_ERROR_CHECK_GET_IV_FAIL | -108 |Failed to check whether the initialization vector (IV) is obtained. | | HUKS_ERROR_CHECK_GET_IV_FAIL | -108 |Failed to check whether the initialization vector (IV) is obtained.|
| HUKS_ERROR_CHECK_GET_AE_TAG_FAIL | -109 |Failed to check whether the AE flag is obtained. | | HUKS_ERROR_CHECK_GET_AE_TAG_FAIL | -109 |Failed to check whether the AE flag is obtained.|
| HUKS_ERROR_CHECK_GET_SALT_FAIL | -110 |Failed to check whether the SALT is obtained. | | HUKS_ERROR_CHECK_GET_SALT_FAIL | -110 |Failed to check whether the SALT is obtained.|
| HUKS_ERROR_CHECK_GET_ITERATION_FAIL | -111 |Failed to check whether the iteration is obtained. | | HUKS_ERROR_CHECK_GET_ITERATION_FAIL | -111 |Failed to check whether the iteration is obtained.|
| HUKS_ERROR_INVALID_ALGORITHM | -112 |Invalid algorithm. | | HUKS_ERROR_INVALID_ALGORITHM | -112 |Invalid algorithm.|
| HUKS_ERROR_INVALID_KEY_SIZE | -113 |Invalid key size. | | HUKS_ERROR_INVALID_KEY_SIZE | -113 |Invalid key size.|
| HUKS_ERROR_INVALID_PADDING | -114 |Invalid padding. | | HUKS_ERROR_INVALID_PADDING | -114 |Invalid padding.|
| HUKS_ERROR_INVALID_PURPOSE | -115 |Invalid purpose. | | HUKS_ERROR_INVALID_PURPOSE | -115 |Invalid purpose.|
| HUKS_ERROR_INVALID_MODE | -116 |Invalid mode. | | HUKS_ERROR_INVALID_MODE | -116 |Invalid mode.|
| HUKS_ERROR_INVALID_DIGEST | -117 |Invalid digest. | | HUKS_ERROR_INVALID_DIGEST | -117 |Invalid digest.|
| HUKS_ERROR_INVALID_SIGNATURE_SIZE | -118 |Invalid signature size. | | HUKS_ERROR_INVALID_SIGNATURE_SIZE | -118 |Invalid signature size.|
| HUKS_ERROR_INVALID_IV | -119 |Invalid IV. | | HUKS_ERROR_INVALID_IV | -119 |Invalid IV.|
| HUKS_ERROR_INVALID_AAD | -120 |Invalid AAD. | | HUKS_ERROR_INVALID_AAD | -120 |Invalid AAD.|
| HUKS_ERROR_INVALID_NONCE | -121 |Invalid nonce. | | HUKS_ERROR_INVALID_NONCE | -121 |Invalid nonce.|
| HUKS_ERROR_INVALID_AE_TAG | -122 |Invalid AE tag. | | HUKS_ERROR_INVALID_AE_TAG | -122 |Invalid AE tag.|
| HUKS_ERROR_INVALID_SALT | -123 |Invalid SALT. | | HUKS_ERROR_INVALID_SALT | -123 |Invalid SALT.|
| HUKS_ERROR_INVALID_ITERATION | -124 |Invalid iteration. | | HUKS_ERROR_INVALID_ITERATION | -124 |Invalid iteration.|
| HUKS_ERROR_INVALID_OPERATION | -125 |Invalid operation. | | HUKS_ERROR_INVALID_OPERATION | -125 |Invalid operation.|
| HUKS_ERROR_INTERNAL_ERROR | -999 |Internal error. | | HUKS_ERROR_INVALID_WRAPPED_FORMAT<sup>9+</sup> | -126 |Incorrect format of the wrapped key being imported.|
| HUKS_ERROR_UNKNOWN_ERROR | -1000 |Unknown error. | | HUKS_ERROR_INVALID_USAGE_OF_KEY<sup>9+</sup> | -127 |Incorrect purpose of the wrapped key being imported.|
| HUKS_ERROR_INTERNAL_ERROR | -999 |Internal error.|
| HUKS_ERROR_UNKNOWN_ERROR | -1000 |Unknown error.|
## HuksKeyPurpose ## HuksKeyPurpose
...@@ -97,13 +99,13 @@ Enumerates the key purposes. ...@@ -97,13 +99,13 @@ Enumerates the key purposes.
| Name | Value | Description | | Name | Value | Description |
| ------------------------ | ---- | -------------------------------- | | ------------------------ | ---- | -------------------------------- |
| HUKS_KEY_PURPOSE_ENCRYPT | 1 | Used to encrypt plain text. | | HUKS_KEY_PURPOSE_ENCRYPT | 1 | Used to encrypt plaintext. |
| HUKS_KEY_PURPOSE_DECRYPT | 2 | Used to decrypt cipher text. | | HUKS_KEY_PURPOSE_DECRYPT | 2 | Used to decrypt cipher text. |
| HUKS_KEY_PURPOSE_SIGN | 4 | Usedd to sign data. | | HUKS_KEY_PURPOSE_SIGN | 4 | Used to sign data. |
| HUKS_KEY_PURPOSE_VERIFY | 8 | Used to verify the signed data. | | HUKS_KEY_PURPOSE_VERIFY | 8 | Used to verify the signed data. |
| HUKS_KEY_PURPOSE_DERIVE | 16 | Used to derive a key. | | HUKS_KEY_PURPOSE_DERIVE | 16 | Used to derive a key. |
| HUKS_KEY_PURPOSE_WRAP | 32 | Used for encrypted import. | | HUKS_KEY_PURPOSE_WRAP | 32 | Used to wrap data. |
| HUKS_KEY_PURPOSE_UNWRAP | 64 | Used for encrypted export. | | HUKS_KEY_PURPOSE_UNWRAP | 64 | Used for unwrap data. |
| HUKS_KEY_PURPOSE_MAC | 128 | Used to generate a message authentication code (MAC). | | HUKS_KEY_PURPOSE_MAC | 128 | Used to generate a message authentication code (MAC). |
| HUKS_KEY_PURPOSE_AGREE | 256 | Used for key agreement. | | HUKS_KEY_PURPOSE_AGREE | 256 | Used for key agreement. |
...@@ -115,13 +117,14 @@ Enumerates the digest algorithms. ...@@ -115,13 +117,14 @@ Enumerates the digest algorithms.
| Name | Value | Description | | Name | Value | Description |
| ---------------------- | ---- | ---------------------------------------- | | ---------------------- | ---- | ---------------------------------------- |
| HUKS_DIGEST_NONE | 0 | No digest algorithm. | | HUKS_DIGEST_NONE | 0 | No digest algorithm |
| HUKS_DIGEST_MD5 | 1 | MD5. | | HUKS_DIGEST_MD5 | 1 | MD5 |
| HUKS_DIGEST_SHA1 | 10 | SHA1. | | HUKS_DIGEST_SM3<sup>9+</sup> | 2 | SM3 |
| HUKS_DIGEST_SHA224 | 11 | SHA-224. | | HUKS_DIGEST_SHA1 | 10 | SHA1 |
| HUKS_DIGEST_SHA256 | 12 | SHA-256. | | HUKS_DIGEST_SHA224 | 11 | SHA-224 |
| HUKS_DIGEST_SHA384 | 13 | SHA-384. | | HUKS_DIGEST_SHA256 | 12 | SHA-256 |
| HUKS_DIGEST_SHA512 | 14 | SHA-512. | | HUKS_DIGEST_SHA384 | 13 | SHA-384 |
| HUKS_DIGEST_SHA512 | 14 | SHA-512 |
## HuksKeyPadding ## HuksKeyPadding
...@@ -131,11 +134,11 @@ Enumerates the padding algorithms. ...@@ -131,11 +134,11 @@ Enumerates the padding algorithms.
| Name | Value | Description | | Name | Value | Description |
| ---------------------- | ---- | ---------------------------------------- | | ---------------------- | ---- | ---------------------------------------- |
| HUKS_PADDING_NONE | 0 | No padding algorithm. | | HUKS_PADDING_NONE | 0 | No padding algorithm |
| HUKS_PADDING_OAEP | 1 | Optimal Asymmetric Encryption Padding (OAEP). | | HUKS_PADDING_OAEP | 1 | Optimal Asymmetric Encryption Padding (OAEP) |
| HUKS_PADDING_PSS | 2 | Probabilistic Signature Scheme (PSS). | | HUKS_PADDING_PSS | 2 | Probabilistic Signature Scheme (PSS) |
| HUKS_PADDING_PKCS1_V1_5 | 3 | PKCS1_V1_5. | | HUKS_PADDING_PKCS1_V1_5 | 3 | PKCS1_V1_5 |
| HUKS_PADDING_PKCS5 | 4 | Public Key Cryptography Standards (PKCS) #5. | | HUKS_PADDING_PKCS5 | 4 | Public Key Cryptography Standards (PKCS) #5 |
| HUKS_PADDING_PKCS7 | 5 | PKCS #7| | HUKS_PADDING_PKCS7 | 5 | PKCS #7|
## HuksCipherMode ## HuksCipherMode
...@@ -146,12 +149,12 @@ Enumerates the cipher modes. ...@@ -146,12 +149,12 @@ Enumerates the cipher modes.
| Name | Value | Description | | Name | Value | Description |
| ------------- | ---- | --------------------- | | ------------- | ---- | --------------------- |
| HUKS_MODE_ECB | 1 | Electronic Code BLock (ECB) mode. | | HUKS_MODE_ECB | 1 | Electronic Code Block (ECB) mode |
| HUKS_MODE_CBC | 2 | Cipher Block Chaining (CBC) mode. | | HUKS_MODE_CBC | 2 | Cipher Block Chaining (CBC) mode |
| HUKS_MODE_CTR | 3 | Counter (CTR) mode. | | HUKS_MODE_CTR | 3 | Counter (CTR) mode |
| HUKS_MODE_OFB | 4 | Output Feedback (OFB) mode. | | HUKS_MODE_OFB | 4 | Output Feedback (OFB) mode |
| HUKS_MODE_CCM | 31 | Counter with CBC-MAC (CCM) mode. | | HUKS_MODE_CCM | 31 | Counter with CBC-MAC (CCM) mode |
| HUKS_MODE_GCM | 32 | Galois/Counter (GCM) mode. | | HUKS_MODE_GCM | 32 | Galois/Counter (GCM) mode |
## HuksKeySize ## HuksKeySize
...@@ -159,26 +162,28 @@ Enumerates the key sizes. ...@@ -159,26 +162,28 @@ Enumerates the key sizes.
**System capability**: SystemCapability.Security.Huks **System capability**: SystemCapability.Security.Huks
| Name | Value | Description | | Name | Value | Description |
| ---------------------------- | ---- | ------------------------------------------ | | ---------------------------------- | ---- | ------------------------------------------ |
| HUKS_RSA_KEY_SIZE_512 | 512 | Rivest-Shamir-Adleman (RSA) key of 512 bits. | | HUKS_RSA_KEY_SIZE_512 | 512 | Rivest-Shamir-Adleman (RSA) key of 512 bits |
| HUKS_RSA_KEY_SIZE_768 | 768 | RSA key of 768 bits. | | HUKS_RSA_KEY_SIZE_768 | 768 | RSA key of 768 bits |
| HUKS_RSA_KEY_SIZE_1024 | 1024 | RSA key of 1024 bits. | | HUKS_RSA_KEY_SIZE_1024 | 1024 | RSA key of 1024 bits |
| HUKS_RSA_KEY_SIZE_2048 | 2048 | RSA key of 2048 bits. | | HUKS_RSA_KEY_SIZE_2048 | 2048 | RSA key of 2048 bits |
| HUKS_RSA_KEY_SIZE_3072 | 3072 | RSA key of 3072 bits. | | HUKS_RSA_KEY_SIZE_3072 | 3072 | RSA key of 3072 bits |
| HUKS_RSA_KEY_SIZE_4096 | 4096 | RSA key of 4096 bits. | | HUKS_RSA_KEY_SIZE_4096 | 4096 | RSA key of 4096 bits |
| HUKS_ECC_KEY_SIZE_224 | 224 | ECC key of 224 bits. | | HUKS_ECC_KEY_SIZE_224 | 224 | ECC key of 224 bits |
| HUKS_ECC_KEY_SIZE_256 | 256 | ECC key of 256 bits. | | HUKS_ECC_KEY_SIZE_256 | 256 | ECC key of 256 bits |
| HUKS_ECC_KEY_SIZE_384 | 384 | ECC key of 384 bits. | | HUKS_ECC_KEY_SIZE_384 | 384 | ECC key of 384 bits |
| HUKS_ECC_KEY_SIZE_521 | 521 | ECC key of 521 bits. | | HUKS_ECC_KEY_SIZE_521 | 521 | ECC key of 521 bits |
| HUKS_AES_KEY_SIZE_128 | 128 | AES key of 128 bits. | | HUKS_AES_KEY_SIZE_128 | 128 | AES key of 128 bits |
| HUKS_AES_KEY_SIZE_192 | 196 | AES key of 196 bits. | | HUKS_AES_KEY_SIZE_192 | 196 | AES key of 196 bits |
| HUKS_AES_KEY_SIZE_256 | 256 | AES key of 256 bits. | | HUKS_AES_KEY_SIZE_256 | 256 | AES key of 256 bits |
| HUKS_AES_KEY_SIZE_512 | 512 | AES key of 512 bits. | | HUKS_AES_KEY_SIZE_512 | 512 | AES key of 512 bits |
| HUKS_CURVE25519_KEY_SIZE_256 | 256 | Curve25519 key of 256 bits. | | HUKS_CURVE25519_KEY_SIZE_256 | 256 | Curve25519 key of 256 bits |
| HUKS_DH_KEY_SIZE_2048 | 2048 | DH key of 2048 bits. | | HUKS_DH_KEY_SIZE_2048 | 2048 | DH key of 2048 bits |
| HUKS_DH_KEY_SIZE_3072 | 3072 | DH key of 3072 bits. | | HUKS_DH_KEY_SIZE_3072 | 3072 | DH key of 3072 bits |
| HUKS_DH_KEY_SIZE_4096 | 4096 | DH key of 4096 bits. | | HUKS_DH_KEY_SIZE_4096 | 4096 | DH key of 4096 bits |
| HUKS_SM2_KEY_SIZE_256<sup>9+</sup> | 256 | SM2 key of 256 bits |
| HUKS_SM4_KEY_SIZE_128<sup>9+</sup> | 128 | SM4 key of 128 bits |
## HuksKeyAlg ## HuksKeyAlg
...@@ -186,19 +191,22 @@ Enumerates the key algorithms. ...@@ -186,19 +191,22 @@ Enumerates the key algorithms.
**System capability**: SystemCapability.Security.Huks **System capability**: SystemCapability.Security.Huks
| Name | Value | Description | | Name | Value | Description |
| ---------------- | ---- | --------------------- | | ------------------------- | ---- | --------------------- |
| HUKS_ALG_RSA | 1 | RSA. | | HUKS_ALG_RSA | 1 | RSA |
| HUKS_ALG_ECC | 2 | ECC. | | HUKS_ALG_ECC | 2 | ECC |
| HUKS_ALG_DSA | 3 | DSA. | | HUKS_ALG_DSA | 3 | DSA |
| HUKS_ALG_AES | 20 | AES. | | HUKS_ALG_AES | 20 | AES |
| HUKS_ALG_HMAC | 50 | HMAC. | | HUKS_ALG_HMAC | 50 | HMAC |
| HUKS_ALG_HKDF | 51 | HKDF. | | HUKS_ALG_HKDF | 51 | HKDF |
| HUKS_ALG_PBKDF2 | 52 | PBKDF2. | | HUKS_ALG_PBKDF2 | 52 | PBKDF2 |
| HUKS_ALG_ECDH | 100 | ECDH. | | HUKS_ALG_ECDH | 100 | ECDH |
| HUKS_ALG_X25519 | 101 | X25519 algorithm. | | HUKS_ALG_X25519 | 101 | X25519 |
| HUKS_ALG_ED25519 | 102 | ED25519 algorithm. | | HUKS_ALG_ED25519 | 102 | ED25519 |
| HUKS_ALG_DH | 103 | DH. | | HUKS_ALG_DH | 103 | DH |
| HUKS_ALG_SM2<sup>9+</sup> | 150 | SM2 |
| HUKS_ALG_SM3<sup>9+</sup> | 151 | SM3 |
| HUKS_ALG_SM4<sup>9+</sup> | 152 | SM4 |
## HuksKeyGenerateType ## HuksKeyGenerateType
...@@ -208,9 +216,9 @@ Enumerates the key generation types. ...@@ -208,9 +216,9 @@ Enumerates the key generation types.
| Name | Value | Description | | Name | Value | Description |
| ------------------------------ | ---- | ---------------- | | ------------------------------ | ---- | ---------------- |
| HUKS_KEY_GENERATE_TYPE_DEFAULT | 0 | Key generated by default. | | HUKS_KEY_GENERATE_TYPE_DEFAULT | 0 | Key generated by default.|
| HUKS_KEY_GENERATE_TYPE_DERIVE | 1 | Derived key. | | HUKS_KEY_GENERATE_TYPE_DERIVE | 1 | Derived key.|
| HUKS_KEY_GENERATE_TYPE_AGREE | 2 | Key generated by agreement. | | HUKS_KEY_GENERATE_TYPE_AGREE | 2 | Key generated by agreement.|
## HuksKeyFlag ## HuksKeyFlag
...@@ -220,10 +228,10 @@ Enumerates the key generation modes. ...@@ -220,10 +228,10 @@ Enumerates the key generation modes.
| Name | Value | Description | | Name | Value | Description |
| -------------------------- | ---- | ------------------------------------ | | -------------------------- | ---- | ------------------------------------ |
| HUKS_KEY_FLAG_IMPORT_KEY | 1 | The key is imported by using the public key import API. | | HUKS_KEY_FLAG_IMPORT_KEY | 1 | The key is imported by using an API. |
| HUKS_KEY_FLAG_GENERATE_KEY | 2 | The key is generated by using the private key generation API. | | HUKS_KEY_FLAG_GENERATE_KEY | 2 | The key is generated by using an API. |
| HUKS_KEY_FLAG_AGREE_KEY | 3 | The key is generated by using the key agreement API. | | HUKS_KEY_FLAG_AGREE_KEY | 3 | The key is generated by using a key agreement API. |
| HUKS_KEY_FLAG_DERIVE_KEY | 4 | The key is generated by using the key derivation API. | | HUKS_KEY_FLAG_DERIVE_KEY | 4 | The key is derived by using an API. |
## HuksKeyStorageType ## HuksKeyStorageType
...@@ -234,7 +242,7 @@ Enumerates the key storage modes. ...@@ -234,7 +242,7 @@ Enumerates the key storage modes.
| Name | Value | Description | | Name | Value | Description |
| ----------------------- | ---- | ------------------------------ | | ----------------------- | ---- | ------------------------------ |
| HUKS_STORAGE_TEMP | 0 | The key is managed locally. | | HUKS_STORAGE_TEMP | 0 | The key is managed locally. |
| HUKS_STORAGE_PERSISTENT | 1 | The key is managed by the HUKS service. | | HUKS_STORAGE_PERSISTENT | 1 | The key is managed by the HUKS service.|
## HuksSendType ## HuksSendType
...@@ -244,8 +252,31 @@ Enumerates the tag transfer modes. ...@@ -244,8 +252,31 @@ Enumerates the tag transfer modes.
| Name | Value | Description | | Name | Value | Description |
| -------------------- | ---- | ----------------- | | -------------------- | ---- | ----------------- |
| HUKS_SEND_TYPE_ASYNC | 0 | The tag is sent asynchronously. | | HUKS_SEND_TYPE_ASYNC | 0 | The tag is sent asynchronously.|
| HUKS_SEND_TYPE_SYNC | 1 | The tag is sent synchronously. | | HUKS_SEND_TYPE_SYNC | 1 | The tag is sent synchronously.|
## HuksUnwrapSuite<sup>9+</sup>
Enumerates the algorithm suites used when a wrapped key is imported.
**System capability**: SystemCapability.Security.Huks
| Name | Value | Description |
| ---------------------------------------------- | ---- | ----------------------------------------------------- |
| HUKS_UNWRAP_SUITE_X25519_AES_256_GCM_NOPADDING | 1 | Use X25519 for key agreement and then use AES-256 GCM to encrypt the key.|
| HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING | 2 | Use ECDH for key agreement and then use AES-256 GCM to encrypt the key. |
## HuksImportKeyType<sup>9+</sup>
Enumerates the types of the key to import. By default, a public key is imported. This field is not required when a symmetric key is imported.
**System capability**: SystemCapability.Security.Huks
| Name | Value | Description |
| ------------------------- | ---- | ------------------------------ |
| HUKS_KEY_TYPE_PUBLIC_KEY | 0 | Public key |
| HUKS_KEY_TYPE_PRIVATE_KEY | 1 | Private key |
| HUKS_KEY_TYPE_KEY_PAIR | 2 | Public and private key pair |
## HuksTagType ## HuksTagType
...@@ -256,12 +287,12 @@ Enumerates the tag data types. ...@@ -256,12 +287,12 @@ Enumerates the tag data types.
| Name | Value | Description | | Name | Value | Description |
| --------------------- | ------- | --------------------------------------- | | --------------------- | ------- | --------------------------------------- |
| HUKS_TAG_TYPE_INVALID | 0 << 28 | Invalid tag type. | | HUKS_TAG_TYPE_INVALID | 0 << 28 | Invalid tag type |
| HUKS_TAG_TYPE_INT | 1 << 28 | Number of the int type. | | HUKS_TAG_TYPE_INT | 1 << 28 | Number of the int type |
| HUKS_TAG_TYPE_UINT | 2 << 28 | Number of the uint type. | | HUKS_TAG_TYPE_UINT | 2 << 28 | Number of the uint type |
| HUKS_TAG_TYPE_ULONG | 3 << 28 | bigint. | | HUKS_TAG_TYPE_ULONG | 3 << 28 | bigint |
| HUKS_TAG_TYPE_BOOL | 4 << 28 | Boolean. | | HUKS_TAG_TYPE_BOOL | 4 << 28 | Boolean |
| HUKS_TAG_TYPE_BYTES | 5 << 28 | Uint8Array. | | HUKS_TAG_TYPE_BYTES | 5 << 28 | Uint8Array |
## HuksTag ## HuksTag
...@@ -269,84 +300,86 @@ Enumerates the tags used to invoke parameters. ...@@ -269,84 +300,86 @@ Enumerates the tags used to invoke parameters.
**System capability**: SystemCapability.Security.Huks **System capability**: SystemCapability.Security.Huks
| Name | Value | Description | | Name | Value | Description |
| -------------------------------------- | ---------------------------------------- | -------------------------------------- | | -------------------------------------------- | ---------------------------------------- | -------------------------------------- |
| HUKS_TAG_INVALID | HuksTagType.HUKS_TAG_TYPE_INVALID \| 0 | Invalid tag. | | HUKS_TAG_INVALID | HuksTagType.HUKS_TAG_TYPE_INVALID \| 0 | Invalid tag. |
| HUKS_TAG_ALGORITHM | HUKS_TAG_TYPE_UINT \| 1 | Algorithm. | | HUKS_TAG_ALGORITHM | HUKS_TAG_TYPE_UINT \| 1 | Algorithm. |
| HUKS_TAG_PURPOSE | HuksTagType.HUKS_TAG_TYPE_UINT \| 2 | Purpose of a key. | | HUKS_TAG_PURPOSE | HuksTagType.HUKS_TAG_TYPE_UINT \| 2 | Purpose of a key. |
| HUKS_TAG_KEY_SIZE | HuksTagType.HUKS_TAG_TYPE_UINT \| 3 | Key size. | | HUKS_TAG_KEY_SIZE | HuksTagType.HUKS_TAG_TYPE_UINT \| 3 | Key size. |
| HUKS_TAG_DIGEST | HuksTagType.HUKS_TAG_TYPE_UINT \| 4 | Digest algorithm. | | HUKS_TAG_DIGEST | HuksTagType.HUKS_TAG_TYPE_UINT \| 4 | Digest algorithm. |
| HUKS_TAG_PADDING | HuksTagType.HUKS_TAG_TYPE_UINT \| 5 | Padding algorithm. | | HUKS_TAG_PADDING | HuksTagType.HUKS_TAG_TYPE_UINT \| 5 | Padding algorithm. |
| HUKS_TAG_BLOCK_MODE | HuksTagType.HUKS_TAG_TYPE_UINT \| 6 | Cipher mode. | | HUKS_TAG_BLOCK_MODE | HuksTagType.HUKS_TAG_TYPE_UINT \| 6 | Cipher mode. |
| HUKS_TAG_KEY_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 7 | Key type. | | HUKS_TAG_KEY_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 7 | Key type. |
| HUKS_TAG_ASSOCIATED_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 8 | Associated authentication data. | | HUKS_TAG_ASSOCIATED_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 8 | Associated authentication data. |
| HUKS_TAG_NONCE | HuksTagType.HUKS_TAG_TYPE_BYTES \| 9 | Field for key encryption and decryption. | | HUKS_TAG_NONCE | HuksTagType.HUKS_TAG_TYPE_BYTES \| 9 | Field for key encryption and decryption. |
| HUKS_TAG_IV | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10 | IV. | | HUKS_TAG_IV | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10 | IV. |
| HUKS_TAG_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 11 | Information generated during key derivation. | | HUKS_TAG_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 11 | Information generated during key derivation. |
| HUKS_TAG_SALT | HuksTagType.HUKS_TAG_TYPE_BYTES \| 12 | Salt value used for key derivation. | | HUKS_TAG_SALT | HuksTagType.HUKS_TAG_TYPE_BYTES \| 12 | Salt value used for key derivation. |
| HUKS_TAG_PWD | HuksTagType.HUKS_TAG_TYPE_BYTES \| 13 | Password used for key derivation. | | HUKS_TAG_PWD | HuksTagType.HUKS_TAG_TYPE_BYTES \| 13 | Password used for key derivation. |
| HUKS_TAG_ITERATION | HuksTagType.HUKS_TAG_TYPE_UINT \| 14 | Number of iterations for key derivation. | | HUKS_TAG_ITERATION | HuksTagType.HUKS_TAG_TYPE_UINT \| 14 | Number of iterations for key derivation. |
| HUKS_TAG_KEY_GENERATE_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 15 | Key generation type. | | HUKS_TAG_KEY_GENERATE_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 15 | Key generation type. |
| HUKS_TAG_DERIVE_MAIN_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES \| 16 | Main key for key derivation. | | HUKS_TAG_DERIVE_MAIN_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES \| 16 | Main key for key derivation. |
| HUKS_TAG_DERIVE_FACTOR | HuksTagType.HUKS_TAG_TYPE_BYTES \| 17 | Factor for key derivation. | | HUKS_TAG_DERIVE_FACTOR | HuksTagType.HUKS_TAG_TYPE_BYTES \| 17 | Factor for key derivation. |
| HUKS_TAG_DERIVE_ALG | HuksTagType.HUKS_TAG_TYPE_UINT \| 18 | Type of the algorithm used for key derivation. | | HUKS_TAG_DERIVE_ALG | HuksTagType.HUKS_TAG_TYPE_UINT \| 18 | Type of the algorithm used for key derivation. |
| HUKS_TAG_AGREE_ALG | HuksTagType.HUKS_TAG_TYPE_UINT \| 19 | Type of the algorithm used in key agreement. | | HUKS_TAG_AGREE_ALG | HuksTagType.HUKS_TAG_TYPE_UINT \| 19 | Type of the algorithm used in key agreement. |
| HUKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 20 | Alias of the public key during key agreement. | | HUKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 20 | Alias of the public key during key agreement. |
| HUKS_TAG_AGREE_PRIVATE_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 21 | Private key alias used in key agreement. | | HUKS_TAG_AGREE_PRIVATE_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 21 | Private key alias used in key agreement. |
| HUKS_TAG_AGREE_PUBLIC_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES \| 22 | Public key used in key agreement. | | HUKS_TAG_AGREE_PUBLIC_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES \| 22 | Public key used in key agreement. |
| HUKS_TAG_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 23 | Key alias. | | HUKS_TAG_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 23 | Key alias. |
| HUKS_TAG_DERIVE_KEY_SIZE | HuksTagType.HUKS_TAG_TYPE_UINT \| 24 | Size of the derived key. | | HUKS_TAG_DERIVE_KEY_SIZE | HuksTagType.HUKS_TAG_TYPE_UINT \| 24 | Size of the derived key. |
| HUKS_TAG_ACTIVE_DATETIME | HuksTagType.HUKS_TAG_TYPE_ULONG \| 201 | Reserved. | | HUKS_TAG_IMPORT_KEY_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 25 | Type of the imported key. |
| HUKS_TAG_ORIGINATION_EXPIRE_DATETIME | HuksTagType.HUKS_TAG_TYPE_ULONG \| 202 | Reserved. | | HUKS_TAG_UNWRAP_ALGORITHM_SUITE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 26 | Algorithm suite used when a wrapped key is imported. |
| HUKS_TAG_USAGE_EXPIRE_DATETIME | HuksTagType.HUKS_TAG_TYPE_ULONG \| 203 | Reserved. | | HUKS_TAG_ACTIVE_DATETIME | HuksTagType.HUKS_TAG_TYPE_ULONG \| 201 | Reserved. |
| HUKS_TAG_CREATION_DATETIME | HuksTagType.HUKS_TAG_TYPE_ULONG \| 204 | Reserved. | | HUKS_TAG_ORIGINATION_EXPIRE_DATETIME | HuksTagType.HUKS_TAG_TYPE_ULONG \| 202 | Reserved. |
| HUKS_TAG_ALL_USERS | ksTagType.HUKS_TAG_TYPE_BOOL \| 301 | Reserved. | | HUKS_TAG_USAGE_EXPIRE_DATETIME | HuksTagType.HUKS_TAG_TYPE_ULONG \| 203 | Reserved. |
| HUKS_TAG_USER_ID | HuksTagType.HUKS_TAG_TYPE_UINT \| 302 | Reserved. | | HUKS_TAG_CREATION_DATETIME | HuksTagType.HUKS_TAG_TYPE_ULONG \| 204 | Reserved. |
| HUKS_TAG_NO_AUTH_REQUIRED | HuksTagType.HUKS_TAG_TYPE_BOOL \| 303 | Reserved. | | HUKS_TAG_ALL_USERS | ksTagType.HUKS_TAG_TYPE_BOOL \| 301 | Reserved. |
| HUKS_TAG_USER_AUTH_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 304 | Reserved. | | HUKS_TAG_USER_ID | HuksTagType.HUKS_TAG_TYPE_UINT \| 302 | Reserved. |
| HUKS_TAG_AUTH_TIMEOUT | HuksTagType.HUKS_TAG_TYPE_UINT \| 305 | Reserved. | | HUKS_TAG_NO_AUTH_REQUIRED | HuksTagType.HUKS_TAG_TYPE_BOOL \| 303 | Reserved. |
| HUKS_TAG_AUTH_TOKEN | HuksTagType.HUKS_TAG_TYPE_BYTES \| 306 | Reserved. | | HUKS_TAG_USER_AUTH_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 304 | Reserved. |
| HUKS_TAG_ATTESTATION_CHALLENGE | HuksTagType.HUKS_TAG_TYPE_BYTES \| 501 | Challenge value used in the attestation. | | HUKS_TAG_AUTH_TIMEOUT | HuksTagType.HUKS_TAG_TYPE_UINT \| 305 | Reserved. |
| HUKS_TAG_ATTESTATION_APPLICATION_ID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 502 | Application ID used in the attestation. | | HUKS_TAG_AUTH_TOKEN | HuksTagType.HUKS_TAG_TYPE_BYTES \| 306 | Reserved. |
| HUKS_TAG_ATTESTATION_ID_BRAND | HuksTagType.HUKS_TAG_TYPE_BYTES \| 503 | Device brand. | | HUKS_TAG_ATTESTATION_CHALLENGE | HuksTagType.HUKS_TAG_TYPE_BYTES \| 501 | Challenge value used in the attestation. |
| HUKS_TAG_ATTESTATION_ID_DEVICE | HuksTagType.HUKS_TAG_TYPE_BYTES \| 504 | Device. | | HUKS_TAG_ATTESTATION_APPLICATION_ID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 502 | Application ID used in the attestation. |
| HUKS_TAG_ATTESTATION_ID_PRODUCT | HuksTagType.HUKS_TAG_TYPE_BYTES \| 505 | Product. | | HUKS_TAG_ATTESTATION_ID_BRAND | HuksTagType.HUKS_TAG_TYPE_BYTES \| 503 | Device brand. |
| HUKS_TAG_ATTESTATION_ID_SERIAL | HuksTagType.HUKS_TAG_TYPE_BYTES \| 506 | Device SN. | | HUKS_TAG_ATTESTATION_ID_DEVICE | HuksTagType.HUKS_TAG_TYPE_BYTES \| 504 | Device. |
| HUKS_TAG_ATTESTATION_ID_IMEI | HuksTagType.HUKS_TAG_TYPE_BYTES \| 507 | Device IMEI. | | HUKS_TAG_ATTESTATION_ID_PRODUCT | HuksTagType.HUKS_TAG_TYPE_BYTES \| 505 | Product. |
| HUKS_TAG_ATTESTATION_ID_MEID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 508 | Device MEID. | | HUKS_TAG_ATTESTATION_ID_SERIAL | HuksTagType.HUKS_TAG_TYPE_BYTES \| 506 | Device SN. |
| HUKS_TAG_ATTESTATION_ID_MANUFACTURER | HuksTagType.HUKS_TAG_TYPE_BYTES \| 509 | Device manufacturer. | | HUKS_TAG_ATTESTATION_ID_IMEI | HuksTagType.HUKS_TAG_TYPE_BYTES \| 507 | Device IMEI. |
| HUKS_TAG_ATTESTATION_ID_MODEL | HuksTagType.HUKS_TAG_TYPE_BYTES \| 510 | Device model. | | HUKS_TAG_ATTESTATION_ID_MEID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 508 | Device MEID. |
| HUKS_TAG_ATTESTATION_ID_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 511 | Key alias used in the attestation. | | HUKS_TAG_ATTESTATION_ID_MANUFACTURER | HuksTagType.HUKS_TAG_TYPE_BYTES \| 509 | Device manufacturer. |
| HUKS_TAG_ATTESTATION_ID_SOCID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 512 | Device SOCID. | | HUKS_TAG_ATTESTATION_ID_MODEL | HuksTagType.HUKS_TAG_TYPE_BYTES \| 510 | Device model. |
| HUKS_TAG_ATTESTATION_ID_UDID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 513 | Device UDID. | | HUKS_TAG_ATTESTATION_ID_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 511 | Key alias used in the attestation. |
| HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 514 | Security credential used for the attestation. | | HUKS_TAG_ATTESTATION_ID_SOCID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 512 | Device SOCID. |
| HUKS_TAG_ATTESTATION_ID_VERSION_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 515 | Version information used in the attestation. | | HUKS_TAG_ATTESTATION_ID_UDID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 513 | Device UDID. |
| HUKS_TAG_IS_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1001 | Whether to use the alias passed in during key generation. | | HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 514 | Security credential used for the attestation. |
| HUKS_TAG_KEY_STORAGE_FLAG | HuksTagType.HUKS_TAG_TYPE_UINT \| 1002 | Key storage mode. | | HUKS_TAG_ATTESTATION_ID_VERSION_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 515 | Version information used in the attestation. |
| HUKS_TAG_IS_ALLOWED_WRAP | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1003 | Reserved. | | HUKS_TAG_IS_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1001 | Whether to use the alias passed in during key generation.|
| HUKS_TAG_KEY_WRAP_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 1004 | Reserved. | | HUKS_TAG_KEY_STORAGE_FLAG | HuksTagType.HUKS_TAG_TYPE_UINT \| 1002 | Key storage mode. |
| HUKS_TAG_KEY_AUTH_ID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 1005 | Reserved. | | HUKS_TAG_IS_ALLOWED_WRAP | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1003 | Reserved. |
| HUKS_TAG_KEY_ROLE | HuksTagType.HUKS_TAG_TYPE_UINT \| 1006 | Reserved. | | HUKS_TAG_KEY_WRAP_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 1004 | Reserved. |
| HUKS_TAG_KEY_FLAG | HuksTagType.HUKS_TAG_TYPE_UINT \| 1007 | Flag of the key. | | HUKS_TAG_KEY_AUTH_ID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 1005 | Reserved. |
| HUKS_TAG_IS_ASYNCHRONIZED | HuksTagType.HUKS_TAG_TYPE_UINT \| 1008 | Reserved. | | HUKS_TAG_KEY_ROLE | HuksTagType.HUKS_TAG_TYPE_UINT \| 1006 | Reserved. |
| HUKS_TAG_SECURE_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1009 | Reserved. | | HUKS_TAG_KEY_FLAG | HuksTagType.HUKS_TAG_TYPE_UINT \| 1007 | Flag of the key. |
| HUKS_TAG_SECURE_KEY_UUID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 1010 | Reserved. | | HUKS_TAG_IS_ASYNCHRONIZED | HuksTagType.HUKS_TAG_TYPE_UINT \| 1008 | Reserved. |
| HUKS_TAG_KEY_DOMAIN | HuksTagType.HUKS_TAG_TYPE_UINT \| 1011 | Reserved. | | HUKS_TAG_SECURE_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1009 | Reserved. |
| HUKS_TAG_PROCESS_NAME | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10001 | Process name. | | HUKS_TAG_SECURE_KEY_UUID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 1010 | Reserved. |
| HUKS_TAG_PACKAGE_NAME | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10002 | Reserved. | | HUKS_TAG_KEY_DOMAIN | HuksTagType.HUKS_TAG_TYPE_UINT \| 1011 | Reserved. |
| HUKS_TAG_ACCESS_TIME | HuksTagType.HUKS_TAG_TYPE_UINT \| 10003 | Reserved. | | HUKS_TAG_PROCESS_NAME | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10001 | Process name. |
| HUKS_TAG_USES_TIME | HuksTagType.HUKS_TAG_TYPE_UINT \| 10004 | Reserved. | | HUKS_TAG_PACKAGE_NAME | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10002 | Reserved. |
| HUKS_TAG_CRYPTO_CTX | HuksTagType.HUKS_TAG_TYPE_ULONG \| 10005 | Reserved. | | HUKS_TAG_ACCESS_TIME | HuksTagType.HUKS_TAG_TYPE_UINT \| 10003 | Reserved. |
| HUKS_TAG_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10006 | Reserved. | | HUKS_TAG_USES_TIME | HuksTagType.HUKS_TAG_TYPE_UINT \| 10004 | Reserved. |
| HUKS_TAG_KEY_VERSION | HuksTagType.HUKS_TAG_TYPE_UINT \| 10007 | Key version. | | HUKS_TAG_CRYPTO_CTX | HuksTagType.HUKS_TAG_TYPE_ULONG \| 10005 | Reserved. |
| HUKS_TAG_PAYLOAD_LEN | HuksTagType.HUKS_TAG_TYPE_UINT \| 10008 | Reserved. | | HUKS_TAG_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10006 | Reserved. |
| HUKS_TAG_AE_TAG | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10009 | Reserved. | | HUKS_TAG_KEY_VERSION | HuksTagType.HUKS_TAG_TYPE_UINT \| 10007 | Key version. |
| HUKS_TAG_IS_KEY_HANDLE | HuksTagType.HUKS_TAG_TYPE_ULONG \| 10010 | Reserved. | | HUKS_TAG_PAYLOAD_LEN | HuksTagType.HUKS_TAG_TYPE_UINT \| 10008 | Reserved. |
| HUKS_TAG_OS_VERSION | HuksTagType.HUKS_TAG_TYPE_UINT \| 10101 | OS version. | | HUKS_TAG_AE_TAG | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10009 | Reserved. |
| HUKS_TAG_OS_PATCHLEVEL | HuksTagType.HUKS_TAG_TYPE_UINT \| 10102 | OS patch level. | | HUKS_TAG_IS_KEY_HANDLE | HuksTagType.HUKS_TAG_TYPE_ULONG \| 10010 | Reserved. |
| HUKS_TAG_SYMMETRIC_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20001 | Reserved. | | HUKS_TAG_OS_VERSION | HuksTagType.HUKS_TAG_TYPE_UINT \| 10101 | OS version. |
| HUKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20002 | Reserved. | | HUKS_TAG_OS_PATCHLEVEL | HuksTagType.HUKS_TAG_TYPE_UINT \| 10102 | OS patch level. |
| HUKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20003 | Reserved. | | HUKS_TAG_SYMMETRIC_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20001 | Reserved. |
| HUKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20002 | Reserved. |
| HUKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20003 | Reserved. |
## huks.generateKey ## huks.generateKey
...@@ -362,7 +395,7 @@ Generates a key. This API uses an asynchronous callback to return the result. ...@@ -362,7 +395,7 @@ Generates a key. This API uses an asynchronous callback to return the result.
| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ | | -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ |
| keyAlias | string | Yes | Alias of the key. | | keyAlias | string | Yes | Alias of the key. |
| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. | | options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. |
| callback | AsyncCallback\<[HuksResult](#huksresult)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** will be returned. If the operation fails, an error code defined in **HuksResult** will be returned. | | callback | AsyncCallback\<[HuksResult](#huksresult)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** will be returned. If the operation fails, an error code defined in **HuksResult** will be returned.|
**Example** **Example**
...@@ -402,7 +435,7 @@ huks.generateKey(keyAlias, options, function (err, data){}); ...@@ -402,7 +435,7 @@ huks.generateKey(keyAlias, options, function (err, data){});
generateKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> generateKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult>
Generates a key. This API uses a promise to return the result. Generates a key. This API uses a promise to return the result asynchronously.
**System capability**: SystemCapability.Security.Huks **System capability**: SystemCapability.Security.Huks
...@@ -411,13 +444,13 @@ Generates a key. This API uses a promise to return the result. ...@@ -411,13 +444,13 @@ Generates a key. This API uses a promise to return the result.
| Name | Type | Mandatory| Description | | Name | Type | Mandatory| Description |
| -------- | --------------------------- | ---- | ------------------------ | | -------- | --------------------------- | ---- | ------------------------ |
| keyAlias | string | Yes | Alias of the key. | | keyAlias | string | Yes | Alias of the key. |
| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. | | options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key.|
**Return value** **Return value**
| Type | Description | | Type | Description |
| ----------------------------------- | -------------------------------------------------- | | ----------------------------------- | -------------------------------------------------- |
| Promise\<[HuksResult](#huksresult)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** will be returned. If the operation fails, an error code will be returned. | | Promise\<[HuksResult](#huksresult)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** will be returned. If the operation fails, an error code will be returned.|
**Example** **Example**
...@@ -463,7 +496,7 @@ Deletes a key. This API uses an asynchronous callback to return the result. ...@@ -463,7 +496,7 @@ Deletes a key. This API uses an asynchronous callback to return the result.
| -------- | ----------------------------------------- | ---- | -------------------------------------------------- | | -------- | ----------------------------------------- | ---- | -------------------------------------------------- |
| keyAlias | string | Yes | Key alias passed in when the key was generated. | | keyAlias | string | Yes | Key alias passed in when the key was generated. |
| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | | options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). |
| callback | AsyncCallback\<[HuksResult](#huksresult)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** will be returned. If the operation fails, an error code will be returned. | | callback | AsyncCallback\<[HuksResult](#huksresult)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** will be returned. If the operation fails, an error code will be returned.|
**Example** **Example**
...@@ -480,7 +513,7 @@ huks.deleteKey(keyAlias, emptyOptions, function (err, data) {}); ...@@ -480,7 +513,7 @@ huks.deleteKey(keyAlias, emptyOptions, function (err, data) {});
deleteKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> deleteKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult>
Deletes a key. This API uses a promise to return the result. Deletes a key. This API uses a promise to return the result asynchronously.
**System capability**: SystemCapability.Security.Huks **System capability**: SystemCapability.Security.Huks
...@@ -488,14 +521,14 @@ Deletes a key. This API uses a promise to return the result. ...@@ -488,14 +521,14 @@ Deletes a key. This API uses a promise to return the result.
| Name | Type | Mandatory| Description | | Name | Type | Mandatory| Description |
| -------- | ----------- | ---- | ----------------------------------------------------- | | -------- | ----------- | ---- | ----------------------------------------------------- |
| keyAlias | string | Yes | Key alias passed in when the key was generated. | | keyAlias | string | Yes | Key alias passed in when the key was generated.|
| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | | options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).|
**Return value** **Return value**
| Type | Description | | Type | Description |
| ----------------------------------- | -------------------------------------------------- | | ----------------------------------- | -------------------------------------------------- |
| Promise\<[HuksResult](#huksresult)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** will be returned. If the operation fails, an error code will be returned. | | Promise\<[HuksResult](#huksresult)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** will be returned. If the operation fails, an error code will be returned.|
**Example** **Example**
...@@ -520,13 +553,13 @@ Obtains the SDK version of the current system. ...@@ -520,13 +553,13 @@ Obtains the SDK version of the current system.
| Name | Type | Mandatory| Description | | Name | Type | Mandatory| Description |
| ------- | ---------- | ---- | ------------------------- | | ------- | ---------- | ---- | ------------------------- |
| options | [HuksOptions](#huksoptions) | Yes | Empty object, which is used to hold the SDK version. | | options | [HuksOptions](#huksoptions) | Yes | Empty object, which is used to hold the SDK version.|
**Return value** **Return value**
| Type | Description | | Type | Description |
| ------ | ------------- | | ------ | ------------- |
| string | SDK version obtained. | | string | SDK version obtained.|
**Example** **Example**
...@@ -542,7 +575,7 @@ var result = huks.getSdkVersion(emptyOptions); ...@@ -542,7 +575,7 @@ var result = huks.getSdkVersion(emptyOptions);
importKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void importKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void
Imports a key. This API uses an asynchronous callback to return the result. Imports a key in plaintext. This API uses an asynchronous callback to return the result.
**System capability**: SystemCapability.Security.Huks **System capability**: SystemCapability.Security.Huks
...@@ -550,9 +583,9 @@ Imports a key. This API uses an asynchronous callback to return the result. ...@@ -550,9 +583,9 @@ Imports a key. This API uses an asynchronous callback to return the result.
| Name | Type | Mandatory| Description | | Name | Type | Mandatory| Description |
| -------- | ------------------------ | ---- | ------------------------------------------------- | | -------- | ------------------------ | ---- | ------------------------------------------------- |
| keyAlias | string | Yes | Key alias, which is used to hold the key pair. | | keyAlias | string | Yes | Alias of the key to import.|
| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key pair to import. | | options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import.|
| callback | AsyncCallback\<[HuksResult](#huksresult)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** will be returned. If the operation fails, an error code will be returned. | | callback | AsyncCallback\<[HuksResult](#huksresult)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** will be returned. If the operation fails, an error code will be returned.|
**Example** **Example**
...@@ -600,7 +633,7 @@ huks.importKey(keyAlias, options, function (err, data){}); ...@@ -600,7 +633,7 @@ huks.importKey(keyAlias, options, function (err, data){});
importKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> importKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult>
Imports a key. This API uses a promise to return the result. Imports a key in plaintext. This API uses a promise to return the result asynchronously.
**System capability**: SystemCapability.Security.Huks **System capability**: SystemCapability.Security.Huks
...@@ -608,14 +641,14 @@ Imports a key. This API uses a promise to return the result. ...@@ -608,14 +641,14 @@ Imports a key. This API uses a promise to return the result.
| Name | Type | Mandatory| Description | | Name | Type | Mandatory| Description |
| -------- | ----------- | ---- | ------------------------------------ | | -------- | ----------- | ---- | ------------------------------------ |
| keyAlias | string | Yes | Key alias, which is used to hold the key pair. | | keyAlias | string | Yes | Alias of the key to import.|
| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key pair to import. | | options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import.|
**Return value** **Return value**
| Type | Description | | Type | Description |
| ----------------------------------- | -------------------------------------------------- | | ----------------------------------- | -------------------------------------------------- |
| Promise\<[HuksResult](#huksresult)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** will be returned. If the operation fails, an error code will be returned. | | Promise\<[HuksResult](#huksresult)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** will be returned. If the operation fails, an error code will be returned.|
**Example** **Example**
...@@ -661,6 +694,230 @@ var huksoptions = { ...@@ -661,6 +694,230 @@ var huksoptions = {
var result = huks.importKey(keyAlias, huksoptions); var result = huks.importKey(keyAlias, huksoptions);
``` ```
## huks.importWrappedKey<sup>9+</sup>
importWrappedKey(keyAlias: string, wrappingKeyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void
Imports a wrapped key. This API uses an asynchronous callback to return the result.
**System capability**: SystemCapability.Security.Huks
**Parameters**
| Name | Type | Mandatory| Description |
| ---------------- | ----------------------------------------- | ---- | -------------------------------------------------- |
| keyAlias | string | Yes | Alias of the wrapped key to import. |
| wrappingKeyAlias | string | Yes | Alias of the data used to unwrap the key imported. |
| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and the wrapped key to import. |
| callback | AsyncCallback\<[HuksResult](#huksresult)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** will be returned. If the operation fails, an error code will be returned.|
**Example**
```js
var exportWrappingKey;
var alias1 = "importAlias";
var alias2 = "wrappingKeyAlias";
async function TestGenFunc(alias, options) {
await genKey(alias, options)
.then((data) => {
console.log(`test genKey data: ${JSON.stringify(data)}`);
})
.catch((err) => {
console.log('test genKey err information: ' + JSON.stringify(err));
});
}
function genKey(alias, options) {
return new Promise((resolve, reject) => {
huks.generateKey(alias, options, function (err, data) {
console.log(`test genKey data: ${JSON.stringify(data)}`);
if (err.code !== 0) {
console.log('test genKey err information: ' + JSON.stringify(err));
reject(err);
} else {
resolve(data);
}
});
});
}
async function TestExportFunc(alias, options) {
await exportKey(alias, options)
.then((data) => {
console.log(`test exportKey data: ${JSON.stringify(data)}`);
})
.catch((err) => {
console.log('test exportKey err information: ' + JSON.stringify(err));
});
}
function exportKey(alias, options) {
return new Promise((resolve, reject) => {
huks.exportKey(alias, options, function (err, data) {
console.log(`test exportKey data: ${JSON.stringify(data)}`);
if (err.code !== 0) {
console.log('test exportKey err information: ' + JSON.stringify(err));
reject(err);
} else {
exportWrappingKey = data.outData;
resolve(data);
}
});
});
}
async function TestImportWrappedFunc(alias, wrappingAlias, options) {
await importWrappedKey(alias, wrappingAlias, options)
.then((data) => {
console.log(`TestImportWrappedFunc data: ${JSON.stringify(data)}`);
})
.catch((err) => {
console.log('test importWrappedKey err information: ' + JSON.stringify(err));
});
}
function importWrappedKey(alias, wrappingAlias, options) {
return new Promise((resolve, reject) => {
huks.importWrappedKey(alias, wrappingAlias, options, function (err, data) {
console.log(`importWrappedKey data: ${JSON.stringify(data)}`);
if (err.code !== 0) {
console.log('importWrappedKey err information: ' + JSON.stringify(err));
reject(err);
} else {
resolve(data);
}
});
});
}
async function TestImportWrappedKeyFunc(
alias,
wrappingAlias,
genOptions,
importOptions
) {
await TestGenFunc(wrappingAlias, genOptions);
await TestExportFunc(wrappingAlias, genOptions);
/*The following operations do not invoke the HUKS APIs, and the specific implementation is not provided here.
* For example, import keyA.
* 1. Use ECC to generate a public and private key pair keyB. The public key is keyB_pub, and the private key is keyB_pri.
* 2. Use keyB_pri and the public key obtained from wrappingAlias to negotiate the shared key share_key.
* 3. Randomly generate a key kek for encrypting keyA using AES-GCM. During the encryption, record nonce1/aad1/ciphertext keyA_enc/encrypted tag1.
* 4. Use the share_key to encrypt kek using AES-GCM. During the encryption, record nonce2/aad2/ciphertext kek_enc/encrypted tag2.
* 5. Generate the importOptions.inData field in the following format:
* keyB_pub length (4 bytes) + keyB_pub + aad2 length (4 bytes) + aad2 +
* nonce2 length (4 bytes) + nonce2 + tag2 length (4 bytes) + tag2 +
* kek_enc length (4 bytes) + kek_enc + aad1 length (4 bytes) + aad1 +
* nonce1 length (4 bytes) + nonce1 + tag1 length (4 bytes) + tag1 +
* Memory occupied by the keyA length (4 bytes) + keyA length + keyA_enc length (4 bytes) + keyA_enc
*/
var inputKey = new Uint8Array([0x02, 0x00, 0x00, 0x00]);
importOptions.inData = inputKey;
await TestImportWrappedFunc(alias, wrappingAlias, importOptions);
}
function makeGenerateOptions() {
var properties = new Array();
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_ECC
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_UNWRAP
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
};
var options = {
properties: properties
};
return options;
};
function makeImportOptions() {
var properties = new Array();
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_CBC
};
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_UNWRAP_ALGORITHM_SUITE,
value: huks.HuksUnwrapSuite.HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING
};
var options = {
properties: properties
};
return options;
};
function huksImportWrappedKey() {
var genOptions = makeGenerateOptions();
var importOptions = makeImportOptions();
TestImportWrappedKeyFunc(
alias1,
alias2,
genOptions,
importOptions
);
}
```
## huks.importWrappedKey<sup>9+</sup>
importWrappedKey(keyAlias: string, wrappingKeyAlias: string, options: HuksOptions) : Promise\<HuksResult>
Imports a wrapped key. This API uses a promise to return the result asynchronously.
**System capability**: SystemCapability.Security.Huks
**Parameters**
| Name | Type | Mandatory| Description |
| ---------------- | --------------------------- | ---- | --------------------------------------------- |
| keyAlias | string | Yes | Alias of the wrapped key to import. |
| wrappingKeyAlias | string | Yes | Alias of the data used to unwrap the key imported. |
| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and the wrapped key to import.|
**Return value**
| Type | Description |
| ----------------------------------- | -------------------------------------------------- |
| Promise\<[HuksResult](#huksresult)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** will be returned. If the operation fails, an error code will be returned.|
**Example**
```js
/* The process is similar as if a callback is used, except the following:*/
async function TestImportWrappedFunc(alias, wrappingAlias, options) {
var result = await huks.importWrappedKey(alias, wrappingAlias, options);
if (result.errorCode === 0) {
console.log('test importWrappedKey success');
} else {
console.log('test importWrappedKey fail');
}
}
```
## huks.exportKey ## huks.exportKey
exportKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void exportKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void
...@@ -675,7 +932,7 @@ Exports a key. This API uses an asynchronous callback to return the result. ...@@ -675,7 +932,7 @@ Exports a key. This API uses an asynchronous callback to return the result.
| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ | | -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ |
| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | | keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. |
| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | | options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). |
| callback | AsyncCallback\<[HuksResult](#huksresult)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** will be returned. If the operation fails, an error code will be returned. **outData** contains the public key exported. | | callback | AsyncCallback\<[HuksResult](#huksresult)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** will be returned. If the operation fails, an error code will be returned. **outData** contains the public key exported.|
**Example** **Example**
...@@ -692,7 +949,7 @@ huks.exportKey(keyAlias, emptyOptions, function (err, data){}); ...@@ -692,7 +949,7 @@ huks.exportKey(keyAlias, emptyOptions, function (err, data){});
exportKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> exportKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult>
Exports a key. This API uses a promise to return the result. Exports a key. This API uses a promise to return the result asynchronously.
**System capability**: SystemCapability.Security.Huks **System capability**: SystemCapability.Security.Huks
...@@ -700,14 +957,14 @@ Exports a key. This API uses a promise to return the result. ...@@ -700,14 +957,14 @@ Exports a key. This API uses a promise to return the result.
| Name | Type | Mandatory| Description | | Name | Type | Mandatory| Description |
| -------- | ----------- | ---- | ------------------------------------------------------------ | | -------- | ----------- | ---- | ------------------------------------------------------------ |
| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | | keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.|
| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | | options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).|
**Return value** **Return value**
| Type | Description | | Type | Description |
| ----------------------------------- | ------------------------------------------------------------ | | ----------------------------------- | ------------------------------------------------------------ |
| Promise\<[HuksResult](#huksresult)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** will be returned. If the operation fails, an error code will be returned. **outData** contains the public key exported. | | Promise\<[HuksResult](#huksresult)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** will be returned. If the operation fails, an error code will be returned. **outData** contains the public key exported.|
**Example** **Example**
...@@ -734,7 +991,7 @@ Obtains key properties. This API uses an asynchronous callback to return the res ...@@ -734,7 +991,7 @@ Obtains key properties. This API uses an asynchronous callback to return the res
| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ | | -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ |
| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | | keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. |
| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | | options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). |
| callback | AsyncCallback\<[HuksResult](#huksresult)> | Yes | Callback used to return the result. **HUKS_SUCCESS** will be returned if the operation is successful; an error code will be returned otherwise. | | callback | AsyncCallback\<[HuksResult](#huksresult)> | Yes | Callback used to return the result. If the operation is successful, **errorCode** is **HUKS_SUCCESS**; otherwise, an error code will be returned.|
**Example** **Example**
...@@ -751,7 +1008,7 @@ huks.getKeyProperties(keyAlias, emptyOptions, function (err, data){}); ...@@ -751,7 +1008,7 @@ huks.getKeyProperties(keyAlias, emptyOptions, function (err, data){});
getKeyProperties(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> getKeyProperties(keyAlias: string, options: HuksOptions) : Promise\<HuksResult>
Obtains key properties. This API uses a promise to return the result. Obtains key properties. This API uses a promise to return the result asynchronously.
**System capability**: SystemCapability.Security.Huks **System capability**: SystemCapability.Security.Huks
...@@ -759,14 +1016,14 @@ Obtains key properties. This API uses a promise to return the result. ...@@ -759,14 +1016,14 @@ Obtains key properties. This API uses a promise to return the result.
| Name | Type | Mandatory| Description | | Name | Type | Mandatory| Description |
| -------- | ----------- | ---- | ------------------------------------------------------------ | | -------- | ----------- | ---- | ------------------------------------------------------------ |
| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | | keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.|
| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | | options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).|
**Return value** **Return value**
| Type | Description | | Type | Description |
| ------------------ | ------------------------------------------------------------ | | ------------------ | ------------------------------------------------------------ |
| Promise\<[HuksResult](#huksoptions)> | Promise used to return the result. In the return result, **HUKS_SUCCESS** will be returned for **errorCode** if the operation is successful; an error code will be returned otherwise. **properties** returns the parameters required for generating the key. | | Promise\<[HuksResult](#huksoptions)> | Promise used to return the result. If the operation is successful, **errorCode** is **HUKS_SUCCESS**; otherwise, an error code will be returned. **properties** returns the parameters required for generating the key.|
**Example** **Example**
...@@ -791,9 +1048,9 @@ Checks whether a key exists. This API uses an asynchronous callback to return th ...@@ -791,9 +1048,9 @@ Checks whether a key exists. This API uses an asynchronous callback to return th
| Name | Type | Mandatory| Description | | Name | Type | Mandatory| Description |
| -------- | ---------------------- | ---- | ------------------------------------- | | -------- | ---------------------- | ---- | ------------------------------------- |
| keyAlias | string | Yes | Alias of the key to check. | | keyAlias | string | Yes | Alias of the key to check.|
| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | | options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).|
| callback | AsyncCallback\<boolean> | Yes | Callback used to return the result. **TRUE** means that the key exists; **FALSE** means the opposite. | | callback | AsyncCallback\<boolean> | Yes | Callback used to return the result. **TRUE** means that the key exists; **FALSE** means the opposite.|
**Example** **Example**
...@@ -810,7 +1067,7 @@ huks.isKeyExist(keyAlias, emptyOptions, function (err, data){}); ...@@ -810,7 +1067,7 @@ huks.isKeyExist(keyAlias, emptyOptions, function (err, data){});
isKeyExist(keyAlias: string, options: HuksOptions) : Promise\<boolean> isKeyExist(keyAlias: string, options: HuksOptions) : Promise\<boolean>
Checks whether a key exists. This API uses a promise to return the result. Checks whether a key exists. This API uses a promise to return the result asynchronously.
**System capability**: SystemCapability.Security.Huks **System capability**: SystemCapability.Security.Huks
...@@ -818,14 +1075,14 @@ Checks whether a key exists. This API uses a promise to return the result. ...@@ -818,14 +1075,14 @@ Checks whether a key exists. This API uses a promise to return the result.
| Name | Type | Mandatory| Description | | Name | Type | Mandatory| Description |
| -------- | ----------- | ---- | -------------------------------- | | -------- | ----------- | ---- | -------------------------------- |
| keyAlias | string | Yes | Alias of the key to check. | | keyAlias | string | Yes | Alias of the key to check.|
| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | | options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).|
**Return value** **Return value**
| Type | Description | | Type | Description |
| ----------------- | --------------------------------------- | | ----------------- | --------------------------------------- |
| Promise\<boolean> | Promise used to return the result. **TRUE** means that the key exists; **FALSE** means the opposite. | | Promise\<boolean> | Promise used to return the result. **TRUE** means that the key exists; **FALSE** means the opposite.|
**Example** **Example**
...@@ -852,16 +1109,16 @@ Initializes a key. This API uses an asynchronous callback to return the result. ...@@ -852,16 +1109,16 @@ Initializes a key. This API uses an asynchronous callback to return the result.
| Name | Type | Mandatory| Description | | Name | Type | Mandatory| Description |
| -------- | ---------------------- | ---- | ------------------------------------- | | -------- | ---------------------- | ---- | ------------------------------------- |
| keyAlias | string | Yes | Alias of the target key. | | keyAlias | string | Yes | Alias of the target key.|
| options | [HuksOptions](#huksoptions) | Yes | Parameters used for initialization. | | options | [HuksOptions](#huksoptions) | Yes | Parameters used for initialization.|
| callback | AsyncCallback\<[HuksHandle](#hukshandle)> | Yes | Callback used to return the handle of the initialization operation. | | callback | AsyncCallback\<[HuksHandle](#hukshandle)> | Yes | Callback used to return the handle of the initialization operation.|
## huks.init ## huks.init
init(keyAlias: string, options: HuksOptions) : Promise\<HuksHandle> init(keyAlias: string, options: HuksOptions) : Promise\<HuksHandle>
Initializes a key. This API uses a promise to return the result. Initializes a key. This API uses a promise to return the result asynchronously.
**System capability**: SystemCapability.Security.Huks **System capability**: SystemCapability.Security.Huks
...@@ -869,9 +1126,9 @@ Initializes a key. This API uses a promise to return the result. ...@@ -869,9 +1126,9 @@ Initializes a key. This API uses a promise to return the result.
| Name | Type | Mandatory| Description | | Name | Type | Mandatory| Description |
| -------- | ---------------------- | ---- | ------------------------------------- | | -------- | ---------------------- | ---- | ------------------------------------- |
| keyAlias | string | Yes | Alias of the target key. | | keyAlias | string | Yes | Alias of the target key.|
| options | [HuksOptions](#huksoptions) | Yes | Parameters used for initialization. | | options | [HuksOptions](#huksoptions) | Yes | Parameters used for initialization.|
| promise | Promise\<[HuksHandle](#hukshandle)> | Yes | Promise used to return the handle of the initialization operation. | | promise | Promise\<[HuksHandle](#hukshandle)> | Yes | Promise used to return the handle of the initialization operation.|
## huks.update ## huks.update
...@@ -886,17 +1143,17 @@ Updates a key. This API uses an asynchronous callback to return the result. ...@@ -886,17 +1143,17 @@ Updates a key. This API uses an asynchronous callback to return the result.
| Name | Type | Mandatory| Description | | Name | Type | Mandatory| Description |
| -------- | ---------------------- | ---- | ------------------------------------- | | -------- | ---------------------- | ---- | ------------------------------------- |
| handle | number | Yes | Handle of the **Update** operation. | | handle | number | Yes | Handle of the **Update** operation.|
| token | Uint8Array | No| Token of the **Update** operation. | | token | Uint8Array | No| Token of the **Update** operation.|
| options | [HuksOptions](#huksoptions) | Yes | Parameters of the **Update** operation. | | options | [HuksOptions](#huksoptions) | Yes | Parameters of the **Update** operation.|
| callback | AsyncCallback\<[HuksResult](#huksresult)> | Yes| Callback used to return the operation result. | | callback | AsyncCallback\<[HuksResult](#huksresult)> | Yes| Callback used to return the operation result.|
## huks.update ## huks.update
update(handle: number, token?: Uint8Array, options: HuksOptions) : Promise\<HuksResult> update(handle: number, token?: Uint8Array, options: HuksOptions) : Promise\<HuksResult>
Updates a key. This API uses a promise to return the result. Updates a key. This API uses a promise to return the result asynchronously.
**System capability**: SystemCapability.Security.Huks **System capability**: SystemCapability.Security.Huks
...@@ -904,10 +1161,10 @@ Updates a key. This API uses a promise to return the result. ...@@ -904,10 +1161,10 @@ Updates a key. This API uses a promise to return the result.
| Name | Type | Mandatory| Description | | Name | Type | Mandatory| Description |
| -------- | ---------------------- | ---- | ------------------------------------- | | -------- | ---------------------- | ---- | ------------------------------------- |
| handle | number | Yes | Handle of the **Update** operation. | | handle | number | Yes | Handle of the **Update** operation.|
| token | Uint8Array | No| Token of the **Update** operation. | | token | Uint8Array | No| Token of the **Update** operation.|
| options | [HuksOptions](#huksoptions) | Yes | Parameters of the **Update** operation. | | options | [HuksOptions](#huksoptions) | Yes | Parameters of the **Update** operation.|
| promise | Promise\<[HuksResult](#huksresult)> | Yes| Promise used to return the operation result. | | promise | Promise\<[HuksResult](#huksresult)> | Yes| Promise used to return the operation result.|
## huks.finish ## huks.finish
...@@ -922,16 +1179,16 @@ Completes the key operation and releases resources. This API uses an asynchronou ...@@ -922,16 +1179,16 @@ Completes the key operation and releases resources. This API uses an asynchronou
| Name | Type | Mandatory| Description | | Name | Type | Mandatory| Description |
| -------- | ---------------------- | ---- | ------------------------------------- | | -------- | ---------------------- | ---- | ------------------------------------- |
| handle | number | Yes | Handle of the **Finish** operation. | | handle | number | Yes | Handle of the **Finish** operation.|
| options | [HuksOptions](#huksoptions) | Yes | Parameters of the **Finish** operation. | | options | [HuksOptions](#huksoptions) | Yes | Parameters of the **Finish** operation.|
| callback | AsyncCallback\<[HuksResult](#huksresult)> | Yes| Callback used to return the operation result. | | callback | AsyncCallback\<[HuksResult](#huksresult)> | Yes| Callback used to return the operation result.|
## huks.finish ## huks.finish
finish(handle: number, options: HuksOptions) : Promise\<HuksResult> finish(handle: number, options: HuksOptions) : Promise\<HuksResult>
Completes the key operation and releases resources. This API uses a promise to return the result. Completes the key operation and releases resources. This API uses a promise to return the result asynchronously.
**System capability**: SystemCapability.Security.Huks **System capability**: SystemCapability.Security.Huks
...@@ -939,9 +1196,9 @@ Completes the key operation and releases resources. This API uses a promise to r ...@@ -939,9 +1196,9 @@ Completes the key operation and releases resources. This API uses a promise to r
| Name | Type | Mandatory| Description | | Name | Type | Mandatory| Description |
| -------- | ---------------------- | ---- | ------------------------------------- | | -------- | ---------------------- | ---- | ------------------------------------- |
| handle | number | Yes | Handle of the **Finish** operation. | | handle | number | Yes | Handle of the **Finish** operation.|
| options | [HuksOptions](#huksoptions) | Yes | Parameters of the **Finish** operation. | | options | [HuksOptions](#huksoptions) | Yes | Parameters of the **Finish** operation.|
| promise | Promise\<[HuksResult](#HuksResult)> | Yes| Promise used to return the operation result. | | promise | Promise\<[HuksResult](#HuksResult)> | Yes| Promise used to return the operation result.|
## huks.abort ## huks.abort
...@@ -956,9 +1213,9 @@ Aborts the use of the key. This API uses an asynchronous callback to return the ...@@ -956,9 +1213,9 @@ Aborts the use of the key. This API uses an asynchronous callback to return the
| Name | Type | Mandatory| Description | | Name | Type | Mandatory| Description |
| -------- | ---------------------- | ---- | ------------------------------------- | | -------- | ---------------------- | ---- | ------------------------------------- |
| handle | number | Yes | Handle of the **Abort** operation. | | handle | number | Yes | Handle of the **Abort** operation.|
| options | [HuksOptions](#huksoptions) | Yes | Parameters of the **Abort** operation. | | options | [HuksOptions](#huksoptions) | Yes | Parameters of the **Abort** operation.|
| callback | AsyncCallback\<[HuksResult](#huksresult)> | Yes| Callback used to return the operation result. | | callback | AsyncCallback\<[HuksResult](#huksresult)> | Yes| Callback used to return the operation result.|
**Example** **Example**
...@@ -1168,7 +1425,7 @@ struct Index { ...@@ -1168,7 +1425,7 @@ struct Index {
abort(handle: number, options: HuksOptions) : Promise\<HuksResult>; abort(handle: number, options: HuksOptions) : Promise\<HuksResult>;
Aborts the use of the key. This API uses a promise to return the result. Aborts the use of the key. This API uses a promise to return the result asynchronously.
**System capability**: SystemCapability.Security.Huks **System capability**: SystemCapability.Security.Huks
...@@ -1176,9 +1433,9 @@ Aborts the use of the key. This API uses a promise to return the result. ...@@ -1176,9 +1433,9 @@ Aborts the use of the key. This API uses a promise to return the result.
| Name | Type | Mandatory| Description | | Name | Type | Mandatory| Description |
| -------- | ---------------------- | ---- | ------------------------------------- | | -------- | ---------------------- | ---- | ------------------------------------- |
| handle | number | Yes | Handle of the **Abort** operation. | | handle | number | Yes | Handle of the **Abort** operation.|
| options | [HuksOptions](#huksoptions) | Yes | Parameters of the **Abort** operation. | | options | [HuksOptions](#huksoptions) | Yes | Parameters of the **Abort** operation.|
| promise | Promise\<[HuksResult](#huksresult)> | Yes| Promise used to return the operation result. | | promise | Promise\<[HuksResult](#huksresult)> | Yes| Promise used to return the operation result.|
**Example** **Example**
...@@ -1399,7 +1656,7 @@ Defines the **param** in the **properties** array of **options** used in the API ...@@ -1399,7 +1656,7 @@ Defines the **param** in the **properties** array of **options** used in the API
| Name| Type | Mandatory| Description | | Name| Type | Mandatory| Description |
| ------ | ----------------------------------- | ---- | ---------- | | ------ | ----------------------------------- | ---- | ---------- |
| tag | HuksTag | Yes | Tag. | | tag | HuksTag | Yes | Tag. |
| value | boolean\|number\|bigint\|Uint8Array | Yes | Value of the tag. | | value | boolean\|number\|bigint\|Uint8Array | Yes | Value of the tag.|
## HuksOptions ## HuksOptions
...@@ -1409,7 +1666,7 @@ Defines the **options** used in the APIs. ...@@ -1409,7 +1666,7 @@ Defines the **options** used in the APIs.
| Name | Type | Mandatory| Description | | Name | Type | Mandatory| Description |
| ---------- | ----------------- | ---- | ------------------------ | | ---------- | ----------------- | ---- | ------------------------ |
| properties | Array\<HuksParam> | No | Array used to hold **HuksParam**. | | properties | Array\<HuksParam> | No | Array used to hold **HuksParam**.|
| inData | Uint8Array | No | Input data. | | inData | Uint8Array | No | Input data. |
## HuksHandle ## HuksHandle
...@@ -1418,11 +1675,11 @@ Defines the HUKS handle structure. ...@@ -1418,11 +1675,11 @@ Defines the HUKS handle structure.
**System capability**: SystemCapability.Security.Huks **System capability**: SystemCapability.Security.Huks
| Name | Type | Mandatory | Description | | Name | Type | Mandatory| Description |
| ---------- | ---------------- | ---- | -------- | | ---------- | ---------------- | ---- | -------- |
| errorCode | number | Yes | Error code. | | errorCode | number | Yes | Error code.|
| handle | number | Yes| Value of the handle. | | handle | number | Yes| Value of the handle.|
| token | Uint8Array | No| Reserved. | | token | Uint8Array | No| Reserved.|
## HuksResult ## HuksResult
...@@ -1433,9 +1690,9 @@ Defines the **HuksResult** structure. ...@@ -1433,9 +1690,9 @@ Defines the **HuksResult** structure.
| Name | Type | Mandatory | Description | | Name | Type | Mandatory| Description |
| ---------- | ----------------- | ---- | -------- | | ---------- | ----------------- | ---- | -------- |
| errorCode | number | Yes | Error code. | | errorCode | number | Yes | Error code. |
| outData | Uint8Array | No | Output data. | | outData | Uint8Array | No | Output data.|
| properties | Array\<HuksParam> | No | Properties. | | properties | Array\<HuksParam> | No | Properties. |
| certChains | Array\<string> | No | Certificate chain. | | certChains | Array\<string> | No | Certificate chain. |
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册