Skip to content

D
Docs

OpenHarmony / Docs
大约 2 年 前同步成功

通知 161
Star 293
Fork 28
D
Docs
提交 6f568505 编写于 作者: Z zhangcheng
浏览文件
操作

补充安全导入demo 

Signed-off-by: Nzhangcheng <zhangcheng195@huawei.com>
上级 36c87d04
隐藏空白更改
内联 并排
Showing with 1030 addition and 763 deletion
zh-cn/application-dev/security/huks-guidelines.md
浏览文件 @ 6f568505
...@@ -128,142 +128,378 @@ ...@@ -128,142 +128,378 @@
var result = huks.finish(handle, options) var result = huks.finish(handle, options)
``` ```
## 基于ets的功能全集demo ## 基于TS的开发指导
### **密钥导入导出** ### 密钥导入导出
**功能定义:** 可以将密钥导出储存到本地和导入使用已在本地存放的密钥。
可以使用 CNG 导入和导出 对称密钥和非对称密钥。 可以使用密钥导出和导入功能在计算机之间移动密钥。 开发步骤如下:
**测试流程**:1.生成密钥;2.导出密钥;3.导入密钥 1. 生成密钥。
2. 导出密钥。
3. 导入密钥。
**参数:** 在使用示例前,需要先了解几个预先定义的变量:
| 参数名 | 类型 | 必填 | 说明 | | 参数名 | 类型 | 必填 | 说明 |
| ----------------- | ----------- | ---- | ------------------------ | | ----------------- | ----------- | ---- | ------------------------ |
| srcKeyAlias | string | 是 | 生成密钥别名。 | | srcKeyAlias | string | 是 | 生成密钥别名。 |
| srcKeyAliasSecond | string | 是 | 导入密钥别名。 | | srcKeyAliasSecond | string | 是 | 导入密钥别名。 |
| HuksOptions | HuksOptions | 是 | 用于存放生成key所需TAG。 | | huksOptions | HuksOptions | 是 | 用于存放生成key所需TAG。 |
| encryptOptions | HuksOptions | 是 | 用于存放导入key所需TAG。 | | encryptOptions | HuksOptions | 是 | 用于存放导入key所需TAG。 |
提示:参数类型可在docs\zh-cn\application-dev\reference\apis\js-apis-huks.md中查看 关于接口的具体信息,可在[API参考文档](..\reference\apis\js-apis-huks.md)中查看。
**示例:** **示例:**
```ets ```ts
/* 以生成RSA512密钥为例 */ /* 以生成RSA512密钥为例 */
var srcKeyAlias = 'hukRsaKeyAlias'; var srcKeyAlias = 'hukRsaKeyAlias';
var srcKeyAliasSecond = 'huksRsaKeyAliasSecond'; var srcKeyAliasSecond = 'huksRsaKeyAliasSecond';
/* 集成生成密钥参数集 */ async function testImportExport() {
var properties = new Array(); /* 集成生成密钥参数集 */
properties[0] = { var properties = new Array();
tag: huks.HuksTag.HUKS_TAG_ALGORITHM, properties[0] = {
value: huks.HuksKeyAlg.HUKS_ALG_RSA, tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
} value: huks.HuksKeyAlg.HUKS_ALG_RSA,
properties[1] = { }
tag: huks.HuksTag.HUKS_TAG_PURPOSE, properties[1] = {
value: tag: huks.HuksTag.HUKS_TAG_PURPOSE,
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | value:
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT, huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT |
} huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT,
properties[2] = { }
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, properties[2] = {
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_512, tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
} value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_512,
properties[3] = { }
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, properties[3] = {
value: huks.HuksCipherMode.HUKS_MODE_ECB, tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
} value: huks.HuksCipherMode.HUKS_MODE_ECB,
properties[4] = { }
tag: huks.HuksTag.HUKS_TAG_PADDING, properties[4] = {
value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5, tag: huks.HuksTag.HUKS_TAG_PADDING,
} value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5,
properties[5] = { }
tag: huks.HuksTag.HUKS_TAG_DIGEST, properties[5] = {
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256, tag: huks.HuksTag.HUKS_TAG_DIGEST,
} value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256,
var HuksOptions = { }
properties: properties, var huksOptions = {
inData: new Uint8Array(new Array()) properties: properties,
} inData: new Uint8Array(new Array())
}
/* 生成密钥 */ /* 生成密钥 */
await huks.generateKey(srcKeyAlias, HuksOptions).then((data) => { await huks.generateKey(srcKeyAlias, huksOptions).then((data) => {
console.info(`test generateKey data: ${JSON.stringify(data)}`); console.info(`test generateKey data: ${JSON.stringify(data)}`);
}).catch((err) => { }).catch((err) => {
console.info('test generateKey err information: ' + JSON.stringify(err)); console.info('test generateKey err information: ' + JSON.stringify(err));
}); });
/* 导出密钥 */ /* 导出密钥 */
await huks.exportKey(srcKeyAlias, HuksOptions).then((data) => { await huks.exportKey(srcKeyAlias, huksOptions).then((data) => {
console.info(`test ExportKey data: ${JSON.stringify(data)}`); console.info(`test ExportKey data: ${JSON.stringify(data)}`);
exportKey = data.outData; exportKey = data.outData;
}).catch((err) => { }).catch((err) => {
console.info('test ImportKey err information: ' + JSON.stringify(err)); console.info('test ImportKey err information: ' + JSON.stringify(err));
}); });
/* 集成导入密钥参数集 /* 集成导入密钥参数集 */
var propertiesEncrypt = new Array(); var propertiesEncrypt = new Array();
propertiesEncrypt[0] = { propertiesEncrypt[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM, tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA, value: huks.HuksKeyAlg.HUKS_ALG_RSA,
} }
propertiesEncrypt[1] = { propertiesEncrypt[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_512, value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_512,
} }
propertiesEncrypt[2] = { propertiesEncrypt[2] = {
tag: huks.HuksTag.HUKS_TAG_PADDING, tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5, value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5,
} }
propertiesEncrypt[3] = { propertiesEncrypt[3] = {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB, value: huks.HuksCipherMode.HUKS_MODE_ECB,
}
propertiesEncrypt[4] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256,
}
propertiesEncrypt[5] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT,
}
var encryptOptions = {
properties: propertiesEncrypt,
inData: new Uint8Array(new Array())
}
/* 导入密钥 */
encryptOptions.inData = exportKey;
await huks.importKey(srcKeyAliasSecond, encryptOptions).then((data) => {
console.info(`test ImportKey data: ${JSON.stringify(data)}`);
}).catch((err) => {
console.info('test ImportKey err information: ' + JSON.stringify(err));
});
} }
propertiesEncrypt[4] = { ```
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256, ### 安全导入
导入加密密钥。
开发步骤如下:
1. huks中生成用于加密导入协商的密钥。
2. 导出该密钥的公钥,协商出共享密钥。
3. 生成中间密钥材料并加密密钥。
4. 导入密钥。
在使用示例前,需要先了解几个预先定义的变量:
| 参数名 | 类型 | 必填 | 说明 |
| -------------- | ----------- | ---- | -------------------------------- |
| importAlias | string | 是 | 密钥别名。 |
| wrapAlias | string | 是 | 密钥别名。 |
| genWrapOptions | HuksOptions | 是 | 用于存放生成加密协商key所需TAG。 |
| importOptions | HuksOptions | 是 | 用于存放导入加密key所需TAG。 |
关于接口的具体信息,可在[API参考文档](..\reference\apis\js-apis-huks.md)中查看。
**示例:**
```ts
var inputEccPair = new Uint8Array([
0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x20, 0x00, 0x00,
0x00, 0x20, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0xa5, 0xb8,
0xa3, 0x78, 0x1d, 0x6d, 0x76, 0xe0, 0xb3, 0xf5, 0x6f, 0x43, 0x9d,
0xcf, 0x60, 0xf6, 0x0b, 0x3f, 0x64, 0x45, 0xa8, 0x3f, 0x1a, 0x96,
0xf1, 0xa1, 0xa4, 0x5d, 0x3e, 0x2c, 0x3f, 0x13, 0xd7, 0x81, 0xf7,
0x2a, 0xb5, 0x8d, 0x19, 0x3d, 0x9b, 0x96, 0xc7, 0x6a, 0x10, 0xf0,
0xaa, 0xbc, 0x91, 0x6f, 0x4d, 0xa7, 0x09, 0xb3, 0x57, 0x88, 0x19,
0x6f, 0x00, 0x4b, 0xad, 0xee, 0x34, 0x35, 0xfb, 0x8b, 0x9f, 0x12,
0xa0, 0x83, 0x19, 0xbe, 0x6a, 0x6f, 0x63, 0x2a, 0x7c, 0x86, 0xba,
0xca, 0x64, 0x0b, 0x88, 0x96, 0xe2, 0xfa, 0x77, 0xbc, 0x71, 0xe3,
0x0f, 0x0f, 0x9e, 0x3c, 0xe5, 0xf9]);
var exportWrappingKey;
var importAlias = "importAlias";
var wrapAlias = "wrappingKeyAlias";
async function TestGenFunc(alias, options) {
await genKey(alias, options).then((data) => {
console.log(`test genKey data: ${JSON.stringify(data)}`);
})
.catch((err) => {
console.log('test genKey err information: ' + JSON.stringify(err));
});
}
function genKey(alias, options) {
return new Promise((resolve, reject) => {
huks.importKey(alias, options, function (err, data) {
console.log(`test genKey data: ${JSON.stringify(data)}`);
if (err.code !== 0) {
console.log('test genKey err information: ' + JSON.stringify(err));
reject(err);
} else {
resolve(data);
}
});
});
}
async function TestExportFunc(alias, options) {
await exportKey(alias, options).then((data) => {
console.log(`test exportKey data: ${JSON.stringify(data)}`);
})
.catch((err) => {
console.log('test exportKey err information: ' + JSON.stringify(err));
});
}
function exportKey(alias, options) {
return new Promise((resolve, reject) => {
huks.exportKey(alias, options, function (err, data) {
console.log(`test exportKey data: ${JSON.stringify(data)}`);
if (err.code !== 0) {
console.log('test exportKey err information: ' + JSON.stringify(err));
reject(err);
} else {
exportWrappingKey = data.outData;
resolve(data);
}
});
});
}
async function TestImportWrappedFunc(alias, wrappingAlias, options) {
var result = await huks.importWrappedKey(alias, wrappingAlias, options);
if (result.errorCode === 0) {
console.error('test importWrappedKey success');
} else {
console.error('test importWrappedKey fail');
}
} }
propertiesEncrypt[5] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE, async function TestImportWrappedKeyFunc(
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT, importAlias,
wrappingAlias,
genOptions,
importOptions
) {
await TestGenFunc(wrappingAlias, genOptions);
await TestExportFunc(wrappingAlias, genOptions);
/* 以下操作不需要调用HUKS接口,此处不给出具体实现。
* 假设待导入的密钥为keyA
* 1.生成ECC公私钥keyB,公钥为keyB_pub, 私钥为keyB_pri
* 2.使用keyB_pri和wrappingAlias密钥中获取的公钥进行密钥协商,协商出共享密钥share_key
* 3.随机生成密钥kek,用于加密keyA,采用AES-GCM加密,加密过程中需要记录:nonce1/aad1/加密后的密文keyA_enc/加密后的tag1。
* 4.使用share_key加密kek,采用AES-GCM加密,加密过程中需要记录:nonce2/aad2/加密后的密文kek_enc/加密后的tag2。
* 5.拼接importOptions.inData字段,满足以下格式:
* keyB_pub的长度(4字节) + keyB_pub的数据 + aad2的长度(4字节) + aad2的数据 +
* nonce2的长度(4字节) + nonce2的数据 + tag2的长度(4字节) + tag2的数据 +
* kek_enc的长度(4字节) + kek_enc的数据 + aad1的长度(4字节) + aad1的数据 +
* nonce1的长度(4字节) + nonce1的数据 + tag1的长度(4字节) + tag1的数据 +
* keyA长度占用的内存长度(4字节) + keyA的长度 + keyA_enc的长度(4字节) + keyA_enc的数据
*/
var inputKey = new Uint8Array([
0x5b, 0x00, 0x00, 0x00, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a,
0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xc0, 0xfe,
0x1c, 0x67, 0xde, 0x86, 0x0e, 0xfb, 0xaf, 0xb5, 0x85, 0x52, 0xb4,
0x0e, 0x1f, 0x6c, 0x6c, 0xaa, 0xc5, 0xd9, 0xd2, 0x4d, 0xb0, 0x8a,
0x72, 0x24, 0xa1, 0x99, 0xaf, 0xfc, 0x3e, 0x55, 0x5a, 0xac, 0x99,
0x3d, 0xe8, 0x34, 0x72, 0xb9, 0x47, 0x9c, 0xa6, 0xd8, 0xfb, 0x00,
0xa0, 0x1f, 0x9f, 0x7a, 0x41, 0xe5, 0x44, 0x3e, 0xb2, 0x76, 0x08,
0xa2, 0xbd, 0xe9, 0x41, 0xd5, 0x2b, 0x9e, 0x10, 0x00, 0x00, 0x00,
0xbf, 0xf9, 0x69, 0x41, 0xf5, 0x49, 0x85, 0x31, 0x35, 0x14, 0x69,
0x12, 0x57, 0x9c, 0xc8, 0xb7, 0x10, 0x00, 0x00, 0x00, 0x2d, 0xb7,
0xf1, 0x5a, 0x0f, 0xb8, 0x20, 0xc5, 0x90, 0xe5, 0xca, 0x45, 0x84,
0x5c, 0x08, 0x08, 0x10, 0x00, 0x00, 0x00, 0x43, 0x25, 0x1b, 0x2f,
0x5b, 0x86, 0xd8, 0x87, 0x04, 0x4d, 0x38, 0xc2, 0x65, 0xcc, 0x9e,
0xb7, 0x20, 0x00, 0x00, 0x00, 0xf4, 0xe8, 0x93, 0x28, 0x0c, 0xfa,
0x4e, 0x11, 0x6b, 0xe8, 0xbd, 0xa8, 0xe9, 0x3f, 0xa7, 0x8f, 0x2f,
0xe3, 0xb3, 0xbf, 0xaf, 0xce, 0xe5, 0x06, 0x2d, 0xe6, 0x45, 0x5d,
0x19, 0x26, 0x09, 0xe7, 0x10, 0x00, 0x00, 0x00, 0xf4, 0x1e, 0x7b,
0x01, 0x7a, 0x84, 0x36, 0xa4, 0xa8, 0x1c, 0x0d, 0x3d, 0xde, 0x57,
0x66, 0x73, 0x10, 0x00, 0x00, 0x00, 0xe3, 0xff, 0x29, 0x97, 0xad,
0xb3, 0x4a, 0x2c, 0x50, 0x08, 0xb5, 0x68, 0xe1, 0x90, 0x5a, 0xdc,
0x10, 0x00, 0x00, 0x00, 0x26, 0xae, 0xdc, 0x4e, 0xa5, 0x6e, 0xb1,
0x38, 0x14, 0x24, 0x47, 0x1c, 0x41, 0x89, 0x63, 0x11, 0x04, 0x00,
0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x0b,
0xcb, 0xa9, 0xa8, 0x5f, 0x5a, 0x9d, 0xbf, 0xa1, 0xfc, 0x72, 0x74,
0x87, 0x79, 0xf2, 0xf4, 0x22, 0x0c, 0x8a, 0x4d, 0xd8, 0x7e, 0x10,
0xc8, 0x44, 0x17, 0x95, 0xab, 0x3b, 0xd2, 0x8f, 0x0a]);
importOptions.inData = inputKey;
await TestImportWrappedFunc(importAlias, wrappingAlias, importOptions);
}
function makePubKeyOptions() {
var properties = new Array();
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_ECC
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_UNWRAP
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
};
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_IMPORT_KEY_TYPE,
value: huks.HuksImportKeyType.HUKS_KEY_TYPE_KEY_PAIR,
};
var options = {
properties: properties,
inData: inputEccPair
};
return options;
} }
var encryptOptions = {
properties: propertiesEncrypt, function makeImportOptions() {
inData: new Uint8Array(new Array()) var properties = new Array();
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value:
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT |
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_CBC
};
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_NONE
};
properties[5] = {
tag: huks.HuksTag.HUKS_TAG_UNWRAP_ALGORITHM_SUITE,
value: huks.HuksUnwrapSuite.HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING
};
var options = {
properties: properties
};
return options;
} }
/* 导入密钥 */ function huksImportWrappedKey() {
encryptOptions.inData = exportKey; var genOptions = makePubKeyOptions();
await huks.importKey(srcKeyAliasSecond, encryptOptions).then((data) => { var importOptions = makeImportOptions();
console.info(`test ImportKey data: ${JSON.stringify(data)}`); TestImportWrappedKeyFunc(
}).catch((err) => { importAlias,
console.info('test ImportKey err information: ' + JSON.stringify(err));; wrapAlias,
}); genOptions,
importOptions
);
}
``` ```
### 密钥加解密 ### 密钥加解密
**功能定义:** 发送和接收数据的双方使用相同的或对称的密钥对明文进行加密解密运算的加密方法。 发送和接收数据的双方使用对称或非对称密钥对密钥数据进行加密或解密运算的方法。
开发步骤如下:
**测试流程**:1.生成密钥;2.密钥加密;3.密钥解密;4.对比解密数据与密钥数据是否一致 1. 生成密钥。
2. 密钥加密。
3. 密钥解密。
**参数:** 在使用示例前,需要先了解几个预先定义的变量:
| 参数名 | 类型 | 必填 | 说明 | | 参数名 | 类型 | 必填 | 说明 |
| -------------- | ----------- | ---- | ------------------------ | | -------------- | ----------- | ---- | ------------------------ |
| srcKeyAlias | string | 是 | 密钥别名。 | | srcKeyAlias | string | 是 | 密钥别名。 |
| HuksOptions | HuksOptions | 是 | 用于存放生成key所需TAG。 | | huksOptions | HuksOptions | 是 | 用于存放生成key所需TAG。 |
| encryptOptions | HuksOptions | 是 | 用于存放加密key所需TAG。 | | encryptOptions | HuksOptions | 是 | 用于存放加密key所需TAG。 |
| decryptOptions | HuksOptions | 是 | 用于存放解密key所需TAG。 | | decryptOptions | HuksOptions | 是 | 用于存放解密key所需TAG。 |
提示:参数类型可在docs\zh-cn\application-dev\reference\apis\js-apis-huks.md中查看 关于接口的具体信息,可在[API参考文档](..\reference\apis\js-apis-huks.md)中查看。
**示例:** **示例:**
```ets ```ts
/* Cipher操作支持RSA、AES、SM4类型的密钥。 /* Cipher操作支持RSA、AES、SM4类型的密钥。
* *
* 以下以SM4 128密钥的Promise操作使用为例 * 以下以SM4 128密钥的Promise操作使用为例
...@@ -290,151 +526,159 @@ var srcKeyAlias = 'huksCipherSm4SrcKeyAlias'; ...@@ -290,151 +526,159 @@ var srcKeyAlias = 'huksCipherSm4SrcKeyAlias';
var encryptUpdateResult = new Array(); var encryptUpdateResult = new Array();
var decryptUpdateResult = new Array(); var decryptUpdateResult = new Array();
/* 集成生成密钥参数集 & 加密参数集 */ async function testCipher() {
var properties = new Array(); /* 集成生成密钥参数集 & 加密参数集 */
properties[0] = { var properties = new Array();
tag: huks.HuksTag.HUKS_TAG_ALGORITHM, properties[0] = {
value: huks.HuksKeyAlg.HUKS_ALG_SM4, tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
} value: huks.HuksKeyAlg.HUKS_ALG_SM4,
properties[1] = { }
tag: huks.HuksTag.HUKS_TAG_PURPOSE, properties[1] = {
value: tag: huks.HuksTag.HUKS_TAG_PURPOSE,
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | value:
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT, huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT |
} huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT,
properties[2] = { }
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, properties[2] = {
value: huks.HuksKeySize.HUKS_SM4_KEY_SIZE_128, tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
} value: huks.HuksKeySize.HUKS_SM4_KEY_SIZE_128,
properties[3] = { }
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, properties[3] = {
value: huks.HuksCipherMode.HUKS_MODE_CBC, tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
} value: huks.HuksCipherMode.HUKS_MODE_CBC,
properties[4] = { }
tag: huks.HuksTag.HUKS_TAG_PADDING, properties[4] = {
value: huks.HuksKeyPadding.HUKS_PADDING_NONE, tag: huks.HuksTag.HUKS_TAG_PADDING,
} value: huks.HuksKeyPadding.HUKS_PADDING_NONE,
var HuksOptions = { }
properties: properties, var huksOptions = {
inData: new Uint8Array(new Array()) properties: properties,
} inData: new Uint8Array(new Array())
}
var propertiesEncrypt = new Array();
propertiesEncrypt[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_SM4,
}
propertiesEncrypt[1] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT,
}
propertiesEncrypt[2] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_SM4_KEY_SIZE_128,
}
propertiesEncrypt[3] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_NONE,
}
propertiesEncrypt[4] = {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_CBC,
}
propertiesEncrypt[5] = {
tag: huks.HuksTag.HUKS_TAG_IV,
value: sm4CipherStringToUint8Array(IV),
}
var encryptOptions = {
properties: propertiesEncrypt,
inData: new Uint8Array(new Array())
}
/* 生成密钥 var propertiesEncrypt = new Array();
await huks.generateKey(srcKeyAlias, HuksOptions).then((data) => { propertiesEncrypt[0] = {
console.info(`test generateKey data: ${JSON.stringify(data)}`); tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
}).catch((err) => { value: huks.HuksKeyAlg.HUKS_ALG_SM4,
console.info('test generateKey err information: ' + JSON.stringify(err)); }
}); propertiesEncrypt[1] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
/* 进行密钥加密操作 */ value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT,
await huks.init(srcKeyAlias, encryptOptions).then((data) => { }
console.info(`test init data: ${JSON.stringify(data)}`); propertiesEncrypt[2] = {
handle = data.handle; tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
}).catch((err) => { value: huks.HuksKeySize.HUKS_SM4_KEY_SIZE_128,
console.info('test init err information: ' + JSON.stringify(err)); }
}); propertiesEncrypt[3] = {
console.info(`leave init`); tag: huks.HuksTag.HUKS_TAG_PADDING,
encryptOptions.inData = sm4CipherStringToUint8Array(cipherInData); value: huks.HuksKeyPadding.HUKS_PADDING_NONE,
await huks.update(handle, encryptOptions).then(async (data) => { }
console.info(`test update data ${JSON.stringify(data)}`); propertiesEncrypt[4] = {
encryptUpdateResult = Array.from(data.outData); tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
}).catch((err) => { value: huks.HuksCipherMode.HUKS_MODE_CBC,
console.info('test update err information: ' + err); }
}); propertiesEncrypt[5] = {
encryptOptions.inData = new Uint8Array(new Array()); tag: huks.HuksTag.HUKS_TAG_IV,
await huks.finish(handle, encryptOptions).then((data) => { value: sm4CipherStringToUint8Array(IV),
console.info(`test finish data: ${JSON.stringify(data)}`); }
var finishData = sm4CipherUint8ArrayToString(new Uint8Array(encryptUpdateResult)); var encryptOptions = {
if (finishData === cipherInData) { properties: propertiesEncrypt,
console.info('test finish encrypt err '); inData: new Uint8Array(new Array())
} else { }
console.info('test finish encrypt success');
}
}).catch((err) => {
console.info('test finish err information: ' + JSON.stringify(err));
});
/* 修改加密参数集为解密参数集 */
propertiesEncrypt.splice(1, 1, {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT,
});
var decryptOptions = {
properties: propertiesEncrypt,
inData: new Uint8Array(new Array())
}
/* 进行解密操作 */ /* 生成密钥 */
await huks.init(srcKeyAlias, decryptOptions).then((data) => { await huks.generateKey(srcKeyAlias, huksOptions).then((data) => {
console.info(`test init data: ${JSON.stringify(data)}`); console.info(`test generateKey data: ${JSON.stringify(data)}`);
handle = data.handle; }).catch((err) => {
}).catch((err) => { console.info('test generateKey err information: ' + JSON.stringify(err));
console.info('test init err information: ' + JSON.stringify(err)); });
});
decryptOptions.inData = new Uint8Array(encryptUpdateResult); /* 进行密钥加密操作 */
await huks.update(handle, decryptOptions).then(async (data) => { await huks.init(srcKeyAlias, encryptOptions).then((data) => {
console.info(`test update data ${JSON.stringify(data)}`); console.info(`test init data: ${JSON.stringify(data)}`);
decryptUpdateResult = Array.from(data.outData); handle = data.handle;
}).catch((err) => { }).catch((err) => {
console.info('test update err information: ' + err); console.info('test init err information: ' + JSON.stringify(err));
}); });
decryptOptions.inData = new Uint8Array(new Array()); console.info(`leave init`);
await huks.finish(handle, decryptOptions).then((data) => { encryptOptions.inData = sm4CipherStringToUint8Array(cipherInData);
console.info(`test finish data: ${JSON.stringify(data)}`); await huks.update(handle, encryptOptions).then(async (data) => {
var finishData = sm4CipherUint8ArrayToString(new Uint8Array(decryptUpdateResult)); console.info(`test update data ${JSON.stringify(data)}`);
if (finishData === cipherInData) { encryptUpdateResult = Array.from(data.outData);
console.info('test finish decrypt success '); }).catch((err) => {
} else { console.info('test update err information: ' + err);
console.info('test finish decrypt err'); });
encryptOptions.inData = new Uint8Array(new Array());
await huks.finish(handle, encryptOptions).then((data) => {
console.info(`test finish data: ${JSON.stringify(data)}`);
var finishData = sm4CipherUint8ArrayToString(new Uint8Array(encryptUpdateResult));
if (finishData === cipherInData) {
console.info('test finish encrypt err ');
} else {
console.info('test finish encrypt success');
}
}).catch((err) => {
console.info('test finish err information: ' + JSON.stringify(err));
});
/* 修改加密参数集为解密参数集 */
propertiesEncrypt.splice(1, 1, {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT,
});
var decryptOptions = {
properties: propertiesEncrypt,
inData: new Uint8Array(new Array())
} }
}).catch((err) => {
console.info('test finish err information: ' + JSON.stringify(err));
});
await huks.deleteKey(srcKeyAlias, HuksOptions).then((data) => { /* 进行解密操作 */
console.info(`test deleteKey data: ${JSON.stringify(data)}`); await huks.init(srcKeyAlias, decryptOptions).then((data) => {
}).catch((err) => { console.info(`test init data: ${JSON.stringify(data)}`);
console.info('test deleteKey err information: ' + JSON.stringify(err)); handle = data.handle;
}); }).catch((err) => {
console.info('test init err information: ' + JSON.stringify(err));
});
decryptOptions.inData = new Uint8Array(encryptUpdateResult);
await huks.update(handle, decryptOptions).then(async (data) => {
console.info(`test update data ${JSON.stringify(data)}`);
decryptUpdateResult = Array.from(data.outData);
}).catch((err) => {
console.info('test update err information: ' + err);
});
decryptOptions.inData = new Uint8Array(new Array());
await huks.finish(handle, decryptOptions).then((data) => {
console.info(`test finish data: ${JSON.stringify(data)}`);
var finishData = sm4CipherUint8ArrayToString(new Uint8Array(decryptUpdateResult));
if (finishData === cipherInData) {
console.info('test finish decrypt success ');
} else {
console.info('test finish decrypt err');
}
}).catch((err) => {
console.info('test finish err information: ' + JSON.stringify(err));
});
await huks.deleteKey(srcKeyAlias, huksOptions).then((data) => {
console.info(`test deleteKey data: ${JSON.stringify(data)}`);
}).catch((err) => {
console.info('test deleteKey err information: ' + JSON.stringify(err));
});
}
``` ```
### 密钥签名验签 ### 密钥签名验签
**功能定义**签名:给我们将要发送的数据,做上一个唯一签名;验签: 对发送者发送过来的签名进行验证 。 签名:给我们将要发送的数据,做上一个唯一签名;验签: 对发送者发送过来的签名进行验证 。
**测试流程**:1.生成密钥;2.密钥签名;3.导出签名密钥;4.导入签名密钥;5.密钥验签 开发步骤如下:
**参数:** 1. 生成密钥。
2. 密钥签名。
3. 导出签名密钥。
4. 导入签名密钥。
5. 密钥验签。
在使用示例前,需要先了解几个预先定义的变量:
| 参数名 | 类型 | 必填 | 说明 | | 参数名 | 类型 | 必填 | 说明 |
| -------------------- | ----------- | ---- | ------------------------ | | -------------------- | ----------- | ---- | ------------------------ |
...@@ -444,11 +688,11 @@ await huks.deleteKey(srcKeyAlias, HuksOptions).then((data) => { ...@@ -444,11 +688,11 @@ await huks.deleteKey(srcKeyAlias, HuksOptions).then((data) => {
| rsaSignOptionsSecond | HuksOptions | 是 | 用于存放签名key所需TAG。 | | rsaSignOptionsSecond | HuksOptions | 是 | 用于存放签名key所需TAG。 |
| rsaVerifyOptions | HuksOptions | 是 | 用于存放验签key所需TAG。 | | rsaVerifyOptions | HuksOptions | 是 | 用于存放验签key所需TAG。 |
提示:参数类型可在docs\zh-cn\application-dev\reference\apis\js-apis-huks.md中查看 关于接口的具体信息,可在[API参考文档](..\reference\apis\js-apis-huks.md)中查看。
**示例:** **示例:**
```ets ```ts
/* Sign/Verify操作支持RSA、ECC、SM2、ED25519、DSA类型的密钥。 /* Sign/Verify操作支持RSA、ECC、SM2、ED25519、DSA类型的密钥。
* *
* 以下以RSA512密钥的Promise操作使用为例 * 以下以RSA512密钥的Promise操作使用为例
...@@ -468,181 +712,187 @@ var srcRsaKeyAliasVerify = 'huksSignVerifySrcKeyAliasVerify'; ...@@ -468,181 +712,187 @@ var srcRsaKeyAliasVerify = 'huksSignVerifySrcKeyAliasVerify';
var finishRsaSignData; var finishRsaSignData;
var rsaExportSignKey; var rsaExportSignKey;
/* 集成生成密钥参数集 & 签名参数集 & 验签参数集 */ async function testSignVerify() {
var rsaSignProperties = new Array(); /* 集成生成密钥参数集 & 签名参数集 & 验签参数集 */
rsaSignProperties[0] = { var rsaSignProperties = new Array();
tag: huks.HuksTag.HUKS_TAG_ALGORITHM, rsaSignProperties[0] = {
value: huks.HuksKeyAlg.HUKS_ALG_RSA, tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
} value: huks.HuksKeyAlg.HUKS_ALG_RSA,
rsaSignProperties[1] = { }
tag: huks.HuksTag.HUKS_TAG_PURPOSE, rsaSignProperties[1] = {
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN, tag: huks.HuksTag.HUKS_TAG_PURPOSE,
} value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN,
rsaSignProperties[2] = { }
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, rsaSignProperties[2] = {
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_512, tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
} value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_512,
rsaSignProperties[3] = { }
tag: huks.HuksTag.HUKS_TAG_DIGEST, rsaSignProperties[3] = {
value: huks.HuksKeyDigest.HUKS_DIGEST_MD5, tag: huks.HuksTag.HUKS_TAG_DIGEST,
} value: huks.HuksKeyDigest.HUKS_DIGEST_MD5,
rsaSignProperties[4] = { }
tag: huks.HuksTag.HUKS_TAG_PADDING, rsaSignProperties[4] = {
value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5, tag: huks.HuksTag.HUKS_TAG_PADDING,
} value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5,
var rsaSignOptions = { }
properties: rsaSignProperties, var rsaSignOptions = {
inData: new Uint8Array(new Array()) properties: rsaSignProperties,
} inData: new Uint8Array(new Array())
}
var rsaPropertiesSign = new Array(); var rsaPropertiesSign = new Array();
rsaPropertiesSign[0] = { rsaPropertiesSign[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM, tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA, value: huks.HuksKeyAlg.HUKS_ALG_RSA,
} }
rsaPropertiesSign[1] = { rsaPropertiesSign[1] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE, tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: value:
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN
} }
rsaPropertiesSign[2] = { rsaPropertiesSign[2] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST, tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_MD5, value: huks.HuksKeyDigest.HUKS_DIGEST_MD5,
} }
rsaPropertiesSign[3] = { rsaPropertiesSign[3] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_512, value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_512,
} }
rsaPropertiesSign[4] = { rsaPropertiesSign[4] = {
tag: huks.HuksTag.HUKS_TAG_PADDING, tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5, value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5,
} }
var rsaSignOptionsSecond = { var rsaSignOptionsSecond = {
properties: rsaPropertiesSign, properties: rsaPropertiesSign,
inData: new Uint8Array(new Array()) inData: new Uint8Array(new Array())
} }
var rsaPropertiesVerify = new Array(); var rsaPropertiesVerify = new Array();
rsaPropertiesVerify[0] = { rsaPropertiesVerify[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM, tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA, value: huks.HuksKeyAlg.HUKS_ALG_RSA,
} }
rsaPropertiesVerify[1] = { rsaPropertiesVerify[1] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE, tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
} }
rsaPropertiesVerify[2] = { rsaPropertiesVerify[2] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST, tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_MD5, value: huks.HuksKeyDigest.HUKS_DIGEST_MD5,
} }
rsaPropertiesVerify[3] = { rsaPropertiesVerify[3] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_512, value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_512,
} }
rsaPropertiesVerify[4] = { rsaPropertiesVerify[4] = {
tag: huks.HuksTag.HUKS_TAG_PADDING, tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5, value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5,
} }
var rsaVerifyOptions = { var rsaVerifyOptions = {
properties: rsaPropertiesVerify, properties: rsaPropertiesVerify,
inData: new Uint8Array(new Array()) inData: new Uint8Array(new Array())
} }
/* 生成密钥 */ /* 生成密钥 */
await huks.generateKey(srcRsaKeyAliasSign, rsaSignOptions).then((data) => { await huks.generateKey(srcRsaKeyAliasSign, rsaSignOptions).then((data) => {
console.info(`test generateKey data: ${JSON.stringify(data)}`); console.info(`test generateKey data: ${JSON.stringify(data)}`);
}).catch((err) => { }).catch((err) => {
console.info('test generateKey err information: ' + JSON.stringify(err)); console.info('test generateKey err information: ' + JSON.stringify(err));
}); });
/* 对密钥进行签名操作 */ /* 对密钥进行签名操作 */
await huks.init(srcRsaKeyAliasSign, rsaSignOptionsSecond).then((data) => { await huks.init(srcRsaKeyAliasSign, rsaSignOptionsSecond).then((data) => {
console.info(`test init data: ${JSON.stringify(data)}`); console.info(`test init data: ${JSON.stringify(data)}`);
rsaSignHandle = data.handle; rsaSignHandle = data.handle;
}).catch((err) => { }).catch((err) => {
console.info('test init err information: ' + JSON.stringify(err)); console.info('test init err information: ' + JSON.stringify(err));
}); });
rsaSignOptionsSecond.inData = rsaSignVerifyStringToUint8Array(rsaSignVerifyInData) rsaSignOptionsSecond.inData = rsaSignVerifyStringToUint8Array(rsaSignVerifyInData)
await huks.update(rsaSignHandle, rsaSignOptionsSecond).then(async (data) => { await huks.update(rsaSignHandle, rsaSignOptionsSecond).then(async (data) => {
console.info(`test update data ${JSON.stringify(data)}`); console.info(`test update data ${JSON.stringify(data)}`);
}).catch((err) => { }).catch((err) => {
console.info('test update err information: ' + err); console.info('test update err information: ' + err);
}); });
rsaVerifyOptions.inData = finishRsaSignData; rsaVerifyOptions.inData = finishRsaSignData;
await huks.finish(rsaSignHandle, rsaSignOptionsSecond).then((data) => { await huks.finish(rsaSignHandle, rsaSignOptionsSecond).then((data) => {
console.info(`test finish data: ${JSON.stringify(data)}`); console.info(`test finish data: ${JSON.stringify(data)}`);
}).catch((err) => { }).catch((err) => {
console.info('test finish err information: ' + JSON.stringify(err)); console.info('test finish err information: ' + JSON.stringify(err));
}); });
/* 通过导出导入模拟获取一段密钥数据 */ /* 通过导出导入模拟获取一段密钥数据 */
await huks.exportKey(srcRsaKeyAliasSign, rsaSignOptions).then((data) => { await huks.exportKey(srcRsaKeyAliasSign, rsaSignOptions).then((data) => {
console.info(`test exportKey data: ${JSON.stringify(data)}`); console.info(`test exportKey data: ${JSON.stringify(data)}`);
rsaExportSignKey = data.outData; rsaExportSignKey = data.outData;
}).catch((err) => { }).catch((err) => {
console.info('test exportKey err information: ' + JSON.stringify(err)); console.info('test exportKey err information: ' + JSON.stringify(err));
}); });
rsaVerifyOptions.inData = rsaExportSignKey; rsaVerifyOptions.inData = rsaExportSignKey;
await huks.importKey(srcRsaKeyAliasVerify, rsaVerifyOptions).then((data) => { await huks.importKey(srcRsaKeyAliasVerify, rsaVerifyOptions).then((data) => {
console.info(`test ImportKey data: ${JSON.stringify(data)}`); console.info(`test ImportKey data: ${JSON.stringify(data)}`);
}).catch((err) => { }).catch((err) => {
console.info('test exportKey err information: ' + JSON.stringify(err)); console.info('test exportKey err information: ' + JSON.stringify(err));
}); });
/* 对密钥进行验签 */ /* 对密钥进行验签 */
await huks.init(srcRsaKeyAliasVerify, rsaVerifyOptions).then((data) => { await huks.init(srcRsaKeyAliasVerify, rsaVerifyOptions).then((data) => {
console.info(`test init data: ${JSON.stringify(data)}`); console.info(`test init data: ${JSON.stringify(data)}`);
rsaSignHandle = data.handle; rsaSignHandle = data.handle;
}).catch((err) => { }).catch((err) => {
console.info('test init err information: ' + JSON.stringify(err)); console.info('test init err information: ' + JSON.stringify(err));
}); });
rsaVerifyOptions.inData = rsaSignVerifyStringToUint8Array(rsaSignVerifyInData); rsaVerifyOptions.inData = rsaSignVerifyStringToUint8Array(rsaSignVerifyInData);
await huks.update(rsaSignHandle, rsaVerifyOptions).then(async (data) => { await huks.update(rsaSignHandle, rsaVerifyOptions).then(async (data) => {
console.info(`test update data ${JSON.stringify(data)}`); console.info(`test update data ${JSON.stringify(data)}`);
}).catch((err) => { }).catch((err) => {
console.info('test update err information: ' + err); console.info('test update err information: ' + err);
}); });
rsaVerifyOptions.inData = finishRsaSignData; rsaVerifyOptions.inData = finishRsaSignData;
await huks.finish(rsaSignHandle, rsaVerifyOptions).then((data) => { await huks.finish(rsaSignHandle, rsaVerifyOptions).then((data) => {
console.info(`test finish data: ${JSON.stringify(data)}`); console.info(`test finish data: ${JSON.stringify(data)}`);
}).catch((err) => { }).catch((err) => {
console.info('test finish err information: ' + JSON.stringify(err)); console.info('test finish err information: ' + JSON.stringify(err));
}); });
await huks.deleteKey(srcRsaKeyAliasVerify, rsaVerifyOptions).then((data) => { await huks.deleteKey(srcRsaKeyAliasVerify, rsaVerifyOptions).then((data) => {
console.info(`test deleteKey data: ${JSON.stringify(data)}`); console.info(`test deleteKey data: ${JSON.stringify(data)}`);
}).catch((err) => { }).catch((err) => {
console.info('test deleteKey err information: ' + JSON.stringify(err)); console.info('test deleteKey err information: ' + JSON.stringify(err));
}); });
await huks.deleteKey(srcRsaKeyAliasSign, rsaSignOptions).then((data) => { await huks.deleteKey(srcRsaKeyAliasSign, rsaSignOptions).then((data) => {
console.info(`test deleteKey data: ${JSON.stringify(data)}`); console.info(`test deleteKey data: ${JSON.stringify(data)}`);
}).catch((err) => { }).catch((err) => {
console.info('test deleteKey err information: ' + JSON.stringify(err)); console.info('test deleteKey err information: ' + JSON.stringify(err));
}); });
}
``` ```
### 密钥协商 ### 密钥协商
**功能定义**: 两个或多个实体协商,共同建立会话密钥,任何一个参与者均对结果产生影响,不需要任何可信的第三方(TTP) 两个或多个对象生成会话密钥,通过会话密钥进行交流
**测试流程**:1.生成两个密钥;2.分别导出密钥;3.交叉进行密钥协商 开发步骤如下:
**参数:** 1. 生成两个密钥。
2. 分别导出密钥。
3. 交叉进行密钥协商。
在使用示例前,需要先了解几个预先定义的变量:
| 参数名 | 类型 | 必填 | 说明 | | 参数名 | 类型 | 必填 | 说明 |
| ------------------- | ----------- | ---- | -------------------------------------- | | ------------------- | ----------- | ---- | -------------------------------------- |
| srcKeyAliasFirst | string | 是 | 生成密钥别名。 | | srcKeyAliasFirst | string | 是 | 生成密钥别名。 |
| srcKeyAliasSecond | string | 是 | 生成密钥别名,用于结果对比。 | | srcKeyAliasSecond | string | 是 | 生成密钥别名,用于结果对比。 |
| HuksOptions | HuksOptions | 是 | 用于存放生成key所需TAG。 | | huksOptions | HuksOptions | 是 | 用于存放生成key所需TAG。 |
| finishOptionsFrist | HuksOptions | 是 | 用于存放协商key所需TAG。 | | finishOptionsFrist | HuksOptions | 是 | 用于存放协商key所需TAG。 |
| finishOptionsSecond | HuksOptions | 是 | 用于存放协商key所需TAG,用于结果对比。 | | finishOptionsSecond | HuksOptions | 是 | 用于存放协商key所需TAG,用于结果对比。 |
提示:参数类型可在docs\zh-cn\application-dev\reference\apis\js-apis-huks.md中查看 关于接口的具体信息,可在[API参考文档](..\reference\apis\js-apis-huks.md)中查看。
**示例:** **示例:**
```ets ```ts
/* agree操作支持ECDH、DH、X25519类型的密钥。 /* agree操作支持ECDH、DH、X25519类型的密钥。
* *
* 以下以X25519 256密钥的Promise操作使用为例 * 以下以X25519 256密钥的Promise操作使用为例
...@@ -661,185 +911,193 @@ var agreeX25519InData = 'AgreeX25519TestIndata'; ...@@ -661,185 +911,193 @@ var agreeX25519InData = 'AgreeX25519TestIndata';
var exportKeyFrist; var exportKeyFrist;
var exportKeySecond; var exportKeySecond;
/* 集成生成密钥参数集 */ async function testAgree() {
var properties = new Array(); /* 集成生成密钥参数集 */
properties[0] = { var properties = new Array();
tag: huks.HuksTag.HUKS_TAG_ALGORITHM, properties[0] = {
value: huks.HuksKeyAlg.HUKS_ALG_X25519, tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
} value: huks.HuksKeyAlg.HUKS_ALG_X25519,
properties[1] = { }
tag: huks.HuksTag.HUKS_TAG_PURPOSE, properties[1] = {
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_AGREE, tag: huks.HuksTag.HUKS_TAG_PURPOSE,
} value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_AGREE,
properties[2] = { }
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, properties[2] = {
value: huks.HuksKeySize.HUKS_CURVE25519_KEY_SIZE_256, tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
} value: huks.HuksKeySize.HUKS_CURVE25519_KEY_SIZE_256,
properties[3] = { }
tag: huks.HuksTag.HUKS_TAG_DIGEST, properties[3] = {
value: huks.HuksKeyDigest.HUKS_DIGEST_NONE, tag: huks.HuksTag.HUKS_TAG_DIGEST,
} value: huks.HuksKeyDigest.HUKS_DIGEST_NONE,
properties[4] = { }
tag: huks.HuksTag.HUKS_TAG_PADDING, properties[4] = {
value: huks.HuksKeyPadding.HUKS_PADDING_NONE, tag: huks.HuksTag.HUKS_TAG_PADDING,
} value: huks.HuksKeyPadding.HUKS_PADDING_NONE,
properties[5] = { }
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, properties[5] = {
value: huks.HuksCipherMode.HUKS_MODE_CBC, tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
} value: huks.HuksCipherMode.HUKS_MODE_CBC,
var HuksOptions = { }
properties: properties, var huksOptions = {
inData: new Uint8Array(new Array()) properties: properties,
} inData: new Uint8Array(new Array())
}
/* 1.生成两个密钥并导出 */ /* 1.生成两个密钥并导出 */
await huks.generateKey(srcKeyAliasFirst, HuksOptions).then((data) => { await huks.generateKey(srcKeyAliasFirst, huksOptions).then((data) => {
console.info('test generateKey data = ' + JSON.stringify(data)); console.info('test generateKey data = ' + JSON.stringify(data));
}).catch((err) => { }).catch((err) => {
console.info(`test generateKey err: " + ${JSON.stringify(err)}`); console.info(`test generateKey err: " + ${JSON.stringify(err)}`);
}); });
await huks.generateKey(srcKeyAliasSecond, HuksOptions).then((data) => { await huks.generateKey(srcKeyAliasSecond, huksOptions).then((data) => {
console.info('test generateKey data = ' + JSON.stringify(data)); console.info('test generateKey data = ' + JSON.stringify(data));
}).catch((err) => { }).catch((err) => {
console.info(`test generateKey err: " + ${JSON.stringify(err)}`); console.info(`test generateKey err: " + ${JSON.stringify(err)}`);
}); });
await huks.exportKey(srcKeyAliasFirst, HuksOptions).then((data) => { await huks.exportKey(srcKeyAliasFirst, huksOptions).then((data) => {
console.info('test exportKey data = ' + JSON.stringify(data)); console.info('test exportKey data = ' + JSON.stringify(data));
exportKeyFrist = data.outData; exportKeyFrist = data.outData;
}).catch((err) => { }).catch((err) => {
console.info(`test exportKey err: " + ${JSON.stringify(err)}`); console.info(`test exportKey err: " + ${JSON.stringify(err)}`);
}); });
await huks.exportKey(srcKeyAliasSecond, HuksOptions).then((data) => { await huks.exportKey(srcKeyAliasSecond, huksOptions).then((data) => {
console.info('test exportKey data = ' + JSON.stringify(data)); console.info('test exportKey data = ' + JSON.stringify(data));
exportKeySecond = data.outData; exportKeySecond = data.outData;
}).catch((err) => { }).catch((err) => {
console.info(`test exportKey err: " + ${JSON.stringify(err)}`); console.info(`test exportKey err: " + ${JSON.stringify(err)}`);
}); });
/* 集成第一个协商参数集 */ /* 集成第一个协商参数集 */
var finishProperties = new Array(); var finishProperties = new Array();
finishProperties[0] = { finishProperties[0] = {
tag: huks.HuksTag.HUKS_TAG_KEY_STORAGE_FLAG, tag: huks.HuksTag.HUKS_TAG_KEY_STORAGE_FLAG,
value: huks.HuksKeyStorageType.HUKS_STORAGE_PERSISTENT, value: huks.HuksKeyStorageType.HUKS_STORAGE_PERSISTENT,
} }
finishProperties[1] = { finishProperties[1] = {
tag: huks.HuksTag.HUKS_TAG_IS_KEY_ALIAS, tag: huks.HuksTag.HUKS_TAG_IS_KEY_ALIAS,
value: true value: true
} }
finishProperties[2] = { finishProperties[2] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM, tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES, value: huks.HuksKeyAlg.HUKS_ALG_AES,
} }
finishProperties[3] = { finishProperties[3] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256, value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256,
} }
finishProperties[4] = { finishProperties[4] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE, tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: value:
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT |
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT, huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT,
} }
finishProperties[5] = { finishProperties[5] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST, tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_NONE, value: huks.HuksKeyDigest.HUKS_DIGEST_NONE,
} }
finishProperties[6] = { finishProperties[6] = {
tag: huks.HuksTag.HUKS_TAG_KEY_ALIAS, tag: huks.HuksTag.HUKS_TAG_KEY_ALIAS,
value: AgreeStringToUint8Array(srcKeyAliasFirst+ 'final'), value: AgreeStringToUint8Array(srcKeyAliasFirst+ 'final'),
} }
finishProperties[7] = { finishProperties[7] = {
tag: huks.HuksTag.HUKS_TAG_PADDING, tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_NONE, value: huks.HuksKeyPadding.HUKS_PADDING_NONE,
} }
finishProperties[8] = { finishProperties[8] = {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB, value: huks.HuksCipherMode.HUKS_MODE_ECB,
} }
var finishOptionsFrist = { var finishOptionsFrist = {
properties: finishProperties, properties: finishProperties,
inData: AgreeStringToUint8Array(agreeX25519InData) inData: AgreeStringToUint8Array(agreeX25519InData)
} }
/* 对第一个密钥进行协商 */ /* 对第一个密钥进行协商 */
await huks.init(srcKeyAliasFirst, HuksOptions).then((data) => { await huks.init(srcKeyAliasFirst, huksOptions).then((data) => {
console.info(`test init data: ${JSON.stringify(data)}`); console.info(`test init data: ${JSON.stringify(data)}`);
handle = data.handle; handle = data.handle;
}).catch((err) => { }).catch((err) => {
console.info(`test init err: " + ${JSON.stringify(err)}`); console.info(`test init err: " + ${JSON.stringify(err)}`);
}); });
HuksOptions.inData = exportKeySecond; huksOptions.inData = exportKeySecond;
await huks.update(handle, HuksOptions).then((data) => { await huks.update(handle, huksOptions).then((data) => {
console.info(`test update data: ${JSON.stringify(data)}`); console.info(`test update data: ${JSON.stringify(data)}`);
}).catch((err) => { }).catch((err) => {
console.info(`test update err: " + ${JSON.stringify(err)}`); console.info(`test update err: " + ${JSON.stringify(err)}`);
}); });
await huks.finish(handle, finishOptionsFrist).then((data) => { await huks.finish(handle, finishOptionsFrist).then((data) => {
console.info(`test finish data: ${JSON.stringify(data)}`); console.info(`test finish data: ${JSON.stringify(data)}`);
}).catch((err) => { }).catch((err) => {
console.info('test finish err information: ' + JSON.stringify(err)); console.info('test finish err information: ' + JSON.stringify(err));
}); });
/* 集成第二个协商参数集 */ /* 集成第二个协商参数集 */
var finishOptionsSecond = { var finishOptionsSecond = {
properties: finishProperties, properties: finishProperties,
inData: AgreeStringToUint8Array(agreeX25519InData) inData: AgreeStringToUint8Array(agreeX25519InData)
}
finishOptionsSecond.properties.splice(6, 1, {
tag: huks.HuksTag.HUKS_TAG_KEY_ALIAS,
value: AgreeStringToUint8Array(srcKeyAliasSecond + 'final'),
})
await huks.init(srcKeyAliasSecond, huksOptions).then((data) => {
console.info(`test init data: ${JSON.stringify(data)}`);
handle = data.handle;
}).catch((err) => {
console.info(`test init err: " + ${JSON.stringify(err)}`);
});
/* 对第二个密钥进行协商 */
huksOptions.inData = exportKeyFrist;
await huks.update(handle, huksOptions).then((data) => {
console.info(`test update data: ${JSON.stringify(data)}`);
}).catch((err) => {
console.info(`test update err: " + ${JSON.stringify(err)}`);
});
await huks.finish(handle, finishOptionsSecond).then((data) => {
console.info(`test finish data: ${JSON.stringify(data)}`);
}).catch((err) => {
console.info('test finish err information: ' + JSON.stringify(err));
});
await huks.deleteKey(srcKeyAliasFirst, huksOptions).then((data) => {
console.info(`test deleteKey data: ${JSON.stringify(data)}`);
}).catch((err) => {
console.info('test deleteKey err information: ' + JSON.stringify(err));
});
await huks.deleteKey(srcKeyAliasSecond, huksOptions).then((data) => {
console.info(`test deleteKey data: ${JSON.stringify(data)}`);
}).catch((err) => {
console.info('test deleteKey err information: ' + JSON.stringify(err));
});
} }
finishOptionsSecond.properties.splice(6, 1, {
tag: huks.HuksTag.HUKS_TAG_KEY_ALIAS,
value: AgreeStringToUint8Array(srcKeyAliasSecond + 'final'),
})
await huks.init(srcKeyAliasSecond, HuksOptions).then((data) => {
console.info(`test init data: ${JSON.stringify(data)}`);
handle = data.handle;
}).catch((err) => {
console.info(`test init err: " + ${JSON.stringify(err)}`);
});
/* 对第二个密钥进行协商 */
HuksOptions.inData = exportKeyFrist;
await huks.update(handle, HuksOptions).then((data) => {
console.info(`test update data: ${JSON.stringify(data)}`);
}).catch((err) => {
console.info(`test update err: " + ${JSON.stringify(err)}`);
});
await huks.finish(handle, finishOptionsSecond).then((data) => {
console.info(`test finish data: ${JSON.stringify(data)}`);
}).catch((err) => {
console.info('test finish err information: ' + JSON.stringify(err));
});
await huks.deleteKey(srcKeyAliasFirst, HuksOptions).then((data) => {
console.info(`test deleteKey data: ${JSON.stringify(data)}`);
}).catch((err) => {
console.info('test deleteKey err information: ' + JSON.stringify(err));
});
await huks.deleteKey(srcKeyAliasSecond, HuksOptions).then((data) => {
console.info(`test deleteKey data: ${JSON.stringify(data)}`);
}).catch((err) => {
console.info('test deleteKey err information: ' + JSON.stringify(err));
});
``` ```
### 密钥派生 ### 密钥派生
**功能定义:** 从一个密钥产生出一个或者多个密钥。 从一个密钥产生出一个或者多个密钥。
**测试流程**:1.生成密钥;2.密钥派生 **测试流程**:1.生成密钥;2.密钥派生
**参数:** 开发步骤如下:
1. 生成两个密钥。
2. 分别导出密钥。
3. 交叉进行密钥协商。
在使用示例前,需要先了解几个预先定义的变量:
| 参数名 | 类型 | 必填 | 说明 | | 参数名 | 类型 | 必填 | 说明 |
| ------------- | ----------- | ---- | ---------------- | | ------------- | ----------- | ---- | ---------------- |
| srcKeyAlias | string | 是 | 生成密钥别名。 | | srcKeyAlias | string | 是 | 生成密钥别名。 |
| HuksOptions | HuksOptions | 是 | 生成密钥参数集。 | | huksOptions | HuksOptions | 是 | 生成密钥参数集。 |
| finishOptions | HuksOptions | 是 | 派生密钥参数集。 | | finishOptions | HuksOptions | 是 | 派生密钥参数集。 |
提示:参数类型可在docs\zh-cn\application-dev\reference\apis\js-apis-huks.md中查看 关于接口的具体信息,可在[API参考文档](..\reference\apis\js-apis-huks.md)中查看。
**示例:** **示例:**
```ets ```ts
/* derive操作支持HKDF、pbdkf类型的密钥。 /* derive操作支持HKDF、pbdkf类型的密钥。
* *
* 以下以HKDF256密钥的Promise操作使用为例 * 以下以HKDF256密钥的Promise操作使用为例
...@@ -855,146 +1113,148 @@ function hkdfStringToUint8Array(str) { ...@@ -855,146 +1113,148 @@ function hkdfStringToUint8Array(str) {
var deriveHkdfInData = "deriveHkdfTestIndata"; var deriveHkdfInData = "deriveHkdfTestIndata";
var srcKeyAlias = "deriveHkdfKeyAlias"; var srcKeyAlias = "deriveHkdfKeyAlias";
/* 集成生成密钥参数集 */ async function testDerive() {
var properties = new Array(); /* 集成生成密钥参数集 */
properties[0] = { var properties = new Array();
tag: huks.HuksTag.HUKS_TAG_ALGORITHM, properties[0] = {
value: huks.HuksKeyAlg.HUKS_ALG_AES, tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
} value: huks.HuksKeyAlg.HUKS_ALG_AES,
properties[1] = { }
tag: huks.HuksTag.HUKS_TAG_PURPOSE, properties[1] = {
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DERIVE, tag: huks.HuksTag.HUKS_TAG_PURPOSE,
} value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DERIVE,
properties[2] = { }
tag: huks.HuksTag.HUKS_TAG_DIGEST, properties[2] = {
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256, tag: huks.HuksTag.HUKS_TAG_DIGEST,
} value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256,
properties[3] = { }
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, properties[3] = {
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128, tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
} value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128,
var HuksOptions = { }
properties: properties, var huksOptions = {
inData: new Uint8Array(new Array()) properties: properties,
} inData: new Uint8Array(new Array())
}
/* 生成密钥 */ /* 生成密钥 */
await huks.generateKey(srcKeyAlias, HuksOptions).then((data) => { await huks.generateKey(srcKeyAlias, huksOptions).then((data) => {
console.info('test generateKey data = ' + JSON.stringify(data)); console.info('test generateKey data = ' + JSON.stringify(data));
}).catch((err) => { }).catch((err) => {
console.info(`test init err: " + ${JSON.stringify(data)}`); console.info(`test init err: " + ${JSON.stringify(data)}`);
}); });
/* 调整init时的参数集 */
HuksOptions.properties.splice(0, 1, {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_HKDF,
});
HuksOptions.properties.splice(3, 1, {
tag: huks.HuksTag.HUKS_TAG_DERIVE_KEY_SIZE,
value: HuksKeyDERIVEKEYSIZE,
});
var finishProperties = new Array();
finishProperties[0] = {
tag: huks.HuksTag.HUKS_TAG_KEY_STORAGE_FLAG,
value: huks.HuksKeyStorageType.HUKS_STORAGE_PERSISTENT,
}
finishProperties[1] = {
tag: huks.HuksTag.HUKS_TAG_IS_KEY_ALIAS,
value: true,
}
finishProperties[2] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES,
}
finishProperties[3] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256,
}
finishProperties[4] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value:
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT |
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT,
}
finishProperties[5] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_NONE,
}
finishProperties[6] = {
// @ts-ignore
tag: huks.HuksTag.HUKS_TAG_KEY_ALIAS,
value: stringToUint8Array(srcKeyAlias),
}
finishProperties[7] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_NONE,
}
finishProperties[8] = {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB,
}
var finishOptions = {
properties: finishProperties,
inData: new Uint8Array(new Array())
}
/* 进行派生操作 */ /* 调整init时的参数集 */
await huks.init(srcKeyAlias, HuksOptions).then((data) => { huksOptions.properties.splice(0, 1, {
console.log(`test init data: ${JSON.stringify(data)}`); tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
handle = data.handle; value: huks.HuksKeyAlg.HUKS_ALG_HKDF,
}).catch((err) => { });
console.log(`test init err: " + ${JSON.stringify(err)}`); huksOptions.properties.splice(3, 1, {
}); tag: huks.HuksTag.HUKS_TAG_DERIVE_KEY_SIZE,
HuksOptions.inData = hkdfStringToUint8Array(deriveHkdfInData); value: HuksKeyDERIVEKEYSIZE,
await huks.update(handle, HuksOptions).then((data) => { });
console.log(`test update data: ${JSON.stringify(data)}`);
}).catch((err) => { var finishProperties = new Array();
console.log(`test update err: " + ${JSON.stringify(err)}`); finishProperties[0] = {
}); tag: huks.HuksTag.HUKS_TAG_KEY_STORAGE_FLAG,
await huks.finish(handle, finishOptions).then((data) => { value: huks.HuksKeyStorageType.HUKS_STORAGE_PERSISTENT,
console.log(`test finish data: ${JSON.stringify(data)}`); }
}).catch((err) => { finishProperties[1] = {
console.log('test finish err information: ' + JSON.stringify(err)); tag: huks.HuksTag.HUKS_TAG_IS_KEY_ALIAS,
}); value: true,
}
HuksOptions.properties.splice(0, 1, { finishProperties[2] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM, tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES, value: huks.HuksKeyAlg.HUKS_ALG_AES,
}); }
HuksOptions.properties.splice(3, 1, { finishProperties[3] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128, value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256,
}); }
finishProperties[4] = {
await huks.deleteKey(srcKeyAlias, HuksOptions).then((data) => { tag: huks.HuksTag.HUKS_TAG_PURPOSE,
console.log(`test deleteKey data: ${JSON.stringify(data)}`); value:
}).catch((err) => { huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT |
console.log('test deleteKey err information: ' + JSON.stringify(err)); huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT,
}); }
finishProperties[5] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_NONE,
}
finishProperties[6] = {
tag: huks.HuksTag.HUKS_TAG_KEY_ALIAS,
value: stringToUint8Array(srcKeyAlias),
}
finishProperties[7] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_NONE,
}
finishProperties[8] = {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB,
}
var finishOptions = {
properties: finishProperties,
inData: new Uint8Array(new Array())
}
/* 进行派生操作 */
await huks.init(srcKeyAlias, huksOptions).then((data) => {
console.log(`test init data: ${JSON.stringify(data)}`);
handle = data.handle;
}).catch((err) => {
console.log(`test init err: " + ${JSON.stringify(err)}`);
});
huksOptions.inData = hkdfStringToUint8Array(deriveHkdfInData);
await huks.update(handle, huksOptions).then((data) => {
console.log(`test update data: ${JSON.stringify(data)}`);
}).catch((err) => {
console.log(`test update err: " + ${JSON.stringify(err)}`);
});
await huks.finish(handle, finishOptions).then((data) => {
console.log(`test finish data: ${JSON.stringify(data)}`);
}).catch((err) => {
console.log('test finish err information: ' + JSON.stringify(err));
});
huksOptions.properties.splice(0, 1, {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES,
});
huksOptions.properties.splice(3, 1, {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128,
});
await huks.deleteKey(srcKeyAlias, huksOptions).then((data) => {
console.log(`test deleteKey data: ${JSON.stringify(data)}`);
}).catch((err) => {
console.log('test deleteKey err information: ' + JSON.stringify(err));
});
}
``` ```
### 密钥mac ### 密钥mac
**功能定义**:消息认证码是基于密钥和消息摘要所获得的一个值,可用于数据源发认证和完整性校验 基于密钥数据进行mac摘要所获得的一个哈希值
**系统能力**:SystemCapability.Security.Huks 开发步骤如下:
**测试流程**:1.生成密钥;2.密钥mac 1. 生成密钥。
2. 密钥mac。
**参数:** 在使用示例前,需要先了解几个预先定义的变量:
| 参数名 | 类型 | 必填 | 说明 | | 参数名 | 类型 | 必填 | 说明 |
| ----------- | ----------- | ---- | -------------- | | ----------- | ----------- | ---- | -------------- |
| srcKeyAlias | string | 是 | 生成密钥别名。 | | srcKeyAlias | string | 是 | 生成密钥别名。 |
| HuksOptions | HuksOptions | 是 | 密钥参数集。 | | huksOptions | HuksOptions | 是 | 密钥参数集。 |
提示:参数类型可在docs\zh-cn\application-dev\reference\apis\js-apis-huks.md中查看 关于接口的具体信息,可在[API参考文档](..\reference\apis\js-apis-huks.md)中查看。
**示例:** **示例:**
```ets ```ts
/* mac操作支持HMAC、SM3类型的密钥。 /* mac操作支持HMAC、SM3类型的密钥。
* *
* 以下以SM3 256密钥的Promise操作使用为例 * 以下以SM3 256密钥的Promise操作使用为例
...@@ -1011,95 +1271,100 @@ var srcKeyAlias = "sm3KeyAlias"; ...@@ -1011,95 +1271,100 @@ var srcKeyAlias = "sm3KeyAlias";
var hmacInData = 'sm3TestIndata'; var hmacInData = 'sm3TestIndata';
var handle; var handle;
/* 集成生成密钥参数集 */ async function testMac() {
var properties = new Array(); /* 集成生成密钥参数集 */
properties[0] = { var properties = new Array();
tag: huks.HuksTag.HUKS_TAG_ALGORITHM, properties[0] = {
value: huks.HuksKeyAlg.HUKS_ALG_SM3, tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
} value: huks.HuksKeyAlg.HUKS_ALG_SM3,
properties[1] = { }
tag: huks.HuksTag.HUKS_TAG_PURPOSE, properties[1] = {
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_MAC, tag: huks.HuksTag.HUKS_TAG_PURPOSE,
} value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_MAC,
properties[2] = { }
tag: huks.HuksTag.HUKS_TAG_DIGEST, properties[2] = {
value: huks.HuksKeyDigest.HUKS_DIGEST_SM3, tag: huks.HuksTag.HUKS_TAG_DIGEST,
} value: huks.HuksKeyDigest.HUKS_DIGEST_SM3,
properties[3] = { }
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, properties[3] = {
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256, tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
} value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256,
var HuksOptions = { }
properties:properties, var huksOptions = {
inData:new Uint8Array(new Array()) properties:properties,
} inData:new Uint8Array(new Array())
}
/* 生成密钥 */ /* 生成密钥 */
await huks.generateKey(srcKeyAlias, HuksOptions).then((data) => { await huks.generateKey(srcKeyAlias, huksOptions).then((data) => {
console.info('test generateKey data = ' + JSON.stringify(data)); console.info('test generateKey data = ' + JSON.stringify(data));
}).catch((err) => { }).catch((err) => {
console.info(`test init err: " + ${JSON.stringify(err)}`); console.info(`test init err: " + ${JSON.stringify(err)}`);
}); });
/* 修改init时的参数集并进行mac操作 */ /* 修改init时的参数集并进行mac操作 */
HuksOptions.properties.splice(3, 3); huksOptions.properties.splice(3, 3);
await huks.init(srcKeyAlias, HuksOptions).then((data) => { await huks.init(srcKeyAlias, huksOptions).then((data) => {
console.info(`test init data: ${JSON.stringify(data)}`); console.info(`test init data: ${JSON.stringify(data)}`);
handle = data.handle; handle = data.handle;
}).catch((err) => { }).catch((err) => {
console.info(`test init err: " + ${JSON.stringify(err)}`); console.info(`test init err: " + ${JSON.stringify(err)}`);
}); });
HuksOptions.inData = macStringToUint8Array(hmacInData); huksOptions.inData = macStringToUint8Array(hmacInData);
await huks.update(handle, HuksOptions).then((data) => { await huks.update(handle, huksOptions).then((data) => {
console.info(`test init data: ${JSON.stringify(data)}`); console.info(`test init data: ${JSON.stringify(data)}`);
}).catch((err) => { }).catch((err) => {
console.info(`test init err: " + ${JSON.stringify(err)}`); console.info(`test init err: " + ${JSON.stringify(err)}`);
}); });
HuksOptions.inData = new Uint8Array(new Array()); huksOptions.inData = new Uint8Array(new Array());
await huks.finish(handle, HuksOptions).then((data) => { await huks.finish(handle, huksOptions).then((data) => {
console.info(`test update data: ${JSON.stringify(data)}`); console.info(`test update data: ${JSON.stringify(data)}`);
}).catch((err) => { }).catch((err) => {
console.info('test update err information: ' + JSON.stringify(err)); console.info('test update err information: ' + JSON.stringify(err));
}); });
HuksOptions.properties.splice(1, 0, { huksOptions.properties.splice(1, 0, {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256, value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256,
}); });
await huks.deleteKey(srcKeyAlias, HuksOptions).then((data) => { await huks.deleteKey(srcKeyAlias, huksOptions).then((data) => {
console.info(`test deleteKey data: ${JSON.stringify(data)}`); console.info(`test deleteKey data: ${JSON.stringify(data)}`);
}).catch((err) => { }).catch((err) => {
console.info('test deleteKey err information: ' + JSON.stringify(err)); console.info('test deleteKey err information: ' + JSON.stringify(err));
}); });
}
``` ```
### AttestID ### AttestID
**功能定义**:测试获取udid等证书信息,并打印相关信息。 测试获取udid等证书信息,并打印相关信息。
开发步骤如下:
**测试流程**:1.生成证书;2.获取证书信息 1. 生成证书。
2. 获取证书信息。
**参数:** 在使用示例前,需要先了解几个预先定义的变量:
| 参数名 | 类型 | 必填 | 说明 | | 参数名 | 类型 | 必填 | 说明 |
| -------- | ----------- | ---- | ------------------------------------ | | -------- | ----------- | ---- | ------------------------------------ |
| keyAlias | string | 是 | 密钥别名,存放待获取证书密钥的别名。 | | keyAlias | string | 是 | 密钥别名,存放待获取证书密钥的别名。 |
| options | HuksOptions | 是 | 用于获取证书时指定所需参数与数据。 | | options | HuksOptions | 是 | 用于获取证书时指定所需参数与数据。 |
提示:参数类型可在docs\zh-cn\application-dev\reference\apis\js-apis-huks.md中查看 关于接口的具体信息,可在[API参考文档](..\reference\apis\js-apis-huks.md)中查看。
**示例:** **示例:**
```ets ```ts
/* 证书AttestID操作示例如下*/ /* 证书AttestID操作示例如下*/
function stringToUint8Array(str) { function stringToUint8Array(str) {
var arr = []; var arr = [];
for (var i = 0, j = str.length; i < j; ++i) { for (var i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i)); arr.push(str.charCodeAt(i));
} }
var tmpUint8Array = new Uint8Array(arr); var tmpUint8Array = new Uint8Array(arr);
return tmpUint8Array; return tmpUint8Array;
} }
function printLog(...data) { function printLog(...data) {
...@@ -1121,12 +1386,12 @@ function generateKey(alias) { ...@@ -1121,12 +1386,12 @@ function generateKey(alias) {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM, tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA value: huks.HuksKeyAlg.HUKS_ALG_RSA
}; };
properties[1] = { properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_STORAGE_FLAG, tag: huks.HuksTag.HUKS_TAG_KEY_STORAGE_FLAG,
value: huks.HuksKeyStorageType.HUKS_STORAGE_PERSISTENT value: huks.HuksKeyStorageType.HUKS_STORAGE_PERSISTENT
}; };
properties[2] = { properties[2] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
}; };
properties[3] = { properties[3] = {
...@@ -1202,30 +1467,33 @@ async function attestId() { ...@@ -1202,30 +1467,33 @@ async function attestId() {
### AttestKey ### AttestKey
**功能定义**测试获取密钥证书,并打印相关信息。 测试获取密钥证书,并打印相关信息。
**测试流程**:1.生成证书;2.获取证书信息 开发步骤如下:
**参数:** 1. 生成证书。
2. 获取证书信息。
在使用示例前,需要先了解几个预先定义的变量:
| 参数名 | 类型 | 必填 | 说明 | | 参数名 | 类型 | 必填 | 说明 |
| -------- | ----------- | ---- | ------------------------------------ | | -------- | ----------- | ---- | ------------------------------------ |
| keyAlias | string | 是 | 密钥别名,存放待获取证书密钥的别名。 | | keyAlias | string | 是 | 密钥别名,存放待获取证书密钥的别名。 |
| options | HuksOptions | 是 | 用于获取证书时指定所需参数与数据。 | | options | HuksOptions | 是 | 用于获取证书时指定所需参数与数据。 |
提示:参数类型可在docs\zh-cn\application-dev\reference\apis\js-apis-huks.md中查看 关于接口的具体信息,可在[API参考文档](..\reference\apis\js-apis-huks.md)中查看。
**示例:** **示例:**
```ets ```ts
/* 证书AttestKey操作示例如下*/ /* 证书AttestKey操作示例如下*/
function stringToUint8Array(str) { function stringToUint8Array(str) {
var arr = []; var arr = [];
for (var i = 0, j = str.length; i < j; ++i) { for (var i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i)); arr.push(str.charCodeAt(i));
} }
var tmpUint8Array = new Uint8Array(arr); var tmpUint8Array = new Uint8Array(arr);
return tmpUint8Array; return tmpUint8Array;
} }
function printLog(...data) { function printLog(...data) {
...@@ -1239,24 +1507,24 @@ let keyAliasString = "key attest"; ...@@ -1239,24 +1507,24 @@ let keyAliasString = "key attest";
/* 集成生成密钥参数集 & 生成密钥 */ /* 集成生成密钥参数集 & 生成密钥 */
function generateKey(alias) { function generateKey(alias) {
let properties = new Array(); let properties = new Array();
properties[0] = { properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM, tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA value: huks.HuksKeyAlg.HUKS_ALG_RSA
}; };
properties[1] = { properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_STORAGE_FLAG, tag: huks.HuksTag.HUKS_TAG_KEY_STORAGE_FLAG,
value: huks.HuksKeyStorageType.HUKS_STORAGE_PERSISTENT value: huks.HuksKeyStorageType.HUKS_STORAGE_PERSISTENT
}; };
properties[2] = { properties[2] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
}; };
properties[3] = { properties[3] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE, tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
}; };
properties[4] = { properties[4] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST, tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
}; };
...@@ -1310,5 +1578,4 @@ async function attestKey() { ...@@ -1310,5 +1578,4 @@ async function attestKey() {
} }
``` ```
###
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册