Merge remote-tracking branch 'upstream/master'

7d7df643 · jiangminsen · e3cf154a · 6b64e519 · 7d7df643 · 7d7df643
13 changed file
--- a/en/application-dev/reference/apis/Readme-EN.md
+++ b/en/application-dev/reference/apis/Readme-EN.md
@@ -268,7 +268,7 @@
  - [@ohos.request (Upload and Download)](js-apis-request.md)
 - Connectivity
-  - [@ohos.bluetooth (Bluetooth)](js-apis-bluetooth.md)
+  - [@ohos.bluetoothManager (Bluetooth)(js-apis-bluetoothManager.md)
  - [@ohos.connectedTag (Active Tags)](js-apis-connectedTag.md)
  - [@ohos.nfc.cardEmulation (Standard NFC Card Emulation)](js-apis-cardEmulation.md)
  - [@ohos.nfc.controller (Standard NFC)](js-apis-nfcController.md)
@@ -392,6 +392,7 @@
 - APIs No Longer Maintained
  - [@ohos.backgroundTaskManager (Background Task Management)](js-apis-backgroundTaskManager.md)
+  - [@ohos.bluetooth (Bluetooth)](js-apis-bluetooth.md)
  - [@ohos.bundle (Bundle)](js-apis-Bundle.md)
  - [@ohos.bundle.innerBundleManager (innerBundleManager)](js-apis-Bundle-InnerBundleManager.md)
  - [@ohos.bundleState (Device Usage Statistics)](js-apis-deviceUsageStatistics.md)

--- a/en/application-dev/reference/apis/js-apis-bluetooth.md
+++ b/en/application-dev/reference/apis/js-apis-bluetooth.md
--- a/en/application-dev/reference/apis/js-apis-bluetoothManager.md
+++ b/en/application-dev/reference/apis/js-apis-bluetoothManager.md
--- a/en/application-dev/reference/apis/js-apis-fileio.md
+++ b/en/application-dev/reference/apis/js-apis-fileio.md
--- a/en/application-dev/reference/apis/js-apis-system-bluetooth.md
+++ b/en/application-dev/reference/apis/js-apis-system-bluetooth.md
@@ -22,7 +22,6 @@ Scans for Bluetooth Low Energy (BLE) devices nearby. This operation consumes sys
 **System capability**: SystemCapability.Communication.Bluetooth.Lite
 **Parameters**
 **Table 1** StartBLEScanOptions
 | Name| Type| Mandatory| Description|
@@ -57,7 +56,6 @@ Stops scanning for BLE devices nearby. This API is used with [bluetooth.startBLE
 **System capability**: SystemCapability.Communication.Bluetooth.Lite
 **Parameters**
 **Table 2** StopBLEScanOptions
 | Name| Type| Mandatory| Description|

--- a/en/application-dev/reference/errorcodes/Readme-EN.md
+++ b/en/application-dev/reference/errorcodes/Readme-EN.md
@@ -57,10 +57,11 @@
  - [Network Sharing Error Codes](errorcode-net-sharing.md)
  - [Policy Management Error Codes](errorcode-net-policy.md)
 - Connectivity
-  - [Wi-Fi Error Codes](errorcode-wifi.md)
+  - [Bluetooth Error Codes](errorcode-bluetoothManager.md)
+  - [Wi-Fi Error Codes](errorcode-wifi.md)  
  - [NFC Error Codes](errorcode-nfc.md)
  - [RPC Error Codes](errorcode-rpc.md)
- Basic Features
+ - Basic Features
  - [Accessibility Error Codes](errorcode-accessibility.md)
  - [FaultLogger Error Codes](errorcode-faultlogger.md)
  - [Application Event Logging Error Codes](errorcode-hiappevent.md)

--- a/en/application-dev/reference/errorcodes/errorcode-bluetoothManager.md
+++ b/en/application-dev/reference/errorcodes/errorcode-bluetoothManager.md
+# Bluetooth Error Codes
+> **NOTE**
+>
+> This topic describes only module-specific error codes. For details about universal error codes, see [Universal Error Codes](errorcode-universal.md).
+## 2900001
+**Error Message**
+Service stopped.
+**Description**
+The Bluetooth service is stopped, and the APIs related to the Bluetooth service cannot be called.
+**Possible Causes**
+The Bluetooth service fails to start.
+**Solution**
+Start the Bluetooth service.
+## 2900003
+**Error Message**
+Bluetooth switch is off.
+**Description**
+Bluetooth is disabled.
+**Possible Causes**
+Bluetooth is disabled.
+**Solution**
+Enable Bluetooth.
+## 2900004
+**Error Message**
+Profile is not supported.
+**Description**
+The profile is not supported.
+**Possible Causes**
+The profile is not supported by the device.
+**Solution**
+Check whether the device supports the profile. Use a profile supported by the device.
+## 2900099
+**Error Message**
+Operation failed.
+**Description**
+The operation failed.
+**Possible Causes**
+The profile is not supported by the device.
+**Solution**
+Perform this operation again.
+## 2901000
+**Error Message**
+Read forbidden.
+**Description**
+The read operation is not allowed.
+**Possible Causes**
+The caller does not have the read permission.
+**Solution**
+Check whether the caller has the read permission.
+## 2901001
+**Error Message**
+Write forbidden.
+**Description**
+The write operation is not allowed.
+**Possible Causes**
+The caller does not have the write permission.
+**Solution**
+Check whether the caller has the write permission.
+## 2901054
+**Error Message**
+IO error.
+**Description**
+The I/O operation failed.
+**Possible Causes**
+The I/O transmission is abnormal.
+**Solution**
+Perform this operation again.
--- a/zh-cn/application-dev/reference/apis/Readme-CN.md
+++ b/zh-cn/application-dev/reference/apis/Readme-CN.md
@@ -352,6 +352,7 @@
 - 定制管理
  - [@ohos.configPolicy (配置策略)](js-apis-configPolicy.md)
  - [@ohos.enterprise.accountManager (帐户管理)](js-apis-enterprise-accountManager.md)
+  - [@ohos.enterprise.bundleManager (包管理)](js-apis-enterprise-bundleManager.md)
  - [@ohos.enterprise.adminManager (企业设备管理)](js-apis-enterprise-adminManager.md)
  - [@ohos.enterprise.dateTimeManager (系统时间管理)](js-apis-enterprise-dateTimeManager.md)
  - [@ohos.enterprise.deviceControl (设备控制管理)](js-apis-enterprise-deviceControl.md)

--- a/zh-cn/application-dev/reference/apis/js-apis-avsession.md
+++ b/zh-cn/application-dev/reference/apis/js-apis-avsession.md
@@ -441,8 +441,9 @@ castAudio(session: SessionToken | 'all', audioDevices: Array<audio.AudioDeviceDe
 import audio from '@ohos.multimedia.audio';
 let audioManager = audio.getAudioManager();
+let audioRoutingManager = audioManager.getRoutingManager();
 let audioDevices;
-await audioManager.getDevices(audio.DeviceFlag.OUTPUT_DEVICES_FLAG).then((data) => {
+await audioRoutingManager.getDevices(audio.DeviceFlag.OUTPUT_DEVICES_FLAG).then((data) => {
    audioDevices = data;
    console.info('Promise returned to indicate that the device list is obtained.');
 }).catch((err) => {
@@ -493,8 +494,9 @@ castAudio(session: SessionToken | 'all', audioDevices: Array<audio.AudioDeviceDe
 import audio from '@ohos.multimedia.audio';
 let audioManager = audio.getAudioManager();
+let audioRoutingManager = audioManager.getRoutingManager();
 let audioDevices;
-await audioManager.getDevices(audio.DeviceFlag.OUTPUT_DEVICES_FLAG).then((data) => {
+await audioRoutingManager.getDevices(audio.DeviceFlag.OUTPUT_DEVICES_FLAG).then((data) => {
    audioDevices = data;
    console.info('Promise returned to indicate that the device list is obtained.');
 }).catch((err) => {

--- a/zh-cn/application-dev/reference/apis/js-apis-enterprise-bundleManager.md
+++ b/zh-cn/application-dev/reference/apis/js-apis-enterprise-bundleManager.md
+# @ohos.enterprise.bundleManager（包管理）
+本模块提供包管理能力，包括添加包安装白名单、获取包安装白名单、移除包安装白名单等。仅企业设备管理员应用才能调用。
+> **说明：**
+>
+> 本模块首批接口从API version 10开始支持。后续版本的新增接口，采用上角标单独标记接口的起始版本。
+## 导入模块
+```js
+import bundleManager from '@ohos.enterprise.bundleManager';
+```
+## bundleManager.addAllowedInstallBundles
+addAllowedInstallBundles(admin: Want, appIds: Array\<string>, callback: AsyncCallback&lt;void&gt;): void;
+添加包安装白名单接口，使用callback异步回调。
+**需要权限：** ohos.permission.ENTERPRISE_SET_BUNDLE_INSTALL_POLICY
+**系统能力：** SystemCapability.Customization.EnterpriseDeviceManager
+**系统API**: 此接口为系统接口。
+**参数：**
+| 参数      | 类型                                       | 必填   | 说明                       |
+| -------- | ---------------------------------------- | ---- | ------------------------------- |
+| admin    | [Want](js-apis-app-ability-want.md)     | 是    | 设备管理员应用                  |
+| appIds    | Array&lt;string&gt;                | 是    | 允许安装包的白名单                  |
+| callback | AsyncCallback&lt;void&gt;            | 是    | 回调函数。当接口调用成功err为null，否则为错误对象。 |
+**错误码**：
+以下的错误码的详细介绍请参见[企业设备管理错误码](../errorcodes/errorcode-enterpriseDeviceManager.md)
+| 错误码ID | 错误信息                                                                       |          
+| ------- | ---------------------------------------------------------------------------- |
+| 9200003 | the administrator ability component is invalid.                              |
+| 9200007 | the system ability work abnormally.                                          |
+**示例：**
+```js
+let wantTemp = {
+    bundleName: "com.example.myapplication",
+    abilityName: "EntryAbility",
+};
+let appIds = {"com.example.myapplication"};
+bundleManager.AddAllowedInstallBundles(wantTemp, appIds, (error) => {
+    if (error != null) {
+        console.log("error code:" + error.code + " error message:" + error.message);
+    }
+});
+```
+## bundleManager.addAllowedInstallBundles
+addAllowedInstallBundles(admin: Want, appIds: Array\<string>, userId: number, callback: AsyncCallback&lt;void&gt;): void;
+添加包安装白名单接口，使用callback异步回调。
+**需要权限：** ohos.permission.ENTERPRISE_SET_BUNDLE_INSTALL_POLICY
+**系统能力：** SystemCapability.Customization.EnterpriseDeviceManager
+**系统API**: 此接口为系统接口。
+**参数：**
+| 参数   | 类型                                  | 必填   | 说明      |
+| ----- | ----------------------------------- | ---- | ------- |
+| admin    | [Want](js-apis-app-ability-want.md)     | 是    | 设备管理员应用                  |
+| appIds    | Array&lt;string&gt;                | 是    | 允许安装包的白名单                  |
+| userId     | number                             | 是    | 用户ID。默认值：调用方所在用户，取值范围：大于等于0。 |
+| callback | AsyncCallback&lt;void&gt;            | 是    | 回调函数。当接口调用成功err为null，否则为错误对象。 |
+**错误码**：
+以下的错误码的详细介绍请参见[企业设备管理错误码](../errorcodes/errorcode-enterpriseDeviceManager.md)
+| 错误码ID | 错误信息                                                                     |          
+| ------- | ---------------------------------------------------------------------------- |
+| 9200003 | the administrator ability component is invalid.                              |
+| 9200007 | the system ability work abnormally.                                          |
+**示例：**
+```js
+let wantTemp = {
+    bundleName: "com.example.myapplication",
+    abilityName: "EntryAbility",
+};
+let appIds = {"com.example.myapplication"};
+bundleManager.AddAllowedInstallBundles(wantTemp, appIds, 100, (error) => {
+    if (error != null) {
+        console.log("error code:" + error.code + " error message:" + error.message);
+    }
+});
+```
+## bundleManager.addAllowedInstallBundles
+addAllowedInstallBundles(admin: Want, appIds: Array\<string>, userId?: number): Promise&lt;void&gt;;
+添加包安装白名单接口，使用promise异步回调。
+**需要权限：** ohos.permission.ENTERPRISE_SET_BUNDLE_INSTALL_POLICY
+**系统能力：** SystemCapability.Customization.EnterpriseDeviceManager
+**系统API**: 此接口为系统接口。
+**参数：**
+| 参数   | 类型                                  | 必填   | 说明      |
+| ----- | ----------------------------------- | ---- | ------- |
+| admin    | [Want](js-apis-app-ability-want.md)     | 是    | 设备管理员应用                  |
+| appIds    | Array&lt;string&gt;                | 是    | 允许安装包的白名单                  |
+| userId     | number                             | 否    | 用户ID。默认值：调用方所在用户，取值范围：大于等于0。 |
+**返回值：**
+| 类型                   | 说明                      |
+| --------------------- | ------------------------- |
+| Promise&lt;void&gt; | 无返回结果的Promise对象。  |
+**错误码**：
+以下的错误码的详细介绍请参见[企业设备管理错误码](../errorcodes/errorcode-enterpriseDeviceManager.md)
+| 错误码ID | 错误信息                                                                     |          
+| ------- | ---------------------------------------------------------------------------- |
+| 9200003 | the administrator ability component is invalid.                              |
+| 9200007 | the system ability work abnormally.                                          |
+**示例：**
+```js
+let wantTemp = {
+    bundleName: "com.example.myapplication",
+    abilityName: "EntryAbility",
+};
+let appIds = {"com.example.myapplication"};
+bundleManager.addAllowedInstallBundles(wantTemp, appIds, 100).then(() => {
+    console.log("success");
+}).catch(error => {
+    console.log("error code:" + error.code + " error message:" + error.message);
+});
+```
+## bundleManager.removeAllowedInstallBundles
+removeAllowedInstallBundles(admin: Want, appIds: Array\<string>, callback: AsyncCallback&lt;void&gt;): void;
+移除包安装白名单接口，使用callback异步回调。
+**需要权限：** ohos.permission.ENTERPRISE_SET_BUNDLE_INSTALL_POLICY
+**系统能力：** SystemCapability.Customization.EnterpriseDeviceManager
+**系统API**: 此接口为系统接口。
+**参数：**
+| 参数      | 类型                                       | 必填   | 说明                       |
+| -------- | ---------------------------------------- | ---- | ------------------------------- |
+| admin    | [Want](js-apis-app-ability-want.md)     | 是    | 设备管理员应用                  |
+| appIds    | Array&lt;string&gt;                | 是    | 移除允许安装包的白名单                  |
+| callback | AsyncCallback&lt;void&gt;            | 是    | 回调函数。当接口调用成功err为null，否则为错误对象。 |
+**错误码**：
+以下的错误码的详细介绍请参见[企业设备管理错误码](../errorcodes/errorcode-enterpriseDeviceManager.md)
+| 错误码ID | 错误信息                                                                       |          
+| ------- | ---------------------------------------------------------------------------- |
+| 9200003 | the administrator ability component is invalid.                              |
+| 9200007 | the system ability work abnormally.                                          |
+**示例：**
+```js
+let wantTemp = {
+    bundleName: "com.example.myapplication",
+    abilityName: "EntryAbility",
+};
+let appIds = {"com.example.myapplication"};
+bundleManager.removeAllowedInstallBundles(wantTemp, appIds, (error) => {
+    if (error != null) {
+        console.log("error code:" + error.code + " error message:" + error.message);
+    }
+});
+```
+## bundleManager.removeAllowedInstallBundles
+removeAllowedInstallBundles(admin: Want, appIds: Array\<string>, userId: number, callback: AsyncCallback&lt;void&gt;): void;
+移除包安装白名单接口，使用callback异步回调。
+**需要权限：** ohos.permission.ENTERPRISE_SET_BUNDLE_INSTALL_POLICY
+**系统能力：** SystemCapability.Customization.EnterpriseDeviceManager
+**系统API**: 此接口为系统接口。
+**参数：**
+| 参数   | 类型                                  | 必填   | 说明      |
+| ----- | ----------------------------------- | ---- | ------- |
+| admin    | [Want](js-apis-app-ability-want.md)     | 是    | 设备管理员应用                  |
+| appIds    | Array&lt;string&gt;                | 是    | 允许安装包的白名单                  |
+| userId     | number                             | 是    | 用户ID。默认值：调用方所在用户，取值范围：大于等于0。 |
+| callback | AsyncCallback&lt;void&gt;            | 是    | 回调函数。当接口调用成功err为null，否则为错误对象。 |
+**错误码**：
+以下的错误码的详细介绍请参见[企业设备管理错误码](../errorcodes/errorcode-enterpriseDeviceManager.md)
+| 错误码ID | 错误信息                                                                     |          
+| ------- | ---------------------------------------------------------------------------- |
+| 9200003 | the administrator ability component is invalid.                              |
+| 9200007 | the system ability work abnormally.                                          |
+**示例：**
+```js
+let wantTemp = {
+    bundleName: "com.example.myapplication",
+    abilityName: "EntryAbility",
+};
+let appIds = {"com.example.myapplication"};
+bundleManager.removeAllowedInstallBundles(wantTemp, appIds, 100, (error) => {
+    if (error != null) {
+        console.log("error code:" + error.code + " error message:" + error.message);
+    }
+});
+```
+## bundleManager.removeAllowedInstallBundles
+removeAllowedInstallBundles(admin: Want, appIds: Array\<string>, userId?: number): Promise&lt;void&gt;;
+移除包安装白名单接口，使用promise异步回调。
+**需要权限：** ohos.permission.ENTERPRISE_SET_BUNDLE_INSTALL_POLICY
+**系统能力：** SystemCapability.Customization.EnterpriseDeviceManager
+**系统API**: 此接口为系统接口。
+**参数：**
+| 参数   | 类型                                  | 必填   | 说明      |
+| ----- | ----------------------------------- | ---- | ------- |
+| admin    | [Want](js-apis-app-ability-want.md)     | 是    | 设备管理员应用                  |
+| appIds    | Array\&lt;string&gt;                | 是    | 允许安装包的白名单                  |
+| userId     | number                             | 否    | 用户ID。默认值：调用方所在用户，取值范围：大于等于0。 |
+**返回值：**
+| 类型                   | 说明                      |
+| --------------------- | ------------------------- |
+| Promise&lt;void&gt; | 无返回结果的Promise对象。  |
+**错误码**：
+以下的错误码的详细介绍请参见[企业设备管理错误码](../errorcodes/errorcode-enterpriseDeviceManager.md)
+| 错误码ID | 错误信息                                                                     |          
+| ------- | ---------------------------------------------------------------------------- |
+| 9200003 | the administrator ability component is invalid.                              |
+| 9200007 | the system ability work abnormally.                                          |
+**示例：**
+```js
+let wantTemp = {
+    bundleName: "com.example.myapplication",
+    abilityName: "EntryAbility",
+};
+let appIds = {"com.example.myapplication"};
+bundleManager.removeAllowedInstallBundles(wantTemp, appIds, 100).then(() => {
+    console.log("success");
+}).catch(error => {
+    console.log("error code:" + error.code + " error message:" + error.message);
+});
+```
+## bundleManager.getAllowedInstallBundles
+getAllowedInstallBundles(admin: Want, userId: number, callback: AsyncCallback&lt;Array&lt;string&gt;&gt;): void;
+获取包安装白名单接口，使用callback异步回调。
+**需要权限：** ohos.permission.ENTERPRISE_SET_BUNDLE_INSTALL_POLICY
+**系统能力：** SystemCapability.Customization.EnterpriseDeviceManager
+**系统API**: 此接口为系统接口。
+**参数：**
+| 参数      | 类型                                       | 必填   | 说明                       |
+| -------- | ---------------------------------------- | ---- | ------------------------------- |
+| admin    | [Want](js-apis-app-ability-want.md)     | 是    | 设备管理员应用                  |
+| userId     | number                             | 是    | 用户ID。默认值：调用方所在用户，取值范围：大于等于0。 |
+| callback | AsyncCallback&lt;Array&lt;string&gt;&gt;       | 是    | 回调函数。当接口调用成功err为null，否则为错误对象。       |
+**错误码**：
+以下的错误码的详细介绍请参见[企业设备管理错误码](../errorcodes/errorcode-enterpriseDeviceManager.md)
+| 错误码ID | 错误信息                                                                       |          
+| ------- | ---------------------------------------------------------------------------- |
+| 9200003 | the administrator ability component is invalid.                              |
+| 9200007 | the system ability work abnormally.                                          |
+**示例：**
+```js
+let wantTemp = {
+    bundleName: "com.example.myapplication",
+    abilityName: "EntryAbility",
+};
+bundleManager.getAllowedInstallBundles(wantTemp, 100, (error) => {
+    if (error != null) {
+        console.log("error code:" + error.code + " error message:" + error.message);
+    }
+});
+```
+## bundleManager.getAllowedInstallBundles
+getAllowedInstallBundles(admin: Want, userId?: number): Promise&lt;Array&lt;string&gt;&gt;;
+获取包安装白名单接口，使用promise异步回调。
+**需要权限：** ohos.permission.ENTERPRISE_SET_BUNDLE_INSTALL_POLICY
+**系统能力：** SystemCapability.Customization.EnterpriseDeviceManager
+**系统API**: 此接口为系统接口。
+**参数：**
+| 参数   | 类型                                  | 必填   | 说明      |
+| ----- | ----------------------------------- | ---- | ------- |
+| admin | [Want](js-apis-app-ability-want.md) | 是    | 设备管理员应用 |
+| userId     | number                             | 否    | 用户ID。默认值：调用方所在用户，取值范围：大于等于0。 |
+**返回值：**
+| 类型                   | 说明                      |
+| --------------------- | ------------------------- |
+| Promise&lt;void&gt; | 返回结果为String类型数组的Promise对象。  |
+**错误码**：
+以下的错误码的详细介绍请参见[企业设备管理错误码](../errorcodes/errorcode-enterpriseDeviceManager.md)
+| 错误码ID | 错误信息                                                                     |          
+| ------- | ---------------------------------------------------------------------------- |
+| 9200003 | the administrator ability component is invalid.                              |
+| 9200007 | the system ability work abnormally.                                          |
+**示例：**
+```js
+let wantTemp = {
+    bundleName: "com.example.myapplication",
+    abilityName: "EntryAbility",
+};
+bundleManager.getAllowedInstallBundles(wantTemp, 100).then(() => {
+    console.log("success");
+}).catch(error => {
+    console.log("error code:" + error.code + " error message:" + error.message);
+});
+```
--- a/zh-cn/application-dev/reference/apis/js-apis-image.md
+++ b/zh-cn/application-dev/reference/apis/js-apis-image.md
@@ -949,7 +949,7 @@ createImageSource(uri: string): ImageSource
 ```js
 //Stage模型
 const context = getContext(this);
-const path = context.getCacheDir() + "/test.jpg";
+const path = context.cacheDir() + "/test.jpg";
 const imageSourceApi = image.createImageSource(path);
 ```

--- a/zh-cn/application-dev/reference/apis/test.txt
+++ b/zh-cn/application-dev/reference/apis/test.txt
+e
\ No newline at end of file
--- a/zh-cn/application-dev/security/huks-appendix.md
+++ b/zh-cn/application-dev/security/huks-appendix.md
 # 通用密钥库密码算法规格
+## 规格实现范围说明
+本文档将说明密钥管理服务规格全景，面向OpenHarmony的厂商适配密钥管理服务规格分为必选规格和可选规格。必选规格为所有厂商均支持的算法规格。而对于可选规格，厂商将基于实际情况决定是否实现，如需使用，请查阅具体厂商提供的说明，确保规格支持再使用。
+**建议开发者使用必选规格开发应用，可保证全平台兼容。**
 ## 支持的算法类型及参数组合
 ### 导入\生成密钥规格
-| 算法  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;    | API级别 | 支持的密钥长度     |
+| 算法  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;    | API级别 | 支持的密钥长度     |是否必选规格|
-| -------------- | :---------------: | ------------------ |
+| -------------- | :---------------: | ------------------ |:------------------: |
-| AES    |        8+         | 128、192、256 |
+| AES    |        8+         | 128、192、256 | 是 |
-| RSA    |        8+         | 512、768、1024、2048、3072、4096 |
+| RSA    |        8+         | 512、768、1024|否|
-| HMAC   |        8+         | 8-1024（含），必须是8的倍数   |
+| RSA    |        8+         | 2048、3072、4096 |是|
-| ECC    |        8+         | 224、256、384、521 |
+| HMAC   |        8+         | 8-1024（含），必须是8的倍数   |是|
-| ED25519 |        8+         | 256    |
+| ECC    |        8+         | 224 |否|
-| X25519  |        8+         | 256    |
+| ECC    |        8+         | 256、384、521 |是|
-| DSA    |        8+         | 8-1024（含），8的倍数    |
+| ED25519 |        8+         | 256    |是|
-| DH    |        8+         | 2048、3072、4096                |
+| X25519  |        8+         | 256    |是|
-| SM2    |        9+         | 256                |
+| DSA    |        8+         | 8-1024（含），8的倍数    |否|
-| SM3    |        9+         | 256                |
+| DH    |        8+         | 2048                |是|
-| SM4    |        9+         | 128                |
+| DH    |        8+         | 3072、4096                |否|
+| SM2    |        9+         | 256                |是|
-### 加密解密
+| SM4    |        9+         | 128                |是|
-| 算法  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | API级别 | 备注                                                         |
+### 加密&解密流程算法与分组、填充模式的组合规格
-| ----------------------- | :----: | ---------------- |
-| AES/CBC/NoPadding<br>AES/ECB/NoPadding<br>AES/CTR/NoPadding<br>AES/GCM/NoPadding<br>AES/CBC/PKCS7<br>AES/ECB/PKCS7 | 8+                | 1. CBC\ECB\CTR模式IV参数必选<br>2. GCM模式下Nonce、AAD、AEAD参数必选   |
+| 算法/分组模式/填充模式  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | API级别 | 备注                                                         |是否必选规格|
-| RSA/ECB/NoPadding<br>RSA/ECB/PKCS1_V1_5<br>RSA/ECB/OAEP             | 8+                |    |
+| ----------------------- | :----: | ---------------- | :----------------: |
-| SM4/CTR/NoPadding<br>SM4/ECB/NoPadding<br>SM4/CBC/NoPadding<br>SM4/ECB/PKCS7<br>SM4/CBC/PKCS7 | 9+                |   |
+| AES/ECB/NoPadding<br>AES/ECB/PKCS7 | 8+          |   |否|
+| AES/CBC/NoPadding <br> AES/CBC/PKCS7<br>AES/CTR/NoPadding| 8+  | IV参数必选 |是|
+| AES/GCM/NoPadding | 8+        | Nonce、AAD、AEAD参数必选   |是|
+| RSA/ECB/NoPadding<br>RSA/ECB/PKCS1_V1_5<br>RSA/ECB/OAEP             | 8+                |  OAEP填充模式支持的摘要算法：SHA256/SHA384/SHA512  | 是 |
-### 签名验签
+| SM4/ECB/NoPadding<br> SM4/ECB/PKCS7<br>SM4/CBC/PKCS7 | 9+ | CBC模式下 IV 参数必选  |否 |
+| SM4/CTR/NoPadding<br>SM4/CBC/NoPadding<br> | 9+  | IV 参数必选  |是 |
-| 算法      | API级别 | 备注     |
-| --------- | :----------: | ----------------- |
-| RSA/MD5/PKCS1_V1_5<br>RSA/SHA1/PKCS1_V1_5<br>RSA/SHA224/PKCS1_V1_5<br>RSA/SHA256/PKCS1_V1_5<br>RSA/SHA384/PKCS1_V1_5<br>RSA/SHA512/PKCS1_V1_5<br>RSA/SHA1/PSS<br>RSA/SHA224/PSS<br>RSA/SHA256/PSS<br>RSA/SHA384/PSS | 8+                | | 
+### 签名&验签流程算法与摘要算法、填充模式的组合规格
-| RSA/NoDigest/PKCS1_V1_5 | 9+                | | 
-| DSA/SHA1<br>DSA/SHA224<br>DSA/SHA256<br>DSA/SHA384<br>DSA/SHA512     |  8+                | |
-| DSA/NoDigest     |  9+                | |
+| 算法/摘要算法/填充模式      | API级别 | 备注 |是否必选规格|
-| ECC/SHA1<br>ECC/SHA224<br>ECC/SHA256<br>ECC/SHA384<br>ECC/SHA512      | 8+                | |
+| --------- | :----------: | ---------- |  :-----------------: |
-| ECC/NoDigest     |  9+                | |
+| RSA/MD5/PKCS1_V1_5<br>RSA/SHA1/PKCS1_V1_5<br>RSA/SHA224/PKCS1_V1_5 <br>RSA/SHA224/PSS| 8+                | |否|
-| ED25519/SHA1<br>ED25519/SHA224<br>ED25519/SHA256<br>ED25519/SHA384<br>ED25519/SHA512 |8+                | |
+| RSA/SHA256/PKCS1_V1_5<br>RSA/SHA384/PKCS1_V1_5<br>RSA/SHA512/PKCS1_V1_5<br>RSA/SHA256/PSS<br>RSA/SHA384/PSS<br>RSA/SHA512/PSS | 8+                | | 是 
-| ED25519/NoDigest     |  9+                | |
+| RSA/NoDigest/PKCS1_V1_5 | 9+    |NoDigest 需要指定TAG HuksKeyDigest.HUKS_DIGEST_NONE |否|
-| SM2/SM3<br>SM2/NoDigest |9+                | |
+| DSA/SHA1<br>DSA/SHA224<br>DSA/SHA256<br>DSA/SHA384<br>DSA/SHA512     |  8+                | |否|
+| DSA/NoDigest     |  9+   |NoDigest 需要指定TAG HuksKeyDigest.HUKS_DIGEST_NONE|否|
-### 密钥协商
+| ECC/SHA1<br>ECC/SHA224   | 8+      | |否|
+| ECC/SHA256<br>ECC/SHA384<br>ECC/SHA512      | 8+                | |是|
-| 算法   &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;   | API级别 | 备注     |
+| ECC/NoDigest     |  9+   |NoDigest 需要指定TAG HuksKeyDigest.HUKS_DIGEST_NONE |否|
-| ------ | :-----------: | ------------------------------ |
+| ED25519/NoDigest     |  8+       | NoDigest 需要指定TAG HuksKeyDigest.HUKS_DIGEST_NONE |否|
-| ECDH    | 8+   |  协商密钥类型为ECC类型密钥  |
+| SM2/SM3|9+      | |是|
-| DH        | 8+  |             |
+| SM2/NoDigest |9+      | |否|
-| X25519  | 8+  |             |
+### 密钥协商算法
-### 密钥派生
+| 算法   &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;   | API级别 | 备注     | 是否必选规格|
-| 算法 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |API级别         | 派生密钥及长度              | 备注                  |
+| ------ | :-----------: | ------------------------------ |:-----------: |
-| ------------------------- | :-----------: | ------------ | ----------------- |
+| ECDH    | 8+   |  协商密钥类型为ECC类型密钥  | 是|
-| HKDF/SHA256<br>HKDF/SHA384<br>HKDF/SHA512   | 8+ | 算法：AES、HMAC、SM4 长度：256、384、512 | 派生出的密钥可以存储到HUKS或者直接返回明文 |
+| DH        | 8+  |             |是|
-| PBKDF2/SHA256<br>PBKDF2/SHA384<br>PBKDF2/SHA512    | 8+ | 算法：AES、HMAC、SM4 长度：256、384、512 | 派生出的密钥可以存储到HUKS或者直接返回明文 |
+| X25519  | 8+  |             |是|
+### HMAC 密钥长度与摘要组合规格
+| 摘要  | 密钥长度 | API级别 | 是否必选规格|
+| ------ | :-----------: |:-----------: |:-----------: |
+| SHA256  |192-1024(8的倍数)| 8+   |   是|
+| SHA384  |256-1024(8的倍数) | 8+  |  是|
+| SHA512  |256-1024(8的倍数)| 8+  | 是|
+### 派生算法/摘要组合规格
+| 算法/摘要 &nbsp; |  派生密钥的算法/长度&nbsp;&nbsp;&nbsp;&nbsp;     | 派生结果密钥可用算法/长度              | 备注 |API级别 |是否必选规格|
+| ----------------- |-------------------------------- | ----------------------- | :------------: |:---------: |:--:|
+| HKDF/SHA256   | AES/192-256 | AES/128/192/256<br>HMAC/8-1024<br>SM4/128 | 派生密钥是业务基于三段式得到密钥会话结果，业务可决定派生密钥是否由HUKS管理（即密钥不出TEE）亦或是业务独立管理 |8+|是|
+| HKDF/SHA384  | AES/256 | AES/128/192/256<br>HMAC/8-1024<br>SM4/128 | 派生密钥是业务基于三段式得到密钥会话结果，业务可决定派生密钥是否由HUKS管理（即密钥不出TEE）亦或是业务独立管理 |8+|是|
+|HKDF/SHA512   | AES/256 | AES/128/192/256<br>HMAC/8-1024<br>SM4/128 | 派生密钥是业务基于三段式得到密钥会话结果，业务可决定派生密钥是否由HUKS管理（即密钥不出TEE）亦或是业务独立管理 |8+|是|
+| PBKDF2/SHA256   | AES/192-256 | AES/128/192/256<br>HMAC/8-1024<br>SM4/128 | 派生密钥是业务基于三段式得到密钥会话结果，业务可决定派生密钥是否由HUKS管理（即密钥不出TEE）亦或是业务独立管理 |8+|是|
+| PBKDF2/SHA384   |AES/256  | AES/128/192/256<br>HMAC/8-1024<br>SM4/128 | 派生密钥是业务基于三段式得到密钥会话结果，业务可决定派生密钥是否由HUKS管理（即密钥不出TEE）亦或是业务独立管理 |8+|是|
+| PBKDF2/SHA512    | AES/256 | AES/128/192/256<br>HMAC/8-1024<br>SM4/128 | 派生密钥是业务基于三段式得到密钥会话结果，业务可决定派生密钥是否由HUKS管理（即密钥不出TEE）亦或是业务独立管理 |8+|是|
 ### 密钥证明
-| 算法 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |API级别	| 备注                                            |
+| 算法 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |API级别	| 备注  | 是否必选规格|
-| ------------------ | :-----: | ------------------------------------------------------------ |
+| ------------------ | :-----: | ----------------------------- | :-------:|
-| RSA | 9+ |  仅支持Padding为PSS的密钥 |
+| RSA | 9+ |  支持Padding为 PSS 与 PKCS1_V1_5的密钥 |是|
-| ECC                | 9+ |   |
+| ECC                | 9+ |   |是|
-| X25519             | 9+ |   |
+| X25519             | 9+ |   |是|
 ## 密钥材料格式
 针对不同密码算法的密钥对、公钥、私钥，HUKS定义了一套密钥材料格式。