Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Docs
提交
e34f712a
D
Docs
项目概览
OpenHarmony
/
Docs
大约 1 年 前同步成功
通知
159
Star
292
Fork
28
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
Docs
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
e34f712a
编写于
7月 18, 2023
作者:
C
CheungVane
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
transfer the doc to security dir, align with ArkTS doc
Signed-off-by:
N
zhangwenzhi
<
zhangwenzhi3@huawei.com
>
上级
0c660715
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
36 addition
and
57 deletion
+36
-57
zh-cn/application-dev/security/native-huks-guidelines.md
zh-cn/application-dev/security/native-huks-guidelines.md
+36
-57
未找到文件。
zh-cn/application-dev/
napi
/native-huks-guidelines.md
→
zh-cn/application-dev/
security
/native-huks-guidelines.md
浏览文件 @
e34f712a
...
@@ -47,7 +47,7 @@ HUKS是`OpenHarmony`提供**密钥的全生命周期管理能力**的模块。`H
...
@@ -47,7 +47,7 @@ HUKS是`OpenHarmony`提供**密钥的全生命周期管理能力**的模块。`H
|
[
OH_Huks_FreshParamSet
](
../reference/native-apis/_huks_param_set_api.md#oh_huks_freshparamset
)
(
struct
[
OH_Huks_ParamSet
]
(../reference/native-apis/_o_h___huks___param_set.md)
\*
paramSet, bool isCopy) | 刷新(复制)参数集内Blob类型的数据到参数集内。 |
|
[
OH_Huks_FreshParamSet
](
../reference/native-apis/_huks_param_set_api.md#oh_huks_freshparamset
)
(
struct
[
OH_Huks_ParamSet
]
(../reference/native-apis/_o_h___huks___param_set.md)
\*
paramSet, bool isCopy) | 刷新(复制)参数集内Blob类型的数据到参数集内。 |
|
[
OH_Huks_IsParamSetTagValid
](
../reference/native-apis/_huks_param_set_api.md#oh_huks_isparamsettagvalid
)
(
const
struct
[
OH_Huks_ParamSet
](
../reference/native-apis/_o_h___huks___param_set.md
)
\*
paramSet) | 检查参数集中的参数是否有效、是否有重复。 |
|
[
OH_Huks_IsParamSetTagValid
](
../reference/native-apis/_huks_param_set_api.md#oh_huks_isparamsettagvalid
)
(
const
struct
[
OH_Huks_ParamSet
](
../reference/native-apis/_o_h___huks___param_set.md
)
\*
paramSet) | 检查参数集中的参数是否有效、是否有重复。 |
|
[
OH_Huks_IsParamSetValid
](
../reference/native-apis/_huks_param_set_api.md#oh_huks_isparamsetvalid
)
(
const
struct
[
OH_Huks_ParamSet
](
../reference/native-apis/_o_h___huks___param_set.md
)
\*
paramSet, uint32_t size) | 检查参数集大小是否有效。 |
|
[
OH_Huks_IsParamSetValid
](
../reference/native-apis/_huks_param_set_api.md#oh_huks_isparamsetvalid
)
(
const
struct
[
OH_Huks_ParamSet
](
../reference/native-apis/_o_h___huks___param_set.md
)
\*
paramSet, uint32_t size) | 检查参数集大小是否有效。 |
|
[
OH_Huks_CheckParamMatch
](
../reference/native-apis/_huks_param_set_api.md#oh_huks_checkparammatch
)
(
const
struct
[
OH_Huks_Param
](
../reference/native-apis/_o_h___huks___param.md
)
\*
baseParam, const struct
[
OH_Huks_Param
](
../reference/native-apis/_o_h___huks___param.md
)
\*
param) | 比较两个参数是否相同 |
|
[
OH_Huks_CheckParamMatch
](
../reference/native-apis/_huks_param_set_api.md#oh_huks_checkparammatch
)
(
const
struct
[
OH_Huks_Param
](
../reference/native-apis/_o_h___huks___param.md
)
\*
baseParam, const struct
[
OH_Huks_Param
](
../reference/native-apis/_o_h___huks___param.md
)
\*
param) | 比较两个参数是否相同
。
|
## 开发步骤
## 开发步骤
...
@@ -75,24 +75,21 @@ HUKS提供为业务安全随机生成密钥的能力。通过HUKS生成的密钥
...
@@ -75,24 +75,21 @@ HUKS提供为业务安全随机生成密钥的能力。通过HUKS生成的密钥
OH_Huks_Result InitParamSet(
OH_Huks_Result InitParamSet(
struct OH_Huks_ParamSet **paramSet,
struct OH_Huks_ParamSet **paramSet,
const struct OH_Huks_Param *params,
const struct OH_Huks_Param *params,
uint32_t param
c
ount)
uint32_t param
C
ount)
{
{
OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
if (ret.errorCode != (int32_t)OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
return ret;
return ret;
}
}
ret = OH_Huks_AddParams(*paramSet, params, paramcount);
ret = OH_Huks_AddParams(*paramSet, params, paramCount);
if (ret.errorCode != (int32_t)OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
OH_Huks_FreeParamSet(paramSet);
OH_Huks_FreeParamSet(paramSet);
return ret;
return ret;
}
}
ret = OH_Huks_BuildParamSet(paramSet);
ret = OH_Huks_BuildParamSet(paramSet);
if (ret.errorCode != (int32_t)OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
OH_Huks_FreeParamSet(paramSet);
OH_Huks_FreeParamSet(paramSet);
return ret;
return ret;
}
}
...
@@ -149,7 +146,7 @@ static napi_value GenerateKey(napi_env env, napi_callback_info info)
...
@@ -149,7 +146,7 @@ static napi_value GenerateKey(napi_env env, napi_callback_info info)
导入明文密钥时使用
[
OH_Huks_ImportKeyItem
](
../reference/native-apis/_huks_key_api.md#oh_huks_importkeyitem
)
方法,传入keyAlias作为密钥别名,传入paramSetIn包含该密钥的相关信息,其中必须包含密钥材料和密钥属性集。
导入明文密钥时使用
[
OH_Huks_ImportKeyItem
](
../reference/native-apis/_huks_key_api.md#oh_huks_importkeyitem
)
方法,传入keyAlias作为密钥别名,传入paramSetIn包含该密钥的相关信息,其中必须包含密钥材料和密钥属性集。
1.
确定密钥别名;
1.
确定密钥别名;
2.
封装密钥材料和密钥属性集:密钥材料须符合
[
HUKS密钥材料格式
](
../security/
huks-appendix.md#密钥材料格式
)
并赋值key字段;另外,
[
OH_Huks_InitParamSet
](
../reference/native-apis/_huks_param_set_api.md#oh_huks_initparamset
)
、
[
OH_Huks_AddParams
](
../reference/native-apis/_huks_param_set_api.md#oh_huks_addparams
)
、
[
OH_Huks_BuildParamSet
](
../reference/native-apis/_huks_param_set_api.md#oh_huks_buildparamset
)
构造paramSet,其中必须包含
[
OH_Huks_KeyAlg
](
../reference/native-apis/_huks_type_api.md#oh_huks_keyalg
)
,
[
OH_Huks_KeySize
](
../reference/native-apis/_huks_type_api.md#oh_huks_keysize
)
,
[
OH_Huks_KeyPurpose
](
../reference/native-apis/_huks_type_api.md#oh_huks_keypurpose
)
属性;
2.
封装密钥材料和密钥属性集:密钥材料须符合
[
HUKS密钥材料格式
](
huks-appendix.md#密钥材料格式
)
并赋值key字段;另外,
[
OH_Huks_InitParamSet
](
../reference/native-apis/_huks_param_set_api.md#oh_huks_initparamset
)
、
[
OH_Huks_AddParams
](
../reference/native-apis/_huks_param_set_api.md#oh_huks_addparams
)
、
[
OH_Huks_BuildParamSet
](
../reference/native-apis/_huks_param_set_api.md#oh_huks_buildparamset
)
构造paramSet,其中必须包含
[
OH_Huks_KeyAlg
](
../reference/native-apis/_huks_type_api.md#oh_huks_keyalg
)
,
[
OH_Huks_KeySize
](
../reference/native-apis/_huks_type_api.md#oh_huks_keysize
)
,
[
OH_Huks_KeyPurpose
](
../reference/native-apis/_huks_type_api.md#oh_huks_keypurpose
)
属性;
3.
导入密钥。
3.
导入密钥。
**C++代码示例:**
**C++代码示例:**
...
@@ -161,30 +158,28 @@ static napi_value GenerateKey(napi_env env, napi_callback_info info)
...
@@ -161,30 +158,28 @@ static napi_value GenerateKey(napi_env env, napi_callback_info info)
OH_Huks_Result InitParamSet(
OH_Huks_Result InitParamSet(
struct OH_Huks_ParamSet **paramSet,
struct OH_Huks_ParamSet **paramSet,
const struct OH_Huks_Param *params,
const struct OH_Huks_Param *params,
uint32_t param
c
ount)
uint32_t param
C
ount)
{
{
OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
if (ret.errorCode != (int32_t)OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
return ret;
return ret;
}
}
ret = OH_Huks_AddParams(*paramSet, params, paramcount);
ret = OH_Huks_AddParams(*paramSet, params, paramCount);
if (ret.errorCode != (int32_t)OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
OH_Huks_FreeParamSet(paramSet);
OH_Huks_FreeParamSet(paramSet);
return ret;
return ret;
}
}
ret = OH_Huks_BuildParamSet(paramSet);
ret = OH_Huks_BuildParamSet(paramSet);
if (ret.errorCode != (int32_t)OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
OH_Huks_FreeParamSet(paramSet);
OH_Huks_FreeParamSet(paramSet);
return ret;
return ret;
}
}
return ret;
return ret;
}
}
static napi_value ImportKey(napi_env env, napi_callback_info info)
static napi_value ImportKey(napi_env env, napi_callback_info info)
{
{
(void)GenerateKey(env, info);
(void)GenerateKey(env, info);
...
@@ -222,7 +217,7 @@ static napi_value ImportKey(napi_env env, napi_callback_info info)
...
@@ -222,7 +217,7 @@ static napi_value ImportKey(napi_env env, napi_callback_info info)
**图2**
加密导入开发流程
**图2**
加密导入开发流程
![
huks_import_wrapped_key
](
../security/
figures/huks_import_wrapped_key.png
)
![
huks_import_wrapped_key
](
figures/huks_import_wrapped_key.png
)
**接口说明**
**接口说明**
...
@@ -492,8 +487,7 @@ static OH_Huks_Result HksEncryptLoopUpdate(const struct OH_Huks_Blob *handle, co
...
@@ -492,8 +487,7 @@ static OH_Huks_Result HksEncryptLoopUpdate(const struct OH_Huks_Blob *handle, co
return ret;
return ret;
}
}
ret = OH_Huks_UpdateSession(handle, paramSet, &inDataSeg, &outDataSeg);
ret = OH_Huks_UpdateSession(handle, paramSet, &inDataSeg, &outDataSeg);
if (ret.errorCode != (int32_t)OH_HUKS_SUCCESS)
if (ret.errorCode != (int32_t)OH_HUKS_SUCCESS) {
{
free(outDataSeg.data);
free(outDataSeg.data);
return ret;
return ret;
}
}
...
@@ -501,8 +495,7 @@ static OH_Huks_Result HksEncryptLoopUpdate(const struct OH_Huks_Blob *handle, co
...
@@ -501,8 +495,7 @@ static OH_Huks_Result HksEncryptLoopUpdate(const struct OH_Huks_Blob *handle, co
cur += outDataSeg.size;
cur += outDataSeg.size;
outData->size += outDataSeg.size;
outData->size += outDataSeg.size;
free(outDataSeg.data);
free(outDataSeg.data);
if ((isFinished == false) && (inDataSeg.data + MAX_UPDATE_SIZE > lastPtr))
if ((isFinished == false) && (inDataSeg.data + MAX_UPDATE_SIZE > lastPtr)) {
{
ret.errorCode = OH_HUKS_ERR_CODE_INTERNAL_ERROR;
ret.errorCode = OH_HUKS_ERR_CODE_INTERNAL_ERROR;
return ret;
return ret;
}
}
...
@@ -927,24 +920,21 @@ HUKS基于密钥会话来操作数据,使用密钥时基于以下流程:
...
@@ -927,24 +920,21 @@ HUKS基于密钥会话来操作数据,使用密钥时基于以下流程:
OH_Huks_Result InitParamSet(
OH_Huks_Result InitParamSet(
struct OH_Huks_ParamSet **paramSet,
struct OH_Huks_ParamSet **paramSet,
const struct OH_Huks_Param *params,
const struct OH_Huks_Param *params,
uint32_t param
c
ount)
uint32_t param
C
ount)
{
{
OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
if (ret.errorCode != (int32_t)OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
return ret;
return ret;
}
}
ret = OH_Huks_AddParams(*paramSet, params, paramcount);
ret = OH_Huks_AddParams(*paramSet, params, paramCount);
if (ret.errorCode != (int32_t)OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
OH_Huks_FreeParamSet(paramSet);
OH_Huks_FreeParamSet(paramSet);
return ret;
return ret;
}
}
ret = OH_Huks_BuildParamSet(paramSet);
ret = OH_Huks_BuildParamSet(paramSet);
if (ret.errorCode != (int32_t)OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
OH_Huks_FreeParamSet(paramSet);
OH_Huks_FreeParamSet(paramSet);
return ret;
return ret;
}
}
...
@@ -1126,21 +1116,18 @@ OH_Huks_Result InitParamSet(
...
@@ -1126,21 +1116,18 @@ OH_Huks_Result InitParamSet(
uint32_t paramCount)
uint32_t paramCount)
{
{
OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
if (ret.errorCode != OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
return ret;
return ret;
}
}
ret = OH_Huks_AddParams(*paramSet, params, paramCount);
ret = OH_Huks_AddParams(*paramSet, params, paramCount);
if (ret.errorCode != OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
OH_Huks_FreeParamSet(paramSet);
OH_Huks_FreeParamSet(paramSet);
return ret;
return ret;
}
}
ret = OH_Huks_BuildParamSet(paramSet);
ret = OH_Huks_BuildParamSet(paramSet);
if (ret.errorCode != OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
OH_Huks_FreeParamSet(paramSet);
OH_Huks_FreeParamSet(paramSet);
return ret;
return ret;
}
}
...
@@ -1306,24 +1293,21 @@ static napi_value SignVerifyKey(napi_env env, napi_callback_info info)
...
@@ -1306,24 +1293,21 @@ static napi_value SignVerifyKey(napi_env env, napi_callback_info info)
OH_Huks_Result InitParamSet(
OH_Huks_Result InitParamSet(
struct OH_Huks_ParamSet **paramSet,
struct OH_Huks_ParamSet **paramSet,
const struct OH_Huks_Param *params,
const struct OH_Huks_Param *params,
uint32_t param
c
ount)
uint32_t param
C
ount)
{
{
OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
if (ret.errorCode != (int32_t)OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
return ret;
return ret;
}
}
ret = OH_Huks_AddParams(*paramSet, params, paramcount);
ret = OH_Huks_AddParams(*paramSet, params, paramCount);
if (ret.errorCode != (int32_t)OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
OH_Huks_FreeParamSet(paramSet);
OH_Huks_FreeParamSet(paramSet);
return ret;
return ret;
}
}
ret = OH_Huks_BuildParamSet(paramSet);
ret = OH_Huks_BuildParamSet(paramSet);
if (ret.errorCode != (int32_t)OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
OH_Huks_FreeParamSet(paramSet);
OH_Huks_FreeParamSet(paramSet);
return ret;
return ret;
}
}
...
@@ -1621,27 +1605,25 @@ OH_Huks_Result InitParamSet(
...
@@ -1621,27 +1605,25 @@ OH_Huks_Result InitParamSet(
uint32_t paramCount)
uint32_t paramCount)
{
{
OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
if (ret.errorCode != OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
return ret;
return ret;
}
}
ret = OH_Huks_AddParams(*paramSet, params, paramCount);
ret = OH_Huks_AddParams(*paramSet, params, paramCount);
if (ret.errorCode != OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
OH_Huks_FreeParamSet(paramSet);
OH_Huks_FreeParamSet(paramSet);
return ret;
return ret;
}
}
ret = OH_Huks_BuildParamSet(paramSet);
ret = OH_Huks_BuildParamSet(paramSet);
if (ret.errorCode != OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
OH_Huks_FreeParamSet(paramSet);
OH_Huks_FreeParamSet(paramSet);
return ret;
return ret;
}
}
return ret;
return ret;
}
}
static const uint32_t DERIVE_KEY_SIZE_32 = 32;
static const uint32_t DERIVE_KEY_SIZE_32 = 32;
static struct OH_Huks_Blob g_deriveKeyAlias = {
static struct OH_Huks_Blob g_deriveKeyAlias = {
(uint32_t)strlen("test_derive"),
(uint32_t)strlen("test_derive"),
...
@@ -1798,21 +1780,18 @@ OH_Huks_Result InitParamSet(
...
@@ -1798,21 +1780,18 @@ OH_Huks_Result InitParamSet(
uint32_t paramCount)
uint32_t paramCount)
{
{
OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
if (ret.errorCode != OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
return ret;
return ret;
}
}
ret = OH_Huks_AddParams(*paramSet, params, paramCount);
ret = OH_Huks_AddParams(*paramSet, params, paramCount);
if (ret.errorCode != OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
OH_Huks_FreeParamSet(paramSet);
OH_Huks_FreeParamSet(paramSet);
return ret;
return ret;
}
}
ret = OH_Huks_BuildParamSet(paramSet);
ret = OH_Huks_BuildParamSet(paramSet);
if (ret.errorCode != OH_HUKS_SUCCESS)
if (ret.errorCode != OH_HUKS_SUCCESS) {
{
OH_Huks_FreeParamSet(paramSet);
OH_Huks_FreeParamSet(paramSet);
return ret;
return ret;
}
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录