1 /* 2 * Copyright (c) 2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef NATIVE_OH_HUKS_TYPE_H 17 #define NATIVE_OH_HUKS_TYPE_H 18 19 /** 20 * @addtogroup HuksTypeApi 21 * @{ 22 * 23 * @brief Defines the macros, enumerated values, data structures, 24 * and error codes used by OpenHarmony Universal KeyStore (HUKS) APIs. 25 * 26 * @syscap SystemCapability.Security.Huks 27 * @since 9 28 * @version 1.0 29 */ 30 31 /** 32 * @file native_huks_type.h 33 * 34 * @brief Defines the enumerated variables, structures, and macros used in the HUKS APIs. 35 * 36 * @since 9 37 * @version 1.0 38 */ 39 40 #include <stdbool.h> 41 #include <stdint.h> 42 #include <stdlib.h> 43 44 #ifdef __cplusplus 45 extern "C" { 46 #endif 47 48 #define OH_HUKS_AE_TAG_LEN 16 49 #define OH_HUKS_BITS_PER_BYTE 8 50 #define OH_HUKS_MAX_KEY_SIZE 2048 51 #define OH_HUKS_AE_NONCE_LEN 12 52 #define OH_HUKS_MAX_KEY_ALIAS_LEN 64 53 #define OH_HUKS_MAX_PROCESS_NAME_LEN 50 54 #define OH_HUKS_MAX_RANDOM_LEN 1024 55 #define OH_HUKS_SIGNATURE_MIN_SIZE 64 56 #define OH_HUKS_MAX_OUT_BLOB_SIZE (5 * 1024 * 1024) 57 #define OH_HUKS_WRAPPED_FORMAT_MAX_SIZE (1024 * 1024) 58 #define OH_HUKS_IMPORT_WRAPPED_KEY_TOTAL_BLOBS 10 59 #define TOKEN_CHALLENGE_LEN 32 60 #define SHA256_SIGN_LEN 32 61 #define TOKEN_SIZE 32 62 #define MAX_AUTH_TIMEOUT_SECOND 60 63 #define SECURE_SIGN_VERSION 0x01000001 64 65 /** 66 * @brief Enumerates the key purposes. 67 * 68 * @since 9 69 * @version 1.0 70 */ 71 enum OH_Huks_KeyPurpose { 72 /** Used to encrypt the plaintext. */ 73 OH_HUKS_KEY_PURPOSE_ENCRYPT = 1, 74 /** Used to decrypt the cipher text. */ 75 OH_HUKS_KEY_PURPOSE_DECRYPT = 2, 76 /** Used to sign data. */ 77 OH_HUKS_KEY_PURPOSE_SIGN = 4, 78 /** Used to verify the signature. */ 79 OH_HUKS_KEY_PURPOSE_VERIFY = 8, 80 /** Used to derive a key. */ 81 OH_HUKS_KEY_PURPOSE_DERIVE = 16, 82 /** Used for an encrypted export. */ 83 OH_HUKS_KEY_PURPOSE_WRAP = 32, 84 /** Used for an encrypted import. */ 85 OH_HUKS_KEY_PURPOSE_UNWRAP = 64, 86 /** Used to generate a message authentication code (MAC). */ 87 OH_HUKS_KEY_PURPOSE_MAC = 128, 88 /** Used for key agreement. */ 89 OH_HUKS_KEY_PURPOSE_AGREE = 256, 90 }; 91 92 /** 93 * @brief Enumerates the digest algorithms. 94 * 95 * @since 9 96 * @version 1.0 97 */ 98 enum OH_Huks_KeyDigest { 99 /** No digest algorithm. */ 100 OH_HUKS_DIGEST_NONE = 0, 101 /** MD5. */ 102 OH_HUKS_DIGEST_MD5 = 1, 103 /** SM3. */ 104 OH_HUKS_DIGEST_SM3 = 2, 105 /** SHA-1. */ 106 OH_HUKS_DIGEST_SHA1 = 10, 107 /** SHA-224. */ 108 OH_HUKS_DIGEST_SHA224 = 11, 109 /** SHA-256. */ 110 OH_HUKS_DIGEST_SHA256 = 12, 111 /** SHA-384. */ 112 OH_HUKS_DIGEST_SHA384 = 13, 113 /** SHA-512. */ 114 OH_HUKS_DIGEST_SHA512 = 14, 115 }; 116 117 /** 118 * @brief Enumerates the padding algorithms. 119 * 120 * @since 9 121 * @version 1.0 122 */ 123 enum OH_Huks_KeyPadding { 124 /** No padding algorithm. */ 125 OH_HUKS_PADDING_NONE = 0, 126 /** Optimal Asymmetric Encryption Padding (OAEP). */ 127 OH_HUKS_PADDING_OAEP = 1, 128 /** Probabilistic Signature Scheme (PSS). */ 129 OH_HUKS_PADDING_PSS = 2, 130 /** Public Key Cryptography Standards (PKCS) #1 v1.5. */ 131 OH_HUKS_PADDING_PKCS1_V1_5 = 3, 132 /** PKCS #5. */ 133 OH_HUKS_PADDING_PKCS5 = 4, 134 /** PKCS #7. */ 135 OH_HUKS_PADDING_PKCS7 = 5, 136 }; 137 138 /** 139 * @brief Enumerates the cipher modes. 140 * 141 * @since 9 142 * @version 1.0 143 */ 144 enum OH_Huks_CipherMode { 145 /** Electronic Code Block (ECB) mode. */ 146 OH_HUKS_MODE_ECB = 1, 147 /** Cipher Block Chaining (CBC) mode. */ 148 OH_HUKS_MODE_CBC = 2, 149 /** Counter (CTR) mode. */ 150 OH_HUKS_MODE_CTR = 3, 151 /** Output Feedback (OFB) mode. */ 152 OH_HUKS_MODE_OFB = 4, 153 /** Counter with CBC-MAC (CCM) mode. */ 154 OH_HUKS_MODE_CCM = 31, 155 /** Galois/Counter (GCM) mode. */ 156 OH_HUKS_MODE_GCM = 32, 157 }; 158 159 /** 160 * @brief Enumerates the key sizes. 161 * 162 * @since 9 163 * @version 1.0 164 */ 165 enum OH_Huks_KeySize { 166 /** Rivest-Shamir-Adleman (RSA) key of 512 bits. */ 167 OH_HUKS_RSA_KEY_SIZE_512 = 512, 168 /** RSA key of 768 bits. */ 169 OH_HUKS_RSA_KEY_SIZE_768 = 768, 170 /** RSA key of 1024 bits. */ 171 OH_HUKS_RSA_KEY_SIZE_1024 = 1024, 172 /** RSA key of 2048 bits. */ 173 OH_HUKS_RSA_KEY_SIZE_2048 = 2048, 174 /** RSA key of 3072 bits. */ 175 OH_HUKS_RSA_KEY_SIZE_3072 = 3072, 176 /** RSA key of 4096 bits. */ 177 OH_HUKS_RSA_KEY_SIZE_4096 = 4096, 178 179 /** Elliptic Curve Cryptography (ECC) key of 224 bits. */ 180 OH_HUKS_ECC_KEY_SIZE_224 = 224, 181 /** ECC key of 256 bits. */ 182 OH_HUKS_ECC_KEY_SIZE_256 = 256, 183 /** ECC key of 384 bits. */ 184 OH_HUKS_ECC_KEY_SIZE_384 = 384, 185 /** ECC key of 521 bits. */ 186 OH_HUKS_ECC_KEY_SIZE_521 = 521, 187 188 /** Advanced Encryption Standard (AES) key of 128 bits. */ 189 OH_HUKS_AES_KEY_SIZE_128 = 128, 190 /** AES key of 192 bits. */ 191 OH_HUKS_AES_KEY_SIZE_192 = 192, 192 /** AES key of 256 bits. */ 193 OH_HUKS_AES_KEY_SIZE_256 = 256, 194 /** AES key of 512 bits. */ 195 OH_HUKS_AES_KEY_SIZE_512 = 512, 196 197 /** Curve25519 key of 256 bits. */ 198 OH_HUKS_CURVE25519_KEY_SIZE_256 = 256, 199 200 /** Diffie-Hellman (DH) key of 2048 bits. */ 201 OH_HUKS_DH_KEY_SIZE_2048 = 2048, 202 /** DH key of 3072 bits. */ 203 OH_HUKS_DH_KEY_SIZE_3072 = 3072, 204 /** DH key of 4096 bits. */ 205 OH_HUKS_DH_KEY_SIZE_4096 = 4096, 206 207 /** ShangMi2 (SM2) key of 256 bits. */ 208 OH_HUKS_SM2_KEY_SIZE_256 = 256, 209 /** ShangMi4 (SM4) key of 128 bits. */ 210 OH_HUKS_SM4_KEY_SIZE_128 = 128, 211 }; 212 213 /** 214 * @brief Enumerates the key algorithms. 215 * 216 * @since 9 217 * @version 1.0 218 */ 219 enum OH_Huks_KeyAlg { 220 /** RSA. */ 221 OH_HUKS_ALG_RSA = 1, 222 /** ECC. */ 223 OH_HUKS_ALG_ECC = 2, 224 /** DSA. */ 225 OH_HUKS_ALG_DSA = 3, 226 227 /** AES. */ 228 OH_HUKS_ALG_AES = 20, 229 /** HMAC. */ 230 OH_HUKS_ALG_HMAC = 50, 231 /** HKDF. */ 232 OH_HUKS_ALG_HKDF = 51, 233 /** PBKDF2. */ 234 OH_HUKS_ALG_PBKDF2 = 52, 235 236 /** ECDH. */ 237 OH_HUKS_ALG_ECDH = 100, 238 /** X25519. */ 239 OH_HUKS_ALG_X25519 = 101, 240 /** Ed25519. */ 241 OH_HUKS_ALG_ED25519 = 102, 242 /** DH. */ 243 OH_HUKS_ALG_DH = 103, 244 245 /** SM2. */ 246 OH_HUKS_ALG_SM2 = 150, 247 /** SM3. */ 248 OH_HUKS_ALG_SM3 = 151, 249 /** SM4. */ 250 OH_HUKS_ALG_SM4 = 152, 251 }; 252 253 /** 254 * @brief Enumerates the algorithm suites required for ciphertext imports. 255 * 256 * @since 9 257 * @version 1.0 258 */ 259 enum OH_Huks_AlgSuite { 260 /** Key material format (Length-Value format), X25519 key agreement, and AES-256-GCM encryption and decryption. 261 * | x25519_plain_pubkey_length (4 Byte) | x25519_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad 262 * | agreekey_nonce_length (4 Byte) | agreekey_nonce | 263 * | agreekey_aead_tag_len (4 Byte) | agreekey_aead_tag | 264 * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad 265 * | kek_nonce_length (4 Byte) | kek_nonce | kek_aead_tag_len (4 Byte) | kek_aead_tag 266 * | key_material_size_len (4 Byte) | key_material_size | key_mat_enc_length (4 Byte) | key_mat_enc_data 267 */ 268 OH_HUKS_UNWRAP_SUITE_X25519_AES_256_GCM_NOPADDING = 1, 269 270 /** Key material format (Length-Value format), ECDH-p256 key agreement, and AES-256-GCM encryption and decryption. 271 * | ECC_plain_pubkey_length (4 Byte) | ECC_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad 272 * | agreekey_nonce_length (4 Byte) | agreekey_nonce | 273 * | agreekey_aead_tag_len (4 Byte) | agreekey_aead_tag | 274 * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad 275 * | kek_nonce_length (4 Byte) | kek_nonce | kek_aead_tag_len (4 Byte) | kek_aead_tag 276 * | key_material_size_len (4 Byte) | key_material_size | key_mat_enc_length (4 Byte) | key_mat_enc_data 277 */ 278 OH_HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING = 2, 279 }; 280 281 /** 282 * @brief Enumerates the key generation types. 283 * 284 * @since 9 285 * @version 1.0 286 */ 287 enum OH_Huks_KeyGenerateType { 288 /** Key generated by default. */ 289 OH_HUKS_KEY_GENERATE_TYPE_DEFAULT = 0, 290 /** Derived key. */ 291 OH_HUKS_KEY_GENERATE_TYPE_DERIVE = 1, 292 /** Key obtained by key agreement. */ 293 OH_HUKS_KEY_GENERATE_TYPE_AGREE = 2, 294 }; 295 296 /** 297 * @brief Enumerates the key generation modes. 298 * 299 * @since 9 300 * @version 1.0 301 */ 302 enum OH_Huks_KeyFlag { 303 /** Import a public key using an API. */ 304 OH_HUKS_KEY_FLAG_IMPORT_KEY = 1, 305 /** Generate a key by using an API. */ 306 OH_HUKS_KEY_FLAG_GENERATE_KEY = 2, 307 /** Generate a key by using a key agreement API. */ 308 OH_HUKS_KEY_FLAG_AGREE_KEY = 3, 309 /** Derive a key by using an API. */ 310 OH_HUKS_KEY_FLAG_DERIVE_KEY = 4, 311 }; 312 313 /** 314 * @brief Enumerates the key storage modes. 315 * 316 * @since 9 317 * @version 1.0 318 */ 319 enum OH_Huks_KeyStorageType { 320 /** The key is managed locally. */ 321 OH_HUKS_STORAGE_TEMP = 0, 322 /** The key is managed by the HUKS service. */ 323 OH_HUKS_STORAGE_PERSISTENT = 1, 324 }; 325 326 /** 327 * @brief Enumerates the types of keys to import. By default, 328 * a public key is imported. This field is not required when a symmetric key is imported. 329 * 330 * @since 9 331 * @version 1.0 332 */ 333 enum OH_Huks_ImportKeyType { 334 /** Public key. */ 335 OH_HUKS_KEY_TYPE_PUBLIC_KEY = 0, 336 /** Private key. */ 337 OH_HUKS_KEY_TYPE_PRIVATE_KEY = 1, 338 /** Public and private key pair. */ 339 OH_HUKS_KEY_TYPE_KEY_PAIR = 2, 340 }; 341 342 /** 343 * @brief Enumerates the error codes. 344 * 345 * @since 9 346 * @version 1.0 347 */ 348 enum OH_Huks_ErrCode { 349 /** The operation is successful. */ 350 OH_HUKS_SUCCESS = 0, 351 /** Permission verification failed. */ 352 OH_HUKS_ERR_CODE_PERMISSION_FAIL = 201, 353 /** Invalid parameters are detected. */ 354 OH_HUKS_ERR_CODE_ILLEGAL_ARGUMENT = 401, 355 /** The API is not supported. */ 356 OH_HUKS_ERR_CODE_NOT_SUPPORTED_API = 801, 357 358 /** The feature is not supported. */ 359 OH_HUKS_ERR_CODE_FEATURE_NOT_SUPPORTED = 12000001, 360 /** Key algorithm parameters are missing. */ 361 OH_HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT = 12000002, 362 /** Invalid key algorithm parameters are detected. */ 363 OH_HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT = 12000003, 364 /** Failed to operate the file. */ 365 OH_HUKS_ERR_CODE_FILE_OPERATION_FAIL = 12000004, 366 /** The process communication failed. */ 367 OH_HUKS_ERR_CODE_COMMUNICATION_FAIL = 12000005, 368 /** Failed to operate the algorithm library. */ 369 OH_HUKS_ERR_CODE_CRYPTO_FAIL = 12000006, 370 /** Failed to access the key because the key has expired. */ 371 OH_HUKS_ERR_CODE_KEY_AUTH_PERMANENTLY_INVALIDATED = 12000007, 372 /** Failed to access the key because the authentication has failed. */ 373 OH_HUKS_ERR_CODE_KEY_AUTH_VERIFY_FAILED = 12000008, 374 /** Key access timed out. */ 375 OH_HUKS_ERR_CODE_KEY_AUTH_TIME_OUT = 12000009, 376 /** The number of key operation sessions has reached the limit. */ 377 OH_HUKS_ERR_CODE_SESSION_LIMIT = 12000010, 378 /** The entity does not exist. */ 379 OH_HUKS_ERR_CODE_ITEM_NOT_EXIST = 12000011, 380 /** Internal error. */ 381 OH_HUKS_ERR_CODE_INTERNAL_ERROR = 12000012, 382 /** The authentication credential does not exist. */ 383 OH_HUKS_ERR_CODE_CREDENTIAL_NOT_EXIST = 12000013, 384 }; 385 386 /** 387 * @brief Enumerates the tag types. 388 * @see OH_Huks_Param 389 * 390 * @since 9 391 * @version 1.0 392 */ 393 enum OH_Huks_TagType { 394 /** Invalid tag type. */ 395 OH_HUKS_TAG_TYPE_INVALID = 0 << 28, 396 /** int32_t. */ 397 OH_HUKS_TAG_TYPE_INT = 1 << 28, 398 /** uin32_t. */ 399 OH_HUKS_TAG_TYPE_UINT = 2 << 28, 400 /** uin64_t. */ 401 OH_HUKS_TAG_TYPE_ULONG = 3 << 28, 402 /** Boolean. */ 403 OH_HUKS_TAG_TYPE_BOOL = 4 << 28, 404 /** OH_Huks_Blob. */ 405 OH_HUKS_TAG_TYPE_BYTES = 5 << 28, 406 }; 407 408 /** 409 * @brief Enumerates the user authentication types. 410 * 411 * @since 9 412 * @version 1.0 413 */ 414 enum OH_Huks_UserAuthType { 415 /** Fingerprint authentication. */ 416 OH_HUKS_USER_AUTH_TYPE_FINGERPRINT = 1 << 0, 417 /** Facial authentication. */ 418 OH_HUKS_USER_AUTH_TYPE_FACE = 1 << 1, 419 /** PIN authentication. */ 420 OH_HUKS_USER_AUTH_TYPE_PIN = 1 << 2, 421 }; 422 423 /** 424 * @brief Enumerates the access control types. 425 * 426 * @since 9 427 * @version 1.0 428 */ 429 enum OH_Huks_AuthAccessType { 430 /** The key is invalid after the password is cleared. */ 431 OH_HUKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD = 1 << 0, 432 /** The key is invalid after a new biometric feature is enrolled. */ 433 OH_HUKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL = 1 << 1, 434 }; 435 436 /** 437 * @brief Enumerates the types of the challenges generated when a key is used. 438 * @see OH_Huks_ChallengePosition 439 * 440 * @since 9 441 * @version 1.0 442 */ 443 enum OH_Huks_ChallengeType { 444 /** Normal challenge, which is of 32 bytes by default. */ 445 OH_HUKS_CHALLENGE_TYPE_NORMAL = 0, 446 /** Custom challenge, which supports only one authentication for multiple keys. 447 * The valid value of a custom challenge is of 8 bytes. 448 */ 449 OH_HUKS_CHALLENGE_TYPE_CUSTOM = 1, 450 /** Challenge is not required. */ 451 OH_HUKS_CHALLENGE_TYPE_NONE = 2, 452 }; 453 454 /** 455 * @brief Enumerates the positions of the 8-byte valid value in a custom challenge generated. 456 * 457 * @since 9 458 * @version 1.0 459 */ 460 enum OH_Huks_ChallengePosition { 461 /** Bytes 0 to 7. */ 462 OH_HUKS_CHALLENGE_POS_0 = 0, 463 /** Bytes 8 to 15. */ 464 OH_HUKS_CHALLENGE_POS_1, 465 /** Bytes 16 to 23. */ 466 OH_HUKS_CHALLENGE_POS_2, 467 /** Bytes 24 to 31. */ 468 OH_HUKS_CHALLENGE_POS_3, 469 }; 470 471 /** 472 * @brief Enumerates the signature types of the keys generated or imported. 473 * 474 * @since 9 475 * @version 1.0 476 */ 477 enum OH_Huks_SecureSignType { 478 /** 479 * The signature carries authentication information. This field is specified when a key 480 * is generated or imported. When the key is used to sign data, the data will be added with 481 * the authentication information and then be signed. 482 */ 483 OH_HUKS_SECURE_SIGN_WITH_AUTHINFO = 1, 484 }; 485 486 /** 487 * @brief Enumerates the tag values used in parameter sets. 488 * 489 * @since 9 490 * @version 1.0 491 */ 492 enum OH_Huks_Tag { 493 /** Tags for key parameters. The value range is 1 to 200. */ 494 /** Algorithm. */ 495 OH_HUKS_TAG_ALGORITHM = OH_HUKS_TAG_TYPE_UINT | 1, 496 /** Key purpose. */ 497 OH_HUKS_TAG_PURPOSE = OH_HUKS_TAG_TYPE_UINT | 2, 498 /** Key size. */ 499 OH_HUKS_TAG_KEY_SIZE = OH_HUKS_TAG_TYPE_UINT | 3, 500 /** Digest algorithm. */ 501 OH_HUKS_TAG_DIGEST = OH_HUKS_TAG_TYPE_UINT | 4, 502 /** Padding algorithm. */ 503 OH_HUKS_TAG_PADDING = OH_HUKS_TAG_TYPE_UINT | 5, 504 /** Cipher mode. */ 505 OH_HUKS_TAG_BLOCK_MODE = OH_HUKS_TAG_TYPE_UINT | 6, 506 /** Key type. */ 507 OH_HUKS_TAG_KEY_TYPE = OH_HUKS_TAG_TYPE_UINT | 7, 508 /** Associated authentication data. */ 509 OH_HUKS_TAG_ASSOCIATED_DATA = OH_HUKS_TAG_TYPE_BYTES | 8, 510 /** Field for key encryption and decryption. */ 511 OH_HUKS_TAG_NONCE = OH_HUKS_TAG_TYPE_BYTES | 9, 512 /** Initialized vector (IV). */ 513 OH_HUKS_TAG_IV = OH_HUKS_TAG_TYPE_BYTES | 10, 514 515 /** Information generated during key derivation. */ 516 OH_HUKS_TAG_INFO = OH_HUKS_TAG_TYPE_BYTES | 11, 517 /** Salt value used for key derivation. */ 518 OH_HUKS_TAG_SALT = OH_HUKS_TAG_TYPE_BYTES | 12, 519 /** Number of iterations for key derivation. */ 520 OH_HUKS_TAG_ITERATION = OH_HUKS_TAG_TYPE_UINT | 14, 521 522 /** Type of the generated key. For details, see {@link OH_Huks_KeyGenerateType}. */ 523 OH_HUKS_TAG_KEY_GENERATE_TYPE = OH_HUKS_TAG_TYPE_UINT | 15, 524 /** Algorithm used in key agreement. */ 525 OH_HUKS_TAG_AGREE_ALG = OH_HUKS_TAG_TYPE_UINT | 19, 526 /** Alias of the public key used for key agreement. */ 527 OH_HUKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS = OH_HUKS_TAG_TYPE_BOOL | 20, 528 /** Alias of the private key used for key agreement. */ 529 OH_HUKS_TAG_AGREE_PRIVATE_KEY_ALIAS = OH_HUKS_TAG_TYPE_BYTES | 21, 530 /** Public key used for key agreement. */ 531 OH_HUKS_TAG_AGREE_PUBLIC_KEY = OH_HUKS_TAG_TYPE_BYTES | 22, 532 /** Alias of the key. */ 533 OH_HUKS_TAG_KEY_ALIAS = OH_HUKS_TAG_TYPE_BYTES | 23, 534 /** Size of the derived key. */ 535 OH_HUKS_TAG_DERIVE_KEY_SIZE = OH_HUKS_TAG_TYPE_UINT | 24, 536 /** Type of the key to import. For details, see {@link OH_Huks_ImportKeyType}. */ 537 OH_HUKS_TAG_IMPORT_KEY_TYPE = OH_HUKS_TAG_TYPE_UINT | 25, 538 /** Algorithm suite required for encrypted imports. */ 539 OH_HUKS_TAG_UNWRAP_ALGORITHM_SUITE = OH_HUKS_TAG_TYPE_UINT | 26, 540 541 /** Tags for access control and user authentication. The value range is 301 to 500. */ 542 /** All users in the multi-user scenario. */ 543 OH_HUKS_TAG_ALL_USERS = OH_HUKS_TAG_TYPE_BOOL | 301, 544 /** Multi-user ID. */ 545 OH_HUKS_TAG_USER_ID = OH_HUKS_TAG_TYPE_UINT | 302, 546 /** Specifies whether key access control is required. */ 547 OH_HUKS_TAG_NO_AUTH_REQUIRED = OH_HUKS_TAG_TYPE_BOOL | 303, 548 /** User authentication type in key access control. */ 549 OH_HUKS_TAG_USER_AUTH_TYPE = OH_HUKS_TAG_TYPE_UINT | 304, 550 /** Timeout duration for key access. */ 551 OH_HUKS_TAG_AUTH_TIMEOUT = OH_HUKS_TAG_TYPE_UINT | 305, 552 /** Authentication token for the key. */ 553 OH_HUKS_TAG_AUTH_TOKEN = OH_HUKS_TAG_TYPE_BYTES | 306, 554 /** 555 * Access control type. For details, see {@link OH_Huks_AuthAccessType}. 556 * This parameter must be set together with the user authentication type. 557 */ 558 OH_HUKS_TAG_KEY_AUTH_ACCESS_TYPE = OH_HUKS_TAG_TYPE_UINT | 307, 559 /** Signature type for the key to be generated or imported. */ 560 OH_HUKS_TAG_KEY_SECURE_SIGN_TYPE = OH_HUKS_TAG_TYPE_UINT | 308, 561 /** Challenge type. For details, see {@link OH_Huks_ChallengeType}. */ 562 OH_HUKS_TAG_CHALLENGE_TYPE = OH_HUKS_TAG_TYPE_UINT | 309, 563 /** 564 * Position of the 8-byte valid value in a custom challenge. 565 * For details, see {@link OH_Huks_ChallengePosition}. 566 */ 567 OH_HUKS_TAG_CHALLENGE_POS = OH_HUKS_TAG_TYPE_UINT | 310, 568 569 /** Tags for key attestation. The value range is 501 to 600. */ 570 /** Challenge value used in the attestation. */ 571 OH_HUKS_TAG_ATTESTATION_CHALLENGE = OH_HUKS_TAG_TYPE_BYTES | 501, 572 /** Application ID used in the attestation. */ 573 OH_HUKS_TAG_ATTESTATION_APPLICATION_ID = OH_HUKS_TAG_TYPE_BYTES | 502, 574 /** Alias of the key. */ 575 OH_HUKS_TAG_ATTESTATION_ID_ALIAS = OH_HUKS_TAG_TYPE_BYTES | 511, 576 /** Security level used in the attestation. */ 577 OH_HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO = OH_HUKS_TAG_TYPE_BYTES | 514, 578 /** Version information used in the attestation. */ 579 OH_HUKS_TAG_ATTESTATION_ID_VERSION_INFO = OH_HUKS_TAG_TYPE_BYTES | 515, 580 581 /** 582 * 601 to 1000 are reserved for other tags. 583 * 584 * Extended tags. The value range is 1001 to 9999. 585 */ 586 /** Specifies whether it is a key alias. */ 587 OH_HUKS_TAG_IS_KEY_ALIAS = OH_HUKS_TAG_TYPE_BOOL | 1001, 588 /** Key storage mode. For details, see {@link OH_Huks_KeyStorageType}. */ 589 OH_HUKS_TAG_KEY_STORAGE_FLAG = OH_HUKS_TAG_TYPE_UINT | 1002, 590 /** Specifies whether to allow the key to be wrapped. */ 591 OH_HUKS_TAG_IS_ALLOWED_WRAP = OH_HUKS_TAG_TYPE_BOOL | 1003, 592 /** Key wrap type. */ 593 OH_HUKS_TAG_KEY_WRAP_TYPE = OH_HUKS_TAG_TYPE_UINT | 1004, 594 /** Authentication ID. */ 595 OH_HUKS_TAG_KEY_AUTH_ID = OH_HUKS_TAG_TYPE_BYTES | 1005, 596 /** Role of the key. */ 597 OH_HUKS_TAG_KEY_ROLE = OH_HUKS_TAG_TYPE_UINT | 1006, 598 /** Key flag. For details, see {@link OH_Huks_KeyFlag}. */ 599 OH_HUKS_TAG_KEY_FLAG = OH_HUKS_TAG_TYPE_UINT | 1007, 600 /** Specifies whether this API is asynchronous. */ 601 OH_HUKS_TAG_IS_ASYNCHRONIZED = OH_HUKS_TAG_TYPE_UINT | 1008, 602 /** Key domain. */ 603 OH_HUKS_TAG_KEY_DOMAIN = OH_HUKS_TAG_TYPE_UINT | 1011, 604 605 /** Authenticated Encryption. */ 606 OH_HUKS_TAG_AE_TAG = OH_HUKS_TAG_TYPE_BYTES | 10009, 607 608 /** 609 * 11000 to 12000 are reserved. 610 * 611 * 20001 to N are reserved for other tags. 612 */ 613 /** Symmetric key data. */ 614 OH_HUKS_TAG_SYMMETRIC_KEY_DATA = OH_HUKS_TAG_TYPE_BYTES | 20001, 615 /** Public key data of the asymmetric key pair. */ 616 OH_HUKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA = OH_HUKS_TAG_TYPE_BYTES | 20002, 617 /** Private key data of the asymmetric key pair. */ 618 OH_HUKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA = OH_HUKS_TAG_TYPE_BYTES | 20003, 619 }; 620 621 /** 622 * @brief Defines the return data, including the result code and message. 623 * 624 * @since 9 625 * @version 1.0 626 */ 627 struct OH_Huks_Result { 628 /** Result code. */ 629 int32_t errorCode; 630 /** Description of the result code. */ 631 const char *errorMsg; 632 /** Other data returned. */ 633 uint8_t *data; 634 }; 635 636 /** 637 * @brief Defines the structure for storing data. 638 * 639 * @since 9 640 * @version 1.0 641 */ 642 struct OH_Huks_Blob { 643 /** Data size. */ 644 uint32_t size; 645 /** Pointer to the memory in which the data is stored. */ 646 uint8_t *data; 647 }; 648 649 /** 650 * @brief Defines the parameter structure in a parameter set. 651 * 652 * @since 9 653 * @version 1.0 654 */ 655 struct OH_Huks_Param { 656 /** Tag value. */ 657 uint32_t tag; 658 659 union { 660 /** Parameter of the Boolean type. */ 661 bool boolParam; 662 /** Parameter of the int32_t type. */ 663 int32_t int32Param; 664 /** Parameter of the uint32_t type. */ 665 uint32_t uint32Param; 666 /** Parameter of the uint64_t type. */ 667 uint64_t uint64Param; 668 /** Parameter of the struct OH_Huks_Blob type. */ 669 struct OH_Huks_Blob blob; 670 }; 671 }; 672 673 /** 674 * @brief Defines the structure of the parameter set. 675 * 676 * @since 9 677 * @version 1.0 678 */ 679 struct OH_Huks_ParamSet { 680 /** Memory size of the parameter set. */ 681 uint32_t paramSetSize; 682 /** Number of parameters in the parameter set. */ 683 uint32_t paramsCnt; 684 /** Parameter array. */ 685 struct OH_Huks_Param params[]; 686 }; 687 688 /** 689 * @brief Defines the structure of the certificate chain. 690 * 691 * @since 9 692 * @version 1.0 693 */ 694 struct OH_Huks_CertChain { 695 /** Pointer to the certificate data. */ 696 struct OH_Huks_Blob *certs; 697 /** Number of certificates. */ 698 uint32_t certsCount; 699 }; 700 701 /** 702 * @brief Defines the key information structure. 703 * 704 * @since 9 705 * @version 1.0 706 */ 707 struct OH_Huks_KeyInfo { 708 /** Alias of the key. */ 709 struct OH_Huks_Blob alias; 710 /** Pointer to the key parameter set. */ 711 struct OH_Huks_ParamSet *paramSet; 712 }; 713 714 /** 715 * @brief Defines the structure of a public key. 716 * 717 * @since 9 718 * @version 1.0 719 */ 720 struct OH_Huks_PubKeyInfo { 721 /** Algorithm of the public key. */ 722 enum OH_Huks_KeyAlg keyAlg; 723 /** Length of the public key. */ 724 uint32_t keySize; 725 /** Length of the n or X value. */ 726 uint32_t nOrXSize; 727 /** Length of the e or Y value. */ 728 uint32_t eOrYSize; 729 /** Placeholder size. */ 730 uint32_t placeHolder; 731 }; 732 733 /** 734 * @brief Defines the structure of an RSA key. 735 * 736 * @since 9 737 * @version 1.0 738 */ 739 struct OH_Huks_KeyMaterialRsa { 740 /** Algorithm of the key. */ 741 enum OH_Huks_KeyAlg keyAlg; 742 /** Length of the key. */ 743 uint32_t keySize; 744 /** Length of the n value. */ 745 uint32_t nSize; 746 /** Length of the e value. */ 747 uint32_t eSize; 748 /** Length of the d value. */ 749 uint32_t dSize; 750 }; 751 752 /** 753 * @brief Defines the structure of an ECC key. 754 * 755 * @since 9 756 * @version 1.0 757 */ 758 struct OH_Huks_KeyMaterialEcc { 759 /** Algorithm of the key. */ 760 enum OH_Huks_KeyAlg keyAlg; 761 /** Length of the key. */ 762 uint32_t keySize; 763 /** Length of the x value. */ 764 uint32_t xSize; 765 /** Length of the y value. */ 766 uint32_t ySize; 767 /** Length of the z value. */ 768 uint32_t zSize; 769 }; 770 771 /** 772 * @brief Defines the structure of a DSA key. 773 * 774 * @since 9 775 * @version 1.0 776 */ 777 struct OH_Huks_KeyMaterialDsa { 778 /** Algorithm of the key. */ 779 enum OH_Huks_KeyAlg keyAlg; 780 /** Length of the key. */ 781 uint32_t keySize; 782 /** Length of the x value. */ 783 uint32_t xSize; 784 /** Length of the y value. */ 785 uint32_t ySize; 786 /** Length of the p value. */ 787 uint32_t pSize; 788 /** Length of the q value. */ 789 uint32_t qSize; 790 /** Length of the g value. */ 791 uint32_t gSize; 792 }; 793 794 /** 795 * @brief Defines the structure of a DH key. 796 * 797 * @since 9 798 * @version 1.0 799 */ 800 struct OH_Huks_KeyMaterialDh { 801 /** Algorithm of the key. */ 802 enum OH_Huks_KeyAlg keyAlg; 803 /** Length of the DH key. */ 804 uint32_t keySize; 805 /** Length of the public key. */ 806 uint32_t pubKeySize; 807 /** Length of the private key. */ 808 uint32_t priKeySize; 809 /** Reserved. */ 810 uint32_t reserved; 811 }; 812 813 /** 814 * @brief Defines the structure of a 25519 key. 815 * 816 * @since 9 817 * @version 1.0 818 */ 819 struct OH_Huks_KeyMaterial25519 { 820 /** Algorithm of the key. */ 821 enum OH_Huks_KeyAlg keyAlg; 822 /** Length of the 25519 key. */ 823 uint32_t keySize; 824 /** Length of the public key. */ 825 uint32_t pubKeySize; 826 /** Length of the private key. */ 827 uint32_t priKeySize; 828 /** Reserved. */ 829 uint32_t reserved; 830 }; 831 832 #ifdef __cplusplus 833 } 834 #endif 835 836 /** @} */ 837 #endif /* NATIVE_OH_HUKS_TYPE_H */ 838