1# Security Subsystem Changelog 2 3## cl.security.1 Change of setSeed() from Asynchronous to Synchronous 4 5**Change Impact** 6 7Behavior of released JavaScript APIs will be changed. 8The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 9 10**Key API/Component Changes** 11 12Before change:<br> 13setSeed(seed : DataBlob, callback : AsyncCallback\<void>) : void;<br> 14setSeed(seed : DataBlob) : Promise\<void>; 15 16After change:<br> 17setSeed(seed : DataBlob) : void; 18 19**Adaptation Guide** 20See **setSeed()** in [Crypto Framework](../../../application-dev/reference/apis/js-apis-cryptoFramework.md). 21 22 23## cl.security.2 Moved DataArray from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts 24**Change Impact** 25 26Behavior of released JavaScript APIs will be changed. 27The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 28 29**Key API/Component Changes** 30 31Moved **DataArray** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 32 33**Adaptation Guide** 34 351. Import and use the new .d.ts file: 36 37 import cryptoCert from '@ohos.security.cert'; 38 392. See [Certificate](../../../application-dev/reference/apis/js-apis-cert.md). 40 41 42## cl.security.3 Moved EncodingFormat from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts 43**Change Impact** 44 45Behavior of released JavaScript APIs will be changed. 46The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 47 48**Key API/Component Changes** 49 50Moved **EncodingFormat** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 51 52**Adaptation Guide** 53 541. Import and use the new .d.ts file: 55 56 import cryptoCert from '@ohos.security.cert'; 57 582. See [Certificate](../../../application-dev/reference/apis/js-apis-cert.md). 59 60 61## cl.security.4 Moved EncodingBlob from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts 62**Change Impact** 63 64Behavior of released JavaScript APIs will be changed. 65The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 66 67**Key API/Component Changes** 68 69Moved **EncodingBlob** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 70 71**Adaptation Guide** 72 731. Import and use the new .d.ts file: 74 import cryptoCert from '@ohos.security.cert'; 752. See [Certificate](../../../application-dev/reference/apis/js-apis-cert.md). 76 77 78## cl.security.5 Moved CertChainData from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts 79**Change Impact** 80 81Behavior of released JavaScript APIs will be changed. 82The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 83 84**Key API/Component Changes** 85 86Moved **interface CertChainData** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 87 88**Adaptation Guide** 89 901. Import and use the new .d.ts file: 91 92 import cryptoCert from '@ohos.security.cert'; 93 942. See [Certificate](../../../application-dev/reference/apis/js-apis-cert.md). 95 96 97## cl.security.6 Moved X509Cert from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts 98**Change Impact** 99 100Behavior of released JavaScript APIs will be changed. 101The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 102 103**Key API/Component Changes** 104 105Moved **X509Cert** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 106 107**Adaptation Guide** 108 1091. Import and use the new .d.ts file: 110 import cryptoCert from '@ohos.security.cert'; 1112. See [Certificate](../../../application-dev/reference/apis/js-apis-cert.md). 112 113 114## cl.security.7 Moved createX509Cert from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts 115**Change Impact** 116 117Behavior of released JavaScript APIs will be changed. 118The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 119 120**Key API/Component Changes** 121 122Moved **createX509Cert** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 123 124**Adaptation Guide** 125 1261. Import and use the new .d.ts file: 127 import cryptoCert from '@ohos.security.cert'; 1282. See [Certificate](../../../application-dev/reference/apis/js-apis-cert.md). 129 130 131## cl.security.8 Moved X509CrlEntry from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts. 132**Change Impact** 133 134Behavior of released JavaScript APIs will be changed. 135The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 136 137**Key API/Component Changes** 138 139Moved **X509CrlEntry** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 140 141**Adaptation Guide** 142 1431. Import and use the new .d.ts file: 144 import cryptoCert from '@ohos.security.cert'; 1452. See [Certificate](../../../application-dev/reference/apis/js-apis-cert.md). 146 147 148## cl.security.9 Moved X509Crl from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts 149**Change Impact** 150 151Behavior of released JavaScript APIs will be changed. 152The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 153 154**Key API/Component Changes** 155 156Moved **X509Crl** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 157 158**Adaptation Guide** 159 1601. Import and use the new .d.ts file: 161 import cryptoCert from '@ohos.security.cert'; 1622. See [Certificate](../../../application-dev/reference/apis/js-apis-cert.md). 163 164 165## cl.security.10 Moved createX509Crl from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts 166**Change Impact** 167 168Behavior of released JavaScript APIs will be changed. 169The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 170 171**Key API/Component Changes** 172 173Moved **createX509Crl** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 174 175**Adaptation Guide** 176 1771. Import and use the new .d.ts file: 178 import cryptoCert from '@ohos.security.cert'; 1792. See [Certificate](../../../application-dev/reference/apis/js-apis-cert.md). 180 181 182## cl.security.11 Moved CertChainValidator from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts 183**Change Impact** 184 185Behavior of released JavaScript APIs will be changed. 186The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 187 188**Key API/Component Changes** 189 190Moved **CertChainValidator** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 191 192**Adaptation Guide** 193 1941. Import and use the new .d.ts file: 195 import cryptoCert from '@ohos.security.cert'; 1962. See [Certificate](../../../application-dev/reference/apis/js-apis-cert.md). 197 198 199## cl.security.12 Moved createCertChainValidator from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts 200**Change Impact** 201 202Behavior of released JavaScript APIs will be changed. 203The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 204 205**Key API/Component Changes** 206 207Moved **createCertChainValidator** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 208 209**Adaptation Guide** 210 2111. Import and use the new .d.ts file: 212 import cryptoCert from '@ohos.security.cert'; 2132. See [Certificate](../../../application-dev/reference/apis/js-apis-cert.md). 214 215 216## cl.security.13 Change of getPublicKey() of X509Cert from Asynchronous to Synchronous 217**Change Impact** 218 219Behavior of released JavaScript APIs will be changed. 220The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 221 222**Key API/Component Changes** 223 224Before change: 225 226getPublicKey(callback : AsyncCallback\<PubKey>) : void; 227 228getPublicKey() : Promise\<PubKey>; 229 230After change: 231 232getPublicKey() : cryptoFramework.PubKey; 233 234**Adaptation Guide** 235 236See [Certificate](../../../application-dev/reference/apis/js-apis-cert.md). 237 238 239## cl.security.14 Change of checkValidityWithDate of X509Cert from Asynchronous to Synchronous 240**Change Impact** 241 242Behavior of released JavaScript APIs will be changed. 243The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 244 245**Key API/Component Changes** 246 247Before change:<br> 248checkValidityWithDate(date: string, callback : AsyncCallback\<void>) : void;<br> 249checkValidityWithDate(date: string) : Promise\<void>; 250 251After change:<br> 252checkValidityWithDate(date: string) : void; 253 254**Adaptation Guide** 255 256See [Certificate](../../../application-dev/reference/apis/js-apis-cert.md). 257 258 259## cl.security.15 Change of getCertIssuer of X509CrlEntry from Asynchronous to Synchronous 260**Change Impact** 261 262Behavior of released JavaScript APIs will be changed. 263The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 264 265**Key API/Component Changes** 266 267Before change:<br> 268getCertIssuer(callback : AsyncCallback\<DataBlob>) : void;<br> 269getCertIssuer() : Promise\<DataBlob>; 270 271After change:<br> 272getCertIssuer() : DataBlob; 273 274**Adaptation Guide** 275See [Certificate](../../../application-dev/reference/apis/js-apis-cert.md). 276 277 278## cl.security.16 Change of getRevocationDate of X509CrlEntry from Asynchronous to Synchronous 279**Change Impact** 280 281Behavior of released JavaScript APIs will be changed. 282The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 283 284**Key API/Component Changes** 285 286Before change:<br> 287getRevocationDate(callback : AsyncCallback\<string>) : void;<br> 288getRevocationDate() : Promise\<string>; 289 290After change:<br> 291getRevocationDate() : string; 292 293**Adaptation Guide** 294See [Certificate](../../../application-dev/reference/apis/js-apis-cert.md). 295 296 297## cl.security.17 Change of isRevoked of X509Crl from Asynchronous to Synchronous 298**Change Impact** 299 300Behavior of released JavaScript APIs will be changed. 301The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 302 303**Key API/Component Changes** 304 305Before change:<br> 306isRevoked(cert : X509Cert, callback : AsyncCallback\<boolean>) : void;<br> 307isRevoked(cert : X509Cert) : Promise\<boolean>; 308 309After change:<br> 310isRevoked(cert : X509Cert) : boolean; 311 312**Adaptation Guide** 313 314See [Certificate](../../../application-dev/reference/apis/js-apis-cert.md). 315 316 317## cl.security.18 Change of getRevokedCert of X509Crl from Asynchronous to Synchronous 318**Change Impact** 319 320Behavior of released JavaScript APIs will be changed. 321The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 322 323**Key API/Component Changes** 324 325Before change:<br> 326getRevokedCert(serialNumber : number, callback : AsyncCallback\<X509CrlEntry>) : void;<br> 327getRevokedCert(serialNumber : number) : Promise\<X509CrlEntry>; 328 329After change:<br> 330getRevokedCert(serialNumber : number) : X509CrlEntry; 331 332**Adaptation Guide** 333 334See [Certificate](../../../application-dev/reference/apis/js-apis-cert.md). 335 336 337## cl.security.19 Change of getRevokedCertWithCert of X509Crl from Asynchronous to Synchronous 338**Change Impact** 339 340Behavior of released JavaScript APIs will be changed. 341The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 342 343**Key API/Component Changes** 344 345Before change:<br> 346getRevokedCertWithCert(cert : X509Cert, callback : AsyncCallback\<X509CrlEntry>) : void;<br> 347getRevokedCertWithCert(cert : X509Cert) : Promise\<X509CrlEntry>; 348 349After change:<br> 350getRevokedCertWithCert(cert : X509Cert) : X509CrlEntry; 351 352**Adaptation Guide** 353See [Certificate](../../../application-dev/reference/apis/js-apis-cert.md). 354 355 356## cl.security.20 Change of getTbsInfo of X509Crl from Asynchronous to Synchronous 357**Change Impact** 358 359Behavior of released JavaScript APIs will be changed. 360The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 361 362**Key API/Component Changes** 363 364Before change:<br> 365getTbsInfo(callback : AsyncCallback\<DataBlob>) : void;<br> 366getTbsInfo() : Promise\<DataBlob>; 367 368After change:<br> 369getTbsInfo() : DataBlob; 370 371**Adaptation Guide** 372See [Certificate](../../../application-dev/reference/apis/js-apis-cert.md). 373 374## cl.security.21 Support of No-Hash Signing Mode for HUKS 375 376Before the change, the application passes **huks.HuksTag.HUKS_TAG_DIGEST = huks.HuksKeyDigest.HUKS_DIGEST_NONE** and HUKS uses **huks.HuksKeyDigest.HUKS_DIGEST_SHA256** for processing by default. 377 378After the change, the application passes **huks.HuksTag.HUKS_TAG_DIGEST = huks.HuksKeyDigest.HUKS_DIGEST_NONE** and HUKS does not generate a digest by default. Instead, the service performs a hash operation on the original data and then passes a hashed digest to HUKS for signing or signature verification. 379 380**Change Impact** 381 382Behavior of released JavaScript APIs will be changed. 383The application needs to adapt these APIs so that the signing or signature verification result can be passed before and after the change. 384 385**Key API/Component Changes** 386 387Released JavaScript APIs remain unchanged, but parameter sets passed to the APIs are changed. 388 389The service uses the No-Hash signing mode, and hashes the original data and then passes a hashed digest to the signing or signature verification API of HUKS. In addition, the **huks.HuksTag.HUKS_TAG_DIGEST** parameter is set to **huks.HuksKeyDigest.HUKS_DIGEST_NONE**. 390 391**Adaptation Guide** 392 393The following uses signing as an example. 394 395```js 396import huks from '@ohos.security.huks'; 397 398let keyAlias = 'rsa_Key'; 399/* Digest value after SHA-256 encryption */ 400let inDataAfterSha256 = new Uint8Array( 401 0x4B, 0x1E, 0x22, 0x64, 0xA9, 0x89, 0x60, 0x1D, 0xEC, 0x78, 0xC0, 0x5D, 0xBE, 0x46, 0xAD, 0xCF, 402 0x1C, 0x35, 0x16, 0x11, 0x34, 0x01, 0x4E, 0x9B, 0x7C, 0x00, 0x66, 0x0E, 0xCA, 0x09, 0xC0, 0xF3, 403); 404/* Signing parameters */ 405let signProperties = new Array(); 406signProperties[0] = { 407 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 408 value: huks.HuksKeyAlg.HUKS_ALG_RSA, 409} 410signProperties[1] = { 411 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 412 value: 413 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN 414} 415signProperties[2] = { 416 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 417 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048, 418} 419signProperties[3] = { 420 tag: huks.HuksTag.HUKS_TAG_DIGEST, 421 value: huks.HuksKeyDigest.HUKS_DIGEST_NONE, // Set digest-none. 422} 423let signOptions = { 424 properties: signProperties, 425 inData: inDataAfterSha256 // Set the value after hashing. 426} 427 428huks.initSession(keyAlias, signOptions); 429``` 430 431For more information, see [HUKS Development](../../../application-dev/security/huks-guidelines.md) and [HUKS](../../../application-dev/reference/apis/js-apis-huks.md). 432 433## cl.security.22 Support for Key Calculation Parameter Specifications During Key Usage 434 435Before the change, all parameters for key calculation must be specified when the application generates a key. After the change, only mandatory parameters need to be specified when the application generates a key, and other parameters can be passed in when the key is used. The application can specify key calculation parameters more flexibly. 436 437**Change Impact** 438 439Behavior of released JavaScript APIs will be changed. 440 441The application can specify only mandatory parameters when creating a key and specify other optional parameters when using the key. 442 443**Key API/Component Changes** 444 445Released JavaScript APIs remain unchanged, but parameter sets passed to the APIs are changed and parameters are classified into mandatory parameters and optional parameters. For details, see [HUKS Development](../../../application-dev/security/huks-guidelines.md). 446 447huks.generateKeyItem 448 449huks.importKeyItem 450 451huks.importWrappedKeyItem 452 453huks.initSession 454 455huks.updateSession 456 457huks.finishSession 458 459**Adaptation Guide** 460 461The following uses the key generation process as an example. 462 463```js 464let keyAlias = 'keyAlias'; 465let properties = new Array(); 466// Mandatory parameter. 467properties[0] = { 468 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 469 value: huks.HuksKeyAlg.HUKS_ALG_RSA 470}; 471// Mandatory parameter. 472properties[1] = { 473 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 474 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 475}; 476// Mandatory parameter. 477properties[2] = { 478 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 479 value: 480 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | 481 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 482}; 483// Optional parameter. If this parameter is not specified when a key is generated, it must be specified when the key is used. 484properties[3] = { 485 tag: huks.HuksTag.HUKS_TAG_DIGEST, 486 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 487}; 488let options = { 489 properties: properties 490}; 491try { 492 huks.generateKeyItem(keyAlias, options, function (error, data) { 493 if (error) { 494 console.error(`callback: generateKeyItem failed, code: ${error.code}, msg: ${error.message}`); 495 } else { 496 console.info(`callback: generateKeyItem key success`); 497 } 498 }); 499} catch (error) { 500 console.error(`callback: generateKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`); 501} 502``` 503 504For more information, see [HUKS Development](../../../application-dev/security/huks-guidelines.md) and [HUKS](../../../application-dev/reference/apis/js-apis-huks.md). 505