1 /* 2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef NATIVE_OH_HUKS_TYPE_H 17 #define NATIVE_OH_HUKS_TYPE_H 18 19 /** 20 * @addtogroup HuksTypeApi 21 * @{ 22 * 23 * @brief Defines the macros, enumerated values, data structures, 24 * and error codes used by OpenHarmony Universal KeyStore (HUKS) APIs. 25 * 26 * @syscap SystemCapability.Security.Huks 27 * @since 9 28 * @version 1.0 29 */ 30 31 /** 32 * @file native_huks_type.h 33 * 34 * @brief Defines the enumerated variables, structures, and macros used in the HUKS APIs. 35 * 36 * @since 9 37 * @version 1.0 38 */ 39 40 #include <stdbool.h> 41 #include <stdint.h> 42 #include <stdlib.h> 43 44 #ifdef __cplusplus 45 extern "C" { 46 #endif 47 48 #define OH_HUKS_AE_TAG_LEN 16 49 #define OH_HUKS_BITS_PER_BYTE 8 50 #define OH_HUKS_MAX_KEY_SIZE 2048 51 #define OH_HUKS_AE_NONCE_LEN 12 52 #define OH_HUKS_MAX_KEY_ALIAS_LEN 64 53 #define OH_HUKS_MAX_PROCESS_NAME_LEN 50 54 #define OH_HUKS_MAX_RANDOM_LEN 1024 55 #define OH_HUKS_SIGNATURE_MIN_SIZE 64 56 #define OH_HUKS_MAX_OUT_BLOB_SIZE (5 * 1024 * 1024) 57 #define OH_HUKS_WRAPPED_FORMAT_MAX_SIZE (1024 * 1024) 58 #define OH_HUKS_IMPORT_WRAPPED_KEY_TOTAL_BLOBS 10 59 #define TOKEN_CHALLENGE_LEN 32 60 #define SHA256_SIGN_LEN 32 61 #define TOKEN_SIZE 32 62 #define MAX_AUTH_TIMEOUT_SECOND 60 63 #define SECURE_SIGN_VERSION 0x01000001 64 65 /** 66 * @brief Enumerates the key purposes. 67 * 68 * @since 9 69 * @version 1.0 70 */ 71 enum OH_Huks_KeyPurpose { 72 /** Used to encrypt the plaintext. */ 73 OH_HUKS_KEY_PURPOSE_ENCRYPT = 1, 74 /** Used to decrypt the cipher text. */ 75 OH_HUKS_KEY_PURPOSE_DECRYPT = 2, 76 /** Used to sign data. */ 77 OH_HUKS_KEY_PURPOSE_SIGN = 4, 78 /** Used to verify the signature. */ 79 OH_HUKS_KEY_PURPOSE_VERIFY = 8, 80 /** Used to derive a key. */ 81 OH_HUKS_KEY_PURPOSE_DERIVE = 16, 82 /** Used for an encrypted export. */ 83 OH_HUKS_KEY_PURPOSE_WRAP = 32, 84 /** Used for an encrypted import. */ 85 OH_HUKS_KEY_PURPOSE_UNWRAP = 64, 86 /** Used to generate a message authentication code (MAC). */ 87 OH_HUKS_KEY_PURPOSE_MAC = 128, 88 /** Used for key agreement. */ 89 OH_HUKS_KEY_PURPOSE_AGREE = 256, 90 }; 91 92 /** 93 * @brief Enumerates the digest algorithms. 94 * 95 * @since 9 96 * @version 1.0 97 */ 98 enum OH_Huks_KeyDigest { 99 /** No digest algorithm. */ 100 OH_HUKS_DIGEST_NONE = 0, 101 /** MD5. */ 102 OH_HUKS_DIGEST_MD5 = 1, 103 /** SM3. */ 104 OH_HUKS_DIGEST_SM3 = 2, 105 /** SHA-1. */ 106 OH_HUKS_DIGEST_SHA1 = 10, 107 /** SHA-224. */ 108 OH_HUKS_DIGEST_SHA224 = 11, 109 /** SHA-256. */ 110 OH_HUKS_DIGEST_SHA256 = 12, 111 /** SHA-384. */ 112 OH_HUKS_DIGEST_SHA384 = 13, 113 /** SHA-512. */ 114 OH_HUKS_DIGEST_SHA512 = 14, 115 }; 116 117 /** 118 * @brief Enumerates the padding algorithms. 119 * 120 * @since 9 121 * @version 1.0 122 */ 123 enum OH_Huks_KeyPadding { 124 /** No padding algorithm. */ 125 OH_HUKS_PADDING_NONE = 0, 126 /** Optimal Asymmetric Encryption Padding (OAEP). */ 127 OH_HUKS_PADDING_OAEP = 1, 128 /** Probabilistic Signature Scheme (PSS). */ 129 OH_HUKS_PADDING_PSS = 2, 130 /** Public Key Cryptography Standards (PKCS) #1 v1.5. */ 131 OH_HUKS_PADDING_PKCS1_V1_5 = 3, 132 /** PKCS #5. */ 133 OH_HUKS_PADDING_PKCS5 = 4, 134 /** PKCS #7. */ 135 OH_HUKS_PADDING_PKCS7 = 5, 136 }; 137 138 /** 139 * @brief Enumerates the cipher modes. 140 * 141 * @since 9 142 * @version 1.0 143 */ 144 enum OH_Huks_CipherMode { 145 /** Electronic Code Block (ECB) mode. */ 146 OH_HUKS_MODE_ECB = 1, 147 /** Cipher Block Chaining (CBC) mode. */ 148 OH_HUKS_MODE_CBC = 2, 149 /** Counter (CTR) mode. */ 150 OH_HUKS_MODE_CTR = 3, 151 /** Output Feedback (OFB) mode. */ 152 OH_HUKS_MODE_OFB = 4, 153 /** Counter with CBC-MAC (CCM) mode. */ 154 OH_HUKS_MODE_CCM = 31, 155 /** Galois/Counter (GCM) mode. */ 156 OH_HUKS_MODE_GCM = 32, 157 }; 158 159 /** 160 * @brief Enumerates the key sizes. 161 * 162 * @since 9 163 * @version 1.0 164 */ 165 enum OH_Huks_KeySize { 166 /** Rivest-Shamir-Adleman (RSA) key of 512 bits. */ 167 OH_HUKS_RSA_KEY_SIZE_512 = 512, 168 /** RSA key of 768 bits. */ 169 OH_HUKS_RSA_KEY_SIZE_768 = 768, 170 /** RSA key of 1024 bits. */ 171 OH_HUKS_RSA_KEY_SIZE_1024 = 1024, 172 /** RSA key of 2048 bits. */ 173 OH_HUKS_RSA_KEY_SIZE_2048 = 2048, 174 /** RSA key of 3072 bits. */ 175 OH_HUKS_RSA_KEY_SIZE_3072 = 3072, 176 /** RSA key of 4096 bits. */ 177 OH_HUKS_RSA_KEY_SIZE_4096 = 4096, 178 179 /** Elliptic Curve Cryptography (ECC) key of 224 bits. */ 180 OH_HUKS_ECC_KEY_SIZE_224 = 224, 181 /** ECC key of 256 bits. */ 182 OH_HUKS_ECC_KEY_SIZE_256 = 256, 183 /** ECC key of 384 bits. */ 184 OH_HUKS_ECC_KEY_SIZE_384 = 384, 185 /** ECC key of 521 bits. */ 186 OH_HUKS_ECC_KEY_SIZE_521 = 521, 187 188 /** Advanced Encryption Standard (AES) key of 128 bits. */ 189 OH_HUKS_AES_KEY_SIZE_128 = 128, 190 /** AES key of 192 bits. */ 191 OH_HUKS_AES_KEY_SIZE_192 = 192, 192 /** AES key of 256 bits. */ 193 OH_HUKS_AES_KEY_SIZE_256 = 256, 194 /** AES key of 512 bits. */ 195 OH_HUKS_AES_KEY_SIZE_512 = 512, 196 197 /** Curve25519 key of 256 bits. */ 198 OH_HUKS_CURVE25519_KEY_SIZE_256 = 256, 199 200 /** Diffie-Hellman (DH) key of 2048 bits. */ 201 OH_HUKS_DH_KEY_SIZE_2048 = 2048, 202 /** DH key of 3072 bits. */ 203 OH_HUKS_DH_KEY_SIZE_3072 = 3072, 204 /** DH key of 4096 bits. */ 205 OH_HUKS_DH_KEY_SIZE_4096 = 4096, 206 207 /** ShangMi2 (SM2) key of 256 bits. */ 208 OH_HUKS_SM2_KEY_SIZE_256 = 256, 209 /** ShangMi4 (SM4) key of 128 bits. */ 210 OH_HUKS_SM4_KEY_SIZE_128 = 128, 211 }; 212 213 /** 214 * @brief Enumerates the key algorithms. 215 * 216 * @since 9 217 * @version 1.0 218 */ 219 enum OH_Huks_KeyAlg { 220 /** RSA. */ 221 OH_HUKS_ALG_RSA = 1, 222 /** ECC. */ 223 OH_HUKS_ALG_ECC = 2, 224 /** DSA. */ 225 OH_HUKS_ALG_DSA = 3, 226 227 /** AES. */ 228 OH_HUKS_ALG_AES = 20, 229 /** HMAC. */ 230 OH_HUKS_ALG_HMAC = 50, 231 /** HKDF. */ 232 OH_HUKS_ALG_HKDF = 51, 233 /** PBKDF2. */ 234 OH_HUKS_ALG_PBKDF2 = 52, 235 236 /** ECDH. */ 237 OH_HUKS_ALG_ECDH = 100, 238 /** X25519. */ 239 OH_HUKS_ALG_X25519 = 101, 240 /** Ed25519. */ 241 OH_HUKS_ALG_ED25519 = 102, 242 /** DH. */ 243 OH_HUKS_ALG_DH = 103, 244 245 /** SM2. */ 246 OH_HUKS_ALG_SM2 = 150, 247 /** SM3. */ 248 OH_HUKS_ALG_SM3 = 151, 249 /** SM4. */ 250 OH_HUKS_ALG_SM4 = 152, 251 }; 252 253 /** 254 * @brief Enumerates the algorithm suites required for ciphertext imports. 255 * 256 * @since 9 257 * @version 1.0 258 */ 259 enum OH_Huks_AlgSuite { 260 /** Key material format (Length-Value format), X25519 key agreement, and AES-256-GCM encryption and decryption. 261 * | x25519_plain_pubkey_length (4 Byte) | x25519_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad 262 * | agreekey_nonce_length (4 Byte) | agreekey_nonce | 263 * | agreekey_aead_tag_len (4 Byte) | agreekey_aead_tag | 264 * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad 265 * | kek_nonce_length (4 Byte) | kek_nonce | kek_aead_tag_len (4 Byte) | kek_aead_tag 266 * | key_material_size_len (4 Byte) | key_material_size | key_mat_enc_length (4 Byte) | key_mat_enc_data 267 */ 268 OH_HUKS_UNWRAP_SUITE_X25519_AES_256_GCM_NOPADDING = 1, 269 270 /** Key material format (Length-Value format), ECDH-p256 key agreement, and AES-256-GCM encryption and decryption. 271 * | ECC_plain_pubkey_length (4 Byte) | ECC_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad 272 * | agreekey_nonce_length (4 Byte) | agreekey_nonce | 273 * | agreekey_aead_tag_len (4 Byte) | agreekey_aead_tag | 274 * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad 275 * | kek_nonce_length (4 Byte) | kek_nonce | kek_aead_tag_len (4 Byte) | kek_aead_tag 276 * | key_material_size_len (4 Byte) | key_material_size | key_mat_enc_length (4 Byte) | key_mat_enc_data 277 */ 278 OH_HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING = 2, 279 }; 280 281 /** 282 * @brief Enumerates the key generation types. 283 * 284 * @since 9 285 * @version 1.0 286 */ 287 enum OH_Huks_KeyGenerateType { 288 /** Key generated by default. */ 289 OH_HUKS_KEY_GENERATE_TYPE_DEFAULT = 0, 290 /** Derived key. */ 291 OH_HUKS_KEY_GENERATE_TYPE_DERIVE = 1, 292 /** Key obtained by key agreement. */ 293 OH_HUKS_KEY_GENERATE_TYPE_AGREE = 2, 294 }; 295 296 /** 297 * @brief Enumerates the key generation modes. 298 * 299 * @since 9 300 * @version 1.0 301 */ 302 enum OH_Huks_KeyFlag { 303 /** Import a public key using an API. */ 304 OH_HUKS_KEY_FLAG_IMPORT_KEY = 1, 305 /** Generate a key by using an API. */ 306 OH_HUKS_KEY_FLAG_GENERATE_KEY = 2, 307 /** Generate a key by using a key agreement API. */ 308 OH_HUKS_KEY_FLAG_AGREE_KEY = 3, 309 /** Derive a key by using an API. */ 310 OH_HUKS_KEY_FLAG_DERIVE_KEY = 4, 311 }; 312 313 /** 314 * @brief Enumerates the key storage modes. 315 * 316 * @since 9 317 * @version 1.0 318 */ 319 enum OH_Huks_KeyStorageType { 320 /** The key is managed locally. */ 321 OH_HUKS_STORAGE_TEMP = 0, 322 /** The key is managed by the HUKS service. */ 323 OH_HUKS_STORAGE_PERSISTENT = 1, 324 /** The key is only used in huks. */ 325 OH_HUKS_STORAGE_ONLY_USED_IN_HUKS = 2, 326 /** The key can be allowed to export. */ 327 OH_HUKS_STORAGE_KEY_EXPORT_ALLOWED = 3, 328 }; 329 330 /** 331 * @brief Enumerates the types of keys to import. By default, 332 * a public key is imported. This field is not required when a symmetric key is imported. 333 * 334 * @since 9 335 * @version 1.0 336 */ 337 enum OH_Huks_ImportKeyType { 338 /** Public key. */ 339 OH_HUKS_KEY_TYPE_PUBLIC_KEY = 0, 340 /** Private key. */ 341 OH_HUKS_KEY_TYPE_PRIVATE_KEY = 1, 342 /** Public and private key pair. */ 343 OH_HUKS_KEY_TYPE_KEY_PAIR = 2, 344 }; 345 346 /** 347 * @brief Enumerates the key storage modes. 348 * 349 * @since 10 350 * @version 1.0 351 */ 352 enum OH_Huks_RsaPssSaltLenType { 353 /** Salt length matches digest. */ 354 OH_HUKS_RSA_PSS_SALT_LEN_DIGEST = 0, 355 /** Set salt length to maximum possible, default type. */ 356 OH_HUKS_RSA_PSS_SALT_LEN_MAX = 1, 357 }; 358 359 /** 360 * @brief Enumerates the error codes. 361 * 362 * @since 9 363 * @version 1.0 364 */ 365 enum OH_Huks_ErrCode { 366 /** The operation is successful. */ 367 OH_HUKS_SUCCESS = 0, 368 /** Permission verification failed. */ 369 OH_HUKS_ERR_CODE_PERMISSION_FAIL = 201, 370 /** Invalid parameters are detected. */ 371 OH_HUKS_ERR_CODE_ILLEGAL_ARGUMENT = 401, 372 /** The API is not supported. */ 373 OH_HUKS_ERR_CODE_NOT_SUPPORTED_API = 801, 374 375 /** The feature is not supported. */ 376 OH_HUKS_ERR_CODE_FEATURE_NOT_SUPPORTED = 12000001, 377 /** Key algorithm parameters are missing. */ 378 OH_HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT = 12000002, 379 /** Invalid key algorithm parameters are detected. */ 380 OH_HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT = 12000003, 381 /** Failed to operate the file. */ 382 OH_HUKS_ERR_CODE_FILE_OPERATION_FAIL = 12000004, 383 /** The process communication failed. */ 384 OH_HUKS_ERR_CODE_COMMUNICATION_FAIL = 12000005, 385 /** Failed to operate the algorithm library. */ 386 OH_HUKS_ERR_CODE_CRYPTO_FAIL = 12000006, 387 /** Failed to access the key because the key has expired. */ 388 OH_HUKS_ERR_CODE_KEY_AUTH_PERMANENTLY_INVALIDATED = 12000007, 389 /** Failed to access the key because the authentication has failed. */ 390 OH_HUKS_ERR_CODE_KEY_AUTH_VERIFY_FAILED = 12000008, 391 /** Key access timed out. */ 392 OH_HUKS_ERR_CODE_KEY_AUTH_TIME_OUT = 12000009, 393 /** The number of key operation sessions has reached the limit. */ 394 OH_HUKS_ERR_CODE_SESSION_LIMIT = 12000010, 395 /** The entity does not exist. */ 396 OH_HUKS_ERR_CODE_ITEM_NOT_EXIST = 12000011, 397 /** Internal error. */ 398 OH_HUKS_ERR_CODE_INTERNAL_ERROR = 12000012, 399 /** The authentication credential does not exist. */ 400 OH_HUKS_ERR_CODE_CREDENTIAL_NOT_EXIST = 12000013, 401 }; 402 403 /** 404 * @brief Enumerates the tag types. 405 * @see OH_Huks_Param 406 * 407 * @since 9 408 * @version 1.0 409 */ 410 enum OH_Huks_TagType { 411 /** Invalid tag type. */ 412 OH_HUKS_TAG_TYPE_INVALID = 0 << 28, 413 /** int32_t. */ 414 OH_HUKS_TAG_TYPE_INT = 1 << 28, 415 /** uin32_t. */ 416 OH_HUKS_TAG_TYPE_UINT = 2 << 28, 417 /** uin64_t. */ 418 OH_HUKS_TAG_TYPE_ULONG = 3 << 28, 419 /** Boolean. */ 420 OH_HUKS_TAG_TYPE_BOOL = 4 << 28, 421 /** OH_Huks_Blob. */ 422 OH_HUKS_TAG_TYPE_BYTES = 5 << 28, 423 }; 424 425 /** 426 * @brief Enumerates the user authentication types. 427 * 428 * @since 9 429 * @version 1.0 430 */ 431 enum OH_Huks_UserAuthType { 432 /** Fingerprint authentication. */ 433 OH_HUKS_USER_AUTH_TYPE_FINGERPRINT = 1 << 0, 434 /** Facial authentication. */ 435 OH_HUKS_USER_AUTH_TYPE_FACE = 1 << 1, 436 /** PIN authentication. */ 437 OH_HUKS_USER_AUTH_TYPE_PIN = 1 << 2, 438 }; 439 440 /** 441 * @brief Enumerates the access control types. 442 * 443 * @since 9 444 * @version 1.0 445 */ 446 enum OH_Huks_AuthAccessType { 447 /** The key is invalid after the password is cleared. */ 448 OH_HUKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD = 1 << 0, 449 /** The key is invalid after a new biometric feature is enrolled. */ 450 OH_HUKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL = 1 << 1, 451 }; 452 453 /** 454 * @brief Enumerates the types of the challenges generated when a key is used. 455 * @see OH_Huks_ChallengePosition 456 * 457 * @since 9 458 * @version 1.0 459 */ 460 enum OH_Huks_ChallengeType { 461 /** Normal challenge, which is of 32 bytes by default. */ 462 OH_HUKS_CHALLENGE_TYPE_NORMAL = 0, 463 /** Custom challenge, which supports only one authentication for multiple keys. 464 * The valid value of a custom challenge is of 8 bytes. 465 */ 466 OH_HUKS_CHALLENGE_TYPE_CUSTOM = 1, 467 /** Challenge is not required. */ 468 OH_HUKS_CHALLENGE_TYPE_NONE = 2, 469 }; 470 471 /** 472 * @brief Enumerates the positions of the 8-byte valid value in a custom challenge generated. 473 * 474 * @since 9 475 * @version 1.0 476 */ 477 enum OH_Huks_ChallengePosition { 478 /** Bytes 0 to 7. */ 479 OH_HUKS_CHALLENGE_POS_0 = 0, 480 /** Bytes 8 to 15. */ 481 OH_HUKS_CHALLENGE_POS_1, 482 /** Bytes 16 to 23. */ 483 OH_HUKS_CHALLENGE_POS_2, 484 /** Bytes 24 to 31. */ 485 OH_HUKS_CHALLENGE_POS_3, 486 }; 487 488 /** 489 * @brief Enumerates the signature types of the keys generated or imported. 490 * 491 * @since 9 492 * @version 1.0 493 */ 494 enum OH_Huks_SecureSignType { 495 /** 496 * The signature carries authentication information. This field is specified when a key 497 * is generated or imported. When the key is used to sign data, the data will be added with 498 * the authentication information and then be signed. 499 */ 500 OH_HUKS_SECURE_SIGN_WITH_AUTHINFO = 1, 501 }; 502 503 /** 504 * @brief Enumerates the tag values used in parameter sets. 505 * 506 * @since 9 507 * @version 1.0 508 */ 509 enum OH_Huks_Tag { 510 /** Tags for key parameters. The value range is 1 to 200. */ 511 /** Algorithm. */ 512 OH_HUKS_TAG_ALGORITHM = OH_HUKS_TAG_TYPE_UINT | 1, 513 /** Key purpose. */ 514 OH_HUKS_TAG_PURPOSE = OH_HUKS_TAG_TYPE_UINT | 2, 515 /** Key size. */ 516 OH_HUKS_TAG_KEY_SIZE = OH_HUKS_TAG_TYPE_UINT | 3, 517 /** Digest algorithm. */ 518 OH_HUKS_TAG_DIGEST = OH_HUKS_TAG_TYPE_UINT | 4, 519 /** Padding algorithm. */ 520 OH_HUKS_TAG_PADDING = OH_HUKS_TAG_TYPE_UINT | 5, 521 /** Cipher mode. */ 522 OH_HUKS_TAG_BLOCK_MODE = OH_HUKS_TAG_TYPE_UINT | 6, 523 /** Key type. */ 524 OH_HUKS_TAG_KEY_TYPE = OH_HUKS_TAG_TYPE_UINT | 7, 525 /** Associated authentication data. */ 526 OH_HUKS_TAG_ASSOCIATED_DATA = OH_HUKS_TAG_TYPE_BYTES | 8, 527 /** Field for key encryption and decryption. */ 528 OH_HUKS_TAG_NONCE = OH_HUKS_TAG_TYPE_BYTES | 9, 529 /** Initialized vector (IV). */ 530 OH_HUKS_TAG_IV = OH_HUKS_TAG_TYPE_BYTES | 10, 531 532 /** Information generated during key derivation. */ 533 OH_HUKS_TAG_INFO = OH_HUKS_TAG_TYPE_BYTES | 11, 534 /** Salt value used for key derivation. */ 535 OH_HUKS_TAG_SALT = OH_HUKS_TAG_TYPE_BYTES | 12, 536 /** Number of iterations for key derivation. */ 537 OH_HUKS_TAG_ITERATION = OH_HUKS_TAG_TYPE_UINT | 14, 538 539 /** Type of the generated key. For details, see {@link OH_Huks_KeyGenerateType}. */ 540 OH_HUKS_TAG_KEY_GENERATE_TYPE = OH_HUKS_TAG_TYPE_UINT | 15, 541 /** Algorithm used in key agreement. */ 542 OH_HUKS_TAG_AGREE_ALG = OH_HUKS_TAG_TYPE_UINT | 19, 543 /** Alias of the public key used for key agreement. */ 544 OH_HUKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS = OH_HUKS_TAG_TYPE_BOOL | 20, 545 /** Alias of the private key used for key agreement. */ 546 OH_HUKS_TAG_AGREE_PRIVATE_KEY_ALIAS = OH_HUKS_TAG_TYPE_BYTES | 21, 547 /** Public key used for key agreement. */ 548 OH_HUKS_TAG_AGREE_PUBLIC_KEY = OH_HUKS_TAG_TYPE_BYTES | 22, 549 /** Alias of the key. */ 550 OH_HUKS_TAG_KEY_ALIAS = OH_HUKS_TAG_TYPE_BYTES | 23, 551 /** Size of the derived key. */ 552 OH_HUKS_TAG_DERIVE_KEY_SIZE = OH_HUKS_TAG_TYPE_UINT | 24, 553 /** Type of the key to import. For details, see {@link OH_Huks_ImportKeyType}. */ 554 OH_HUKS_TAG_IMPORT_KEY_TYPE = OH_HUKS_TAG_TYPE_UINT | 25, 555 /** Algorithm suite required for encrypted imports. */ 556 OH_HUKS_TAG_UNWRAP_ALGORITHM_SUITE = OH_HUKS_TAG_TYPE_UINT | 26, 557 /** Storage mode of derived or agree keys. For details, see {@link OH_Huks_KeyStorageType}. */ 558 OH_HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG = OH_HUKS_TAG_TYPE_UINT | 29, 559 /** Type of rsa pss salt length. */ 560 OH_HUKS_TAG_RSA_PSS_SALT_LEN_TYPE = OH_HUKS_TAG_TYPE_UINT | 30, 561 562 /** Tags for access control and user authentication. The value range is 301 to 500. */ 563 /** All users in the multi-user scenario. */ 564 OH_HUKS_TAG_ALL_USERS = OH_HUKS_TAG_TYPE_BOOL | 301, 565 /** Multi-user ID. */ 566 OH_HUKS_TAG_USER_ID = OH_HUKS_TAG_TYPE_UINT | 302, 567 /** Specifies whether key access control is required. */ 568 OH_HUKS_TAG_NO_AUTH_REQUIRED = OH_HUKS_TAG_TYPE_BOOL | 303, 569 /** User authentication type in key access control. */ 570 OH_HUKS_TAG_USER_AUTH_TYPE = OH_HUKS_TAG_TYPE_UINT | 304, 571 /** Timeout duration for key access. */ 572 OH_HUKS_TAG_AUTH_TIMEOUT = OH_HUKS_TAG_TYPE_UINT | 305, 573 /** Authentication token for the key. */ 574 OH_HUKS_TAG_AUTH_TOKEN = OH_HUKS_TAG_TYPE_BYTES | 306, 575 /** 576 * Access control type. For details, see {@link OH_Huks_AuthAccessType}. 577 * This parameter must be set together with the user authentication type. 578 */ 579 OH_HUKS_TAG_KEY_AUTH_ACCESS_TYPE = OH_HUKS_TAG_TYPE_UINT | 307, 580 /** Signature type for the key to be generated or imported. */ 581 OH_HUKS_TAG_KEY_SECURE_SIGN_TYPE = OH_HUKS_TAG_TYPE_UINT | 308, 582 /** Challenge type. For details, see {@link OH_Huks_ChallengeType}. */ 583 OH_HUKS_TAG_CHALLENGE_TYPE = OH_HUKS_TAG_TYPE_UINT | 309, 584 /** 585 * Position of the 8-byte valid value in a custom challenge. 586 * For details, see {@link OH_Huks_ChallengePosition}. 587 */ 588 OH_HUKS_TAG_CHALLENGE_POS = OH_HUKS_TAG_TYPE_UINT | 310, 589 590 /** Purpose of key authentication */ 591 OH_HUKS_TAG_KEY_AUTH_PURPOSE = OH_HUKS_TAG_TYPE_UINT | 311, 592 593 /** Tags for key attestation. The value range is 501 to 600. */ 594 /** Challenge value used in the attestation. */ 595 OH_HUKS_TAG_ATTESTATION_CHALLENGE = OH_HUKS_TAG_TYPE_BYTES | 501, 596 /** Application ID used in the attestation. */ 597 OH_HUKS_TAG_ATTESTATION_APPLICATION_ID = OH_HUKS_TAG_TYPE_BYTES | 502, 598 /** Alias of the key. */ 599 OH_HUKS_TAG_ATTESTATION_ID_ALIAS = OH_HUKS_TAG_TYPE_BYTES | 511, 600 /** Security level used in the attestation. */ 601 OH_HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO = OH_HUKS_TAG_TYPE_BYTES | 514, 602 /** Version information used in the attestation. */ 603 OH_HUKS_TAG_ATTESTATION_ID_VERSION_INFO = OH_HUKS_TAG_TYPE_BYTES | 515, 604 605 /** 606 * 601 to 1000 are reserved for other tags. 607 * 608 * Extended tags. The value range is 1001 to 9999. 609 */ 610 /** Specifies whether it is a key alias. */ 611 OH_HUKS_TAG_IS_KEY_ALIAS = OH_HUKS_TAG_TYPE_BOOL | 1001, 612 /** Key storage mode. For details, see {@link OH_Huks_KeyStorageType}. */ 613 OH_HUKS_TAG_KEY_STORAGE_FLAG = OH_HUKS_TAG_TYPE_UINT | 1002, 614 /** Specifies whether to allow the key to be wrapped. */ 615 OH_HUKS_TAG_IS_ALLOWED_WRAP = OH_HUKS_TAG_TYPE_BOOL | 1003, 616 /** Key wrap type. */ 617 OH_HUKS_TAG_KEY_WRAP_TYPE = OH_HUKS_TAG_TYPE_UINT | 1004, 618 /** Authentication ID. */ 619 OH_HUKS_TAG_KEY_AUTH_ID = OH_HUKS_TAG_TYPE_BYTES | 1005, 620 /** Role of the key. */ 621 OH_HUKS_TAG_KEY_ROLE = OH_HUKS_TAG_TYPE_UINT | 1006, 622 /** Key flag. For details, see {@link OH_Huks_KeyFlag}. */ 623 OH_HUKS_TAG_KEY_FLAG = OH_HUKS_TAG_TYPE_UINT | 1007, 624 /** Specifies whether this API is asynchronous. */ 625 OH_HUKS_TAG_IS_ASYNCHRONIZED = OH_HUKS_TAG_TYPE_UINT | 1008, 626 /** Key domain. */ 627 OH_HUKS_TAG_KEY_DOMAIN = OH_HUKS_TAG_TYPE_UINT | 1011, 628 629 /** Authenticated Encryption. */ 630 OH_HUKS_TAG_AE_TAG = OH_HUKS_TAG_TYPE_BYTES | 10009, 631 632 /** 633 * 11000 to 12000 are reserved. 634 * 635 * 20001 to N are reserved for other tags. 636 */ 637 /** Symmetric key data. */ 638 OH_HUKS_TAG_SYMMETRIC_KEY_DATA = OH_HUKS_TAG_TYPE_BYTES | 20001, 639 /** Public key data of the asymmetric key pair. */ 640 OH_HUKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA = OH_HUKS_TAG_TYPE_BYTES | 20002, 641 /** Private key data of the asymmetric key pair. */ 642 OH_HUKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA = OH_HUKS_TAG_TYPE_BYTES | 20003, 643 }; 644 645 /** 646 * @brief Defines the return data, including the result code and message. 647 * 648 * @since 9 649 * @version 1.0 650 */ 651 struct OH_Huks_Result { 652 /** Result code. */ 653 int32_t errorCode; 654 /** Description of the result code. */ 655 const char *errorMsg; 656 /** Other data returned. */ 657 uint8_t *data; 658 }; 659 660 /** 661 * @brief Defines the structure for storing data. 662 * 663 * @since 9 664 * @version 1.0 665 */ 666 struct OH_Huks_Blob { 667 /** Data size. */ 668 uint32_t size; 669 /** Pointer to the memory in which the data is stored. */ 670 uint8_t *data; 671 }; 672 673 /** 674 * @brief Defines the parameter structure in a parameter set. 675 * 676 * @since 9 677 * @version 1.0 678 */ 679 struct OH_Huks_Param { 680 /** Tag value. */ 681 uint32_t tag; 682 683 union { 684 /** Parameter of the Boolean type. */ 685 bool boolParam; 686 /** Parameter of the int32_t type. */ 687 int32_t int32Param; 688 /** Parameter of the uint32_t type. */ 689 uint32_t uint32Param; 690 /** Parameter of the uint64_t type. */ 691 uint64_t uint64Param; 692 /** Parameter of the struct OH_Huks_Blob type. */ 693 struct OH_Huks_Blob blob; 694 }; 695 }; 696 697 /** 698 * @brief Defines the structure of the parameter set. 699 * 700 * @since 9 701 * @version 1.0 702 */ 703 struct OH_Huks_ParamSet { 704 /** Memory size of the parameter set. */ 705 uint32_t paramSetSize; 706 /** Number of parameters in the parameter set. */ 707 uint32_t paramsCnt; 708 /** Parameter array. */ 709 struct OH_Huks_Param params[]; 710 }; 711 712 /** 713 * @brief Defines the structure of the certificate chain. 714 * 715 * @since 9 716 * @version 1.0 717 */ 718 struct OH_Huks_CertChain { 719 /** Pointer to the certificate data. */ 720 struct OH_Huks_Blob *certs; 721 /** Number of certificates. */ 722 uint32_t certsCount; 723 }; 724 725 /** 726 * @brief Defines the key information structure. 727 * 728 * @since 9 729 * @version 1.0 730 */ 731 struct OH_Huks_KeyInfo { 732 /** Alias of the key. */ 733 struct OH_Huks_Blob alias; 734 /** Pointer to the key parameter set. */ 735 struct OH_Huks_ParamSet *paramSet; 736 }; 737 738 /** 739 * @brief Defines the structure of a public key. 740 * 741 * @since 9 742 * @version 1.0 743 */ 744 struct OH_Huks_PubKeyInfo { 745 /** Algorithm of the public key. */ 746 enum OH_Huks_KeyAlg keyAlg; 747 /** Length of the public key. */ 748 uint32_t keySize; 749 /** Length of the n or X value. */ 750 uint32_t nOrXSize; 751 /** Length of the e or Y value. */ 752 uint32_t eOrYSize; 753 /** Placeholder size. */ 754 uint32_t placeHolder; 755 }; 756 757 /** 758 * @brief Defines the structure of an RSA key. 759 * 760 * @since 9 761 * @version 1.0 762 */ 763 struct OH_Huks_KeyMaterialRsa { 764 /** Algorithm of the key. */ 765 enum OH_Huks_KeyAlg keyAlg; 766 /** Length of the key. */ 767 uint32_t keySize; 768 /** Length of the n value. */ 769 uint32_t nSize; 770 /** Length of the e value. */ 771 uint32_t eSize; 772 /** Length of the d value. */ 773 uint32_t dSize; 774 }; 775 776 /** 777 * @brief Defines the structure of an ECC key. 778 * 779 * @since 9 780 * @version 1.0 781 */ 782 struct OH_Huks_KeyMaterialEcc { 783 /** Algorithm of the key. */ 784 enum OH_Huks_KeyAlg keyAlg; 785 /** Length of the key. */ 786 uint32_t keySize; 787 /** Length of the x value. */ 788 uint32_t xSize; 789 /** Length of the y value. */ 790 uint32_t ySize; 791 /** Length of the z value. */ 792 uint32_t zSize; 793 }; 794 795 /** 796 * @brief Defines the structure of a DSA key. 797 * 798 * @since 9 799 * @version 1.0 800 */ 801 struct OH_Huks_KeyMaterialDsa { 802 /** Algorithm of the key. */ 803 enum OH_Huks_KeyAlg keyAlg; 804 /** Length of the key. */ 805 uint32_t keySize; 806 /** Length of the x value. */ 807 uint32_t xSize; 808 /** Length of the y value. */ 809 uint32_t ySize; 810 /** Length of the p value. */ 811 uint32_t pSize; 812 /** Length of the q value. */ 813 uint32_t qSize; 814 /** Length of the g value. */ 815 uint32_t gSize; 816 }; 817 818 /** 819 * @brief Defines the structure of a DH key. 820 * 821 * @since 9 822 * @version 1.0 823 */ 824 struct OH_Huks_KeyMaterialDh { 825 /** Algorithm of the key. */ 826 enum OH_Huks_KeyAlg keyAlg; 827 /** Length of the DH key. */ 828 uint32_t keySize; 829 /** Length of the public key. */ 830 uint32_t pubKeySize; 831 /** Length of the private key. */ 832 uint32_t priKeySize; 833 /** Reserved. */ 834 uint32_t reserved; 835 }; 836 837 /** 838 * @brief Defines the structure of a 25519 key. 839 * 840 * @since 9 841 * @version 1.0 842 */ 843 struct OH_Huks_KeyMaterial25519 { 844 /** Algorithm of the key. */ 845 enum OH_Huks_KeyAlg keyAlg; 846 /** Length of the 25519 key. */ 847 uint32_t keySize; 848 /** Length of the public key. */ 849 uint32_t pubKeySize; 850 /** Length of the private key. */ 851 uint32_t priKeySize; 852 /** Reserved. */ 853 uint32_t reserved; 854 }; 855 856 #ifdef __cplusplus 857 } 858 #endif 859 860 /** @} */ 861 #endif /* NATIVE_OH_HUKS_TYPE_H */ 862