• Home
Name Date Size #Lines LOC

..--

build/12-May-2024-7957

figures/12-May-2024-

frameworks/12-May-2024-30,41623,709

interfaces/12-May-2024-15,42810,459

services/huks_standard/12-May-2024-26,53220,506

test/12-May-2024-136,593102,069

utils/12-May-2024-3,7672,957

.gitattributesD12-May-2024631 1615

BUILD.gnD12-May-20242.8 KiB9486

CODEOWNERSD12-May-2024823 1815

LICENSED12-May-202410.1 KiB177150

README.mdD12-May-20242.1 KiB4433

README_zh.mdD12-May-20243.5 KiB8654

bundle.jsonD12-May-20242.6 KiB9493

hisysevent.yamlD12-May-2024982 249

huks.gniD12-May-20241.6 KiB5445

README.md

1# HUKS<a name="EN-US_TOPIC_0000001148528849"></a>
2
3-   [Introduction](#section11660541593)
4-   [Directory Structure](#section161941989596)
5-   [Repositories Involved](#section1371113476307)
6
7## Introduction<a name="section11660541593"></a>
8
9OpenHarmony Universal KeyStore \(HUKS\) provides applications with key library capabilities, such as key management and cryptographic operations on keys. HUKS also provides APIs for applications to import or generate keys.
10
11HUKS consists of the following modules:
12
13-   HUKS SDK layer: provides HUKS APIs for applications.
14
15-   HUKS service layer: implements functions such as HUKS key management and storage.
16-   HUKS engine layer: HUKS core module, which generates, encrypts, and decrypts keys. For devices running a standard system, this module of the commercial version must run in a secure environment such as a TEE or a chip with security capabilities. A secure environment requires dedicated hardware and is therefore implemented only by emulation in the open-source code. For the small and mini systems, HUKS only provides the example implementation of the root key protection solution. In commercial scenarios, the implementation must adapt to the protection solution for either the hardware root key or other root keys.
17
18## Directory Structure<a name="section161941989596"></a>
19
20```
21base/security/huks/
22├── build                            # Build configuration file
23├── frameworks                       # Framework code, which is used by interfaces and services
24│   └── huks_standard                # Code implementation
25|   └── huks_lite                    # Build script in a small and mini systems
26|   └── crypto_lite                  # Encryption and decryption implementation
27├── interfaces                       # APIs
28│   └── innerkits
29│   └── kits
30├── services
31│   └── huks_standard
32├── test
33└── utils
34   └── crypto_adapter
35   └── file_operator
36   └── list
37   └── mutex
38```
39
40## Repositories Involved<a name="section1371113476307"></a>
41
42**Security subsystem**
43
44**[security_huks](https://gitee.com/openharmony/security_huks)**

README_zh.md

1# HUKS部件
2
3  - [简介](#简介)
4  - [目录](#目录)
5  - [编译构建](#编译构建)
6  - [说明](#说明)
7  - [相关仓](#相关仓)
8
9## 简介
10
11HUKS(OpenHarmony Universal KeyStore,OpenHarmony通用密钥库系统)向应用提供密钥库能力,包括密钥管理及密钥的密码学操作等功能。HUKS所管理的密钥可以由应用导入或者由应用调用HUKS接口生成。
12
13HUKS模块可以分为如下三大部分:
14
15-   HUKS SDK层:提供HUKS API供应用调用。
16
17-   HUKS Service层:实现HUKS密钥管理、存储等功能。
18
19-   HUKS Core层:HUKS核心模块,负责密钥生成以及加解密等工作。对于标准系统设备,该部分模块在商用场景下必须在安全环境下运行,包括TEE或者具备安全能力的芯片等。由于安全环境需要特定硬件支持,因此在开源代码中为模拟实现。对于小型和轻量系统,HUKS模块仅提供根密钥保护方案的模拟实现,商用场景下必须根据产品能力适配硬件根密钥或者使用其他根密钥保护方案。
20
21HUKS部件架构如下图所示:
22
23<div align=center>
24
25<img src=figures/huks_architecture.png width=80% align=center/>
26
27</div>
28
29## 目录
30
31```
32├── build                              # 编译配置文件
33├── frameworks                         # 框架代码, 作为基础功能目录, 被interfaces和services使用.
34│   ├── huks_lite                      # 小型和轻量系统编译脚本
35│   └── huks_standard                  # 代码实现
36├── interfaces                         # 接口API代码
37│   ├── innerkits                      # inner api接口
38│   └── kits                           # 对外api接口
39├── services                           # 服务框架代码
40│   └── huks_standard
41│       ├── huks_engine                # HUKS 核心层代码
42│       └── huks_service               # HUKS 服务层代码
43├── test                               # 测试代码存放目录
44└── utils                              # 工具代码存放目录
45```
46
47## 编译构建
48
49**单仓编译**
50
51以RK3568为例,以下编译命令可以单独编译HUKS单仓和测试文件:
52```
53本模块单独编译命令
54./build.sh --product-name=rk3568 --build-target out/rk3568/build_configs/security/huks:huks
55
56本模块测试文件单独编译命令
57./build.sh --product-name rk3568 --build-target out/rk3568/build_configs/security/huks:huks_test
58```
59
60## 说明
61
62### 接口说明
63
64[接口文档](https://gitee.com/openharmony/docs/blob/master/zh-cn/application-dev/reference/apis/js-apis-huks.md)
65
66### 使用说明
67
68[ArkTS开发指导](https://gitee.com/openharmony/docs/blob/master/zh-cn/application-dev/security/huks-guidelines.md)
69
70[Native开发指导](https://gitee.com/openharmony/docs/blob/master/zh-cn/application-dev/security/native-huks-guidelines.md)
71
72
73<font color = grey> 注:HUKS部件包含密钥管理及密钥的密码学操作等功能,如果仅需要进行密钥的密码学操作而不需要密钥管理,建议使用[加解密算法库框架](https://gitee.com/openharmony/security_crypto_framework)。</font>
74
75
76## 相关仓
77
78[security_crypto_framework](https://gitee.com/openharmony/security_crypto_framework)
79
80[security_certificate_manager](https://gitee.com/openharmony/security_certificate_manager)
81
82[**security_huks**](https://gitee.com/openharmony/security_huks)
83
84[third_party_openssl](https://gitee.com/openharmony/third_party_openssl)
85
86[third_party_mbedtls](https://gitee.com/openharmony/third_party_mbedtls)