• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# 匿名密钥证明(C/C++)
2
3在使用本功能时,需确保网络通畅。
4
5## 在CMake脚本中链接相关动态库
6```txt
7target_link_libraries(entry PUBLIC libhuks_ndk.z.so)
8```
9
10## 开发步骤
11
121. 确定密钥别名keyAlias,密钥别名最大长度为128字节。
13
142. 初始化参数集:通过[OH_Huks_InitParamSet](../../reference/apis-universal-keystore-kit/_huks_param_set_api.md#oh_huks_initparamset)、[OH_Huks_AddParams](../../reference/apis-universal-keystore-kit/_huks_param_set_api.md#oh_huks_addparams)、[OH_Huks_BuildParamSet](../../reference/apis-universal-keystore-kit/_huks_param_set_api.md#oh_huks_buildparamset)构造参数集paramSet,参数集中必须包含[OH_Huks_KeyAlg](../../reference/apis-universal-keystore-kit/_huks_type_api.md#oh_huks_keyalg),[OH_Huks_KeySize](../../reference/apis-universal-keystore-kit/_huks_type_api.md#oh_huks_keysize),[OH_Huks_KeyPurpose](../../reference/apis-universal-keystore-kit/_huks_type_api.md#oh_huks_keypurpose)属性。
15
163. 将密钥别名与参数集作为参数传入[OH_Huks_AnonAttestKeyItem](../../reference/apis-universal-keystore-kit/_huks_key_api.md#oh_huks_anonattestkeyitem)方法中,即可证明密钥。
17
18```c++
19#include "huks/native_huks_api.h"
20#include "huks/native_huks_param.h"
21#include "napi/native_api.h"
22#include <string.h>
23OH_Huks_Result InitParamSet(
24    struct OH_Huks_ParamSet **paramSet,
25    const struct OH_Huks_Param *params,
26    uint32_t paramCount)
27{
28    OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
29    if (ret.errorCode != OH_HUKS_SUCCESS) {
30        return ret;
31    }
32    ret = OH_Huks_AddParams(*paramSet, params, paramCount);
33    if (ret.errorCode != OH_HUKS_SUCCESS) {
34        OH_Huks_FreeParamSet(paramSet);
35        return ret;
36    }
37    ret = OH_Huks_BuildParamSet(paramSet);
38    if (ret.errorCode != OH_HUKS_SUCCESS) {
39        OH_Huks_FreeParamSet(paramSet);
40        return ret;
41    }
42    return ret;
43}
44static uint32_t g_size = 4096;
45static uint32_t CERT_COUNT = 4;
46void FreeCertChain(struct OH_Huks_CertChain *certChain, const uint32_t pos)
47{
48    if (certChain == nullptr || certChain->certs == nullptr) {
49        return;
50    }
51    for (uint32_t j = 0; j < pos; j++) {
52        if (certChain->certs[j].data != nullptr) {
53            free(certChain->certs[j].data);
54            certChain->certs[j].data = nullptr;
55        }
56    }
57    if (certChain->certs != nullptr) {
58        free(certChain->certs);
59        certChain->certs = nullptr;
60    }
61}
62int32_t ConstructDataToCertChain(struct OH_Huks_CertChain *certChain)
63{
64    if (certChain == nullptr) {
65        return OH_HUKS_ERR_CODE_ILLEGAL_ARGUMENT;
66    }
67    certChain->certsCount = CERT_COUNT;
68
69    certChain->certs = (struct OH_Huks_Blob *)malloc(sizeof(struct OH_Huks_Blob) * (certChain->certsCount));
70    if (certChain->certs == nullptr) {
71        return OH_HUKS_ERR_CODE_INTERNAL_ERROR;
72    }
73    for (uint32_t i = 0; i < certChain->certsCount; i++) {
74        certChain->certs[i].size = g_size;
75        certChain->certs[i].data = (uint8_t *)malloc(certChain->certs[i].size);
76        if (certChain->certs[i].data == nullptr) {
77            FreeCertChain(certChain, i);
78            return OH_HUKS_ERR_CODE_ILLEGAL_ARGUMENT;
79        }
80    }
81    return 0;
82}
83static struct OH_Huks_Param g_genAnonAttestParams[] = {
84    { .tag = OH_HUKS_TAG_ALGORITHM, .uint32Param = OH_HUKS_ALG_RSA },
85    { .tag = OH_HUKS_TAG_KEY_SIZE, .uint32Param = OH_HUKS_RSA_KEY_SIZE_2048 },
86    { .tag = OH_HUKS_TAG_PURPOSE, .uint32Param = OH_HUKS_KEY_PURPOSE_VERIFY },
87    { .tag = OH_HUKS_TAG_DIGEST, .uint32Param = OH_HUKS_DIGEST_SHA256 },
88    { .tag = OH_HUKS_TAG_PADDING, .uint32Param = OH_HUKS_PADDING_PSS },
89    { .tag = OH_HUKS_TAG_BLOCK_MODE, .uint32Param = OH_HUKS_MODE_ECB },
90};
91#define CHALLENGE_DATA "hi_challenge_data"
92static struct OH_Huks_Blob g_challenge = { sizeof(CHALLENGE_DATA), (uint8_t *)CHALLENGE_DATA };
93static napi_value AnonAttestKey(napi_env env, napi_callback_info info)
94{
95    /* 1.确定密钥别名 */
96    struct OH_Huks_Blob genAlias = {
97        (uint32_t)strlen("test_anon_attest"),
98        (uint8_t *)"test_anon_attest"
99    };
100    static struct OH_Huks_Param g_anonAttestParams[] = {
101        { .tag = OH_HUKS_TAG_ATTESTATION_CHALLENGE, .blob = g_challenge },
102        { .tag = OH_HUKS_TAG_ATTESTATION_ID_ALIAS, .blob = genAlias },
103    };
104    struct OH_Huks_ParamSet *genParamSet = nullptr;
105    struct OH_Huks_ParamSet *anonAttestParamSet = nullptr;
106    OH_Huks_Result ohResult;
107    OH_Huks_Blob certs = { 0 };
108    OH_Huks_CertChain certChain = { &certs, 0 };
109    do {
110        /* 2.初始化密钥参数集 */
111        ohResult = InitParamSet(&genParamSet, g_genAnonAttestParams, sizeof(g_genAnonAttestParams) / sizeof(OH_Huks_Param));
112        if (ohResult.errorCode != OH_HUKS_SUCCESS) {
113            break;
114        }
115        ohResult = InitParamSet(&anonAttestParamSet, g_anonAttestParams, sizeof(g_anonAttestParams) / sizeof(OH_Huks_Param));
116        if (ohResult.errorCode != OH_HUKS_SUCCESS) {
117            break;
118        }
119        ohResult = OH_Huks_GenerateKeyItem(&genAlias, genParamSet, nullptr);
120        if (ohResult.errorCode != OH_HUKS_SUCCESS) {
121            break;
122        }
123
124        (void)ConstructDataToCertChain(&certChain);
125        /* 3.证明密钥 */
126        ohResult = OH_Huks_AnonAttestKeyItem(&genAlias, anonAttestParamSet, &certChain);
127    } while (0);
128    FreeCertChain(&certChain, CERT_COUNT);
129    OH_Huks_FreeParamSet(&genParamSet);
130    OH_Huks_FreeParamSet(&anonAttestParamSet);
131    (void)OH_Huks_DeleteKeyItem(&genAlias, NULL);
132
133    napi_value ret;
134    napi_create_int32(env, ohResult.errorCode, &ret);
135    return ret;
136}
137```
138