• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# 非匿名密钥证明(C/C++)
2
3在使用本功能前,需申请权限:[ohos.permission.ATTEST_KEY](../AccessToken/permissions-for-system-apps.md#ohospermissionattest_key)。请开发者根据应用的APL等级,参考具体的操作路径[权限申请](../AccessToken/determine-application-mode.md)。
4
5## 在CMake脚本中链接相关动态库
6```txt
7target_link_libraries(entry PUBLIC libhuks_ndk.z.so)
8```
9
10## 开发步骤
11
121. 确定密钥别名keyAlias,密钥别名最大长度为128字节。
13
142. 初始化参数集:通过[OH_Huks_InitParamSet](../../reference/apis-universal-keystore-kit/_huks_param_set_api.md#oh_huks_initparamset)、[OH_Huks_AddParams](../../reference/apis-universal-keystore-kit/_huks_param_set_api.md#oh_huks_addparams)、[OH_Huks_BuildParamSet](../../reference/apis-universal-keystore-kit/_huks_param_set_api.md#oh_huks_buildparamset)构造参数集paramSet,通过[OH_HUKS_TAG_ALGORITHM](../../reference/apis-universal-keystore-kit/_huks_type_api.md#oh_huks_keyalg)、[OH_HUKS_TAG_KEY_SIZE](../../reference/apis-universal-keystore-kit/_huks_type_api.md#oh_huks_keysize)、[OH_HUKS_TAG_PURPOSE](../../reference/apis-universal-keystore-kit/_huks_type_api.md#oh_huks_keypurpose)分别指定算法、密钥大小、密钥用途属性。
15
163. 生成非对称密钥,具体请参考[密钥生成](huks-key-generation-ndk.md)。
17
184. 将密钥别名与参数集作为参数传入[OH_Huks_AttestKeyItem](../../reference/apis-universal-keystore-kit/_huks_key_api.md#oh_huks_attestkeyitem)方法中,即可证明密钥。
19
20```c++
21#include "huks/native_huks_api.h"
22#include "huks/native_huks_param.h"
23#include "napi/native_api.h"
24#include <string.h>
25OH_Huks_Result InitParamSet(
26    struct OH_Huks_ParamSet **paramSet,
27    const struct OH_Huks_Param *params,
28    uint32_t paramCount)
29{
30    OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
31    if (ret.errorCode != OH_HUKS_SUCCESS) {
32        return ret;
33    }
34    ret = OH_Huks_AddParams(*paramSet, params, paramCount);
35    if (ret.errorCode != OH_HUKS_SUCCESS) {
36        OH_Huks_FreeParamSet(paramSet);
37        return ret;
38    }
39    ret = OH_Huks_BuildParamSet(paramSet);
40    if (ret.errorCode != OH_HUKS_SUCCESS) {
41        OH_Huks_FreeParamSet(paramSet);
42        return ret;
43    }
44    return ret;
45}
46static uint32_t g_size = 4096;
47static uint32_t CERT_COUNT = 4;
48void FreeCertChain(struct OH_Huks_CertChain *certChain, const uint32_t pos)
49{
50    if (certChain == nullptr || certChain->certs == nullptr) {
51        return;
52    }
53    for (uint32_t j = 0; j < pos; j++) {
54        if (certChain->certs[j].data != nullptr) {
55            free(certChain->certs[j].data);
56            certChain->certs[j].data = nullptr;
57        }
58    }
59    if (certChain->certs != nullptr) {
60        free(certChain->certs);
61        certChain->certs = nullptr;
62    }
63}
64int32_t ConstructDataToCertChain(struct OH_Huks_CertChain *certChain)
65{
66    if (certChain == nullptr) {
67        return OH_HUKS_ERR_CODE_ILLEGAL_ARGUMENT;
68    }
69    certChain->certsCount = CERT_COUNT;
70
71    certChain->certs = (struct OH_Huks_Blob *)malloc(sizeof(struct OH_Huks_Blob) * (certChain->certsCount));
72    if (certChain->certs == nullptr) {
73        return OH_HUKS_ERR_CODE_INTERNAL_ERROR;
74    }
75    for (uint32_t i = 0; i < certChain->certsCount; i++) {
76        certChain->certs[i].size = g_size;
77        certChain->certs[i].data = (uint8_t *)malloc(certChain->certs[i].size);
78        if (certChain->certs[i].data == nullptr) {
79            FreeCertChain(certChain, i);
80            return OH_HUKS_ERR_CODE_ILLEGAL_ARGUMENT;
81        }
82    }
83    return 0;
84}
85static struct OH_Huks_Param g_genAttestParams[] = {
86    { .tag = OH_HUKS_TAG_ALGORITHM, .uint32Param = OH_HUKS_ALG_RSA },
87    { .tag = OH_HUKS_TAG_KEY_SIZE, .uint32Param = OH_HUKS_RSA_KEY_SIZE_2048 },
88    { .tag = OH_HUKS_TAG_PURPOSE, .uint32Param = OH_HUKS_KEY_PURPOSE_VERIFY },
89    { .tag = OH_HUKS_TAG_DIGEST, .uint32Param = OH_HUKS_DIGEST_SHA256 },
90    { .tag = OH_HUKS_TAG_PADDING, .uint32Param = OH_HUKS_PADDING_PSS },
91    { .tag = OH_HUKS_TAG_BLOCK_MODE, .uint32Param = OH_HUKS_MODE_ECB },
92};
93#define CHALLENGE_DATA "hi_challenge_data"
94static struct OH_Huks_Blob g_challenge = { sizeof(CHALLENGE_DATA), (uint8_t *)CHALLENGE_DATA };
95static napi_value AttestKey(napi_env env, napi_callback_info info)
96{
97    /* 1.确定密钥别名 */
98    struct OH_Huks_Blob genAlias = {
99        (uint32_t)strlen("test_attest"),
100        (uint8_t *)"test_attest"
101    };
102    static struct OH_Huks_Param g_attestParams[] = {
103        { .tag = OH_HUKS_TAG_ATTESTATION_CHALLENGE, .blob = g_challenge },
104        { .tag = OH_HUKS_TAG_ATTESTATION_ID_ALIAS, .blob = genAlias },
105    };
106    struct OH_Huks_ParamSet *genParamSet = nullptr;
107    struct OH_Huks_ParamSet *attestParamSet = nullptr;
108    OH_Huks_Result ohResult;
109    OH_Huks_Blob certs = { 0 };
110    OH_Huks_CertChain certChain = { &certs, 0 };
111    do {
112        /* 2.初始化密钥参数集 */
113        ohResult = InitParamSet(&genParamSet, g_genAttestParams, sizeof(g_genAttestParams) / sizeof(OH_Huks_Param));
114        if (ohResult.errorCode != OH_HUKS_SUCCESS) {
115            break;
116        }
117        ohResult = InitParamSet(&attestParamSet, g_attestParams, sizeof(g_attestParams) / sizeof(OH_Huks_Param));
118        if (ohResult.errorCode != OH_HUKS_SUCCESS) {
119            break;
120        }
121        ohResult = OH_Huks_GenerateKeyItem(&genAlias, genParamSet, nullptr);
122        if (ohResult.errorCode != OH_HUKS_SUCCESS) {
123            break;
124        }
125
126        (void)ConstructDataToCertChain(&certChain);
127        /* 3.证明密钥 */
128        ohResult = OH_Huks_AttestKeyItem(&genAlias, attestParamSet, &certChain);
129    } while (0);
130    FreeCertChain(&certChain, CERT_COUNT);
131    OH_Huks_FreeParamSet(&genParamSet);
132    OH_Huks_FreeParamSet(&attestParamSet);
133    (void)OH_Huks_DeleteKeyItem(&genAlias, NULL);
134
135    napi_value ret;
136    napi_create_int32(env, ohResult.errorCode, &ret);
137    return ret;
138}
139```
140