1# 匿名密钥证明(C/C++) 2 3<!--Kit: Universal Keystore Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @wutiantian-gitee--> 6<!--Designer: @HighLowWorld--> 7<!--Tester: @wxy1234564846--> 8<!--Adviser: @zengyawen--> 9 10在使用本功能时,需确保网络通畅。 11 12## 在CMake脚本中链接相关动态库 13```txt 14target_link_libraries(entry PUBLIC libhuks_ndk.z.so) 15``` 16 17## 开发步骤 18 191. 指定密钥别名,密钥别名命名规范参考[密钥生成介绍及算法规格](huks-key-generation-overview.md)。 20 212. 初始化参数集:通过[OH_Huks_InitParamSet](../../reference/apis-universal-keystore-kit/capi-native-huks-param-h.md#oh_huks_initparamset)、[OH_Huks_AddParams](../../reference/apis-universal-keystore-kit/capi-native-huks-param-h.md#oh_huks_addparams)、[OH_Huks_BuildParamSet](../../reference/apis-universal-keystore-kit/capi-native-huks-param-h.md#oh_huks_buildparamset)构造参数集paramSet,参数集中必须包含[OH_Huks_KeyAlg](../../reference/apis-universal-keystore-kit/capi-native-huks-type-h.md#oh_huks_keyalg),[OH_Huks_KeySize](../../reference/apis-universal-keystore-kit/capi-native-huks-type-h.md#oh_huks_keysize),[OH_Huks_KeyPurpose](../../reference/apis-universal-keystore-kit/capi-native-huks-type-h.md#oh_huks_keypurpose)属性。 22 233. 将密钥别名与参数集作为参数传入[OH_Huks_AnonAttestKeyItem](../../reference/apis-universal-keystore-kit/capi-native-huks-api-h.md#oh_huks_anonattestkeyitem)方法中,即可证明密钥。 24 25```c++ 26#include "huks/native_huks_api.h" 27#include "huks/native_huks_param.h" 28#include "napi/native_api.h" 29#include <string.h> 30 31OH_Huks_Result InitParamSet( 32 struct OH_Huks_ParamSet **paramSet, 33 const struct OH_Huks_Param *params, 34 uint32_t paramCount) 35{ 36 OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet); 37 if (ret.errorCode != OH_HUKS_SUCCESS) { 38 return ret; 39 } 40 ret = OH_Huks_AddParams(*paramSet, params, paramCount); 41 if (ret.errorCode != OH_HUKS_SUCCESS) { 42 OH_Huks_FreeParamSet(paramSet); 43 return ret; 44 } 45 ret = OH_Huks_BuildParamSet(paramSet); 46 if (ret.errorCode != OH_HUKS_SUCCESS) { 47 OH_Huks_FreeParamSet(paramSet); 48 return ret; 49 } 50 return ret; 51} 52static uint32_t g_size = 4096; 53static uint32_t CERT_COUNT = 4; 54void FreeCertChain(struct OH_Huks_CertChain *certChain, const uint32_t pos) 55{ 56 if (certChain == nullptr || certChain->certs == nullptr) { 57 return; 58 } 59 for (uint32_t j = 0; j < pos; j++) { 60 if (certChain->certs[j].data != nullptr) { 61 free(certChain->certs[j].data); 62 certChain->certs[j].data = nullptr; 63 } 64 } 65 if (certChain->certs != nullptr) { 66 free(certChain->certs); 67 certChain->certs = nullptr; 68 } 69} 70 71int32_t ConstructDataToCertChain(struct OH_Huks_CertChain *certChain) 72{ 73 if (certChain == nullptr) { 74 return OH_HUKS_ERR_CODE_ILLEGAL_ARGUMENT; 75 } 76 certChain->certsCount = CERT_COUNT; 77 78 certChain->certs = (struct OH_Huks_Blob *)malloc(sizeof(struct OH_Huks_Blob) * (certChain->certsCount)); 79 if (certChain->certs == nullptr) { 80 return OH_HUKS_ERR_CODE_INTERNAL_ERROR; 81 } 82 for (uint32_t i = 0; i < certChain->certsCount; i++) { 83 certChain->certs[i].size = g_size; 84 certChain->certs[i].data = (uint8_t *)malloc(certChain->certs[i].size); 85 if (certChain->certs[i].data == nullptr) { 86 FreeCertChain(certChain, i); 87 return OH_HUKS_ERR_CODE_INTERNAL_ERROR; 88 } 89 } 90 return OH_HUKS_SUCCESS; 91} 92 93static struct OH_Huks_Param g_genAnonAttestParams[] = { 94 { .tag = OH_HUKS_TAG_ALGORITHM, .uint32Param = OH_HUKS_ALG_RSA }, 95 { .tag = OH_HUKS_TAG_KEY_SIZE, .uint32Param = OH_HUKS_RSA_KEY_SIZE_2048 }, 96 { .tag = OH_HUKS_TAG_PURPOSE, .uint32Param = OH_HUKS_KEY_PURPOSE_VERIFY }, 97 { .tag = OH_HUKS_TAG_DIGEST, .uint32Param = OH_HUKS_DIGEST_SHA256 }, 98 { .tag = OH_HUKS_TAG_PADDING, .uint32Param = OH_HUKS_PADDING_PSS }, 99 { .tag = OH_HUKS_TAG_BLOCK_MODE, .uint32Param = OH_HUKS_MODE_ECB }, 100}; 101#define CHALLENGE_DATA "hi_challenge_data" 102static struct OH_Huks_Blob g_challenge = { sizeof(CHALLENGE_DATA), (uint8_t *)CHALLENGE_DATA }; 103static napi_value AnonAttestKey(napi_env env, napi_callback_info info) 104{ 105 /* 1.确定密钥别名 */ 106 struct OH_Huks_Blob genAlias = { 107 (uint32_t)strlen("test_anon_attest"), 108 (uint8_t *)"test_anon_attest" 109 }; 110 static struct OH_Huks_Param g_anonAttestParams[] = { 111 { .tag = OH_HUKS_TAG_ATTESTATION_CHALLENGE, .blob = g_challenge }, 112 { .tag = OH_HUKS_TAG_ATTESTATION_ID_ALIAS, .blob = genAlias }, 113 }; 114 struct OH_Huks_ParamSet *genParamSet = nullptr; 115 struct OH_Huks_ParamSet *anonAttestParamSet = nullptr; 116 OH_Huks_Result ohResult; 117 OH_Huks_Blob certs = { 0 }; 118 OH_Huks_CertChain certChain = { &certs, 0 }; 119 do { 120 /* 2.初始化密钥参数集 */ 121 ohResult = 122 InitParamSet(&genParamSet, g_genAnonAttestParams, sizeof(g_genAnonAttestParams) / sizeof(OH_Huks_Param)); 123 if (ohResult.errorCode != OH_HUKS_SUCCESS) { 124 break; 125 } 126 ohResult = 127 InitParamSet(&anonAttestParamSet, g_anonAttestParams, sizeof(g_anonAttestParams) / sizeof(OH_Huks_Param)); 128 if (ohResult.errorCode != OH_HUKS_SUCCESS) { 129 break; 130 } 131 ohResult = OH_Huks_GenerateKeyItem(&genAlias, genParamSet, nullptr); 132 if (ohResult.errorCode != OH_HUKS_SUCCESS) { 133 break; 134 } 135 136 ohResult.errorCode = ConstructDataToCertChain(&certChain); 137 if (ohResult.errorCode != OH_HUKS_SUCCESS) { 138 break; 139 } 140 /* 3.证明密钥 */ 141 ohResult = OH_Huks_AnonAttestKeyItem(&genAlias, anonAttestParamSet, &certChain); 142 } while (0); 143 FreeCertChain(&certChain, CERT_COUNT); 144 OH_Huks_FreeParamSet(&genParamSet); 145 OH_Huks_FreeParamSet(&anonAttestParamSet); 146 (void)OH_Huks_DeleteKeyItem(&genAlias, NULL); 147 148 napi_value ret; 149 napi_create_int32(env, ohResult.errorCode, &ret); 150 return ret; 151} 152```