1 /* 2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef NATIVE_OH_HUKS_TYPE_H 17 #define NATIVE_OH_HUKS_TYPE_H 18 19 /** 20 * @addtogroup HuksTypeApi 21 * @{ 22 * 23 * @brief Defines the macros, enumerated values, data structures, 24 * and error codes used by OpenHarmony Universal KeyStore (HUKS) APIs. 25 * 26 * @syscap SystemCapability.Security.Huks 27 * @since 9 28 * @version 1.0 29 */ 30 31 /** 32 * @file native_huks_type.h 33 * 34 * @brief Defines the enumerated variables, structures, and macros used in the HUKS APIs. 35 * 36 * @since 9 37 * @version 1.0 38 */ 39 40 #include <stdbool.h> 41 #include <stdint.h> 42 #include <stdlib.h> 43 44 #ifdef __cplusplus 45 extern "C" { 46 #endif 47 48 #define OH_HUKS_AE_TAG_LEN 16 49 #define OH_HUKS_BITS_PER_BYTE 8 50 #define OH_HUKS_MAX_KEY_SIZE 2048 51 #define OH_HUKS_AE_NONCE_LEN 12 52 #define OH_HUKS_MAX_KEY_ALIAS_LEN 64 53 #define OH_HUKS_MAX_PROCESS_NAME_LEN 50 54 #define OH_HUKS_MAX_RANDOM_LEN 1024 55 #define OH_HUKS_SIGNATURE_MIN_SIZE 64 56 #define OH_HUKS_MAX_OUT_BLOB_SIZE (5 * 1024 * 1024) 57 #define OH_HUKS_WRAPPED_FORMAT_MAX_SIZE (1024 * 1024) 58 #define OH_HUKS_IMPORT_WRAPPED_KEY_TOTAL_BLOBS 10 59 #define TOKEN_CHALLENGE_LEN 32 60 #define SHA256_SIGN_LEN 32 61 #define TOKEN_SIZE 32 62 #define MAX_AUTH_TIMEOUT_SECOND 60 63 #define SECURE_SIGN_VERSION 0x01000001 64 65 /** 66 * @brief Enumerates the key purposes. 67 * 68 * @since 9 69 * @version 1.0 70 */ 71 enum OH_Huks_KeyPurpose { 72 /** Used to encrypt the plaintext. */ 73 OH_HUKS_KEY_PURPOSE_ENCRYPT = 1, 74 /** Used to decrypt the cipher text. */ 75 OH_HUKS_KEY_PURPOSE_DECRYPT = 2, 76 /** Used to sign data. */ 77 OH_HUKS_KEY_PURPOSE_SIGN = 4, 78 /** Used to verify the signature. */ 79 OH_HUKS_KEY_PURPOSE_VERIFY = 8, 80 /** Used to derive a key. */ 81 OH_HUKS_KEY_PURPOSE_DERIVE = 16, 82 /** Used for an encrypted export. */ 83 OH_HUKS_KEY_PURPOSE_WRAP = 32, 84 /** Used for an encrypted import. */ 85 OH_HUKS_KEY_PURPOSE_UNWRAP = 64, 86 /** Used to generate a message authentication code (MAC). */ 87 OH_HUKS_KEY_PURPOSE_MAC = 128, 88 /** Used for key agreement. */ 89 OH_HUKS_KEY_PURPOSE_AGREE = 256, 90 }; 91 92 /** 93 * @brief Enumerates the digest algorithms. 94 * 95 * @since 9 96 * @version 1.0 97 */ 98 enum OH_Huks_KeyDigest { 99 /** No digest algorithm. */ 100 OH_HUKS_DIGEST_NONE = 0, 101 /** MD5. */ 102 OH_HUKS_DIGEST_MD5 = 1, 103 /** SM3. */ 104 OH_HUKS_DIGEST_SM3 = 2, 105 /** SHA-1. */ 106 OH_HUKS_DIGEST_SHA1 = 10, 107 /** SHA-224. */ 108 OH_HUKS_DIGEST_SHA224 = 11, 109 /** SHA-256. */ 110 OH_HUKS_DIGEST_SHA256 = 12, 111 /** SHA-384. */ 112 OH_HUKS_DIGEST_SHA384 = 13, 113 /** SHA-512. */ 114 OH_HUKS_DIGEST_SHA512 = 14, 115 }; 116 117 /** 118 * @brief Enumerates the padding algorithms. 119 * 120 * @since 9 121 * @version 1.0 122 */ 123 enum OH_Huks_KeyPadding { 124 /** No padding algorithm. */ 125 OH_HUKS_PADDING_NONE = 0, 126 /** Optimal Asymmetric Encryption Padding (OAEP). */ 127 OH_HUKS_PADDING_OAEP = 1, 128 /** Probabilistic Signature Scheme (PSS). */ 129 OH_HUKS_PADDING_PSS = 2, 130 /** Public Key Cryptography Standards (PKCS) #1 v1.5. */ 131 OH_HUKS_PADDING_PKCS1_V1_5 = 3, 132 /** PKCS #5. */ 133 OH_HUKS_PADDING_PKCS5 = 4, 134 /** PKCS #7. */ 135 OH_HUKS_PADDING_PKCS7 = 5, 136 }; 137 138 /** 139 * @brief Enumerates the cipher modes. 140 * 141 * @since 9 142 * @version 1.0 143 */ 144 enum OH_Huks_CipherMode { 145 /** Electronic Code Block (ECB) mode. */ 146 OH_HUKS_MODE_ECB = 1, 147 /** Cipher Block Chaining (CBC) mode. */ 148 OH_HUKS_MODE_CBC = 2, 149 /** Counter (CTR) mode. */ 150 OH_HUKS_MODE_CTR = 3, 151 /** Output Feedback (OFB) mode. */ 152 OH_HUKS_MODE_OFB = 4, 153 /** Counter with CBC-MAC (CCM) mode. */ 154 OH_HUKS_MODE_CCM = 31, 155 /** Galois/Counter (GCM) mode. */ 156 OH_HUKS_MODE_GCM = 32, 157 }; 158 159 /** 160 * @brief Enumerates the key sizes. 161 * 162 * @since 9 163 * @version 1.0 164 */ 165 enum OH_Huks_KeySize { 166 /** Rivest-Shamir-Adleman (RSA) key of 512 bits. */ 167 OH_HUKS_RSA_KEY_SIZE_512 = 512, 168 /** RSA key of 768 bits. */ 169 OH_HUKS_RSA_KEY_SIZE_768 = 768, 170 /** RSA key of 1024 bits. */ 171 OH_HUKS_RSA_KEY_SIZE_1024 = 1024, 172 /** RSA key of 2048 bits. */ 173 OH_HUKS_RSA_KEY_SIZE_2048 = 2048, 174 /** RSA key of 3072 bits. */ 175 OH_HUKS_RSA_KEY_SIZE_3072 = 3072, 176 /** RSA key of 4096 bits. */ 177 OH_HUKS_RSA_KEY_SIZE_4096 = 4096, 178 179 /** Elliptic Curve Cryptography (ECC) key of 224 bits. */ 180 OH_HUKS_ECC_KEY_SIZE_224 = 224, 181 /** ECC key of 256 bits. */ 182 OH_HUKS_ECC_KEY_SIZE_256 = 256, 183 /** ECC key of 384 bits. */ 184 OH_HUKS_ECC_KEY_SIZE_384 = 384, 185 /** ECC key of 521 bits. */ 186 OH_HUKS_ECC_KEY_SIZE_521 = 521, 187 188 /** Advanced Encryption Standard (AES) key of 128 bits. */ 189 OH_HUKS_AES_KEY_SIZE_128 = 128, 190 /** AES key of 192 bits. */ 191 OH_HUKS_AES_KEY_SIZE_192 = 192, 192 /** AES key of 256 bits. */ 193 OH_HUKS_AES_KEY_SIZE_256 = 256, 194 /** AES key of 512 bits. */ 195 OH_HUKS_AES_KEY_SIZE_512 = 512, 196 197 /** Curve25519 key of 256 bits. */ 198 OH_HUKS_CURVE25519_KEY_SIZE_256 = 256, 199 200 /** Diffie-Hellman (DH) key of 2048 bits. */ 201 OH_HUKS_DH_KEY_SIZE_2048 = 2048, 202 /** DH key of 3072 bits. */ 203 OH_HUKS_DH_KEY_SIZE_3072 = 3072, 204 /** DH key of 4096 bits. */ 205 OH_HUKS_DH_KEY_SIZE_4096 = 4096, 206 207 /** ShangMi2 (SM2) key of 256 bits. */ 208 OH_HUKS_SM2_KEY_SIZE_256 = 256, 209 /** ShangMi4 (SM4) key of 128 bits. */ 210 OH_HUKS_SM4_KEY_SIZE_128 = 128, 211 }; 212 213 /** 214 * @brief Enumerates the key algorithms. 215 * 216 * @since 9 217 * @version 1.0 218 */ 219 enum OH_Huks_KeyAlg { 220 /** RSA. */ 221 OH_HUKS_ALG_RSA = 1, 222 /** ECC. */ 223 OH_HUKS_ALG_ECC = 2, 224 /** DSA. */ 225 OH_HUKS_ALG_DSA = 3, 226 227 /** AES. */ 228 OH_HUKS_ALG_AES = 20, 229 /** HMAC. */ 230 OH_HUKS_ALG_HMAC = 50, 231 /** HKDF. */ 232 OH_HUKS_ALG_HKDF = 51, 233 /** PBKDF2. */ 234 OH_HUKS_ALG_PBKDF2 = 52, 235 236 /** ECDH. */ 237 OH_HUKS_ALG_ECDH = 100, 238 /** X25519. */ 239 OH_HUKS_ALG_X25519 = 101, 240 /** Ed25519. */ 241 OH_HUKS_ALG_ED25519 = 102, 242 /** DH. */ 243 OH_HUKS_ALG_DH = 103, 244 245 /** SM2. */ 246 OH_HUKS_ALG_SM2 = 150, 247 /** SM3. */ 248 OH_HUKS_ALG_SM3 = 151, 249 /** SM4. */ 250 OH_HUKS_ALG_SM4 = 152, 251 }; 252 253 /** 254 * @brief Enumerates the algorithm suites required for ciphertext imports. 255 * 256 * @since 9 257 * @version 1.0 258 */ 259 enum OH_Huks_AlgSuite { 260 /** Key material format (Length-Value format), X25519 key agreement, and AES-256-GCM encryption and decryption. 261 * | x25519_plain_pubkey_length (4 Byte) | x25519_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad 262 * | agreekey_nonce_length (4 Byte) | agreekey_nonce | 263 * | agreekey_aead_tag_len (4 Byte) | agreekey_aead_tag | 264 * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad 265 * | kek_nonce_length (4 Byte) | kek_nonce | kek_aead_tag_len (4 Byte) | kek_aead_tag 266 * | key_material_size_len (4 Byte) | key_material_size | key_mat_enc_length (4 Byte) | key_mat_enc_data 267 */ 268 OH_HUKS_UNWRAP_SUITE_X25519_AES_256_GCM_NOPADDING = 1, 269 270 /** Key material format (Length-Value format), ECDH-p256 key agreement, and AES-256-GCM encryption and decryption. 271 * | ECC_plain_pubkey_length (4 Byte) | ECC_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad 272 * | agreekey_nonce_length (4 Byte) | agreekey_nonce | 273 * | agreekey_aead_tag_len (4 Byte) | agreekey_aead_tag | 274 * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad 275 * | kek_nonce_length (4 Byte) | kek_nonce | kek_aead_tag_len (4 Byte) | kek_aead_tag 276 * | key_material_size_len (4 Byte) | key_material_size | key_mat_enc_length (4 Byte) | key_mat_enc_data 277 */ 278 OH_HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING = 2, 279 }; 280 281 /** 282 * @brief Enumerates the key generation types. 283 * 284 * @since 9 285 * @version 1.0 286 */ 287 enum OH_Huks_KeyGenerateType { 288 /** Key generated by default. */ 289 OH_HUKS_KEY_GENERATE_TYPE_DEFAULT = 0, 290 /** Derived key. */ 291 OH_HUKS_KEY_GENERATE_TYPE_DERIVE = 1, 292 /** Key obtained by key agreement. */ 293 OH_HUKS_KEY_GENERATE_TYPE_AGREE = 2, 294 }; 295 296 /** 297 * @brief Enumerates the key generation modes. 298 * 299 * @since 9 300 * @version 1.0 301 */ 302 enum OH_Huks_KeyFlag { 303 /** Import a public key using an API. */ 304 OH_HUKS_KEY_FLAG_IMPORT_KEY = 1, 305 /** Generate a key by using an API. */ 306 OH_HUKS_KEY_FLAG_GENERATE_KEY = 2, 307 /** Generate a key by using a key agreement API. */ 308 OH_HUKS_KEY_FLAG_AGREE_KEY = 3, 309 /** Derive a key by using an API. */ 310 OH_HUKS_KEY_FLAG_DERIVE_KEY = 4, 311 }; 312 313 /** 314 * @brief Enumerates the key storage modes. 315 * 316 * @since 9 317 * @version 1.0 318 */ 319 enum OH_Huks_KeyStorageType { 320 /** The key is managed locally. */ 321 OH_HUKS_STORAGE_TEMP = 0, 322 /** The key is managed by the HUKS service. */ 323 OH_HUKS_STORAGE_PERSISTENT = 1, 324 /** The key is only used in huks. */ 325 OH_HUKS_STORAGE_ONLY_USED_IN_HUKS = 2, 326 /** The key can be allowed to export. */ 327 OH_HUKS_STORAGE_KEY_EXPORT_ALLOWED = 3, 328 }; 329 330 /** 331 * @brief Enumerates the types of keys to import. By default, 332 * a public key is imported. This field is not required when a symmetric key is imported. 333 * 334 * @since 9 335 * @version 1.0 336 */ 337 enum OH_Huks_ImportKeyType { 338 /** Public key. */ 339 OH_HUKS_KEY_TYPE_PUBLIC_KEY = 0, 340 /** Private key. */ 341 OH_HUKS_KEY_TYPE_PRIVATE_KEY = 1, 342 /** Public and private key pair. */ 343 OH_HUKS_KEY_TYPE_KEY_PAIR = 2, 344 }; 345 346 /** 347 * @brief Enumerates the key storage modes. 348 * 349 * @since 10 350 * @version 1.0 351 */ 352 enum OH_Huks_RsaPssSaltLenType { 353 /** Salt length matches digest. */ 354 OH_HUKS_RSA_PSS_SALT_LEN_DIGEST = 0, 355 /** Set salt length to maximum possible, default type. */ 356 OH_HUKS_RSA_PSS_SALT_LEN_MAX = 1, 357 }; 358 359 /** 360 * @brief Enumerates the error codes. 361 * 362 * @since 9 363 * @version 1.0 364 */ 365 enum OH_Huks_ErrCode { 366 /** The operation is successful. */ 367 OH_HUKS_SUCCESS = 0, 368 /** Permission verification failed. */ 369 OH_HUKS_ERR_CODE_PERMISSION_FAIL = 201, 370 /** Invalid parameters are detected. */ 371 OH_HUKS_ERR_CODE_ILLEGAL_ARGUMENT = 401, 372 /** The API is not supported. */ 373 OH_HUKS_ERR_CODE_NOT_SUPPORTED_API = 801, 374 375 /** The feature is not supported. */ 376 OH_HUKS_ERR_CODE_FEATURE_NOT_SUPPORTED = 12000001, 377 /** Key algorithm parameters are missing. */ 378 OH_HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT = 12000002, 379 /** Invalid key algorithm parameters are detected. */ 380 OH_HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT = 12000003, 381 /** Failed to operate the file. */ 382 OH_HUKS_ERR_CODE_FILE_OPERATION_FAIL = 12000004, 383 /** The process communication failed. */ 384 OH_HUKS_ERR_CODE_COMMUNICATION_FAIL = 12000005, 385 /** Failed to operate the algorithm library. */ 386 OH_HUKS_ERR_CODE_CRYPTO_FAIL = 12000006, 387 /** Failed to access the key because the key has expired. */ 388 OH_HUKS_ERR_CODE_KEY_AUTH_PERMANENTLY_INVALIDATED = 12000007, 389 /** Failed to access the key because the authentication has failed. */ 390 OH_HUKS_ERR_CODE_KEY_AUTH_VERIFY_FAILED = 12000008, 391 /** Key access timed out. */ 392 OH_HUKS_ERR_CODE_KEY_AUTH_TIME_OUT = 12000009, 393 /** The number of key operation sessions has reached the limit. */ 394 OH_HUKS_ERR_CODE_SESSION_LIMIT = 12000010, 395 /** The entity does not exist. */ 396 OH_HUKS_ERR_CODE_ITEM_NOT_EXIST = 12000011, 397 /** Internal error. */ 398 OH_HUKS_ERR_CODE_INTERNAL_ERROR = 12000012, 399 /** The authentication credential does not exist. */ 400 OH_HUKS_ERR_CODE_CREDENTIAL_NOT_EXIST = 12000013, 401 /** The memory is not sufficient. */ 402 OH_HUKS_ERR_CODE_INSUFFICIENT_MEMORY = 12000014, 403 /** Failed to call service. */ 404 OH_HUKS_ERR_CODE_CALL_SERVICE_FAILED = 12000015, 405 /** Device password is required but not set. */ 406 OH_HUKS_ERR_CODE_DEVICE_PASSWORD_UNSET = 12000016 407 }; 408 409 /** 410 * @brief Enumerates the tag types. 411 * @see OH_Huks_Param 412 * 413 * @since 9 414 * @version 1.0 415 */ 416 enum OH_Huks_TagType { 417 /** Invalid tag type. */ 418 OH_HUKS_TAG_TYPE_INVALID = 0 << 28, 419 /** int32_t. */ 420 OH_HUKS_TAG_TYPE_INT = 1 << 28, 421 /** uin32_t. */ 422 OH_HUKS_TAG_TYPE_UINT = 2 << 28, 423 /** uin64_t. */ 424 OH_HUKS_TAG_TYPE_ULONG = 3 << 28, 425 /** Boolean. */ 426 OH_HUKS_TAG_TYPE_BOOL = 4 << 28, 427 /** OH_Huks_Blob. */ 428 OH_HUKS_TAG_TYPE_BYTES = 5 << 28, 429 }; 430 431 /** 432 * @brief Enumerates the user authentication types. 433 * 434 * @since 9 435 * @version 1.0 436 */ 437 enum OH_Huks_UserAuthType { 438 /** Fingerprint authentication. */ 439 OH_HUKS_USER_AUTH_TYPE_FINGERPRINT = 1 << 0, 440 /** Facial authentication. */ 441 OH_HUKS_USER_AUTH_TYPE_FACE = 1 << 1, 442 /** PIN authentication. */ 443 OH_HUKS_USER_AUTH_TYPE_PIN = 1 << 2, 444 }; 445 446 /** 447 * @brief Enumerates the access control types. 448 * 449 * @since 9 450 * @version 1.0 451 */ 452 enum OH_Huks_AuthAccessType { 453 /** The key is invalid after the password is cleared. */ 454 OH_HUKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD = 1 << 0, 455 /** The key is invalid after a new biometric feature is enrolled. */ 456 OH_HUKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL = 1 << 1, 457 /** The key is always valid. */ 458 OH_HUKS_AUTH_ACCESS_ALWAYS_VALID = 1 << 2 459 }; 460 461 /** 462 * @brief Enumerates the types of the challenges generated when a key is used. 463 * @see OH_Huks_ChallengePosition 464 * 465 * @since 9 466 * @version 1.0 467 */ 468 enum OH_Huks_ChallengeType { 469 /** Normal challenge, which is of 32 bytes by default. */ 470 OH_HUKS_CHALLENGE_TYPE_NORMAL = 0, 471 /** Custom challenge, which supports only one authentication for multiple keys. 472 * The valid value of a custom challenge is of 8 bytes. 473 */ 474 OH_HUKS_CHALLENGE_TYPE_CUSTOM = 1, 475 /** Challenge is not required. */ 476 OH_HUKS_CHALLENGE_TYPE_NONE = 2, 477 }; 478 479 /** 480 * @brief Enumerates the positions of the 8-byte valid value in a custom challenge generated. 481 * 482 * @since 9 483 * @version 1.0 484 */ 485 enum OH_Huks_ChallengePosition { 486 /** Bytes 0 to 7. */ 487 OH_HUKS_CHALLENGE_POS_0 = 0, 488 /** Bytes 8 to 15. */ 489 OH_HUKS_CHALLENGE_POS_1, 490 /** Bytes 16 to 23. */ 491 OH_HUKS_CHALLENGE_POS_2, 492 /** Bytes 24 to 31. */ 493 OH_HUKS_CHALLENGE_POS_3, 494 }; 495 496 /** 497 * @brief Enumerates the signature types of the keys generated or imported. 498 * 499 * @since 9 500 * @version 1.0 501 */ 502 enum OH_Huks_SecureSignType { 503 /** 504 * The signature carries authentication information. This field is specified when a key 505 * is generated or imported. When the key is used to sign data, the data will be added with 506 * the authentication information and then be signed. 507 */ 508 OH_HUKS_SECURE_SIGN_WITH_AUTHINFO = 1, 509 }; 510 511 /** 512 * @brief Enumerates the tag values used in parameter sets. 513 * 514 * @since 9 515 * @version 1.0 516 */ 517 enum OH_Huks_Tag { 518 /** Tags for key parameters. The value range is 1 to 200. */ 519 /** Algorithm. */ 520 OH_HUKS_TAG_ALGORITHM = OH_HUKS_TAG_TYPE_UINT | 1, 521 /** Key purpose. */ 522 OH_HUKS_TAG_PURPOSE = OH_HUKS_TAG_TYPE_UINT | 2, 523 /** Key size. */ 524 OH_HUKS_TAG_KEY_SIZE = OH_HUKS_TAG_TYPE_UINT | 3, 525 /** Digest algorithm. */ 526 OH_HUKS_TAG_DIGEST = OH_HUKS_TAG_TYPE_UINT | 4, 527 /** Padding algorithm. */ 528 OH_HUKS_TAG_PADDING = OH_HUKS_TAG_TYPE_UINT | 5, 529 /** Cipher mode. */ 530 OH_HUKS_TAG_BLOCK_MODE = OH_HUKS_TAG_TYPE_UINT | 6, 531 /** Key type. */ 532 OH_HUKS_TAG_KEY_TYPE = OH_HUKS_TAG_TYPE_UINT | 7, 533 /** Associated authentication data. */ 534 OH_HUKS_TAG_ASSOCIATED_DATA = OH_HUKS_TAG_TYPE_BYTES | 8, 535 /** Field for key encryption and decryption. */ 536 OH_HUKS_TAG_NONCE = OH_HUKS_TAG_TYPE_BYTES | 9, 537 /** Initialized vector (IV). */ 538 OH_HUKS_TAG_IV = OH_HUKS_TAG_TYPE_BYTES | 10, 539 540 /** Information generated during key derivation. */ 541 OH_HUKS_TAG_INFO = OH_HUKS_TAG_TYPE_BYTES | 11, 542 /** Salt value used for key derivation. */ 543 OH_HUKS_TAG_SALT = OH_HUKS_TAG_TYPE_BYTES | 12, 544 /** Number of iterations for key derivation. */ 545 OH_HUKS_TAG_ITERATION = OH_HUKS_TAG_TYPE_UINT | 14, 546 547 /** Type of the generated key. For details, see {@link OH_Huks_KeyGenerateType}. */ 548 OH_HUKS_TAG_KEY_GENERATE_TYPE = OH_HUKS_TAG_TYPE_UINT | 15, 549 /** Algorithm used in key agreement. */ 550 OH_HUKS_TAG_AGREE_ALG = OH_HUKS_TAG_TYPE_UINT | 19, 551 /** Alias of the public key used for key agreement. */ 552 OH_HUKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS = OH_HUKS_TAG_TYPE_BOOL | 20, 553 /** Alias of the private key used for key agreement. */ 554 OH_HUKS_TAG_AGREE_PRIVATE_KEY_ALIAS = OH_HUKS_TAG_TYPE_BYTES | 21, 555 /** Public key used for key agreement. */ 556 OH_HUKS_TAG_AGREE_PUBLIC_KEY = OH_HUKS_TAG_TYPE_BYTES | 22, 557 /** Alias of the key. */ 558 OH_HUKS_TAG_KEY_ALIAS = OH_HUKS_TAG_TYPE_BYTES | 23, 559 /** Size of the derived key. */ 560 OH_HUKS_TAG_DERIVE_KEY_SIZE = OH_HUKS_TAG_TYPE_UINT | 24, 561 /** Type of the key to import. For details, see {@link OH_Huks_ImportKeyType}. */ 562 OH_HUKS_TAG_IMPORT_KEY_TYPE = OH_HUKS_TAG_TYPE_UINT | 25, 563 /** Algorithm suite required for encrypted imports. */ 564 OH_HUKS_TAG_UNWRAP_ALGORITHM_SUITE = OH_HUKS_TAG_TYPE_UINT | 26, 565 /** Storage mode of derived or agree keys. For details, see {@link OH_Huks_KeyStorageType}. */ 566 OH_HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG = OH_HUKS_TAG_TYPE_UINT | 29, 567 /** Type of rsa pss salt length. */ 568 OH_HUKS_TAG_RSA_PSS_SALT_LEN_TYPE = OH_HUKS_TAG_TYPE_UINT | 30, 569 570 /** Tags for access control and user authentication. The value range is 301 to 500. */ 571 /** All users in the multi-user scenario. */ 572 OH_HUKS_TAG_ALL_USERS = OH_HUKS_TAG_TYPE_BOOL | 301, 573 /** Multi-user ID. */ 574 OH_HUKS_TAG_USER_ID = OH_HUKS_TAG_TYPE_UINT | 302, 575 /** Specifies whether key access control is required. */ 576 OH_HUKS_TAG_NO_AUTH_REQUIRED = OH_HUKS_TAG_TYPE_BOOL | 303, 577 /** User authentication type in key access control. */ 578 OH_HUKS_TAG_USER_AUTH_TYPE = OH_HUKS_TAG_TYPE_UINT | 304, 579 /** Timeout duration for key access. */ 580 OH_HUKS_TAG_AUTH_TIMEOUT = OH_HUKS_TAG_TYPE_UINT | 305, 581 /** Authentication token for the key. */ 582 OH_HUKS_TAG_AUTH_TOKEN = OH_HUKS_TAG_TYPE_BYTES | 306, 583 /** 584 * Access control type. For details, see {@link OH_Huks_AuthAccessType}. 585 * This parameter must be set together with the user authentication type. 586 */ 587 OH_HUKS_TAG_KEY_AUTH_ACCESS_TYPE = OH_HUKS_TAG_TYPE_UINT | 307, 588 /** Signature type for the key to be generated or imported. */ 589 OH_HUKS_TAG_KEY_SECURE_SIGN_TYPE = OH_HUKS_TAG_TYPE_UINT | 308, 590 /** Challenge type. For details, see {@link OH_Huks_ChallengeType}. */ 591 OH_HUKS_TAG_CHALLENGE_TYPE = OH_HUKS_TAG_TYPE_UINT | 309, 592 /** 593 * Position of the 8-byte valid value in a custom challenge. 594 * For details, see {@link OH_Huks_ChallengePosition}. 595 */ 596 OH_HUKS_TAG_CHALLENGE_POS = OH_HUKS_TAG_TYPE_UINT | 310, 597 598 /** Purpose of key authentication */ 599 OH_HUKS_TAG_KEY_AUTH_PURPOSE = OH_HUKS_TAG_TYPE_UINT | 311, 600 /** Security level of access control for key file storage. */ 601 OH_HUKS_TAG_AUTH_STORAGE_LEVEL = OH_HUKS_TAG_TYPE_UINT | 316, 602 603 /** Tags for key attestation. The value range is 501 to 600. */ 604 /** Challenge value used in the attestation. */ 605 OH_HUKS_TAG_ATTESTATION_CHALLENGE = OH_HUKS_TAG_TYPE_BYTES | 501, 606 /** Application ID used in the attestation. */ 607 OH_HUKS_TAG_ATTESTATION_APPLICATION_ID = OH_HUKS_TAG_TYPE_BYTES | 502, 608 /** Alias of the key. */ 609 OH_HUKS_TAG_ATTESTATION_ID_ALIAS = OH_HUKS_TAG_TYPE_BYTES | 511, 610 /** Security level used in the attestation. */ 611 OH_HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO = OH_HUKS_TAG_TYPE_BYTES | 514, 612 /** Version information used in the attestation. */ 613 OH_HUKS_TAG_ATTESTATION_ID_VERSION_INFO = OH_HUKS_TAG_TYPE_BYTES | 515, 614 615 /** 616 * 601 to 1000 are reserved for other tags. 617 * 618 * Extended tags. The value range is 1001 to 9999. 619 */ 620 /** Specifies whether it is a key alias. */ 621 OH_HUKS_TAG_IS_KEY_ALIAS = OH_HUKS_TAG_TYPE_BOOL | 1001, 622 /** Key storage mode. For details, see {@link OH_Huks_KeyStorageType}. */ 623 OH_HUKS_TAG_KEY_STORAGE_FLAG = OH_HUKS_TAG_TYPE_UINT | 1002, 624 /** Specifies whether to allow the key to be wrapped. */ 625 OH_HUKS_TAG_IS_ALLOWED_WRAP = OH_HUKS_TAG_TYPE_BOOL | 1003, 626 /** Key wrap type. */ 627 OH_HUKS_TAG_KEY_WRAP_TYPE = OH_HUKS_TAG_TYPE_UINT | 1004, 628 /** Authentication ID. */ 629 OH_HUKS_TAG_KEY_AUTH_ID = OH_HUKS_TAG_TYPE_BYTES | 1005, 630 /** Role of the key. */ 631 OH_HUKS_TAG_KEY_ROLE = OH_HUKS_TAG_TYPE_UINT | 1006, 632 /** Key flag. For details, see {@link OH_Huks_KeyFlag}. */ 633 OH_HUKS_TAG_KEY_FLAG = OH_HUKS_TAG_TYPE_UINT | 1007, 634 /** Specifies whether this API is asynchronous. */ 635 OH_HUKS_TAG_IS_ASYNCHRONIZED = OH_HUKS_TAG_TYPE_UINT | 1008, 636 /** Key domain. */ 637 OH_HUKS_TAG_KEY_DOMAIN = OH_HUKS_TAG_TYPE_UINT | 1011, 638 /** 639 * Key access control based on device password setting status. 640 * True means the key can only be generated and used when the password is set. 641 */ 642 OH_HUKS_TAG_IS_DEVICE_PASSWORD_SET = OH_HUKS_TAG_TYPE_BOOL | 1012, 643 /** Authenticated Encryption. */ 644 OH_HUKS_TAG_AE_TAG = OH_HUKS_TAG_TYPE_BYTES | 10009, 645 646 /** 647 * 11000 to 12000 are reserved. 648 * 649 * 20001 to N are reserved for other tags. 650 */ 651 /** Symmetric key data. */ 652 OH_HUKS_TAG_SYMMETRIC_KEY_DATA = OH_HUKS_TAG_TYPE_BYTES | 20001, 653 /** Public key data of the asymmetric key pair. */ 654 OH_HUKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA = OH_HUKS_TAG_TYPE_BYTES | 20002, 655 /** Private key data of the asymmetric key pair. */ 656 OH_HUKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA = OH_HUKS_TAG_TYPE_BYTES | 20003, 657 }; 658 659 /** 660 * @brief Defines the return data, including the result code and message. 661 * 662 * @since 9 663 * @version 1.0 664 */ 665 struct OH_Huks_Result { 666 /** Result code. */ 667 int32_t errorCode; 668 /** Description of the result code. */ 669 const char *errorMsg; 670 /** Other data returned. */ 671 uint8_t *data; 672 }; 673 674 /** 675 * @brief Defines the structure for storing data. 676 * 677 * @since 9 678 * @version 1.0 679 */ 680 struct OH_Huks_Blob { 681 /** Data size. */ 682 uint32_t size; 683 /** Pointer to the memory in which the data is stored. */ 684 uint8_t *data; 685 }; 686 687 /** 688 * @brief Defines the parameter structure in a parameter set. 689 * 690 * @since 9 691 * @version 1.0 692 */ 693 struct OH_Huks_Param { 694 /** Tag value. */ 695 uint32_t tag; 696 697 union { 698 /** Parameter of the Boolean type. */ 699 bool boolParam; 700 /** Parameter of the int32_t type. */ 701 int32_t int32Param; 702 /** Parameter of the uint32_t type. */ 703 uint32_t uint32Param; 704 /** Parameter of the uint64_t type. */ 705 uint64_t uint64Param; 706 /** Parameter of the struct OH_Huks_Blob type. */ 707 struct OH_Huks_Blob blob; 708 }; 709 }; 710 711 /** 712 * @brief Defines the structure of the parameter set. 713 * 714 * @since 9 715 * @version 1.0 716 */ 717 struct OH_Huks_ParamSet { 718 /** Memory size of the parameter set. */ 719 uint32_t paramSetSize; 720 /** Number of parameters in the parameter set. */ 721 uint32_t paramsCnt; 722 /** Parameter array. */ 723 struct OH_Huks_Param params[]; 724 }; 725 726 /** 727 * @brief Defines the structure of the certificate chain. 728 * 729 * @since 9 730 * @version 1.0 731 */ 732 struct OH_Huks_CertChain { 733 /** Pointer to the certificate data. */ 734 struct OH_Huks_Blob *certs; 735 /** Number of certificates. */ 736 uint32_t certsCount; 737 }; 738 739 /** 740 * @brief Defines the key information structure. 741 * 742 * @since 9 743 * @version 1.0 744 */ 745 struct OH_Huks_KeyInfo { 746 /** Alias of the key. */ 747 struct OH_Huks_Blob alias; 748 /** Pointer to the key parameter set. */ 749 struct OH_Huks_ParamSet *paramSet; 750 }; 751 752 /** 753 * @brief Defines the structure of a public key. 754 * 755 * @since 9 756 * @version 1.0 757 */ 758 struct OH_Huks_PubKeyInfo { 759 /** Algorithm of the public key. */ 760 enum OH_Huks_KeyAlg keyAlg; 761 /** Length of the public key. */ 762 uint32_t keySize; 763 /** Length of the n or X value. */ 764 uint32_t nOrXSize; 765 /** Length of the e or Y value. */ 766 uint32_t eOrYSize; 767 /** Placeholder size. */ 768 uint32_t placeHolder; 769 }; 770 771 /** 772 * @brief Defines the structure of an RSA key. 773 * 774 * @since 9 775 * @version 1.0 776 */ 777 struct OH_Huks_KeyMaterialRsa { 778 /** Algorithm of the key. */ 779 enum OH_Huks_KeyAlg keyAlg; 780 /** Length of the key. */ 781 uint32_t keySize; 782 /** Length of the n value. */ 783 uint32_t nSize; 784 /** Length of the e value. */ 785 uint32_t eSize; 786 /** Length of the d value. */ 787 uint32_t dSize; 788 }; 789 790 /** 791 * @brief Defines the structure of an ECC key. 792 * 793 * @since 9 794 * @version 1.0 795 */ 796 struct OH_Huks_KeyMaterialEcc { 797 /** Algorithm of the key. */ 798 enum OH_Huks_KeyAlg keyAlg; 799 /** Length of the key. */ 800 uint32_t keySize; 801 /** Length of the x value. */ 802 uint32_t xSize; 803 /** Length of the y value. */ 804 uint32_t ySize; 805 /** Length of the z value. */ 806 uint32_t zSize; 807 }; 808 809 /** 810 * @brief Defines the structure of a DSA key. 811 * 812 * @since 9 813 * @version 1.0 814 */ 815 struct OH_Huks_KeyMaterialDsa { 816 /** Algorithm of the key. */ 817 enum OH_Huks_KeyAlg keyAlg; 818 /** Length of the key. */ 819 uint32_t keySize; 820 /** Length of the x value. */ 821 uint32_t xSize; 822 /** Length of the y value. */ 823 uint32_t ySize; 824 /** Length of the p value. */ 825 uint32_t pSize; 826 /** Length of the q value. */ 827 uint32_t qSize; 828 /** Length of the g value. */ 829 uint32_t gSize; 830 }; 831 832 /** 833 * @brief Defines the structure of a DH key. 834 * 835 * @since 9 836 * @version 1.0 837 */ 838 struct OH_Huks_KeyMaterialDh { 839 /** Algorithm of the key. */ 840 enum OH_Huks_KeyAlg keyAlg; 841 /** Length of the DH key. */ 842 uint32_t keySize; 843 /** Length of the public key. */ 844 uint32_t pubKeySize; 845 /** Length of the private key. */ 846 uint32_t priKeySize; 847 /** Reserved. */ 848 uint32_t reserved; 849 }; 850 851 /** 852 * @brief Defines the structure of a 25519 key. 853 * 854 * @since 9 855 * @version 1.0 856 */ 857 struct OH_Huks_KeyMaterial25519 { 858 /** Algorithm of the key. */ 859 enum OH_Huks_KeyAlg keyAlg; 860 /** Length of the 25519 key. */ 861 uint32_t keySize; 862 /** Length of the public key. */ 863 uint32_t pubKeySize; 864 /** Length of the private key. */ 865 uint32_t priKeySize; 866 /** Reserved. */ 867 uint32_t reserved; 868 }; 869 870 #ifdef __cplusplus 871 } 872 #endif 873 874 /** @} */ 875 #endif /* NATIVE_OH_HUKS_TYPE_H */ 876