• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# 匿名密钥证明(C/C++)
2
3
4## 开发步骤
5
61. 确定密钥别名keyAlias,密钥别名最大长度为64字节;
7
82. 初始化参数集:通过[OH_Huks_InitParamSet](../../reference/apis-universal-keystore-kit/_huks_param_set_api.md#oh_huks_initparamset)、[OH_Huks_AddParams](../../reference/apis-universal-keystore-kit/_huks_param_set_api.md#oh_huks_addparams)、[OH_Huks_BuildParamSet](../../reference/apis-universal-keystore-kit/_huks_param_set_api.md#oh_huks_buildparamset)构造参数集paramSet,参数集中必须包含[OH_Huks_KeyAlg](../../reference/apis-universal-keystore-kit/_huks_type_api.md#oh_huks_keyalg),[OH_Huks_KeySize](../../reference/apis-universal-keystore-kit/_huks_type_api.md#oh_huks_keysize),[OH_Huks_KeyPurpose](../../reference/apis-universal-keystore-kit/_huks_type_api.md#oh_huks_keypurpose)属性;
9
103. 将密钥别名与参数集作为参数传入[OH_Huks_AnonAttestKeyItem](../../reference/apis-universal-keystore-kit/_huks_key_api.md#oh_huks_anonattestkeyitem)方法中,即可证明密钥。
11
12```c++
13#include "huks/native_huks_api.h"
14#include "huks/native_huks_param.h"
15#include <string.h>
16OH_Huks_Result InitParamSet(
17    struct OH_Huks_ParamSet **paramSet,
18    const struct OH_Huks_Param *params,
19    uint32_t paramCount)
20{
21    OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
22    if (ret.errorCode != OH_HUKS_SUCCESS) {
23        return ret;
24    }
25    ret = OH_Huks_AddParams(*paramSet, params, paramCount);
26    if (ret.errorCode != OH_HUKS_SUCCESS) {
27        OH_Huks_FreeParamSet(paramSet);
28        return ret;
29    }
30    ret = OH_Huks_BuildParamSet(paramSet);
31    if (ret.errorCode != OH_HUKS_SUCCESS) {
32        OH_Huks_FreeParamSet(paramSet);
33        return ret;
34    }
35    return ret;
36}
37static uint32_t g_size = 4096;
38static uint32_t CERT_COUNT = 3;
39void FreeCertChain(struct OH_Huks_CertChain **certChain, const uint32_t pos)
40{
41    if (certChain == nullptr || *certChain == nullptr) {
42        return;
43    }
44    if ((*certChain)->certs == nullptr) {
45        free(*certChain);
46        *certChain = nullptr;
47        return;
48    }
49    for (uint32_t j = 0; j < pos; j++) {
50        if ((*certChain)->certs[j].data != nullptr) {
51            free((*certChain)->certs[j].data);
52            (*certChain)->certs[j].data = nullptr;
53        }
54    }
55    if ((*certChain)->certs != nullptr) {
56        free((*certChain)->certs);
57        (*certChain)->certs = nullptr;
58    }
59    if (*certChain != nullptr) {
60        free(*certChain);
61        *certChain = nullptr;
62    }
63}
64int32_t ConstructDataToCertChain(struct OH_Huks_CertChain **certChain)
65{
66    *certChain = (struct OH_Huks_CertChain *)malloc(sizeof(struct OH_Huks_CertChain));
67    if (*certChain == nullptr) {
68        return OH_HUKS_ERR_CODE_ILLEGAL_ARGUMENT;
69    }
70    (*certChain)->certsCount = CERT_COUNT;
71
72    (*certChain)->certs = (struct OH_Huks_Blob *)malloc(sizeof(struct OH_Huks_Blob) * ((*certChain)->certsCount));
73    if ((*certChain)->certs == nullptr) {
74        free(*certChain);
75        *certChain = nullptr;
76    }
77    for (uint32_t i = 0; i < (*certChain)->certsCount; i++) {
78        (*certChain)->certs[i].size = g_size;
79        (*certChain)->certs[i].data = (uint8_t *)malloc((*certChain)->certs[i].size);
80        if ((*certChain)->certs[i].data == nullptr) {
81            FreeCertChain(certChain, i);
82            return OH_HUKS_ERR_CODE_ILLEGAL_ARGUMENT;
83        }
84    }
85    return 0;
86}
87static struct OH_Huks_Param g_genAnonAttestParams[] = {
88    { .tag = OH_HUKS_TAG_ALGORITHM, .uint32Param = OH_HUKS_ALG_RSA },
89    { .tag = OH_HUKS_TAG_KEY_SIZE, .uint32Param = OH_HUKS_RSA_KEY_SIZE_2048 },
90    { .tag = OH_HUKS_TAG_PURPOSE, .uint32Param = OH_HUKS_KEY_PURPOSE_VERIFY },
91    { .tag = OH_HUKS_TAG_DIGEST, .uint32Param = OH_HUKS_DIGEST_SHA256 },
92    { .tag = OH_HUKS_TAG_PADDING, .uint32Param = OH_HUKS_PADDING_PSS },
93    { .tag = OH_HUKS_TAG_BLOCK_MODE, .uint32Param = OH_HUKS_MODE_ECB },
94};
95#define CHALLENGE_DATA "hi_challenge_data"
96static struct OH_Huks_Blob g_challenge = { sizeof(CHALLENGE_DATA), (uint8_t *)CHALLENGE_DATA };
97static napi_value AnonAttestKey(napi_env env, napi_callback_info info)
98{
99    /* 1.确定密钥别名 */
100    struct OH_Huks_Blob genAlias = {
101        (uint32_t)strlen("test_anon_attest"),
102        (uint8_t *)"test_anon_attest"
103    };
104    static struct OH_Huks_Param g_anonAttestParams[] = {
105        { .tag = OH_HUKS_TAG_ATTESTATION_CHALLENGE, .blob = g_challenge },
106        { .tag = OH_HUKS_TAG_ATTESTATION_ID_ALIAS, .blob = genAlias },
107    };
108    struct OH_Huks_ParamSet *genParamSet = nullptr;
109    struct OH_Huks_ParamSet *anonAttestParamSet = nullptr;
110    OH_Huks_Result ohResult;
111    OH_Huks_CertChain *certChain = NULL;
112    do {
113        /* 2.初始化密钥参数集 */
114        ohResult = InitParamSet(&genParamSet, g_genAnonAttestParams, sizeof(g_genAnonAttestParams) / sizeof(OH_Huks_Param));
115        if (ohResult.errorCode != OH_HUKS_SUCCESS) {
116            break;
117        }
118        ohResult = InitParamSet(&anonAttestParamSet, g_anonAttestParams, sizeof(g_anonAttestParams) / sizeof(OH_Huks_Param));
119        if (ohResult.errorCode != OH_HUKS_SUCCESS) {
120            break;
121        }
122        ohResult = OH_Huks_GenerateKeyItem(&genAlias, genParamSet, nullptr);
123        if (ohResult.errorCode != OH_HUKS_SUCCESS) {
124            break;
125        }
126
127        (void)ConstructDataToCertChain(&certChain);
128        /* 3.证明密钥 */
129        ohResult = OH_Huks_AnonAttestKeyItem(&genAlias, anonAttestParamSet, certChain);
130    } while (0);
131    if (certChain != nullptr) {
132        FreeCertChain(&certChain, certChain->certsCount);
133    }
134    OH_Huks_FreeParamSet(&genParamSet);
135    OH_Huks_FreeParamSet(&anonAttestParamSet);
136    (void)OH_Huks_DeleteKeyItem(&genAlias, NULL);
137
138    napi_value ret;
139    napi_create_int32(env, ohResult.errorCode, &ret);
140    return ret;
141}
142```
143