diff --git a/security/huks/include/native_huks_api.h b/security/huks/include/native_huks_api.h index f052661e21981d10971e1a98d4f05457a67f1d3f..ef6da4735fb7512faa8f7c2711853c5b7d2b2fa5 100644 --- a/security/huks/include/native_huks_api.h +++ b/security/huks/include/native_huks_api.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2023 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -180,6 +180,21 @@ struct OH_Huks_Result OH_Huks_IsKeyItemExist(const struct OH_Huks_Blob *keyAlias struct OH_Huks_Result OH_Huks_AttestKeyItem(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet, struct OH_Huks_CertChain *certChain); +/** + * @brief Obtain the key certificate chain. + * + * @param keyAlias Indicates the pointer to the alias of the target key. + * @param paramSet Indicates the pointer to the parameters required for obtaining the key certificate. + * @param certChain Indicates the pointer to the key certificate chain obtained. + * @return Returns {@link OH_Huks_ErrCode#OH_HUKS_SUCCESS} if the operation is successful; + * returns an error code otherwise. + * @since 11 + * @version 1.0 + * @note this is a networking duration interface caller need to get the certChain in asynchronous thread + */ +struct OH_Huks_Result OH_Huks_AnonAttestKeyItem(const struct OH_Huks_Blob *keyAlias, + const struct OH_Huks_ParamSet *paramSet, struct OH_Huks_CertChain *certChain); + /** * @brief Initializes the key session interface and obtains a handle (mandatory) and challenge value (optional). * diff --git a/security/huks/include/native_huks_type.h b/security/huks/include/native_huks_type.h index 6dcaa7a8c43cad1cfbb88ee8bbc2110af1d1fd37..0efeff347f38c2ed416ce350037fcd055aadce96 100644 --- a/security/huks/include/native_huks_type.h +++ b/security/huks/include/native_huks_type.h @@ -175,7 +175,7 @@ enum OH_Huks_KeySize { OH_HUKS_RSA_KEY_SIZE_3072 = 3072, /** RSA key of 4096 bits. */ OH_HUKS_RSA_KEY_SIZE_4096 = 4096, - + /** Elliptic Curve Cryptography (ECC) key of 224 bits. */ OH_HUKS_ECC_KEY_SIZE_224 = 224, /** ECC key of 256 bits. */ @@ -398,6 +398,12 @@ enum OH_Huks_ErrCode { OH_HUKS_ERR_CODE_INTERNAL_ERROR = 12000012, /** The authentication credential does not exist. */ OH_HUKS_ERR_CODE_CREDENTIAL_NOT_EXIST = 12000013, + /** The memory is not sufficient. */ + OH_HUKS_ERR_CODE_INSUFFICIENT_MEMORY = 12000014, + /** Failed to call service. */ + OH_HUKS_ERR_CODE_CALL_SERVICE_FAILED = 12000015, + /** Device password is required but not set. */ + OH_HUKS_ERR_CODE_DEVICE_PASSWORD_UNSET = 12000016 }; /** @@ -447,7 +453,9 @@ enum OH_Huks_AuthAccessType { /** The key is invalid after the password is cleared. */ OH_HUKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD = 1 << 0, /** The key is invalid after a new biometric feature is enrolled. */ - OH_HUKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL = 1 << 1 + OH_HUKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL = 1 << 1, + /** The key is always valid. */ + OH_HUKS_AUTH_ACCESS_ALWAYS_VALID = 1 << 2, }; /** @@ -589,6 +597,8 @@ enum OH_Huks_Tag { /** Purpose of key authentication */ OH_HUKS_TAG_KEY_AUTH_PURPOSE = OH_HUKS_TAG_TYPE_UINT | 311, + /** Security level of access control for key file storage. */ + OH_HUKS_TAG_AUTH_STORAGE_LEVEL = OH_HUKS_TAG_TYPE_UINT | 316, /** Tags for key attestation. The value range is 501 to 600. */ /** Challenge value used in the attestation. */ @@ -625,7 +635,11 @@ enum OH_Huks_Tag { OH_HUKS_TAG_IS_ASYNCHRONIZED = OH_HUKS_TAG_TYPE_UINT | 1008, /** Key domain. */ OH_HUKS_TAG_KEY_DOMAIN = OH_HUKS_TAG_TYPE_UINT | 1011, - + /** + * Key access control based on device password setting status. + * True means the key can only be generated and used when the password is set. + */ + OH_HUKS_TAG_IS_DEVICE_PASSWORD_SET = OH_HUKS_TAG_TYPE_BOOL | 1012, /** Authenticated Encryption. */ OH_HUKS_TAG_AE_TAG = OH_HUKS_TAG_TYPE_BYTES | 10009, @@ -679,7 +693,7 @@ struct OH_Huks_Blob { struct OH_Huks_Param { /** Tag value. */ uint32_t tag; - + union { /** Parameter of the Boolean type. */ bool boolParam;