security_huks模块下hks_access.h代码注解

最新推荐文章于 2022-01-27 14:37:59 发布

原创最新推荐文章于 2022-01-27 14:37:59 发布 · 249 阅读

0 ·

CC 4.0 BY-SA版权

OpenHarmony 专栏收录该内容

32 篇文章

订阅专栏

本文档详细介绍了安全模块Huks Lite中预编译的cmd类型成员和结构体定义，包括各种加密、签名、密钥操作等函数的声明，适用于理解HKS权限管理的核心功能。

安全模块security_huks/frameworks/huks_lite/source/hks_access.h代码注解

预编译
cmd类型成员
结构体定义
函数声明

预编译
cmd类型成员
结构体定义
函数声明

预编译

#ifndef HKS_ACCESS_H
/*可以根据是否已经定义了一个变量来进行分支选择，其作用是：
1、防止头文件的重复包含和编译；
2、便于程序的调试和移植；
*/
#define HKS_ACCESS_H

#include "hks_types.h"

cmd类型成员

//hw_keystore_sdk中cmd的类型成员
enum hks_cmd_type {
    HKS_GENERATE_KEY = 0,//生成密匙
    HKS_GENERATE_KEY_EX, //生成密匙对
    HKS_SIGN,            //hks标志
    HKS_VERIFY,          //hks核实
    HKS_ENCRYPT,         //hks加密
    HKS_DECRYPT,         //hks解密
    HKS_IMPORT_KEY,      //导入密匙
    HKS_EXPORT_KEY,      //导出密匙
    HKS_GENERATE_RANDOM, //生成随机数
    HKS_KEY_AGREEMENT,   //密匙协商
    HKS_KEY_DERIVATION,  //密匙派生功能
    HKS_HMAC,            //哈希运算验证码
    HKS_HASH,            //哈希散列规则（哈希算法）
    HKS_BN_EXP_MOD,      //大整数模幂运算的类型

    HKS_CMD_MAX, /* new cmd type must be added before HKS_CMD_MAX */
};

结构体定义

//生成密匙信息
struct hks_generate_key_msg {
    const struct hks_blob *key_alias;       //密匙别名
    const struct hks_key_param *key_param;  //关键参数
    struct hks_encrypt_material *key_material; //密匙材料（组件）
};

//生成密匙对信息
struct hks_generate_ex_msg {
    const struct hks_key_param *key_param;  //关键参数
    struct hks_blob *priv_key;              //私有密匙
    struct hks_blob *pub_key;               //公有密匙
};

//签署核实信息
struct hks_sign_verify_msg {
    const struct hks_blob *key;             //密匙
    const struct hks_key_param *key_param;  //密匙关键参数
    const struct hks_blob *message;         //密匙信息
    struct hks_blob *signature;             //密匙署名（签署）
    struct hks_encrypt_material *encrypt_material; //加密材料
};

//加密与解密信息
struct hks_encrypt_decrypt_msg {
    const struct hks_blob *key;
    const struct hks_key_param *key_param;
    const struct hks_crypt_param *crypt_param;  //加密参数
    struct hks_blob *plain_text;                //纯文本（没有加密的文本）
    struct hks_blob *cipher_text_with_tag;      //带标记的密文
};

//导入密匙信息
struct hks_import_key_msg {
    const struct hks_blob *key_alias;           //密匙别名
    const struct hks_key_param *key_param;      //密匙关键参数
    const struct hks_blob *key_data;            //密匙数据
    struct hks_encrypt_material *key_material;  //密匙材料（组件）
};

//导出密匙信息
struct hks_export_key_msg {
    const struct hks_blob *key_alias;
    struct hks_blob *key_data;
    struct hks_encrypt_material *encrypt_material;  //加密材料
};

//删除密匙信息
struct hks_delete_key_msg {
    const struct hks_blob *key_alias;
};

//获取密匙关键参数信息
struct hks_get_key_param_msg {
    const struct hks_blob *key_alias;
    struct hks_key_param *key_param;
};

//判断密匙是否存在
struct hks_key_exist_msg {
    const struct hks_blob *key_alias;
};

//生成随机数
struct hks_generate_random_msg {
    struct hks_blob *random;
};

//密钥协商
struct hks_key_agreement_msg {
    struct hks_blob *agreed_key;
    const struct hks_key_param *key_param;
    uint32_t agreement_alg;
    const struct hks_blob *priv_key;
    const struct hks_blob *pub_key;
};

//密钥派生信息
struct hks_key_derivation_msg {
    struct hks_blob *derived_key;           //衍生密匙
    const struct hks_key_param *key_param;
    const struct hks_blob *kdf_key;         //密钥派生函数生成的密匙
    const struct hks_blob *salt;            //椒盐化
    const struct hks_blob *label;
};

//哈希运算验证码
struct hks_hmac_msg {
    const struct hks_blob *key;
    uint32_t alg;
    const struct hks_blob *src_data;        //数据源
    struct hks_blob *output;
};

//哈希算法
struct hks_hash_msg {
    uint32_t alg;
    const struct hks_blob *src_data;
    struct hks_blob *hash;
};

//大整数模幂运算
struct hks_bn_exp_mod_msg {
    struct hks_blob *x;      //输入
    const struct hks_blob *a;//基数
    const struct hks_blob *e;//指数
    const struct hks_blob *n;//模数
};

//获取公钥列表
struct hks_get_pub_key_list_msg {
    uint32_t *list_count;
    struct hks_blob *key_alias_list;
};

//加密解密文本
struct hks_encrypt_decrypt_text {
    const struct hks_blob *input_text;
    struct hks_blob *output_text;
};

struct sec_mod_msg {
    enum hks_cmd_type cmd_id;   //枚举类型
    int32_t status;
    union {     //共用体
        struct hks_generate_key_msg generate_key_msg;
        struct hks_generate_ex_msg generate_ex_msg;
        struct hks_encrypt_decrypt_msg encrypt_decrypt_msg;
        struct hks_sign_verify_msg sign_verify_msg;
        struct hks_import_key_msg import_key_msg;
        struct hks_export_key_msg export_key_msg;
        struct hks_delete_key_msg delete_key_msg;
        struct hks_get_key_param_msg get_key_param_msg;
        struct hks_key_exist_msg key_exist_msg;
        struct hks_generate_random_msg generate_random_msg;
        struct hks_key_agreement_msg key_agreement_msg;
        struct hks_key_derivation_msg key_derivation_msg;
        struct hks_hmac_msg hmac_msg;
        struct hks_hash_msg hash_msg;
        struct hks_bn_exp_mod_msg bn_exp_mod_msg;
        struct hks_get_pub_key_list_msg get_pub_key_list_msg;
    } msg_data;
};

函数声明

//函数声明
typedef void (*hks_handle_func_p)(struct sec_mod_msg *msg_box);
void hks_enter_secure_mode(struct sec_mod_msg *msg);    //选择安全模式
void hks_handle_secure_call(void);                      //处理安全调用

int32_t hks_access_init(void);      //hks权限初始化
void hks_access_destroy(void);      //hks权限销毁
int32_t hks_access_refresh_key_info(void);      //更新密匙信息
int32_t hks_access_generate_key(const struct hks_blob *key_alias,//生成密匙信息
    const struct hks_key_param *key_param);
int32_t hks_access_generate_key_ex(                              //生成密匙对信息
    const struct hks_key_param *key_param, struct hks_blob *priv_key, struct hks_blob *pub_key);
int32_t hks_access_sign(const struct hks_blob *key_alias,
    const struct hks_key_param *key_param, const struct hks_blob *hash, struct hks_blob *signature);
int32_t hks_access_verify(const struct hks_blob *key_alias,
    const struct hks_blob *hash, const struct hks_blob *signature);
int32_t hks_access_aead_encrypt(const struct hks_blob *key,
    const struct hks_key_param *key_param, const struct hks_crypt_param *crypt_param,
    const struct hks_blob *plain_text, struct hks_blob *cipher_text_with_tag);
int32_t hks_access_aead_decrypt(const struct hks_blob *key,
    const struct hks_key_param *key_param, const struct hks_crypt_param *crypt_param,
    const struct hks_blob *cipher_text_with_tag, struct hks_blob *plain_text);
int32_t hks_access_import_key(const struct hks_blob *key_alias,
    const struct hks_key_param *key_param, const struct hks_blob *key);
int32_t hks_access_export_key(const struct hks_blob *key_alias, struct hks_blob *key);
int32_t hks_access_delete_key(const struct hks_blob *key_alias);
int32_t hks_access_is_key_exist(const struct hks_blob *key_alias);
int32_t hks_access_get_key_param(const struct hks_blob *key_alias,
    struct hks_key_param *key_param);
int32_t hks_access_get_random(struct hks_blob *random);
int32_t hks_access_hmac(const struct hks_blob *key,
    uint32_t alg, const struct hks_blob *src_data, struct hks_blob *output);
int32_t hks_access_hash(uint32_t alg, const struct hks_blob *src_data, struct hks_blob *hash);
int32_t hks_access_key_agreement(struct hks_blob *agreed_key,
    const struct hks_key_param *private_key_param, const struct hks_blob *private_key,
    const struct hks_blob *peer_public_key, const uint32_t agreement_alg);
int32_t hks_access_key_derivation(struct hks_blob *derived_key,
    const struct hks_blob *kdf_key, const struct hks_blob *salt,
    const struct hks_blob *label, const struct hks_key_param *key_params);
int32_t hks_access_bn_exp_mod(struct hks_blob *x,
    const struct hks_blob *a, const struct hks_blob *e, const struct hks_blob *n);
int32_t hks_access_get_pub_key_alias_list(
    struct hks_blob *key_alias_list, uint32_t *list_count);