HUKS用户认证通过PIN生成密钥

对于HUKS用于用户认证,依赖于IAM部件的能力,因此HUKS是可以通过生物特征和密码去进行用户认证。

HarmonyOS
2024-05-28 21:25:54
浏览
收藏 0
回答 1
回答 1
按赞同
/
按时间
走在河边捡到鱼

使用的核心API

HuksAuthAccessType

HuksUserAuthType

核心代码解释

//密钥属性中要注意在使用生物特征验证的时候使用的是 
HuksAuthAccessType对应的属性是 
HUKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD //安全访问控制类型为清除密钥后密钥无效 
HuksUserAuthType对应的属性是 
HUKS_USER_AUTH_TYPE_PIN    //用户认证类型为PIN码 
import huks from '@ohos.security.huks'; 
import { BusinessError } from '@ohos.base'; 
/* 
* 确定密钥别名和封装密钥属性参数集 
*/ 
let keyAlias = 'test_sm4_key_alias'; 
let properties: Array<huks.HuksParam> = new Array(); 
properties[0] = { 
tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 
value: huks.HuksKeyAlg.HUKS_ALG_SM4, 
} 
properties[1] = { 
tag: huks.HuksTag.HUKS_TAG_PURPOSE, 
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT, 
} 
properties[2] = { 
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 
value: huks.HuksKeySize.HUKS_SM4_KEY_SIZE_128, 
} 
properties[3] = { 
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 
value: huks.HuksCipherMode.HUKS_MODE_CBC, 
} 
properties[4] = { 
tag: huks.HuksTag.HUKS_TAG_PADDING, 
value: huks.HuksKeyPadding.HUKS_PADDING_NONE, 
} 
// 指定密钥身份认证的类型:PIN 
properties[5] = { 
tag: huks.HuksTag.HUKS_TAG_USER_AUTH_TYPE, 
value: huks.HuksUserAuthType.HUKS_USER_AUTH_TYPE_PIN 
} 
// 指定密钥安全授权的类型(失效类型):安全访问控制类型为清除密钥后密钥无效。 
properties[6] = { 
tag: huks.HuksTag.HUKS_TAG_KEY_AUTH_ACCESS_TYPE, 
value: huks.HuksAuthAccessType.HUKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD 
} 
// 指定挑战值的类型:默认类型 
properties[7] = { 
tag: huks.HuksTag.HUKS_TAG_CHALLENGE_TYPE, 
value: huks.HuksChallengeType.HUKS_CHALLENGE_TYPE_NORMAL 
} 
let huksOptions : huks.HuksOptions = { 
properties: properties, 
inData: new Uint8Array(new Array()) 
} 
/* 
* 生成密钥 
*/ 
class throwObject { 
isThrow:boolean = false 
} 
function generateKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { 
return new Promise<void>((resolve, reject) => { 
  try { 
    huks.generateKeyItem(keyAlias, huksOptions, (error, data) => { 
      if (error) { 
        reject(error); 
      } else { 
        resolve(data); 
      } 
    }); 
  } catch (error) { 
    throwObject.isThrow = true; 
    throw(error as Error); 
  } 
}); 
} 
async function publicGenKeyFunc(keyAlias:string, huksOptions:huks.HuksOptions) { 
console.info(`enter promise generateKeyItem`); 
let throwObject : throwObject = {isThrow: false}; 
try { 
  await generateKeyItem(keyAlias, huksOptions, throwObject) 
    .then((data) => { 
      console.info(`promise: generateKeyItem success, data = ${JSON.stringify(data)}`); 
    }) 
    .catch((error : BusinessError) => { 
      if (throwObject.isThrow) { 
        throw(error as Error); 
      } else { 
        console.error(`promise: generateKeyItem failed` + error); 
      } 
    }); 
} catch (error) { 
  console.error(`promise: generateKeyItem input arg invalid` + error); 
} 
} 
export async function TestGenKeyForFingerprintAccessControl() { 
await publicGenKeyFunc(keyAlias, huksOptions); 
}
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62.
  • 63.
  • 64.
  • 65.
  • 66.
  • 67.
  • 68.
  • 69.
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 75.
  • 76.
  • 77.
  • 78.
  • 79.
  • 80.
  • 81.
  • 82.
  • 83.
  • 84.
  • 85.
  • 86.
  • 87.
  • 88.
  • 89.
  • 90.
  • 91.
  • 92.
  • 93.
  • 94.
  • 95.

下面代码是密钥认证的代码:

import huks from '@ohos.security.huks'; 
import userIAM_userAuth from '@ohos.userIAM.userAuth'; 
import { BusinessError } from '@ohos.base'; 
/* 
* 确定密钥别名和封装密钥属性参数集 
*/ 
let srcKeyAlias = 'sm4_key_fingerprint_access'; 
let handle : number; 
let challenge : Uint8Array; 
let fingerAuthToken : Uint8Array; 
let authType = userIAM_userAuth.UserAuthType.PIN; 
let authTrustLevel = userIAM_userAuth.AuthTrustLevel.ATL1; 
/* 集成生成密钥参数集 & 加密参数集 */ 
let properties : Array<huks.HuksParam> = new Array(); 
properties[0] = { 
tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 
value: huks.HuksKeyAlg.HUKS_ALG_SM4, 
} 
properties[1] = { 
tag: huks.HuksTag.HUKS_TAG_PURPOSE, 
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT, 
} 
properties[2] = { 
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 
value: huks.HuksKeySize.HUKS_SM4_KEY_SIZE_128, 
} 
properties[3] = { 
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 
value: huks.HuksCipherMode.HUKS_MODE_CBC, 
} 
properties[4] = { 
tag: huks.HuksTag.HUKS_TAG_PADDING, 
value: huks.HuksKeyPadding.HUKS_PADDING_NONE, 
} 
let huksOptions : huks.HuksOptions = { 
properties: properties, 
inData: new Uint8Array(new Array()) 
} 
class throwObject { 
isThrow:boolean=false 
} 
function initSession(keyAlias:string, huksOptions:huks.HuksOptions, throwObject:throwObject) { 
return new Promise<huks.HuksSessionHandle>((resolve, reject) => { 
  try { 
    huks.initSession(keyAlias, huksOptions, (error, data) =>{ 
      if (error) { 
        reject(error); 
      } else { 
        resolve(data); 
      } 
    }); 
  } catch (error) { 
    throwObject.isThrow = true; 
    throw(error as Error); 
  } 
}); 
} 
async function publicInitFunc(keyAlias:string, huksOptions:huks.HuksOptions) { 
console.info(`enter promise doInit`); 
let throwObject : throwObject = {isThrow: false}; 
try { 
  await initSession(keyAlias, huksOptions, throwObject) 
    .then ((data) => { 
      console.info(`promise: doInit success, data = ${JSON.stringify(data)}`); 
      handle = data.handle; 
      challenge = data.challenge as Uint8Array; 
    }) 
    .catch((error : BusinessError) => { 
      if (throwObject.isThrow) { 
        throw(error as Error); 
      } else { 
        console.error(`promise: doInit failed` + error); 
      } 
    }); 
} catch (error) { 
  console.error(`promise: doInit input arg invalid` + error); 
} 
} 
function userIAMAuthFinger(huksChallenge:Uint8Array) { 
// 获取认证对象 
let authTypeList:userIAM_userAuth.UserAuthType[]= new Array(); 
authTypeList[0] = authType; 
const authParam:userIAM_userAuth.AuthParam = { 
  challenge: new Uint8Array([49, 49, 49, 49, 49, 49]), 
  authType: authTypeList, 
  authTrustLevel: userIAM_userAuth.AuthTrustLevel.ATL1 
}; 
const widgetParam:userIAM_userAuth.WidgetParam = { 
  title: '请输入密钥', 
}; 
let auth : userIAM_userAuth.UserAuthInstance; 
try { 
  auth = userIAM_userAuth.getUserAuthInstance(authParam, widgetParam); 
  console.log("get auth instance success"); 
} catch (error) { 
  console.error("get auth instance failed" + error); 
  return; 
} 
// 订阅认证结果 
try { 
  auth.on("result", { 
    onResult(result) { 
      console.log("[HUKS] -> [IAM] userAuthInstance callback result = " + JSON.stringify(result)); 
      fingerAuthToken = result.token; 
    } 
  }); 
  console.log("subscribe authentication event success"); 
} catch (error) { 
  console.error("subscribe authentication event failed " + error); 
} 
// 开始认证 
try { 
  auth.start(); 
  console.info("authV9 start auth success"); 
} catch (error) { 
  console.error("authV9 start auth failed, error = " + error); 
} 
} 
export async function testInitAndAuthFinger() { 
/* 初始化密钥会话获取挑战值 */ 
await publicInitFunc(srcKeyAlias, huksOptions); 
/* 调用userIAM进行身份认证 */ 
userIAMAuthFinger(challenge); 
}
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62.
  • 63.
  • 64.
  • 65.
  • 66.
  • 67.
  • 68.
  • 69.
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 75.
  • 76.
  • 77.
  • 78.
  • 79.
  • 80.
  • 81.
  • 82.
  • 83.
  • 84.
  • 85.
  • 86.
  • 87.
  • 88.
  • 89.
  • 90.
  • 91.
  • 92.
  • 93.
  • 94.
  • 95.
  • 96.
  • 97.
  • 98.
  • 99.
  • 100.
  • 101.
  • 102.
  • 103.
  • 104.
  • 105.
  • 106.
  • 107.
  • 108.
  • 109.
  • 110.
  • 111.
  • 112.
  • 113.
  • 114.
  • 115.
  • 116.
  • 117.
  • 118.
  • 119.
  • 120.
  • 121.
  • 122.
  • 123.
  • 124.

说明:由于用户认证方式为密钥输入,录屏中为黑屏的部分是输入密钥的时间

  适配的版本信息

  •  IDE:DevEco Studio 4.1.3.500
  •  SDK:HarmoneyOS NEXT
分享
微博
QQ
微信
回复
2024-05-29 22:36:26


相关问题
huks密钥库导入自定义密钥
663浏览 • 1回复 待解决
Huks如何导入AES的密钥
1142浏览 • 1回复 待解决
HarmonyOS HUKS 密钥证明根证书的问题
771浏览 • 1回复 待解决
HarmonyOS 用户认证
276浏览 • 1回复 待解决
huks ECC指纹认证签名验签报错
1859浏览 • 1回复 待解决
HarmonyOS 用户认证问题
483浏览 • 1回复 待解决
ArkTS生成密钥问题有哪些?
630浏览 • 1回复 待解决
用户认证功能有哪些?
1163浏览 • 1回复 待解决
HarmonyOS 生成SM2密钥对报错
516浏览 • 1回复 待解决