HUKS用户认证通过PIN生成密钥

对于HUKS用于用户认证,依赖于IAM部件的能力,因此HUKS是可以通过生物特征和密码去进行用户认证。

HarmonyOS
2024-05-28 21:25:54
浏览
收藏 0
回答 1
待解决
回答 1
按赞同
/
按时间
ssscan

使用的核心API

HuksAuthAccessType

HuksUserAuthType

核心代码解释

//密钥属性中要注意在使用生物特征验证的时候使用的是 
HuksAuthAccessType对应的属性是 
HUKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD //安全访问控制类型为清除密钥后密钥无效 
HuksUserAuthType对应的属性是 
HUKS_USER_AUTH_TYPE_PIN    //用户认证类型为PIN码 
import huks from '@ohos.security.huks'; 
import { BusinessError } from '@ohos.base'; 
/* 
* 确定密钥别名和封装密钥属性参数集 
*/ 
let keyAlias = 'test_sm4_key_alias'; 
let properties: Array<huks.HuksParam> = new Array(); 
properties[0] = { 
tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 
value: huks.HuksKeyAlg.HUKS_ALG_SM4, 
} 
properties[1] = { 
tag: huks.HuksTag.HUKS_TAG_PURPOSE, 
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT, 
} 
properties[2] = { 
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 
value: huks.HuksKeySize.HUKS_SM4_KEY_SIZE_128, 
} 
properties[3] = { 
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 
value: huks.HuksCipherMode.HUKS_MODE_CBC, 
} 
properties[4] = { 
tag: huks.HuksTag.HUKS_TAG_PADDING, 
value: huks.HuksKeyPadding.HUKS_PADDING_NONE, 
} 
// 指定密钥身份认证的类型:PIN 
properties[5] = { 
tag: huks.HuksTag.HUKS_TAG_USER_AUTH_TYPE, 
value: huks.HuksUserAuthType.HUKS_USER_AUTH_TYPE_PIN 
} 
// 指定密钥安全授权的类型(失效类型):安全访问控制类型为清除密钥后密钥无效。 
properties[6] = { 
tag: huks.HuksTag.HUKS_TAG_KEY_AUTH_ACCESS_TYPE, 
value: huks.HuksAuthAccessType.HUKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD 
} 
// 指定挑战值的类型:默认类型 
properties[7] = { 
tag: huks.HuksTag.HUKS_TAG_CHALLENGE_TYPE, 
value: huks.HuksChallengeType.HUKS_CHALLENGE_TYPE_NORMAL 
} 
let huksOptions : huks.HuksOptions = { 
properties: properties, 
inData: new Uint8Array(new Array()) 
} 
/* 
* 生成密钥 
*/ 
class throwObject { 
isThrow:boolean = false 
} 
function generateKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { 
return new Promise<void>((resolve, reject) => { 
  try { 
    huks.generateKeyItem(keyAlias, huksOptions, (error, data) => { 
      if (error) { 
        reject(error); 
      } else { 
        resolve(data); 
      } 
    }); 
  } catch (error) { 
    throwObject.isThrow = true; 
    throw(error as Error); 
  } 
}); 
} 
async function publicGenKeyFunc(keyAlias:string, huksOptions:huks.HuksOptions) { 
console.info(`enter promise generateKeyItem`); 
let throwObject : throwObject = {isThrow: false}; 
try { 
  await generateKeyItem(keyAlias, huksOptions, throwObject) 
    .then((data) => { 
      console.info(`promise: generateKeyItem success, data = ${JSON.stringify(data)}`); 
    }) 
    .catch((error : BusinessError) => { 
      if (throwObject.isThrow) { 
        throw(error as Error); 
      } else { 
        console.error(`promise: generateKeyItem failed` + error); 
      } 
    }); 
} catch (error) { 
  console.error(`promise: generateKeyItem input arg invalid` + error); 
} 
} 
export async function TestGenKeyForFingerprintAccessControl() { 
await publicGenKeyFunc(keyAlias, huksOptions); 
}

下面代码是密钥认证的代码:

import huks from '@ohos.security.huks'; 
import userIAM_userAuth from '@ohos.userIAM.userAuth'; 
import { BusinessError } from '@ohos.base'; 
/* 
* 确定密钥别名和封装密钥属性参数集 
*/ 
let srcKeyAlias = 'sm4_key_fingerprint_access'; 
let handle : number; 
let challenge : Uint8Array; 
let fingerAuthToken : Uint8Array; 
let authType = userIAM_userAuth.UserAuthType.PIN; 
let authTrustLevel = userIAM_userAuth.AuthTrustLevel.ATL1; 
/* 集成生成密钥参数集 & 加密参数集 */ 
let properties : Array<huks.HuksParam> = new Array(); 
properties[0] = { 
tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 
value: huks.HuksKeyAlg.HUKS_ALG_SM4, 
} 
properties[1] = { 
tag: huks.HuksTag.HUKS_TAG_PURPOSE, 
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT, 
} 
properties[2] = { 
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 
value: huks.HuksKeySize.HUKS_SM4_KEY_SIZE_128, 
} 
properties[3] = { 
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 
value: huks.HuksCipherMode.HUKS_MODE_CBC, 
} 
properties[4] = { 
tag: huks.HuksTag.HUKS_TAG_PADDING, 
value: huks.HuksKeyPadding.HUKS_PADDING_NONE, 
} 
let huksOptions : huks.HuksOptions = { 
properties: properties, 
inData: new Uint8Array(new Array()) 
} 
class throwObject { 
isThrow:boolean=false 
} 
function initSession(keyAlias:string, huksOptions:huks.HuksOptions, throwObject:throwObject) { 
return new Promise<huks.HuksSessionHandle>((resolve, reject) => { 
  try { 
    huks.initSession(keyAlias, huksOptions, (error, data) =>{ 
      if (error) { 
        reject(error); 
      } else { 
        resolve(data); 
      } 
    }); 
  } catch (error) { 
    throwObject.isThrow = true; 
    throw(error as Error); 
  } 
}); 
} 
async function publicInitFunc(keyAlias:string, huksOptions:huks.HuksOptions) { 
console.info(`enter promise doInit`); 
let throwObject : throwObject = {isThrow: false}; 
try { 
  await initSession(keyAlias, huksOptions, throwObject) 
    .then ((data) => { 
      console.info(`promise: doInit success, data = ${JSON.stringify(data)}`); 
      handle = data.handle; 
      challenge = data.challenge as Uint8Array; 
    }) 
    .catch((error : BusinessError) => { 
      if (throwObject.isThrow) { 
        throw(error as Error); 
      } else { 
        console.error(`promise: doInit failed` + error); 
      } 
    }); 
} catch (error) { 
  console.error(`promise: doInit input arg invalid` + error); 
} 
} 
function userIAMAuthFinger(huksChallenge:Uint8Array) { 
// 获取认证对象 
let authTypeList:userIAM_userAuth.UserAuthType[]= new Array(); 
authTypeList[0] = authType; 
const authParam:userIAM_userAuth.AuthParam = { 
  challenge: new Uint8Array([49, 49, 49, 49, 49, 49]), 
  authType: authTypeList, 
  authTrustLevel: userIAM_userAuth.AuthTrustLevel.ATL1 
}; 
const widgetParam:userIAM_userAuth.WidgetParam = { 
  title: '请输入密钥', 
}; 
let auth : userIAM_userAuth.UserAuthInstance; 
try { 
  auth = userIAM_userAuth.getUserAuthInstance(authParam, widgetParam); 
  console.log("get auth instance success"); 
} catch (error) { 
  console.error("get auth instance failed" + error); 
  return; 
} 
// 订阅认证结果 
try { 
  auth.on("result", { 
    onResult(result) { 
      console.log("[HUKS] -> [IAM] userAuthInstance callback result = " + JSON.stringify(result)); 
      fingerAuthToken = result.token; 
    } 
  }); 
  console.log("subscribe authentication event success"); 
} catch (error) { 
  console.error("subscribe authentication event failed " + error); 
} 
// 开始认证 
try { 
  auth.start(); 
  console.info("authV9 start auth success"); 
} catch (error) { 
  console.error("authV9 start auth failed, error = " + error); 
} 
} 
export async function testInitAndAuthFinger() { 
/* 初始化密钥会话获取挑战值 */ 
await publicInitFunc(srcKeyAlias, huksOptions); 
/* 调用userIAM进行身份认证 */ 
userIAMAuthFinger(challenge); 
}

说明:由于用户认证方式为密钥输入,录屏中为黑屏的部分是输入密钥的时间

  适配的版本信息

  •  IDE:DevEco Studio 4.1.3.500
  •  SDK:HarmoneyOS NEXT
分享
微博
QQ
微信
回复
2024-05-29 22:36:26
相关问题
Huks如何导入AES的密钥
325浏览 • 1回复 待解决
huks ECC指纹认证签名验签报错
390浏览 • 1回复 待解决
用户认证功能有哪些?
390浏览 • 1回复 待解决
如何通过uuid生成、md5、RSA、AES、 DES
643浏览 • 1回复 待解决