HMAC(C/C++)
HMAC是密钥相关的哈希运算消息认证码(Hash-based Message Authentication Code),是一种基于Hash函数和密钥进行消息认证的方法。
在CMake脚本中链接相关动态库
target_link_libraries(entry PUBLIC libhuks_ndk.z.so)
开发步骤
生成密钥
- 指定密钥别名。
- 初始化密钥属性集。
- 调用OH_Huks_GenerateKeyItem生成密钥,HMAC支持的规格请参考[密钥生成]。
- 开发前请熟悉鸿蒙开发指导文档:
gitee.com/li-shizhen-skin/harmony-os/blob/master/README.md点击或者复制转到。
除此之外,开发者也可以参考[密钥导入]的规格介绍,导入已有的密钥。
执行HMAC
- 获取密钥别名。
- 获取待运算的数据。
- 调用[OH_Huks_InitParamSet]指定算法参数配置。
- 调用[OH_Huks_InitSession]初始化密钥会话,并获取会话的句柄handle。
- 调用[OH_Huks_FinishSession]结束密钥会话,获取哈希后的数据。
#include "huks/native_huks_api.h"
#include "huks/native_huks_param.h"
#include <string.h>
OH_Huks_Result InitParamSet(
struct OH_Huks_ParamSet **paramSet,
const struct OH_Huks_Param *params,
uint32_t paramCount)
{
OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
if (ret.errorCode != OH_HUKS_SUCCESS) {
return ret;
}
ret = OH_Huks_AddParams(*paramSet, params, paramCount);
if (ret.errorCode != OH_HUKS_SUCCESS) {
OH_Huks_FreeParamSet(paramSet);
return ret;
}
ret = OH_Huks_BuildParamSet(paramSet);
if (ret.errorCode != OH_HUKS_SUCCESS) {
OH_Huks_FreeParamSet(paramSet);
return ret;
}
return ret;
}
static struct OH_Huks_Param g_genHmacParams[] = {
{
.tag = OH_HUKS_TAG_ALGORITHM,
.uint32Param = OH_HUKS_ALG_HMAC
}, {
.tag = OH_HUKS_TAG_PURPOSE,
.uint32Param = OH_HUKS_KEY_PURPOSE_MAC
}, {
.tag = OH_HUKS_TAG_KEY_SIZE,
.uint32Param = OH_HUKS_AES_KEY_SIZE_256
}, {
.tag = OH_HUKS_TAG_DIGEST,
.uint32Param = OH_HUKS_DIGEST_SHA384
}
};
static const uint32_t HMAC_COMMON_SIZE = 1024;
OH_Huks_Result HksHmacTest(
const struct OH_Huks_Blob *keyAlias,
const struct OH_Huks_ParamSet *hmacParamSet, const struct OH_Huks_Blob *inData, struct OH_Huks_Blob *hashText)
{
uint8_t handleE[sizeof(uint64_t)] = {0};
struct OH_Huks_Blob handle = {sizeof(uint64_t), handleE};
OH_Huks_Result ret = OH_Huks_InitSession(keyAlias, hmacParamSet, &handle, nullptr);
if (ret.errorCode != OH_HUKS_SUCCESS) {
return ret;
}
ret = OH_Huks_FinishSession(&handle, hmacParamSet, inData, hashText);
return ret;
}
static napi_value HmacKey(napi_env env, napi_callback_info info)
{
char tmpKeyAlias[] = "test_hmac";
struct OH_Huks_Blob keyAlias = { (uint32_t)strlen(tmpKeyAlias), (uint8_t *)tmpKeyAlias };
struct OH_Huks_ParamSet *hmacParamSet = nullptr;
OH_Huks_Result ohResult;
do {
/* 1. Generate Key */
/*
* 模拟生成密钥场景
* 1.1. 确定密钥别名
*/
/*
* 1.2. 获取生成密钥算法参数配置
*/
ohResult = InitParamSet(&hmacParamSet, g_genHmacParams, sizeof(g_genHmacParams) / sizeof(OH_Huks_Param));
if (ohResult.errorCode != OH_HUKS_SUCCESS) {
break;
}
/*
* 1.3. 调用generateKeyItem
*/
ohResult = OH_Huks_GenerateKeyItem(&keyAlias, hmacParamSet, nullptr);
if (ohResult.errorCode != OH_HUKS_SUCCESS) {
break;
}
/* 2. Hmac */
/*
* 模拟哈希场景
* 2.1. 获取密钥别名
*/
/*
* 2.2. 获取待哈希的数据
*/
char tmpInData[] = "HMAC_MAC_INDATA_1";
struct OH_Huks_Blob inData = { (uint32_t)strlen(tmpInData), (uint8_t *)tmpInData };
uint8_t cipher[HMAC_COMMON_SIZE] = {0};
struct OH_Huks_Blob hashText = {HMAC_COMMON_SIZE, cipher};
/*
* 2.3. 调用initSession获取handle
*/
/*
* 2.4. 调用finishSession获取哈希后的内容
*/
ohResult = HksHmacTest(&keyAlias, hmacParamSet, &inData, &hashText);
if (ohResult.errorCode != OH_HUKS_SUCCESS) {
break;
}
} while (0);
OH_Huks_FreeParamSet(&hmacParamSet);
}
