1# Anonymous Key Attestation (C/C++)
2
3Ensure network connection during the operation.
4
5## Add the dynamic library in the CMake script.
6```txt
7   target_link_libraries(entry PUBLIC libhuks_ndk.z.so)
8```
9
10## How to Develop
11
121. Set the key alias (**keyAlias**), which cannot exceed 128 bytes.
13
142. Initialize the parameter set. Use [OH_Huks_InitParamSet](../../reference/apis-universal-keystore-kit/_huks_param_set_api.md#oh_huks_initparamset), [OH_Huks_AddParams](../../reference/apis-universal-keystore-kit/_huks_param_set_api.md#oh_huks_addparams), and [OH_Huks_BuildParamSet](../../reference/apis-universal-keystore-kit/_huks_param_set_api.md#oh_huks_buildparamset) to construct **paramSet**. **paramSet** must contain [OH_Huks_KeyAlg](../../reference/apis-universal-keystore-kit/_huks_type_api.md#oh_huks_keyalg), [OH_Huks_KeySize](../../reference/apis-universal-keystore-kit/_huks_type_api.md#oh_huks_keysize), and [OH_Huks_KeyPurpose](../../reference/apis-universal-keystore-kit/_huks_type_api.md#oh_huks_keypurpose).
15
163. Use [OH_Huks_AnonAttestKeyItem](../../reference/apis-universal-keystore-kit/_huks_key_api.md#oh_huks_anonattestkeyitem) with the key alias and parameter set to perform key attestation.
17
18```c++
19#include "huks/native_huks_api.h"
20#include "huks/native_huks_param.h"
21#include <string.h>
22OH_Huks_Result InitParamSet(
23    struct OH_Huks_ParamSet **paramSet,
24    const struct OH_Huks_Param *params,
25    uint32_t paramCount)
26{
27    OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
28    if (ret.errorCode != OH_HUKS_SUCCESS) {
29        return ret;
30    }
31    ret = OH_Huks_AddParams(*paramSet, params, paramCount);
32    if (ret.errorCode != OH_HUKS_SUCCESS) {
33        OH_Huks_FreeParamSet(paramSet);
34        return ret;
35    }
36    ret = OH_Huks_BuildParamSet(paramSet);
37    if (ret.errorCode != OH_HUKS_SUCCESS) {
38        OH_Huks_FreeParamSet(paramSet);
39        return ret;
40    }
41    return ret;
42}
43static uint32_t g_size = 4096;
44static uint32_t CERT_COUNT = 4;
45void FreeCertChain(struct OH_Huks_CertChain *certChain, const uint32_t pos)
46{
47    if (certChain == nullptr || certChain->certs == nullptr) {
48        return;
49    }
50    for (uint32_t j = 0; j < pos; j++) {
51        if (certChain->certs[j].data != nullptr) {
52            free(certChain->certs[j].data);
53            certChain->certs[j].data = nullptr;
54        }
55    }
56    if (certChain->certs != nullptr) {
57        free(certChain->certs);
58        certChain->certs = nullptr;
59    }
60}
61int32_t ConstructDataToCertChain(struct OH_Huks_CertChain *certChain)
62{
63    if (certChain == nullptr) {
64        return OH_HUKS_ERR_CODE_ILLEGAL_ARGUMENT;
65    }
66    certChain->certsCount = CERT_COUNT;
67
68    certChain->certs = (struct OH_Huks_Blob *)malloc(sizeof(struct OH_Huks_Blob) * (certChain->certsCount));
69    if (certChain->certs == nullptr) {
70        return OH_HUKS_ERR_CODE_INTERNAL_ERROR;
71    }
72    for (uint32_t i = 0; i < certChain->certsCount; i++) {
73        certChain->certs[i].size = g_size;
74        certChain->certs[i].data = (uint8_t *)malloc(certChain->certs[i].size);
75        if (certChain->certs[i].data == nullptr) {
76            FreeCertChain(certChain, i);
77            return OH_HUKS_ERR_CODE_ILLEGAL_ARGUMENT;
78        }
79    }
80    return 0;
81}
82static struct OH_Huks_Param g_genAnonAttestParams[] = {
83    { .tag = OH_HUKS_TAG_ALGORITHM, .uint32Param = OH_HUKS_ALG_RSA },
84    { .tag = OH_HUKS_TAG_KEY_SIZE, .uint32Param = OH_HUKS_RSA_KEY_SIZE_2048 },
85    { .tag = OH_HUKS_TAG_PURPOSE, .uint32Param = OH_HUKS_KEY_PURPOSE_VERIFY },
86    { .tag = OH_HUKS_TAG_DIGEST, .uint32Param = OH_HUKS_DIGEST_SHA256 },
87    { .tag = OH_HUKS_TAG_PADDING, .uint32Param = OH_HUKS_PADDING_PSS },
88    { .tag = OH_HUKS_TAG_BLOCK_MODE, .uint32Param = OH_HUKS_MODE_ECB },
89};
90#define CHALLENGE_DATA "hi_challenge_data"
91static struct OH_Huks_Blob g_challenge = { sizeof(CHALLENGE_DATA), (uint8_t *)CHALLENGE_DATA };
92static napi_value AnonAttestKey(napi_env env, napi_callback_info info)
93{
94    /* 1. Set the key alias. */
95    struct OH_Huks_Blob genAlias = {
96        (uint32_t)strlen("test_anon_attest"),
97        (uint8_t *)"test_anon_attest"
98    };
99    static struct OH_Huks_Param g_anonAttestParams[] = {
100        { .tag = OH_HUKS_TAG_ATTESTATION_CHALLENGE, .blob = g_challenge },
101        { .tag = OH_HUKS_TAG_ATTESTATION_ID_ALIAS, .blob = genAlias },
102    };
103    struct OH_Huks_ParamSet *genParamSet = nullptr;
104    struct OH_Huks_ParamSet *anonAttestParamSet = nullptr;
105    OH_Huks_Result ohResult;
106    OH_Huks_Blob certs = { 0 };
107    OH_Huks_CertChain certChain = { &certs, 0 };
108    do {
109        /* 2. Initialize the key parameter set. */
110        ohResult = InitParamSet(&genParamSet, g_genAnonAttestParams, sizeof(g_genAnonAttestParams) / sizeof(OH_Huks_Param));
111        if (ohResult.errorCode != OH_HUKS_SUCCESS) {
112            break;
113        }
114        ohResult = InitParamSet(&anonAttestParamSet, g_anonAttestParams, sizeof(g_anonAttestParams) / sizeof(OH_Huks_Param));
115        if (ohResult.errorCode != OH_HUKS_SUCCESS) {
116            break;
117        }
118        ohResult = OH_Huks_GenerateKeyItem(&genAlias, genParamSet, nullptr);
119        if (ohResult.errorCode != OH_HUKS_SUCCESS) {
120            break;
121        }
122
123        (void)ConstructDataToCertChain(&certChain);
124        /* 3. Attest the key. */
125        ohResult = OH_Huks_AnonAttestKeyItem(&genAlias, anonAttestParamSet, &certChain);
126    } while (0);
127    FreeCertChain(&certChain, CERT_COUNT);
128    OH_Huks_FreeParamSet(&genParamSet);
129    OH_Huks_FreeParamSet(&anonAttestParamSet);
130    (void)OH_Huks_DeleteKeyItem(&genAlias, NULL);
131
132    napi_value ret;
133    napi_create_int32(env, ohResult.errorCode, &ret);
134    return ret;
135}
136```
137