1# Security Subsystem ChangeLog 2 3## cl.security.1 Change of the setSeed API of Random from Asynchronous to Synchronous 4 5**Change Impacts** 6 7Behavior of released JavaScript APIs will be changed. 8The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 9 10**Key API/Component Changes** 11API prototype before the change: 12setSeed(seed : DataBlob, callback : AsyncCallback\<void>) : void; 13setSeed(seed : DataBlob) : Promise\<void>; 14API prototype after the change: 15setSeed(seed : DataBlob) : void; 16 17**Adaptation Guide** 18See the API adaptation guide of **setSeed** in the API reference: 19[Crypto Framework - API Reference](https://gitee.com/openharmony/docs/blob/master/en/application-dev/reference/apis/js-apis-cryptoFramework.md) 20 21 22## cl.security.2 Migration of interface DataArray from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts 23**Change Impacts** 24 25Behavior of released JavaScript APIs will be changed. 26The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 27 28**Key API/Component Changes** 29Migrated **interface DataArray** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 30 31**Adaptation Guide** 32Import and use the new .d.ts file: 33import cryptoCert from '@ohos.security.cert'; 34See the corresponding API adaptation guide in the API reference: 35[Certificate - API Reference](https://gitee.com/openharmony/docs/blob/master/en/application-dev/reference/apis/js-apis-cert.md) 36 37 38## cl.security.3 Migration of interface EncodingFormat from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts 39**Change Impacts** 40 41Behavior of released JavaScript APIs will be changed. 42The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 43 44**Key API/Component Changes** 45Migrated **interface EncodingFormat** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 46 47**Adaptation Guide** 48Import and use the new .d.ts file: 49import cryptoCert from '@ohos.security.cert'; 50See the corresponding API adaptation guide in the API reference: 51[Certificate - API Reference](https://gitee.com/openharmony/docs/blob/master/en/application-dev/reference/apis/js-apis-cert.md) 52 53 54## cl.security.4 Migration of interface EncodingBlob from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts 55**Change Impacts** 56 57Behavior of released JavaScript APIs will be changed. 58The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 59 60**Key API/Component Changes** 61Migrated **interface EncodingBlob** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 62 63**Adaptation Guide** 64Import and use the new .d.ts file: 65import cryptoCert from '@ohos.security.cert'; 66See the corresponding API adaptation guide in the API reference: 67[Certificate - API Reference](https://gitee.com/openharmony/docs/blob/master/en/application-dev/reference/apis/js-apis-cert.md) 68 69 70## cl.security.5 Migration of interface CertChainData from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts 71**Change Impacts** 72 73Behavior of released JavaScript APIs will be changed. 74The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 75 76**Key API/Component Changes** 77Migrated **interface CertChainData** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 78 79**Adaptation Guide** 80Import and use the new .d.ts file: 81import cryptoCert from '@ohos.security.cert'; 82See the corresponding API adaptation guide in the API reference: 83[Certificate - API Reference](https://gitee.com/openharmony/docs/blob/master/en/application-dev/reference/apis/js-apis-cert.md) 84 85 86## cl.security.6 Migration of interface X509Cert from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts 87**Change Impacts** 88 89Behavior of released JavaScript APIs will be changed. 90The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 91 92**Key API/Component Changes** 93Migrated **interface X509Cert** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 94 95**Adaptation Guide** 96Import and use the new .d.ts file: 97import cryptoCert from '@ohos.security.cert'; 98See the corresponding API adaptation guide in the API reference: 99[Certificate - API Reference](https://gitee.com/openharmony/docs/blob/master/en/application-dev/reference/apis/js-apis-cert.md) 100 101 102## cl.security.7 Migration of function createX509Cert from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts 103**Change Impacts** 104 105Behavior of released JavaScript APIs will be changed. 106The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 107 108**Key API/Component Changes** 109Migrated **function createX509Cert** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 110 111**Adaptation Guide** 112Import and use the new .d.ts file: 113import cryptoCert from '@ohos.security.cert'; 114See the corresponding API adaptation guide in the API reference: 115[Certificate - API Reference](https://gitee.com/openharmony/docs/blob/master/en/application-dev/reference/apis/js-apis-cert.md) 116 117 118## cl.security.8 Migration of interface X509CrlEntry from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts. 119**Change Impacts** 120 121Behavior of released JavaScript APIs will be changed. 122The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 123 124**Key API/Component Changes** 125Migrated **interface X509CrlEntry** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 126 127**Adaptation Guide** 128Import and use the new .d.ts file: 129import cryptoCert from '@ohos.security.cert'; 130See the corresponding API adaptation guide in the API reference: 131[Certificate - API Reference](https://gitee.com/openharmony/docs/blob/master/en/application-dev/reference/apis/js-apis-cert.md) 132 133 134## cl.security.9 Migration of interface X509Crl from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts 135**Change Impacts** 136 137Behavior of released JavaScript APIs will be changed. 138The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 139 140**Key API/Component Changes** 141Migrated **interface X509Crl** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 142 143**Adaptation Guide** 144Import and use the new .d.ts file: 145import cryptoCert from '@ohos.security.cert'; 146See the corresponding API adaptation guide in the API reference: 147[Certificate - API Reference](https://gitee.com/openharmony/docs/blob/master/en/application-dev/reference/apis/js-apis-cert.md) 148 149 150## cl.security.10 Migration of function createX509Crl from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts 151**Change Impacts** 152 153Behavior of released JavaScript APIs will be changed. 154The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 155 156**Key API/Component Changes** 157Migrated **function createX509Crl** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 158 159**Adaptation Guide** 160Import and use the new .d.ts file: 161import cryptoCert from '@ohos.security.cert'; 162See the corresponding API adaptation guide in the API reference: 163[Certificate - API Reference](https://gitee.com/openharmony/docs/blob/master/en/application-dev/reference/apis/js-apis-cert.md) 164 165 166## cl.security.11 Migration of interface CertChainValidator from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts 167**Change Impacts** 168 169Behavior of released JavaScript APIs will be changed. 170The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 171 172**Key API/Component Changes** 173Migrated **interface CertChainValidator** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 174 175**Adaptation Guide** 176Import and use the new .d.ts file: 177import cryptoCert from '@ohos.security.cert'; 178See the corresponding API adaptation guide in the API reference: 179[Certificate - API Reference](https://gitee.com/openharmony/docs/blob/master/en/application-dev/reference/apis/js-apis-cert.md) 180 181 182## cl.security.12 Migration of function createCertChainValidator from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts 183**Change Impacts** 184 185Behavior of released JavaScript APIs will be changed. 186The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 187 188**Key API/Component Changes** 189Migrated **function createCertChainValidator** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**. 190 191**Adaptation Guide** 192Import and use the new .d.ts file: 193import cryptoCert from '@ohos.security.cert'; 194See the corresponding API adaptation guide in the API reference: 195[Certificate - API Reference](https://gitee.com/openharmony/docs/blob/master/en/application-dev/reference/apis/js-apis-cert.md) 196 197 198## cl.security.13 Change of the getPublicKey API of X509Cert from Asynchronous to Synchronous 199**Change Impacts** 200 201Behavior of released JavaScript APIs will be changed. 202The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 203 204**Key API/Component Changes** 205API prototype before the change: 206getPublicKey(callback : AsyncCallback\<PubKey>) : void; 207getPublicKey() : Promise\<PubKey>; 208API prototype after the change: 209getPublicKey() : cryptoFramework.PubKey; 210 211**Adaptation Guide** 212See the corresponding API adaptation guide in the API reference: 213[Certificate - API Reference](https://gitee.com/openharmony/docs/blob/master/en/application-dev/reference/apis/js-apis-cert.md) 214 215 216## cl.security.14 Change of the checkValidityWithDate API of X509Cert from Asynchronous to Synchronous 217**Change Impacts** 218 219Behavior of released JavaScript APIs will be changed. 220The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 221 222**Key API/Component Changes** 223API prototype before the change: 224checkValidityWithDate(date: string, callback : AsyncCallback\<void>) : void; 225checkValidityWithDate(date: string) : Promise\<void>; 226API prototype after the change: 227checkValidityWithDate(date: string) : void; 228 229**Adaptation Guide** 230See the corresponding API adaptation guide in the API reference: 231[Certificate - API Reference](https://gitee.com/openharmony/docs/blob/master/en/application-dev/reference/apis/js-apis-cert.md) 232 233 234## cl.security.15 Change of the getCertIssuer API of X509CrlEntry from Asynchronous to Synchronous 235**Change Impacts** 236 237Behavior of released JavaScript APIs will be changed. 238The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 239 240**Key API/Component Changes** 241API prototype before the change: 242getCertIssuer(callback : AsyncCallback\<DataBlob>) : void; 243getCertIssuer() : Promise\<DataBlob>; 244 245API prototype after the change: 246getCertIssuer() : DataBlob; 247 248**Adaptation Guide** 249See the corresponding API adaptation guide in the API reference: 250[Certificate - API Reference](https://gitee.com/openharmony/docs/blob/master/en/application-dev/reference/apis/js-apis-cert.md) 251 252 253## cl.security.16 Change of the getRevocationDate API of X509CrlEntry from Asynchronous to Synchronous 254**Change Impacts** 255 256Behavior of released JavaScript APIs will be changed. 257The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 258 259**Key API/Component Changes** 260API prototype before the change: 261getRevocationDate(callback : AsyncCallback\<string>) : void; 262getRevocationDate() : Promise\<string>; 263 264API prototype after the change: 265getRevocationDate() : string; 266 267**Adaptation Guide** 268See the corresponding API adaptation guide in the API reference: 269[Certificate - API Reference](https://gitee.com/openharmony/docs/blob/master/en/application-dev/reference/apis/js-apis-cert.md) 270 271 272## cl.security.17 Change of the isRevoked API of X509Crl from Asynchronous to Synchronous 273**Change Impacts** 274 275Behavior of released JavaScript APIs will be changed. 276The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 277 278**Key API/Component Changes** 279API prototype before the change: 280isRevoked(cert : X509Cert, callback : AsyncCallback\<boolean>) : void; 281isRevoked(cert : X509Cert) : Promise\<boolean>; 282 283API prototype after the change: 284isRevoked(cert : X509Cert) : boolean; 285 286**Adaptation Guide** 287See the corresponding API adaptation guide in the API reference: 288[Certificate - API Reference](https://gitee.com/openharmony/docs/blob/master/en/application-dev/reference/apis/js-apis-cert.md) 289 290 291## cl.security.18 Change of the getRevokedCert API of X509Crl from Asynchronous to Synchronous 292**Change Impacts** 293 294Behavior of released JavaScript APIs will be changed. 295The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 296 297**Key API/Component Changes** 298API prototype before the change: 299getRevokedCert(serialNumber : number, callback : AsyncCallback\<X509CrlEntry>) : void; 300getRevokedCert(serialNumber : number) : Promise\<X509CrlEntry>; 301 302API prototype after the change: 303getRevokedCert(serialNumber : number) : X509CrlEntry; 304 305**Adaptation Guide** 306See the corresponding API adaptation guide in the API reference: 307[Certificate - API Reference](https://gitee.com/openharmony/docs/blob/master/en/application-dev/reference/apis/js-apis-cert.md) 308 309 310## cl.security.19 Change of the getRevokedCertWithCert API of X509Crl from Asynchronous to Synchronous 311**Change Impacts** 312 313Behavior of released JavaScript APIs will be changed. 314The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 315 316**Key API/Component Changes** 317API prototype before the change: 318getRevokedCertWithCert(cert : X509Cert, callback : AsyncCallback\<X509CrlEntry>) : void; 319getRevokedCertWithCert(cert : X509Cert) : Promise\<X509CrlEntry>; 320 321API prototype after the change: 322getRevokedCertWithCert(cert : X509Cert) : X509CrlEntry; 323 324**Adaptation Guide** 325See the corresponding API adaptation guide in the API reference: 326[Certificate - API Reference](https://gitee.com/openharmony/docs/blob/master/en/application-dev/reference/apis/js-apis-cert.md) 327 328 329## cl.security.20 Change of the getTbsInfo API of X509Crl from Asynchronous to Synchronous 330**Change Impacts** 331 332Behavior of released JavaScript APIs will be changed. 333The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version. 334 335**Key API/Component Changes** 336API prototype before the change: 337getTbsInfo(callback : AsyncCallback\<DataBlob>) : void; 338getTbsInfo() : Promise\<DataBlob>; 339 340API prototype after the change: 341getTbsInfo() : DataBlob; 342 343**Adaptation Guide** 344See the corresponding API adaptation guide in the API reference: 345[Certificate - API Reference](https://gitee.com/openharmony/docs/blob/master/en/application-dev/reference/apis/js-apis-cert.md) 346 347## cl.security.21 Support of No-Hash Signing Mode for HUKS 348 349Before the change, the application passes **huks.HuksTag.HUKS_TAG_DIGEST = huks.HuksKeyDigest.HUKS_DIGEST_NONE** and HUKS uses **huks.HuksKeyDigest.HUKS_DIGEST_SHA256** for processing by default. After the change, the application passes **huks.HuksTag.HUKS_TAG_DIGEST = huks.HuksKeyDigest.HUKS_DIGEST_NONE** and HUKS does not perform digest processing by default. In this case, the service needs to perform the hash operation on the original data and then pass the hashed digest to HUKS for signing or signature verification. 350 351**Change Impacts** 352 353Behavior of released JavaScript APIs will be changed. 354The application needs to adapt these APIs so that the signing or signature verification result can be passed before and after the change. 355 356**Key API/Component Changes** 357 358Released JavaScript APIs remain unchanged, but parameter sets passed to the APIs are changed. 359 360The service uses the No-Hash signing mode, and needs to hash the original data and then pass the hashed digest to the signing or signature verification API of HUKS. In addition, the **huks.HuksTag.HUKS_TAG_DIGEST** parameter is set to **huks.HuksKeyDigest.HUKS_DIGEST_NONE**. 361 362**Adaptation Guide** 363 364Take signing as an example. The sample code is as follows: 365 366```js 367import huks from '@ohos.security.huks'; 368 369let keyAlias = 'rsa_Key'; 370/* Digest value after SHA-256 encryption */ 371let inDataAfterSha256 = new Uint8Array( 372 0x4B, 0x1E, 0x22, 0x64, 0xA9, 0x89, 0x60, 0x1D, 0xEC, 0x78, 0xC0, 0x5D, 0xBE, 0x46, 0xAD, 0xCF, 373 0x1C, 0x35, 0x16, 0x11, 0x34, 0x01, 0x4E, 0x9B, 0x7C, 0x00, 0x66, 0x0E, 0xCA, 0x09, 0xC0, 0xF3, 374); 375/* Signing parameters */ 376let signProperties = new Array(); 377signProperties[0] = { 378 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 379 value: huks.HuksKeyAlg.HUKS_ALG_RSA, 380} 381signProperties[1] = { 382 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 383 value: 384 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN 385} 386signProperties[2] = { 387 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 388 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048, 389} 390signProperties[3] = { 391 tag: huks.HuksTag.HUKS_TAG_DIGEST, 392 value: huks.HuksKeyDigest.HUKS_DIGEST_NONE, // Set digest-none. 393} 394let signOptions = { 395 properties: signProperties, 396 inData: inDataAfterSha256 // Set the value after hashing. 397} 398 399huks.initSession(keyAlias, signOptions); 400``` 401 402For sample codes of other APIs, see [HUKS guidelines](../../../application-dev/security/huks-guidelines.md) and [HUKS APIs](../../../application-dev/reference/apis/js-apis-huks.md). 403 404## cl.security.22 Support of Key Calculation Parameter Specification for HUKS During Key Usage 405 406Before the change, all parameters for key calculation must be specified when the application generates a key. After the change, only mandatory parameters need to be specified when the application generates a key, and other parameters can be specified when the key is used. The application can specify key calculation parameters more flexibly. 407 408**Change Impacts** 409 410Behavior of released JavaScript APIs will be changed. 411 412The application can specify only mandatory parameters when creating a key and specify other optional parameters when using the key. 413 414**Key API/Component Changes** 415 416Released JavaScript APIs remain unchanged, but parameter sets passed to the APIs are changed and parameters are classified into mandatory parameters and optional parameters. For details, see [HUKS guidelines](../../../application-dev/security/huks-guidelines.md). 417 418huks.generateKeyItem 419 420huks.importKeyItem 421 422huks.importWrappedKeyItem 423 424huks.initSession 425 426huks.updateSession 427 428huks.finishSession 429 430**Adaptation Guide** 431 432Take key generation as an example. The sample code is as follows: 433 434```js 435let keyAlias = 'keyAlias'; 436let properties = new Array(); 437// Mandatory parameter. 438properties[0] = { 439 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 440 value: huks.HuksKeyAlg.HUKS_ALG_RSA 441}; 442// Mandatory parameter. 443properties[1] = { 444 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 445 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 446}; 447// Mandatory parameter. 448properties[2] = { 449 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 450 value: 451 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | 452 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 453}; 454// Optional parameter. If this parameter is not specified when a key is generated, it must be specified when the key is used. 455properties[3] = { 456 tag: huks.HuksTag.HUKS_TAG_DIGEST, 457 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 458}; 459let options = { 460 properties: properties 461}; 462try { 463 huks.generateKeyItem(keyAlias, options, function (error, data) { 464 if (error) { 465 console.error(`callback: generateKeyItem failed, code: ${error.code}, msg: ${error.message}`); 466 } else { 467 console.info(`callback: generateKeyItem key success`); 468 } 469 }); 470} catch (error) { 471 console.error(`callback: generateKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`); 472} 473``` 474 475For sample codes of other APIs, see [HUKS guidelines](../../../application-dev/security/huks-guidelines.md) and [HUKS APIs](../../../application-dev/reference/apis/js-apis-huks.md). 476