From 444014630f317908a726e94db54c34ca2e513336 Mon Sep 17 00:00:00 2001
From: kang1024 <yangjiankang3@huawei.com>
Date: Wed, 23 Apr 2025 16:19:17 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B8=85=E7=90=86=E5=91=8A=E8=AD=A6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: kang1024 <yangjiankang3@huawei.com>
---
 bundle.json                                   |   3 +
 frameworks/js/ani/BUILD.gn                    |   7 +-
 frameworks/js/ani/dts/cert.d.ts               | 427 ------------------
 ...rity.cryptoFramework.cryptoFramework.taihe |   2 +-
 .../js/ani/src/ani_asy_key_generator.cpp      |   5 +-
 frameworks/js/ani/src/ani_cipher.cpp          |   5 +-
 frameworks/js/ani/src/ani_kdf.cpp             |   3 +
 frameworks/js/ani/src/ani_key_pair.cpp        |   2 +-
 frameworks/js/ani/src/ani_mac.cpp             |   3 +
 frameworks/js/ani/src/ani_md.cpp              |   3 +
 frameworks/js/ani/src/ani_pri_key.cpp         |   2 +-
 frameworks/js/ani/src/ani_pub_key.cpp         |   2 +-
 frameworks/js/ani/src/ani_rand.cpp            |   3 +
 .../js/ani/src/ani_sym_key_generator.cpp      |   3 +
 ...y.cryptoFramework.cryptoFramework.impl.cpp |   2 +-
 .../crypto/src/napi_asy_key_generator.cpp     |  12 +-
 frameworks/js/napi/crypto/src/napi_cipher.cpp |   2 +
 .../js/napi/crypto/src/napi_pri_key.cpp       |   1 +
 18 files changed, 41 insertions(+), 446 deletions(-)
 delete mode 100644 frameworks/js/ani/dts/cert.d.ts

diff --git a/bundle.json b/bundle.json
index 61860f6..c43cc5b 100644
--- a/bundle.json
+++ b/bundle.json
@@ -96,6 +96,9 @@
           },
           {
             "name": "//base/security/crypto_framework/frameworks/cj:cj_cryptoframework_ffi"
+          },
+          {
+            "name": "//base/security/crypto_framework/frameworks/js/ani:copy_taihe"
           }
         ],
         "test": [
diff --git a/frameworks/js/ani/BUILD.gn b/frameworks/js/ani/BUILD.gn
index 13a3296..875d047 100644
--- a/frameworks/js/ani/BUILD.gn
+++ b/frameworks/js/ani/BUILD.gn
@@ -58,7 +58,7 @@ taihe_shared_library("crypto_framework_ani") {
   ]
   deps = [
     ":run_taihe",
-    "//base/security/crypto_framework/frameworks:crypto_framework_lib",
+    "${framework_path}:crypto_framework_lib",
   ]
   if (os_level == "standard") {
     sanitize = {
@@ -74,9 +74,7 @@ taihe_shared_library("crypto_framework_ani") {
   ]
   external_deps = [
     "bounds_checking_function:libsec_shared",
-    "c_utils:utils",
     "hilog:libhilog",
-    "openssl:libcrypto_shared",
   ]
 }
 
@@ -92,9 +90,6 @@ generate_static_abc("crypto_framework_test") {
   base_url = "${framework_path}/js/ani/test"
   files = [
     "${framework_path}/js/ani/test/test_main.ets",
-    "${framework_path}/js/ani/test/test_md.ets",
-    "${framework_path}/js/ani/test/test_mac.ets",
-    "${framework_path}/js/ani/test/test_rand.ets",
     "${framework_path}/js/ani/test/test_utils.ets",
   ]
   is_boot_abc = "True"
diff --git a/frameworks/js/ani/dts/cert.d.ts b/frameworks/js/ani/dts/cert.d.ts
deleted file mode 100644
index 012c662..0000000
--- a/frameworks/js/ani/dts/cert.d.ts
+++ /dev/null
@@ -1,427 +0,0 @@
-/*
- * Copyright (c) 2025-2025 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import type { AsyncCallback } from './@ohos.base';
-import cryptoFramework from './@ohos.security.cryptoFramework';
-
-declare namespace cert {
-  enum CertResult {
-    INVALID_PARAMS = 401,
-    NOT_SUPPORT = 801,
-    ERR_OUT_OF_MEMORY = 19020001,
-    ERR_RUNTIME_ERROR = 19020002,
-    ERR_CRYPTO_OPERATION = 19030001,
-    ERR_CERT_SIGNATURE_FAILURE = 19030002,
-    ERR_CERT_NOT_YET_VALID = 19030003,
-    ERR_CERT_HAS_EXPIRED = 19030004,
-    ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 19030005,
-    ERR_KEYUSAGE_NO_CERTSIGN = 19030006,
-    ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE = 19030007,
-    ERR_MAYBE_WRONG_PASSWORD = 19030008
-  }
-
-  interface DataBlob {
-    data: Uint8Array;
-  }
-
-  interface DataArray {
-    data: Array<Uint8Array>;
-  }
-
-  enum EncodingFormat {
-    FORMAT_DER = 0,
-    FORMAT_PEM = 1,
-    FORMAT_PKCS7 = 2
-  }
-
-  enum CertItemType {
-    CERT_ITEM_TYPE_TBS = 0,
-    CERT_ITEM_TYPE_PUBLIC_KEY = 1,
-    CERT_ITEM_TYPE_ISSUER_UNIQUE_ID = 2,
-    CERT_ITEM_TYPE_SUBJECT_UNIQUE_ID = 3,
-    CERT_ITEM_TYPE_EXTENSIONS = 4
-  }
-
-  enum ExtensionOidType {
-    EXTENSION_OID_TYPE_ALL = 0,
-    EXTENSION_OID_TYPE_CRITICAL = 1,
-    EXTENSION_OID_TYPE_UNCRITICAL = 2
-  }
-
-  enum ExtensionEntryType {
-    EXTENSION_ENTRY_TYPE_ENTRY = 0,
-    EXTENSION_ENTRY_TYPE_ENTRY_CRITICAL = 1,
-    EXTENSION_ENTRY_TYPE_ENTRY_VALUE = 2
-  }
-
-  interface EncodingBlob {
-    data: Uint8Array;
-    encodingFormat: EncodingFormat;
-  }
-
-  interface CertChainData {
-    data: Uint8Array;
-    count: number;
-    encodingFormat: EncodingFormat;
-  }
-
-  enum EncodingType {
-    ENCODING_UTF8 = 0
-  }
-
-  interface X509Cert {
-    verify(key: cryptoFramework.PubKey, callback: AsyncCallback<void>): void;
-    verify(key: cryptoFramework.PubKey): Promise<void>;
-    getEncoded(callback: AsyncCallback<EncodingBlob>): void;
-    getEncoded(): Promise<EncodingBlob>;
-    getPublicKey(): cryptoFramework.PubKey;
-    checkValidityWithDate(date: string): void;
-    getVersion(): number;
-    getSerialNumber(): number;
-    getCertSerialNumber(): bigint;
-    getIssuerName(): DataBlob;
-    getSubjectName(encodingType?: EncodingType): DataBlob;
-    getNotBeforeTime(): string;
-    getNotAfterTime(): string;
-    getSignature(): DataBlob;
-    getSignatureAlgName(): string;
-    getSignatureAlgOid(): string;
-    getSignatureAlgParams(): DataBlob;
-    getKeyUsage(): DataBlob;
-    getExtKeyUsage(): DataArray;
-    getBasicConstraints(): number;
-    getSubjectAltNames(): DataArray;
-    getIssuerAltNames(): DataArray;
-    getItem(itemType: CertItemType): DataBlob;
-    match(param: X509CertMatchParameters): boolean;
-    getCRLDistributionPoint(): DataArray;
-    getIssuerX500DistinguishedName(): X500DistinguishedName;
-    getSubjectX500DistinguishedName(): X500DistinguishedName;
-    toString(): string;
-    hashCode(): Uint8Array;
-    getExtensionsObject(): CertExtension;
-  }
-  function createX509Cert(inStream: EncodingBlob, callback: AsyncCallback<X509Cert>): void;
-  function createX509Cert(inStream: EncodingBlob): Promise<X509Cert>;
-
-  interface CertExtension {
-    getEncoded(): EncodingBlob;
-    getOidList(valueType: ExtensionOidType): DataArray;
-    getEntry(valueType: ExtensionEntryType, oid: DataBlob): DataBlob;
-    checkCA(): number;
-    hasUnsupportedCriticalExtension(): boolean;
-  }
-  function createCertExtension(inStream: EncodingBlob, callback: AsyncCallback<CertExtension>): void;
-  function createCertExtension(inStream: EncodingBlob): Promise<CertExtension>;
-
-  interface X509CrlEntry {
-    getEncoded(callback: AsyncCallback<EncodingBlob>): void;
-    getEncoded(): Promise<EncodingBlob>;
-    getSerialNumber(): number;
-    getCertIssuer(): DataBlob;
-    getRevocationDate(): string;
-  }
-
-  interface X509CRLEntry {
-    getEncoded(callback: AsyncCallback<EncodingBlob>): void;
-    getEncoded(): Promise<EncodingBlob>;
-    getSerialNumber(): bigint;
-    getCertIssuer(): DataBlob;
-    getRevocationDate(): string;
-    getExtensions(): DataBlob;
-    hasExtensions(): boolean;
-    getCertIssuerX500DistinguishedName(): X500DistinguishedName;
-    toString(): string;
-    hashCode(): Uint8Array;
-    getExtensionsObject(): CertExtension;
-  }
-
-  interface X509Crl {
-    isRevoked(cert: X509Cert): boolean;
-    getType(): string;
-    getEncoded(callback: AsyncCallback<EncodingBlob>): void;
-    getEncoded(): Promise<EncodingBlob>;
-    verify(key: cryptoFramework.PubKey, callback: AsyncCallback<void>): void;
-    verify(key: cryptoFramework.PubKey): Promise<void>;
-    getVersion(): number;
-    getIssuerName(): DataBlob;
-    getLastUpdate(): string;
-    getNextUpdate(): string;
-    getRevokedCert(serialNumber: number): X509CrlEntry;
-    getRevokedCertWithCert(cert: X509Cert): X509CrlEntry;
-    getRevokedCerts(callback: AsyncCallback<Array<X509CrlEntry>>): void;
-    getRevokedCerts(): Promise<Array<X509CrlEntry>>;
-    getTbsInfo(): DataBlob;
-    getSignature(): DataBlob;
-    getSignatureAlgName(): string;
-    getSignatureAlgOid(): string;
-    getSignatureAlgParams(): DataBlob;
-  }
-  function createX509Crl(inStream: EncodingBlob, callback: AsyncCallback<X509Crl>): void;
-  function createX509Crl(inStream: EncodingBlob): Promise<X509Crl>;
-
-  interface X509CRL {
-    isRevoked(cert: X509Cert): boolean;
-    getType(): string;
-    getEncoded(callback: AsyncCallback<EncodingBlob>): void;
-    getEncoded(): Promise<EncodingBlob>;
-    verify(key: cryptoFramework.PubKey, callback: AsyncCallback<void>): void;
-    verify(key: cryptoFramework.PubKey): Promise<void>;
-    getVersion(): number;
-    getIssuerName(): DataBlob;
-    getLastUpdate(): string;
-    getNextUpdate(): string;
-    getRevokedCert(serialNumber: bigint): X509CRLEntry;
-    getRevokedCertWithCert(cert: X509Cert): X509CRLEntry;
-    getRevokedCerts(callback: AsyncCallback<Array<X509CRLEntry>>): void;
-    getRevokedCerts(): Promise<Array<X509CRLEntry>>;
-    getTBSInfo(): DataBlob;
-    getSignature(): DataBlob;
-    getSignatureAlgName(): string;
-    getSignatureAlgOid(): string;
-    getSignatureAlgParams(): DataBlob;
-    getExtensions(): DataBlob;
-    match(param: X509CRLMatchParameters): boolean;
-    getIssuerX500DistinguishedName(): X500DistinguishedName;
-    toString(): string;
-    hashCode(): Uint8Array;
-    getExtensionsObject(): CertExtension;
-  }
-  function createX509CRL(inStream: EncodingBlob, callback: AsyncCallback<X509CRL>): void;
-  function createX509CRL(inStream: EncodingBlob): Promise<X509CRL>;
-
-  interface CertChainValidator {
-    validate(certChain: CertChainData, callback: AsyncCallback<void>): void;
-    validate(certChain: CertChainData): Promise<void>;
-    readonly algorithm: string;
-  }
-  function createCertChainValidator(algorithm: string): CertChainValidator;
-
-  enum GeneralNameType {
-    GENERAL_NAME_TYPE_OTHER_NAME = 0,
-    GENERAL_NAME_TYPE_RFC822_NAME = 1,
-    GENERAL_NAME_TYPE_DNS_NAME = 2,
-    GENERAL_NAME_TYPE_X400_ADDRESS = 3,
-    GENERAL_NAME_TYPE_DIRECTORY_NAME = 4,
-    GENERAL_NAME_TYPE_EDI_PARTY_NAME = 5,
-    GENERAL_NAME_TYPE_UNIFORM_RESOURCE_ID = 6,
-    GENERAL_NAME_TYPE_IP_ADDRESS = 7,
-    GENERAL_NAME_TYPE_REGISTERED_ID = 8
-  }
-
-  interface GeneralName {
-    type: GeneralNameType;
-    name?: Uint8Array;
-  }
-
-  interface X509CertMatchParameters {
-    subjectAlternativeNames?: Array<GeneralName>;
-    matchAllSubjectAltNames?: boolean;
-    authorityKeyIdentifier?: Uint8Array;
-    minPathLenConstraint?: number;
-    x509Cert?: X509Cert;
-    validDate?: string;
-    issuer?: Uint8Array;
-    extendedKeyUsage?: Array<string>;
-    nameConstraints?: Uint8Array;
-    certPolicy?: Array<string>;
-    privateKeyValid?: string;
-    keyUsage?: Array<boolean>;
-    serialNumber?: bigint;
-    subject?: Uint8Array;
-    subjectKeyIdentifier?: Uint8Array;
-    publicKey?: DataBlob;
-    publicKeyAlgID?: string;
-  }
-
-  interface X509CRLMatchParameters {
-    issuer?: Array<Uint8Array>;
-    x509Cert?: X509Cert;
-    updateDateTime?: string;
-    maxCRL?: bigint;
-    minCRL?: bigint;
-  }
-
-  interface CertCRLCollection {
-    selectCerts(param: X509CertMatchParameters): Promise<Array<X509Cert>>;
-    selectCerts(param: X509CertMatchParameters, callback: AsyncCallback<Array<X509Cert>>): void;
-    selectCRLs(param: X509CRLMatchParameters): Promise<Array<X509CRL>>;
-    selectCRLs(param: X509CRLMatchParameters, callback: AsyncCallback<Array<X509CRL>>): void;
-  }
-  function createCertCRLCollection(certs: Array<X509Cert>, crls?: Array<X509CRL>): CertCRLCollection;
-
-  interface X509CertChain {
-    getCertList(): Array<X509Cert>;
-    validate(param: CertChainValidationParameters): Promise<CertChainValidationResult>;
-    validate(param: CertChainValidationParameters, callback: AsyncCallback<CertChainValidationResult>): void;
-    toString(): string;
-    hashCode(): Uint8Array;
-  }
-  function createX509CertChain(inStream: EncodingBlob): Promise<X509CertChain>;
-  function createX509CertChain(inStream: EncodingBlob, callback: AsyncCallback<X509CertChain>): void;
-  function createX509CertChain(certs: Array<X509Cert>): X509CertChain;
-  function buildX509CertChain(param: CertChainBuildParameters): Promise<CertChainBuildResult>;
-
-  enum EncodingBaseFormat {
-    PEM = 0,
-    DER = 1
-  }
-
-  interface Pkcs12Data {
-    privateKey?: string | Uint8Array;
-    cert?: X509Cert;
-    otherCerts?: Array<X509Cert>;
-  }
-
-  interface Pkcs12ParsingConfig {
-    password: string;
-    needsPrivateKey?: boolean;
-    privateKeyFormat?: EncodingBaseFormat;
-    needsCert?: boolean;
-    needsOtherCerts?: boolean;
-  }
-  function parsePkcs12(data: Uint8Array, config: Pkcs12ParsingConfig): Pkcs12Data;
-  function createTrustAnchorsWithKeyStore(keystore: Uint8Array, pwd: string): Promise<Array<X509TrustAnchor>>;
-  function createX500DistinguishedName(nameStr: string): Promise<X500DistinguishedName>;
-  function createX500DistinguishedName(nameDer: Uint8Array): Promise<X500DistinguishedName>;
-
-  interface X500DistinguishedName {
-    getName(): string;
-    getName(type: string): Array<string>;
-    getEncoded(): EncodingBlob;
-  }
-
-  interface X509TrustAnchor {
-    CACert?: X509Cert;
-    CAPubKey?: Uint8Array;
-    CASubject?: Uint8Array;
-    nameConstraints?: Uint8Array;
-  }
-
-  enum RevocationCheckOptions {
-    REVOCATION_CHECK_OPTION_PREFER_OCSP = 0,
-    REVOCATION_CHECK_OPTION_ACCESS_NETWORK,
-    REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER,
-    REVOCATION_CHECK_OPTION_FALLBACK_LOCAL
-  }
-
-  enum ValidationPolicyType {
-    VALIDATION_POLICY_TYPE_X509 = 0,
-    VALIDATION_POLICY_TYPE_SSL
-  }
-
-  enum KeyUsageType {
-    KEYUSAGE_DIGITAL_SIGNATURE = 0,
-    KEYUSAGE_NON_REPUDIATION,
-    KEYUSAGE_KEY_ENCIPHERMENT,
-    KEYUSAGE_DATA_ENCIPHERMENT,
-    KEYUSAGE_KEY_AGREEMENT,
-    KEYUSAGE_KEY_CERT_SIGN,
-    KEYUSAGE_CRL_SIGN,
-    KEYUSAGE_ENCIPHER_ONLY,
-    KEYUSAGE_DECIPHER_ONLY
-  }
-
-  interface RevocationCheckParameter {
-    ocspRequestExtension?: Array<Uint8Array>;
-    ocspResponderURI?: string;
-    ocspResponderCert?: X509Cert;
-    ocspResponses?: Uint8Array;
-    crlDownloadURI?: string;
-    options?: Array<RevocationCheckOptions>;
-    ocspDigest?: string;
-  }
-
-  interface CertChainValidationParameters {
-    date?: string;
-    trustAnchors: Array<X509TrustAnchor>;
-    certCRLs?: Array<CertCRLCollection>;
-    revocationCheckParam?: RevocationCheckParameter;
-    policy?: ValidationPolicyType;
-    sslHostname?: string;
-    keyUsage?: Array<KeyUsageType>;
-  }
-
-  interface CertChainValidationResult {
-    readonly trustAnchor: X509TrustAnchor;
-    readonly entityCert: X509Cert;
-  }
-
-  interface CertChainBuildParameters {
-    certMatchParameters: X509CertMatchParameters;
-    maxLength?: number;
-    validationParameters: CertChainValidationParameters;
-  }
-
-  interface CertChainBuildResult {
-    readonly certChain: X509CertChain;
-    readonly validationResult: CertChainValidationResult;
-  }
-
-  enum CmsContentType {
-    SIGNED_DATA = 0
-  }
-
-  enum CmsContentDataFormat {
-    BINARY = 0,
-    TEXT = 1
-  }
-
-  enum CmsFormat {
-    PEM = 0,
-    DER = 1
-  }
-
-  interface PrivateKeyInfo {
-    key: string | Uint8Array;
-    password?: string;
-  }
-
-  interface CmsSignerConfig {
-    mdName: string;
-    addCert?: boolean;
-    addAttr?: boolean;
-    addSmimeCapAttr?: boolean;
-  }
-
-  interface CmsGeneratorOptions {
-    contentDataFormat?: CmsContentDataFormat;
-    outFormat?: CmsFormat;
-    isDetached?: boolean;
-  }
-
-  interface CmsGenerator {
-    addSigner(cert: X509Cert, keyInfo: PrivateKeyInfo, config: CmsSignerConfig): void;
-    addCert(cert: X509Cert): void;
-    doFinal(data: Uint8Array, options?: CmsGeneratorOptions): Promise<Uint8Array | string>;
-    doFinalSync(data: Uint8Array, options?: CmsGeneratorOptions): Uint8Array | string;
-  }
-  function createCmsGenerator(contentType: CmsContentType): CmsGenerator;
-
-  interface CsrAttribute {
-    type: string;
-    value: string;
-  }
-
-  interface CsrGenerationConfig {
-    subject: X500DistinguishedName;
-    mdName: string;
-    attributes?: Array<CsrAttribute>;
-    outFormat?: EncodingBaseFormat;
-  }
-  function generateCsr(keyInfo: PrivateKeyInfo, config: CsrGenerationConfig): string | Uint8Array;
-}
-
-export default cert;
diff --git a/frameworks/js/ani/idl/ohos.security.cryptoFramework.cryptoFramework.taihe b/frameworks/js/ani/idl/ohos.security.cryptoFramework.cryptoFramework.taihe
index c9206dd..a6be60c 100644
--- a/frameworks/js/ani/idl/ohos.security.cryptoFramework.cryptoFramework.taihe
+++ b/frameworks/js/ani/idl/ohos.security.cryptoFramework.cryptoFramework.taihe
@@ -20,7 +20,7 @@ static { loadLibrary("crypto_framework_ani.z"); }
 """)
 
 struct DataBlob {
-  data: @typedarray @typedarray Array<u8>;
+  data: @typedarray Array<u8>;
 }
 
 union OptString {
diff --git a/frameworks/js/ani/src/ani_asy_key_generator.cpp b/frameworks/js/ani/src/ani_asy_key_generator.cpp
index 9b75a76..55ee64c 100644
--- a/frameworks/js/ani/src/ani_asy_key_generator.cpp
+++ b/frameworks/js/ani/src/ani_asy_key_generator.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c)2025-2025 Huawei Device Co., Ltd.
+ * Copyright (c) 2025-2025 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -105,4 +105,7 @@ AsyKeyGenerator CreateAsyKeyGenerator(string_view algName)
 }
 } // namespace ANI::CryptoFramework
 
+// Since these macros are auto-generate, lint will cause false positive.
+// NOLINTBEGIN
 TH_EXPORT_CPP_API_CreateAsyKeyGenerator(CreateAsyKeyGenerator);
+// NOLINTEND
diff --git a/frameworks/js/ani/src/ani_cipher.cpp b/frameworks/js/ani/src/ani_cipher.cpp
index df7d835..936b0f0 100644
--- a/frameworks/js/ani/src/ani_cipher.cpp
+++ b/frameworks/js/ani/src/ani_cipher.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c)2025-2025 Huawei Device Co., Ltd.
+ * Copyright (c) 2025-2025 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -182,4 +182,7 @@ Cipher CreateCipher(string_view transformation)
 }
 } // namespace ANI::CryptoFramework
 
+// Since these macros are auto-generate, lint will cause false positive.
+// NOLINTBEGIN
 TH_EXPORT_CPP_API_CreateCipher(CreateCipher);
+// NOLINTEND
diff --git a/frameworks/js/ani/src/ani_kdf.cpp b/frameworks/js/ani/src/ani_kdf.cpp
index 4c9523c..3aa4949 100644
--- a/frameworks/js/ani/src/ani_kdf.cpp
+++ b/frameworks/js/ani/src/ani_kdf.cpp
@@ -159,4 +159,7 @@ Kdf CreateKdf(string_view algName)
 }
 } // namespace ANI::CryptoFramework
 
+// Since these macros are auto-generate, lint will cause false positive.
+// NOLINTBEGIN
 TH_EXPORT_CPP_API_CreateKdf(CreateKdf);
+// NOLINTEND
diff --git a/frameworks/js/ani/src/ani_key_pair.cpp b/frameworks/js/ani/src/ani_key_pair.cpp
index 8ecbde1..565824d 100644
--- a/frameworks/js/ani/src/ani_key_pair.cpp
+++ b/frameworks/js/ani/src/ani_key_pair.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c)2025-2025 Huawei Device Co., Ltd.
+ * Copyright (c) 2025-2025 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
diff --git a/frameworks/js/ani/src/ani_mac.cpp b/frameworks/js/ani/src/ani_mac.cpp
index bea7fcc..6878cb0 100644
--- a/frameworks/js/ani/src/ani_mac.cpp
+++ b/frameworks/js/ani/src/ani_mac.cpp
@@ -109,4 +109,7 @@ Mac CreateMac(string_view algName)
 }
 } // namespace ANI::CryptoFramework
 
+// Since these macros are auto-generate, lint will cause false positive.
+// NOLINTBEGIN
 TH_EXPORT_CPP_API_CreateMac(CreateMac);
+// NOLINTEND
diff --git a/frameworks/js/ani/src/ani_md.cpp b/frameworks/js/ani/src/ani_md.cpp
index 9b431f1..024aacb 100644
--- a/frameworks/js/ani/src/ani_md.cpp
+++ b/frameworks/js/ani/src/ani_md.cpp
@@ -93,4 +93,7 @@ Md CreateMd(string_view algName)
 }
 } // namespace ANI::CryptoFramework
 
+// Since these macros are auto-generate, lint will cause false positive.
+// NOLINTBEGIN
 TH_EXPORT_CPP_API_CreateMd(CreateMd);
+// NOLINTEND
diff --git a/frameworks/js/ani/src/ani_pri_key.cpp b/frameworks/js/ani/src/ani_pri_key.cpp
index a39cd08..4b92ad3 100644
--- a/frameworks/js/ani/src/ani_pri_key.cpp
+++ b/frameworks/js/ani/src/ani_pri_key.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c)2025-2025 Huawei Device Co., Ltd.
+ * Copyright (c) 2025-2025 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
diff --git a/frameworks/js/ani/src/ani_pub_key.cpp b/frameworks/js/ani/src/ani_pub_key.cpp
index 6bc75a9..f261f02 100644
--- a/frameworks/js/ani/src/ani_pub_key.cpp
+++ b/frameworks/js/ani/src/ani_pub_key.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c)2025-2025 Huawei Device Co., Ltd.
+ * Copyright (c) 2025-2025 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
diff --git a/frameworks/js/ani/src/ani_rand.cpp b/frameworks/js/ani/src/ani_rand.cpp
index a9ca8d3..6ad9fee 100644
--- a/frameworks/js/ani/src/ani_rand.cpp
+++ b/frameworks/js/ani/src/ani_rand.cpp
@@ -83,4 +83,7 @@ Random CreateRandom()
 }
 } // namespace ANI::CryptoFramework
 
+// Since these macros are auto-generate, lint will cause false positive.
+// NOLINTBEGIN
 TH_EXPORT_CPP_API_CreateRandom(CreateRandom);
+// NOLINTEND
diff --git a/frameworks/js/ani/src/ani_sym_key_generator.cpp b/frameworks/js/ani/src/ani_sym_key_generator.cpp
index 3e4ce23..fbdf46c 100644
--- a/frameworks/js/ani/src/ani_sym_key_generator.cpp
+++ b/frameworks/js/ani/src/ani_sym_key_generator.cpp
@@ -84,4 +84,7 @@ SymKeyGenerator CreateSymKeyGenerator(string_view algName)
 }
 } // namespace ANI::CryptoFramework
 
+// Since these macros are auto-generate, lint will cause false positive.
+// NOLINTBEGIN
 TH_EXPORT_CPP_API_CreateSymKeyGenerator(CreateSymKeyGenerator);
+// NOLINTEND
diff --git a/frameworks/js/ani/src/impl/ohos.security.cryptoFramework.cryptoFramework.impl.cpp b/frameworks/js/ani/src/impl/ohos.security.cryptoFramework.cryptoFramework.impl.cpp
index f182912..f70e570 100644
--- a/frameworks/js/ani/src/impl/ohos.security.cryptoFramework.cryptoFramework.impl.cpp
+++ b/frameworks/js/ani/src/impl/ohos.security.cryptoFramework.cryptoFramework.impl.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c)2025-2025 Huawei Device Co., Ltd.
+ * Copyright (c) 2025-2025 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
diff --git a/frameworks/js/napi/crypto/src/napi_asy_key_generator.cpp b/frameworks/js/napi/crypto/src/napi_asy_key_generator.cpp
index 50c7afd..bd87fa4 100644
--- a/frameworks/js/napi/crypto/src/napi_asy_key_generator.cpp
+++ b/frameworks/js/napi/crypto/src/napi_asy_key_generator.cpp
@@ -370,18 +370,18 @@ static bool BuildConvertPemKeyCtx(napi_env env, napi_callback_info info, Convert
 {
     napi_value thisVar = nullptr;
     napi_get_cb_info(env, info, nullptr, nullptr, &thisVar, nullptr);
-    std::string pubKey;
-    std::string priKey;
-    HcfParamsSpec *paramsSpec = nullptr;
-    if (!ValidateAndGetParams(env, info, pubKey, priKey, &paramsSpec)) {
-        return false;
-    }
     NapiAsyKeyGenerator *napiGenerator = nullptr;
     napi_status status = napi_unwrap(env, thisVar, reinterpret_cast<void **>(&napiGenerator));
     if (status != napi_ok || napiGenerator == nullptr) {
         LOGE("failed to unwrap napi asyKeyGenerator obj.");
         return false;
     }
+    std::string pubKey;
+    std::string priKey;
+    HcfParamsSpec *paramsSpec = nullptr;
+    if (!ValidateAndGetParams(env, info, pubKey, priKey, &paramsSpec)) {
+        return false;
+    }
 
     ctx->generator = napiGenerator->GetAsyKeyGenerator();
     ctx->params = paramsSpec;
diff --git a/frameworks/js/napi/crypto/src/napi_cipher.cpp b/frameworks/js/napi/crypto/src/napi_cipher.cpp
index d9a3b0a..73f7e45 100644
--- a/frameworks/js/napi/crypto/src/napi_cipher.cpp
+++ b/frameworks/js/napi/crypto/src/napi_cipher.cpp
@@ -853,6 +853,8 @@ napi_value NapiCipher::JsSetCipherSpec(napi_env env, napi_callback_info info)
     }
     HcfBlob *pSource = GetBlobFromNapiUint8Arr(env, argv[1]);
     if (pSource == nullptr || pSource->len == 0) {
+        HcfBlobDataFree(pSource);
+        HcfFree(pSource);
         LOGE("failed to get pSource.");
         napi_throw(env, GenerateBusinessError(env, HCF_INVALID_PARAMS, "[pSource]: must be of the DataBlob type."));
         return nullptr;
diff --git a/frameworks/js/napi/crypto/src/napi_pri_key.cpp b/frameworks/js/napi/crypto/src/napi_pri_key.cpp
index 2e9c05e..3f7cb49 100644
--- a/frameworks/js/napi/crypto/src/napi_pri_key.cpp
+++ b/frameworks/js/napi/crypto/src/napi_pri_key.cpp
@@ -151,6 +151,7 @@ static bool ValidateAndGetParams(napi_env env, napi_callback_info info, std::str
     napi_status status = napi_unwrap(env, thisVar, reinterpret_cast<void **>(napiPriKey));
     if (status != napi_ok || napiPriKey == nullptr) {
         LOGE("failed to unwrap napiPriKey obj!");
+        FreeEncodeParamsSpec(*paramsSpec);
         napi_throw(env, GenerateBusinessError(env, HCF_INVALID_PARAMS, "failed to unwrap napiPriKey obj!"));
         return false;
     }
-- 
Gitee