Go to file
Cai Xincheng a038a9002e upgrade key alias 10
Signed-off-by: Cai Xincheng <caixincheng@huawei.com>
Change-Id: Ia1a64a93b666bc5676b32b051d29bedbf101ef63
2024-09-20 18:06:38 +08:00
etc/init add open and upgrade logic 2024-08-30 15:00:27 +08:00
figures !9 更新readme 2024-02-29 13:53:14 +08:00
frameworks use c openssl instead of rust-openssl 2024-09-03 20:59:23 +08:00
interfaces !107 modify code 2024-09-09 11:27:45 +00:00
sa_profile subscribe new common event 2024-09-01 17:50:02 +08:00
services upgrade key alias 10 2024-09-20 18:06:38 +08:00
test/unittest upgrade key alias 3 2024-09-19 17:52:24 +08:00
.gitignore improve hash 2024-08-31 15:03:35 +08:00
BUILD.gn transfer the asset.gni into config.gni 2024-06-26 17:21:35 +08:00
bundle.json use c openssl 2024-09-02 15:30:24 +08:00
Cargo.toml final commit for local account enc 2024-08-13 08:51:14 +08:00
config.gni transfer the asset.gni into config.gni 2024-06-26 17:21:35 +08:00
hisysevent.yaml modify error code 2023-11-22 00:52:03 +08:00
LICENSE add doc 2023-11-25 09:39:52 +08:00
OAT.xml OAT file add 2024-06-04 16:49:45 +08:00
README_zh.md consummate readme 2024-09-06 16:45:46 +08:00
README.md consummate readme 2024-09-06 16:45:46 +08:00
rustfmt.toml fix review 2024-09-02 21:58:14 +08:00

ASSET

Introduction

The asset store service (ASSET) provides secure storage and management of sensitive data less than 1024 bytes in size, including passwords, app tokens, and other critical data (such as bank card numbers).

The following figure shows the ASSET architecture.

ASSET Architecture

An application can perform the following operations using ASSET:

  • Adding an asset: ASSET generates a unique key for the application, uses the key to encrypt the asset, and stores the encrypted asset in the database.
  • Updating an asset: ASSET encrypts the new asset using the unique key of the application and updates the data in the database.
  • Querying an asset: ASSET obtains the asset ciphertext from the database based on the query conditions specified, verifies the access permission of the application, uses the unique key of the application to decrypt the asset ciphertext, and returns the plaintext to the application.
  • Removing an asset: ASSET removes the asset that matches the specified conditions.

The secure storage of assets depends on the underlying HUKS. Specifically, HUKS implements the asset encryption, decryption, and access control in a secure environment (such as a TEE). The sensitive user data will never be disclosed even if the system is attacked.

For the scenarios demanding higher security, ASSET allows access to assets only after a successful user identity authentication. Before accessing assets that require identity access control, an application needs to launch a user prompt for user identity authentication (PIN, fingerprint, or facial authentication). After the application sends the user authentication result to ASSET, ASSET invokes HUKS to verify the authentication result. If the verification is successful, HUKS decrypts the asset in a secure environment and returns the plaintext.

With the APIs provided by ASSET, you can quickly integrate system-wide encrypted storage and access control mechanisms for short sensitive data.

Directory Structure

├── frameworks              # Framework code
│   ├── definition          # Definitions of common data types
│   ├── ipc                 # IPC APIs
│   ├── js                  # Code for interaction between JS and C/C++
│   ├── os_dependency       # Adaptation of universal system capabilities
│   └── utils               # Utility APIs
├── interfaces              # APIs exposed externally
│   ├── inner_api           # APIs for system abilities (SAs)
│   └── kits                # APIs for user applications
├── sa_profile              # SA profiles
└── services                # Service layer code
    ├── constants           # Constants of the service layer
    ├── core_service        # Core service module
    ├── crypto_manager      # Data encryption/decryption module
    ├── db_key_operator     # Database key management module
    ├── db_operator         # Data management module
    └── os_dependency       # System capability adaptation module

Build

The following uses rk3568 as an example.

# Build the source code of the module.
./build.sh --product-name rk3568 --ccache --build-target asset

# Build the test code of the module.
./build.sh --product-name rk3568 --ccache --build-target asset_bin_test

Usage

Available APIs

API reference

Development Guide

Development guide

Repositories Involved

HUKS

UserIAM