Merge "Secretkeeper: add message encryption" into main

}

/// Perform mainline AuthGraph key exchange with the provided sink and local implementation.

/// Return the agreed AES keys in plaintext.

/// Return the agreed AES keys in plaintext, together with the session ID.

pub fn test_mainline(

    local_source: &mut ke::AuthGraphParticipant,

    sink: binder::Strong<dyn IAuthGraphKeyExchange>,

) -> [key::AesKey; 2] {

) -> ([key::AesKey; 2], Vec<u8>) {

    // Step 1: create an ephemeral ECDH key at the (local) source.

    let source_init_info = local_source

        .create()

        Ok(array) => array,

        Err(_) => panic!("wrong number of decrypted shared key arcs"),

    };

    decrypted_shared_keys_array

    (decrypted_shared_keys_array, sink_info.sessionId)

}

/// Perform mainline AuthGraph key exchange with the provided sink, but provide an invalid

}

/// Perform mainline AuthGraph key exchange with the provided source.

/// Return the agreed AES keys in plaintext.

/// Return the agreed AES keys in plaintext, together with the session ID.

pub fn test_mainline(

    local_sink: &mut ke::AuthGraphParticipant,

    source: binder::Strong<dyn IAuthGraphKeyExchange>,

) -> [key::AesKey; 2] {

) -> ([key::AesKey; 2], Vec<u8>) {

    // Step 1: create an ephemeral ECDH key at the (remote) source.

    let source_init_info = source

        .create()

        Ok(array) => array,

        Err(_) => panic!("wrong number of decrypted shared key arcs"),

    };

    decrypted_shared_keys_array

    (decrypted_shared_keys_array, source_info.sessionId)

}

/// Perform mainline AuthGraph key exchange with the provided source, but provide an invalid session

/*

 * Copyright (C) 2023 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

///////////////////////////////////////////////////////////////////////////////

// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //

///////////////////////////////////////////////////////////////////////////////

// This file is a snapshot of an AIDL file. Do not edit it manually. There are

// two cases:

// 1). this is a frozen version file - do not edit this in any case.

// 2). this is a 'current' file. If you make a backwards compatible change to

//     the interface (from the latest frozen version), the build system will

//     prompt you to update this file with `m <name>-update-api`.

//

// You must not make a backward incompatible change to any AIDL file built

// with the aidl_interface module type with versions property set. The module

// type is used to build AIDL files in a way that they can be used across

// independently updatable components of the system. If a device is shipped

// with such a backward incompatible change, it has a high risk of breaking

// later when a module using the interface is updated, e.g., Mainline modules.

package android.hardware.security.secretkeeper;

/* @hide */

@Backing(type="int") @VintfStability

enum ErrorCode {

  OK = 0,

  UNKNOWN_KEY_ID = 1,

  INTERNAL_ERROR = 2,

  REQUEST_MALFORMED = 3,

}

/*

 * Copyright (C) 2023 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.hardware.security.secretkeeper;

/**

 * Secretkeeper unencrypted error code, returned via AIDL as service specific errors in

 * EX_SERVICE_SPECIFIC.

 * @hide

 */

@VintfStability

@Backing(type="int")

enum ErrorCode {

    OK = 0,

    UNKNOWN_KEY_ID = 1,

    INTERNAL_ERROR = 2,

    REQUEST_MALFORMED = 3,

    // TODO(b/291224769): Create a more exhaustive set of error code values.

}

 * Typical operations are (securely) updating the dice policy sealing the Secrets above. These

 * operations are core to AntiRollback protected secrets - ie, ensuring secrets of a pVM are only

 * accessible to same or higher versions of the images.

 * 2. Maintenance api: This is required for removing the Secretkeeper entries for obsolete pvMs.

 * 2. Maintenance API: This is required for removing the Secretkeeper entries for obsolete pVMs.

 */

interface ISecretkeeper {

    /**

     * Virtual Machines). For this, service (& client) must implement a key exchange protocol, which

     * is critical for establishing the secure channel.

     *

     * If an encrypted response cannot be generated, then a service-specific Binder error using an

     * error code from ErrorCode.aidl will be returned.

     *

     * Secretkeeper database should guarantee the following properties:

     *

     * 1. Confidentiality: No entity (of security privilege lower than Secretkeeper) should

     *    be able to get a client's data in clear.

     *