Loading security/secretkeeper/aidl/android/hardware/security/secretkeeper/ISecretkeeper.aidl +9 −4 Original line number Diff line number Diff line Loading @@ -41,7 +41,12 @@ interface ISecretkeeper { * Retrieve the instance of the `IAuthGraphKeyExchange` HAL that should be used for shared * session key establishment. These keys are used to perform encryption of messages as * described in SecretManagement.cddl, allowing the client and Secretkeeper to have a * cryptographically secure channel. * cryptographically secure channel. In the key exchange protocol the client acts as P1 * (source) and Secretkeeper as P2 (sink). The interface returned here can be used to invoke * methods on the sink. * * The client's identity is its DICE chain; Secretkeeper's identity is a * per-boot key pair. */ IAuthGraphKeyExchange getAuthGraphKe(); Loading @@ -56,8 +61,8 @@ interface ISecretkeeper { * ProtectedRequestPacket & ProtectedResponsePacket using symmetric keys agreed between * the client & service. This cryptographic protection is required because the messages are * ferried via Android, which is allowed to be outside the TCB of clients (for example protected * Virtual Machines). For this, service (& client) must implement a key exchange protocol, which * is critical for establishing the secure channel. * Virtual Machines). For this, service (& client) must implement the AuthGraph key exchange * protocol to establish a secure channel between them. * * If an encrypted response cannot be generated, then a service-specific Binder error using one * of the ERROR_ codes above will be returned. Loading security/secretkeeper/aidl/android/hardware/security/secretkeeper/SecretManagement.cddl +2 −2 Original line number Diff line number Diff line Loading @@ -91,7 +91,7 @@ ErrorCode = &( ; Requested Entry not found. ErrorCode_EntryNotFound: 3, ; Error happened while serialization or deserialization. SerializationError: 4, ErrorCode_SerializationError: 4, ; Indicates that Dice Policy matching did not succeed & hence access not granted. ErrorCode_DicePolicyError: 5, ) Loading @@ -104,7 +104,7 @@ Result = &( GetSecretResult, ) GetVersionResult = (version : uint) GetVersionResult = (1) StoreSecretResult = () Loading Loading
security/secretkeeper/aidl/android/hardware/security/secretkeeper/ISecretkeeper.aidl +9 −4 Original line number Diff line number Diff line Loading @@ -41,7 +41,12 @@ interface ISecretkeeper { * Retrieve the instance of the `IAuthGraphKeyExchange` HAL that should be used for shared * session key establishment. These keys are used to perform encryption of messages as * described in SecretManagement.cddl, allowing the client and Secretkeeper to have a * cryptographically secure channel. * cryptographically secure channel. In the key exchange protocol the client acts as P1 * (source) and Secretkeeper as P2 (sink). The interface returned here can be used to invoke * methods on the sink. * * The client's identity is its DICE chain; Secretkeeper's identity is a * per-boot key pair. */ IAuthGraphKeyExchange getAuthGraphKe(); Loading @@ -56,8 +61,8 @@ interface ISecretkeeper { * ProtectedRequestPacket & ProtectedResponsePacket using symmetric keys agreed between * the client & service. This cryptographic protection is required because the messages are * ferried via Android, which is allowed to be outside the TCB of clients (for example protected * Virtual Machines). For this, service (& client) must implement a key exchange protocol, which * is critical for establishing the secure channel. * Virtual Machines). For this, service (& client) must implement the AuthGraph key exchange * protocol to establish a secure channel between them. * * If an encrypted response cannot be generated, then a service-specific Binder error using one * of the ERROR_ codes above will be returned. Loading
security/secretkeeper/aidl/android/hardware/security/secretkeeper/SecretManagement.cddl +2 −2 Original line number Diff line number Diff line Loading @@ -91,7 +91,7 @@ ErrorCode = &( ; Requested Entry not found. ErrorCode_EntryNotFound: 3, ; Error happened while serialization or deserialization. SerializationError: 4, ErrorCode_SerializationError: 4, ; Indicates that Dice Policy matching did not succeed & hence access not granted. ErrorCode_DicePolicyError: 5, ) Loading @@ -104,7 +104,7 @@ Result = &( GetSecretResult, ) GetVersionResult = (version : uint) GetVersionResult = (1) StoreSecretResult = () Loading
