Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / bef8d3ae8948a626035a4a3b698032fea68297eb^! / . / security / authgraph / aidl / vts / functional
commitbef8d3ae8948a626035a4a3b698032fea68297eb[log] [tgz]
authorDavid Drysdale <drysdale@google.com>Mon Nov 27 14:08:42 2023 +0000
committerDavid Drysdale <drysdale@google.com>Tue Dec 12 16:03:04 2023 +0000
tree00f988405590303ca1562c6cf5aee75fff569ae5
parentcbad9a37d3653240bca488d0a8f167e932bc5d44 [diff]
Secretkeeper: add message encryption

All request messages are encrypted, but response messages have an outer
unencrypted layer, with an inner response (and the result values inside
that).

Make the SecretManagement.cddl file clearer to reflect that, and make
the schema valid along the way.

Move the outer (unencrypted) error code values into `ErrorCode.aidl` and
use them as service-specific error codes, thus reducing the number of
error types from 3 to 2.

Bug: 291228560
Test: VtsSecretkeeperTargetTest
Test: validate CDDL with https://atacama.informatik.uni-bremen.de/
Change-Id: I46c5bfd7e40b03919d7d3779b265b3bb3ff1ce1e

diff --git a/security/authgraph/aidl/vts/functional/sink.rs b/security/authgraph/aidl/vts/functional/sink.rs
index bb357b8..a331eef 100644
--- a/security/authgraph/aidl/vts/functional/sink.rs
+++ b/security/authgraph/aidl/vts/functional/sink.rs

@@ -29,11 +29,11 @@
 }
 
 /// Perform mainline AuthGraph key exchange with the provided sink and local implementation.
-/// Return the agreed AES keys in plaintext.
+/// Return the agreed AES keys in plaintext, together with the session ID.
 pub fn test_mainline(
     local_source: &mut ke::AuthGraphParticipant,
     sink: binder::Strong<dyn IAuthGraphKeyExchange>,
-) -> [key::AesKey; 2] {
+) -> ([key::AesKey; 2], Vec<u8>) {
     // Step 1: create an ephemeral ECDH key at the (local) source.
     let source_init_info = local_source
         .create()
@@ -113,7 +113,7 @@
         Ok(array) => array,
         Err(_) => panic!("wrong number of decrypted shared key arcs"),
     };
-    decrypted_shared_keys_array
+    (decrypted_shared_keys_array, sink_info.sessionId)
 }
 
 /// Perform mainline AuthGraph key exchange with the provided sink, but provide an invalid

diff --git a/security/authgraph/aidl/vts/functional/source.rs b/security/authgraph/aidl/vts/functional/source.rs
index a1e76b3..019e1e8 100644
--- a/security/authgraph/aidl/vts/functional/source.rs
+++ b/security/authgraph/aidl/vts/functional/source.rs

@@ -29,11 +29,11 @@
 }
 
 /// Perform mainline AuthGraph key exchange with the provided source.
-/// Return the agreed AES keys in plaintext.
+/// Return the agreed AES keys in plaintext, together with the session ID.
 pub fn test_mainline(
     local_sink: &mut ke::AuthGraphParticipant,
     source: binder::Strong<dyn IAuthGraphKeyExchange>,
-) -> [key::AesKey; 2] {
+) -> ([key::AesKey; 2], Vec<u8>) {
     // Step 1: create an ephemeral ECDH key at the (remote) source.
     let source_init_info = source
         .create()
@@ -120,7 +120,7 @@
         Ok(array) => array,
         Err(_) => panic!("wrong number of decrypted shared key arcs"),
     };
-    decrypted_shared_keys_array
+    (decrypted_shared_keys_array, source_info.sessionId)
 }
 
 /// Perform mainline AuthGraph key exchange with the provided source, but provide an invalid session