Home
last modified time | relevance | path

Searched refs:secret (Results 1 – 25 of 29) sorted by relevance

12

/system/keymaster/include/keymaster/km_openssl/
Dhkdf.h35 bool Init(Buffer& secret, Buffer& salt) { in Init() argument
36 return Init(secret.peek_read(), secret.available_read(), salt.peek_read(), in Init()
40 bool Init(const uint8_t* secret, size_t secret_len, const uint8_t* salt, size_t salt_len) { in Init() argument
41 return Kdf::Init(KM_DIGEST_SHA_2_256, secret, secret_len, salt, salt_len); in Init()
Diso18033kdf.h36 bool Init(keymaster_digest_t digest_type, const uint8_t* secret, size_t secret_len) { in Init() argument
37 return Kdf::Init(digest_type, secret, secret_len, nullptr /* salt */, 0 /* salt_len */); in Init()
Dkdf.h35 bool Init(keymaster_digest_t digest_type, const uint8_t* secret, size_t secret_len,
/system/secretkeeper/comm/src/data_types/
Drequest_response_impl.rs94 pub secret: Secret, field
103 let [id, secret, sealing_policy] = args.try_into().map_err(|_| Error::RequestMalformed)?; in new()
105 let secret = Secret::from_cbor_value(secret)?; in new() localVariable
107 Ok(Box::new(Self { id, secret, sealing_policy })) in new()
113 Value::from(self.secret.0.as_slice()), in args()
163 pub secret: Secret, field
168 let [error_code, secret] = res.try_into().map_err(|_| Error::ResponseMalformed)?; in new()
172 let secret = Secret::from_cbor_value(secret).map_err(|_| Error::ResponseMalformed)?; in new() localVariable
173 Ok(Box::new(Self { secret })) in new()
177 vec![self.secret.0.as_slice().into()] in result()
/system/secretkeeper/core/src/
Dstore.rs77 secret: Secret, in store()
102 let entry = Entry { secret, sealing_policy }.to_vec().map_err(serial_err)?; in store()
140 secret: entry.secret.clone(), in get()
148 Ok(entry.secret) in get()
201 secret: Secret, field
207 let [secret, sealing_policy] = value in from_cbor_value()
212 let secret = Secret::from_cbor_value(secret)?; in from_cbor_value() localVariable
215 Ok(Self { secret, sealing_policy }) in from_cbor_value()
219 Ok(Value::Array(vec![self.secret.to_cbor_value()?, Value::from(self.sealing_policy)])) in to_cbor_value()
Dta.rs309 self.store.store(request.id, request.secret, request.sealing_policy, peer_cert_chain)?; in store_secret()
321 let secret = in get_secret() localVariable
323 let response = GetSecretResponse { secret }; in get_secret()
/system/keymint/common/src/keyblob/
Dsdd_mem.rs44 let mut secret = [0; 32]; in get_or_create_factory_reset_secret() localVariable
45 rng.fill_bytes(&mut secret[..]); in get_or_create_factory_reset_secret()
46 self.factory_secret = Some(secret); in get_or_create_factory_reset_secret()
53 Some(secret) => Ok(SecureDeletionData { in get_factory_reset_secret()
54 factory_reset_secret: secret, in get_factory_reset_secret()
/system/keymaster/km_openssl/
Dkdf.cpp23 bool Kdf::Init(keymaster_digest_t digest_type, const uint8_t* secret, size_t secret_len, in Init() argument
40 if (!secret || secret_len == 0) return false; in Init()
43 secret_key_.reset(dup_buffer(secret, secret_len)); in Init()
/system/vold/
DKeyStorage.h32 KeyAuthentication(const std::string& s) : secret{s} {}; in KeyAuthentication()
34 bool usesKeystore() const { return secret.empty(); }; in usesKeystore()
36 const std::string secret; variable
DFsCrypt.h28 bool fscrypt_set_ce_key_protection(userid_t user_id, const std::vector<uint8_t>& secret);
32 bool fscrypt_unlock_ce_storage(userid_t user_id, const std::vector<uint8_t>& secret);
DFsCrypt.cpp679 const std::vector<uint8_t>& secret) { in authentication_from_secret() argument
680 std::string secret_str(secret.begin(), secret.end()); in authentication_from_secret()
733 bool fscrypt_set_ce_key_protection(userid_t user_id, const std::vector<uint8_t>& secret) { in fscrypt_set_ce_key_protection() argument
736 auto auth = authentication_from_secret(secret); in fscrypt_set_ce_key_protection()
737 if (auth.secret.empty()) { in fscrypt_set_ce_key_protection()
834 bool fscrypt_unlock_ce_storage(userid_t user_id, const std::vector<uint8_t>& secret) { in fscrypt_unlock_ce_storage() argument
841 auto auth = authentication_from_secret(secret); in fscrypt_unlock_ce_storage()
DVoldNativeService.h119 binder::Status setCeStorageProtection(int32_t userId, const std::vector<uint8_t>& secret);
122 binder::Status unlockCeStorage(int32_t userId, const std::vector<uint8_t>& secret);
DVoldNativeService.cpp633 const std::vector<uint8_t>& secret) { in setCeStorageProtection() argument
637 return translateBool(fscrypt_set_ce_key_protection(userId, secret)); in setCeStorageProtection()
649 const std::vector<uint8_t>& secret) { in unlockCeStorage() argument
653 return translateBool(fscrypt_unlock_ce_storage(userId, secret)); in unlockCeStorage()
/system/secretkeeper/comm/tests/
Ddata_types.rs41 StoreSecretRequest { id: ex_id(), secret: ex_secret(), sealing_policy: ex_dice_policy() }; in request_serialization_deserialization_store_secret()
68 let response = GetSecretResponse { secret: ex_secret() }; in success_response_serialization_deserialization_get_secret()
115 assert_eq!(req.secret.0, ex_secret().0); in request_creation()
147 assert_eq!(res.secret.0, ex_secret().0); in response_creation()
/system/security/keystore2/tests/
Dkeystore2_client_key_agreement_tests.rs67 let secret = op.finish(Some(local_pub_key), None).unwrap(); in check_agreement() localVariable
68 assert!(secret.is_some()); in check_agreement()
76 assert_eq!(secret.unwrap(), peer_secret); in check_agreement()
/system/security/keystore2/src/
Dec_crypto.rs67 let secret = ecdh_compute_key(other_public_key.get_point(), &self.0) in agree_key() localVariable
69 let prk = hkdf_extract(&secret, &hkdf).context(ks_err!("hkdf_extract on secret failed"))?; in agree_key()
/system/netd/server/
DInterfaceController.cpp218 std::string secret = oldSecret; in enableStablePrivacyAddresses() local
222 ASSIGN_OR_RETURN(secret, randomIPv6Address()); in enableStablePrivacyAddresses()
226 RETURN_IF_NOT_OK(sys.write(procFd.value(), makeSlice(secret))); in enableStablePrivacyAddresses()
233 return setProperty(kStableSecretProperty, secret); in enableStablePrivacyAddresses()
/system/vold/binder/android/os/
DIVold.aidl94 void setCeStorageProtection(int userId, in byte[] secret); in setCeStorageProtection() argument
97 void unlockCeStorage(int userId, in byte[] secret); in unlockCeStorage() argument
/system/security/keystore2/src/crypto/
Dcrypto.hpp46 const uint8_t *secret, size_t secret_len,
Dlib.rs244 pub fn hkdf_extract(secret: &[u8], salt: &[u8]) -> Result<ZVec, Error> { in hkdf_extract()
254 secret.as_ptr(), in hkdf_extract()
255 secret.len(), in hkdf_extract()
Dcrypto.cpp208 bool HKDFExtract(uint8_t* out_key, size_t* out_len, const uint8_t* secret, size_t secret_len, in HKDFExtract() argument
211 auto result = HKDF_extract(out_key, out_len, digest, secret, secret_len, salt, salt_len); in HKDFExtract()
/system/security/mls/mls-rs-crypto-boringssl/src/
Dhpke.rs336 let secret = kdf.labeled_extract(&shared_secret, label, &[]).unwrap(); in kdf_labeled_extract() localVariable
337 assert_eq!(secret, expected_secret); in kdf_labeled_extract()
347 let secret: [u8; 32] = in kdf_labeled_expand() localVariable
353 let key = kdf.labeled_expand(&secret, label, &key_schedule_ctx, 16).unwrap(); in kdf_labeled_expand()
/system/keymint/ta/src/
Ddevice.rs204 let secret = self.derive_bytes_from_hbk(hkdf, RPC_HMAC_KEY_CONTEXT, RPC_HMAC_KEY_LEN)?; in compute_hmac_sha256() localVariable
205 crypto::hmac_sha256(hmac, &secret, input) in compute_hmac_sha256()
/system/secretkeeper/dice_policy/
DREADME.md30 Each component in a DICE chain receives a secret, the “attestation CDI”, which depends on all of the
31 information in the chain up to that point; this secret is used to protect a signing keypair that the
32 component uses to sign DICE assertions. This secret isn’t useful for protecting component data,
/system/secretkeeper/
DREADME.md9 store (& get) 32 bytes of secret data. Secretkeeper supports establishing a secure channel with
33 Android (userspace & kernel) tampers with the client's secret, the Secretkeeper service must be
43 Secretkeeper uses [DICE policy][DicePolicyCDDL] based access control. Each secret is associated
44 with a sealing policy, which is a DICE policy. This is a required input while storing a secret.
45 Further access to this secret is restricted to clients whose DICE chain adheres to the

12