Merge "Clarify Secretkeeper comments" into main am: 99cf847175 am: 5605362e10 am: e0ef257a9c
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2885127
Change-Id: I55203e8f170b139cb73769efde17db846bc74bf7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/security/secretkeeper/aidl/android/hardware/security/secretkeeper/ISecretkeeper.aidl b/security/secretkeeper/aidl/android/hardware/security/secretkeeper/ISecretkeeper.aidl
index 49c3446..b07dba8 100644
--- a/security/secretkeeper/aidl/android/hardware/security/secretkeeper/ISecretkeeper.aidl
+++ b/security/secretkeeper/aidl/android/hardware/security/secretkeeper/ISecretkeeper.aidl
@@ -39,9 +39,14 @@
/**
* Retrieve the instance of the `IAuthGraphKeyExchange` HAL that should be used for shared
- * session key establishment. These keys are used to perform encryption of messages as
+ * session key establishment. These keys are used to perform encryption of messages as
* described in SecretManagement.cddl, allowing the client and Secretkeeper to have a
- * cryptographically secure channel.
+ * cryptographically secure channel. In the key exchange protocol the client acts as P1
+ * (source) and Secretkeeper as P2 (sink). The interface returned here can be used to invoke
+ * methods on the sink.
+ *
+ * The client's identity is its DICE chain; Secretkeeper's identity is a
+ * per-boot key pair.
*/
IAuthGraphKeyExchange getAuthGraphKe();
@@ -56,8 +61,8 @@
* ProtectedRequestPacket & ProtectedResponsePacket using symmetric keys agreed between
* the client & service. This cryptographic protection is required because the messages are
* ferried via Android, which is allowed to be outside the TCB of clients (for example protected
- * Virtual Machines). For this, service (& client) must implement a key exchange protocol, which
- * is critical for establishing the secure channel.
+ * Virtual Machines). For this, service (& client) must implement the AuthGraph key exchange
+ * protocol to establish a secure channel between them.
*
* If an encrypted response cannot be generated, then a service-specific Binder error using one
* of the ERROR_ codes above will be returned.
diff --git a/security/secretkeeper/aidl/android/hardware/security/secretkeeper/SecretManagement.cddl b/security/secretkeeper/aidl/android/hardware/security/secretkeeper/SecretManagement.cddl
index 3f823df..6a824c9 100644
--- a/security/secretkeeper/aidl/android/hardware/security/secretkeeper/SecretManagement.cddl
+++ b/security/secretkeeper/aidl/android/hardware/security/secretkeeper/SecretManagement.cddl
@@ -91,7 +91,7 @@
; Requested Entry not found.
ErrorCode_EntryNotFound: 3,
; Error happened while serialization or deserialization.
- SerializationError: 4,
+ ErrorCode_SerializationError: 4,
; Indicates that Dice Policy matching did not succeed & hence access not granted.
ErrorCode_DicePolicyError: 5,
)
@@ -104,7 +104,7 @@
GetSecretResult,
)
-GetVersionResult = (version : uint)
+GetVersionResult = (1)
StoreSecretResult = ()