Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 744a37115a0a0e30fb84806ab2c320a6b744298c^! / . / keymaster
commit744a37115a0a0e30fb84806ab2c320a6b744298c[log] [tgz]
authorShawn Willden <swillden@google.com>Mon Apr 15 05:51:37 2019 -0600
committerSteven Moreland <smoreland@google.com>Fri Apr 19 00:59:01 2019 +0000
tree349b27903965d04098507058a5230894d111b898
parent8e0b1c09b81f422a3dab79b3d27af30012062f3c [diff]
Correct IKeymasterDevice documentation.

Bug: 129931913
Bug: 130144003
Test: ./update-makefiles.sh (checks hashes)
Change-Id: Ia8101f8410a728b28653416300c1a3eb480eb469

diff --git a/keymaster/4.0/IKeymasterDevice.hal b/keymaster/4.0/IKeymasterDevice.hal
index c867ab0..3475f79 100644
--- a/keymaster/4.0/IKeymasterDevice.hal
+++ b/keymaster/4.0/IKeymasterDevice.hal

@@ -624,7 +624,7 @@
     /**
      * Exports a public key, returning the key in the specified format.
      *
-     * @parm keyFormat The format used for export.  See KeyFormat in types.hal.
+     * @parm keyFormat The format used for export.  Must be KeyFormat::X509.
      *
      * @param keyBlob The opaque descriptor returned by generateKey() or importKey().  The
      *        referenced key must be asymmetric.
@@ -639,7 +639,7 @@
      *        value, it must be computationally infeasible for the secure hardware to obtain the key
      *        material.
      *
-     * @return keyMaterial The public key material in PKCS#8 format.
+     * @return keyMaterial The public key material in X.509 format.
      */
     exportKey(KeyFormat keyFormat, vec<uint8_t> keyBlob, vec<uint8_t> clientId,
               vec<uint8_t> appData) generates (ErrorCode error, vec<uint8_t> keyMaterial);
@@ -1005,13 +1005,11 @@
      *
      * -- EC Keys --
      *
-     * EC key operations must specify exactly one padding mode in inParams.  If unspecified or
-     * specified more than once, begin() must return ErrorCode::UNSUPPORTED_PADDING_MODE.
-     *
-     * Private key operations (KeyPurpose::SIGN) need authorization of digest and padding, which
-     * means that the key authorizations must contain the specified values.  If not, begin() must
-     * return ErrorCode::INCOMPATIBLE_DIGEST.  Public key operations (KeyPurpose::VERIFY) are
-     * permitted with unauthorized digest or padding.
+     * EC private key operations must specify exactly one digest in inParams.  If unspecified or
+     * specified more than once, begin() must return ErrorCode::UNSUPPORTED_DIGEST.  For private key
+     * operations, (KeyPurpose::SIGN), if the specified digest is not in the key's authorization
+     * list, begin() must return ErrorCode::INCOMPATIBLE_DIGEST.  Public key operations
+     * (KeyPurpose::VERIFY) are permitted with unauthorized digest.
      *
      * -- AES Keys --
      *