Correct IKeymasterDevice documentation.
Bug: 129931913 Bug: 130144003 Test: ./update-makefiles.sh (checks hashes) Change-Id: Ia8101f8410a728b28653416300c1a3eb480eb469
This commit is contained in:
Shawn Willden
Steven Moreland
parent
8e0b1c09b8
commit
744a37115a
2 changed files with 8 additions and 10 deletions
|
|
@ -475,4 +475,4 @@ d8e7717e8187dd7453d4142f8f331e7c325e7a6f9e8d44ac0d52b3be502bfe83 android.hardwar
|
|||
b53ac9d61c24efb16a2d63a861cef20680f6d57adb244a03b9778c675550628b android.hardware.secure_element@1.1::ISecureElementHalCallback
|
||||
|
||||
# ABI preserving changes to HALs during Android R
|
||||
# none yet
|
||||
b69a7615c508acf5c5201efd1bfa3262167874fc3594e2db5a3ff93addd8ac75 android.hardware.keymaster@4.0::IKeymasterDevice
|
||||
|
|
|
|||
|
|
@ -624,7 +624,7 @@ interface IKeymasterDevice {
|
|||
/**
|
||||
* Exports a public key, returning the key in the specified format.
|
||||
*
|
||||
* @parm keyFormat The format used for export. See KeyFormat in types.hal.
|
||||
* @parm keyFormat The format used for export. Must be KeyFormat::X509.
|
||||
*
|
||||
* @param keyBlob The opaque descriptor returned by generateKey() or importKey(). The
|
||||
* referenced key must be asymmetric.
|
||||
|
|
@ -639,7 +639,7 @@ interface IKeymasterDevice {
|
|||
* value, it must be computationally infeasible for the secure hardware to obtain the key
|
||||
* material.
|
||||
*
|
||||
* @return keyMaterial The public key material in PKCS#8 format.
|
||||
* @return keyMaterial The public key material in X.509 format.
|
||||
*/
|
||||
exportKey(KeyFormat keyFormat, vec<uint8_t> keyBlob, vec<uint8_t> clientId,
|
||||
vec<uint8_t> appData) generates (ErrorCode error, vec<uint8_t> keyMaterial);
|
||||
|
|
@ -1005,13 +1005,11 @@ interface IKeymasterDevice {
|
|||
*
|
||||
* -- EC Keys --
|
||||
*
|
||||
* EC key operations must specify exactly one padding mode in inParams. If unspecified or
|
||||
* specified more than once, begin() must return ErrorCode::UNSUPPORTED_PADDING_MODE.
|
||||
*
|
||||
* Private key operations (KeyPurpose::SIGN) need authorization of digest and padding, which
|
||||
* means that the key authorizations must contain the specified values. If not, begin() must
|
||||
* return ErrorCode::INCOMPATIBLE_DIGEST. Public key operations (KeyPurpose::VERIFY) are
|
||||
* permitted with unauthorized digest or padding.
|
||||
* EC private key operations must specify exactly one digest in inParams. If unspecified or
|
||||
* specified more than once, begin() must return ErrorCode::UNSUPPORTED_DIGEST. For private key
|
||||
* operations, (KeyPurpose::SIGN), if the specified digest is not in the key's authorization
|
||||
* list, begin() must return ErrorCode::INCOMPATIBLE_DIGEST. Public key operations
|
||||
* (KeyPurpose::VERIFY) are permitted with unauthorized digest.
|
||||
*
|
||||
* -- AES Keys --
|
||||
*
|
||||
|
|
|
|||
Loading…
Reference in a new issue