Correct IKeymasterDevice documentation.

am: 744a37115a Change-Id: I9f7ae4efef89723a7200d9fbd72ee0e3e0cd2954
2019-04-23 11:23:31 -07:00 · 2019-04-23 11:23:31 -07:00 · dff8dd72a3
commit dff8dd72a3
parent c1ac036a8c 744a37115a
2 changed files with 8 additions and 10 deletions
--- a/current.txt
+++ b/current.txt
@ -475,4 +475,4 @@ d8e7717e8187dd7453d4142f8f331e7c325e7a6f9e8d44ac0d52b3be502bfe83 android.hardwar
 b53ac9d61c24efb16a2d63a861cef20680f6d57adb244a03b9778c675550628b android.hardware.secure_element@1.1::ISecureElementHalCallback

 # ABI preserving changes to HALs during Android R
-# none yet
+b69a7615c508acf5c5201efd1bfa3262167874fc3594e2db5a3ff93addd8ac75 android.hardware.keymaster@4.0::IKeymasterDevice
--- a/keymaster/4.0/IKeymasterDevice.hal
+++ b/keymaster/4.0/IKeymasterDevice.hal
@ -624,7 +624,7 @@ interface IKeymasterDevice {
    /**
     * Exports a public key, returning the key in the specified format.
     *
-     * @parm keyFormat The format used for export.  See KeyFormat in types.hal.
+     * @parm keyFormat The format used for export.  Must be KeyFormat::X509.
     *
     * @param keyBlob The opaque descriptor returned by generateKey() or importKey().  The
     *        referenced key must be asymmetric.
@ -639,7 +639,7 @@ interface IKeymasterDevice {
     *        value, it must be computationally infeasible for the secure hardware to obtain the key
     *        material.
     *
-     * @return keyMaterial The public key material in PKCS#8 format.
+     * @return keyMaterial The public key material in X.509 format.
     */
    exportKey(KeyFormat keyFormat, vec<uint8_t> keyBlob, vec<uint8_t> clientId,
              vec<uint8_t> appData) generates (ErrorCode error, vec<uint8_t> keyMaterial);
@ -1005,13 +1005,11 @@ interface IKeymasterDevice {
     *
     * -- EC Keys --
     *
-     * EC key operations must specify exactly one padding mode in inParams.  If unspecified or
-     * specified more than once, begin() must return ErrorCode::UNSUPPORTED_PADDING_MODE.
-     *
-     * Private key operations (KeyPurpose::SIGN) need authorization of digest and padding, which
-     * means that the key authorizations must contain the specified values.  If not, begin() must
-     * return ErrorCode::INCOMPATIBLE_DIGEST.  Public key operations (KeyPurpose::VERIFY) are
-     * permitted with unauthorized digest or padding.
+     * EC private key operations must specify exactly one digest in inParams.  If unspecified or
+     * specified more than once, begin() must return ErrorCode::UNSUPPORTED_DIGEST.  For private key
+     * operations, (KeyPurpose::SIGN), if the specified digest is not in the key's authorization
+     * list, begin() must return ErrorCode::INCOMPATIBLE_DIGEST.  Public key operations
+     * (KeyPurpose::VERIFY) are permitted with unauthorized digest.
     *
     * -- AES Keys --
     *