Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 45d1faae authored by Alan Stokes's avatar Alan Stokes
Browse files

Clarify Secretkeeper comments 

Various small wording changes to attempt to clarify some of the
details of the Secretkeeper API.

While I'm here: fix error code naming inconsistency.

Bug: 291224769
Test: N/A
Change-Id: I956b549bc5bf4d2b964dde9867430cb4778e445b
parent 91664b85

security/secretkeeper/aidl/android/hardware/security/secretkeeper/ISecretkeeper.aidl

+9 −4
Original line number Original line Diff line number Diff line
@@ -41,7 +41,12 @@ interface ISecretkeeper { 
     * Retrieve the instance of the `IAuthGraphKeyExchange` HAL that should be used for shared

     * Retrieve the instance of the `IAuthGraphKeyExchange` HAL that should be used for shared

     * session key establishment. These keys are used to perform encryption of messages as

     * session key establishment. These keys are used to perform encryption of messages as

     * described in SecretManagement.cddl, allowing the client and Secretkeeper to have a

     * described in SecretManagement.cddl, allowing the client and Secretkeeper to have a

     * cryptographically secure channel.

     * cryptographically secure channel. In the key exchange protocol the client acts as P1

     * (source) and Secretkeeper as P2 (sink). The interface returned here can be used to invoke

     * methods on the sink.

     *

     * The client's identity is its DICE chain; Secretkeeper's identity is a

     * per-boot key pair.

     */

     */

    IAuthGraphKeyExchange getAuthGraphKe();

    IAuthGraphKeyExchange getAuthGraphKe();
@@ -56,8 +61,8 @@ interface ISecretkeeper { 
     * ProtectedRequestPacket & ProtectedResponsePacket using symmetric keys agreed between

     * ProtectedRequestPacket & ProtectedResponsePacket using symmetric keys agreed between

     * the client & service. This cryptographic protection is required because the messages are

     * the client & service. This cryptographic protection is required because the messages are

     * ferried via Android, which is allowed to be outside the TCB of clients (for example protected

     * ferried via Android, which is allowed to be outside the TCB of clients (for example protected

     * Virtual Machines). For this, service (& client) must implement a key exchange protocol, which

     * Virtual Machines). For this, service (& client) must implement the AuthGraph key exchange

     * is critical for establishing the secure channel.

     * protocol to establish a secure channel between them.

     *

     *

     * If an encrypted response cannot be generated, then a service-specific Binder error using one

     * If an encrypted response cannot be generated, then a service-specific Binder error using one

     * of the ERROR_ codes above will be returned.

     * of the ERROR_ codes above will be returned.

security/secretkeeper/aidl/android/hardware/security/secretkeeper/SecretManagement.cddl

+2 −2
Original line number Original line Diff line number Diff line
@@ -82,7 +82,7 @@ ErrorCode = &( 
    ; Requested Entry not found.

    ; Requested Entry not found.

    ErrorCode_EntryNotFound: 3,

    ErrorCode_EntryNotFound: 3,

    ; Error happened while serialization or deserialization.

    ; Error happened while serialization or deserialization.

    SerializationError: 4,

    ErrorCode_SerializationError: 4,

    ; Indicates that Dice Policy matching did not succeed & hence access not granted.

    ; Indicates that Dice Policy matching did not succeed & hence access not granted.

    ErrorCode_DicePolicyError: 5,

    ErrorCode_DicePolicyError: 5,

)

)
@@ -95,7 +95,7 @@ Result = &( 
    GetSecretResult,

    GetSecretResult,

)

)





GetVersionResult = (version : uint)

GetVersionResult = (1)





StoreSecretResult = ()

StoreSecretResult = ()