Tweak IRemotelyProvisionedComponent AIDL docs (a5ddfbdc) · Commits · e / os / android_hardware_interfaces

security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl

+2 −2

Original line number	Diff line number	Diff line
		@@ -202,7 +202,7 @@ interface IRemotelyProvisionedComponent {
		* 2 : bstr // KID : EEK ID
		* 3 : -25, // Algorithm : ECDH-ES + HKDF-256
		* -1 : 4, // Curve : X25519
		* -2 : bstr // Ed25519 public key
		* -2 : bstr // X25519 public key
		* }
		*
		* EekSignatureInput = [
		@@ -221,7 +221,7 @@ interface IRemotelyProvisionedComponent {
		* in the chain, which implies that it must not attempt to validate the signature.
		*
		* If testMode is false, the method must validate the chain signatures, and must verify
		* that the public key in the root certifictate is in its pre-configured set of
		* that the public key in the root certificate is in its pre-configured set of
		* authorized EEK root keys. If the public key is not in the database, or if signature
		* verification fails, the method must return STATUS_INVALID_EEK.
		*

+6 −5

Original line number	Diff line number	Diff line
		@@ -26,7 +26,7 @@ parcelable MacedPublicKey {
		/**
		* key is a COSE_Mac0 structure containing the new public key. It's MACed by a key available
		* only to the secure environment, as proof that the public key was generated by that
		* environment. In CDDL, assuming the contained key is an Ed25519 public key:
		* environment. In CDDL, assuming the contained key is a P-256 public key:
		*
		* MacedPublicKey = [ // COSE_Mac0
		* protected: bstr .cbor { 1 : 5}, // Algorithm : HMAC-256
		@@ -36,10 +36,11 @@ parcelable MacedPublicKey {
		* ]
		*
		* PublicKey = { // COSE_Key
		* 1 : 1, // Key type : octet key pair
		* 3 : -8 // Algorithm : EdDSA
		* -1 : 6, // Curve : Ed25519
		* 1 : 2, // Key type : EC2
		* 3 : -8 // Algorithm : ES256
		* -1 : 6, // Curve : P256
		* -2 : bstr // X coordinate, little-endian
		* -3 : bstr // Y coordinate, little-endian
		* ? -70000 : nil // Presence indicates this is a test key. If set, K_mac is
		* // all zeros.
		* },
		@@ -51,7 +52,7 @@ parcelable MacedPublicKey {
		* payload : bstr .cbor PublicKey
		* ]
		*
		* if a non-Ed25519 public key were contained, the contents of the PublicKey map would change a
		* if a non-P256 public key were contained, the contents of the PublicKey map would change a
		* little; see RFC 8152 for details.
		*/
		byte[] macedKey;

+1 −1

Original line number	Diff line number	Diff line
		@@ -33,7 +33,7 @@ parcelable ProtectedData {
		* unprotected: {
		* 5 : bstr .size 12 // IV
		* },
		* ciphertext: bstr, // AES-GCM-128(K, .cbor ProtectedDataPayload)
		* ciphertext: bstr, // AES-GCM-256(K, .cbor ProtectedDataPayload)
		* recipients : [
		* [ // COSE_Recipient
		* protected : bstr .cbor {