Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / docs / source.android.com / f8b9963bff575ae3ec07c281542304eedff53ccf^! / .
commitf8b9963bff575ae3ec07c281542304eedff53ccf[log] [tgz]
authorBert McMeen <amcmeen@google.com>Tue Jan 05 15:20:01 2016 -0800
committerBert McMeen <amcmeen@google.com>Wed Jan 06 10:18:11 2016 -0800
tree9a606c0ee60051b613779fd2f83d2e6c1c044fe6
parente01686129e353cacbf12977e51585de08251a1ba [diff]
Docs: Updates related to Keystore and Keymaster

Bug: 24619742
Change-Id: I1f0b2e267ca01adf77346c7ce4ff6997d04052f3

diff --git a/src/security/authentication/gatekeeper.jd b/src/security/authentication/gatekeeper.jd
index 9d760bc..14e0b71 100644
--- a/src/security/authentication/gatekeeper.jd
+++ b/src/security/authentication/gatekeeper.jd

@@ -35,8 +35,8 @@
 
 <p>When users verify their passwords, Gatekeeper uses the TEE-derived shared
 secret to sign an authentication attestation to
-send to <a href="keymaster.html">Keymaster</a>. That is, a
-Gatekeeper attestation notifies Keymaster that authentication-bound keys (for
+send to the <a href="../keystore/index.html">hardware-backed Keystore</a>. That is, a
+Gatekeeper attestation notifies Keystore that authentication-bound keys (for
 example, keys that apps have created) can be released for use by apps.</p>
 
 <h2 id=architecture>Architecture</h2>
@@ -74,7 +74,7 @@
 <p class="img-caption"><strong>Figure 1.</strong> High-level data flow for authentication by GateKeeper</p>
 
 <p>The <code>gatekeeperd</code> daemon gives the Android framework APIs access to the HAL, and
-participates in reporting device <a href="index.html">authentications</a> to Keymaster.
+participates in reporting device <a href="index.html">authentications</a> to Keystore.
 The <code>gatekeeperd</code> daemon runs in its own process, separate from the system
 server.</p>
 
@@ -113,7 +113,7 @@
 <p>Trusty uses an internal IPC system to communicate a shared secret directly
 between Keymaster and the Trusty implementation of Gatekeeper ("Trusty
 Gatekeeper"). This shared secret is used for signing AuthTokens that will be
-sent to Keymaster, providing attestations of password verification. Trusty
+sent to Keystore, providing attestations of password verification. Trusty
 Gatekeeper requests the key from Keymaster for each use and does not persist
 or cache the value. Implementations are free to share this secret in any way
 that does not compromise security.</p>
@@ -158,8 +158,8 @@
 password is enrolled.</p>
 
 <p>User SIDs are written into the AuthToken returned by the <code>verify</code>
-function and associated to all authentication-bound Keymaster keys. For
-information about the AuthToken format and Keymaster, see
+function and associated to all authentication-bound Keystore keys. For
+information about the AuthToken format and Keystore, see
 <a href="index.html">Authentication</a>.
 Since an untrusted call to the <code>enroll</code> function
 will change the User SID, the call will render the keys bound to that password useless.</p>

diff --git a/src/security/authentication/index.jd b/src/security/authentication/index.jd
index 86564eb..194bdc8 100644
--- a/src/security/authentication/index.jd
+++ b/src/security/authentication/index.jd

@@ -43,16 +43,16 @@
 state with the keystore service via an authenticated channel.</p>
 
 <ul>
-  <li><strong>The keystore service and <a href="keymaster.html">Keymaster</a>.</strong> Cryptographic services,
-   including hardware-backed cryptography for key storage,
-   which might include a Trusted Execution Environment (TEE).</li>
+  <li><strong>The <a href="../keystore/index.html">hardware-backed Keystore</a>.</strong>
+  Cryptographic services, including hardware-backed cryptography for key storage,
+  which might include a Trusted Execution Environment (TEE).</li>
   <li><strong><a href="gatekeeper.html">Gatekeeper</a>.</strong> Components for PIN, pattern, and password authentication.</li>
   <li><strong><a href="fingerprint-hal.html">Fingerprint</a>.</strong> Components for fingerprint authentication.</li>
 </ul>
 
 <h2 id=architecture>Architecture</h2>
 
-<p>The Gatekeeper and Fingerprint components work with Keymaster and other
+<p>The Gatekeeper and Fingerprint components work with Keystore and other
 components to support the use of hardware-backed <a href="#authentication_token_format">authentication tokens</a> (referred to below as "AuthTokens").</p>
 
 <h3 id=enrollment>Enrollment</h3>

diff --git a/src/security/keystore/implementer-ref.jd b/src/security/keystore/implementer-ref.jd
index 7375651..99ea15f 100644
--- a/src/security/keystore/implementer-ref.jd
+++ b/src/security/keystore/implementer-ref.jd

@@ -345,7 +345,7 @@
 tag, it must receive an authentication token, and the token's
 <code>authenticator_type</code> field must match the value in the tag.  To be
 precise, it must be true that <code>(ntoh(token.authenticator_type) &
-auth_type_tag_value) != 0, where <code>ntoh</code> is a function that converts
+auth_type_tag_value) != 0</code>, where <code>ntoh</code> is a function that converts
 network-ordered integers to host-ordered integers and
 <code>auth_type_tag_value</code> is the value of this tag.</p>