X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=doc%2Fkey-manager_doc.h;h=62b5fce8ef6b8321e58519f2361851d19be02b81;hb=79141629106d3097f8a4013d3744cef046265a3e;hp=3c2e3d7cee79d46e2d0ccfab00191da96bba4704;hpb=e575e8ad62a2403bcc092e9d76e5375354a1eee8;p=platform%2Fcore%2Fsecurity%2Fkey-manager.git

diff --git a/doc/key-manager_doc.h b/doc/key-manager_doc.h
index 3c2e3d7..62b5fce 100644
--- a/doc/key-manager_doc.h
+++ b/doc/key-manager_doc.h
@@ -13,14 +13,18 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
+
 #ifndef __TIZEN_CORE_KEY_MANAGER_DOC_H__
 #define __TIZEN_CORE_KEY_MANAGER_DOC_H__
+
+
 /**
  * @ingroup CAPI_SECURITY_FRAMEWORK
  * @defgroup CAPI_KEY_MANAGER_MODULE Key Manager
- * @brief    The key manager provides a secure repository protected by Tizen platform for keys, certificates, and sensitive data of users and/or their APPs. 
- *           Additionally, the key manager provides secure cryptographic operations for non-exportable keys without revealing key values to clients.
- *
+ * @brief The key manager provides a secure repository protected by Tizen platform for keys, certificates, and sensitive data of users and/or their APPs.
+ *        Additionally, the key manager provides secure cryptographic operations for non-exportable keys without revealing key values to clients.
+ *        Since Tizen 5.0 on chosen system images, module may use ARM TrustZone technology and may rely on particular TEE (Trusted Execution Environment) implementation.
  * @section CAPI_KEY_MANAGER_MODULE_OVERVIEW Overview
  * <table>
  *   <tr><th>API</th><th>Description</th></tr>
@@ -33,18 +37,15 @@
  *     <td> Defines data types used in these APIs and provides utility methods handling them.</td>
  *   </tr>
  * </table>
- *
  * It provides a secure repository for keys, certificates, and sensitive data of users and/or their APPs which are protected by Tizen platform.
  * Additionally, it provides secure cryptographic operations for non-exportable keys without revealing key values to clients.
  *
  * @image html capi_key_manager_overview_diagram.png
- *
  * The key manager provides 2 types of API.
- * - secure repository APIs : These APIs provides storing, retrieving, and removing functions for keys, certificates, and data.
- * - secure crypto APIs : These APIs provides additional cryptographic operations (create asymmetric key pair, sign/verify signature, verify certificate).
- *
+ * - secure repository APIs: These APIs provides storing, retrieving, and removing functions for keys, certificates, and data.
+ * - secure crypto APIs: These APIs provides additional cryptographic operations (create asymmetric key pair, sign/verify signature, verify certificate).
  * Data Store Policy:
- *   A client can specify simple access rules when storing a data in Key Manager.
+ *   A client can specify simple access rules when storing data in Key Manager.
  *   - Exportable/Non-Exportable:
  *     Only for data tagged as exportable, Key Manager returns the raw value of the data.
  *     If data is tagged as non-exportable, Key Manager does not return its raw value.
@@ -53,20 +54,26 @@
  *     All data in Key Manager is protected by Tizen platform.
  *     Besides, a client can encrypt its data using its own password additionally.
  *     If a client provides a password when storing a data, the data will be encrypted with the password.
- *     This password should be provided when get the data from Key Manager.
- *
+ *     This password should be provided when getting the data from Key Manager.
  * Data Access Control
  *   - By default, only the owner of a data can access to the data.
  *   - If the owner grants the access to other applications, those applications can read or delete the data from key-manager DB.
  *   - When an application is deleted, the data and access control information granted by the application are also removed.
- *
  * Alias Format
  *   - The format of alias is "package_id name".
  *   - If package_id is not provided by a client, the key-manager will add the package_id of the client to the name internally.
  *   - The client can specify only its own package id in the alias when storing a key, certificate, or data.
  *   - A client should specify the package id of the owner in the alias to retrieve a a key, certificate, or data shared by other applications.
  *   - Aliases are returned as the format of "package_id name" from the key-manager.
- *
+ * Supported features
+ *   Since Tizen 5.0 on chosen images, the realization of module functionality can be implemented using ARM TrustZone technology.
+ *   Differences in standards governing TrustZone implementation and previous software-based implementation cause following differences in module operation:
+ *   - When using TrustZone-based backend, GCM modes with 32 and 64 bit tag lengths are not supported.
+ *     Global Platform TEE specification treats these configurations as unsafe and not supported.
+ *   - When using TrustZone-based backend, passing big amounts of data (encryption/decryption) to the module has additional size restriction.
+ *     Now it depends on the TEEC_CONFIG_SHAREDMEM_MAX_SIZE definition, specific for given TEE implementation, minus size of key-information needed to be passed to TEE.
+ *     Minimum supported value for passing data to the module is at 500 kB.
  */
 
+
 #endif /* __TIZEN_CORE_KEY_MANAGER_DOC_H__ */