Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4d14f249 authored by Hasini Gunasinghe's avatar Hasini Gunasinghe Committed by Automerger Merge Worker
Browse files

Merge "Challenge is expected in timestamp token in case 2" am: 51471dcf am:... 

Merge "Challenge is expected in timestamp token in case 2" am: 51471dcf am: aa54976b am: 86a83243

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2574790



Change-Id: I36b53c635b8c3a288c20fd16e31df808ce837e73
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents abf0d08b 86a83243

security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl

+2 −5
Original line number Diff line number Diff line
@@ -126,8 +126,8 @@ interface IKeyMintOperation { 
     *

     *   o The HMAC field must validate correctly.

     *

     *   o The challenge field in the auth token must contain the challenge value contained in the

     *     BeginResult returned from IKeyMintDevice::begin().

     *   o The challenge field in the timestamp token must contain the challenge value contained in

     *     the BeginResult returned from IKeyMintDevice::begin().

     *

     * The resulting secure time value is then used to authenticate the HardwareAuthToken. For the

     * auth token to be valid, all of the following has to be true:
@@ -139,9 +139,6 @@ interface IKeyMintOperation { 
     *

     *   o The key must have a Tag::USER_AUTH_TYPE that matches the auth type in the token.

     *

     *   o The challenge field in the auth token must contain the challenge value contained in the

     *     BeginResult returned from IKeyMintDevice::begin().

     *

     *   o The timestamp in the auth token plus the value of the Tag::AUTH_TIMEOUT must be greater

     *     than the provided secure timestamp.