Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 77819bb9 authored by Hasini Gunasinghe's avatar Hasini Gunasinghe
Browse files

Challenge is expected in timestamp token in case 2 

In the second case out of the two cases of authorization enforcement
described for update(), it seems like the challenge is expected in
the timestamp token.

Test: N/A
Change-Id: I33e1b84bf8218335665b31ca144b3b4ecb342328
parent 64412bb9

security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl

+2 −5
Original line number Diff line number Diff line
@@ -126,8 +126,8 @@ interface IKeyMintOperation { 
     *

     *   o The HMAC field must validate correctly.

     *

     *   o The challenge field in the auth token must contain the challenge value contained in the

     *     BeginResult returned from IKeyMintDevice::begin().

     *   o The challenge field in the timestamp token must contain the challenge value contained in

     *     the BeginResult returned from IKeyMintDevice::begin().

     *

     * The resulting secure time value is then used to authenticate the HardwareAuthToken. For the

     * auth token to be valid, all of the following has to be true:
@@ -139,9 +139,6 @@ interface IKeyMintOperation { 
     *

     *   o The key must have a Tag::USER_AUTH_TYPE that matches the auth type in the token.

     *

     *   o The challenge field in the auth token must contain the challenge value contained in the

     *     BeginResult returned from IKeyMintDevice::begin().

     *

     *   o The timestamp in the auth token plus the value of the Tag::AUTH_TIMEOUT must be greater

     *     than the provided secure timestamp.