Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 86a83243 authored by Hasini Gunasinghe's avatar Hasini Gunasinghe Committed by Automerger Merge Worker
Browse files

Merge "Challenge is expected in timestamp token in case 2" am: 51471dcf am: aa54976b 

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2574790



Change-Id: I419a76399f98b81e4a25514a58cc2fcda89418f6
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 0ca0cd5c aa54976b

security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl

+2 −5
Original line number Diff line number Diff line
@@ -126,8 +126,8 @@ interface IKeyMintOperation { 
     *

     *   o The HMAC field must validate correctly.

     *

     *   o The challenge field in the auth token must contain the challenge value contained in the

     *     BeginResult returned from IKeyMintDevice::begin().

     *   o The challenge field in the timestamp token must contain the challenge value contained in

     *     the BeginResult returned from IKeyMintDevice::begin().

     *

     * The resulting secure time value is then used to authenticate the HardwareAuthToken. For the

     * auth token to be valid, all of the following has to be true:
@@ -139,9 +139,6 @@ interface IKeyMintOperation { 
     *

     *   o The key must have a Tag::USER_AUTH_TYPE that matches the auth type in the token.

     *

     *   o The challenge field in the auth token must contain the challenge value contained in the

     *     BeginResult returned from IKeyMintDevice::begin().

     *

     *   o The timestamp in the auth token plus the value of the Tag::AUTH_TIMEOUT must be greater

     *     than the provided secure timestamp.