Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit da36bc21 authored by Hasini Gunasinghe's avatar Hasini Gunasinghe Committed by Automerger Merge Worker
Browse files

Merge "Challenge is expected in timestamp token in case 2" am: 51471dcf am:... 

Merge "Challenge is expected in timestamp token in case 2" am: 51471dcf am: aa54976b am: 86a83243 am: 4d14f249 am: ed2e4026 am: 0ed39675

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2574790



Change-Id: I4fb82a9a6578a9a887aa4d9bc8dcf6ddcdb91a98
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 7b87ade7 0ed39675

security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl

+2 −5
Original line number Diff line number Diff line
@@ -126,8 +126,8 @@ interface IKeyMintOperation { 
     *

     *   o The HMAC field must validate correctly.

     *

     *   o The challenge field in the auth token must contain the challenge value contained in the

     *     BeginResult returned from IKeyMintDevice::begin().

     *   o The challenge field in the timestamp token must contain the challenge value contained in

     *     the BeginResult returned from IKeyMintDevice::begin().

     *

     * The resulting secure time value is then used to authenticate the HardwareAuthToken. For the

     * auth token to be valid, all of the following has to be true:
@@ -139,9 +139,6 @@ interface IKeyMintOperation { 
     *

     *   o The key must have a Tag::USER_AUTH_TYPE that matches the auth type in the token.

     *

     *   o The challenge field in the auth token must contain the challenge value contained in the

     *     BeginResult returned from IKeyMintDevice::begin().

     *

     *   o The timestamp in the auth token plus the value of the Tag::AUTH_TIMEOUT must be greater

     *     than the provided secure timestamp.