commit 67567baf9451c4c7f0ba17d8a41fa3ccacc3f655
author Tri Vo <trong@google.com> Fri May 05 17:07:39 2023 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Fri May 05 17:07:39 2023 +0000
tree 7bdc6f6d73ce669e212200b414eaab9e8ae56b8b
parent 51471dcfce48acf7319f48f6a49e38659aeb8d4f
parent 520a95bc312223f26496429cde105034c6269c4d

Merge "Test cases for attested Root-of-Trust"

security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl

diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl
index 82c8a0d..a4fab55 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl
@@ -126,8 +126,8 @@
      *
      *   o The HMAC field must validate correctly.
      *
-     *   o The challenge field in the auth token must contain the challenge value contained in the
-     *     BeginResult returned from IKeyMintDevice::begin().
+     *   o The challenge field in the timestamp token must contain the challenge value contained in
+     *     the BeginResult returned from IKeyMintDevice::begin().
      *
      * The resulting secure time value is then used to authenticate the HardwareAuthToken. For the
      * auth token to be valid, all of the following has to be true:
@@ -139,9 +139,6 @@
      *
      *   o The key must have a Tag::USER_AUTH_TYPE that matches the auth type in the token.
      *
-     *   o The challenge field in the auth token must contain the challenge value contained in the
-     *     BeginResult returned from IKeyMintDevice::begin().
-     *
      *   o The timestamp in the auth token plus the value of the Tag::AUTH_TIMEOUT must be greater
      *     than the provided secure timestamp.