Merge "Challenge is expected in timestamp token in case 2" am: 51471dcfce am: aa54976ba4 am: 86a83243ec am: 4d14f24928 am: ed2e4026ef am: 0ed39675ba
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2574790
Change-Id: I4fb82a9a6578a9a887aa4d9bc8dcf6ddcdb91a98
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl
index 82c8a0d..a4fab55 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl
@@ -126,8 +126,8 @@
*
* o The HMAC field must validate correctly.
*
- * o The challenge field in the auth token must contain the challenge value contained in the
- * BeginResult returned from IKeyMintDevice::begin().
+ * o The challenge field in the timestamp token must contain the challenge value contained in
+ * the BeginResult returned from IKeyMintDevice::begin().
*
* The resulting secure time value is then used to authenticate the HardwareAuthToken. For the
* auth token to be valid, all of the following has to be true:
@@ -139,9 +139,6 @@
*
* o The key must have a Tag::USER_AUTH_TYPE that matches the auth type in the token.
*
- * o The challenge field in the auth token must contain the challenge value contained in the
- * BeginResult returned from IKeyMintDevice::begin().
- *
* o The timestamp in the auth token plus the value of the Tag::AUTH_TIMEOUT must be greater
* than the provided secure timestamp.