Merge "Return appropriate error when an invalid timestamptoken is provided." into main am: 5e4710662a am: 7658f2143b
Original change: https://android-review.googlesource.com/c/platform/external/libese/+/2663757
Change-Id: I3e618a323736af3a3c7d9b268a92ff83ea05acd9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/ready_se/google/keymint/KM200/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/ready_se/google/keymint/KM200/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index a509edc..715a119 100644
--- a/ready_se/google/keymint/KM200/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/ready_se/google/keymint/KM200/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -2982,12 +2982,12 @@
// validate operation handle.
short ptr = KMVerificationToken.cast(data[VERIFICATION_TOKEN]).getChallenge();
if (KMInteger.compare(ptr, op.getHandle()) != 0) {
- KMException.throwIt(KMError.VERIFICATION_FAILED);
+ KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED);
}
tmpVariables[0] = op.getAuthTime();
tmpVariables[2] = KMVerificationToken.cast(data[VERIFICATION_TOKEN]).getTimestamp();
if (tmpVariables[2] == KMType.INVALID_VALUE) {
- KMException.throwIt(KMError.VERIFICATION_FAILED);
+ KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED);
}
if (KMInteger.compare(tmpVariables[0], tmpVariables[2]) < 0) {
KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED);
@@ -3132,11 +3132,11 @@
short ptr = KMVerificationToken.cast(verToken).getMac();
// If mac length is zero then token is empty.
if (KMByteBlob.cast(ptr).length() == 0) {
- KMException.throwIt(KMError.INVALID_MAC_LENGTH);
+ KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED);
}
if (!verifyVerificationTokenMacInBigEndian(verToken, scratchPad)) {
// Throw Exception if none of the combination works.
- KMException.throwIt(KMError.VERIFICATION_FAILED);
+ KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED);
}
}