1 files changed, 14 insertions, 5 deletions

diff --git a/android_keymaster/keymaster_enforcement.cpp b/android_keymaster/keymaster_enforcement.cpp
index e8bc2b2..bc42511 100644
--- a/android_keymaster/keymaster_enforcement.cpp
+++ b/android_keymaster/keymaster_enforcement.cpp
@@ -147,22 +147,30 @@ KeymasterEnforcement::AuthorizeUpdateOrFinish(const AuthProxy& auth_set,
                                               const AuthorizationSet& operation_params,
                                               keymaster_operation_handle_t op_handle) {
     int auth_type_index = -1;
+    int trusted_confirmation_index = -1;
     for (size_t pos = 0; pos < auth_set.size(); ++pos) {
         switch (auth_set[pos].tag) {
-        case KM_TAG_NO_AUTH_REQUIRED:
-        case KM_TAG_AUTH_TIMEOUT:
-            // If no auth is required or if auth is timeout-based, we have nothing to check.
-            return KM_ERROR_OK;
-
         case KM_TAG_USER_AUTH_TYPE:
             auth_type_index = pos;
             break;
 
+        case KM_TAG_TRUSTED_CONFIRMATION_REQUIRED:
+            trusted_confirmation_index = pos;
+            break;
+        case KM_TAG_NO_AUTH_REQUIRED:
+        case KM_TAG_AUTH_TIMEOUT:
+        // If no auth is required or if auth is timeout-based, we have nothing to check.
         default:
             break;
         }
     }
 
+    // TODO verify trusted confirmation mac once we have a shared secret established
+    // For now, since we do not have such a service, any token offered here must be invalid.
+    if (trusted_confirmation_index != -1) {
+        return KM_ERROR_NO_USER_CONFIRMATION;
+    }
+
     // Note that at this point we should be able to assume that authentication is required, because
     // authentication is required if KM_TAG_NO_AUTH_REQUIRED is absent.  However, there are legacy
     // keys which have no authentication-related tags, so we assume that absence is equivalent to
@@ -345,6 +353,7 @@ keymaster_error_t KeymasterEnforcement::AuthorizeBegin(const keymaster_purpose_t
         case KM_TAG_UNIQUE_ID:
         case KM_TAG_RESET_SINCE_ID_ROTATION:
         case KM_TAG_ALLOW_WHILE_ON_BODY:
+        case KM_TAG_TRUSTED_CONFIRMATION_REQUIRED:
             break;
 
         /* TODO(bcyoung): This is currently handled in keystore, but may move to keymaster in the