xref: /aosp_15_r20/hardware/interfaces/authsecret/1.0/default/AuthSecret.cpp (revision 4d7e907c777eeecc4c5bd7cf640a754fac206ff7)
1*4d7e907cSAndroid Build Coastguard Worker #include "AuthSecret.h"
2*4d7e907cSAndroid Build Coastguard Worker 
3*4d7e907cSAndroid Build Coastguard Worker namespace android {
4*4d7e907cSAndroid Build Coastguard Worker namespace hardware {
5*4d7e907cSAndroid Build Coastguard Worker namespace authsecret {
6*4d7e907cSAndroid Build Coastguard Worker namespace V1_0 {
7*4d7e907cSAndroid Build Coastguard Worker namespace implementation {
8*4d7e907cSAndroid Build Coastguard Worker 
9*4d7e907cSAndroid Build Coastguard Worker // Methods from ::android::hardware::authsecret::V1_0::IAuthSecret follow.
primaryUserCredential(const hidl_vec<uint8_t> & secret)10*4d7e907cSAndroid Build Coastguard Worker Return<void> AuthSecret::primaryUserCredential(const hidl_vec<uint8_t>& secret) {
11*4d7e907cSAndroid Build Coastguard Worker     (void)secret;
12*4d7e907cSAndroid Build Coastguard Worker 
13*4d7e907cSAndroid Build Coastguard Worker     // To create a dependency on the credential, it is recommended to derive a
14*4d7e907cSAndroid Build Coastguard Worker     // different value from the provided secret for each purpose e.g.
15*4d7e907cSAndroid Build Coastguard Worker     //
16*4d7e907cSAndroid Build Coastguard Worker     //     purpose1_secret = hash( "purpose1" || secret )
17*4d7e907cSAndroid Build Coastguard Worker     //     purpose2_secret = hash( "purpose2" || secret )
18*4d7e907cSAndroid Build Coastguard Worker     //
19*4d7e907cSAndroid Build Coastguard Worker     // The derived values can then be used as cryptographic keys or stored
20*4d7e907cSAndroid Build Coastguard Worker     // securely for comparison in a future call.
21*4d7e907cSAndroid Build Coastguard Worker     //
22*4d7e907cSAndroid Build Coastguard Worker     // For example, a security module might require that the credential has been
23*4d7e907cSAndroid Build Coastguard Worker     // entered before it applies any updates. This can be achieved by storing a
24*4d7e907cSAndroid Build Coastguard Worker     // derived value in the module and only applying updates when the same
25*4d7e907cSAndroid Build Coastguard Worker     // derived value is presented again.
26*4d7e907cSAndroid Build Coastguard Worker     //
27*4d7e907cSAndroid Build Coastguard Worker     // This implementation does nothing.
28*4d7e907cSAndroid Build Coastguard Worker 
29*4d7e907cSAndroid Build Coastguard Worker     return Void();
30*4d7e907cSAndroid Build Coastguard Worker }
31*4d7e907cSAndroid Build Coastguard Worker 
32*4d7e907cSAndroid Build Coastguard Worker // Note: on factory reset, clear all dependency on the secret.
33*4d7e907cSAndroid Build Coastguard Worker //
34*4d7e907cSAndroid Build Coastguard Worker // With the example of updating a security module, the stored value must be
35*4d7e907cSAndroid Build Coastguard Worker // cleared so that the new primary user enrolled as the approver of updates.
36*4d7e907cSAndroid Build Coastguard Worker //
37*4d7e907cSAndroid Build Coastguard Worker // This implementation does nothing as there is no dependence on the secret.
38*4d7e907cSAndroid Build Coastguard Worker 
39*4d7e907cSAndroid Build Coastguard Worker }  // namespace implementation
40*4d7e907cSAndroid Build Coastguard Worker }  // namespace V1_0
41*4d7e907cSAndroid Build Coastguard Worker }  // namespace authsecret
42*4d7e907cSAndroid Build Coastguard Worker }  // namespace hardware
43*4d7e907cSAndroid Build Coastguard Worker }  // namespace android
44