Merge "AuthSecret HAL"

// This file is autogenerated by hidl-gen -Landroidbp.

hidl_interface {

    name: "android.hardware.authsecret@1.0",

    root: "android.hardware",

    vndk: {

        enabled: true,

    },

    srcs: [

        "IAuthSecret.hal",

    ],

    interfaces: [

        "android.hidl.base@1.0",

    ],

    gen_java: true,

}

/*

 * Copyright (C) 2018 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.hardware.authsecret@1.0;

/**

 * This security HAL allows vendor components to be cryptographically tied to

 * the primary user's credential. For example, security hardware could require

 * proof that the credential is known before applying updates.

 *

 * This HAL is optional so does not require an implementation on device.

 */

interface IAuthSecret {

    /**

     * When the primary user correctly enters their credential, this method is

     * passed a secret derived from that credential to prove that their

     * credential is known.

     *

     * The first time this is called, the secret must be used to provision state

     * that depends on the primary user's credential. The same secret is passed

     * on each call until a factory reset after which there must be a new

     * secret.

     *

     * The secret must be at lesat 16 bytes.

     *

     * @param secret blob derived from the primary user's credential.

     */

    primaryUserCredential(vec<uint8_t> secret);

    /**

     * Called from recovery during factory reset. The secret is now lost and can

     * no longer be derived. Any data linked to the secret must be destroyed and

     * any dependence on the secret must be removed.

     */

    factoryReset();

};

cc_binary {

    name: "android.hardware.authsecret@1.0-service",

    init_rc: ["android.hardware.authsecret@1.0-service.rc"],

    relative_install_path: "hw",

    vendor: true,

    srcs: [

        "service.cpp",

        "AuthSecret.cpp",

    ],

    cflags: [

        "-Wall",

        "-Werror",

    ],

    shared_libs: [

        "libhidlbase",

        "libhidltransport",

        "liblog",

        "libutils",

        "android.hardware.authsecret@1.0",

    ],

}

#include "AuthSecret.h"

namespace android {

namespace hardware {

namespace authsecret {

namespace V1_0 {

namespace implementation {

// Methods from ::android::hardware::authsecret::V1_0::IAuthSecret follow.

Return<void> AuthSecret::primaryUserCredential(const hidl_vec<uint8_t>& secret) {

    (void)secret;

    // To create a dependency on the credential, it is recommended to derive a

    // different value from the provided secret for each purpose e.g.

    //

    //     purpose1_secret = hash( "purpose1" || secret )

    //     purpose2_secret = hash( "purpose2" || secret )

    //

    // The derived values can then be used as cryptographic keys or stored

    // securely for comparison in a future call.

    //

    // For example, a security module might require that the credential has been

    // entered before it applies any updates. This can be achieved by storing a

    // derived value in the module and only applying updates when the same

    // derived value is presented again.

    //

    // This implementation does nothing.

    return Void();

}

Return<void> AuthSecret::factoryReset() {

    // Clear all dependency on the secret.

    //

    // With the example of updating a security module, the stored value must be

    // cleared so that the new primary user enrolled as the approver of updates.

    //

    // This implementation does nothing as there is no dependence on the secret.

    return Void();

}

}  // namespace implementation

}  // namespace V1_0

}  // namespace authsecret

}  // namespace hardware

}  // namespace android

#ifndef ANDROID_HARDWARE_AUTHSECRET_V1_0_AUTHSECRET_H

#define ANDROID_HARDWARE_AUTHSECRET_V1_0_AUTHSECRET_H

#include <android/hardware/authsecret/1.0/IAuthSecret.h>

#include <hidl/MQDescriptor.h>

#include <hidl/Status.h>

namespace android {

namespace hardware {

namespace authsecret {

namespace V1_0 {

namespace implementation {

using ::android::hardware::hidl_array;

using ::android::hardware::hidl_memory;

using ::android::hardware::hidl_string;

using ::android::hardware::hidl_vec;

using ::android::hardware::Return;

using ::android::hardware::Void;

using ::android::sp;

struct AuthSecret : public IAuthSecret {

    // Methods from ::android::hardware::authsecret::V1_0::IAuthSecret follow.

    Return<void> primaryUserCredential(const hidl_vec<uint8_t>& secret) override;

    Return<void> factoryReset() override;

    // Methods from ::android::hidl::base::V1_0::IBase follow.

};

}  // namespace implementation

}  // namespace V1_0

}  // namespace authsecret

}  // namespace hardware

}  // namespace android

#endif  // ANDROID_HARDWARE_AUTHSECRET_V1_0_AUTHSECRET_H