authsecret/1.0/IAuthSecret.hal

/*
 * Copyright (C) 2018 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package android.hardware.authsecret@1.0;

/**
 * This security HAL allows vendor components to be cryptographically tied to
 * the primary user's credential. For example, security hardware could require
 * proof that the credential is known before applying updates.
 *
 * This HAL is optional so does not require an implementation on device.
 */
interface IAuthSecret {
    /**
     * When the primary user correctly enters their credential, this method is
     * passed a secret derived from that credential to prove that their
     * credential is known.
     *
     * The first time this is called, the secret must be used to provision state
     * that depends on the primary user's credential. The same secret is passed
     * on each call until a factory reset after which there must be a new
     * secret.
     *
     * The secret must be at lesat 16 bytes.
     *
     * @param secret blob derived from the primary user's credential.
     */
    primaryUserCredential(vec<uint8_t> secret);

    /**
     * Called from recovery during factory reset. The secret is now lost and can
     * no longer be derived. Any data linked to the secret must be destroyed and
     * any dependence on the secret must be removed.
     */
    factoryReset();
};