1 #include "AuthSecret.h"
2
3 namespace android {
4 namespace hardware {
5 namespace authsecret {
6 namespace V1_0 {
7 namespace implementation {
8
9 // Methods from ::android::hardware::authsecret::V1_0::IAuthSecret follow.
primaryUserCredential(const hidl_vec<uint8_t> & secret)10 Return<void> AuthSecret::primaryUserCredential(const hidl_vec<uint8_t>& secret) {
11 (void)secret;
12
13 // To create a dependency on the credential, it is recommended to derive a
14 // different value from the provided secret for each purpose e.g.
15 //
16 // purpose1_secret = hash( "purpose1" || secret )
17 // purpose2_secret = hash( "purpose2" || secret )
18 //
19 // The derived values can then be used as cryptographic keys or stored
20 // securely for comparison in a future call.
21 //
22 // For example, a security module might require that the credential has been
23 // entered before it applies any updates. This can be achieved by storing a
24 // derived value in the module and only applying updates when the same
25 // derived value is presented again.
26 //
27 // This implementation does nothing.
28
29 return Void();
30 }
31
32 // Note: on factory reset, clear all dependency on the secret.
33 //
34 // With the example of updating a security module, the stored value must be
35 // cleared so that the new primary user enrolled as the approver of updates.
36 //
37 // This implementation does nothing as there is no dependence on the secret.
38
39 } // namespace implementation
40 } // namespace V1_0
41 } // namespace authsecret
42 } // namespace hardware
43 } // namespace android
44