| // Copyright 2021 The Fuchsia Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| library fuchsia.identity.credential; |
| |
| using zx; |
| |
| /// A unique label for a given credential. |
| alias Label = uint64; |
| /// A low entropy secret key a PIN. |
| alias LeSecret = bytes:1024; |
| /// A high entropy secret. |
| alias HeSecret = bytes:1024; |
| |
| /// Defines a single entry in the table of failed authentication attempt number |
| /// to authentication delay for a given credential. |
| type DelayScheduleEntry = struct { |
| /// The number of successive failed attempts at which this entry begins |
| /// to apply. |
| attempt_count uint32; |
| /// The delay before another authentication attempt is allowed. May either |
| /// be a duration between 1 second and 49710 days to enforce a delay or |
| /// duration::INFINITE to prevent further authentication attempts. |
| time_delay zx.duration; |
| }; |
| |
| /// Specific error codes that can be returned by the credential manager. |
| type CredentialError = flexible enum : uint32 { |
| // Check failed due to incorrect Low Entropy(LE) secret. |
| INVALID_SECRET = 1; |
| // Check failed due to too many attempts as per delay schedule. |
| TOO_MANY_ATTEMPTS = 2; |
| // The metadata retrieved was corrupted. |
| CORRUPTED_METADATA = 3; |
| // Label provided isn't present. |
| INVALID_LABEL = 4; |
| // No free labels available. |
| NO_FREE_LABEL = 5; |
| // The requested operation is not supported. This means that the |
| // the implementation of a new feature is not complete. The request should |
| // not be retried. |
| UNSUPPORTED_OPERATION = 6; |
| // An invalid delay schedule was provided. |
| INVALID_DELAY_SCHEDULE = 7; |
| // An internal error occured that can't be fixed by the caller. For |
| // instance failure to communicate with the cr50. |
| INTERNAL_ERROR = 8; |
| }; |
