1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
/*
* Copyright (C) 2017 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.hardware.weaver@1.0;
/**
* Weaver provides secure storage of secret values that may only be read if the
* corresponding key has been presented.
*
* The storage must be secure as the device's user authentication and encryption
* relies on the security of these values. The cardinality of the domains of the
* key and value must be suitably large such that they cannot be easily guessed.
*
* Weaver is structured as an array of slots, each containing a key-value pair.
* Slots are uniquely identified by an ID in the range [0, `getConfig().slots`).
*/
interface IWeaver {
/**
* Retrieves the config information for this implementation of Weaver.
*
* The config is static i.e. every invocation returns the same information.
*
* @return status is OK if the config was successfuly obtained.
* @return config data for this implementation of Weaver if status is OK,
* otherwise undefined.
*/
getConfig() generates (WeaverStatus status, WeaverConfig config);
/**
* Overwrites the identified slot with the provided key and value.
*
* The new values are written regardless of the current state of the slot in
* order to remain idempotent.
*
* @param slotId of the slot to write to.
* @param key to write to the slot.
* @param value to write to slot.
* @return status is OK if the write was successfully completed.
*/
write(uint32_t slotId, vec<uint8_t> key, vec<uint8_t> value)
generates (WeaverStatus status);
/**
* Attempts to retrieve the value stored in the identified slot.
*
* The value is only returned if the provided key matches the key stored in
* the slot. The value is never returned if the wrong key is provided.
*
* Throttling must be used to limit the frequency of failed read attempts.
* The value is only returned when throttling is not active, even if the
* correct key is provided. If called when throttling is active, the time
* until the next attempt can be made is returned.
*
* @param slotId of the slot to read from.
* @param key that is stored in the slot.
* @return status is OK if the value was successfully read, INCORRECT_KEY if
* the key does not match the key in the slot, THROTTLE if
* throttling is active or FAILED if the read was unsuccessful for
* another reason.
* @return readResponse contains the value read and the timeout to wait
* before making the next request. If the status is OK, value is set
* to the value in the slot and timeout is 0. Otherwise, value is
* empty and timeout is set accordingly.
*/
read(uint32_t slotId, vec<uint8_t> key)
generates (WeaverReadStatus status,
WeaverReadResponse readResponse);
};
|
