Package: android.hardware.weaver@1.0

IWeaver

interface IWeaver

Weaver provides secure storage of secret values that may only be read if the corresponding key has been presented.

The storage must be secure as the device's user authentication and encryption relies on the security of these values.The cardinality of the domains of the key and value must be suitably large such that they cannot be easily guessed.

Weaver is structured as an array of slots, each containing a key-value pair.Slots are uniquely identified by an ID in the range[0, `getConfig().slots`).

Methods

getConfig

getConfig ()
generates (WeaverStatus status, WeaverConfig config)

Retrieves the config information for this implementation of Weaver.

The config is static i.e.every invocation returns the same information.

Details
Generates
status
is OK if the config was successfully obtained.
config
data for this implementation of Weaver if status is OK, otherwise undefined.

write

write (uint32_t slotId, vec<uint8_t> key, vec<uint8_t> value)
generates (WeaverStatus status)

Overwrites the identified slot with the provided key and value.

The new values are written regardless of the current state of the slot in order to remain idempotent.

Details
Parameters
slotId
of the slot to write to.
key
to write to the slot.
value
to write to slot.
Generates
status
is OK if the write was successfully completed.

read

read (uint32_t slotId, vec<uint8_t> key)
generates (WeaverReadStatus status, WeaverReadResponse readResponse)

Attempts to retrieve the value stored in the identified slot.

The value is only returned if the provided key matches the key stored in the slot.The value is never returned if the wrong key is provided.

Throttling must be used to limit the frequency of failed read attempts.The value is only returned when throttling is not active, even if the correct key is provided.If called when throttling is active, the time until the next attempt can be made is returned.

Details
Parameters
slotId
of the slot to read from.
key
that is stored in the slot.
Generates
status
is OK if the value was successfully read, INCORRECT_KEY if the key does not match the key in the slot, THROTTLE if throttling is active or FAILED if the read was unsuccessful for another reason.
readResponse
contains the value read and the timeout to wait before making the next request.If the status is OK, value is set to the value in the slot and timeout is 0.Otherwise, value is empty and timeout is set accordingly.