• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.server.locksettings;
18 
19 import java.io.IOException;
20 import java.security.NoSuchAlgorithmException;
21 import java.security.SecureRandom;
22 
23 import javax.crypto.KeyGenerator;
24 import javax.crypto.SecretKey;
25 import javax.crypto.spec.SecretKeySpec;
26 
27 /**
28  * Key used to encrypt and decrypt the {@link RebootEscrowData}.
29  */
30 class RebootEscrowKey {
31 
32     /** The secret key will be of this format. */
33     private static final String KEY_ALGO = "AES";
34 
35     /** The key size used for encrypting the reboot escrow data. */
36     private static final int KEY_SIZE_BITS = 256;
37 
38     private final SecretKey mKey;
39 
RebootEscrowKey(SecretKey key)40     private RebootEscrowKey(SecretKey key) {
41         mKey = key;
42     }
43 
fromKeyBytes(byte[] keyBytes)44     static RebootEscrowKey fromKeyBytes(byte[] keyBytes) {
45         return new RebootEscrowKey(new SecretKeySpec(keyBytes, KEY_ALGO));
46     }
47 
generate()48     static RebootEscrowKey generate() throws IOException {
49         final SecretKey secretKey;
50         try {
51             KeyGenerator keyGenerator = KeyGenerator.getInstance(KEY_ALGO);
52             keyGenerator.init(KEY_SIZE_BITS, new SecureRandom());
53             secretKey = keyGenerator.generateKey();
54         } catch (NoSuchAlgorithmException e) {
55             throw new IOException("Could not generate new secret key", e);
56         }
57         return new RebootEscrowKey(secretKey);
58     }
59 
getKey()60     SecretKey getKey() {
61         return mKey;
62     }
63 
getKeyBytes()64     byte[] getKeyBytes() {
65         return mKey.getEncoded();
66     }
67 }
68