1 /* 2 * Copyright (C) 2020 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.locksettings; 18 19 import android.annotation.IntDef; 20 21 import java.io.IOException; 22 import java.lang.annotation.Retention; 23 import java.lang.annotation.RetentionPolicy; 24 25 import javax.crypto.SecretKey; 26 27 /** 28 * Provides APIs for {@link RebootEscrowManager} to access and manage the reboot escrow key. 29 * Implementations need to find a way to persist the key across a reboot, and securely discards the 30 * persisted copy. 31 * 32 * @hide 33 */ 34 public interface RebootEscrowProviderInterface { 35 @IntDef(prefix = {"TYPE_"}, value = { 36 TYPE_HAL, 37 TYPE_SERVER_BASED, 38 }) 39 @Retention(RetentionPolicy.SOURCE) 40 @interface RebootEscrowProviderType { 41 } 42 int TYPE_HAL = 0; 43 int TYPE_SERVER_BASED = 1; 44 45 /** 46 * Returns the reboot escrow provider type. 47 */ getType()48 @RebootEscrowProviderType int getType(); 49 50 /** 51 * Returns true if the secure store/discard of reboot escrow key is supported. 52 */ hasRebootEscrowSupport()53 boolean hasRebootEscrowSupport(); 54 55 /** 56 * Returns the stored RebootEscrowKey, and clears the storage. If the stored key is encrypted, 57 * use the input key to decrypt the RebootEscrowKey. Returns null on failure. Throws an 58 * IOException if the failure is non-fatal, and a retry may succeed. 59 */ getAndClearRebootEscrowKey(SecretKey decryptionKey)60 RebootEscrowKey getAndClearRebootEscrowKey(SecretKey decryptionKey) throws IOException; 61 62 /** 63 * Clears the stored RebootEscrowKey. 64 */ clearRebootEscrowKey()65 void clearRebootEscrowKey(); 66 67 /** 68 * Saves the given RebootEscrowKey, optionally encrypt the storage with the encryptionKey. 69 */ storeRebootEscrowKey(RebootEscrowKey escrowKey, SecretKey encryptionKey)70 boolean storeRebootEscrowKey(RebootEscrowKey escrowKey, SecretKey encryptionKey); 71 } 72