Store main key for key derivations from 512-bit BIP39 recovery code
This main key will be used later to derive sub-keys for other crypto operations.
This commit is contained in:
parent
6a5eaea2fd
commit
c8a7e763d6
5 changed files with 149 additions and 17 deletions
|
@ -1,9 +1,19 @@
|
|||
package com.stevesoltys.seedvault.crypto
|
||||
|
||||
import org.koin.dsl.module
|
||||
import java.security.KeyStore
|
||||
|
||||
private const val ANDROID_KEY_STORE = "AndroidKeyStore"
|
||||
|
||||
val cryptoModule = module {
|
||||
factory<CipherFactory> { CipherFactoryImpl(get()) }
|
||||
single<KeyManager> { KeyManagerImpl() }
|
||||
single<KeyManager> {
|
||||
val keyStore by lazy {
|
||||
KeyStore.getInstance(ANDROID_KEY_STORE).apply {
|
||||
load(null)
|
||||
}
|
||||
}
|
||||
KeyManagerImpl(keyStore)
|
||||
}
|
||||
single<Crypto> { CryptoImpl(get(), get(), get()) }
|
||||
}
|
||||
|
|
|
@ -4,6 +4,8 @@ import android.security.keystore.KeyProperties.BLOCK_MODE_GCM
|
|||
import android.security.keystore.KeyProperties.ENCRYPTION_PADDING_NONE
|
||||
import android.security.keystore.KeyProperties.PURPOSE_DECRYPT
|
||||
import android.security.keystore.KeyProperties.PURPOSE_ENCRYPT
|
||||
import android.security.keystore.KeyProperties.PURPOSE_SIGN
|
||||
import android.security.keystore.KeyProperties.PURPOSE_VERIFY
|
||||
import android.security.keystore.KeyProtection
|
||||
import java.security.KeyStore
|
||||
import java.security.KeyStore.SecretKeyEntry
|
||||
|
@ -12,8 +14,10 @@ import javax.crypto.spec.SecretKeySpec
|
|||
|
||||
internal const val KEY_SIZE = 256
|
||||
internal const val KEY_SIZE_BYTES = KEY_SIZE / 8
|
||||
private const val KEY_ALIAS = "com.stevesoltys.seedvault"
|
||||
private const val ANDROID_KEY_STORE = "AndroidKeyStore"
|
||||
private const val KEY_ALIAS_BACKUP = "com.stevesoltys.seedvault"
|
||||
private const val KEY_ALIAS_MAIN = "com.stevesoltys.seedvault.main"
|
||||
private const val KEY_ALGORITHM_BACKUP = "AES"
|
||||
private const val KEY_ALGORITHM_MAIN = "HmacSHA256"
|
||||
|
||||
interface KeyManager {
|
||||
/**
|
||||
|
@ -23,11 +27,24 @@ interface KeyManager {
|
|||
*/
|
||||
fun storeBackupKey(seed: ByteArray)
|
||||
|
||||
/**
|
||||
* Store a new main key derived from the given [seed].
|
||||
*
|
||||
* The seed needs to be larger or equal to two times [KEY_SIZE_BYTES]
|
||||
* and is usually the same as for [storeBackupKey].
|
||||
*/
|
||||
fun storeMainKey(seed: ByteArray)
|
||||
|
||||
/**
|
||||
* @return true if a backup key already exists in the [KeyStore].
|
||||
*/
|
||||
fun hasBackupKey(): Boolean
|
||||
|
||||
/**
|
||||
* @return true if a main key already exists in the [KeyStore].
|
||||
*/
|
||||
fun hasMainKey(): Boolean
|
||||
|
||||
/**
|
||||
* Returns the backup key, so it can be used for encryption or decryption.
|
||||
*
|
||||
|
@ -35,32 +52,49 @@ interface KeyManager {
|
|||
* because the key can not leave the [KeyStore]'s hardware security module.
|
||||
*/
|
||||
fun getBackupKey(): SecretKey
|
||||
|
||||
/**
|
||||
* Returns the main key, so it can be used for deriving sub-keys.
|
||||
*
|
||||
* Note that any attempt to export the key will return null or an empty [ByteArray],
|
||||
* because the key can not leave the [KeyStore]'s hardware security module.
|
||||
*/
|
||||
fun getMainKey(): SecretKey
|
||||
}
|
||||
|
||||
internal class KeyManagerImpl : KeyManager {
|
||||
|
||||
private val keyStore by lazy {
|
||||
KeyStore.getInstance(ANDROID_KEY_STORE).apply {
|
||||
load(null)
|
||||
}
|
||||
}
|
||||
internal class KeyManagerImpl(
|
||||
private val keyStore: KeyStore
|
||||
) : KeyManager {
|
||||
|
||||
override fun storeBackupKey(seed: ByteArray) {
|
||||
if (seed.size < KEY_SIZE_BYTES) throw IllegalArgumentException()
|
||||
val secretKeySpec = SecretKeySpec(seed, 0, KEY_SIZE_BYTES, "AES")
|
||||
val ksEntry = SecretKeyEntry(secretKeySpec)
|
||||
keyStore.setEntry(KEY_ALIAS, ksEntry, getKeyProtection())
|
||||
val backupKeyEntry =
|
||||
SecretKeyEntry(SecretKeySpec(seed, 0, KEY_SIZE_BYTES, KEY_ALGORITHM_BACKUP))
|
||||
keyStore.setEntry(KEY_ALIAS_BACKUP, backupKeyEntry, getBackupKeyProtection())
|
||||
}
|
||||
|
||||
override fun hasBackupKey() = keyStore.containsAlias(KEY_ALIAS) &&
|
||||
keyStore.entryInstanceOf(KEY_ALIAS, SecretKeyEntry::class.java)
|
||||
override fun storeMainKey(seed: ByteArray) {
|
||||
if (seed.size < KEY_SIZE_BYTES * 2) throw IllegalArgumentException()
|
||||
val mainKeyEntry =
|
||||
SecretKeyEntry(SecretKeySpec(seed, KEY_SIZE_BYTES, KEY_SIZE_BYTES, KEY_ALGORITHM_MAIN))
|
||||
keyStore.setEntry(KEY_ALIAS_MAIN, mainKeyEntry, getMainKeyProtection())
|
||||
}
|
||||
|
||||
override fun hasBackupKey() = keyStore.containsAlias(KEY_ALIAS_BACKUP)
|
||||
|
||||
override fun hasMainKey() = keyStore.containsAlias(KEY_ALIAS_MAIN)
|
||||
|
||||
override fun getBackupKey(): SecretKey {
|
||||
val ksEntry = keyStore.getEntry(KEY_ALIAS, null) as SecretKeyEntry
|
||||
val ksEntry = keyStore.getEntry(KEY_ALIAS_BACKUP, null) as SecretKeyEntry
|
||||
return ksEntry.secretKey
|
||||
}
|
||||
|
||||
private fun getKeyProtection(): KeyProtection {
|
||||
override fun getMainKey(): SecretKey {
|
||||
val ksEntry = keyStore.getEntry(KEY_ALIAS_MAIN, null) as SecretKeyEntry
|
||||
return ksEntry.secretKey
|
||||
}
|
||||
|
||||
private fun getBackupKeyProtection(): KeyProtection {
|
||||
val builder = KeyProtection.Builder(PURPOSE_ENCRYPT or PURPOSE_DECRYPT)
|
||||
.setBlockModes(BLOCK_MODE_GCM)
|
||||
.setEncryptionPaddings(ENCRYPTION_PADDING_NONE)
|
||||
|
@ -70,4 +104,14 @@ internal class KeyManagerImpl : KeyManager {
|
|||
return builder.build()
|
||||
}
|
||||
|
||||
private fun getMainKeyProtection(): KeyProtection {
|
||||
// let's not lock down the main key too much, because we have no second chance
|
||||
// and don't want to repeat the issue with the locked down backup key
|
||||
val builder = KeyProtection.Builder(
|
||||
PURPOSE_ENCRYPT or PURPOSE_DECRYPT or
|
||||
PURPOSE_SIGN or PURPOSE_VERIFY
|
||||
)
|
||||
return builder.build()
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -70,6 +70,7 @@ class RecoveryCodeViewModel(
|
|||
val seed = SeedCalculator(JavaxPBKDF2WithHmacSHA512.INSTANCE).calculateSeed(mnemonic, "")
|
||||
if (forVerifyingNewCode) {
|
||||
keyManager.storeBackupKey(seed)
|
||||
keyManager.storeMainKey(seed)
|
||||
mRecoveryCodeSaved.setEvent(true)
|
||||
} else {
|
||||
mExistingCodeChecked.setEvent(crypto.verifyBackupKey(seed))
|
||||
|
|
|
@ -15,12 +15,24 @@ class KeyManagerTestImpl : KeyManager {
|
|||
throw NotImplementedError("not implemented")
|
||||
}
|
||||
|
||||
override fun storeMainKey(seed: ByteArray) {
|
||||
throw NotImplementedError("not implemented")
|
||||
}
|
||||
|
||||
override fun hasBackupKey(): Boolean {
|
||||
return true
|
||||
}
|
||||
|
||||
override fun hasMainKey(): Boolean {
|
||||
throw NotImplementedError("not implemented")
|
||||
}
|
||||
|
||||
override fun getBackupKey(): SecretKey {
|
||||
return key
|
||||
}
|
||||
|
||||
override fun getMainKey(): SecretKey {
|
||||
throw NotImplementedError("not implemented")
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -0,0 +1,65 @@
|
|||
package com.stevesoltys.seedvault.crypto
|
||||
|
||||
import com.stevesoltys.seedvault.getRandomByteArray
|
||||
import io.mockk.Runs
|
||||
import io.mockk.every
|
||||
import io.mockk.just
|
||||
import io.mockk.mockk
|
||||
import io.mockk.slot
|
||||
import junit.framework.Assert.assertTrue
|
||||
import org.junit.Assert.assertArrayEquals
|
||||
import org.junit.jupiter.api.Test
|
||||
import org.junit.jupiter.api.TestInstance
|
||||
import org.junit.jupiter.api.TestInstance.Lifecycle.PER_METHOD
|
||||
import org.junit.jupiter.api.assertThrows
|
||||
import java.security.KeyStore
|
||||
|
||||
@TestInstance(PER_METHOD)
|
||||
class KeyManagerImplTest {
|
||||
|
||||
private val keyStore: KeyStore = mockk()
|
||||
private val keyManager = KeyManagerImpl(keyStore)
|
||||
|
||||
@Test
|
||||
fun `31 byte seed gets rejected for backup key`() {
|
||||
val seed = getRandomByteArray(31)
|
||||
assertThrows<IllegalArgumentException> {
|
||||
keyManager.storeBackupKey(seed)
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
fun `63 byte seed gets rejected for main key`() {
|
||||
val seed = getRandomByteArray(63)
|
||||
assertThrows<IllegalArgumentException> {
|
||||
keyManager.storeMainKey(seed)
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
fun `32 byte seed gets accepted for backup key`() {
|
||||
val seed = getRandomByteArray(32)
|
||||
val keyEntry = slot<KeyStore.SecretKeyEntry>()
|
||||
|
||||
every { keyStore.setEntry(any(), capture(keyEntry), any()) } just Runs
|
||||
|
||||
keyManager.storeBackupKey(seed)
|
||||
|
||||
assertTrue(keyEntry.isCaptured)
|
||||
assertArrayEquals(seed.sliceArray(0 until 32), keyEntry.captured.secretKey.encoded)
|
||||
}
|
||||
|
||||
@Test
|
||||
fun `64 byte seed gets accepted for main key`() {
|
||||
val seed = getRandomByteArray(64)
|
||||
val keyEntry = slot<KeyStore.SecretKeyEntry>()
|
||||
|
||||
every { keyStore.setEntry(any(), capture(keyEntry), any()) } just Runs
|
||||
|
||||
keyManager.storeMainKey(seed)
|
||||
|
||||
assertTrue(keyEntry.isCaptured)
|
||||
assertArrayEquals(seed.sliceArray(32 until 64), keyEntry.captured.secretKey.encoded)
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in a new issue