Store main key for key derivations from 512-bit BIP39 recovery code

This main key will be used later to derive sub-keys for other crypto operations.
This commit is contained in:
Torsten Grote 2021-02-15 10:35:16 -03:00 committed by Chirayu Desai
parent 6a5eaea2fd
commit c8a7e763d6
5 changed files with 149 additions and 17 deletions

View file

@ -1,9 +1,19 @@
package com.stevesoltys.seedvault.crypto
import org.koin.dsl.module
import java.security.KeyStore
private const val ANDROID_KEY_STORE = "AndroidKeyStore"
val cryptoModule = module {
factory<CipherFactory> { CipherFactoryImpl(get()) }
single<KeyManager> { KeyManagerImpl() }
single<KeyManager> {
val keyStore by lazy {
KeyStore.getInstance(ANDROID_KEY_STORE).apply {
load(null)
}
}
KeyManagerImpl(keyStore)
}
single<Crypto> { CryptoImpl(get(), get(), get()) }
}

View file

@ -4,6 +4,8 @@ import android.security.keystore.KeyProperties.BLOCK_MODE_GCM
import android.security.keystore.KeyProperties.ENCRYPTION_PADDING_NONE
import android.security.keystore.KeyProperties.PURPOSE_DECRYPT
import android.security.keystore.KeyProperties.PURPOSE_ENCRYPT
import android.security.keystore.KeyProperties.PURPOSE_SIGN
import android.security.keystore.KeyProperties.PURPOSE_VERIFY
import android.security.keystore.KeyProtection
import java.security.KeyStore
import java.security.KeyStore.SecretKeyEntry
@ -12,8 +14,10 @@ import javax.crypto.spec.SecretKeySpec
internal const val KEY_SIZE = 256
internal const val KEY_SIZE_BYTES = KEY_SIZE / 8
private const val KEY_ALIAS = "com.stevesoltys.seedvault"
private const val ANDROID_KEY_STORE = "AndroidKeyStore"
private const val KEY_ALIAS_BACKUP = "com.stevesoltys.seedvault"
private const val KEY_ALIAS_MAIN = "com.stevesoltys.seedvault.main"
private const val KEY_ALGORITHM_BACKUP = "AES"
private const val KEY_ALGORITHM_MAIN = "HmacSHA256"
interface KeyManager {
/**
@ -23,11 +27,24 @@ interface KeyManager {
*/
fun storeBackupKey(seed: ByteArray)
/**
* Store a new main key derived from the given [seed].
*
* The seed needs to be larger or equal to two times [KEY_SIZE_BYTES]
* and is usually the same as for [storeBackupKey].
*/
fun storeMainKey(seed: ByteArray)
/**
* @return true if a backup key already exists in the [KeyStore].
*/
fun hasBackupKey(): Boolean
/**
* @return true if a main key already exists in the [KeyStore].
*/
fun hasMainKey(): Boolean
/**
* Returns the backup key, so it can be used for encryption or decryption.
*
@ -35,32 +52,49 @@ interface KeyManager {
* because the key can not leave the [KeyStore]'s hardware security module.
*/
fun getBackupKey(): SecretKey
/**
* Returns the main key, so it can be used for deriving sub-keys.
*
* Note that any attempt to export the key will return null or an empty [ByteArray],
* because the key can not leave the [KeyStore]'s hardware security module.
*/
fun getMainKey(): SecretKey
}
internal class KeyManagerImpl : KeyManager {
private val keyStore by lazy {
KeyStore.getInstance(ANDROID_KEY_STORE).apply {
load(null)
}
}
internal class KeyManagerImpl(
private val keyStore: KeyStore
) : KeyManager {
override fun storeBackupKey(seed: ByteArray) {
if (seed.size < KEY_SIZE_BYTES) throw IllegalArgumentException()
val secretKeySpec = SecretKeySpec(seed, 0, KEY_SIZE_BYTES, "AES")
val ksEntry = SecretKeyEntry(secretKeySpec)
keyStore.setEntry(KEY_ALIAS, ksEntry, getKeyProtection())
val backupKeyEntry =
SecretKeyEntry(SecretKeySpec(seed, 0, KEY_SIZE_BYTES, KEY_ALGORITHM_BACKUP))
keyStore.setEntry(KEY_ALIAS_BACKUP, backupKeyEntry, getBackupKeyProtection())
}
override fun hasBackupKey() = keyStore.containsAlias(KEY_ALIAS) &&
keyStore.entryInstanceOf(KEY_ALIAS, SecretKeyEntry::class.java)
override fun storeMainKey(seed: ByteArray) {
if (seed.size < KEY_SIZE_BYTES * 2) throw IllegalArgumentException()
val mainKeyEntry =
SecretKeyEntry(SecretKeySpec(seed, KEY_SIZE_BYTES, KEY_SIZE_BYTES, KEY_ALGORITHM_MAIN))
keyStore.setEntry(KEY_ALIAS_MAIN, mainKeyEntry, getMainKeyProtection())
}
override fun hasBackupKey() = keyStore.containsAlias(KEY_ALIAS_BACKUP)
override fun hasMainKey() = keyStore.containsAlias(KEY_ALIAS_MAIN)
override fun getBackupKey(): SecretKey {
val ksEntry = keyStore.getEntry(KEY_ALIAS, null) as SecretKeyEntry
val ksEntry = keyStore.getEntry(KEY_ALIAS_BACKUP, null) as SecretKeyEntry
return ksEntry.secretKey
}
private fun getKeyProtection(): KeyProtection {
override fun getMainKey(): SecretKey {
val ksEntry = keyStore.getEntry(KEY_ALIAS_MAIN, null) as SecretKeyEntry
return ksEntry.secretKey
}
private fun getBackupKeyProtection(): KeyProtection {
val builder = KeyProtection.Builder(PURPOSE_ENCRYPT or PURPOSE_DECRYPT)
.setBlockModes(BLOCK_MODE_GCM)
.setEncryptionPaddings(ENCRYPTION_PADDING_NONE)
@ -70,4 +104,14 @@ internal class KeyManagerImpl : KeyManager {
return builder.build()
}
private fun getMainKeyProtection(): KeyProtection {
// let's not lock down the main key too much, because we have no second chance
// and don't want to repeat the issue with the locked down backup key
val builder = KeyProtection.Builder(
PURPOSE_ENCRYPT or PURPOSE_DECRYPT or
PURPOSE_SIGN or PURPOSE_VERIFY
)
return builder.build()
}
}

View file

@ -70,6 +70,7 @@ class RecoveryCodeViewModel(
val seed = SeedCalculator(JavaxPBKDF2WithHmacSHA512.INSTANCE).calculateSeed(mnemonic, "")
if (forVerifyingNewCode) {
keyManager.storeBackupKey(seed)
keyManager.storeMainKey(seed)
mRecoveryCodeSaved.setEvent(true)
} else {
mExistingCodeChecked.setEvent(crypto.verifyBackupKey(seed))

View file

@ -15,12 +15,24 @@ class KeyManagerTestImpl : KeyManager {
throw NotImplementedError("not implemented")
}
override fun storeMainKey(seed: ByteArray) {
throw NotImplementedError("not implemented")
}
override fun hasBackupKey(): Boolean {
return true
}
override fun hasMainKey(): Boolean {
throw NotImplementedError("not implemented")
}
override fun getBackupKey(): SecretKey {
return key
}
override fun getMainKey(): SecretKey {
throw NotImplementedError("not implemented")
}
}

View file

@ -0,0 +1,65 @@
package com.stevesoltys.seedvault.crypto
import com.stevesoltys.seedvault.getRandomByteArray
import io.mockk.Runs
import io.mockk.every
import io.mockk.just
import io.mockk.mockk
import io.mockk.slot
import junit.framework.Assert.assertTrue
import org.junit.Assert.assertArrayEquals
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.TestInstance
import org.junit.jupiter.api.TestInstance.Lifecycle.PER_METHOD
import org.junit.jupiter.api.assertThrows
import java.security.KeyStore
@TestInstance(PER_METHOD)
class KeyManagerImplTest {
private val keyStore: KeyStore = mockk()
private val keyManager = KeyManagerImpl(keyStore)
@Test
fun `31 byte seed gets rejected for backup key`() {
val seed = getRandomByteArray(31)
assertThrows<IllegalArgumentException> {
keyManager.storeBackupKey(seed)
}
}
@Test
fun `63 byte seed gets rejected for main key`() {
val seed = getRandomByteArray(63)
assertThrows<IllegalArgumentException> {
keyManager.storeMainKey(seed)
}
}
@Test
fun `32 byte seed gets accepted for backup key`() {
val seed = getRandomByteArray(32)
val keyEntry = slot<KeyStore.SecretKeyEntry>()
every { keyStore.setEntry(any(), capture(keyEntry), any()) } just Runs
keyManager.storeBackupKey(seed)
assertTrue(keyEntry.isCaptured)
assertArrayEquals(seed.sliceArray(0 until 32), keyEntry.captured.secretKey.encoded)
}
@Test
fun `64 byte seed gets accepted for main key`() {
val seed = getRandomByteArray(64)
val keyEntry = slot<KeyStore.SecretKeyEntry>()
every { keyStore.setEntry(any(), capture(keyEntry), any()) } just Runs
keyManager.storeMainKey(seed)
assertTrue(keyEntry.isCaptured)
assertArrayEquals(seed.sliceArray(32 until 64), keyEntry.captured.secretKey.encoded)
}
}