Sulkta-OSS/element-x-ada
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve detection of configure PIN code.

Browse source
This commit is contained in:
Benoit Marty 2026-05-05 18:24:25 +02:00 committed by Benoit Marty
parent 2f45ca8835
commit 61374bca4e
13 changed files with 77 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

4
libraries/cryptography/api/build.gradle.kts
View file

@ -13,3 +13,7 @@ plugins {
android {
namespace = "io.element.android.libraries.cryptography.api"
}
dependencies {
implementation(libs.coroutines.core)
}

7
libraries/cryptography/api/src/main/kotlin/io/element/android/libraries/cryptography/api/SecretKeyRepository.kt
View file

@ -8,6 +8,7 @@
package io.element.android.libraries.cryptography.api
import kotlinx.coroutines.flow.Flow
import javax.crypto.SecretKey
/**
@ -15,16 +16,18 @@ import javax.crypto.SecretKey
* Implementation should be able to store the generated key securely.
*/
interface SecretKeyRepository {
fun hasKey(alias: String): Flow<Boolean>
/**
* Get or create a secret key for a given alias.
* @param alias the alias to use
* @param requiresUserAuthentication true if the key should be protected by user authentication
*/
fun getOrCreateKey(alias: String, requiresUserAuthentication: Boolean): SecretKey
suspend fun getOrCreateKey(alias: String, requiresUserAuthentication: Boolean): SecretKey
/**
* Delete the secret key for a given alias.
* @param alias the alias to use
*/
fun deleteKey(alias: String)
suspend fun deleteKey(alias: String)
}

1
libraries/cryptography/impl/build.gradle.kts
View file

@ -21,6 +21,7 @@ setupDependencyInjection()
dependencies {
implementation(projects.libraries.di)
implementation(libs.coroutines.core)
api(projects.libraries.cryptography.api)
testCommonDependencies(libs)

27
libraries/cryptography/impl/src/main/kotlin/io/element/android/libraries/cryptography/impl/KeyStoreSecretKeyRepository.kt
View file

@ -13,11 +13,16 @@ import android.security.keystore.KeyGenParameterSpec
import android.security.keystore.KeyProperties
import dev.zacsweers.metro.AppScope
import dev.zacsweers.metro.ContributesBinding
import dev.zacsweers.metro.SingleIn
import io.element.android.libraries.cryptography.api.AESEncryptionSpecs
import io.element.android.libraries.cryptography.api.SecretKeyRepository
import kotlinx.coroutines.flow.Flow
import kotlinx.coroutines.flow.MutableStateFlow
import kotlinx.coroutines.flow.asStateFlow
import timber.log.Timber
import java.security.KeyStore
import java.security.KeyStoreException
import java.util.concurrent.ConcurrentHashMap
import javax.crypto.KeyGenerator
import javax.crypto.SecretKey
@ -25,13 +30,22 @@ import javax.crypto.SecretKey
* Default implementation of [SecretKeyRepository] that uses the Android Keystore to store the keys.
* The generated key uses AES algorithm, with a key size of 128 bits, and the GCM block mode.
*/
@SingleIn(AppScope::class)
@ContributesBinding(AppScope::class)
class KeyStoreSecretKeyRepository(
private val keyStore: KeyStore,
) : SecretKeyRepository {
private val hasKeyMap = ConcurrentHashMap<String, MutableStateFlow<Boolean>>()
override fun hasKey(alias: String): Flow<Boolean> {
return hasKeyMap.getOrPut(alias) {
MutableStateFlow(runCatching { keyStore.containsAlias(alias) }.getOrDefault(false))
}.asStateFlow()
}
// False positive lint issue
@SuppressLint("WrongConstant")
override fun getOrCreateKey(alias: String, requiresUserAuthentication: Boolean): SecretKey {
override suspend fun getOrCreateKey(alias: String, requiresUserAuthentication: Boolean): SecretKey {
val secretKeyEntry = (keyStore.getEntry(alias, null) as? KeyStore.SecretKeyEntry)
?.secretKey
return if (secretKeyEntry == null) {
@ -46,15 +60,22 @@ class KeyStoreSecretKeyRepository(
.setUserAuthenticationRequired(requiresUserAuthentication)
.build()
generator.init(keyGenSpec)
generator.generateKey()
generator.generateKey().also {
hasKeyMap.getOrPut(alias) {
MutableStateFlow(true)
}.emit(true)
}
} else {
secretKeyEntry
}
}
override fun deleteKey(alias: String) {
override suspend fun deleteKey(alias: String) {
try {
keyStore.deleteEntry(alias)
hasKeyMap.getOrPut(alias) {
MutableStateFlow(false)
}.emit(false)
} catch (e: KeyStoreException) {
Timber.e(e)
}

1
libraries/cryptography/test/build.gradle.kts
View file

@ -16,4 +16,5 @@ android {
dependencies {
api(projects.libraries.cryptography.api)
implementation(libs.coroutines.core)
}

25
libraries/cryptography/test/src/main/kotlin/io/element/android/libraries/cryptography/test/SimpleSecretKeyRepository.kt
View file

@ -10,20 +10,39 @@ package io.element.android.libraries.cryptography.test
import io.element.android.libraries.cryptography.api.AESEncryptionSpecs
import io.element.android.libraries.cryptography.api.SecretKeyRepository
import kotlinx.coroutines.flow.Flow
import kotlinx.coroutines.flow.MutableStateFlow
import kotlinx.coroutines.flow.asStateFlow
import java.util.concurrent.ConcurrentHashMap
import javax.crypto.KeyGenerator
import javax.crypto.SecretKey
class SimpleSecretKeyRepository : SecretKeyRepository {
private var secretKeyForAlias = HashMap<String, SecretKey>()
override fun getOrCreateKey(alias: String, requiresUserAuthentication: Boolean): SecretKey {
private val hasKeyMap = ConcurrentHashMap<String, MutableStateFlow<Boolean>>()
override fun hasKey(alias: String): Flow<Boolean> {
return hasKeyMap.getOrPut(alias) {
MutableStateFlow(false)
}.asStateFlow()
}
override suspend fun getOrCreateKey(alias: String, requiresUserAuthentication: Boolean): SecretKey {
return secretKeyForAlias.getOrPut(alias) {
generateKey()
generateKey().also {
hasKeyMap.getOrPut(alias) {
MutableStateFlow(true)
}.emit(true)
}
}
}
override fun deleteKey(alias: String) {
override suspend fun deleteKey(alias: String) {
secretKeyForAlias.remove(alias)
hasKeyMap.getOrPut(alias) {
MutableStateFlow(false)
}.emit(false)
}
private fun generateKey(): SecretKey {