First Commit

2025-12-18 16:28:50 +07:00
commit 8c3e4f491f
9974 changed files with 396488 additions and 0 deletions
@@ -0,0 +1,27 @@
+import extension.setupDependencyInjection
+import extension.testCommonDependencies
+
+/*
+ * Copyright (c) 2025 Element Creations Ltd.
+ * Copyright 2023, 2024 New Vector Ltd.
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial.
+ * Please see LICENSE files in the repository root for full details.
+ */
+
+plugins {
+    id("io.element.android-library")
+}
+
+android {
+    namespace = "io.element.android.libraries.cryptography.impl"
+}
+
+setupDependencyInjection()
+
+dependencies {
+    implementation(projects.libraries.di)
+    api(projects.libraries.cryptography.api)
+
+    testCommonDependencies(libs)
+}
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2025 Element Creations Ltd.
+ * Copyright 2023-2025 New Vector Ltd.
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial.
+ * Please see LICENSE files in the repository root for full details.
+ */
+
+package io.element.android.libraries.cryptography.impl
+
+import dev.zacsweers.metro.AppScope
+import dev.zacsweers.metro.ContributesBinding
+import io.element.android.libraries.cryptography.api.AESEncryptionSpecs
+import io.element.android.libraries.cryptography.api.EncryptionDecryptionService
+import io.element.android.libraries.cryptography.api.EncryptionResult
+import javax.crypto.Cipher
+import javax.crypto.SecretKey
+import javax.crypto.spec.GCMParameterSpec
+
+/**
+ * Default implementation of [EncryptionDecryptionService] using AES encryption.
+ */
+@ContributesBinding(AppScope::class)
+class AESEncryptionDecryptionService : EncryptionDecryptionService {
+    override fun createEncryptionCipher(key: SecretKey): Cipher {
+        return Cipher.getInstance(AESEncryptionSpecs.CIPHER_TRANSFORMATION).apply {
+            init(Cipher.ENCRYPT_MODE, key)
+        }
+    }
+
+    override fun createDecryptionCipher(key: SecretKey, initializationVector: ByteArray): Cipher {
+        val spec = GCMParameterSpec(128, initializationVector)
+        return Cipher.getInstance(AESEncryptionSpecs.CIPHER_TRANSFORMATION).apply {
+            init(Cipher.DECRYPT_MODE, key, spec)
+        }
+    }
+
+    override fun encrypt(key: SecretKey, input: ByteArray): EncryptionResult {
+        val cipher = createEncryptionCipher(key)
+        val encryptedData = cipher.doFinal(input)
+        return EncryptionResult(encryptedData, cipher.iv)
+    }
+
+    override fun decrypt(key: SecretKey, encryptionResult: EncryptionResult): ByteArray {
+        val cipher = createDecryptionCipher(key, encryptionResult.initializationVector)
+        return cipher.doFinal(encryptionResult.encryptedByteArray)
+    }
+}
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2025 Element Creations Ltd.
+ * Copyright 2023-2025 New Vector Ltd.
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial.
+ * Please see LICENSE files in the repository root for full details.
+ */
+
+package io.element.android.libraries.cryptography.impl
+
+import dev.zacsweers.metro.AppScope
+import dev.zacsweers.metro.BindingContainer
+import dev.zacsweers.metro.ContributesTo
+import dev.zacsweers.metro.Provides
+import java.security.KeyStore
+
+internal const val ANDROID_KEYSTORE = "AndroidKeyStore"
+
+@ContributesTo(AppScope::class)
+@BindingContainer
+object CryptographyModule {
+    @Provides
+    fun providesAndroidKeyStore(): KeyStore {
+        return KeyStore.getInstance(ANDROID_KEYSTORE).apply {
+            load(null)
+        }
+    }
+}
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2025 Element Creations Ltd.
+ * Copyright 2023-2025 New Vector Ltd.
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial.
+ * Please see LICENSE files in the repository root for full details.
+ */
+
+package io.element.android.libraries.cryptography.impl
+
+import android.annotation.SuppressLint
+import android.security.keystore.KeyGenParameterSpec
+import android.security.keystore.KeyProperties
+import dev.zacsweers.metro.AppScope
+import dev.zacsweers.metro.ContributesBinding
+import io.element.android.libraries.cryptography.api.AESEncryptionSpecs
+import io.element.android.libraries.cryptography.api.SecretKeyRepository
+import timber.log.Timber
+import java.security.KeyStore
+import java.security.KeyStoreException
+import javax.crypto.KeyGenerator
+import javax.crypto.SecretKey
+
+/**
+ * Default implementation of [SecretKeyRepository] that uses the Android Keystore to store the keys.
+ * The generated key uses AES algorithm, with a key size of 128 bits, and the GCM block mode.
+ */
+@ContributesBinding(AppScope::class)
+class KeyStoreSecretKeyRepository(
+    private val keyStore: KeyStore,
+) : SecretKeyRepository {
+    // False positive lint issue
+    @SuppressLint("WrongConstant")
+    override fun getOrCreateKey(alias: String, requiresUserAuthentication: Boolean): SecretKey {
+        val secretKeyEntry = (keyStore.getEntry(alias, null) as? KeyStore.SecretKeyEntry)
+            ?.secretKey
+        return if (secretKeyEntry == null) {
+            val generator = KeyGenerator.getInstance(AESEncryptionSpecs.ALGORITHM, ANDROID_KEYSTORE)
+            val keyGenSpec = KeyGenParameterSpec.Builder(
+                alias,
+                KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT
+            )
+                .setBlockModes(AESEncryptionSpecs.BLOCK_MODE)
+                .setEncryptionPaddings(AESEncryptionSpecs.PADDINGS)
+                .setKeySize(AESEncryptionSpecs.KEY_SIZE)
+                .setUserAuthenticationRequired(requiresUserAuthentication)
+                .build()
+            generator.init(keyGenSpec)
+            generator.generateKey()
+        } else {
+            secretKeyEntry
+        }
+    }
+
+    override fun deleteKey(alias: String) {
+        try {
+            keyStore.deleteEntry(alias)
+        } catch (e: KeyStoreException) {
+            Timber.e(e)
+        }
+    }
+}
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2025 Element Creations Ltd.
+ * Copyright 2023-2025 New Vector Ltd.
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial.
+ * Please see LICENSE files in the repository root for full details.
+ */
+
+package io.element.android.libraries.cryptography.impl
+
+import android.security.keystore.KeyProperties
+import com.google.common.truth.Truth.assertThat
+import org.junit.Assert.assertThrows
+import org.junit.Test
+import java.security.GeneralSecurityException
+import javax.crypto.KeyGenerator
+
+class AESEncryptionDecryptionServiceTest {
+    private val encryptionDecryptionService = AESEncryptionDecryptionService()
+
+    @Test
+    fun `given a valid key then encrypt decrypt work`() {
+        val keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES)
+        keyGenerator.init(128)
+        val key = keyGenerator.generateKey()
+        val input = "Hello World".toByteArray()
+        val encryptionResult = encryptionDecryptionService.encrypt(key, input)
+        val decrypted = encryptionDecryptionService.decrypt(key, encryptionResult)
+        assertThat(decrypted).isEqualTo(input)
+    }
+
+    @Test
+    fun `given a wrong key then decrypt fail`() {
+        val keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES)
+        keyGenerator.init(128)
+        val encryptionKey = keyGenerator.generateKey()
+        val input = "Hello World".toByteArray()
+        val encryptionResult = encryptionDecryptionService.encrypt(encryptionKey, input)
+        val decryptionKey = keyGenerator.generateKey()
+        assertThrows(GeneralSecurityException::class.java) {
+            encryptionDecryptionService.decrypt(decryptionKey, encryptionResult)
+        }
+    }
+}