Feature/fga/biometric unlock (#1702)

* Biometric unlock : refactor a bit existing classes * Biometric unlock : first implementation * Biometric: add ui for biometric setup * Biometric unlock : use localazy strings * Biometric unlock setup : branch skip/allow events * Biometric : fix tests * Biometrics: add small test * Biometric : clean up * Update screenshots * Biometric unlock : address some PR review * Biometric : improve a bit edge cases * Fix lint issues --------- Co-authored-by: ganfra <francoisg@element.io> Co-authored-by: ElementBot <benoitm+elementbot@element.io> Co-authored-by: Jorge Martín <jorgem@element.io>
2023-10-31 19:22:43 +01:00
parent a008f342de
commit 8d903362c8
86 changed files with 1270 additions and 107 deletions
--- a/libraries/cryptography/api/src/main/kotlin/io/element/android/libraries/cryptography/api/SecretKeyRepository.kt
+++ b/libraries/cryptography/api/src/main/kotlin/io/element/android/libraries/cryptography/api/SecretKeyRepository.kt
@@ -19,9 +19,20 @@ package io.element.android.libraries.cryptography.api
 import javax.crypto.SecretKey

 /**
- * Simple interface to get or create a secret key for a given alias.
+ * Simple interface to get, create and delete a secret key for a given alias.
 * Implementation should be able to store the generated key securely.
 */
-interface SecretKeyProvider {
-    fun getOrCreateKey(alias: String): SecretKey
+interface SecretKeyRepository {
+    /**
+     * Get or create a secret key for a given alias.
+     * @param alias the alias to use
+     * @param requiresUserAuthentication true if the key should be protected by user authentication
+     */
+    fun getOrCreateKey(alias: String, requiresUserAuthentication: Boolean): SecretKey
+
+    /**
+     * Delete the secret key for a given alias.
+     * @param alias the alias to use
+     */
+    fun deleteKey(alias: String)
 }
--- a/libraries/cryptography/impl/src/main/kotlin/io/element/android/libraries/cryptography/impl/CryptographyModule.kt
+++ b/libraries/cryptography/impl/src/main/kotlin/io/element/android/libraries/cryptography/impl/CryptographyModule.kt
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2023 New Vector Ltd
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.element.android.libraries.cryptography.impl
+
+import com.squareup.anvil.annotations.ContributesTo
+import dagger.Module
+import dagger.Provides
+import io.element.android.libraries.di.AppScope
+import java.security.KeyStore
+
+internal const val ANDROID_KEYSTORE = "AndroidKeyStore"
+
+@ContributesTo(AppScope::class)
+@Module
+object CryptographyModule {
+
+    @Provides
+    fun providesAndroidKeyStore(): KeyStore {
+        return KeyStore.getInstance(ANDROID_KEYSTORE).apply {
+            load(null)
+        }
+    }
+}
--- a/libraries/cryptography/impl/src/main/kotlin/io/element/android/libraries/cryptography/impl/KeyStoreSecretKeyRepository.kt
+++ b/libraries/cryptography/impl/src/main/kotlin/io/element/android/libraries/cryptography/impl/KeyStoreSecretKeyRepository.kt
@@ -21,28 +21,27 @@ import android.security.keystore.KeyGenParameterSpec
 import android.security.keystore.KeyProperties
 import com.squareup.anvil.annotations.ContributesBinding
 import io.element.android.libraries.cryptography.api.AESEncryptionSpecs
-import io.element.android.libraries.cryptography.api.SecretKeyProvider
+import io.element.android.libraries.cryptography.api.SecretKeyRepository
 import io.element.android.libraries.di.AppScope
+import timber.log.Timber
 import java.security.KeyStore
+import java.security.KeyStoreException
 import javax.crypto.KeyGenerator
 import javax.crypto.SecretKey
 import javax.inject.Inject

-private const val ANDROID_KEYSTORE = "AndroidKeyStore"
-
 /**
- * Default implementation of [SecretKeyProvider] that uses the Android Keystore to store the keys.
+ * Default implementation of [SecretKeyRepository] that uses the Android Keystore to store the keys.
 * The generated key uses AES algorithm, with a key size of 128 bits, and the GCM block mode.
 */
@ContributesBinding(AppScope::class)
-class KeyStoreSecretKeyProvider @Inject constructor() : SecretKeyProvider {
+class KeyStoreSecretKeyRepository @Inject constructor(
+    private val keyStore: KeyStore,
+) : SecretKeyRepository {

    // False positive lint issue
    @SuppressLint("WrongConstant")
-    override fun getOrCreateKey(alias: String): SecretKey {
-        val keyStore = KeyStore.getInstance(ANDROID_KEYSTORE).apply {
-            load(null)
-        }
+    override fun getOrCreateKey(alias: String, requiresUserAuthentication: Boolean): SecretKey {
        val secretKeyEntry = (keyStore.getEntry(alias, null) as? KeyStore.SecretKeyEntry)
            ?.secretKey
        return if (secretKeyEntry == null) {
@@ -54,6 +53,7 @@ class KeyStoreSecretKeyProvider @Inject constructor() : SecretKeyProvider {
                .setBlockModes(AESEncryptionSpecs.BLOCK_MODE)
                .setEncryptionPaddings(AESEncryptionSpecs.PADDINGS)
                .setKeySize(AESEncryptionSpecs.KEY_SIZE)
+                .setUserAuthenticationRequired(requiresUserAuthentication)
                .build()
            generator.init(keyGenSpec)
            generator.generateKey()
@@ -61,4 +61,12 @@ class KeyStoreSecretKeyProvider @Inject constructor() : SecretKeyProvider {
            secretKeyEntry
        }
    }
+
+    override fun deleteKey(alias: String) {
+        try {
+            keyStore.deleteEntry(alias)
+        } catch (e: KeyStoreException) {
+            Timber.e(e)
+        }
+    }
 }
--- a/libraries/cryptography/test/src/main/kotlin/io/element/android/libraries/cryptography/test/SimpleSecretKeyRepository.kt
+++ b/libraries/cryptography/test/src/main/kotlin/io/element/android/libraries/cryptography/test/SimpleSecretKeyRepository.kt
@@ -17,20 +17,24 @@
 package io.element.android.libraries.cryptography.test

 import io.element.android.libraries.cryptography.api.AESEncryptionSpecs
-import io.element.android.libraries.cryptography.api.SecretKeyProvider
+import io.element.android.libraries.cryptography.api.SecretKeyRepository
 import javax.crypto.KeyGenerator
 import javax.crypto.SecretKey

-class SimpleSecretKeyProvider : SecretKeyProvider {
+class SimpleSecretKeyRepository : SecretKeyRepository {

    private var secretKeyForAlias = HashMap<String, SecretKey>()

-    override fun getOrCreateKey(alias: String): SecretKey {
+    override fun getOrCreateKey(alias: String, requiresUserAuthentication: Boolean): SecretKey {
        return secretKeyForAlias.getOrPut(alias) {
            generateKey()
        }
    }

+    override fun deleteKey(alias: String) {
+        secretKeyForAlias.remove(alias)
+    }
+
    private fun generateKey(): SecretKey {
        val keyGenerator = KeyGenerator.getInstance(AESEncryptionSpecs.ALGORITHM)
        keyGenerator.init(AESEncryptionSpecs.KEY_SIZE)