Refactor Android-specific code out of bramble-core.

2026-02-13 19:29:06 +01:00 · 2020-01-10 17:31:16 +00:00
parent f650b2236e
commit c61c9bbc02
13 changed files with 210 additions and 230 deletions
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java
@@ -133,11 +133,11 @@ public interface CryptoComponent {
 	 * given password. The ciphertext will be decryptable using the same
 	 * password after the app restarts.
 	 *
-	 * @param keyStoreConfig Configures the use of a stored key to strengthen
-	 * the password-based key. If null, no stored key will be used
+	 * @param keyStrengthener Used to strengthen the password-based key. If
+	 * null, the password-based key will not be strengthened
 	 */
 	byte[] encryptWithPassword(byte[] plaintext, String password,
-			@Nullable KeyStoreConfig keyStoreConfig);
+			@Nullable KeyStrengthener keyStrengthener);

 	/**
 	 * Decrypts and authenticates the given ciphertext that has been read from
@@ -145,20 +145,19 @@ public interface CryptoComponent {
 	 * given password. Returns null if the ciphertext cannot be decrypted and
 	 * authenticated (for example, if the password is wrong).
 	 *
-	 * @param keyStoreConfig Configures the use of a stored key to strengthen
-	 * the password-based key. If null, or if no stored key was used when
-	 * encrypting the ciphertext, then no stored key will be used
+	 * @param keyStrengthener Used to strengthen the password-based key. If
+	 * null, or if strengthening was not used when encrypting the ciphertext,
+	 * the password-based key will not be strengthened
 	 */
 	@Nullable
 	byte[] decryptWithPassword(byte[] ciphertext, String password,
-			@Nullable KeyStoreConfig keyStoreConfig);
+			@Nullable KeyStrengthener keyStrengthener);

 	/**
-	 * Returns true if the given ciphertext was encrypted using a stored key
-	 * to strengthen the password-based key. The validity of the ciphertext is
-	 * not checked.
+	 * Returns true if the given ciphertext was encrypted using a strengthened
+	 * key. The validity of the ciphertext is not checked.
 	 */
-	boolean isEncryptedWithStoredKey(byte[] ciphertext);
+	boolean isEncryptedWithStrengthenedKey(byte[] ciphertext);

 	/**
 	 * Encrypts the given plaintext to the given public key.
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/KeyStoreConfig.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/KeyStoreConfig.java
@@ -1,32 +0,0 @@
-package org.briarproject.bramble.api.crypto;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.List;
-
-/**
- * Configures the use of a stored key to strengthen password-based encryption.
- * The key may be stored in a hardware security module, but this is not
- * guaranteed. See
- * {@link CryptoComponent#encryptWithPassword(byte[], String, KeyStoreConfig)}
- * and
- * {@link CryptoComponent#decryptWithPassword(byte[], String, KeyStoreConfig)}.
- */
-@NotNullByDefault
-public interface KeyStoreConfig {
-
-	String getKeyStoreType();
-
-	String getKeyAlias();
-
-	String getProviderName();
-
-	String getMacAlgorithmName();
-
-	/**
-	 * Returns a list of {@link AlgorithmParameterSpec AlgorithmParameterSpecs}
-	 * to use for key generation, in order of preference.
-	 */
-	List<AlgorithmParameterSpec> getParameterSpecs();
-}
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/KeyStrengthener.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/KeyStrengthener.java
@@ -0,0 +1,23 @@
+package org.briarproject.bramble.api.crypto;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+/**
+ * Interface for strengthening a password-based key, for example by using a
+ * key stored in a key management service or hardware security module.
+ */
+@NotNullByDefault
+public interface KeyStrengthener {
+
+	/**
+	 * Returns true if the strengthener has been initialised.
+	 */
+	@SuppressWarnings("BooleanMethodIsAlwaysInverted")
+	boolean isInitialised();
+
+	/**
+	 * Initialises the strengthener if necessary and returns a strong key
+	 * derived from the given key.
+	 */
+	SecretKey strengthenKey(SecretKey k);
+}
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/db/DatabaseConfig.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/db/DatabaseConfig.java
@@ -1,6 +1,6 @@
 package org.briarproject.bramble.api.db;

-import org.briarproject.bramble.api.crypto.KeyStoreConfig;
+import org.briarproject.bramble.api.crypto.KeyStrengthener;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;

 import java.io.File;
@@ -21,9 +21,9 @@ public interface DatabaseConfig {
 	File getDatabaseKeyDirectory();

 	/**
-	 * Returns a {@link KeyStoreConfig} for strengthening the encryption of the
-	 * database key, or null if no keystore should be used.
+	 * Returns a {@link KeyStrengthener} for strengthening the encryption of
+	 * the database key, or null if no strengthener should be used.
 	 */
 	@Nullable
-	KeyStoreConfig getKeyStoreConfig();
+	KeyStrengthener getKeyStrengthener();
 }