6 files changed, 152 insertions, 0 deletions

diff --git a/crypto/common/build.gradle.kts b/crypto/common/build.gradle.kts
new file mode 100644
index 00000000..110664bd
--- /dev/null
+++ b/crypto/common/build.gradle.kts
@@ -0,0 +1,7 @@
+/*
+ * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved.
+ * SPDX-License-Identifier: GPL-3.0-only
+ */
+plugins { id("com.github.android-password-store.kotlin-jvm-library") }
+
+dependencies { implementation(libs.thirdparty.kotlinResult) }
diff --git a/crypto/common/lint-baseline.xml b/crypto/common/lint-baseline.xml
new file mode 100644
index 00000000..2ed8a3bb
--- /dev/null
+++ b/crypto/common/lint-baseline.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<issues format="6" by="lint 8.2.0-alpha14" type="baseline" client="gradle" dependencies="false" name="AGP (8.2.0-alpha14)" variant="all" version="8.2.0-alpha14">
+
+</issues>
diff --git a/crypto/common/src/main/kotlin/app/passwordstore/crypto/CryptoHandler.kt b/crypto/common/src/main/kotlin/app/passwordstore/crypto/CryptoHandler.kt
new file mode 100644
index 00000000..898cf058
--- /dev/null
+++ b/crypto/common/src/main/kotlin/app/passwordstore/crypto/CryptoHandler.kt
@@ -0,0 +1,44 @@
+/*
+ * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved.
+ * SPDX-License-Identifier: GPL-3.0-only
+ */
+
+package app.passwordstore.crypto
+
+import app.passwordstore.crypto.errors.CryptoHandlerException
+import com.github.michaelbull.result.Result
+import java.io.InputStream
+import java.io.OutputStream
+
+/** Generic interface to implement cryptographic operations on top of. */
+public interface CryptoHandler<Key, EncOpts : CryptoOptions, DecryptOpts : CryptoOptions> {
+
+  /**
+   * Decrypt the given [ciphertextStream] using a set of potential [keys] and [passphrase], and
+   * writes the resultant plaintext to [outputStream]. The returned [Result] should be checked to
+   * ensure it is **not** an instance of [com.github.michaelbull.result.Err] before the contents of
+   * [outputStream] are used.
+   */
+  public fun decrypt(
+    keys: List<Key>,
+    passphrase: String,
+    ciphertextStream: InputStream,
+    outputStream: OutputStream,
+    options: DecryptOpts,
+  ): Result<Unit, CryptoHandlerException>
+
+  /**
+   * Encrypt the given [plaintextStream] to the provided [keys], and writes the encrypted ciphertext
+   * to [outputStream]. The returned [Result] should be checked to ensure it is **not** an instance
+   * of [com.github.michaelbull.result.Err] before the contents of [outputStream] are used.
+   */
+  public fun encrypt(
+    keys: List<Key>,
+    plaintextStream: InputStream,
+    outputStream: OutputStream,
+    options: EncOpts,
+  ): Result<Unit, CryptoHandlerException>
+
+  /** Given a [fileName], return whether this instance can handle it. */
+  public fun canHandle(fileName: String): Boolean
+}
diff --git a/crypto/common/src/main/kotlin/app/passwordstore/crypto/CryptoOptions.kt b/crypto/common/src/main/kotlin/app/passwordstore/crypto/CryptoOptions.kt
new file mode 100644
index 00000000..1e60cdba
--- /dev/null
+++ b/crypto/common/src/main/kotlin/app/passwordstore/crypto/CryptoOptions.kt
@@ -0,0 +1,8 @@
+package app.passwordstore.crypto
+
+/** Defines the contract for a grab-bag of options for individual cryptographic operations. */
+public interface CryptoOptions {
+
+  /** Returns a [Boolean] indicating if the [option] is enabled for this operation. */
+  public fun isOptionEnabled(option: String): Boolean
+}
diff --git a/crypto/common/src/main/kotlin/app/passwordstore/crypto/KeyManager.kt b/crypto/common/src/main/kotlin/app/passwordstore/crypto/KeyManager.kt
new file mode 100644
index 00000000..c9db3734
--- /dev/null
+++ b/crypto/common/src/main/kotlin/app/passwordstore/crypto/KeyManager.kt
@@ -0,0 +1,41 @@
+/*
+ * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved.
+ * SPDX-License-Identifier: GPL-3.0-only
+ */
+
+package app.passwordstore.crypto
+
+import com.github.michaelbull.result.Result
+
+/**
+ * [KeyManager] defines a contract for implementing a management system for [Key]s as they would be
+ * used by an implementation of [CryptoHandler] to obtain eligible public or private keys as
+ * required.
+ */
+public interface KeyManager<Key, KeyIdentifier> {
+
+  /**
+   * Inserts a [key] into the store. If the key already exists, this method will return
+   * [app.passwordstore.crypto.errors.KeyAlreadyExistsException] unless [replace] is `true`.
+   */
+  public suspend fun addKey(key: Key, replace: Boolean = false): Result<Key, Throwable>
+
+  /** Finds a key for [identifier] in the store and deletes it. */
+  public suspend fun removeKey(identifier: KeyIdentifier): Result<Unit, Throwable>
+
+  /**
+   * Get a [Key] for the given [id]. The actual semantics of what [id] is are left to individual
+   * implementations to figure out for themselves. For example, in GPG this can be a full
+   * hexadecimal key ID, an email, a short hex key ID, and probably a few more things.
+   */
+  public suspend fun getKeyById(id: KeyIdentifier): Result<Key, Throwable>
+
+  /** Returns all keys currently in the store as a [List]. */
+  public suspend fun getAllKeys(): Result<List<Key>, Throwable>
+
+  /**
+   * Get a stable identifier for the given [key]. The returned key ID should be suitable to be used
+   * as an identifier for the cryptographic identity tied to this key.
+   */
+  public suspend fun getKeyId(key: Key): KeyIdentifier?
+}
diff --git a/crypto/common/src/main/kotlin/app/passwordstore/crypto/errors/CryptoException.kt b/crypto/common/src/main/kotlin/app/passwordstore/crypto/errors/CryptoException.kt
new file mode 100644
index 00000000..eb64541e
--- /dev/null
+++ b/crypto/common/src/main/kotlin/app/passwordstore/crypto/errors/CryptoException.kt
@@ -0,0 +1,48 @@
+package app.passwordstore.crypto.errors
+
+import app.passwordstore.crypto.KeyManager
+
+public sealed class CryptoException(message: String? = null, cause: Throwable? = null) :
+  Exception(message, cause)
+
+/** Sealed exception types for [KeyManager]. */
+public sealed class KeyManagerException(message: String? = null) : CryptoException(message)
+
+/** Store contains no keys. */
+public data object NoKeysAvailableException : KeyManagerException("No keys were found")
+
+/** Key directory does not exist or cannot be accessed. */
+public data object KeyDirectoryUnavailableException :
+  KeyManagerException("Key directory does not exist")
+
+/** Failed to delete given key. */
+public data object KeyDeletionFailedException : KeyManagerException("Couldn't delete the key file")
+
+/** Failed to parse the key as a known type. */
+public data object InvalidKeyException :
+  KeyManagerException("Given key cannot be parsed as a known key type")
+
+/** Key failed the [app.passwordstore.crypto.KeyUtils.isKeyUsable] test. */
+public data object UnusableKeyException :
+  KeyManagerException("Given key is not usable for encryption - is it using AEAD?")
+
+/** No key matching `keyId` could be found. */
+public class KeyNotFoundException(keyId: String) :
+  KeyManagerException("No key found with id: $keyId")
+
+/** Attempting to add another key for `keyId` without requesting a replace. */
+public class KeyAlreadyExistsException(keyId: String) :
+  KeyManagerException("Pre-existing key was found for $keyId")
+
+/** Sealed exception types for [app.passwordstore.crypto.CryptoHandler]. */
+public sealed class CryptoHandlerException(message: String? = null, cause: Throwable? = null) :
+  CryptoException(message, cause)
+
+/** The passphrase provided for decryption was incorrect. */
+public class IncorrectPassphraseException(cause: Throwable) : CryptoHandlerException(null, cause)
+
+/** No keys were passed to the encrypt/decrypt operation. */
+public data object NoKeysProvidedException : CryptoHandlerException(null, null)
+
+/** An unexpected error that cannot be mapped to a known type. */
+public class UnknownError(cause: Throwable) : CryptoHandlerException(null, cause)