From f9730cae5883f397c03493ea74f563bb3ac0654c Mon Sep 17 00:00:00 2001 From: Harsh Shandilya Date: Fri, 5 May 2023 00:33:06 +0530 Subject: feat: kick off a very basic passphrase cache --- .../data/crypto/GPGPassphraseCache.kt | 67 ++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 app/src/main/java/app/passwordstore/data/crypto/GPGPassphraseCache.kt diff --git a/app/src/main/java/app/passwordstore/data/crypto/GPGPassphraseCache.kt b/app/src/main/java/app/passwordstore/data/crypto/GPGPassphraseCache.kt new file mode 100644 index 00000000..d9e66f74 --- /dev/null +++ b/app/src/main/java/app/passwordstore/data/crypto/GPGPassphraseCache.kt @@ -0,0 +1,67 @@ +package app.passwordstore.data.crypto + +import android.content.Context +import androidx.core.content.edit +import androidx.security.crypto.EncryptedSharedPreferences +import androidx.security.crypto.MasterKey +import app.passwordstore.crypto.GpgIdentifier +import app.passwordstore.util.coroutines.DispatcherProvider +import app.passwordstore.util.extensions.getString +import javax.inject.Inject +import kotlinx.coroutines.withContext + +/** Implements a rudimentary [EncryptedSharedPreferences]-backed cache for GPG passphrases. */ +@Suppress("Unused") // Soon +class GPGPassphraseCache +@Inject +constructor( + private val dispatcherProvider: DispatcherProvider, +) { + + private suspend fun cachePassphrase( + context: Context, + identifier: GpgIdentifier, + passphrase: String, + ) { + withContext(dispatcherProvider.io()) { + getPreferences(context).edit { putString(identifier.toString(), passphrase) } + } + } + + private suspend fun retrieveCachedPassphrase( + context: Context, + identifier: GpgIdentifier, + ): String? { + return withContext(dispatcherProvider.io()) { + getPreferences(context).getString(identifier.toString()) + } + } + + private suspend fun getPreferences(context: Context) = + withContext(dispatcherProvider.io()) { + EncryptedSharedPreferences.create( + context, + ANDROIDX_SECURITY_KEYSET_PREF_NAME, + getOrCreateWrappingMasterKey(context), + EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV, + EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM, + ) + } + + private suspend fun getOrCreateWrappingMasterKey(context: Context) = + withContext(dispatcherProvider.io()) { + MasterKey.Builder(context, "passphrase") + .setKeyScheme(MasterKey.KeyScheme.AES256_GCM) + .setRequestStrongBoxBacked(true) + .setUserAuthenticationRequired( + /* authenticationRequired = */ true, + /* userAuthenticationValidityDurationSeconds = */ 60, + ) + .build() + } + + private companion object { + + private const val ANDROIDX_SECURITY_KEYSET_PREF_NAME = "androidx_passphrase_keyset_prefs" + } +} -- cgit v1.2.3