Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added P-384 Utils #21

Merged
merged 12 commits into from
Aug 19, 2021
Merged

Added P-384 Utils #21

merged 12 commits into from
Aug 19, 2021

Conversation

overheadhunter
Copy link
Member

Added some utility classes to generate P-384 key pairs, store them to PKCS12 files and load them again.

@overheadhunter
Copy link
Member Author

@SailReal Can you verify if these changes work on Android 7?

Path somePath = ...
P384KeyPair orig = P384KeyPair.generate();
orig.store(somePath, "somePassword".toCharArray());
P384KeyPair loaded = P384KeyPair.load(somePath, "somePassword".toCharArray());
assert orig.equals(loaded);

SailReal
SailReal requested changes Aug 18, 2021
View reviewed changes
Copy link
Member

@SailReal SailReal left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks very promising but all of java.nio.file was added in API level 26 (Android 8.0) that means it is not possible to get e.g. a Path instance in pre Android 8.0 and pass it to P384KeyPair. Maybe we can provide further methods where we can pass in the input/output-stream of the key material like in MasterkeyFileAccess?

@overheadhunter
Copy link
Member Author

it is not possible to get e.g. a Path instance in pre Android 8.0 and pass it to P384KeyPair.

But it is still possible to load a class that has a Path in some unused method?

So overloading the method such as here works?

cryptolib/src/main/java/org/cryptomator/cryptolib/common/MasterkeyFileAccess.java

Lines 117 to 134 in 3347bc0

public Masterkey load(Path filePath, CharSequence passphrase) throws MasterkeyLoadingFailedException {
try (InputStream in = Files.newInputStream(filePath, StandardOpenOption.READ)) {
return load(in, passphrase);
} catch (IOException e) {
throw new MasterkeyLoadingFailedException("I/O error", e);
}
}
public Masterkey load(InputStream in, CharSequence passphrase) throws IOException {
try (Reader reader = new InputStreamReader(in, UTF_8)) {
MasterkeyFile parsedFile = MasterkeyFile.read(reader);
if (!parsedFile.isValid()) {
throw new IOException("Invalid key file");
} else {
return unlock(parsedFile, passphrase);
}
}
}

@SailReal
Copy link
Member

But it is still possible to load a class that has a Path in some unused method?

So overloading the method such as here works?

Yes to both questions :)

@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

84.2% 84.2% Coverage
0.0% 0.0% Duplication

SailReal
SailReal approved these changes Aug 19, 2021
View reviewed changes
Copy link
Member

@SailReal SailReal left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, tested on Android 7 and 11:

val out = applicationContext.openFileOutput("foo", Context.MODE_PRIVATE)

val orig = P384KeyPair.generate();
orig.store(out, "somePassword".toCharArray())

val in = applicationContext.openFileInput("foo")

val loaded = P384KeyPair.load(in, "somePassword".toCharArray())

=> orig.equals(loaded) == true

@overheadhunter overheadhunter added this to the 2.1.0 milestone Aug 19, 2021
@overheadhunter overheadhunter merged commit 4d888f1 into develop Aug 19, 2021
@overheadhunter overheadhunter deleted the feature/p384-utils branch August 19, 2021 09:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SailReal SailReal SailReal approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.1.0
Development

Successfully merging this pull request may close these issues.
2 participants
@overheadhunter @SailReal