android/shade-android-keystore/build.gradle.kts

plugins {
    id("com.android.library")
    kotlin("android")
}

// V4.10 — Android-specific KeystoreStorage adapter.
//
// Lives as a sibling module to `:shade-android` so the JVM-only
// protocol code can keep running in CI without an Android SDK.
// This module pulls in `:shade-android` for `StorageProvider`,
// `IdentityKeyPair`, etc., and binds those types to a hardware-
// backed Android Keystore master key with biometric gating.

android {
    namespace = "no.zyon.shade.keystore"
    compileSdk = 35

    defaultConfig {
        minSdk = 28 // BiometricPrompt + StrongBox baseline
    }

    compileOptions {
        sourceCompatibility = JavaVersion.VERSION_17
        targetCompatibility = JavaVersion.VERSION_17
    }

    kotlinOptions {
        jvmTarget = "17"
    }

    buildTypes {
        release {
            isMinifyEnabled = false
        }
    }

    testOptions {
        unitTests.isReturnDefaultValues = true
    }
}

dependencies {
    // Sibling: protocol types + StorageProvider interface.
    api(project(":shade-android"))

    // androidx.biometric — fragment-safe BiometricPrompt wrapper.
    // 1.2.0-alpha05 is the latest with stable BiometricPrompt API.
    implementation("androidx.biometric:biometric:1.2.0-alpha05")

    // androidx.fragment — BiometricPrompt requires FragmentActivity.
    implementation("androidx.fragment:fragment-ktx:1.8.5")

    // Coroutines for the suspend-function StorageProvider implementation.
    implementation("org.jetbrains.kotlinx:kotlinx-coroutines-core:1.9.0")
    implementation("org.jetbrains.kotlinx:kotlinx-coroutines-android:1.9.0")

    testImplementation("junit:junit:4.13.2")
    testImplementation("org.jetbrains.kotlinx:kotlinx-coroutines-test:1.9.0")
}
android: V4.9 + V4.10 Kotlin ports + KeystoreStorage adapter Pure-JVM additions to shade-android (no Android SDK needed): - V4.9 blob primitives: BlobKdf (HKDF deriveBlobSlotId/Key/SigningSeed), BlobAead (nonce\|\|ct\|\|tag with shade-profile-aad-v1:<slot> AAD), BlobClient (java.net.http with hand-written canonical JSON signing matching TS signPayload output), Profile high-level namespace. - V4.10 approval helpers: CanonicalProfileBlob schema with denormalized trustedApproverFingerprints, build/sign/verify proxy approvals via length-prefixed u16 BE UTF-8 canonical signing payload. - Password KDFs: scrypt + argon2id via Bouncy Castle, NFKC-normalized. - SessionStateJson at-rest serializer for persistence layer. Cross-platform vectors (test-vectors/blob.json, approval.json) gate byte-identical output between TS and Kotlin, including a TS-signed Ed25519 signature the Kotlin port verifies and reproduces (Ed25519 is deterministic). New shade-android-keystore sibling Gradle module (Android-specific): - KeystoreMasterKey: hardware-backed AES-256-GCM with BIOMETRIC_STRONG gating, StrongBox-backed when available, invalidated on enrollment. - BiometricUnlock: coroutine wrapper around BiometricPrompt with tagged cancellation/failure exceptions. - KeystoreStorage: StorageProvider over biometric-gated AES-encrypted SharedPreferences with AAD-bound row keys. All 25 SDK packages typecheck clean; 104 SDK tests + 24 new Kotlin tests + 11 cross-platform vector tests all green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-09 17:38:15 +02:00			`plugins {`
			`id("com.android.library")`
			`kotlin("android")`
			`}`

			`// V4.10 — Android-specific KeystoreStorage adapter.`
			`//`
			// Lives as a sibling module to `:shade-android` so the JVM-only
			`// protocol code can keep running in CI without an Android SDK.`
			// This module pulls in `:shade-android` for `StorageProvider`,
			// `IdentityKeyPair`, etc., and binds those types to a hardware-
			`// backed Android Keystore master key with biometric gating.`

			`android {`
			`namespace = "no.zyon.shade.keystore"`
			`compileSdk = 35`

			`defaultConfig {`
			`minSdk = 28 // BiometricPrompt + StrongBox baseline`
			`}`

			`compileOptions {`
			`sourceCompatibility = JavaVersion.VERSION_17`
			`targetCompatibility = JavaVersion.VERSION_17`
			`}`

			`kotlinOptions {`
			`jvmTarget = "17"`
			`}`

			`buildTypes {`
			`release {`
			`isMinifyEnabled = false`
			`}`
			`}`

			`testOptions {`
			`unitTests.isReturnDefaultValues = true`
			`}`
			`}`

			`dependencies {`
			`// Sibling: protocol types + StorageProvider interface.`
			`api(project(":shade-android"))`

			`// androidx.biometric — fragment-safe BiometricPrompt wrapper.`
			`// 1.2.0-alpha05 is the latest with stable BiometricPrompt API.`
			`implementation("androidx.biometric:biometric:1.2.0-alpha05")`

			`// androidx.fragment — BiometricPrompt requires FragmentActivity.`
			`implementation("androidx.fragment:fragment-ktx:1.8.5")`

			`// Coroutines for the suspend-function StorageProvider implementation.`
			`implementation("org.jetbrains.kotlinx:kotlinx-coroutines-core:1.9.0")`
			`implementation("org.jetbrains.kotlinx:kotlinx-coroutines-android:1.9.0")`

			`testImplementation("junit:junit:4.13.2")`
			`testImplementation("org.jetbrains.kotlinx:kotlinx-coroutines-test:1.9.0")`
			`}`