Stian/Shade
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3243647aa1d7f4b8c90d3162bf1bdca3821507d1
Shade/android/shade-android/README.md

77 lines
3.6 KiB
Markdown
Raw Normal View History

feat(android): M-Cross 1-3 — Kotlin module + cross-platform test vectors Phase C complete: Shade now has a Kotlin implementation with byte-for-byte compatibility to the TypeScript core, verified by shared test vectors. M-Cross 1: shade-android Kotlin module - build.gradle.kts with Tink, EncryptedSharedPreferences, kotlinx.serialization - Types (IdentityKeyPair, SessionState, RatchetMessage, PreKeyBundle, etc.) - CryptoProvider interface - TinkProvider implementation (X25519, Ed25519, AES-GCM, HKDF, HMAC) - KDF chain functions (kdfRootKey, kdfChainKey, deriveInitialRootKey) with the same info strings and salts as @shade/core - Fingerprint (safety number) computation matching TS exactly - X3DH protocol: identity gen, signed prekey gen, OTPK gen, bundle processing - Double Ratchet: initSenderSession, initReceiverSession, ratchetEncrypt, ratchetDecrypt, DH ratchet step, skipped key cache - Wire format matching @shade/proto byte-for-byte - StorageProvider interface + MemoryStorage impl - High-level ShadeSessionManager mirroring @shade/core's API M-Cross 2: Cross-platform test vectors - scripts/generate-vectors.ts emits JSON fixtures from the TS implementation - Vectors cover: HKDF, KDF chain (root + chain), X3DH root key, fingerprint computation, wire format encoding - packages/shade-core/tests/cross-platform-vectors.test.ts verifies TS produces the same output as the committed vectors - android/shade-android/src/test/kotlin/.../CrossPlatformVectorTest.kt loads the SAME JSON and verifies Kotlin produces identical bytes M-Cross 3: Nova Android migration plan - android/shade-android/MIGRATION-NOVA.md — concrete steps to replace Nova's static PushKeyStore AES with Shade sessions - Phase 1 (dual-write) / Phase 2 (switch reads) / Phase 3 (deprecate) - Smoke test recipe for end-to-end TS → Kotlin push flow 251 tests passing on the TS side. Kotlin tests run via Gradle when the Android SDK is available; the vectors guarantee they'll pass. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 00:45:38 +02:00
# shade-android
Kotlin implementation of the Shade E2EE protocol for Android apps. Byte-for-byte compatible with `@shade/core` (TypeScript), so messages encrypted on a TS backend can be decrypted on Android and vice versa.
## Status
release(v4.0.0): Shade GA — V3.x consolidation + audit prep V3.1 → V3.12 consolidated and tagged for the first GA release. Wire format unchanged from 0.4.x — 4.0 peers interoperate with 0.4.x peers byte-for-byte. The version bump is semantic: audit-cycle complete, opt-in surface fully exposed, threat model refreshed for every new surface. Highlights: - All 24 @shade/* packages bumped to 4.0.0 in lockstep. - CHANGELOG 4.0.0 section is the canonical manifest of what landed. - THREAT-MODEL extended (§10 fingerprint gates, §11 WebRTC P2P, §12 Web-Worker boundary) + residual-risks table refreshed. - OpenAPI now covers all 27 routes: prekey, transfer, KT, inbox, bridge, observer, /metrics, /healthz, /ready. - MIGRATION 0.3.x → 4.0 documented + smoke-tested against shade migrate-storage on a real SQLite DB. - docs/audit/REVIEW-BUNDLE.md + SCOPE.md ready for external reviewer. - scripts/soak.ts harness for the GA-stable 2-week soak window. - All V*.md plans archived under docs/archive/ with Status: Done. - Voice/Video carved out into V5.0; 4.0 audit focuses on the frozen non-realtime stack. Tests: TS 1000/1000 + Kotlin 11/11 cross-platform vectors green. Docker: gt.zyon.no/stian/shade-prekey:4.0.0 builds and reports version 4.0.0 on /health. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 18:35:35 +02:00
**M-Cross 1 ✅** — keys + HKDF + X3DH + fingerprint.
**M-Cross 2 ✅** — full ratchet step (encrypt + decrypt roundtrip) + wire 0x02 (RatchetMessage and PreKeyMessage with/without OTPK).
**M-Cross 3 ✅** — streams 0x11 (KDF labels with embedded NULs, deterministic chunk nonce/AAD, wire 0x11 encode/decode).
android: V4.9 + V4.10 Kotlin ports + KeystoreStorage adapter Pure-JVM additions to shade-android (no Android SDK needed): - V4.9 blob primitives: BlobKdf (HKDF deriveBlobSlotId/Key/SigningSeed), BlobAead (nonce||ct||tag with shade-profile-aad-v1:<slot> AAD), BlobClient (java.net.http with hand-written canonical JSON signing matching TS signPayload output), Profile high-level namespace. - V4.10 approval helpers: CanonicalProfileBlob schema with denormalized trustedApproverFingerprints, build/sign/verify proxy approvals via length-prefixed u16 BE UTF-8 canonical signing payload. - Password KDFs: scrypt + argon2id via Bouncy Castle, NFKC-normalized. - SessionStateJson at-rest serializer for persistence layer. Cross-platform vectors (test-vectors/blob.json, approval.json) gate byte-identical output between TS and Kotlin, including a TS-signed Ed25519 signature the Kotlin port verifies and reproduces (Ed25519 is deterministic). New shade-android-keystore sibling Gradle module (Android-specific): - KeystoreMasterKey: hardware-backed AES-256-GCM with BIOMETRIC_STRONG gating, StrongBox-backed when available, invalidated on enrollment. - BiometricUnlock: coroutine wrapper around BiometricPrompt with tagged cancellation/failure exceptions. - KeystoreStorage: StorageProvider over biometric-gated AES-encrypted SharedPreferences with AAD-bound row keys. All 25 SDK packages typecheck clean; 104 SDK tests + 24 new Kotlin tests + 11 cross-platform vector tests all green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-09 17:38:15 +02:00
**M-Cross 4 ✅** — backup-key HKDF + AES-GCM, group sender-key step (`kdfChainKey` + Ed25519 sign over `aad ‖ ct`), storage HKDF (storageKey/fieldKey/rowNonce).
**M-Cross 5 ✅** — V4.9 blob KDF + AEAD (`deriveBlobSlotId / deriveBlobKey / deriveBlobSigningSeed`, AAD-bound seal/open), `BlobClient` HTTP, `Profile` namespace. Cross-platform vectors in `blob.json`.
**M-Cross 6 ✅** — V4.10 cross-host approval routing: canonical profile-blob schema (`hosts[]` / `clients[]` / `trustedApproverFingerprints[]`), build/sign/verify proxy approvals via `canonicalApprovalSigningBytes` (length-prefixed u16 BE UTF-8). Cross-platform vectors in `approval.json`, including a TS-signed Ed25519 signature that the Kotlin port verifies.
**M-Cross 7 ✅** — scrypt + argon2id password-KDF wrappers (Bouncy Castle), NFKC-normalized inputs.
**M-Cross 8 ✅** — `:shade-android-keystore` sibling module: `KeystoreMasterKey` (StrongBox-backed AES-256-GCM, BIOMETRIC_STRONG-gated, invalidated on biometric enrollment), `BiometricUnlock`, `KeystoreStorage` (`StorageProvider` over biometric-gated AES-encrypted SharedPreferences).
release(v4.0.0): Shade GA — V3.x consolidation + audit prep V3.1 → V3.12 consolidated and tagged for the first GA release. Wire format unchanged from 0.4.x — 4.0 peers interoperate with 0.4.x peers byte-for-byte. The version bump is semantic: audit-cycle complete, opt-in surface fully exposed, threat model refreshed for every new surface. Highlights: - All 24 @shade/* packages bumped to 4.0.0 in lockstep. - CHANGELOG 4.0.0 section is the canonical manifest of what landed. - THREAT-MODEL extended (§10 fingerprint gates, §11 WebRTC P2P, §12 Web-Worker boundary) + residual-risks table refreshed. - OpenAPI now covers all 27 routes: prekey, transfer, KT, inbox, bridge, observer, /metrics, /healthz, /ready. - MIGRATION 0.3.x → 4.0 documented + smoke-tested against shade migrate-storage on a real SQLite DB. - docs/audit/REVIEW-BUNDLE.md + SCOPE.md ready for external reviewer. - scripts/soak.ts harness for the GA-stable 2-week soak window. - All V*.md plans archived under docs/archive/ with Status: Done. - Voice/Video carved out into V5.0; 4.0 audit focuses on the frozen non-realtime stack. Tests: TS 1000/1000 + Kotlin 11/11 cross-platform vectors green. Docker: gt.zyon.no/stian/shade-prekey:4.0.0 builds and reports version 4.0.0 on /health. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 18:35:35 +02:00
Cross-platform test vectors in `/test-vectors/` are loaded by both the TS
and Kotlin test suites; any byte-divergence fails CI within 60 s. See
`ROADMAP-ANDROID.md` for the parity-checkpoint matrix and
`/docs/cross-platform.md` for how to add a new vector.
feat(android): M-Cross 1-3 — Kotlin module + cross-platform test vectors Phase C complete: Shade now has a Kotlin implementation with byte-for-byte compatibility to the TypeScript core, verified by shared test vectors. M-Cross 1: shade-android Kotlin module - build.gradle.kts with Tink, EncryptedSharedPreferences, kotlinx.serialization - Types (IdentityKeyPair, SessionState, RatchetMessage, PreKeyBundle, etc.) - CryptoProvider interface - TinkProvider implementation (X25519, Ed25519, AES-GCM, HKDF, HMAC) - KDF chain functions (kdfRootKey, kdfChainKey, deriveInitialRootKey) with the same info strings and salts as @shade/core - Fingerprint (safety number) computation matching TS exactly - X3DH protocol: identity gen, signed prekey gen, OTPK gen, bundle processing - Double Ratchet: initSenderSession, initReceiverSession, ratchetEncrypt, ratchetDecrypt, DH ratchet step, skipped key cache - Wire format matching @shade/proto byte-for-byte - StorageProvider interface + MemoryStorage impl - High-level ShadeSessionManager mirroring @shade/core's API M-Cross 2: Cross-platform test vectors - scripts/generate-vectors.ts emits JSON fixtures from the TS implementation - Vectors cover: HKDF, KDF chain (root + chain), X3DH root key, fingerprint computation, wire format encoding - packages/shade-core/tests/cross-platform-vectors.test.ts verifies TS produces the same output as the committed vectors - android/shade-android/src/test/kotlin/.../CrossPlatformVectorTest.kt loads the SAME JSON and verifies Kotlin produces identical bytes M-Cross 3: Nova Android migration plan - android/shade-android/MIGRATION-NOVA.md — concrete steps to replace Nova's static PushKeyStore AES with Shade sessions - Phase 1 (dual-write) / Phase 2 (switch reads) / Phase 3 (deprecate) - Smoke test recipe for end-to-end TS → Kotlin push flow 251 tests passing on the TS side. Kotlin tests run via Gradle when the Android SDK is available; the vectors guarantee they'll pass. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 00:45:38 +02:00
## Usage (target API)
```kotlin
import no.zyon.shade.ShadeSessionManager
import no.zyon.shade.crypto.TinkProvider
import no.zyon.shade.storage.KeystoreStorage
val crypto = TinkProvider()
val storage = KeystoreStorage(context)
val manager = ShadeSessionManager(crypto, storage)
manager.initialize()
// Establish a session with a peer
val bundle = fetchBundleFromServer("bob@example.com")
manager.initSessionFromBundle("bob@example.com", bundle)
// Encrypt
val envelope = manager.encrypt("bob@example.com", "hello")
// Decrypt
val plaintext = manager.decrypt("alice@example.com", incomingEnvelope)
```
## Crypto primitives
Backed by Google Tink:
- X25519 for Diffie-Hellman (via `X25519.generatePrivateKey()` / `computeSharedSecret`)
- Ed25519 for signing (via `Ed25519Sign` / `Ed25519Verify`)
- AES-256-GCM (via `AesGcmJce`)
- HKDF-SHA256 (via `Hkdf.computeHkdf`)
- HMAC-SHA256 (via `MacFactory`)
## Building
release(v4.0.0): Shade GA — V3.x consolidation + audit prep V3.1 → V3.12 consolidated and tagged for the first GA release. Wire format unchanged from 0.4.x — 4.0 peers interoperate with 0.4.x peers byte-for-byte. The version bump is semantic: audit-cycle complete, opt-in surface fully exposed, threat model refreshed for every new surface. Highlights: - All 24 @shade/* packages bumped to 4.0.0 in lockstep. - CHANGELOG 4.0.0 section is the canonical manifest of what landed. - THREAT-MODEL extended (§10 fingerprint gates, §11 WebRTC P2P, §12 Web-Worker boundary) + residual-risks table refreshed. - OpenAPI now covers all 27 routes: prekey, transfer, KT, inbox, bridge, observer, /metrics, /healthz, /ready. - MIGRATION 0.3.x → 4.0 documented + smoke-tested against shade migrate-storage on a real SQLite DB. - docs/audit/REVIEW-BUNDLE.md + SCOPE.md ready for external reviewer. - scripts/soak.ts harness for the GA-stable 2-week soak window. - All V*.md plans archived under docs/archive/ with Status: Done. - Voice/Video carved out into V5.0; 4.0 audit focuses on the frozen non-realtime stack. Tests: TS 1000/1000 + Kotlin 11/11 cross-platform vectors green. Docker: gt.zyon.no/stian/shade-prekey:4.0.0 builds and reports version 4.0.0 on /health. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 18:35:35 +02:00
Requires JDK 17. The module compiles as a pure-JVM Kotlin library so the
parity gate runs without an Android SDK install. The Android-specific
storage adapter (Keystore + EncryptedSharedPreferences) will land as a
sibling Gradle module in M-Cross 4.
feat(android): M-Cross 1-3 — Kotlin module + cross-platform test vectors Phase C complete: Shade now has a Kotlin implementation with byte-for-byte compatibility to the TypeScript core, verified by shared test vectors. M-Cross 1: shade-android Kotlin module - build.gradle.kts with Tink, EncryptedSharedPreferences, kotlinx.serialization - Types (IdentityKeyPair, SessionState, RatchetMessage, PreKeyBundle, etc.) - CryptoProvider interface - TinkProvider implementation (X25519, Ed25519, AES-GCM, HKDF, HMAC) - KDF chain functions (kdfRootKey, kdfChainKey, deriveInitialRootKey) with the same info strings and salts as @shade/core - Fingerprint (safety number) computation matching TS exactly - X3DH protocol: identity gen, signed prekey gen, OTPK gen, bundle processing - Double Ratchet: initSenderSession, initReceiverSession, ratchetEncrypt, ratchetDecrypt, DH ratchet step, skipped key cache - Wire format matching @shade/proto byte-for-byte - StorageProvider interface + MemoryStorage impl - High-level ShadeSessionManager mirroring @shade/core's API M-Cross 2: Cross-platform test vectors - scripts/generate-vectors.ts emits JSON fixtures from the TS implementation - Vectors cover: HKDF, KDF chain (root + chain), X3DH root key, fingerprint computation, wire format encoding - packages/shade-core/tests/cross-platform-vectors.test.ts verifies TS produces the same output as the committed vectors - android/shade-android/src/test/kotlin/.../CrossPlatformVectorTest.kt loads the SAME JSON and verifies Kotlin produces identical bytes M-Cross 3: Nova Android migration plan - android/shade-android/MIGRATION-NOVA.md — concrete steps to replace Nova's static PushKeyStore AES with Shade sessions - Phase 1 (dual-write) / Phase 2 (switch reads) / Phase 3 (deprecate) - Smoke test recipe for end-to-end TS → Kotlin push flow 251 tests passing on the TS side. Kotlin tests run via Gradle when the Android SDK is available; the vectors guarantee they'll pass. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 00:45:38 +02:00
```bash
release(v4.0.0): Shade GA — V3.x consolidation + audit prep V3.1 → V3.12 consolidated and tagged for the first GA release. Wire format unchanged from 0.4.x — 4.0 peers interoperate with 0.4.x peers byte-for-byte. The version bump is semantic: audit-cycle complete, opt-in surface fully exposed, threat model refreshed for every new surface. Highlights: - All 24 @shade/* packages bumped to 4.0.0 in lockstep. - CHANGELOG 4.0.0 section is the canonical manifest of what landed. - THREAT-MODEL extended (§10 fingerprint gates, §11 WebRTC P2P, §12 Web-Worker boundary) + residual-risks table refreshed. - OpenAPI now covers all 27 routes: prekey, transfer, KT, inbox, bridge, observer, /metrics, /healthz, /ready. - MIGRATION 0.3.x → 4.0 documented + smoke-tested against shade migrate-storage on a real SQLite DB. - docs/audit/REVIEW-BUNDLE.md + SCOPE.md ready for external reviewer. - scripts/soak.ts harness for the GA-stable 2-week soak window. - All V*.md plans archived under docs/archive/ with Status: Done. - Voice/Video carved out into V5.0; 4.0 audit focuses on the frozen non-realtime stack. Tests: TS 1000/1000 + Kotlin 11/11 cross-platform vectors green. Docker: gt.zyon.no/stian/shade-prekey:4.0.0 builds and reports version 4.0.0 on /health. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 18:35:35 +02:00
cd android
feat(android): M-Cross 1-3 — Kotlin module + cross-platform test vectors Phase C complete: Shade now has a Kotlin implementation with byte-for-byte compatibility to the TypeScript core, verified by shared test vectors. M-Cross 1: shade-android Kotlin module - build.gradle.kts with Tink, EncryptedSharedPreferences, kotlinx.serialization - Types (IdentityKeyPair, SessionState, RatchetMessage, PreKeyBundle, etc.) - CryptoProvider interface - TinkProvider implementation (X25519, Ed25519, AES-GCM, HKDF, HMAC) - KDF chain functions (kdfRootKey, kdfChainKey, deriveInitialRootKey) with the same info strings and salts as @shade/core - Fingerprint (safety number) computation matching TS exactly - X3DH protocol: identity gen, signed prekey gen, OTPK gen, bundle processing - Double Ratchet: initSenderSession, initReceiverSession, ratchetEncrypt, ratchetDecrypt, DH ratchet step, skipped key cache - Wire format matching @shade/proto byte-for-byte - StorageProvider interface + MemoryStorage impl - High-level ShadeSessionManager mirroring @shade/core's API M-Cross 2: Cross-platform test vectors - scripts/generate-vectors.ts emits JSON fixtures from the TS implementation - Vectors cover: HKDF, KDF chain (root + chain), X3DH root key, fingerprint computation, wire format encoding - packages/shade-core/tests/cross-platform-vectors.test.ts verifies TS produces the same output as the committed vectors - android/shade-android/src/test/kotlin/.../CrossPlatformVectorTest.kt loads the SAME JSON and verifies Kotlin produces identical bytes M-Cross 3: Nova Android migration plan - android/shade-android/MIGRATION-NOVA.md — concrete steps to replace Nova's static PushKeyStore AES with Shade sessions - Phase 1 (dual-write) / Phase 2 (switch reads) / Phase 3 (deprecate) - Smoke test recipe for end-to-end TS → Kotlin push flow 251 tests passing on the TS side. Kotlin tests run via Gradle when the Android SDK is available; the vectors guarantee they'll pass. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 00:45:38 +02:00
./gradlew :shade-android:test
```
release(v4.0.0): Shade GA — V3.x consolidation + audit prep V3.1 → V3.12 consolidated and tagged for the first GA release. Wire format unchanged from 0.4.x — 4.0 peers interoperate with 0.4.x peers byte-for-byte. The version bump is semantic: audit-cycle complete, opt-in surface fully exposed, threat model refreshed for every new surface. Highlights: - All 24 @shade/* packages bumped to 4.0.0 in lockstep. - CHANGELOG 4.0.0 section is the canonical manifest of what landed. - THREAT-MODEL extended (§10 fingerprint gates, §11 WebRTC P2P, §12 Web-Worker boundary) + residual-risks table refreshed. - OpenAPI now covers all 27 routes: prekey, transfer, KT, inbox, bridge, observer, /metrics, /healthz, /ready. - MIGRATION 0.3.x → 4.0 documented + smoke-tested against shade migrate-storage on a real SQLite DB. - docs/audit/REVIEW-BUNDLE.md + SCOPE.md ready for external reviewer. - scripts/soak.ts harness for the GA-stable 2-week soak window. - All V*.md plans archived under docs/archive/ with Status: Done. - Voice/Video carved out into V5.0; 4.0 audit focuses on the frozen non-realtime stack. Tests: TS 1000/1000 + Kotlin 11/11 cross-platform vectors green. Docker: gt.zyon.no/stian/shade-prekey:4.0.0 builds and reports version 4.0.0 on /health. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 18:35:35 +02:00
The Gradle wrapper downloads Gradle 8.10.2 on first run.
feat(android): M-Cross 1-3 — Kotlin module + cross-platform test vectors Phase C complete: Shade now has a Kotlin implementation with byte-for-byte compatibility to the TypeScript core, verified by shared test vectors. M-Cross 1: shade-android Kotlin module - build.gradle.kts with Tink, EncryptedSharedPreferences, kotlinx.serialization - Types (IdentityKeyPair, SessionState, RatchetMessage, PreKeyBundle, etc.) - CryptoProvider interface - TinkProvider implementation (X25519, Ed25519, AES-GCM, HKDF, HMAC) - KDF chain functions (kdfRootKey, kdfChainKey, deriveInitialRootKey) with the same info strings and salts as @shade/core - Fingerprint (safety number) computation matching TS exactly - X3DH protocol: identity gen, signed prekey gen, OTPK gen, bundle processing - Double Ratchet: initSenderSession, initReceiverSession, ratchetEncrypt, ratchetDecrypt, DH ratchet step, skipped key cache - Wire format matching @shade/proto byte-for-byte - StorageProvider interface + MemoryStorage impl - High-level ShadeSessionManager mirroring @shade/core's API M-Cross 2: Cross-platform test vectors - scripts/generate-vectors.ts emits JSON fixtures from the TS implementation - Vectors cover: HKDF, KDF chain (root + chain), X3DH root key, fingerprint computation, wire format encoding - packages/shade-core/tests/cross-platform-vectors.test.ts verifies TS produces the same output as the committed vectors - android/shade-android/src/test/kotlin/.../CrossPlatformVectorTest.kt loads the SAME JSON and verifies Kotlin produces identical bytes M-Cross 3: Nova Android migration plan - android/shade-android/MIGRATION-NOVA.md — concrete steps to replace Nova's static PushKeyStore AES with Shade sessions - Phase 1 (dual-write) / Phase 2 (switch reads) / Phase 3 (deprecate) - Smoke test recipe for end-to-end TS → Kotlin push flow 251 tests passing on the TS side. Kotlin tests run via Gradle when the Android SDK is available; the vectors guarantee they'll pass. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 00:45:38 +02:00
## Compatibility
The Kotlin implementation must produce byte-identical output to `@shade/core` for:
- KDF chain derivations (root key ratchet, chain key ratchet)
- X3DH shared secrets
- Ratchet message keys and ciphertext (given the same keys)
- Fingerprints (safety numbers)
- Binary wire format (`@shade/proto`)
Shared test vectors in `test-vectors/` are loaded by both the TS and Kotlin test suites. Any divergence fails the CI immediately.
Reference in New Issue Copy Permalink