Sterister
188c3db56a
Pure-JVM additions to shade-android (no Android SDK needed): - V4.9 blob primitives: BlobKdf (HKDF deriveBlobSlotId/Key/SigningSeed), BlobAead (nonce||ct||tag with shade-profile-aad-v1:<slot> AAD), BlobClient (java.net.http with hand-written canonical JSON signing matching TS signPayload output), Profile high-level namespace. - V4.10 approval helpers: CanonicalProfileBlob schema with denormalized trustedApproverFingerprints, build/sign/verify proxy approvals via length-prefixed u16 BE UTF-8 canonical signing payload. - Password KDFs: scrypt + argon2id via Bouncy Castle, NFKC-normalized. - SessionStateJson at-rest serializer for persistence layer. Cross-platform vectors (test-vectors/blob.json, approval.json) gate byte-identical output between TS and Kotlin, including a TS-signed Ed25519 signature the Kotlin port verifies and reproduces (Ed25519 is deterministic). New shade-android-keystore sibling Gradle module (Android-specific): - KeystoreMasterKey: hardware-backed AES-256-GCM with BIOMETRIC_STRONG gating, StrongBox-backed when available, invalidated on enrollment. - BiometricUnlock: coroutine wrapper around BiometricPrompt with tagged cancellation/failure exceptions. - KeystoreStorage: StorageProvider over biometric-gated AES-encrypted SharedPreferences with AAD-bound row keys. All 25 SDK packages typecheck clean; 104 SDK tests + 24 new Kotlin tests + 11 cross-platform vector tests all green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
60 lines
1.7 KiB
Kotlin
60 lines
1.7 KiB
Kotlin
plugins {
|
|
id("com.android.library")
|
|
kotlin("android")
|
|
}
|
|
|
|
// V4.10 — Android-specific KeystoreStorage adapter.
|
|
//
|
|
// Lives as a sibling module to `:shade-android` so the JVM-only
|
|
// protocol code can keep running in CI without an Android SDK.
|
|
// This module pulls in `:shade-android` for `StorageProvider`,
|
|
// `IdentityKeyPair`, etc., and binds those types to a hardware-
|
|
// backed Android Keystore master key with biometric gating.
|
|
|
|
android {
|
|
namespace = "no.zyon.shade.keystore"
|
|
compileSdk = 35
|
|
|
|
defaultConfig {
|
|
minSdk = 28 // BiometricPrompt + StrongBox baseline
|
|
}
|
|
|
|
compileOptions {
|
|
sourceCompatibility = JavaVersion.VERSION_17
|
|
targetCompatibility = JavaVersion.VERSION_17
|
|
}
|
|
|
|
kotlinOptions {
|
|
jvmTarget = "17"
|
|
}
|
|
|
|
buildTypes {
|
|
release {
|
|
isMinifyEnabled = false
|
|
}
|
|
}
|
|
|
|
testOptions {
|
|
unitTests.isReturnDefaultValues = true
|
|
}
|
|
}
|
|
|
|
dependencies {
|
|
// Sibling: protocol types + StorageProvider interface.
|
|
api(project(":shade-android"))
|
|
|
|
// androidx.biometric — fragment-safe BiometricPrompt wrapper.
|
|
// 1.2.0-alpha05 is the latest with stable BiometricPrompt API.
|
|
implementation("androidx.biometric:biometric:1.2.0-alpha05")
|
|
|
|
// androidx.fragment — BiometricPrompt requires FragmentActivity.
|
|
implementation("androidx.fragment:fragment-ktx:1.8.5")
|
|
|
|
// Coroutines for the suspend-function StorageProvider implementation.
|
|
implementation("org.jetbrains.kotlinx:kotlinx-coroutines-core:1.9.0")
|
|
implementation("org.jetbrains.kotlinx:kotlinx-coroutines-android:1.9.0")
|
|
|
|
testImplementation("junit:junit:4.13.2")
|
|
testImplementation("org.jetbrains.kotlinx:kotlinx-coroutines-test:1.9.0")
|
|
}
|