Quick and dirty hardware key import

Author: tadfisher

app/src/main/java/app/passwordstore/ui/pgp/PGPKeyImportActivity.kt

@@ -7,20 +7,26 @@
 package app.passwordstore.ui.pgp
 
 import android.os.Bundle
+import androidx.activity.ComponentActivity
 import androidx.activity.result.contract.ActivityResultContracts.OpenDocument
 import androidx.appcompat.app.AppCompatActivity
+import androidx.lifecycle.lifecycleScope
 import app.passwordstore.R
+import app.passwordstore.crypto.HWSecurityDeviceHandler
 import app.passwordstore.crypto.KeyUtils.tryGetId
 import app.passwordstore.crypto.PGPKey
 import app.passwordstore.crypto.PGPKeyManager
 import app.passwordstore.crypto.errors.KeyAlreadyExistsException
+import app.passwordstore.crypto.errors.NoSecretKeyException
 import com.github.michaelbull.result.Err
 import com.github.michaelbull.result.Ok
 import com.github.michaelbull.result.Result
+import com.github.michaelbull.result.getOrThrow
 import com.github.michaelbull.result.runCatching
 import com.google.android.material.dialog.MaterialAlertDialogBuilder
 import dagger.hilt.android.AndroidEntryPoint
 import javax.inject.Inject
+import kotlinx.coroutines.launch
 import kotlinx.coroutines.runBlocking
 
 @AndroidEntryPoint
@@ -32,9 +38,10 @@ class PGPKeyImportActivity : AppCompatActivity() {
    */
   private var lastBytes: ByteArray? = null
   @Inject lateinit var keyManager: PGPKeyManager
+  @Inject lateinit var deviceHandler: HWSecurityDeviceHandler
 
   private val pgpKeyImportAction =
-    registerForActivityResult(OpenDocument()) { uri ->
+    (this as ComponentActivity).registerForActivityResult(OpenDocument()) { uri ->
       runCatching {
           if (uri == null) {
             return@runCatching null
@@ -50,6 +57,7 @@ class PGPKeyImportActivity : AppCompatActivity() {
 
   override fun onCreate(savedInstanceState: Bundle?) {
     super.onCreate(savedInstanceState)
+
     pgpKeyImportAction.launch(arrayOf("*/*"))
   }
 
@@ -68,6 +76,17 @@ class PGPKeyImportActivity : AppCompatActivity() {
     return key
   }
 
+  private fun pairDevice(bytes: ByteArray) {
+    lifecycleScope.launch {
+      val result =
+        keyManager.addKey(
+          deviceHandler.pairWithPublicKey(PGPKey(bytes)).getOrThrow(),
+          replace = true
+        )
+      handleImportResult(result)
+    }
+  }
+
   private fun handleImportResult(result: Result<PGPKey?, Throwable>) {
     when (result) {
       is Ok<PGPKey?> -> {
@@ -89,26 +108,34 @@ class PGPKeyImportActivity : AppCompatActivity() {
           .setCancelable(false)
           .show()
       }
-      is Err<Throwable> -> {
-        if (result.error is KeyAlreadyExistsException && lastBytes != null) {
-          MaterialAlertDialogBuilder(this)
-            .setTitle(getString(R.string.pgp_key_import_failed))
-            .setMessage(getString(R.string.pgp_key_import_failed_replace_message))
-            .setPositiveButton(R.string.dialog_yes) { _, _ ->
-              handleImportResult(runCatching { importKey(lastBytes!!, replace = true) })
-            }
-            .setNegativeButton(R.string.dialog_no) { _, _ -> finish() }
-            .setCancelable(false)
-            .show()
-        } else {
-          MaterialAlertDialogBuilder(this)
-            .setTitle(getString(R.string.pgp_key_import_failed))
-            .setMessage(result.error.message)
-            .setPositiveButton(android.R.string.ok) { _, _ -> finish() }
-            .setCancelable(false)
-            .show()
+      is Err<Throwable> ->
+        when {
+          result.error is KeyAlreadyExistsException && lastBytes != null ->
+            MaterialAlertDialogBuilder(this)
+              .setTitle(getString(R.string.pgp_key_import_failed))
+              .setMessage(getString(R.string.pgp_key_import_failed_replace_message))
+              .setPositiveButton(R.string.dialog_yes) { _, _ ->
+                handleImportResult(runCatching { importKey(lastBytes!!, replace = true) })
+              }
+              .setNegativeButton(R.string.dialog_no) { _, _ -> finish() }
+              .setCancelable(false)
+              .show()
+          result.error is NoSecretKeyException && lastBytes != null ->
+            MaterialAlertDialogBuilder(this)
+              .setTitle(R.string.pgp_key_import_failed_no_secret)
+              .setMessage(R.string.pgp_key_import_failed_no_secret_message)
+              .setPositiveButton(R.string.dialog_yes) { _, _ -> pairDevice(lastBytes!!) }
+              .setNegativeButton(R.string.dialog_no) { _, _ -> finish() }
+              .setCancelable(false)
+              .show()
+          else ->
+            MaterialAlertDialogBuilder(this)
+              .setTitle(getString(R.string.pgp_key_import_failed))
+              .setMessage(result.error.message + "\n" + result.error.stackTraceToString())
+              .setPositiveButton(android.R.string.ok) { _, _ -> finish() }
+              .setCancelable(false)
+              .show()
         }
-      }
     }
   }
 }

app/src/main/res/values/strings.xml

@@ -334,6 +334,7 @@
   <string name="select_gpg_key_title">Select\nGPG Key</string>
   <string name="select_gpg_key_message">Select a GPG key to initialize your store with</string>
   <string name="gpg_key_select">Select key</string>
+  <string name="pair_hardware_key">Pair hardware key</string>
 
   <!-- SSH port validation -->
   <string name="ssh_scheme_needed_title">Potentially incorrect URL</string>
@@ -360,6 +361,8 @@
   <string name="password_list_fab_content_description">Create new password or folder</string>
   <string name="pgp_key_import_failed">Failed to import PGP key</string>
   <string name="pgp_key_import_failed_replace_message">An existing key with this ID was found, do you want to replace it?</string>
+  <string name="pgp_key_import_failed_no_secret">No secret PGP key</string>
+  <string name="pgp_key_import_failed_no_secret_message">This is a public key. Would you like to pair a hardware security device?</string>
   <string name="pgp_key_import_succeeded">Successfully imported PGP key</string>
   <string name="pgp_key_import_succeeded_message">The key ID of the imported key is given below, please review it for correctness:\n%1$s</string>
   <string name="pref_category_pgp_title">PGP settings</string>

crypto-pgpainless/src/main/kotlin/app/passwordstore/crypto/KeyUtils.kt

@@ -9,7 +9,15 @@ import app.passwordstore.crypto.GpgIdentifier.KeyId
 import app.passwordstore.crypto.GpgIdentifier.UserId
 import com.github.michaelbull.result.get
 import com.github.michaelbull.result.runCatching
+import java.io.ByteArrayOutputStream
+import org.bouncycastle.bcpg.GnuExtendedS2K
+import org.bouncycastle.bcpg.S2K
+import org.bouncycastle.bcpg.SecretKeyPacket
+import org.bouncycastle.bcpg.SecretSubkeyPacket
+import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags
 import org.bouncycastle.openpgp.PGPKeyRing
+import org.bouncycastle.openpgp.PGPPublicKey
+import org.bouncycastle.openpgp.PGPPublicKeyRing
 import org.bouncycastle.openpgp.PGPSecretKey
 import org.bouncycastle.openpgp.PGPSecretKeyRing
 import org.pgpainless.algorithm.EncryptionPurpose
@@ -37,6 +45,28 @@ public object KeyUtils {
     val keyRing = tryParseKeyring(key) ?: return null
     return UserId(keyRing.publicKey.userIDs.next())
   }
+
+  public fun tryCreateStubKey(
+    publicKey: PGPKey,
+    serial: ByteArray,
+    stubFingerprints: List<OpenPgpFingerprint>
+  ): PGPKey? {
+    val keyRing = tryParseKeyring(publicKey) as? PGPPublicKeyRing ?: return null
+    val secretKeyRing =
+      keyRing.fold(PGPSecretKeyRing(emptyList())) { ring, key ->
+        PGPSecretKeyRing.insertSecretKey(
+          ring,
+          if (stubFingerprints.any { it == OpenPgpFingerprint.parseFromBinary(key.fingerprint) }) {
+            toCardSecretKey(key, serial)
+          } else {
+            toDummySecretKey(key)
+          }
+        )
+      }
+
+    return PGPKey(secretKeyRing.encoded)
+  }
+
   public fun tryGetEncryptionKeyFingerprint(key: PGPKey): OpenPgpFingerprint? {
     val keyRing = tryParseKeyring(key) ?: return null
     val encryptionSubkey =
@@ -59,3 +89,63 @@ public object KeyUtils {
     return info.getSecretKey(encryptionKey.keyID)
   }
 }
+
+private fun toDummySecretKey(publicKey: PGPPublicKey): PGPSecretKey {
+
+  return PGPSecretKey(
+    if (publicKey.isMasterKey) {
+      SecretKeyPacket(
+        publicKey.publicKeyPacket,
+        SymmetricKeyAlgorithmTags.NULL,
+        SecretKeyPacket.USAGE_CHECKSUM,
+        GnuExtendedS2K(S2K.GNU_PROTECTION_MODE_NO_PRIVATE_KEY),
+        byteArrayOf(),
+        byteArrayOf()
+      )
+    } else {
+      SecretSubkeyPacket(
+        publicKey.publicKeyPacket,
+        SymmetricKeyAlgorithmTags.NULL,
+        SecretKeyPacket.USAGE_CHECKSUM,
+        GnuExtendedS2K(S2K.GNU_PROTECTION_MODE_NO_PRIVATE_KEY),
+        byteArrayOf(),
+        byteArrayOf()
+      )
+    },
+    publicKey
+  )
+}
+
+@Suppress("MagicNumber")
+private fun toCardSecretKey(publicKey: PGPPublicKey, serial: ByteArray): PGPSecretKey {
+  return PGPSecretKey(
+    if (publicKey.isMasterKey) {
+      SecretKeyPacket(
+        publicKey.publicKeyPacket,
+        SymmetricKeyAlgorithmTags.NULL,
+        SecretKeyPacket.USAGE_CHECKSUM,
+        GnuExtendedS2K(S2K.GNU_PROTECTION_MODE_DIVERT_TO_CARD),
+        ByteArray(8),
+        encodeSerial(serial),
+      )
+    } else {
+      SecretSubkeyPacket(
+        publicKey.publicKeyPacket,
+        SymmetricKeyAlgorithmTags.NULL,
+        SecretKeyPacket.USAGE_CHECKSUM,
+        GnuExtendedS2K(S2K.GNU_PROTECTION_MODE_DIVERT_TO_CARD),
+        ByteArray(8),
+        encodeSerial(serial),
+      )
+    },
+    publicKey
+  )
+}
+
+@Suppress("MagicNumber")
+private fun encodeSerial(serial: ByteArray): ByteArray {
+  val out = ByteArrayOutputStream()
+  out.write(serial.size)
+  out.write(serial, 0, minOf(16, serial.size))
+  return out.toByteArray()
+}

crypto-pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPKeyManager.kt

@@ -9,12 +9,12 @@ package app.passwordstore.crypto
 import androidx.annotation.VisibleForTesting
 import app.passwordstore.crypto.KeyUtils.tryGetId
 import app.passwordstore.crypto.KeyUtils.tryParseKeyring
-import app.passwordstore.crypto.errors.InvalidKeyException
 import app.passwordstore.crypto.errors.KeyAlreadyExistsException
 import app.passwordstore.crypto.errors.KeyDeletionFailedException
 import app.passwordstore.crypto.errors.KeyDirectoryUnavailableException
 import app.passwordstore.crypto.errors.KeyNotFoundException
 import app.passwordstore.crypto.errors.NoKeysAvailableException
+import app.passwordstore.crypto.errors.NoSecretKeyException
 import app.passwordstore.util.coroutines.runSuspendCatching
 import com.github.michaelbull.result.Result
 import com.github.michaelbull.result.unwrap
@@ -40,12 +40,16 @@ constructor(
     withContext(dispatcher) {
       runSuspendCatching {
         if (!keyDirExists()) throw KeyDirectoryUnavailableException
-        val incomingKeyRing = tryParseKeyring(key) ?: throw InvalidKeyException
+        val incomingKeyRing = tryParseKeyring(key)
+
+        if (incomingKeyRing is PGPPublicKeyRing) {
+          throw NoSecretKeyException(tryGetId(key)?.toString() ?: "Failed to retrieve key ID")
+        }
+
         val keyFile = File(keyDir, "${tryGetId(key)}.$KEY_EXTENSION")
         if (keyFile.exists()) {
           val existingKeyBytes = keyFile.readBytes()
-          val existingKeyRing =
-            tryParseKeyring(PGPKey(existingKeyBytes)) ?: throw InvalidKeyException
+          val existingKeyRing = tryParseKeyring(PGPKey(existingKeyBytes))
           when {
             existingKeyRing is PGPPublicKeyRing && incomingKeyRing is PGPSecretKeyRing -> {
               keyFile.writeBytes(key.contents)

crypto-pgpainless/src/main/kotlin/org/bouncycastle/bcpg/GnuExtendedS2K.kt

@@ -0,0 +1,16 @@
+package org.bouncycastle.bcpg
+
+/**
+ * Add a constructor for GNU-extended S2K
+ *
+ * This extension is documented on GnuPG documentation DETAILS file, section "GNU extensions to the
+ * S2K algorithm". Its support is already present in S2K class but lack for a constructor.
+ *
+ * @author Léonard Dallot <leonard.dallot@taztag.com>
+ */
+public class GnuExtendedS2K(mode: Int) : S2K(SIMPLE) {
+  init {
+    this.type = GNU_DUMMY_S2K
+    this.protectionMode = mode
+  }
+}