Skip to content

Add KeyStoreBackedSecretKeyProvider, Fixes AB#3274176 #2674

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 64 commits into from
Sep 26, 2025
Merged

Add KeyStoreBackedSecretKeyProvider, Fixes AB#3274176 #2674

merged 64 commits into from
Sep 26, 2025

Conversation

@p3dr0rv
Copy link
Contributor

@p3dr0rv p3dr0rv commented Jun 16, 2025
edited
Loading

Summary

This PR has two main goals: to seamlessly update the encryption padding used in the Android KeyStore, and to lay the groundwork for integrating future cryptographic requirements with minimal changes.

Phase 1: Replace AndroidWrappedKeyProvider with KeyStoreBackedSecretKeyProvider

  • Controller Flag: ENABLE_KEYSTORE_BACKED_SECRET_KEY_PROVIDER

  • Behavior When Enabled:

    • The factory will return KeyStoreBackedSecretKeyProvider instead of AndroidWrappedKeyProvider.
    • The new class behaves similarly to the previous one but introduces the ability to:
      • Retrieve the paddings supported by the KeyStore KeyPair
    • Maintain a list of available ciphers (oaepCipherSpec and pkcs1CipherSpec)
    • Select a compatible cipher for encryption/decryption based on what the KeyPair supports.
      • In this case, if the KeyPair only supports PKCS1, then all keys will be encrypted and decrypted using PKCS1.

  • Goal:

    • Validate that the new provider functions equivalently to the existing one.

    Note: No encryption changes are introduced in this phase.

Tests

  • AndroidWrappedKeyProviderTest has been parameterized to confirm both providers behave identically.
  • KeyStoreBackedSecretKeyProviderRolloutTest.java includes test to validate migration and rollback

Phase 2: Enable New Wrapped Secret Key Format with Metadata Support

Before introducing new key types, we need to ensure that all new keys include additional metadata that specifies how they were encrypted.

  • Controller Flag: ENABLE_NEW_WRAPPED_SECRET_KEY_FORMAT

  • Behavior When Enabled:

    • WrappedSecretKey will use an enhanced binary format with the following structure:
      • MAGIC BYTES (4 bytes)
      • SERIALIZER ID (4bytes)
      • Metadata length (4 bytes)
      • Metadata (format is decided by the serializer)
      • Raw encrypted key bytes

  • Goal:

    • Future-proof the wrapped key by including metadata that specifies:
      • Key size
      • Algorithm
      • Transformation used for encryption
      • Key version
    • This allows the system to handle multiple key types if formats change in the future.
    • Validate WrappedSecretKey can read both new and old keys.

Tests

  • WrappedSecretKeyTest

Phase 3: Add OAEP encryption padding.

  • Controller Flag: ENABLE_OAEP_WITH_SHA_AND_MGF1_PADDING

  • Behavior When Enabled:

    • CryptoParameterSpecFactory will now return two paddings: ENCRYPTION_PADDING_RSA_PKCS1 and ENCRYPTION_PADDING_RSA_OAEP for the KeyGen specifications.
    • KeyStoreBackedSecretKeyProvider will generate a KeyPair that supports ENCRYPTION_PADDING_RSA_OAEP.
    • As a result, when a SecretKey needs to be wrapped, the provider will select OAEP, since the KeyPair now supports this padding and OAEP cipher support was already introduced in Phase 1.

  • Goal:

    • All new keys will be encrypted /decrypted with OAEP
    • Existing keys will still be encrypted /decrypted with PKCS1

Tests

  • KeyStoreBackedSecretKeyProviderRolloutTest.java includes test to validate migration and rollback

Telemetry

span_name key_pair_gen_successful_method elapsed_time_keypair_generation secret_key_wrapping_cipher secret_key_wrapping_operation
SecretKeyWrapping null CipherSpec(transformation='RSA/ECB/PKCS1Padding') KeyStoreBackedSecretKeyProvider:unwrapSecretKey
KeyPairGeneration KeyGenSpec(description='modern_spec_with_wrap_key', algorithm='RSA', encryptionPaddings='[PKCS1Padding]') 581
KeyPairGeneration KeyGenSpec(description='modern_spec_with_wrap_key', algorithm='RSA', encryptionPaddings='[PKCS1Padding]') 294

AB#3274176
https://github.com/AzureAD/ad-accounts-for-android/pull/3166

Base automatically changed from pedroro/interface-for-secretkeyloader to dev July 4, 2025 05:16
@github-actions
Copy link

github-actions bot commented Jul 7, 2025

❌ Work item link check failed. Description does not contain AB#{ID}.

Click here to Learn more.

p3dr0rv added 14 commits July 7, 2025 12:48
@p3dr0rv
fixing merge errors
1961dd7
@p3dr0rv
Enhance AndroidWrappedKeyProvider and CipherSpec with additional cons…
6e9717d 
…tants and documentation; refine StorageEncryptionManager logic; clean up PredefinedKeyProvider and MockAES256KeyProvider imports.
@p3dr0rv
Refactor AndroidKeyStoreRsaKekManager for improved key management; re…
15382fa 
…move CipherSpec and KeyGenSpec classes; enhance CryptoParameterSpecFactory with updated parameter specifications.
@p3dr0rv
Refactor key management in AndroidKeyStoreRsaKekManager and related c…
ca22c2a 
…lasses; update unwrapping logic, enhance cipher specifications, and improve key retrieval methods.
@p3dr0rv
feat: Implement AndroidWrappedKeyProviderFactory and OAEPAndroidWrapp…
404e23f 
…edKeyProvider

- Added AndroidWrappedKeyProviderFactory to create wrapped key loaders based on feature flags.
- Introduced OAEPAndroidWrappedKeyProvider for handling key wrapping and unwrapping using OAEP padding.
- Updated CryptoParameterSpecFactory to support new key generation specifications and improved documentation.
- Refactored CryptoSpecs to enhance clarity and maintainability.
- Removed deprecated methods from AndroidKeyStoreUtil to streamline key management.
- Enhanced unit tests for CryptoParameterSpecFactory to cover new functionality and edge cases.
- Cleaned up FileUtil by removing unused methods related to string file operations.
@p3dr0rv
phasex
8e62a7b
@p3dr0rv
phase2
f630ace
@p3dr0rv
remove rsamanager
1ab72c9
@p3dr0rv
feat: Add CipherSpec and KeyGenSpec classes for cryptographic operati…
fb0fcf9 
…ons; refactor NewAndroidWrappedKeyProvider to utilize new specs and remove legacy key generation methods.
@p3dr0rv
feat: Replace NewAndroidWrappedKeyProvider with KeyStoreBackedSecretK…
a80d4a6 
…eyProvider in tests; add KeyStoreBackedSecretKeyProvider and factory for key management.
@p3dr0rv
feat: Refactor cryptographic key handling and enhance logging
db44184 
- Introduced `KeyStoreBackedSecretKeyProvider` to replace the legacy `AndroidWrappedKeyProvider`, improving security with enhanced encryption paddings.
- Updated `CryptoParameterSpecFactory` to include detailed initialization logging and improved cipher specification handling.
- Refactored `KeyGenSpec` and `LegacyKeyGenSpec` for better clarity and added documentation.
- Enhanced `AndroidKeyStoreUtil` to provide clearer methods for retrieving encryption paddings from key pairs.
- Updated tests to reflect changes in method names and ensure compatibility with the new key provider.
- Added telemetry attributes for secret key wrapping operations to improve observability.
- Modified feature flags to control the use of the new key provider implementation.
@p3dr0rv
Merge branch 'dev' into pedroro/prototype
cd419eb
@p3dr0rv
feat: Update CryptoParameterSpecFactory with lazy initialization and …
6cf8039 
…add Kotlin test cases
@p3dr0rv
feat: Update AndroidKeyStoreUtilTest to handle null parameters in wra…
41390b8 
…p and unwrap methods
@p3dr0rv
Merge branch 'pedroro/prototype' of https://github.com/AzureAD/micros…
43701a9 
…oft-authentication-library-common-for-android into pedroro/prototype
@p3dr0rv
feat: Introduce WrappedSecretKey serialization with legacy and new fo…
6c2d198 
…rmats

- Added WrappedSecretKeyLegacySerializer for backward compatibility with legacy key formats.
- Implemented WrappedSecretKeySerializerManager to manage serialization formats and version detection.
- Updated WrappedSecretKeyTest to cover serialization and deserialization for both legacy and new formats.
- Enhanced version detection logic to handle different serialization formats.
- Modified CommonFlight to control the WrappedSecretKey serializer version instead of a simple enable/disable flag.
@p3dr0rv
Merge branch 'dev' into pedroro/prototype
0816f74
@p3dr0rv
refactor: Update exception handling in WrappedSecretKey tests and add…
4ec9e27 
… logging in serializer manager
@p3dr0rv
Copy link
Contributor Author

p3dr0rv commented Sep 4, 2025

Is there any reason why Phase 2 and phase 3 should not be done together?

There’s no limitation in the code; I chose this approach so that in case of a rollback, it’s easier to move from one state to another. It also provides more granularity in the release, allowing us to ensure that each step of the new changes works as expected.

mohitc1
mohitc1 approved these changes Sep 25, 2025
View reviewed changes
Copy link
Contributor

@mohitc1 mohitc1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@p3dr0rv p3dr0rv merged commit 3f151f1 into dev Sep 26, 2025
24 of 25 checks passed
@p3dr0rv p3dr0rv deleted the pedroro/prototype branch September 26, 2025 18:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mohitc1 mohitc1 mohitc1 approved these changes

@somalaya somalaya somalaya approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@p3dr0rv @somalaya @mohitc1