johan
/
clawdnode-android
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix device identity: switch from ECDSA to Ed25519 

- Add net.i2p.crypto:eddsa library for pure-Java Ed25519
- Rewrite DeviceIdentity to use Ed25519 (matches gateway protocol)
- Keys stored in EncryptedSharedPreferences instead of Android Keystore
- Public key format: 32 bytes raw, base64url-encoded
- Device ID: SHA-256 hash of raw public key
- Improved error handling in GatewayClient challenge flow
This commit is contained in:
James (ClawdBot) 2026-01-28 18:42:31 +00:00
parent 0c3e45f0de
commit 95a360354c
3 changed files with 138 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/build.gradle.kts
View File

@ -54,6 +54,9 @@ dependencies {
// Security - encrypted storage // Security - encrypted storage
implementation("androidx.security:security-crypto:1.1.0-alpha06") implementation("androidx.security:security-crypto:1.1.0-alpha06")
// Ed25519 signatures (pure Java, works on all Android versions)
implementation("net.i2p.crypto:eddsa:0.3.0")
// Networking - WebSocket // Networking - WebSocket
implementation("com.squareup.okhttp3:okhttp:4.12.0") implementation("com.squareup.okhttp3:okhttp:4.12.0")

159
app/src/main/java/com/inou/clawdnode/security/DeviceIdentity.kt
View File

@ -1,52 +1,81 @@
package com.inou.clawdnode.security package com.inou.clawdnode.security
import android.content.Context import android.content.Context
import android.security.keystore.KeyGenParameterSpec
import android.security.keystore.KeyProperties
import android.util.Base64 import android.util.Base64
import android.util.Log import android.util.Log
import java.security.* import androidx.security.crypto.EncryptedSharedPreferences
import java.security.spec.ECGenParameterSpec import androidx.security.crypto.MasterKey
import net.i2p.crypto.eddsa.EdDSAEngine
import net.i2p.crypto.eddsa.EdDSAPrivateKey
import net.i2p.crypto.eddsa.EdDSAPublicKey
import net.i2p.crypto.eddsa.KeyPairGenerator
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable
import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec
import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec
import java.security.MessageDigest
import java.security.SecureRandom
/** /**
* Manages device identity using Android Keystore. * Manages device identity using Ed25519 keys.
* *
* Generates and stores an EC P-256 keypair for signing Gateway challenge nonces. * Keys are stored in EncryptedSharedPreferences for security.
* The private key never leaves the secure hardware (TEE/SE) on supported devices. * Uses pure-Java Ed25519 implementation for compatibility with all Android versions.
*
* The key format matches the Clawdbot gateway protocol:
* - Public key: 32 bytes raw, base64url-encoded
* - Signature: 64 bytes raw, base64url-encoded
* - Payload: "$nonce:$signedAt" (matching gateway's expected format)
*/ */
class DeviceIdentity(context: Context) { class DeviceIdentity(context: Context) {
private val tag = "DeviceIdentity" private val tag = "DeviceIdentity"
private val keyAlias = "clawdnode_device_key" private val prefsName = "clawdnode_device_identity"
private val keyPrivate = "private_key"
private val keyPublic = "public_key"
private val keyStore: KeyStore by lazy { private val ed25519Spec = EdDSANamedCurveTable.getByName("Ed25519")
KeyStore.getInstance("AndroidKeyStore").apply { load(null) }
private val prefs by lazy {
val masterKey = MasterKey.Builder(context)
.setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
.build()
EncryptedSharedPreferences.create(
context,
prefsName,
masterKey,
EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
)
} }
/** /**
* Get or generate the device's public key * Get the device's public key as base64url-encoded raw bytes (32 bytes)
*/ */
val publicKey: String by lazy { val publicKey: String by lazy {
ensureKeyPair() ensureKeyPair()
val publicKey = keyStore.getCertificate(keyAlias)?.publicKey val publicKeyBytes = prefs.getString(keyPublic, null)
?: throw IllegalStateException("No public key available") ?: throw IllegalStateException("No public key available")
Base64.encodeToString(publicKey.encoded, Base64.NO_WRAP) publicKeyBytes // Already stored as base64url
} }
/** /**
* Get device ID (fingerprint of the public key) * Get device ID (SHA-256 fingerprint of the public key raw bytes)
*/ */
val deviceId: String by lazy { val deviceId: String by lazy {
ensureKeyPair() ensureKeyPair()
val publicKey = keyStore.getCertificate(keyAlias)?.publicKey val publicKeyBase64 = prefs.getString(keyPublic, null)
?: throw IllegalStateException("No public key available") ?: throw IllegalStateException("No public key available")
// Create fingerprint using SHA-256 of the public key // Decode the raw public key bytes
val digest = MessageDigest.getInstance("SHA-256") val publicKeyBytes = base64UrlDecode(publicKeyBase64)
val hash = digest.digest(publicKey.encoded)
// Return as hex string (first 16 bytes = 32 chars) // Create fingerprint using SHA-256 of the raw public key bytes
hash.take(16).joinToString("") { "%02x".format(it) } val digest = MessageDigest.getInstance("SHA-256")
val hash = digest.digest(publicKeyBytes)
// Return as hex string (full 32 bytes = 64 chars, matching gateway)
hash.joinToString("") { "%02x".format(it) }
} }
/** /**
@ -59,18 +88,29 @@ class DeviceIdentity(context: Context) {
ensureKeyPair() ensureKeyPair()
val signedAt = System.currentTimeMillis() val signedAt = System.currentTimeMillis()
val dataToSign = "$nonce:$signedAt" val payload = "$nonce:$signedAt"
val privateKey = keyStore.getKey(keyAlias, null) as? PrivateKey Log.d(tag, "Signing payload: $payload")
// Load private key
val privateKeyBase64 = prefs.getString(keyPrivate, null)
?: throw IllegalStateException("No private key available") ?: throw IllegalStateException("No private key available")
val privateKeyBytes = base64UrlDecode(privateKeyBase64)
val signature = Signature.getInstance("SHA256withECDSA").apply { // Create EdDSA private key
val privateKeySpec = EdDSAPrivateKeySpec(privateKeyBytes, ed25519Spec)
val privateKey = EdDSAPrivateKey(privateKeySpec)
// Sign the payload
val signature = EdDSAEngine(MessageDigest.getInstance(ed25519Spec.hashAlgorithm)).apply {
initSign(privateKey) initSign(privateKey)
update(dataToSign.toByteArray(Charsets.UTF_8)) update(payload.toByteArray(Charsets.UTF_8))
} }
val signatureBytes = signature.sign() val signatureBytes = signature.sign()
val signatureBase64 = Base64.encodeToString(signatureBytes, Base64.NO_WRAP) val signatureBase64 = base64UrlEncode(signatureBytes)
Log.d(tag, "Generated signature: ${signatureBase64.take(20)}... (${signatureBytes.size} bytes)")
return SignedChallenge( return SignedChallenge(
signature = signatureBase64, signature = signatureBase64,
@ -83,47 +123,72 @@ class DeviceIdentity(context: Context) {
* Ensure the keypair exists, generating if necessary * Ensure the keypair exists, generating if necessary
*/ */
private fun ensureKeyPair() { private fun ensureKeyPair() {
if (!keyStore.containsAlias(keyAlias)) { try {
if (prefs.getString(keyPrivate, null) == null) {
Log.i(tag, "No existing keypair found, generating new Ed25519 keypair")
generateKeyPair() generateKeyPair()
} else {
Log.d(tag, "Using existing Ed25519 keypair")
}
} catch (e: Exception) {
Log.e(tag, "Failed to check/ensure keypair", e)
throw e
} }
} }
/** /**
* Generate a new EC P-256 keypair in the Android Keystore * Generate a new Ed25519 keypair and store it
*/ */
private fun generateKeyPair() { private fun generateKeyPair() {
Log.i(tag, "Generating new device keypair") Log.i(tag, "Generating new Ed25519 device keypair")
val keyPairGenerator = KeyPairGenerator.getInstance( val keyPairGenerator = KeyPairGenerator()
KeyProperties.KEY_ALGORITHM_EC, keyPairGenerator.initialize(256, SecureRandom())
"AndroidKeyStore" val keyPair = keyPairGenerator.generateKeyPair()
)
val parameterSpec = KeyGenParameterSpec.Builder( val privateKey = keyPair.private as EdDSAPrivateKey
keyAlias, val publicKey = keyPair.public as EdDSAPublicKey
KeyProperties.PURPOSE_SIGN or KeyProperties.PURPOSE_VERIFY
).apply {
setAlgorithmParameterSpec(ECGenParameterSpec("secp256r1"))
setDigests(KeyProperties.DIGEST_SHA256)
// Require user auth for extra security (optional, can be removed if too restrictive)
// setUserAuthenticationRequired(true)
// setUserAuthenticationValidityDurationSeconds(300)
}.build()
keyPairGenerator.initialize(parameterSpec) // Get raw 32-byte keys (matching gateway format)
keyPairGenerator.generateKeyPair() // For Ed25519, the "seed" is the 32-byte private key
val privateKeyBytes = privateKey.seed
// The "A" point is the 32-byte public key
val publicKeyBytes = publicKey.abyte
Log.i(tag, "Device keypair generated successfully") Log.d(tag, "Generated keypair: private=${privateKeyBytes.size} bytes, public=${publicKeyBytes.size} bytes")
// Store as base64url
prefs.edit()
.putString(keyPrivate, base64UrlEncode(privateKeyBytes))
.putString(keyPublic, base64UrlEncode(publicKeyBytes))
.apply()
Log.i(tag, "Ed25519 device keypair generated and stored successfully")
} }
/** /**
* Delete the keypair (for testing/reset) * Delete the keypair (for testing/reset)
*/ */
fun deleteKeyPair() { fun deleteKeyPair() {
if (keyStore.containsAlias(keyAlias)) { prefs.edit()
keyStore.deleteEntry(keyAlias) .remove(keyPrivate)
.remove(keyPublic)
.apply()
Log.i(tag, "Device keypair deleted") Log.i(tag, "Device keypair deleted")
} }
/**
* Base64url encode (no padding, URL-safe)
*/
private fun base64UrlEncode(bytes: ByteArray): String {
return Base64.encodeToString(bytes, Base64.URL_SAFE or Base64.NO_WRAP or Base64.NO_PADDING)
}
/**
* Base64url decode (handles both padded and unpadded)
*/
private fun base64UrlDecode(input: String): ByteArray {
return Base64.decode(input, Base64.URL_SAFE or Base64.NO_WRAP or Base64.NO_PADDING)
} }
data class SignedChallenge( data class SignedChallenge(

30
app/src/main/java/com/inou/clawdnode/service/GatewayClient.kt
View File

@ -218,12 +218,22 @@ class GatewayClient(
return return
} }
// Sign the challenge nonce // Sign the challenge nonce and get device identity
val signedChallenge = try { // Wrap in try/catch - keystore operations can fail on first run or if hardware unavailable
deviceIdentity.signChallenge(nonce) val signedChallenge: DeviceIdentity.SignedChallenge?
val deviceId: String
val publicKey: String?
try {
deviceId = deviceIdentity.deviceId
signedChallenge = deviceIdentity.signChallenge(nonce)
publicKey = deviceIdentity.publicKey
log("Device identity ready: id=${deviceId.take(8)}..., signed challenge")
} catch (e: Exception) { } catch (e: Exception) {
logError("Failed to sign challenge", e) logError("Failed to initialize device identity or sign challenge", e)
null // Cannot proceed without device identity for non-local connections
webSocket?.close(1000, "Device identity initialization failed: ${e.message}")
return
} }
val connectRequest = ConnectRequest( val connectRequest = ConnectRequest(
@ -248,11 +258,11 @@ class GatewayClient(
auth = AuthInfo(token = token), auth = AuthInfo(token = token),
userAgent = "clawdnode-android/${getAppVersion()}", userAgent = "clawdnode-android/${getAppVersion()}",
device = DeviceInfo( device = DeviceInfo(
id = deviceIdentity.deviceId, id = deviceId,
publicKey = signedChallenge?.let { deviceIdentity.publicKey }, publicKey = publicKey,
signature = signedChallenge?.signature, signature = signedChallenge.signature,
signedAt = signedChallenge?.signedAt, signedAt = signedChallenge.signedAt,
nonce = signedChallenge?.nonce nonce = signedChallenge.nonce
) )
) )
) )