Merge pull request #1654 from wordpress-mobile/feature/encrypted-logs-master

Encrypted logs

Author: oguzkocer

build.gradle

@@ -21,6 +21,7 @@ allprojects {
     repositories {
         google()
         jcenter()
+        maven { url "http://dl.bintray.com/terl/lazysodium-maven" }
     }
 
     task checkstyle(type: Checkstyle) {

example/build.gradle

@@ -22,7 +22,7 @@ android {
 
     defaultConfig {
         applicationId "org.wordpress.android.fluxc.example"
-        minSdkVersion 15
+        minSdkVersion 16
         // Keep the targetSdkVersion 22 so we don't need to grant runtime permissions to the tests and the example app
         // An alternative would be granting the permissions via adb before running the test, like here:
         // https://afterecho.uk/blog/granting-marshmallow-permissions-for-testing-flavoured-builds.html

example/src/androidTest/java/org/wordpress/android/fluxc/LogEncrypterTest.kt

@@ -0,0 +1,169 @@
+package org.wordpress.android.fluxc
+
+import android.util.Base64
+import android.util.Base64.DEFAULT
+import com.goterl.lazycode.lazysodium.interfaces.SecretStream
+import com.goterl.lazycode.lazysodium.utils.KeyPair
+import org.json.JSONObject
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertNotNull
+import org.junit.Before
+import org.junit.Test
+import org.wordpress.android.fluxc.model.encryptedlogging.EncryptedLoggingKey
+import org.wordpress.android.fluxc.model.encryptedlogging.EncryptedSecretStreamKey
+import org.wordpress.android.fluxc.model.encryptedlogging.EncryptionUtils
+import org.wordpress.android.fluxc.model.encryptedlogging.LogEncrypter
+import org.wordpress.android.fluxc.model.encryptedlogging.SecretStreamKey
+import java.util.UUID
+import kotlin.random.Random.Default.nextInt
+
+class LogEncrypterTest {
+    private lateinit var keypair: KeyPair
+    private val logDecrypter: LogDecrypter = LogDecrypter()
+
+    @Before
+    fun setup() {
+        keypair = EncryptionUtils.sodium.cryptoBoxKeypair()
+    }
+
+    @Test
+    @Throws
+    fun testThatEncryptedLogsMatchV1FileFormat() {
+        val testLogString = UUID.randomUUID().toString()
+        val encryptedLog = encryptContent(testLogString)
+
+        val json = JSONObject(encryptedLog)
+        assertEquals(
+                "`keyedWith` must ALWAYS be v1 in this version of the file format",
+                "v1",
+                json.getString("keyedWith")
+        )
+
+        assertNotNull(
+                "The UUID must be valid",
+                UUID.fromString(json.getString("uuid"))
+        )
+
+        assertEquals(
+                "The header must be 32 bytes long",
+                32,
+                json.getString("header").count()
+        )
+
+        assertEquals(
+                "The encrypted key should be 108 bytes long",
+                108,
+                json.getString("encryptedKey").count()
+        )
+
+        assertEquals(
+                "There should be one message and the closing tag",
+                2,
+                json.getJSONArray("messages").length()
+        )
+    }
+
+    @Test
+    fun testThatLogsCanBeDecrypted() {
+        val testLogString = UUID.randomUUID().toString()
+        assertEquals(testLogString, decryptContent(encryptContent(testLogString)))
+    }
+
+    @Test
+    fun testThatMultilineLogsCanBeDecrypted() {
+        val testLogString = (0..(nextInt(100) + 2)).joinToString(separator = "\n") { UUID.randomUUID().toString() }
+        assertEquals(testLogString, decryptContent(encryptContent(testLogString)))
+    }
+
+    @Test
+    fun testThatEmptyLogsCanBeEncrypted() {
+        val testLogString = ""
+        assertEquals(testLogString, decryptContent(encryptContent(testLogString)))
+    }
+
+    @Test
+    fun testThatExplicitUUIDsCanBeRetrievedFromEncryptedLogs() {
+        val testUuid = UUID.randomUUID().toString()
+
+        val (_, uuid) = logDecrypter.decrypt(encryptContent("", testUuid), keypair)
+        assertEquals(uuid, testUuid)
+    }
+
+    // Helpers
+
+    private fun encryptContent(content: String, uuid: String = UUID.randomUUID().toString()): String {
+        return LogEncrypter(EncryptedLoggingKey(keypair.publicKey)).encrypt(content, uuid)
+    }
+
+    private fun decryptContent(encryptedText: String): String {
+        return logDecrypter.decrypt(encryptedText, keypair).first
+    }
+}
+
+/**
+ * EncryptedStream represents the encrypted stream once the key has been decrypted. It exists to separate
+ * the key decryption from the stream decryption while decoding.
+ *
+ * @param key An unencrypted SecretStreamKey used to decrypt the remainder of the log.
+ * @param header A `ByteArray` representing the stream header – it's used to initialize the decryption stream.
+ * @param messages A `List<ByteArray>` of encrypted messages
+ */
+private class EncryptedStream(val key: SecretStreamKey, val header: ByteArray, val messages: List<ByteArray>)
+
+private const val JSON_KEYED_WITH_KEY = "keyedWith"
+private const val JSON_UUID_KEY = "uuid"
+private const val JSON_HEADER_KEY = "header"
+private const val JSON_ENCRYPTED_KEY_KEY = "encryptedKey"
+private const val JSON_MESSAGES_KEY = "messages"
+
+/**
+ * LogDecrypter allows decrypting encrypted content.
+ */
+private class LogDecrypter {
+    private val sodium = EncryptionUtils.sodium
+    private val state = SecretStream.State.ByReference()
+
+    private fun encryptedStream(encryptedText: String, keyPair: KeyPair): Pair<EncryptedStream, String> {
+        val json = JSONObject(encryptedText)
+
+        require(json.getString(JSON_KEYED_WITH_KEY) == "v1") {
+            "This class can only parse files keyedWith the v1 implementation"
+        }
+
+        val uuid = json.getString(JSON_UUID_KEY)
+        val header = json.getString(JSON_HEADER_KEY).base64Decode()
+        val encryptedKey = EncryptedSecretStreamKey(json.getString(JSON_ENCRYPTED_KEY_KEY).base64Decode())
+        val messagesJson = json.getJSONArray(JSON_MESSAGES_KEY)
+
+        val messages = (0 until messagesJson.length()).map { messagesJson.getString(it).base64Decode() }
+
+        val encryptedStream = EncryptedStream(encryptedKey.decrypt(keyPair), header, messages)
+        check(sodium.cryptoSecretStreamInitPull(state, encryptedStream.header, encryptedStream.key.bytes))
+        return Pair(encryptedStream, uuid)
+    }
+
+    /**
+     * Decrypts and returns the log file as a String.
+     *
+     * @param encryptedText The encrypted text to decrypt.
+     * @param keyPair The public and secret key pair associated with this file. Both are required to decrypt the file.
+     */
+    fun decrypt(encryptedText: String, keyPair: KeyPair): Pair<String, String> {
+        val (encryptedStream, uuid) = encryptedStream(encryptedText, keyPair)
+        val decryptedText = encryptedStream.messages.fold("") { accumulated: String, cipherBytes: ByteArray ->
+            String
+            val plainBytes = ByteArray(cipherBytes.size - SecretStream.ABYTES)
+
+            val tag = ByteArray(1) // Stores the extracted tag. This implementation doesn't do anything with it.
+            check(sodium.cryptoSecretStreamPull(state, plainBytes, tag, cipherBytes, cipherBytes.size.toLong()))
+
+            accumulated + String(plainBytes)
+        }
+        return Pair(decryptedText, uuid)
+    }
+}
+
+// On Android base64 has lots of options, so define an extension to make it easier to avoid decoding issues.
+private fun String.base64Decode(): ByteArray {
+    return Base64.decode(this, DEFAULT)
+}

example/src/androidTest/java/org/wordpress/android/fluxc/release/ReleaseStack_AppComponent.java

@@ -68,4 +68,5 @@ public interface ReleaseStack_AppComponent {
     void inject(ReleaseStack_PostSchedulingTestJetpack test);
     void inject(ReleaseStack_ReactNativeWPAPIRequestTest test);
     void inject(ReleaseStack_ReactNativeWPComRequestTest test);
+    void inject(ReleaseStack_EncryptedLogTest test);
 }

example/src/androidTest/java/org/wordpress/android/fluxc/release/ReleaseStack_EncryptedLogTest.kt

@@ -0,0 +1,115 @@
+package org.wordpress.android.fluxc.release
+
+import org.greenrobot.eventbus.Subscribe
+import org.hamcrest.CoreMatchers.`is`
+import org.hamcrest.CoreMatchers.hasItem
+import org.junit.Assert.assertThat
+import org.junit.Assert.assertTrue
+import org.junit.Test
+import org.wordpress.android.fluxc.TestUtils
+import org.wordpress.android.fluxc.generated.EncryptedLogActionBuilder
+import org.wordpress.android.fluxc.release.ReleaseStack_EncryptedLogTest.TestEvents.ENCRYPTED_LOG_UPLOADED_SUCCESSFULLY
+import org.wordpress.android.fluxc.release.ReleaseStack_EncryptedLogTest.TestEvents.ENCRYPTED_LOG_UPLOAD_FAILED_WITH_INVALID_UUID
+import org.wordpress.android.fluxc.store.EncryptedLogStore
+import org.wordpress.android.fluxc.store.EncryptedLogStore.OnEncryptedLogUploaded
+import org.wordpress.android.fluxc.store.EncryptedLogStore.OnEncryptedLogUploaded.EncryptedLogFailedToUpload
+import org.wordpress.android.fluxc.store.EncryptedLogStore.OnEncryptedLogUploaded.EncryptedLogUploadedSuccessfully
+import org.wordpress.android.fluxc.store.EncryptedLogStore.UploadEncryptedLogError.InvalidRequest
+import org.wordpress.android.fluxc.store.EncryptedLogStore.UploadEncryptedLogError.TooManyRequests
+import org.wordpress.android.fluxc.store.EncryptedLogStore.UploadEncryptedLogPayload
+import java.io.File
+import java.util.concurrent.CountDownLatch
+import java.util.concurrent.TimeUnit
+import javax.inject.Inject
+
+private const val NUMBER_OF_LOGS_TO_UPLOAD = 3
+private const val TEST_UUID_PREFIX = "TEST-UUID-"
+private const val INVALID_UUID = "INVALID_UUID" // Underscore is not allowed
+
+class ReleaseStack_EncryptedLogTest : ReleaseStack_Base() {
+    @Inject lateinit var encryptedLogStore: EncryptedLogStore
+
+    private var nextEvent: TestEvents? = null
+
+    private enum class TestEvents {
+        NONE,
+        ENCRYPTED_LOG_UPLOADED_SUCCESSFULLY,
+        ENCRYPTED_LOG_UPLOAD_FAILED_WITH_INVALID_UUID
+    }
+
+    @Throws(Exception::class)
+    override fun setUp() {
+        super.setUp()
+        mReleaseStackAppComponent.inject(this)
+        init()
+        nextEvent = TestEvents.NONE
+    }
+
+    @Test
+    fun testQueueForUpload() {
+        nextEvent = ENCRYPTED_LOG_UPLOADED_SUCCESSFULLY
+
+        val testIds = testIds()
+        mCountDownLatch = CountDownLatch(testIds.size)
+        testIds.forEach { uuid ->
+            val payload = UploadEncryptedLogPayload(
+                    uuid = uuid,
+                    file = createTempFileWithContent(suffix = uuid, content = "Testing FluxC log upload for $uuid"),
+                    shouldStartUploadImmediately = true
+            )
+            mDispatcher.dispatch(EncryptedLogActionBuilder.newUploadLogAction(payload))
+        }
+        assertTrue(mCountDownLatch.await(TestUtils.DEFAULT_TIMEOUT_MS.toLong(), TimeUnit.MILLISECONDS))
+    }
+
+    @Test
+    fun testQueueForUploadForInvalidUuid() {
+        nextEvent = ENCRYPTED_LOG_UPLOAD_FAILED_WITH_INVALID_UUID
+
+        mCountDownLatch = CountDownLatch(1)
+        val payload = UploadEncryptedLogPayload(
+                uuid = INVALID_UUID,
+                file = createTempFile(suffix = INVALID_UUID),
+                shouldStartUploadImmediately = true
+        )
+        mDispatcher.dispatch(EncryptedLogActionBuilder.newUploadLogAction(payload))
+        assertTrue(mCountDownLatch.await(TestUtils.DEFAULT_TIMEOUT_MS.toLong(), TimeUnit.MILLISECONDS))
+    }
+
+    @Suppress("unused")
+    @Subscribe
+    fun onEncryptedLogUploaded(event: OnEncryptedLogUploaded) {
+        when (event) {
+            is EncryptedLogUploadedSuccessfully -> {
+                assertThat(nextEvent, `is`(ENCRYPTED_LOG_UPLOADED_SUCCESSFULLY))
+                assertThat(testIds(), hasItem(event.uuid))
+            }
+            is EncryptedLogFailedToUpload -> {
+                when (event.error) {
+                    is TooManyRequests -> {
+                        // If we are hitting too many requests, we just ignore the test as restarting it will not help
+                        assertThat(event.willRetry, `is`(true))
+                    }
+                    is InvalidRequest -> {
+                        assertThat(nextEvent, `is`(ENCRYPTED_LOG_UPLOAD_FAILED_WITH_INVALID_UUID))
+                        assertThat(event.willRetry, `is`(false))
+                    }
+                    else -> {
+                        throw AssertionError("Unexpected error occurred in onEncryptedLogUploaded: ${event.error}")
+                    }
+                }
+            }
+        }
+        mCountDownLatch.countDown()
+    }
+
+    private fun testIds() = (1..NUMBER_OF_LOGS_TO_UPLOAD).map { i ->
+        "$TEST_UUID_PREFIX$i"
+    }
+
+    private fun createTempFileWithContent(suffix: String, content: String): File {
+        val file = createTempFile(suffix = suffix)
+        file.writeText(content)
+        return file
+    }
+}

example/src/main/java/org/wordpress/android/fluxc/example/di/AppConfigModule.java

@@ -3,7 +3,11 @@
 import android.content.Context;
 import android.text.TextUtils;
 
+import com.goterl.lazycode.lazysodium.exceptions.SodiumException;
+
 import org.wordpress.android.fluxc.example.BuildConfig;
+import org.wordpress.android.fluxc.model.encryptedlogging.EncryptedLoggingKey;
+import org.wordpress.android.fluxc.model.encryptedlogging.EncryptionUtils;
 import org.wordpress.android.fluxc.network.UserAgent;
 import org.wordpress.android.fluxc.network.rest.wpcom.auth.AppSecrets;
 import org.wordpress.android.util.AppLog;
@@ -40,4 +44,14 @@ public AppSecrets provideAppSecrets() {
     public UserAgent provideUserAgent(Context appContext) {
         return new UserAgent(appContext, "fluxc-example-android");
     }
+
+    @Provides
+    public EncryptedLoggingKey provideEncryptedLoggingKey() {
+        try {
+            return new EncryptedLoggingKey(EncryptionUtils.getSodium().cryptoBoxKeypair().getPublicKey());
+        } catch (SodiumException e) {
+            e.printStackTrace();
+            return null;
+        }
+    }
 }