Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unlock DB using NFC tag. Select entry using NFC tag. Use secure NFC tags. #1359

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions app/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,9 @@ android {
minifyEnabled = false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
debug {
applicationIdSuffix 'debug' //todo-op!!! disable
}
}

flavorDimensions "version"
Expand Down
1 change: 1 addition & 0 deletions app/src/main/AndroidManifest.xml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
<uses-permission
android:name="android.permission.QUERY_ALL_PACKAGES"
tools:ignore="QueryAllPackagesPermission" />
<uses-permission android:name="android.permission.NFC" />

<application
android:label="@string/app_name"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -352,6 +352,7 @@ class MainCredentialActivity : DatabaseModeActivity(), AdvancedUnlockFragment.Bu

override fun onNewIntent(intent: Intent?) {
super.onNewIntent(intent)
if (true == advancedUnlockFragment?.nfc?.checkAndProcessTag(intent)) return
getUriFromIntent(intent)
}

Expand Down

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ class AdvancedUnlockManager(private var retrieveContext: () -> FragmentActivity)

private var isKeyManagerInit = false

private val unlockNfcEnable = PreferencesUtil.isUnlockNfcEnable(retrieveContext())
private val biometricUnlockEnable = PreferencesUtil.isBiometricUnlockEnable(retrieveContext())
private val deviceCredentialUnlockEnable = PreferencesUtil.isDeviceCredentialUnlockEnable(retrieveContext())

Expand Down Expand Up @@ -101,7 +102,7 @@ class AdvancedUnlockManager(private var retrieveContext: () -> FragmentActivity)
}

init {
if (isDeviceSecure(retrieveContext())
if (unlockNfcEnable || isDeviceSecure(retrieveContext())
&& (biometricUnlockEnable || deviceCredentialUnlockEnable)) {
try {
this.keyStore = KeyStore.getInstance(ADVANCED_UNLOCK_KEYSTORE)
Expand Down Expand Up @@ -213,15 +214,17 @@ class AdvancedUnlockManager(private var retrieveContext: () -> FragmentActivity)
}
}

@Synchronized fun encryptData(value: ByteArray) {
@Synchronized fun encryptData(value: ByteArray, unlockData: List<Byte>? = null, databaseKeyId: Int? = null) {
if (!isKeyManagerInitialized) {
return
}
try {
val encrypted = cipher?.doFinal(value) ?: byteArrayOf()
val valueAndData = if (true != unlockData?.isNotEmpty()) value else
value.toMutableList().also { it.addAll(unlockData) }.toByteArray()
val encrypted = cipher?.doFinal(valueAndData) ?: byteArrayOf()
// passes updated iv spec on to callback so this can be stored for decryption
cipher?.parameters?.getParameterSpec(IvParameterSpec::class.java)?.let{ spec ->
advancedUnlockCallback?.handleEncryptedResult(encrypted, spec.iv)
advancedUnlockCallback?.handleEncryptedResult(encrypted, spec.iv, databaseKeyId)
}
} catch (e: Exception) {
Log.e(TAG, "Unable to encrypt data", e)
Expand Down Expand Up @@ -278,14 +281,19 @@ class AdvancedUnlockManager(private var retrieveContext: () -> FragmentActivity)
}
}

@Synchronized fun decryptData(encryptedValue: ByteArray) {
@Synchronized fun decryptData(encryptedValue: ByteArray, unlockDataSize: Int = 0, databaseKeyId: Int? = null, onUnlockData: ((ByteArray, List<Byte>) -> Boolean)? = null) {
if (!isKeyManagerInitialized) {
return
}
try {
// actual decryption here
cipher?.doFinal(encryptedValue)?.let { decrypted ->
advancedUnlockCallback?.handleDecryptedResult(decrypted)
cipher?.doFinal(encryptedValue)?.let { valueArray ->
val decrypted = if (valueArray.size <= unlockDataSize) valueArray else {
valueArray.take(valueArray.size - unlockDataSize).toByteArray().also {
if (true != onUnlockData?.invoke(it, valueArray.takeLast(unlockDataSize))) throw Exception("Invalid unlock data.")
}
}
advancedUnlockCallback?.handleDecryptedResult(decrypted, databaseKeyId)
}
} catch (badPaddingException: BadPaddingException) {
Log.e(TAG, "Unable to decrypt data", badPaddingException)
Expand Down Expand Up @@ -360,8 +368,8 @@ class AdvancedUnlockManager(private var retrieveContext: () -> FragmentActivity)
fun onAuthenticationSucceeded()
fun onAuthenticationFailed()
fun onAuthenticationError(errorCode: Int, errString: CharSequence)
fun handleEncryptedResult(encryptedValue: ByteArray, ivSpec: ByteArray)
fun handleDecryptedResult(decryptedValue: ByteArray)
fun handleEncryptedResult(encryptedValue: ByteArray, ivSpec: ByteArray, databaseKeyId: Int?)
fun handleDecryptedResult(decryptedValue: ByteArray, databaseKeyId: Int?)
}

companion object {
Expand Down Expand Up @@ -455,9 +463,9 @@ class AdvancedUnlockManager(private var retrieveContext: () -> FragmentActivity)

override fun onAuthenticationError(errorCode: Int, errString: CharSequence) {}

override fun handleEncryptedResult(encryptedValue: ByteArray, ivSpec: ByteArray) {}
override fun handleEncryptedResult(encryptedValue: ByteArray, ivSpec: ByteArray, databaseKeyId: Int?) {}

override fun handleDecryptedResult(decryptedValue: ByteArray) {}
override fun handleDecryptedResult(decryptedValue: ByteArray, databaseKeyId: Int?) {}

override fun onUnrecoverableKeyException(e: Exception) {
advancedCallback.onUnrecoverableKeyException(e)
Expand Down
Loading