From 8cb243536bb1fbe7743ebc428d79b6f99c844444 Mon Sep 17 00:00:00 2001 From: Christian Schneppe Date: Wed, 26 Sep 2018 21:44:45 +0200 Subject: use javax api instead of BC for file decryption --- .../services/AbstractConnectionManager.java | 120 ++++++++++----------- 1 file changed, 54 insertions(+), 66 deletions(-) (limited to 'src/main/java') diff --git a/src/main/java/de/pixart/messenger/services/AbstractConnectionManager.java b/src/main/java/de/pixart/messenger/services/AbstractConnectionManager.java index 1c4c6ca19..8fa50bb08 100644 --- a/src/main/java/de/pixart/messenger/services/AbstractConnectionManager.java +++ b/src/main/java/de/pixart/messenger/services/AbstractConnectionManager.java @@ -6,80 +6,38 @@ import android.content.pm.PackageManager; import android.os.Build; import android.os.PowerManager; import android.os.SystemClock; -import android.util.Log; import android.util.Pair; -import org.bouncycastle.crypto.engines.AESEngine; -import org.bouncycastle.crypto.modes.AEADBlockCipher; -import org.bouncycastle.crypto.modes.GCMBlockCipher; -import org.bouncycastle.crypto.params.AEADParameters; -import org.bouncycastle.crypto.params.KeyParameter; - import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.InputStream; import java.io.OutputStream; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; import java.util.concurrent.atomic.AtomicLong; import javax.crypto.Cipher; import javax.crypto.CipherInputStream; import javax.crypto.CipherOutputStream; -import javax.crypto.NoSuchPaddingException; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import de.pixart.messenger.Config; import de.pixart.messenger.R; import de.pixart.messenger.entities.DownloadableFile; +import de.pixart.messenger.utils.Compatibility; public class AbstractConnectionManager { - protected XmppConnectionService mXmppConnectionService; + private static final String KEYTYPE = "AES"; + private static final String CIPHERMODE = "AES/GCM/NoPadding"; + private static final String PROVIDER = "BC"; private static final int UI_REFRESH_THRESHOLD = 250; private static final AtomicLong LAST_UI_UPDATE_CALL = new AtomicLong(0); + protected XmppConnectionService mXmppConnectionService; public AbstractConnectionManager(XmppConnectionService service) { this.mXmppConnectionService = service; } - public XmppConnectionService getXmppConnectionService() { - return this.mXmppConnectionService; - } - - public long getAutoAcceptFileSize() { - long defaultValue_wifi = this.getXmppConnectionService().getResources().getInteger(R.integer.auto_accept_filesize_wifi); - long defaultValue_mobile = this.getXmppConnectionService().getResources().getInteger(R.integer.auto_accept_filesize_mobile); - long defaultValue_roaming = this.getXmppConnectionService().getResources().getInteger(R.integer.auto_accept_filesize_roaming); - - String config = "0"; - if (mXmppConnectionService.isWIFI()) { - config = this.mXmppConnectionService.getPreferences().getString( - "auto_accept_file_size_wifi", String.valueOf(defaultValue_wifi)); - } else if (mXmppConnectionService.isMobile()) { - config = this.mXmppConnectionService.getPreferences().getString( - "auto_accept_file_size_mobile", String.valueOf(defaultValue_mobile)); - } else if (mXmppConnectionService.isMobileRoaming()) { - config = this.mXmppConnectionService.getPreferences().getString( - "auto_accept_file_size_roaming", String.valueOf(defaultValue_roaming)); - } - try { - return Long.parseLong(config); - } catch (NumberFormatException e) { - return defaultValue_mobile; - } - } - - public boolean hasStoragePermission() { - if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) { - return mXmppConnectionService.checkSelfPermission(Manifest.permission.WRITE_EXTERNAL_STORAGE) == PackageManager.PERMISSION_GRANTED; - } else { - return true; - } - } - public static Pair createInputStream(DownloadableFile file, boolean gcm) throws FileNotFoundException { FileInputStream is; int size; @@ -90,15 +48,15 @@ public class AbstractConnectionManager { } try { if (gcm) { - AEADBlockCipher cipher = new GCMBlockCipher(new AESEngine()); - cipher.init(true, new AEADParameters(new KeyParameter(file.getKey()), 128, file.getIv())); - InputStream cis = new org.bouncycastle.crypto.io.CipherInputStream(is, cipher); - return new Pair<>(cis, cipher.getOutputSize(size)); + Cipher cipher = Compatibility.twentyTwo() ? Cipher.getInstance(CIPHERMODE) : Cipher.getInstance(CIPHERMODE, PROVIDER); + SecretKeySpec keySpec = new SecretKeySpec(file.getKey(), KEYTYPE); + IvParameterSpec ivSpec = new IvParameterSpec(file.getIv()); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); + return new Pair<>(new CipherInputStream(is, cipher), cipher.getOutputSize(size)); } else { IvParameterSpec ips = new IvParameterSpec(file.getIv()); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); - cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(file.getKey(), "AES"), ips); - Log.d(Config.LOGTAG, "opening encrypted input stream"); + cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(file.getKey(), KEYTYPE), ips); return new Pair<>(new CipherInputStream(is, cipher), (size / 16 + 1) * 16); } } catch (Exception e) { @@ -126,24 +84,54 @@ public class AbstractConnectionManager { } try { if (gcm) { - AEADBlockCipher cipher = new GCMBlockCipher(new AESEngine()); - cipher.init(false, new AEADParameters(new KeyParameter(file.getKey()), 128, file.getIv())); - return new org.bouncycastle.crypto.io.CipherOutputStream(os, cipher); + Cipher cipher = Compatibility.twentyTwo() ? Cipher.getInstance(CIPHERMODE) : Cipher.getInstance(CIPHERMODE, PROVIDER); + SecretKeySpec keySpec = new SecretKeySpec(file.getKey(), KEYTYPE); + IvParameterSpec ivSpec = new IvParameterSpec(file.getIv()); + cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec); + return new CipherOutputStream(os, cipher); } else { IvParameterSpec ips = new IvParameterSpec(file.getIv()); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); - cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(file.getKey(), "AES"), ips); - Log.d(Config.LOGTAG, "opening encrypted output stream"); + cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(file.getKey(), KEYTYPE), ips); return new CipherOutputStream(os, cipher); } - } catch (InvalidKeyException e) { - return null; - } catch (NoSuchAlgorithmException e) { - return null; - } catch (NoSuchPaddingException e) { - return null; - } catch (InvalidAlgorithmParameterException e) { - return null; + } catch (Exception e) { + throw new AssertionError(e); + } + } + + public XmppConnectionService getXmppConnectionService() { + return this.mXmppConnectionService; + } + + public long getAutoAcceptFileSize() { + long defaultValue_wifi = this.getXmppConnectionService().getResources().getInteger(R.integer.auto_accept_filesize_wifi); + long defaultValue_mobile = this.getXmppConnectionService().getResources().getInteger(R.integer.auto_accept_filesize_mobile); + long defaultValue_roaming = this.getXmppConnectionService().getResources().getInteger(R.integer.auto_accept_filesize_roaming); + + String config = "0"; + if (mXmppConnectionService.isWIFI()) { + config = this.mXmppConnectionService.getPreferences().getString( + "auto_accept_file_size_wifi", String.valueOf(defaultValue_wifi)); + } else if (mXmppConnectionService.isMobile()) { + config = this.mXmppConnectionService.getPreferences().getString( + "auto_accept_file_size_mobile", String.valueOf(defaultValue_mobile)); + } else if (mXmppConnectionService.isMobileRoaming()) { + config = this.mXmppConnectionService.getPreferences().getString( + "auto_accept_file_size_roaming", String.valueOf(defaultValue_roaming)); + } + try { + return Long.parseLong(config); + } catch (NumberFormatException e) { + return defaultValue_mobile; + } + } + + public boolean hasStoragePermission() { + if (!Config.ONLY_INTERNAL_STORAGE && Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) { + return mXmppConnectionService.checkSelfPermission(Manifest.permission.WRITE_EXTERNAL_STORAGE) == PackageManager.PERMISSION_GRANTED; + } else { + return true; } } -- cgit v1.2.3