Skip to content

AndroidKeyStore reset when it has become unreadable #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
gmarrot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

AndroidKeyStore reset when it has become unreadable #47

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 54 additions & 15 deletions SecureStorage/Plugin.SecureStorage.Android/AndroidKeyStoreImplementation..cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
using Android.Runtime;
using Android.Security;
using Android.Security.Keystore;
using Android.Util;

using Java.Security;
using Javax.Crypto;
Expand Down Expand Up @@ -160,6 +161,8 @@ private string GetMD5Hash(string input)
/// </summary>
private class AndroidKeyStore
{
const string LOG_TAG = nameof(AndroidKeyStore);

const string androidKeyStore = "AndroidKeyStore"; // this is an Android const value
const string aesAlgorithm = "AES";
const string cipherTransformationAsymmetric = "RSA/ECB/PKCS1Padding";
Expand Down Expand Up @@ -203,28 +206,46 @@ ISecretKey GetKey()

if (!string.IsNullOrEmpty(existingKeyStr))
{
var wrappedKey = Convert.FromBase64String(existingKeyStr);
try
{
var wrappedKey = Convert.FromBase64String(existingKeyStr);

var unwrappedKey = UnwrapKey(wrappedKey, keyPair.Private);
var kp = unwrappedKey.JavaCast<ISecretKey>();
var unwrappedKey = UnwrapKey(wrappedKey, keyPair.Private);
var kp = unwrappedKey.JavaCast<ISecretKey>();

return kp;
return kp;
}
catch (InvalidKeyException e)
{
Log.Error(LOG_TAG, e, "Unable to unwrap key: Invalid Key. This may be caused by system backup or upgrades. All secure storage items will now be removed. {0}", e.Message);
}
catch (IllegalBlockSizeException e)
{
Log.Error(LOG_TAG, e, "Unable to unwrap key: Illegal Block Size. This may be caused by system backup or upgrades. All secure storage items will now be removed. {0}", e.Message);
}
catch (BadPaddingException e)
{
Log.Error(LOG_TAG, e, "Unable to unwrap key: Bad Padding. This may be caused by system backup or upgrades. All secure storage items will now be removed. {0}", e.Message);
}
catch (Java.Lang.IllegalArgumentException e)
{
Log.Error(LOG_TAG, e, "Unable to unwrap key: Illegal Argument. This may be caused by system backup or upgrades. All secure storage items will now be removed. {0}", e.Message);
}
Clear(prefs);
}
else
{
var keyGenerator = KeyGenerator.GetInstance(aesAlgorithm);
var defSymmetricKey = keyGenerator.GenerateKey();

var wrappedKey = WrapKey(defSymmetricKey, keyPair.Public);
var keyGenerator = KeyGenerator.GetInstance(aesAlgorithm);
var defSymmetricKey = keyGenerator.GenerateKey();

using (var prefsEditor = prefs.Edit())
{
prefsEditor.PutString(prefsMasterKey, Convert.ToBase64String(wrappedKey));
prefsEditor.Commit();
}
var newWrappedKey = WrapKey(defSymmetricKey, keyPair.Public);

return defSymmetricKey;
using (var prefsEditor = prefs.Edit())
{
prefsEditor.PutString(prefsMasterKey, Convert.ToBase64String(newWrappedKey));
prefsEditor.Commit();
}

return defSymmetricKey;
}
}

Expand Down Expand Up @@ -372,6 +393,24 @@ internal string Decrypt(byte[] data)
return Encoding.UTF8.GetString(decryptedData);
}

bool Clear(ISharedPreferences prefs)
{
try
{
using (var prefsEditor = prefs.Edit())
{
prefsEditor.Clear();
prefsEditor.Commit();

return true;
}
}
catch
{
return false;
}
}

private bool HasApiLevel(BuildVersionCodes versionCode) => (int)Build.VERSION.SdkInt >= (int)versionCode;
}
#endregion
Expand Down