bitwarden-android/src/Android/Services/KeyStoreBackedStorageService.cs

using System.IO;
using Java.Security;
using Javax.Crypto;
using Android.OS;
using Bit.App.Abstractions;
using System;
using Android.Security;
using Javax.Security.Auth.X500;
using Java.Math;
using Android.Security.Keystore;
using Android.App;
using Plugin.Settings.Abstractions;
using Java.Util;
using Javax.Crypto.Spec;

namespace Bit.Android.Services
{
    public class KeyStoreBackedStorageService : ISecureStorageService
    {
        private const string AndroidKeyStore = "AndroidKeyStore";
        private const string KeyAlias = "bitwardenKey";
        private const string SettingsFormat = "ksSecured:{0}";
        private const string AesKey = "ksSecured:aesKeyForService";

        private readonly string _rsaMode;
        private readonly bool _oldAndroid;
        private readonly ISettings _settings;
        private readonly KeyStore _keyStore;
        private readonly ISecureStorageService _oldKeyStorageService;

        public KeyStoreBackedStorageService(ISettings settings)
        {
            _oldAndroid = Build.VERSION.SdkInt < BuildVersionCodes.M;
            _rsaMode = _oldAndroid ? "RSA/ECB/PKCS1Padding" : "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";

            _oldKeyStorageService = new KeyStoreStorageService(new char[] { });
            _settings = settings;

            _keyStore = KeyStore.GetInstance(AndroidKeyStore);
            _keyStore.Load(null);

            GenerateRsaKey();
            GenerateAesKey();
        }

        public bool Contains(string key)
        {
            return _settings.Contains(string.Format(SettingsFormat, key)) || _oldKeyStorageService.Contains(key);
        }

        public void Delete(string key)
        {
            CleanupOldKeyStore(key);
            _settings.Remove(string.Format(SettingsFormat, key));
        }

        public byte[] Retrieve(string key)
        {
            var formattedKey = string.Format(SettingsFormat, key);
            if(!_settings.Contains(formattedKey))
            {
                return TryGetAndMigrateFromOldKeyStore(key);
            }

            var cs = _settings.GetValueOrDefault<string>(formattedKey);
            if(string.IsNullOrWhiteSpace(cs))
            {
                return null;
            }

            var aesKey = GetAesKey();
            if(aesKey == null)
            {
                return null;
            }

            try
            {
                return App.Utilities.Crypto.AesCbcDecrypt(new App.Models.CipherString(cs), aesKey);
            }
            catch
            {
                Console.WriteLine("Failed to decrypt from secure storage.");
                _settings.Remove(formattedKey);
                return null;
            }
        }

        public void Store(string key, byte[] dataBytes)
        {
            var formattedKey = string.Format(SettingsFormat, key);
            CleanupOldKeyStore(key);
            if(dataBytes == null)
            {
                _settings.Remove(formattedKey);
                return;
            }

            var aesKey = GetAesKey();
            if(aesKey == null)
            {
                return;
            }

            try
            {
                var cipherString = App.Utilities.Crypto.AesCbcEncrypt(dataBytes, aesKey);
                _settings.AddOrUpdateValue(formattedKey, cipherString.EncryptedString);
            }
            catch
            {
                Console.WriteLine("Failed to encrypt to secure storage.");
            }
        }

        private void GenerateRsaKey()
        {
            if(_keyStore.ContainsAlias(KeyAlias))
            {
                return;
            }

            var gen = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStore);
            var start = Calendar.Instance;
            var end = Calendar.Instance;
            end.Add(CalendarField.Year, 30);
            var subject = new X500Principal($"CN={KeyAlias}");

            if(_oldAndroid)
            {
                var spec = new KeyPairGeneratorSpec.Builder(Application.Context)
                    .SetAlias(KeyAlias)
                    .SetSubject(subject)
                    .SetSerialNumber(BigInteger.Ten)
                    .SetStartDate(start.Time)
                    .SetEndDate(end.Time)
                    .Build();

                gen.Initialize(spec);
            }
            else
            {
                var spec = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Decrypt | KeyStorePurpose.Encrypt)
                    .SetCertificateSubject(subject)
                    .SetDigests(KeyProperties.DigestSha1)
                    .SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaOaep)
                    .Build();

                gen.Initialize(spec);
            }

            gen.GenerateKeyPair();
        }

        private KeyStore.PrivateKeyEntry GetRsaKeyEntry()
        {
            return _keyStore.GetEntry(KeyAlias, null) as KeyStore.PrivateKeyEntry;
        }

        private void GenerateAesKey()
        {
            if(_settings.Contains(AesKey))
            {
                return;
            }

            var key = App.Utilities.Crypto.RandomBytes(512 / 8);
            var encKey = RsaEncrypt(key);
            _settings.AddOrUpdateValue(AesKey, Convert.ToBase64String(encKey));
        }

        private App.Models.SymmetricCryptoKey GetAesKey()
        {
            try
            {
                var encKey = _settings.GetValueOrDefault<string>(AesKey);
                if(encKey == null)
                {
                    return null;
                }

                var encKeyBytes = Convert.FromBase64String(encKey);
                var key = RsaDecrypt(encKeyBytes);
                return new App.Models.SymmetricCryptoKey(key);
            }
            catch
            {
                Console.WriteLine("Cannot get AesKey.");
                _keyStore.DeleteEntry(KeyAlias);
                _settings.Remove(AesKey);
                return null;
            }
        }

        private byte[] RsaEncrypt(byte[] data)
        {
            using(var entry = GetRsaKeyEntry())
            using(var cipher = Cipher.GetInstance(_rsaMode))
            {
                cipher.Init(CipherMode.EncryptMode, entry.Certificate.PublicKey);
                var cipherText = cipher.DoFinal(data);
                return cipherText;
            }
        }

        private byte[] RsaDecrypt(byte[] encData)
        {
            using(var entry = GetRsaKeyEntry())
            using(var cipher = Cipher.GetInstance(_rsaMode))
            {
                if(_oldAndroid)
                {
                    cipher.Init(CipherMode.DecryptMode, entry.PrivateKey);
                }
                else
                {
                    cipher.Init(CipherMode.DecryptMode, entry.PrivateKey, OAEPParameterSpec.Default);
                }

                var plainText = cipher.DoFinal(encData);
                return plainText;
            }
        }

        private byte[] TryGetAndMigrateFromOldKeyStore(string key)
        {
            if(_oldKeyStorageService.Contains(key))
            {
                var value = _oldKeyStorageService.Retrieve(key);
                Store(key, value);
                _oldKeyStorageService.Delete(key);
                return value;
            }

            return null;
        }

        private void CleanupOldKeyStore(string key)
        {
            if(_oldKeyStorageService.Contains(key))
            {
                _oldKeyStorageService.Delete(key);
            }
        }
    }
}
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`using System.IO;`
			`using Java.Security;`
			`using Javax.Crypto;`
			`using Android.OS;`
			`using Bit.App.Abstractions;`
			`using System;`
			`using Android.Security;`
			`using Javax.Security.Auth.X500;`
			`using Java.Math;`
			`using Android.Security.Keystore;`
			`using Android.App;`
			`using Plugin.Settings.Abstractions;`
fix project refs 2017-05-27 18:45:03 +03:00			`using Java.Util;`
OAEPParameterSpec and provider specified 2017-06-07 06:27:57 +03:00			`using Javax.Crypto.Spec;`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00
			`namespace Bit.Android.Services`
			`{`
			`public class KeyStoreBackedStorageService : ISecureStorageService`
			`{`
			`private const string AndroidKeyStore = "AndroidKeyStore";`
			`private const string KeyAlias = "bitwardenKey";`
			`private const string SettingsFormat = "ksSecured:{0}";`
key names 2017-05-27 18:46:42 +03:00			`private const string AesKey = "ksSecured:aesKeyForService";`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00
cleanup rsa encryption 2017-06-06 05:25:59 +03:00			`private readonly string _rsaMode;`
			`private readonly bool _oldAndroid;`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`private readonly ISettings _settings;`
			`private readonly KeyStore _keyStore;`
centralized crypto utils. keystore with rsa. 2017-06-06 04:04:19 +03:00			`private readonly ISecureStorageService _oldKeyStorageService;`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00
			`public KeyStoreBackedStorageService(ISettings settings)`
			`{`
cleanup rsa encryption 2017-06-06 05:25:59 +03:00			`_oldAndroid = Build.VERSION.SdkInt < BuildVersionCodes.M;`
RSA/ECB/OAEPWithSHA-1AndMGF1Padding 2017-06-07 06:52:52 +03:00			`_rsaMode = _oldAndroid ? "RSA/ECB/PKCS1Padding" : "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";`
cleanup rsa encryption 2017-06-06 05:25:59 +03:00
keystore fixes 2017-05-27 19:23:35 +03:00			`_oldKeyStorageService = new KeyStoreStorageService(new char[] { });`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`_settings = settings;`

			`_keyStore = KeyStore.GetInstance(AndroidKeyStore);`
			`_keyStore.Load(null);`

centralized crypto utils. keystore with rsa. 2017-06-06 04:04:19 +03:00			`GenerateRsaKey();`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`GenerateAesKey();`
			`}`

			`public bool Contains(string key)`
			`{`
keystore fixes 2017-05-27 19:23:35 +03:00			`return _settings.Contains(string.Format(SettingsFormat, key)) \|\| _oldKeyStorageService.Contains(key);`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`}`

			`public void Delete(string key)`
			`{`
migrate and cleanup old key store 2017-05-27 18:42:22 +03:00			`CleanupOldKeyStore(key);`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`_settings.Remove(string.Format(SettingsFormat, key));`
			`}`

			`public byte[] Retrieve(string key)`
			`{`
keystore fixes 2017-05-27 19:23:35 +03:00			`var formattedKey = string.Format(SettingsFormat, key);`
			`if(!_settings.Contains(formattedKey))`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`{`
migrate and cleanup old key store 2017-05-27 18:42:22 +03:00			`return TryGetAndMigrateFromOldKeyStore(key);`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`}`

centralized crypto utils. keystore with rsa. 2017-06-06 04:04:19 +03:00			`var cs = _settings.GetValueOrDefault<string>(formattedKey);`
			`if(string.IsNullOrWhiteSpace(cs))`
			`{`
			`return null;`
			`}`

			`var aesKey = GetAesKey();`
			`if(aesKey == null)`
			`{`
			`return null;`
			`}`

			`try`
			`{`
			`return App.Utilities.Crypto.AesCbcDecrypt(new App.Models.CipherString(cs), aesKey);`
			`}`
KeyGenParameterSpec options added back. cleanup. 2017-06-07 07:10:31 +03:00			`catch`
centralized crypto utils. keystore with rsa. 2017-06-06 04:04:19 +03:00			`{`
			`Console.WriteLine("Failed to decrypt from secure storage.");`
			`_settings.Remove(formattedKey);`
email crash report for key store service 2017-06-07 05:04:54 +03:00			`return null;`
centralized crypto utils. keystore with rsa. 2017-06-06 04:04:19 +03:00			`}`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`}`

			`public void Store(string key, byte[] dataBytes)`
			`{`
keystore fixes 2017-05-27 19:23:35 +03:00			`var formattedKey = string.Format(SettingsFormat, key);`
migrate and cleanup old key store 2017-05-27 18:42:22 +03:00			`CleanupOldKeyStore(key);`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`if(dataBytes == null)`
			`{`
keystore fixes 2017-05-27 19:23:35 +03:00			`_settings.Remove(formattedKey);`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`return;`
			`}`

centralized crypto utils. keystore with rsa. 2017-06-06 04:04:19 +03:00			`var aesKey = GetAesKey();`
			`if(aesKey == null)`
			`{`
			`return;`
			`}`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00
centralized crypto utils. keystore with rsa. 2017-06-06 04:04:19 +03:00			`try`
			`{`
			`var cipherString = App.Utilities.Crypto.AesCbcEncrypt(dataBytes, aesKey);`
			`_settings.AddOrUpdateValue(formattedKey, cipherString.EncryptedString);`
			`}`
KeyGenParameterSpec options added back. cleanup. 2017-06-07 07:10:31 +03:00			`catch`
centralized crypto utils. keystore with rsa. 2017-06-06 04:04:19 +03:00			`{`
			`Console.WriteLine("Failed to encrypt to secure storage.");`
			`}`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`}`

centralized crypto utils. keystore with rsa. 2017-06-06 04:04:19 +03:00			`private void GenerateRsaKey()`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`{`
			`if(_keyStore.ContainsAlias(KeyAlias))`
			`{`
			`return;`
			`}`

cleanup rsa encryption 2017-06-06 05:25:59 +03:00			`var gen = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStore);`
centralized crypto utils. keystore with rsa. 2017-06-06 04:04:19 +03:00			`var start = Calendar.Instance;`
			`var end = Calendar.Instance;`
			`end.Add(CalendarField.Year, 30);`
			`var subject = new X500Principal($"CN={KeyAlias}");`

KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`if(_oldAndroid)`
			`{`
revert back to KeyPairGeneratorSpec KeyGenParameterSpec crashes 2017-06-03 04:58:20 +03:00			`var spec = new KeyPairGeneratorSpec.Builder(Application.Context)`
			`.SetAlias(KeyAlias)`
centralized crypto utils. keystore with rsa. 2017-06-06 04:04:19 +03:00			`.SetSubject(subject)`
revert back to KeyPairGeneratorSpec KeyGenParameterSpec crashes 2017-06-03 04:58:20 +03:00			`.SetSerialNumber(BigInteger.Ten)`
			`.SetStartDate(start.Time)`
			`.SetEndDate(end.Time)`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`.Build();`

			`gen.Initialize(spec);`
			`}`
			`else`
			`{`
			`var spec = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Decrypt \| KeyStorePurpose.Encrypt)`
KeyGenParameterSpec options added back. cleanup. 2017-06-07 07:10:31 +03:00			`.SetCertificateSubject(subject)`
sha1 digest 2017-06-07 05:53:14 +03:00			`.SetDigests(KeyProperties.DigestSha1)`
cleanup rsa encryption 2017-06-06 05:25:59 +03:00			`.SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaOaep)`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`.Build();`

cleanup rsa encryption 2017-06-06 05:25:59 +03:00			`gen.Initialize(spec);`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`}`
cleanup rsa encryption 2017-06-06 05:25:59 +03:00
			`gen.GenerateKeyPair();`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`}`

centralized crypto utils. keystore with rsa. 2017-06-06 04:04:19 +03:00			`private KeyStore.PrivateKeyEntry GetRsaKeyEntry()`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`{`
centralized crypto utils. keystore with rsa. 2017-06-06 04:04:19 +03:00			`return _keyStore.GetEntry(KeyAlias, null) as KeyStore.PrivateKeyEntry;`
			`}`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00
centralized crypto utils. keystore with rsa. 2017-06-06 04:04:19 +03:00			`private void GenerateAesKey()`
			`{`
key names 2017-05-27 18:46:42 +03:00			`if(_settings.Contains(AesKey))`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`{`
			`return;`
			`}`

centralized crypto utils. keystore with rsa. 2017-06-06 04:04:19 +03:00			`var key = App.Utilities.Crypto.RandomBytes(512 / 8);`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`var encKey = RsaEncrypt(key);`
key names 2017-05-27 18:46:42 +03:00			`_settings.AddOrUpdateValue(AesKey, Convert.ToBase64String(encKey));`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`}`

centralized crypto utils. keystore with rsa. 2017-06-06 04:04:19 +03:00			`private App.Models.SymmetricCryptoKey GetAesKey()`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`{`
centralized crypto utils. keystore with rsa. 2017-06-06 04:04:19 +03:00			`try`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`{`
key names 2017-05-27 18:46:42 +03:00			`var encKey = _settings.GetValueOrDefault<string>(AesKey);`
centralized crypto utils. keystore with rsa. 2017-06-06 04:04:19 +03:00			`if(encKey == null)`
			`{`
			`return null;`
			`}`

KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`var encKeyBytes = Convert.FromBase64String(encKey);`
			`var key = RsaDecrypt(encKeyBytes);`
centralized crypto utils. keystore with rsa. 2017-06-06 04:04:19 +03:00			`return new App.Models.SymmetricCryptoKey(key);`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`}`
KeyGenParameterSpec options added back. cleanup. 2017-06-07 07:10:31 +03:00			`catch`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`{`
centralized crypto utils. keystore with rsa. 2017-06-06 04:04:19 +03:00			`Console.WriteLine("Cannot get AesKey.");`
			`_keyStore.DeleteEntry(KeyAlias);`
			`_settings.Remove(AesKey);`
email crash report for key store service 2017-06-07 05:04:54 +03:00			`return null;`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`}`
			`}`

cleanup rsa encryption 2017-06-06 05:25:59 +03:00			`private byte[] RsaEncrypt(byte[] data)`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`{`
cleanup rsa encryption 2017-06-06 05:25:59 +03:00			`using(var entry = GetRsaKeyEntry())`
			`using(var cipher = Cipher.GetInstance(_rsaMode))`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`{`
cleanup rsa encryption 2017-06-06 05:25:59 +03:00			`cipher.Init(CipherMode.EncryptMode, entry.Certificate.PublicKey);`
			`var cipherText = cipher.DoFinal(data);`
			`return cipherText;`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`}`
cleanup rsa encryption 2017-06-06 05:25:59 +03:00			`}`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00
cleanup rsa encryption 2017-06-06 05:25:59 +03:00			`private byte[] RsaDecrypt(byte[] encData)`
			`{`
			`using(var entry = GetRsaKeyEntry())`
RSA/ECB/OAEPWithSHA-1AndMGF1Padding 2017-06-07 06:52:52 +03:00			`using(var cipher = Cipher.GetInstance(_rsaMode))`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`{`
oaep spec only for "new android" 2017-06-08 04:44:53 +03:00			`if(_oldAndroid)`
			`{`
			`cipher.Init(CipherMode.DecryptMode, entry.PrivateKey);`
			`}`
			`else`
			`{`
			`cipher.Init(CipherMode.DecryptMode, entry.PrivateKey, OAEPParameterSpec.Default);`
			`}`

cleanup rsa encryption 2017-06-06 05:25:59 +03:00			`var plainText = cipher.DoFinal(encData);`
			`return plainText;`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`}`
			`}`
migrate and cleanup old key store 2017-05-27 18:42:22 +03:00
			`private byte[] TryGetAndMigrateFromOldKeyStore(string key)`
			`{`
			`if(_oldKeyStorageService.Contains(key))`
			`{`
			`var value = _oldKeyStorageService.Retrieve(key);`
			`Store(key, value);`
			`_oldKeyStorageService.Delete(key);`
			`return value;`
			`}`

			`return null;`
			`}`

			`private void CleanupOldKeyStore(string key)`
			`{`
			`if(_oldKeyStorageService.Contains(key))`
			`{`
			`_oldKeyStorageService.Delete(key);`
			`}`
			`}`
KeyStoreBackedStorageService 2017-05-27 08:05:12 +03:00			`}`
			`}`