Trying to prevent crash due to unusable key store master key
This commit is contained in:
Sylvain Berfini
parent
d941f80cf6
commit
f2447e4c86
2 changed files with 30 additions and 12 deletions
|
|
@ -883,11 +883,16 @@ class CoreContext(val context: Context, coreConfig: Config) {
|
||||||
fun activateVFS() {
|
fun activateVFS() {
|
||||||
try {
|
try {
|
||||||
Log.i("[Context] Activating VFS")
|
Log.i("[Context] Activating VFS")
|
||||||
|
val preferences = corePreferences.encryptedSharedPreferences
|
||||||
|
if (preferences == null) {
|
||||||
|
Log.e("[Context] Can't get encrypted SharedPreferences, can't init VFS")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
if (corePreferences.encryptedSharedPreferences.getString(VFS_IV, null) == null) {
|
if (preferences.getString(VFS_IV, null) == null) {
|
||||||
generateSecretKey()
|
generateSecretKey()
|
||||||
encryptToken(generateToken()).let { data ->
|
encryptToken(generateToken()).let { data ->
|
||||||
corePreferences.encryptedSharedPreferences
|
preferences
|
||||||
.edit()
|
.edit()
|
||||||
.putString(VFS_IV, data.first)
|
.putString(VFS_IV, data.first)
|
||||||
.putString(VFS_KEY, data.second)
|
.putString(VFS_KEY, data.second)
|
||||||
|
|
@ -896,7 +901,7 @@ class CoreContext(val context: Context, coreConfig: Config) {
|
||||||
}
|
}
|
||||||
Factory.instance().setVfsEncryption(
|
Factory.instance().setVfsEncryption(
|
||||||
LINPHONE_VFS_ENCRYPTION_AES256GCM128_SHA256,
|
LINPHONE_VFS_ENCRYPTION_AES256GCM128_SHA256,
|
||||||
getVfsKey(corePreferences.encryptedSharedPreferences).toByteArray().copyOfRange(0, 32),
|
getVfsKey(preferences).toByteArray().copyOfRange(0, 32),
|
||||||
32
|
32
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -26,6 +26,7 @@ import androidx.security.crypto.MasterKey
|
||||||
import java.io.File
|
import java.io.File
|
||||||
import java.io.FileInputStream
|
import java.io.FileInputStream
|
||||||
import java.io.FileOutputStream
|
import java.io.FileOutputStream
|
||||||
|
import java.security.KeyStoreException
|
||||||
import org.linphone.LinphoneApplication.Companion.coreContext
|
import org.linphone.LinphoneApplication.Companion.coreContext
|
||||||
import org.linphone.compatibility.Compatibility
|
import org.linphone.compatibility.Compatibility
|
||||||
import org.linphone.core.tools.Log
|
import org.linphone.core.tools.Log
|
||||||
|
|
@ -46,26 +47,38 @@ class CorePreferences constructor(private val context: Context) {
|
||||||
private const val encryptedSharedPreferencesFile = "encrypted.pref"
|
private const val encryptedSharedPreferencesFile = "encrypted.pref"
|
||||||
}
|
}
|
||||||
|
|
||||||
val encryptedSharedPreferences: SharedPreferences by lazy {
|
val encryptedSharedPreferences: SharedPreferences? by lazy {
|
||||||
val masterKey: MasterKey = MasterKey.Builder(
|
val masterKey: MasterKey = MasterKey.Builder(
|
||||||
context,
|
context,
|
||||||
MasterKey.DEFAULT_MASTER_KEY_ALIAS
|
MasterKey.DEFAULT_MASTER_KEY_ALIAS
|
||||||
).setKeyScheme(MasterKey.KeyScheme.AES256_GCM).build()
|
).setKeyScheme(MasterKey.KeyScheme.AES256_GCM).build()
|
||||||
EncryptedSharedPreferences.create(
|
try {
|
||||||
context, encryptedSharedPreferencesFile, masterKey,
|
EncryptedSharedPreferences.create(
|
||||||
EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
|
context, encryptedSharedPreferencesFile, masterKey,
|
||||||
EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
|
EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
|
||||||
)
|
EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
|
||||||
|
)
|
||||||
|
} catch (kse: KeyStoreException) {
|
||||||
|
Log.e("[VFS] Keystore exception: $kse")
|
||||||
|
null
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var vfsEnabled: Boolean
|
var vfsEnabled: Boolean
|
||||||
get() = encryptedSharedPreferences.getBoolean("vfs_enabled", false)
|
get() = encryptedSharedPreferences?.getBoolean("vfs_enabled", false) ?: false
|
||||||
set(value) {
|
set(value) {
|
||||||
if (!value && encryptedSharedPreferences.getBoolean("vfs_enabled", false)) {
|
val preferences = encryptedSharedPreferences
|
||||||
|
if (preferences == null) {
|
||||||
|
Log.e("[VFS] Failed to get encrypted SharedPreferences")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!value && preferences.getBoolean("vfs_enabled", false)) {
|
||||||
Log.w("[VFS] It is not possible to disable VFS once it has been enabled")
|
Log.w("[VFS] It is not possible to disable VFS once it has been enabled")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
encryptedSharedPreferences.edit().putBoolean("vfs_enabled", value).apply()
|
|
||||||
|
preferences.edit().putBoolean("vfs_enabled", value)?.apply()
|
||||||
// When VFS is enabled we disable logcat output for linphone logs
|
// When VFS is enabled we disable logcat output for linphone logs
|
||||||
// TODO: decide if we do it
|
// TODO: decide if we do it
|
||||||
// logcatLogsOutput = false
|
// logcatLogsOutput = false
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue