1
0
mirror of https://github.com/bitwarden/mobile.git synced 2024-11-04 08:50:18 +01:00

key store cleanup

This commit is contained in:
Kyle Spearrin 2017-05-27 22:21:45 -04:00
parent d392dc82a1
commit 04bf86c21d

View File

@ -102,12 +102,11 @@ namespace Bit.Android.Services
end.Add(CalendarField.Year, 30); end.Add(CalendarField.Year, 30);
var gen = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStore); var gen = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStore);
var spec = new KeyPairGeneratorSpec.Builder(Application.Context) var spec = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt)
.SetAlias(KeyAlias) .SetCertificateSubject(new X500Principal($"CN={KeyAlias}"))
.SetSubject(new X500Principal($"CN={KeyAlias}")) .SetCertificateSerialNumber(BigInteger.Ten)
.SetSerialNumber(BigInteger.Ten) .SetKeyValidityStart(start.Time)
.SetStartDate(start.Time) .SetKeyValidityEnd(end.Time)
.SetEndDate(end.Time)
.Build(); .Build();
gen.Initialize(spec); gen.Initialize(spec);
@ -117,7 +116,8 @@ namespace Bit.Android.Services
{ {
var gen = KeyGenerator.GetInstance(KeyProperties.KeyAlgorithmAes, AndroidKeyStore); var gen = KeyGenerator.GetInstance(KeyProperties.KeyAlgorithmAes, AndroidKeyStore);
var spec = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Decrypt | KeyStorePurpose.Encrypt) var spec = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Decrypt | KeyStorePurpose.Encrypt)
.SetBlockModes(KeyProperties.BlockModeGcm).SetEncryptionPaddings(KeyProperties.EncryptionPaddingNone) .SetBlockModes(KeyProperties.BlockModeGcm)
.SetEncryptionPaddings(KeyProperties.EncryptionPaddingNone)
.Build(); .Build();
gen.Init(spec); gen.Init(spec);
@ -153,16 +153,18 @@ namespace Bit.Android.Services
} }
else else
{ {
var entry = _keyStore.GetEntry(KeyAlias, null) as KeyStore.SecretKeyEntry; return _keyStore.GetKey(KeyAlias, null);
return entry.SecretKey;
} }
} }
private KeyStore.PrivateKeyEntry GetRsaKeyEntry()
{
return _keyStore.GetEntry(KeyAlias, null) as KeyStore.PrivateKeyEntry;
}
private string AesEncrypt(byte[] input) private string AesEncrypt(byte[] input)
{ {
var cipher = Cipher.GetInstance(AesMode); var cipher = Cipher.GetInstance(AesMode);
//var ivBytes = RandomBytes(12);
//var spec = new GCMParameterSpec(128, ivBytes);
cipher.Init(CipherMode.EncryptMode, GetAesKey()); cipher.Init(CipherMode.EncryptMode, GetAesKey());
var encBytes = cipher.DoFinal(input); var encBytes = cipher.DoFinal(input);
var ivBytes = cipher.GetIV(); var ivBytes = cipher.GetIV();
@ -184,7 +186,7 @@ namespace Bit.Android.Services
private byte[] RsaEncrypt(byte[] input) private byte[] RsaEncrypt(byte[] input)
{ {
var entry = _keyStore.GetEntry(KeyAlias, null) as KeyStore.PrivateKeyEntry; var entry = GetRsaKeyEntry();
var inputCipher = Cipher.GetInstance(RsaMode, AndroidOpenSSL); var inputCipher = Cipher.GetInstance(RsaMode, AndroidOpenSSL);
inputCipher.Init(CipherMode.EncryptMode, entry.Certificate.PublicKey); inputCipher.Init(CipherMode.EncryptMode, entry.Certificate.PublicKey);
@ -200,7 +202,7 @@ namespace Bit.Android.Services
private byte[] RsaDecrypt(byte[] encInput) private byte[] RsaDecrypt(byte[] encInput)
{ {
var entry = _keyStore.GetEntry(KeyAlias, null) as KeyStore.PrivateKeyEntry; var entry = GetRsaKeyEntry();
var outputCipher = Cipher.GetInstance(RsaMode, AndroidOpenSSL); var outputCipher = Cipher.GetInstance(RsaMode, AndroidOpenSSL);
outputCipher.Init(CipherMode.DecryptMode, entry.PrivateKey); outputCipher.Init(CipherMode.DecryptMode, entry.PrivateKey);