Update encryption method to support api level 18+

Author: carmenlau

skygear/build.gradle

@@ -42,7 +42,7 @@ android {
     useLibrary 'org.apache.http.legacy'
 
     defaultConfig {
-        minSdkVersion 16
+        minSdkVersion 18
         targetSdkVersion 26
         versionCode 1
         versionName skygearVersion

skygear/src/main/java/io/skygear/skygear/PersistentStore.java

@@ -42,7 +42,7 @@ class PersistentStore {
     static final String DEVICE_ID_KEY = "device_id";
     static final String DEVICE_TOKEN_KEY = "device_token";
 
-    private final Context context;
+    final Context context;
     /**
      * The Current user.
      */

skygear/src/main/java/io/skygear/skygear/SecurePersistentStore.java

@@ -3,31 +3,39 @@
 import android.content.Context;
 import android.content.SharedPreferences;
 import android.os.Build;
-import android.security.keystore.KeyGenParameterSpec;
-import android.security.keystore.KeyProperties;
+import android.security.KeyPairGeneratorSpec;
 import android.util.Base64;
 import android.util.Log;
 
 import org.json.JSONObject;
 
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
-import java.io.UnsupportedEncodingException;
+import java.math.BigInteger;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
+import java.security.PublicKey;
+import java.security.SecureRandom;
 import java.security.UnrecoverableEntryException;
 import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Calendar;
 
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
+import javax.crypto.CipherInputStream;
+import javax.crypto.CipherOutputStream;
 import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.KeyGenerator;
 import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.GCMParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import javax.security.auth.x500.X500Principal;
 
 /**
  * The Skygear secure persistent store.
@@ -38,15 +46,15 @@
 class SecurePersistentStore extends PersistentStore {
     private static final String TAG = "Skygear SDK";
 
-    static final String ACCESS_TOKEN_KEY_ALIAS = "SkygearAccessTokenKey";
-    static final String CURRENT_USER_KEY_ALIAS = "SkygearCurrentUserKey";
+    static final String KEY_ALIAS = "SkygearKey";
 
     static final String CURRENT_USER_ENCRYPTED_KEY = "current_user_encrypted";
     static final String ACCESS_TOKEN_ENCRYPTED_KEY = "access_token_encrypted";
-    static final String CURRENT_USER_IV_KEY = "current_user_iv";
-    static final String ACCESS_TOKEN_IV_KEY = "access_token_iv";
+    static final String CURRENT_USER_ENCRYPTED_KEY_KEY = "current_user_encrypted_key";
+    static final String ACCESS_TOKEN_ENCRYPTED_KEY_KEY = "access_token_encrypted_key";
 
-    private static final String TRANSFORMATION = "AES/GCM/NoPadding";
+    private static final String RSA_MODE =  "RSA/ECB/PKCS1Padding";
+    private static final String AES_MODE = "AES/ECB/PKCS7Padding";
     private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
 
     Encryptor encryptor;
@@ -59,17 +67,15 @@ public SecurePersistentStore(Context context) {
     @Override
     void restoreAuthUser(SharedPreferences pref) {
         String encryptedCurrentUser = pref.getString(CURRENT_USER_ENCRYPTED_KEY, null);
-        String encodedIV = pref.getString(CURRENT_USER_IV_KEY, null);
+        String encryptedKey = pref.getString(CURRENT_USER_ENCRYPTED_KEY_KEY, null);
 
-        if (encryptedCurrentUser == null || encodedIV == null) {
+        if (encryptedCurrentUser == null || encryptedKey == null) {
             this.currentUser = null;
             return;
         }
 
         try {
-            byte[] encryptedData = base64DecodeToByte(encryptedCurrentUser);
-            byte[] iv = base64DecodeToByte(encodedIV);
-            String currentUserString = getDecryptor().decryptData(CURRENT_USER_KEY_ALIAS, encryptedData, iv);
+            String currentUserString = getDecryptor().decryptData(encryptedKey, encryptedCurrentUser);
             this.currentUser = RecordSerializer.deserialize(
                     new JSONObject(currentUserString)
             );
@@ -84,34 +90,30 @@ void saveAuthUser(SharedPreferences.Editor prefEditor) {
         if (this.currentUser != null) {
             String currentUserString = RecordSerializer.serialize(this.currentUser).toString();
             try {
-                EncryptedResult r = getEncryptor().encryptText(CURRENT_USER_KEY_ALIAS, currentUserString);
-                String encryptedCurrentUser = base64EncodeToString(r.encryptedData);
-                String encodedIV = base64EncodeToString(r.initializationVector);
-                prefEditor.putString(CURRENT_USER_ENCRYPTED_KEY, encryptedCurrentUser);
-                prefEditor.putString(CURRENT_USER_IV_KEY, encodedIV);
+                EncryptedResult r = getEncryptor().encryptText(currentUserString);
+                prefEditor.putString(CURRENT_USER_ENCRYPTED_KEY, r.encryptedData);
+                prefEditor.putString(CURRENT_USER_ENCRYPTED_KEY_KEY, r.encryptedKey);
             } catch (Exception e) {
                 Log.w(TAG, "Fail to encrypt and save current user object", e);
             }
         } else {
             prefEditor.remove(CURRENT_USER_ENCRYPTED_KEY);
-            prefEditor.remove(CURRENT_USER_IV_KEY);
+            prefEditor.remove(CURRENT_USER_ENCRYPTED_KEY_KEY);
         }
     }
 
     @Override
     void restoreAccessToken(SharedPreferences pref) {
         String encryptedAccessToken = pref.getString(ACCESS_TOKEN_ENCRYPTED_KEY, null);
-        String encodedIV = pref.getString(ACCESS_TOKEN_IV_KEY, null);
+        String encryptedKey = pref.getString(ACCESS_TOKEN_ENCRYPTED_KEY_KEY, null);
 
-        if (encryptedAccessToken == null || encodedIV == null) {
+        if (encryptedAccessToken == null || encryptedKey == null) {
             this.accessToken = null;
             return;
         }
 
         try {
-            byte[] encryptedData = base64DecodeToByte(encryptedAccessToken);
-            byte[] iv = base64DecodeToByte(encodedIV);
-            this.accessToken = getDecryptor().decryptData(ACCESS_TOKEN_KEY_ALIAS, encryptedData, iv);
+            this.accessToken = getDecryptor().decryptData(encryptedKey, encryptedAccessToken);
         } catch (Exception e) {
             Log.w(TAG, "Fail to decrypt saved access token", e);
             this.accessToken = null;
@@ -122,105 +124,179 @@ void restoreAccessToken(SharedPreferences pref) {
     void saveAccessToken(SharedPreferences.Editor prefEditor) {
         if (this.accessToken != null) {
             try {
-                EncryptedResult r = getEncryptor().encryptText(ACCESS_TOKEN_KEY_ALIAS, this.accessToken);
-                String ecryptedAccessToken = base64EncodeToString(r.encryptedData);
-                String encodedIV = base64EncodeToString(r.initializationVector);
-                prefEditor.putString(ACCESS_TOKEN_ENCRYPTED_KEY, ecryptedAccessToken);
-                prefEditor.putString(ACCESS_TOKEN_IV_KEY, encodedIV);
+                EncryptedResult r = getEncryptor().encryptText(this.accessToken);
+                prefEditor.putString(ACCESS_TOKEN_ENCRYPTED_KEY, r.encryptedData);
+                prefEditor.putString(ACCESS_TOKEN_ENCRYPTED_KEY_KEY, r.encryptedKey);
             } catch (Exception e) {
                 Log.w(TAG, "Fail to encrypt and save access token", e);
             }
         } else {
             prefEditor.remove(ACCESS_TOKEN_ENCRYPTED_KEY);
-            prefEditor.remove(ACCESS_TOKEN_IV_KEY);
+            prefEditor.remove(ACCESS_TOKEN_ENCRYPTED_KEY_KEY);
         }
     }
 
-    protected String base64EncodeToString(byte[] b) {
-        return Base64.encodeToString(b, Base64.DEFAULT);
-    }
-
-    protected byte[] base64DecodeToByte(String s) {
-        return Base64.decode(s, Base64.DEFAULT);
-    }
-
-    protected Encryptor getEncryptor() {
+    private Encryptor getEncryptor() {
         if (encryptor == null) {
-            encryptor = new Encryptor();
+            encryptor = new Encryptor(this.context);
         }
         return encryptor;
     }
 
-    protected Decryptor getDecryptor() {
+    private Decryptor getDecryptor() {
         if (decryptor == null) {
             decryptor = new Decryptor();
         }
         return decryptor;
     }
 
+    private String getRSACipherProvider() {
+        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.M) {
+            return "AndroidOpenSSL";
+        } else {
+            return "AndroidKeyStoreBCWorkaround";
+        }
+    }
+
     class Decryptor {
 
         private KeyStore keyStore;
 
-        String decryptData(final String alias, final byte[] encrypted, final byte[] iv) throws NoSuchPaddingException,
-                NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException, InvalidAlgorithmParameterException,
-                InvalidKeyException, BadPaddingException, IllegalBlockSizeException, IOException, CertificateException {
-            final Cipher cipher = Cipher.getInstance(TRANSFORMATION);
-            final GCMParameterSpec spec = new GCMParameterSpec(128, iv);
-            cipher.init(Cipher.DECRYPT_MODE, getSecretKey(alias), spec);
-            return new String(cipher.doFinal(encrypted), "UTF-8");
-        }
+        private byte[] rsaDecrypt(byte[] encrypted) throws KeyStoreException,
+                CertificateException, NoSuchAlgorithmException, IOException, NoSuchProviderException,
+                NoSuchPaddingException, InvalidKeyException, UnrecoverableEntryException {
 
-        private SecretKey getSecretKey(final String alias) throws UnrecoverableEntryException,
-                NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException {
             if (keyStore == null) {
                 keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
                 keyStore.load(null);
             }
-            return ((KeyStore.SecretKeyEntry) keyStore.getEntry(alias, null)).getSecretKey();
+            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry)keyStore.getEntry(
+                    KEY_ALIAS, null);
+            Cipher output = Cipher.getInstance(RSA_MODE, getRSACipherProvider());
+            output.init(Cipher.DECRYPT_MODE, privateKeyEntry.getPrivateKey());
+            CipherInputStream cipherInputStream = new CipherInputStream(
+                    new ByteArrayInputStream(encrypted), output);
+            ArrayList<Byte> values = new ArrayList<>();
+            int nextByte;
+            while ((nextByte = cipherInputStream.read()) != -1) {
+                values.add((byte)nextByte);
+            }
+
+            byte[] bytes = new byte[values.size()];
+            for(int i = 0; i < bytes.length; i++) {
+                bytes[i] = values.get(i).byteValue();
+            }
+            return bytes;
+        }
+
+        String decryptData(final String encryptedKey, final String encryptedData) throws NoSuchPaddingException,
+                NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException,
+                InvalidKeyException, IOException, CertificateException, NoSuchProviderException,
+                BadPaddingException, IllegalBlockSizeException {
+            byte[] encryptedKeyBytes = Base64.decode(encryptedKey, Base64.DEFAULT);
+            byte[] encryptedDataBytes = Base64.decode(encryptedData, Base64.DEFAULT);
+            byte[] secretKey = rsaDecrypt(encryptedKeyBytes);
+
+            Cipher c = Cipher.getInstance(AES_MODE, "BC");
+            c.init(Cipher.DECRYPT_MODE, new SecretKeySpec(secretKey, "AES"));
+            byte[] decodedBytes = c.doFinal(encryptedDataBytes);
+            return new String(decodedBytes, "UTF-8");
         }
     }
 
     class Encryptor {
 
-        EncryptedResult encryptText(final String alias, final String textToEncrypt) throws NoSuchPaddingException,
-                NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException,
-                InvalidKeyException, BadPaddingException, IllegalBlockSizeException, UnsupportedEncodingException {
+        private final Context context;
+        private KeyStore keyStore;
 
-            final Cipher cipher = Cipher.getInstance(TRANSFORMATION);
-            cipher.init(Cipher.ENCRYPT_MODE, getSecretKey(alias));
-            byte[] iv = cipher.getIV();
+        Encryptor(Context context) {
+            super();
+            this.context = context;
+        }
 
-            return new EncryptedResult(cipher.doFinal(textToEncrypt.getBytes("UTF-8")), iv);
+        EncryptedResult encryptText(final String textToEncrypt) throws NoSuchPaddingException,
+                NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException,
+                BadPaddingException, IllegalBlockSizeException, CertificateException, KeyStoreException,
+                UnrecoverableEntryException, InvalidAlgorithmParameterException {
+            byte[] secretKey = generateAESSecret();
+            byte[] encryptedKeyBytes = rsaEncrypt(secretKey);
+            String encryptedKey = Base64.encodeToString(encryptedKeyBytes, Base64.DEFAULT);
+
+            Cipher c = Cipher.getInstance(AES_MODE, "BC");
+            c.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(secretKey, "AES"));
+            byte[] encodedBytes = c.doFinal(textToEncrypt.getBytes("UTF-8"));
+            String encryptedBase64Encoded = Base64.encodeToString(encodedBytes, Base64.DEFAULT);
+            return new EncryptedResult(encryptedKey, encryptedBase64Encoded);
         }
 
-        private SecretKey getSecretKey(final String alias) throws NoSuchAlgorithmException,
-                NoSuchProviderException, InvalidAlgorithmParameterException {
-            KeyGenerator keyGenerator;
-
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-                keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, ANDROID_KEY_STORE);
-                keyGenerator.init(new KeyGenParameterSpec.Builder(
-                        alias, KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
-                        .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
-                        .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
-                        .build());
-            } else {
-                keyGenerator = KeyGenerator.getInstance(ANDROID_KEY_STORE);
-                // fixup init keyGenerator
+        private byte[] generateAESSecret() {
+            byte[] key = new byte[16];
+            SecureRandom secureRandom = new SecureRandom();
+            secureRandom.nextBytes(key);
+            return key;
+        }
+
+        private byte[] rsaEncrypt(byte[] secret) throws NoSuchAlgorithmException,
+                IOException, NoSuchProviderException, NoSuchPaddingException,
+                InvalidKeyException, InvalidAlgorithmParameterException, CertificateException,
+                KeyStoreException, UnrecoverableEntryException {
+            PublicKey publicKey = getRSAPublicKey();
+            Cipher inputCipher = Cipher.getInstance(RSA_MODE, getRSACipherProvider());
+            inputCipher.init(Cipher.ENCRYPT_MODE, publicKey);
+
+            ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
+            CipherOutputStream cipherOutputStream = new CipherOutputStream(outputStream, inputCipher);
+            cipherOutputStream.write(secret);
+            cipherOutputStream.close();
+
+            byte[] vals = outputStream.toByteArray();
+            return vals;
+        }
+
+        private PublicKey getRSAPublicKey() throws NoSuchAlgorithmException,
+                NoSuchProviderException, InvalidAlgorithmParameterException, KeyStoreException,
+                IOException, CertificateException, UnrecoverableEntryException {
+            if (keyStore == null) {
+                keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
+                keyStore.load(null);
+            }
+
+            if (!keyStore.containsAlias(KEY_ALIAS)) {
+                return generateRSAPublicKey(KEY_ALIAS);
             }
-            return keyGenerator.generateKey();
+
+            return ((KeyStore.PrivateKeyEntry) keyStore.getEntry(KEY_ALIAS, null))
+                    .getCertificate().getPublicKey();
         }
 
+        private PublicKey generateRSAPublicKey(final String alias) throws NoSuchAlgorithmException,
+                NoSuchProviderException, InvalidAlgorithmParameterException {
+            Calendar start = Calendar.getInstance();
+            Calendar end = Calendar.getInstance();
+            end.add(Calendar.YEAR, 1);
+            KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(this.context)
+                    .setAlias(alias)
+                    .setSerialNumber(BigInteger.ONE)
+                    .setSubject(new X500Principal("CN=" + alias))
+                    .setStartDate(start.getTime())
+                    .setEndDate(end.getTime())
+                    .build();
+            KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", ANDROID_KEY_STORE);
+            generator.initialize(spec);
+
+            KeyPair keyPair = generator.generateKeyPair();
+            return keyPair.getPublic();
+        }
     }
 
     class EncryptedResult {
-        byte[] encryptedData;
-        byte[] initializationVector;
+        String encryptedKey;
+        String encryptedData;
 
-        EncryptedResult(byte[] data, byte[] iv) {
-            encryptedData = data;
-            initializationVector = iv;
+        EncryptedResult(String encryptedKey, String encryptedData) {
+            super();
+            this.encryptedKey = encryptedKey;
+            this.encryptedData = encryptedData;
         }
     }
 }

skygear_example/build.gradle

@@ -36,7 +36,7 @@ android {
 
     defaultConfig {
         applicationId "io.skygear.skygear_example"
-        minSdkVersion 16
+        minSdkVersion 18
         targetSdkVersion 26
         versionCode 1
         versionName "1.0"