From 6d209968ecd39539ac704bc40c1c7898beb1cee9 Mon Sep 17 00:00:00 2001 From: Avently <7953703+avently@users.noreply.github.com> Date: Thu, 20 Mar 2025 01:41:46 +0700 Subject: [PATCH 1/2] android: StrongBox support --- .../common/platform/Cryptor.android.kt | 26 ++++++++++++++----- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/apps/multiplatform/common/src/androidMain/kotlin/chat/simplex/common/platform/Cryptor.android.kt b/apps/multiplatform/common/src/androidMain/kotlin/chat/simplex/common/platform/Cryptor.android.kt index d9a5fb59e3..07264c6f6b 100644 --- a/apps/multiplatform/common/src/androidMain/kotlin/chat/simplex/common/platform/Cryptor.android.kt +++ b/apps/multiplatform/common/src/androidMain/kotlin/chat/simplex/common/platform/Cryptor.android.kt @@ -1,6 +1,7 @@ package chat.simplex.common.platform import android.annotation.SuppressLint +import android.os.Build import android.security.keystore.KeyGenParameterSpec import android.security.keystore.KeyProperties import chat.simplex.common.views.helpers.AlertManager @@ -71,13 +72,24 @@ internal class Cryptor: CryptorInterface { private fun createSecretKey(alias: String): SecretKey? { if (keyStore.containsAlias(alias)) return getSecretKey(alias) val keyGenerator: KeyGenerator = KeyGenerator.getInstance(KEY_ALGORITHM, "AndroidKeyStore") - keyGenerator.init( - KeyGenParameterSpec.Builder(alias, KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT) - .setBlockModes(BLOCK_MODE) - .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE) - .build() - ) - return keyGenerator.generateKey() + val builder = KeyGenParameterSpec.Builder(alias, KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT) + .setBlockModes(BLOCK_MODE) + .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE) + return if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) { + try { + keyGenerator.init(builder.setIsStrongBoxBacked(true).build()) + val key = keyGenerator.generateKey() + Log.w(TAG, "StrongBox support is present") + key + } catch (e: Exception) { + Log.w(TAG, "No StrongBox support") + keyGenerator.init(builder.setIsStrongBoxBacked(false).build()) + keyGenerator.generateKey() + } + } else { + keyGenerator.init(builder.build()) + keyGenerator.generateKey() + } } private fun getSecretKey(alias: String): SecretKey? { From 7f17f1fafaf61a17c46c5dac327228a9f18e18e6 Mon Sep 17 00:00:00 2001 From: Avently <7953703+avently@users.noreply.github.com> Date: Thu, 20 Mar 2025 01:45:32 +0700 Subject: [PATCH 2/2] specific exception --- .../kotlin/chat/simplex/common/platform/Cryptor.android.kt | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/apps/multiplatform/common/src/androidMain/kotlin/chat/simplex/common/platform/Cryptor.android.kt b/apps/multiplatform/common/src/androidMain/kotlin/chat/simplex/common/platform/Cryptor.android.kt index 07264c6f6b..e59df2f4b0 100644 --- a/apps/multiplatform/common/src/androidMain/kotlin/chat/simplex/common/platform/Cryptor.android.kt +++ b/apps/multiplatform/common/src/androidMain/kotlin/chat/simplex/common/platform/Cryptor.android.kt @@ -2,8 +2,7 @@ package chat.simplex.common.platform import android.annotation.SuppressLint import android.os.Build -import android.security.keystore.KeyGenParameterSpec -import android.security.keystore.KeyProperties +import android.security.keystore.* import chat.simplex.common.views.helpers.AlertManager import chat.simplex.common.views.helpers.generalGetString import chat.simplex.res.MR @@ -81,7 +80,7 @@ internal class Cryptor: CryptorInterface { val key = keyGenerator.generateKey() Log.w(TAG, "StrongBox support is present") key - } catch (e: Exception) { + } catch (e: StrongBoxUnavailableException) { Log.w(TAG, "No StrongBox support") keyGenerator.init(builder.setIsStrongBoxBacked(false).build()) keyGenerator.generateKey()