Verify integrity of decrypted slots and display a dialog on error

app/src/main/java/me/impy/aegis/crypto/CryptoUtils.java

@@ -2,11 +2,13 @@ package me.impy.aegis.crypto;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.lang.reflect.UndeclaredThrowableException;
 import java.nio.ByteBuffer;
 import java.nio.CharBuffer;
 import java.nio.charset.Charset;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
+import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.security.spec.InvalidKeySpecException;
@@ -24,10 +26,14 @@ import javax.crypto.spec.SecretKeySpec;
 import org.spongycastle.crypto.generators.SCrypt;
 
 public class CryptoUtils {
+    public static final String CRYPTO_HASH = "SHA-256";
+    public static final byte CRYPTO_HASH_SIZE = 32;
+
     public static final String CRYPTO_CIPHER_RAW = "AES/ECB/NoPadding";
+    public static final byte CRYPTO_KEY_SIZE = 32;
+
     public static final String CRYPTO_CIPHER_AEAD = "AES/GCM/NoPadding";
     public static final byte CRYPTO_TAG_SIZE = 16;
-    public static final byte CRYPTO_KEY_SIZE = 32;
     public static final byte CRYPTO_NONCE_SIZE = 12;
     public static final byte CRYPTO_SALT_SIZE = 32;
 
@@ -86,6 +92,20 @@ public class CryptoUtils {
         }};
     }
 
+    public static byte[] hashKey(SecretKey key) {
+        MessageDigest hash;
+        try {
+            hash = MessageDigest.getInstance(CRYPTO_HASH);
+        } catch (NoSuchAlgorithmException e) {
+            throw new UndeclaredThrowableException(e);
+        }
+
+        byte[] bytes = key.getEncoded();
+        hash.update(bytes);
+        CryptoUtils.zero(bytes);
+        return hash.digest();
+    }
+
     public static SecretKey generateKey() throws NoSuchAlgorithmException {
         KeyGenerator generator = KeyGenerator.getInstance("AES");
         generator.init(CRYPTO_KEY_SIZE * 8);