mirror of
https://github.com/beemdevelopment/Aegis.git
synced 2025-05-14 14:02:49 +00:00
Don't try to zero out sensitive memory
Perhaps revisit this later
This commit is contained in:
Alexander Bakker
parent
317e42ed4c
commit
a778cd5661
10 changed files with 8 additions and 45 deletions
|
|
@ -93,7 +93,7 @@ public class AuthActivity extends AegisActivity implements FingerprintUiHelper.C
|
||||||
button.setOnClickListener(new View.OnClickListener() {
|
button.setOnClickListener(new View.OnClickListener() {
|
||||||
@Override
|
@Override
|
||||||
public void onClick(View v) {
|
public void onClick(View v) {
|
||||||
char[] password = AuthHelper.getPassword(_textPassword, true);
|
char[] password = AuthHelper.getEditTextChars(_textPassword);
|
||||||
trySlots(PasswordSlot.class, password);
|
trySlots(PasswordSlot.class, password);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
|
||||||
|
|
@ -67,8 +67,7 @@ public class CustomAuthenticatedSlide extends Fragment implements FingerprintUiH
|
||||||
}
|
}
|
||||||
|
|
||||||
public char[] getPassword() {
|
public char[] getPassword() {
|
||||||
AuthHelper.clearPassword(_textPasswordConfirm);
|
return AuthHelper.getEditTextChars(_textPassword);
|
||||||
return AuthHelper.getPassword(_textPassword, true);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public Cipher getFingerCipher() {
|
public Cipher getFingerCipher() {
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,6 @@ public class DerivationTask extends ProgressDialogTask<DerivationTask.Params, Se
|
||||||
try {
|
try {
|
||||||
byte[] salt = CryptoUtils.generateSalt();
|
byte[] salt = CryptoUtils.generateSalt();
|
||||||
SecretKey key = params.Slot.deriveKey(params.Password, salt, CryptoUtils.CRYPTO_SCRYPT_N, CryptoUtils.CRYPTO_SCRYPT_r, CryptoUtils.CRYPTO_SCRYPT_p);
|
SecretKey key = params.Slot.deriveKey(params.Password, salt, CryptoUtils.CRYPTO_SCRYPT_N, CryptoUtils.CRYPTO_SCRYPT_r, CryptoUtils.CRYPTO_SCRYPT_p);
|
||||||
CryptoUtils.zero(params.Password);
|
|
||||||
return key;
|
return key;
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
return null;
|
return null;
|
||||||
|
|
|
||||||
|
|
@ -219,7 +219,6 @@ public class EditProfileActivity extends AegisActivity {
|
||||||
try {
|
try {
|
||||||
char[] secret = AuthHelper.getEditTextChars(_textSecret);
|
char[] secret = AuthHelper.getEditTextChars(_textSecret);
|
||||||
info.setSecret(secret);
|
info.setSecret(secret);
|
||||||
CryptoUtils.zero(secret);
|
|
||||||
info.setIssuer(_textIssuer.getText().toString());
|
info.setIssuer(_textIssuer.getText().toString());
|
||||||
info.setPeriod(period);
|
info.setPeriod(period);
|
||||||
info.setDigits(digits);
|
info.setDigits(digits);
|
||||||
|
|
|
||||||
|
|
@ -43,9 +43,7 @@ public class PasswordDialogFragment extends SlotDialogFragment {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
AuthHelper.clearPassword(textPasswordConfirm);
|
char[] password = AuthHelper.getEditTextChars(textPassword);
|
||||||
char[] password = AuthHelper.getPassword(textPassword, true);
|
|
||||||
|
|
||||||
PasswordSlot slot = new PasswordSlot();
|
PasswordSlot slot = new PasswordSlot();
|
||||||
DerivationTask task = new DerivationTask(getContext(), key -> {
|
DerivationTask task = new DerivationTask(getContext(), key -> {
|
||||||
Cipher cipher;
|
Cipher cipher;
|
||||||
|
|
|
||||||
|
|
@ -62,10 +62,6 @@ public class SlotCollectionTask<T extends Slot> extends ProgressDialogTask<SlotC
|
||||||
return null;
|
return null;
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
throw new UndeclaredThrowableException(e);
|
throw new UndeclaredThrowableException(e);
|
||||||
} finally {
|
|
||||||
if (params.Obj instanceof char[]) {
|
|
||||||
CryptoUtils.zero((char[]) params.Obj);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -44,10 +44,7 @@ public class CryptoUtils {
|
||||||
public static SecretKey deriveKey(char[] password, byte[] salt, int n, int r, int p) throws NoSuchAlgorithmException, InvalidKeySpecException {
|
public static SecretKey deriveKey(char[] password, byte[] salt, int n, int r, int p) throws NoSuchAlgorithmException, InvalidKeySpecException {
|
||||||
byte[] bytes = toBytes(password);
|
byte[] bytes = toBytes(password);
|
||||||
byte[] keyBytes = SCrypt.generate(bytes, salt, n, r, p, CRYPTO_KEY_SIZE);
|
byte[] keyBytes = SCrypt.generate(bytes, salt, n, r, p, CRYPTO_KEY_SIZE);
|
||||||
zero(bytes);
|
return new SecretKeySpec(keyBytes, 0, keyBytes.length, "AES");
|
||||||
SecretKey key = new SecretKeySpec(keyBytes, 0, keyBytes.length, "AES");
|
|
||||||
zero(keyBytes);
|
|
||||||
return key;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Cipher createCipher(SecretKey key, int opmode) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException {
|
public static Cipher createCipher(SecretKey key, int opmode) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException {
|
||||||
|
|
@ -102,7 +99,6 @@ public class CryptoUtils {
|
||||||
|
|
||||||
byte[] bytes = key.getEncoded();
|
byte[] bytes = key.getEncoded();
|
||||||
hash.update(bytes);
|
hash.update(bytes);
|
||||||
CryptoUtils.zero(bytes);
|
|
||||||
return hash.digest();
|
return hash.digest();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -127,14 +123,6 @@ public class CryptoUtils {
|
||||||
return data;
|
return data;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void zero(char[] data) {
|
|
||||||
Arrays.fill(data, '\0');
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void zero(byte[] data) {
|
|
||||||
Arrays.fill(data, (byte) 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static byte[] toBytes(char[] chars) {
|
private static byte[] toBytes(char[] chars) {
|
||||||
CharBuffer charBuf = CharBuffer.wrap(chars);
|
CharBuffer charBuf = CharBuffer.wrap(chars);
|
||||||
ByteBuffer byteBuf = Charset.forName("UTF-8").encode(charBuf);
|
ByteBuffer byteBuf = Charset.forName("UTF-8").encode(charBuf);
|
||||||
|
|
|
||||||
|
|
@ -33,16 +33,13 @@ public abstract class Slot implements Serializable {
|
||||||
// getKey decrypts the encrypted master key in this slot with the given key and returns it.
|
// getKey decrypts the encrypted master key in this slot with the given key and returns it.
|
||||||
public SecretKey getKey(Cipher cipher) throws BadPaddingException, IllegalBlockSizeException {
|
public SecretKey getKey(Cipher cipher) throws BadPaddingException, IllegalBlockSizeException {
|
||||||
byte[] decryptedKeyBytes = cipher.doFinal(_encryptedMasterKey);
|
byte[] decryptedKeyBytes = cipher.doFinal(_encryptedMasterKey);
|
||||||
SecretKey decryptedKey = new SecretKeySpec(decryptedKeyBytes, CryptoUtils.CRYPTO_CIPHER_AEAD);
|
return new SecretKeySpec(decryptedKeyBytes, CryptoUtils.CRYPTO_CIPHER_AEAD);
|
||||||
CryptoUtils.zero(decryptedKeyBytes);
|
|
||||||
return decryptedKey;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// setKey encrypts the given master key with the given key and stores the result in this slot.
|
// setKey encrypts the given master key with the given key and stores the result in this slot.
|
||||||
public void setKey(MasterKey masterKey, Cipher cipher) throws BadPaddingException, IllegalBlockSizeException {
|
public void setKey(MasterKey masterKey, Cipher cipher) throws BadPaddingException, IllegalBlockSizeException {
|
||||||
byte[] masterKeyBytes = masterKey.getBytes();
|
byte[] masterKeyBytes = masterKey.getBytes();
|
||||||
_encryptedMasterKey = cipher.doFinal(masterKeyBytes);
|
_encryptedMasterKey = cipher.doFinal(masterKeyBytes);
|
||||||
CryptoUtils.zero(masterKeyBytes);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// suppress the AES ECB warning
|
// suppress the AES ECB warning
|
||||||
|
|
|
||||||
|
|
@ -87,9 +87,7 @@ public class Base32 {
|
||||||
base32[j++] = base32Chars.charAt(digit);
|
base32[j++] = base32Chars.charAt(digit);
|
||||||
}
|
}
|
||||||
|
|
||||||
char[] res = Arrays.copyOf(base32, j);
|
return Arrays.copyOf(base32, j);
|
||||||
CryptoUtils.zero(base32);
|
|
||||||
return res;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -11,15 +11,7 @@ public class AuthHelper {
|
||||||
private AuthHelper() {
|
private AuthHelper() {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static char[] getPassword(EditText text, boolean clear) {
|
public static void clearEditText(EditText text) {
|
||||||
char[] password = getEditTextChars(text);
|
|
||||||
if (clear) {
|
|
||||||
clearPassword(text);
|
|
||||||
}
|
|
||||||
return password;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void clearPassword(EditText text) {
|
|
||||||
text.getText().clear();
|
text.getText().clear();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -33,9 +25,6 @@ public class AuthHelper {
|
||||||
public static boolean arePasswordsEqual(EditText text1, EditText text2) {
|
public static boolean arePasswordsEqual(EditText text1, EditText text2) {
|
||||||
char[] password = getEditTextChars(text1);
|
char[] password = getEditTextChars(text1);
|
||||||
char[] passwordConfirm = getEditTextChars(text2);
|
char[] passwordConfirm = getEditTextChars(text2);
|
||||||
boolean equal = password.length != 0 && Arrays.equals(password, passwordConfirm);
|
return password.length != 0 && Arrays.equals(password, passwordConfirm);
|
||||||
CryptoUtils.zero(password);
|
|
||||||
CryptoUtils.zero(passwordConfirm);
|
|
||||||
return equal;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue