Implement profile encryption using KeyMaster library

author: Arne Schwabe <arne@rfc2549.org> 2022-02-19 16:08:55 +0100
committer: Arne Schwabe <arne@rfc2549.org> 2022-05-04 19:21:56 +0200
commit: fb7a727b9d40b8fcf213528d64e6761e9268b9e1 (patch)
tree: d3be85209223316dae54c73318b45f2416717dec /main/src/ui/java/de
parent: 6d364856a35661e7dad414d38dc34c8cbd8b5985 (diff)
1 files changed, 63 insertions, 0 deletions
diff --git a/main/src/ui/java/de/blinkt/openvpn/core/ProfileEncryption.kt b/main/src/ui/java/de/blinkt/openvpn/core/ProfileEncryption.kt
new file mode 100644
index 00000000..ad22460f
--- /dev/null
+++ b/main/src/ui/java/de/blinkt/openvpn/core/ProfileEncryption.kt
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2012-2022 Arne Schwabe
+ * Distributed under the GNU GPL v2 with additional terms. For full terms see the file doc/LICENSE.txt
+ */
+package de.blinkt.openvpn.core
+
+import android.content.Context
+import android.os.Build
+import androidx.security.crypto.EncryptedFile
+import androidx.security.crypto.MasterKeys
+import java.io.File
+import java.io.FileInputStream
+import java.io.FileOutputStream
+import java.io.IOException
+import java.security.GeneralSecurityException
+
+internal class ProfileEncryption {
+
+    companion object {
+        @JvmStatic
+        fun encryptionEnabled(): Boolean {
+            return mMasterKeyAlias != null
+        }
+
+        private var mMasterKeyAlias: String? = null
+        @JvmStatic
+        fun initMasterCryptAlias() {
+            if (Build.VERSION.SDK_INT < Build.VERSION_CODES.M)
+                return
+            try {
+                mMasterKeyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC)
+            } catch (e: GeneralSecurityException) {
+                VpnStatus.logException("Could not initialise file encryption key.", e)
+            } catch (e: IOException) {
+                VpnStatus.logException("Could not initialise file encryption key.", e)
+            }
+        }
+
+        @JvmStatic
+        @Throws(GeneralSecurityException::class, IOException::class)
+        fun getEncryptedVpInput(context: Context, file: File): FileInputStream {
+            val encryptedFile = EncryptedFile.Builder(
+                file,
+                context,
+                mMasterKeyAlias!!,
+                EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB
+            ).build()
+            return encryptedFile.openFileInput()
+        }
+
+        @JvmStatic
+        @Throws(GeneralSecurityException::class, IOException::class)
+        fun getEncryptedVpOutput(context: Context, file: File): FileOutputStream {
+            val encryptedFile = EncryptedFile.Builder(
+                file,
+                context,
+                mMasterKeyAlias!!,
+                EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB
+            ).build()
+            return encryptedFile.openFileOutput()
+        }
+    }
+}
+\ No newline at end of file
author	Arne Schwabe <arne@rfc2549.org>	2022-02-19 16:08:55 +0100
committer	Arne Schwabe <arne@rfc2549.org>	2022-05-04 19:21:56 +0200
commit	fb7a727b9d40b8fcf213528d64e6761e9268b9e1 (patch)
tree	d3be85209223316dae54c73318b45f2416717dec /main/src/ui/java/de
parent	6d364856a35661e7dad414d38dc34c8cbd8b5985 (diff)