From fb7a727b9d40b8fcf213528d64e6761e9268b9e1 Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@rfc2549.org>
Date: Sat, 19 Feb 2022 16:08:55 +0100
Subject: Implement profile encryption using KeyMaster library

---
 .../de/blinkt/openvpn/core/ProfileEncryption.kt    | 63 ++++++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 main/src/ui/java/de/blinkt/openvpn/core/ProfileEncryption.kt

(limited to 'main/src/ui/java/de/blinkt/openvpn/core')

diff --git a/main/src/ui/java/de/blinkt/openvpn/core/ProfileEncryption.kt b/main/src/ui/java/de/blinkt/openvpn/core/ProfileEncryption.kt
new file mode 100644
index 00000000..ad22460f
--- /dev/null
+++ b/main/src/ui/java/de/blinkt/openvpn/core/ProfileEncryption.kt
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2012-2022 Arne Schwabe
+ * Distributed under the GNU GPL v2 with additional terms. For full terms see the file doc/LICENSE.txt
+ */
+package de.blinkt.openvpn.core
+
+import android.content.Context
+import android.os.Build
+import androidx.security.crypto.EncryptedFile
+import androidx.security.crypto.MasterKeys
+import java.io.File
+import java.io.FileInputStream
+import java.io.FileOutputStream
+import java.io.IOException
+import java.security.GeneralSecurityException
+
+internal class ProfileEncryption {
+
+    companion object {
+        @JvmStatic
+        fun encryptionEnabled(): Boolean {
+            return mMasterKeyAlias != null
+        }
+
+        private var mMasterKeyAlias: String? = null
+        @JvmStatic
+        fun initMasterCryptAlias() {
+            if (Build.VERSION.SDK_INT < Build.VERSION_CODES.M)
+                return
+            try {
+                mMasterKeyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC)
+            } catch (e: GeneralSecurityException) {
+                VpnStatus.logException("Could not initialise file encryption key.", e)
+            } catch (e: IOException) {
+                VpnStatus.logException("Could not initialise file encryption key.", e)
+            }
+        }
+
+        @JvmStatic
+        @Throws(GeneralSecurityException::class, IOException::class)
+        fun getEncryptedVpInput(context: Context, file: File): FileInputStream {
+            val encryptedFile = EncryptedFile.Builder(
+                file,
+                context,
+                mMasterKeyAlias!!,
+                EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB
+            ).build()
+            return encryptedFile.openFileInput()
+        }
+
+        @JvmStatic
+        @Throws(GeneralSecurityException::class, IOException::class)
+        fun getEncryptedVpOutput(context: Context, file: File): FileOutputStream {
+            val encryptedFile = EncryptedFile.Builder(
+                file,
+                context,
+                mMasterKeyAlias!!,
+                EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB
+            ).build()
+            return encryptedFile.openFileOutput()
+        }
+    }
+}
\ No newline at end of file
-- 
cgit v1.2.3