From 242b90fa52ccb863c3ea001fa4e7ce5a21939a0b Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Tue, 6 Jun 2023 17:13:35 +0200 Subject: COrrectly fall back to no encryption if there is an erro with encryption --- .../java/de/blinkt/openvpn/core/ProfileEncryption.kt | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'main/src/ui/java') diff --git a/main/src/ui/java/de/blinkt/openvpn/core/ProfileEncryption.kt b/main/src/ui/java/de/blinkt/openvpn/core/ProfileEncryption.kt index ad22460f..fa61e733 100644 --- a/main/src/ui/java/de/blinkt/openvpn/core/ProfileEncryption.kt +++ b/main/src/ui/java/de/blinkt/openvpn/core/ProfileEncryption.kt @@ -7,7 +7,7 @@ package de.blinkt.openvpn.core import android.content.Context import android.os.Build import androidx.security.crypto.EncryptedFile -import androidx.security.crypto.MasterKeys +import androidx.security.crypto.MasterKey import java.io.File import java.io.FileInputStream import java.io.FileOutputStream @@ -19,16 +19,18 @@ internal class ProfileEncryption { companion object { @JvmStatic fun encryptionEnabled(): Boolean { - return mMasterKeyAlias != null + return mMasterKey != null } - private var mMasterKeyAlias: String? = null + private var mMasterKey: MasterKey? = null @JvmStatic - fun initMasterCryptAlias() { + fun initMasterCryptAlias(context:Context) { if (Build.VERSION.SDK_INT < Build.VERSION_CODES.M) return try { - mMasterKeyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC) + mMasterKey = MasterKey.Builder(context) + .setKeyScheme(MasterKey.KeyScheme.AES256_GCM) + .build() } catch (e: GeneralSecurityException) { VpnStatus.logException("Could not initialise file encryption key.", e) } catch (e: IOException) { @@ -40,9 +42,9 @@ internal class ProfileEncryption { @Throws(GeneralSecurityException::class, IOException::class) fun getEncryptedVpInput(context: Context, file: File): FileInputStream { val encryptedFile = EncryptedFile.Builder( - file, context, - mMasterKeyAlias!!, + file, + mMasterKey!!, EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB ).build() return encryptedFile.openFileInput() @@ -52,9 +54,9 @@ internal class ProfileEncryption { @Throws(GeneralSecurityException::class, IOException::class) fun getEncryptedVpOutput(context: Context, file: File): FileOutputStream { val encryptedFile = EncryptedFile.Builder( - file, context, - mMasterKeyAlias!!, + file, + mMasterKey!!, EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB ).build() return encryptedFile.openFileOutput() -- cgit v1.2.3