Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Library crashing in devices running KitKat #6

Closed
davidmigloz opened this issue Jun 19, 2018 · 17 comments
Closed

Library crashing in devices running KitKat #6

davidmigloz opened this issue Jun 19, 2018 · 17 comments
Labels
bug
Milestone
v0.6.0

Comments

@davidmigloz
Copy link
Contributor

According to the Readme:

Minimum SDK 19 (Android 4.4): A way to increase security is to cap older implementation. SDK 19 seems to be a good compromise where most of the older security hack fixes are not necessary anymore, but still targeting most devices.

But if you look into the build.gradle file, it declares:

minSdkVersion = 21

Are the docs not up to date? Or it is still safe to use the library with minSdkVersion = 19?

Thanks.
@patrickfav
Copy link
Owner

patrickfav commented Jun 29, 2018
edited
Loading

Hi David,

It should be safe SDK 19+, I will check in the next couple of days and release a new version with the correct version.

@davidmigloz
Copy link
Contributor Author

Ah perfect! Thank you.

patrickfav added a commit that referenced this issue Jul 5, 2018
@patrickfav
Correct minSdk to be 19 instead of 21
fc429b4 
refs #6
@HonzaR
Copy link

HonzaR commented Jul 9, 2018

Hi Patrik,

can you please public release of this great lib with fixed min sdk? It causes problems in my app. Thanks in advance.

Honza

@davidmigloz
Copy link
Contributor Author

Meanwhile, you can force it in your manifest to avoid the merge errors:

<uses-sdk android:minSdkVersion="19" tools:overrideLibrary="at.favre.lib:armadillo"/>

@HonzaR
Copy link

HonzaR commented Jul 9, 2018
edited
Loading

Yep, thanks.

I can only build my app with:
<uses-sdk tools:overrideLibrary="at.favre.lib.armadillo"/>

But still app crashes on SDK 19 on start with:
java.lang.IllegalStateException: at.favre.lib.armadillo.EncryptionProtocolException: at.favre.lib.armadillo.AuthenticatedEncryptionException: could not encrypt

davidmigloz added a commit to davidmigloz/armadillo that referenced this issue Jul 9, 2018
@davidmigloz
Support devices runing KitKat (API 19) patrickfav#6
7194cfa
@davidmigloz
Copy link
Contributor Author

davidmigloz commented Jul 9, 2018
edited
Loading

GCMParameterSpec is supposed to be available in devices running KitKat, but apparently, it's not implemented in all devices. IvParameterSpec can be used instead. Also, associated data is not available in Android KitKat. I've made a pull request with the fixes.

davidmigloz added a commit to davidmigloz/armadillo that referenced this issue Jul 9, 2018
@davidmigloz
Support devices runing KitKat (API 19) patrickfav#6
70fca34
davidmigloz added a commit to davidmigloz/armadillo that referenced this issue Jul 9, 2018
@davidmigloz
Support devices runing KitKat (API 19) patrickfav#6
2e094dd
davidmigloz added a commit to davidmigloz/armadillo that referenced this issue Jul 10, 2018
@davidmigloz
Support devices runing KitKat (API 19) patrickfav#6
14c42bf
@patrickfav patrickfav added the bug label Jul 11, 2018
@HonzaR
Copy link

HonzaR commented Jul 12, 2018

Hey guys,

thanks for new version 0.5.0, but crash still occurs with the same error on Kitkat as before, see:

07-12 10:28:52.235 3485-3485/cz.dpp.praguepublictransport E/AndroidRuntime: FATAL EXCEPTION: main Process: cz.dpp.praguepublictransport, PID: 3485 java.lang.RuntimeException: Unable to create application cz.dpp.praguepublictransport.utils.CustomApplication: java.lang.IllegalStateException: at.favre.lib.armadillo.EncryptionProtocolException: at.favre.lib.armadillo.AuthenticatedEncryptionException: could not encrypt at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4476) at android.app.ActivityThread.access$1500(ActivityThread.java:144) at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1265) at android.os.Handler.dispatchMessage(Handler.java:102) at android.os.Looper.loop(Looper.java:136) at android.app.ActivityThread.main(ActivityThread.java:5146) at java.lang.reflect.Method.invokeNative(Native Method) at java.lang.reflect.Method.invoke(Method.java:515) at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:732) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:566) at dalvik.system.NativeStart.main(Native Method) Caused by: java.lang.IllegalStateException: at.favre.lib.armadillo.EncryptionProtocolException: at.favre.lib.armadillo.AuthenticatedEncryptionException: could not encrypt at at.favre.lib.armadillo.SecureSharedPreferences.encryptToBase64(SecureSharedPreferences.java:338) at at.favre.lib.armadillo.SecureSharedPreferences.access$300(SecureSharedPreferences.java:31) at at.favre.lib.armadillo.SecureSharedPreferences$Editor.putLong(SecureSharedPreferences.java:280)

@patrickfav
Copy link
Owner

0.5.0 did only change the minSDK, the fallback implementation for the GCM block mode is in progress (needed a fast release yesterday)

@patrickfav patrickfav added this to the v0.6.0 milestone Jul 13, 2018
@patrickfav patrickfav removed the v0.6.0 label Jul 13, 2018
@patrickfav
Copy link
Owner

fyi: This is going to be the next issue I'll tackle in the next couple of days.

@HonzaR
Copy link

HonzaR commented Jul 17, 2018

Hi Patric,
do you have any idea, when the lib will be fixed? My project is close to deadline :(
Thanks.
Honza

@patrickfav
Copy link
Owner

@HonzaR sorry, since I do my open source projects in my spare time I cannot give you any ETA. You could fix it yourself however with only moderate effort.

Just check out how @davidmigloz modified the AuthenticatedEncryption in his PR #10 (see AesGcmEncryption.java). Just copy AesGcmEncryption.java, name it e.g. KitKatPatchedAesGcmEncryption and add the patch from david and set it as default encryption with:

SharedPreferences preferences = Armadillo.create(context, "myCustomPreferences")
    .symmetricEncryption(new KitKatPatchedAesGcmEncryption())
    ...
    .build();

@HonzaR
Copy link

HonzaR commented Jul 17, 2018
edited by patrickfav
Loading

@patrickfav Thanks, but even with custom implementation of AesGsmEncryption I am getting same error, see:

07-17 09:09:41.082 4951-4951/cz.dpp.praguepublictransport E/AndroidRuntime: FATAL EXCEPTION: main
    Process: cz.dpp.praguepublictransport, PID: 4951
    java.lang.RuntimeException: Unable to create application cz.dpp.praguepublictransport.utils.CustomApplication: java.lang.IllegalStateException: at.favre.lib.armadillo.EncryptionProtocolException: at.favre.lib.armadillo.AuthenticatedEncryptionException: could not encrypt
        at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4347)
        at android.app.ActivityThread.access$1500(ActivityThread.java:135)
        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1256)
        at android.os.Handler.dispatchMessage(Handler.java:102)
        at android.os.Looper.loop(Looper.java:136)
        at android.app.ActivityThread.main(ActivityThread.java:5017)
        at java.lang.reflect.Method.invokeNative(Native Method)
        at java.lang.reflect.Method.invoke(Method.java:515)
        at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:779)
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:595)
        at dalvik.system.NativeStart.main(Native Method)
     Caused by: java.lang.IllegalStateException: at.favre.lib.armadillo.EncryptionProtocolException: at.favre.lib.armadillo.AuthenticatedEncryptionException: could not encrypt
        at at.favre.lib.armadillo.SecureSharedPreferences.encryptToBase64(SecureSharedPreferences.java:338)
        at at.favre.lib.armadillo.SecureSharedPreferences.access$300(SecureSharedPreferences.java:31)
        at at.favre.lib.armadillo.SecureSharedPreferences$Editor.putLong(SecureSharedPreferences.java:280)
        at cz.dpp.praguepublictransport.utils.SharedPreferencesManager.setBootTime(SharedPreferencesManager.java:458)
        at cz.dpp.praguepublictransport.utils.TrueTimeUtils.checkDeviceBootTime(TrueTimeUtils.java:83)
        at cz.dpp.praguepublictransport.utils.TrueTimeUtils.initImmediately(TrueTimeUtils.java:45)
        at cz.dpp.praguepublictransport.utils.CustomApplication.onCreate(CustomApplication.java:51)
        at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1007)
        at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4344)
        at android.app.ActivityThread.access$1500(ActivityThread.java:135) 
        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1256) 
        at android.os.Handler.dispatchMessage(Handler.java:102) 
        at android.os.Looper.loop(Looper.java:136) 
        at android.app.ActivityThread.main(ActivityThread.java:5017) 
        at java.lang.reflect.Method.invokeNative(Native Method) 
        at java.lang.reflect.Method.invoke(Method.java:515) 
        at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:779) 
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:595) 
        at dalvik.system.NativeStart.main(Native Method) 
     Caused by: at.favre.lib.armadillo.EncryptionProtocolException: at.favre.lib.armadillo.AuthenticatedEncryptionException: could not encrypt
        at at.favre.lib.armadillo.DefaultEncryptionProtocol.encrypt(DefaultEncryptionProtocol.java:98)
        at at.favre.lib.armadillo.SecureSharedPreferences.encryptToBase64(SecureSharedPreferences.java:336)
        at at.favre.lib.armadillo.SecureSharedPreferences.access$300(SecureSharedPreferences.java:31) 
        at at.favre.lib.armadillo.SecureSharedPreferences$Editor.putLong(SecureSharedPreferences.java:280) 
        at cz.dpp.praguepublictransport.utils.SharedPreferencesManager.setBootTime(SharedPreferencesManager.java:458) 
        at cz.dpp.praguepublictransport.utils.TrueTimeUtils.checkDeviceBootTime(TrueTimeUtils.java:83) 
        at cz.dpp.praguepublictransport.utils.TrueTimeUtils.initImmediately(TrueTimeUtils.java:45) 
        at cz.dpp.praguepublictransport.utils.CustomApplication.onCreate(CustomApplication.java:51) 
        at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1007) 
        at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4344) 
        at android.app.ActivityThread.access$1500(ActivityThread.java:135) 
        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1256) 
        at android.os.Handler.dispatchMessage(Handler.java:102) 
        at android.os.Looper.loop(Looper.java:136) 
        at android.app.ActivityThread.main(ActivityThread.java:5017) 
        at java.lang.reflect.Method.invokeNative(Native Method) 
        at java.lang.reflect.Method.invoke(Method.java:515) 
        at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:779) 
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:595) 
        at dalvik.system.NativeStart.main(Native Method) 
     Caused by: at.favre.lib.armadillo.AuthenticatedEncryptionException: could not encrypt
        at cz.dpp.praguepublictransport.utils.KitKatPatchedAesGcmEncryption.encrypt(KitKatPatchedAesGcmEncryption.java:91)
        at at.favre.lib.armadillo.DefaultEncryptionProtocol.encrypt(DefaultEncryptionProtocol.java:87)
        at at.favre.lib.armadillo.SecureSharedPreferences.encryptToBase64(SecureSharedPreferences.java:336) 
        at at.favre.lib.armadillo.SecureSharedPreferences.access$300(SecureSharedPreferences.java:31) 
        at at.favre.lib.armadillo.SecureSharedPreferences$Editor.putLong(SecureSharedPreferences.java:280) 
        at cz.dpp.praguepublictransport.utils.SharedPreferencesManager.setBootTime(SharedPreferencesManager.java:458) 
        at cz.dpp.praguepublictransport.utils.TrueTimeUtils.checkDeviceBootTime(TrueTimeUtils.java:83) 
        at cz.dpp.praguepublictransport.utils.TrueTimeUtils.initImmediately(TrueTimeUtils.java:45) 
        at cz.dpp.praguepublictransport.utils.CustomApplication.onCreate(CustomApplication.java:51) 
        at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1007) 
        at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4344) 
        at android.app.ActivityThread.access$1500(ActivityThread.java:135) 
        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1256) 
        at android.os.Handler.dispatchMessage(Handler.java:102) 
        at android.os.Looper.loop(Looper.java:136) 
        at android.app.ActivityThread.main(ActivityThread.java:5017) 
        at java.lang.reflect.Method.invokeNative(Native Method) 
        at java.lang.reflect.Method.invoke(Method.java:515) 
        at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:779) 
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:595) 
        at dalvik.system.NativeStart.main(Native Method) 
     Caused by: java.lang.UnsupportedOperationException: This cipher does not support Authenticated Encryption with Additional Data
        at javax.crypto.CipherSpi.engineUpdateAAD(CipherSpi.java:393)
        at javax.crypto.Cipher.updateAAD(Cipher.java:1056)
        at cz.dpp.praguepublictransport.utils.KitKatPatchedAesGcmEncryption.encrypt(KitKatPatchedAesGcmEncryption.java:80)
        at at.favre.lib.armadillo.DefaultEncryptionProtocol.encrypt(DefaultEncryptionProtocol.java:87) 
        at at.favre.lib.armadillo.SecureSharedPreferences.encryptToBase64(SecureSharedPreferences.java:336) 
        at at.favre.lib.armadillo.SecureSharedPreferences.access$300(SecureSharedPreferences.java:31) 
        at at.favre.lib.armadillo.SecureSharedPreferences$Editor.putLong(SecureSharedPreferences.java:280) 
        at cz.dpp.praguepublictransport.utils.SharedPreferencesManager.setBootTime(SharedPreferencesManager.java:458) 
        at cz.dpp.praguepublictransport.utils.TrueTimeUtils.checkDeviceBootTime(TrueTimeUtils.java:83) 
        at cz.dpp.praguepublictransport.utils.TrueTimeUtils.initImmediately(TrueTimeUtils.java:45) 
        at cz.dpp.praguepublictransport.utils.CustomApplication.onCreate(CustomApplication.java:51) 
        at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1007) 
        at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4344) 
        at android.app.ActivityThread.access$1500(ActivityThread.java:135) 
        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1256) 
        at android.os.Handler.dispatchMessage(Handler.java:102) 
        at android.os.Looper.loop(Looper.java:136) 
        at android.app.ActivityThread.main(ActivityThread.java:5017) 
        at java.lang.reflect.Method.invokeNative(Native Method) 
        at java.lang.reflect.Method.invoke(Method.java:515) 
        at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:779) 
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:595) 
        at dalvik.system.NativeStart.main(Native Method) 

I have implemented as @davidmigloz suggested and initialize as
preferences = Armadillo.create(mContext, PREFS_NAME) .symmetricEncryption(new KitKatPatchedAesGcmEncryption()) .encryptionFingerprint(mContext) .build();

Do you have any idea?
Thank you, Honza

@patrickfav
Copy link
Owner

patrickfav commented Jul 17, 2018
edited
Loading

@HonzaR You will need to disable the associated Data on KitKat. That means adding to this code (for encrypt and decrypt)

if (associatedData != null) {
    cipherDec.updateAAD(associatedData);
}

the KitKat check

if (!isKitKat() && associatedData != null) {
    cipherDec.updateAAD(associatedData);
}

Note however that this will break the encrypted data if users upgrade from KitKat to anything newer. That is the reason the fix is not included as of yet, as Im not sure how to handle this special case. A workaround would be to force these users to use the kitkat version forever even after upgrade.

@davidmigloz davidmigloz changed the title Which is the minimum SDK? Library crashing in devices running KitKat Jul 19, 2018
@davidmigloz
Copy link
Contributor Author

Do you have any idea how to proceed with this?

@patrickfav
Copy link
Owner

Hey, sorry for the radio silence, I was really swampt. Will tackle this in the next few days if nothing comes in between.

patrickfav added a commit that referenced this issue Oct 27, 2018
@patrickfav
Implement first version of AES CBC + MAC encryption for Kitakt (SDK 19-)
28d3e08 
refs #6
patrickfav added a commit that referenced this issue Oct 28, 2018
@patrickfav
Fix AAD in cbc and and add kitkat support mode in Armadillo builder
78a4dfb 
refs #6
patrickfav added a commit that referenced this issue Oct 28, 2018
@patrickfav
Fix checkstyle issue
f9f6048 
refs #6
patrickfav added a commit that referenced this issue Oct 28, 2018
@patrickfav
Greatly refactor encryption config and support various decryption con…
5f65c45 
…figs

refs #6
@patrickfav patrickfav mentioned this issue Oct 28, 2018
Merged
patrickfav added a commit that referenced this issue Oct 28, 2018
@patrickfav
Add better error handling for kitkat mode
7b2e030 
refs #6
@patrickfav
Copy link
Owner

PR is ready #31

patrickfav added a commit that referenced this issue Oct 29, 2018
@patrickfav
Small refactorings
0ad2fe4 
refs #6
patrickfav added a commit that referenced this issue Oct 29, 2018
@patrickfav
Use derived encryption key instead of directly
60f07aa 
refs #6
patrickfav added a commit that referenced this issue Oct 29, 2018
@patrickfav
Improve migration test
a1175a5 
refs #6
patrickfav added a commit that referenced this issue Oct 29, 2018
@patrickfav
Add iv to mac generation
eee418a 
refs #6
@patrickfav
Copy link
Owner

Fixed with 0.6.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
v0.6.0
Development

No branches or pull requests
3 participants
@patrickfav @davidmigloz @HonzaR