diff --git a/flutter_secure_storage/android/src/main/java/com/it_nomads/fluttersecurestorage/crypto/MasterKey.java b/flutter_secure_storage/android/src/main/java/com/it_nomads/fluttersecurestorage/crypto/MasterKey.java index e67b7942..21382dbc 100644 --- a/flutter_secure_storage/android/src/main/java/com/it_nomads/fluttersecurestorage/crypto/MasterKey.java +++ b/flutter_secure_storage/android/src/main/java/com/it_nomads/fluttersecurestorage/crypto/MasterKey.java @@ -314,8 +314,37 @@ static MasterKey build(Builder builder) throws GeneralSecurityException, IOExcep throw new NullPointerException( "KeyGenParameterSpec was null after build() check"); } - String keyAlias = MasterKeys.getOrCreate(builder.mKeyGenParameterSpec); - return new MasterKey(keyAlias, builder.mKeyGenParameterSpec); + try { + String keyAlias = MasterKeys.getOrCreate(builder.mKeyGenParameterSpec); + return new MasterKey(keyAlias, builder.mKeyGenParameterSpec); + } catch (GeneralSecurityException e) { + if (builder.mKeyGenParameterSpec.getKeySize() == 256) { + try { + KeyGenParameterSpec.Builder newSpecBuilder = new KeyGenParameterSpec.Builder( + builder.mKeyGenParameterSpec.getKeystoreAlias(), + builder.mKeyGenParameterSpec.getPurposes()) + .setBlockModes(builder.mKeyGenParameterSpec.getBlockModes()) + .setEncryptionPaddings(builder.mKeyGenParameterSpec.getEncryptionPaddings()) + .setKeySize(128); + if (builder.mKeyGenParameterSpec.isUserAuthenticationRequired()) { + newSpecBuilder.setUserAuthenticationRequired(true); + newSpecBuilder.setUserAuthenticationValidityDurationSeconds( + builder.mKeyGenParameterSpec.getUserAuthenticationValidityDurationSeconds()); + } + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) { + if (Api28Impl.isStrongBoxBacked(builder.mKeyGenParameterSpec)) { + Api28Impl.setIsStrongBoxBacked(newSpecBuilder); + } + } + builder.mKeyGenParameterSpec = newSpecBuilder.build(); + String keyAlias = MasterKeys.getOrCreate(builder.mKeyGenParameterSpec); + return new MasterKey(keyAlias, builder.mKeyGenParameterSpec); + } catch (Exception fallbackException) { + throw e; + } + } + throw e; + } } @RequiresApi(28) static class Api28Impl { diff --git a/flutter_secure_storage/android/src/main/java/com/it_nomads/fluttersecurestorage/crypto/MasterKeys.java b/flutter_secure_storage/android/src/main/java/com/it_nomads/fluttersecurestorage/crypto/MasterKeys.java index 676915c7..4e086efe 100644 --- a/flutter_secure_storage/android/src/main/java/com/it_nomads/fluttersecurestorage/crypto/MasterKeys.java +++ b/flutter_secure_storage/android/src/main/java/com/it_nomads/fluttersecurestorage/crypto/MasterKeys.java @@ -60,9 +60,9 @@ public static String getOrCreate( } @VisibleForTesting static void validate(KeyGenParameterSpec spec) { - if (spec.getKeySize() != KEY_SIZE) { + if (spec.getKeySize() != 256 && spec.getKeySize() != 128) { throw new IllegalArgumentException( - "invalid key size, want " + KEY_SIZE + " bits got " + spec.getKeySize() + "invalid key size, want 256 or 128 bits got " + spec.getKeySize() + " bits"); } if (!Arrays.equals(spec.getBlockModes(), new String[]{KeyProperties.BLOCK_MODE_GCM})) {