diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml index debc5516..724e935c 100644 --- a/app/src/main/AndroidManifest.xml +++ b/app/src/main/AndroidManifest.xml @@ -146,6 +146,7 @@ + diff --git a/app/src/main/java/com/beemdevelopment/aegis/importers/AuthenticatorProImporter.java b/app/src/main/java/com/beemdevelopment/aegis/importers/AuthenticatorProImporter.java new file mode 100644 index 00000000..bd6d4d54 --- /dev/null +++ b/app/src/main/java/com/beemdevelopment/aegis/importers/AuthenticatorProImporter.java @@ -0,0 +1,295 @@ +package com.beemdevelopment.aegis.importers; + +import android.annotation.SuppressLint; +import android.content.Context; +import android.content.pm.PackageManager; +import android.database.Cursor; +import android.database.sqlite.SQLiteException; +import com.beemdevelopment.aegis.R; +import com.beemdevelopment.aegis.encoding.Base32; +import com.beemdevelopment.aegis.encoding.EncodingException; +import com.beemdevelopment.aegis.otp.*; +import com.beemdevelopment.aegis.ui.dialogs.Dialogs; +import com.beemdevelopment.aegis.util.IOUtils; +import com.beemdevelopment.aegis.vault.VaultEntry; +import com.topjohnwu.superuser.io.SuFile; +import org.jetbrains.annotations.NotNull; +import org.json.JSONArray; +import org.json.JSONException; +import org.json.JSONObject; + +import javax.crypto.*; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.PBEKeySpec; +import java.io.*; +import java.nio.charset.StandardCharsets; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; +import java.util.List; + +public class AuthenticatorProImporter extends DatabaseImporter { + private static final String _HEADER = "AuthenticatorPro"; + private static final int _ITERATIONS = 64000; + private static final int _KEY_SIZE = 32 * Byte.SIZE; + private static final String _PKG_NAME = "me.jmh.authenticatorpro"; + private static final String _PKG_DB_PATH = "files/proauth.db3"; + + private enum Algorithm { + SHA1, + SHA256, + SHA512 + } + + public AuthenticatorProImporter(Context context) { + super(context); + } + + @Override + protected SuFile getAppPath() throws DatabaseImporterException, PackageManager.NameNotFoundException { + return getAppPath(_PKG_NAME, _PKG_DB_PATH); + } + + @Override + protected State read(InputStream stream, boolean isInternal) throws DatabaseImporterException { + return isInternal ? readInternal(stream) : readExternal(stream); + } + + private State readInternal(InputStream stream) throws DatabaseImporterException { + List entries = new SqlImporterHelper(requireContext()).read(SqlEntry.class, stream, "authenticator"); + return new SqlState(entries); + } + + private State readExternal(InputStream stream) throws DatabaseImporterException { + byte[] data; + try { + data = IOUtils.readAll(stream); + } catch (IOException e) { + throw new DatabaseImporterException(e); + } + + try { + return new JsonState(new JSONObject(new String(data, StandardCharsets.UTF_8))); + } catch (JSONException e) { + return readEncrypted(new DataInputStream(new ByteArrayInputStream(data))); + } + } + + private EncryptedState readEncrypted(DataInputStream stream) throws DatabaseImporterException { + try { + byte[] headerBytes = new byte[_HEADER.getBytes(StandardCharsets.UTF_8).length]; + stream.readFully(headerBytes); + String header = new String(headerBytes, StandardCharsets.UTF_8); + if (!header.equals(_HEADER)) { + throw new DatabaseImporterException("Invalid encryption header: " + header); + } + int saltSize = 20; + byte[] salt = new byte[saltSize]; + stream.readFully(salt); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + int ivSize = cipher.getBlockSize(); + byte[] iv = new byte[ivSize]; + stream.readFully(iv); + return new EncryptedState(cipher, salt, iv, IOUtils.readAll(stream)); + } catch (UTFDataFormatException e) { + throw new DatabaseImporterException("Encryption header does not exist"); + } catch (IOException | NoSuchPaddingException | NoSuchAlgorithmException e) { + throw new DatabaseImporterException(e); + } + } + + private static VaultEntry fromAny( + int type, + String issuer, + String username, + byte[] secret, + Algorithm algo, + int digits, + int period, + int counter, + Object obj + ) throws OtpInfoException, DatabaseImporterEntryException { + OtpInfo info; + switch (type) { + case 1: + info = new HotpInfo(secret, algo.name(), digits, counter); + break; + case 2: + info = new TotpInfo(secret, algo.name(), digits, period); + break; + case 4: + info = new SteamInfo(secret, algo.name(), digits, period); + break; + default: + throw new DatabaseImporterEntryException("Unsupported otp type: " + type, obj.toString()); + } + + return new VaultEntry(info, username, issuer); + } + + private static VaultEntry convertEntry(JSONObject authenticator) throws JSONException, EncodingException, OtpInfoException, DatabaseImporterEntryException { + int type = authenticator.getInt("Type"); + String issuer = authenticator.getString("Issuer"); + Object nullableUsername = authenticator.get("Username"); + String username = nullableUsername == JSONObject.NULL ? "" : nullableUsername.toString(); + byte[] secret = Base32.decode(authenticator.getString("Secret")); + Algorithm algo = Algorithm.values()[authenticator.getInt("Algorithm")]; + int digits = authenticator.getInt("Digits"); + int period = authenticator.getInt("Period"); + int counter = authenticator.getInt("Counter"); + + return fromAny(type, issuer, username, secret, algo, digits, period, counter, authenticator); + } + + static class EncryptedState extends State { + private final Cipher _cipher; + private final byte[] _salt; + private final byte[] _iv; + private final byte[] _data; + + public EncryptedState(Cipher cipher, byte[] salt, byte[] iv, byte[] data) { + super(true); + _cipher = cipher; + _salt = salt; + _iv = iv; + _data = data; + } + + public JsonState decrypt(char[] password) throws NoSuchAlgorithmException, + InvalidKeySpecException, + InvalidAlgorithmParameterException, + InvalidKeyException, + IllegalBlockSizeException, + BadPaddingException, + JSONException { + KeySpec spec = new PBEKeySpec(password, _salt, _ITERATIONS, _KEY_SIZE); + SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); + SecretKey key = keyFactory.generateSecret(spec); + _cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(_iv)); + byte[] decrypted = _cipher.doFinal(_data); + return new JsonState(new JSONObject(new String(decrypted, StandardCharsets.UTF_8))); + } + + @Override + public void decrypt(Context context, DecryptListener listener) throws DatabaseImporterException { + Dialogs.showPasswordInputDialog(context, R.string.enter_password_aegis_title, password -> { + try { + listener.onStateDecrypted(decrypt(password)); + } catch (InvalidAlgorithmParameterException | IllegalBlockSizeException | JSONException | + InvalidKeyException | BadPaddingException | InvalidKeySpecException | + NoSuchAlgorithmException e) { + listener.onError(e); + } + }, dialog -> listener.onCanceled()); + } + } + + private static class JsonState extends State { + private final JSONObject _obj; + + public JsonState(JSONObject obj) { + super(false); + _obj = obj; + } + + @Override + public Result convert() throws DatabaseImporterException { + try { + return convertThrowing(); + } catch (OtpInfoException | EncodingException | JSONException e) { + throw new DatabaseImporterException(e); + } + } + + private Result convertThrowing() throws JSONException, OtpInfoException, EncodingException { + Result ret = new Result(); + JSONArray authenticators = _obj.getJSONArray("Authenticators"); + for (int i = 0; i < authenticators.length(); i++) { + JSONObject authenticator = authenticators.getJSONObject(i); + try { + ret.addEntry(convertEntry(authenticator)); + } catch (DatabaseImporterEntryException e) { + ret.addError(e); + } + } + + return ret; + } + } + + private static class SqlState extends State { + private final List _entries; + + public SqlState(List entries) { + super(false); + _entries = entries; + } + + @Override + public Result convert() throws DatabaseImporterException { + Result ret = new Result(); + for (SqlEntry entry : _entries) { + try { + ret.addEntry(entry.convert()); + } catch (DatabaseImporterEntryException e) { + ret.addError(e); + } catch (OtpInfoException e) { + throw new DatabaseImporterException(e); + } + } + + return ret; + } + } + + private static class SqlEntry extends SqlImporterHelper.Entry { + private final int _type; + private final String _issuer; + private final String _username; + private final byte[] _secret; + private final Algorithm _algo; + private final int _digits; + private final int _period; + private final int _counter; + public SqlEntry(Cursor cursor) { + super(cursor); + _type = SqlImporterHelper.getInt(cursor, "type"); + _issuer = SqlImporterHelper.getString(cursor, "issuer"); + _username = SqlImporterHelper.getString(cursor, "username"); + String secret = SqlImporterHelper.getString(cursor, "secret"); + try { + _secret = Base32.decode(secret); + } catch (EncodingException e) { + throw new SQLiteException(secret); // Rethrown upstream as DatabaseImporterException + } + _algo = Algorithm.values()[SqlImporterHelper.getInt(cursor, "algorithm")]; + _digits = SqlImporterHelper.getInt(cursor, "digits"); + _period = SqlImporterHelper.getInt(cursor, "period"); + _counter = SqlImporterHelper.getInt(cursor, "counter"); + } + + // Used when logging unsupported otp types + @SuppressLint("DefaultLocale") + @NotNull + @Override + public String toString() { + return String.format( + "Type: %d, Issuer: %s, Username: %s, Secret: %s, Algo: %s, Digits: %d, Period: %d, Counter: %d", + _type, + _issuer, + _username, + Base32.encode(_secret), + _algo.name(), + _digits, + _period, + _counter + ); + } + + public VaultEntry convert() throws DatabaseImporterEntryException, OtpInfoException { + return fromAny(_type, _issuer, _username, _secret, _algo, _digits, _period, _counter, this); + } + } +} diff --git a/app/src/main/java/com/beemdevelopment/aegis/importers/DatabaseImporter.java b/app/src/main/java/com/beemdevelopment/aegis/importers/DatabaseImporter.java index 90363b0c..f3a9de4d 100644 --- a/app/src/main/java/com/beemdevelopment/aegis/importers/DatabaseImporter.java +++ b/app/src/main/java/com/beemdevelopment/aegis/importers/DatabaseImporter.java @@ -33,6 +33,7 @@ public abstract class DatabaseImporter { _importers.add(new Definition("Aegis", AegisImporter.class, R.string.importer_help_aegis, false)); _importers.add(new Definition("andOTP", AndOtpImporter.class, R.string.importer_help_andotp, false)); _importers.add(new Definition("Authenticator Plus", AuthenticatorPlusImporter.class, R.string.importer_help_authenticator_plus, false)); + _importers.add(new Definition("Authenticator Pro", AuthenticatorProImporter.class, R.string.importer_help_authenticator_pro, true)); _importers.add(new Definition("Authy", AuthyImporter.class, R.string.importer_help_authy, true)); _importers.add(new Definition("Battle.net Authenticator", BattleNetImporter.class, R.string.importer_help_battle_net_authenticator, true)); _importers.add(new Definition("Bitwarden", BitwardenImporter.class, R.string.importer_help_bitwarden, false)); diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml index 31b99132..78f0051a 100644 --- a/app/src/main/res/values/strings.xml +++ b/app/src/main/res/values/strings.xml @@ -457,6 +457,7 @@ Supply a 2FAS Authenticator backup file. Supply an Aegis export/backup file. Supply an Authenticator Plus export file obtained through Settings -> Backup & Restore -> Export as Text and HTML. + Supply an Authenticator Pro export file obtained through Settings -> Back up -> Back up to encrypted file (recommended). Supply a copy of /data/data/com.authy.authy/shared_prefs/com.authy.storage.tokens.authenticator.xml, located in the internal storage directory of Authy. Supply an andOTP export/backup file. Supply a Bitwarden export/backup file. Encrypted files are not supported. diff --git a/app/src/test/java/com/beemdevelopment/aegis/importers/DatabaseImporterTest.java b/app/src/test/java/com/beemdevelopment/aegis/importers/DatabaseImporterTest.java index 9b00db22..b8099e8e 100644 --- a/app/src/test/java/com/beemdevelopment/aegis/importers/DatabaseImporterTest.java +++ b/app/src/test/java/com/beemdevelopment/aegis/importers/DatabaseImporterTest.java @@ -21,13 +21,20 @@ import com.beemdevelopment.aegis.util.UUIDMap; import com.beemdevelopment.aegis.vault.VaultEntry; import com.google.common.collect.Lists; +import org.json.JSONException; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.robolectric.RobolectricTestRunner; +import javax.crypto.BadPaddingException; +import javax.crypto.IllegalBlockSizeException; import java.io.IOException; import java.io.InputStream; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.spec.InvalidKeySpecException; import java.util.Arrays; import java.util.List; @@ -142,6 +149,32 @@ public class DatabaseImporterTest { checkImportedTotpAuthenticatorEntries(entries); } + @Test + public void testImportAuthProEncrypted() throws DatabaseImporterException, IOException, OtpInfoException { + List entries = importEncrypted(AuthenticatorProImporter.class, "authpro_encrypted.bin", state -> { + char[] password = "test".toCharArray(); + try { + return ((AuthenticatorProImporter.EncryptedState) state).decrypt(password); + } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidAlgorithmParameterException | + InvalidKeyException | IllegalBlockSizeException | BadPaddingException | JSONException e) { + throw new DatabaseImporterException(e); + } + }); + checkImportedEntries(entries); + } + + @Test + public void testImportAuthProInternal() throws DatabaseImporterException, IOException, OtpInfoException { + List entries = importPlain(AuthenticatorProImporter.class, "authpro_internal.db", true); + checkImportedEntries(entries); + } + + @Test + public void testImportAuthProPlain() throws DatabaseImporterException, IOException, OtpInfoException { + List entries = importPlain(AuthenticatorProImporter.class, "authpro_plain.json"); + checkImportedEntries(entries); + } + @Test public void testImportAuthy() throws IOException, DatabaseImporterException, OtpInfoException { List entries = importPlain(AuthyImporter.class, "authy_plain.xml"); diff --git a/app/src/test/resources/com/beemdevelopment/aegis/importers/authpro_encrypted.bin b/app/src/test/resources/com/beemdevelopment/aegis/importers/authpro_encrypted.bin new file mode 100644 index 00000000..25858829 Binary files /dev/null and b/app/src/test/resources/com/beemdevelopment/aegis/importers/authpro_encrypted.bin differ diff --git a/app/src/test/resources/com/beemdevelopment/aegis/importers/authpro_internal.db b/app/src/test/resources/com/beemdevelopment/aegis/importers/authpro_internal.db new file mode 100644 index 00000000..10d689f0 Binary files /dev/null and b/app/src/test/resources/com/beemdevelopment/aegis/importers/authpro_internal.db differ diff --git a/app/src/test/resources/com/beemdevelopment/aegis/importers/authpro_plain.json b/app/src/test/resources/com/beemdevelopment/aegis/importers/authpro_plain.json new file mode 100644 index 00000000..064e1778 --- /dev/null +++ b/app/src/test/resources/com/beemdevelopment/aegis/importers/authpro_plain.json @@ -0,0 +1 @@ +{"Authenticators":[{"Type":2,"Icon":null,"Issuer":"Deno","Username":"Mason","Secret":"4SJHB4GSD43FZBAI7C2HLRJGPQ","Pin":null,"Algorithm":0,"Digits":6,"Period":30,"Counter":0,"Ranking":0},{"Type":2,"Icon":null,"Issuer":"SPDX","Username":"James","Secret":"5OM4WOOGPLQEF6UGN3CPEOOLWU","Pin":null,"Algorithm":1,"Digits":7,"Period":20,"Counter":0,"Ranking":0},{"Type":2,"Icon":null,"Issuer":"Airbnb","Username":"Elijah","Secret":"7ELGJSGXNCCTV3O6LKJWYFV2RA","Pin":null,"Algorithm":2,"Digits":8,"Period":50,"Counter":0,"Ranking":0},{"Type":1,"Icon":null,"Issuer":"Issuu","Username":"James","Secret":"YOOMIXWS5GN6RTBPUFFWKTW5M4","Pin":null,"Algorithm":0,"Digits":6,"Period":30,"Counter":1,"Ranking":0},{"Type":1,"Icon":null,"Issuer":"Air Canada","Username":"Benjamin","Secret":"KUVJJOM753IHTNDSZVCNKL7GII","Pin":null,"Algorithm":1,"Digits":7,"Period":30,"Counter":50,"Ranking":0},{"Type":1,"Icon":null,"Issuer":"WWE","Username":"Mason","Secret":"5VAML3X35THCEBVRLV24CGBKOY","Pin":null,"Algorithm":2,"Digits":8,"Period":30,"Counter":10300,"Ranking":0},{"Type":4,"Icon":null,"Issuer":"Boeing","Username":"Sophia","Secret":"JRZCL47CMXVOQMNPZR2F7J4RGI","Pin":null,"Algorithm":0,"Digits":5,"Period":30,"Counter":0,"Ranking":0}],"Categories":[],"AuthenticatorCategories":[],"CustomIcons":[]} \ No newline at end of file