Remove ppuat.enc if we don't have decryption key

AdamVe · AdamVe · commit 397086f01eae · 2025-09-29T10:59:22.000+02:00
diff --git a/android/app/src/main/kotlin/com/yubico/authenticator/fido/PersistentPinUvAuthTokenStore.kt b/android/app/src/main/kotlin/com/yubico/authenticator/fido/PersistentPinUvAuthTokenStore.kt
@@ -19,6 +19,8 @@ package com.yubico.authenticator.fido
 import android.content.Context
 import android.security.keystore.KeyGenParameterSpec
 import android.security.keystore.KeyProperties
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
 import java.io.File
 import java.security.KeyStore
 import javax.crypto.Cipher
@@ -37,6 +39,8 @@ class PersistentPinUvAuthTokenStore(private val context: Context) {
         private const val FILE_NAME = "ppuat.enc"
         private const val PAIR_SEPARATOR = "|"
         private const val ENTRY_SEPARATOR = ";"
+        private val logger: Logger =
+            LoggerFactory.getLogger(PersistentPinUvAuthTokenStore::class.java)
     }
 
     // Add or update a token for an identifier
@@ -63,29 +67,34 @@ class PersistentPinUvAuthTokenStore(private val context: Context) {
             }
     }
 
-    private fun getOrCreateSecretKey(): SecretKey {
-        val keyStore = KeyStore.getInstance(ANDROID_KEY_STORE)
-        keyStore.load(null)
-        val entry = keyStore.getEntry(KEY_ALIAS, null) as? KeyStore.SecretKeyEntry
-        return entry?.secretKey ?: run {
-            val keyGenerator =
-                KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, ANDROID_KEY_STORE)
-            val keyGenParameterSpec = KeyGenParameterSpec.Builder(
-                KEY_ALIAS,
-                KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT
-            )
-                .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
-                .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
-                .setKeySize(256)
-                .build()
-            keyGenerator.init(keyGenParameterSpec)
-            keyGenerator.generateKey()
+    private fun getSecretKey(): SecretKey? {
+        val keyStore = KeyStore.getInstance(ANDROID_KEY_STORE).apply { load(null) }
+        return try {
+            (keyStore.getEntry(KEY_ALIAS, null) as? KeyStore.SecretKeyEntry)?.secretKey
+        } catch (e: Exception) {
+            logger.error("Failed to get secret key: ", e)
+            null
         }
     }
 
+    private fun createSecretKey(): SecretKey {
+        val keyGenerator =
+            KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, ANDROID_KEY_STORE)
+        val keyGenParameterSpec = KeyGenParameterSpec.Builder(
+            KEY_ALIAS,
+            KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT
+        )
+            .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
+            .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
+            .setKeySize(256)
+            .build()
+        keyGenerator.init(keyGenParameterSpec)
+        return keyGenerator.generateKey()
+    }
+
     // Serialize the map as "identifier1|ppuat1;identifier2|ppuat2;..."
     private fun saveTokens(context: Context, tokens: Map<String, String>) {
-        val secretKey = getOrCreateSecretKey()
+        val secretKey = getSecretKey() ?: createSecretKey()
         val cipher = Cipher.getInstance(TRANSFORMATION)
         cipher.init(Cipher.ENCRYPT_MODE, secretKey)
         val iv = cipher.iv
@@ -105,23 +114,38 @@ class PersistentPinUvAuthTokenStore(private val context: Context) {
     private fun loadTokens(context: Context): Map<String, String> {
         val file = File(context.filesDir, FILE_NAME)
         if (!file.exists()) return emptyMap()
-        file.inputStream().use { fis ->
-            val ivSize = fis.read()
-            val iv = ByteArray(ivSize)
-            fis.read(iv)
-            val cipher = Cipher.getInstance(TRANSFORMATION)
-            val secretKey = getOrCreateSecretKey()
-            cipher.init(Cipher.DECRYPT_MODE, secretKey, GCMParameterSpec(128, iv))
-            CipherInputStream(fis, cipher).use { cis ->
-                val data = cis.readBytes().toString(Charsets.UTF_8)
-                if (data.isBlank()) return emptyMap()
-                return data.split(ENTRY_SEPARATOR)
-                    .mapNotNull {
-                        val parts = it.split(PAIR_SEPARATOR, limit = 2)
-                        if (parts.size == 2) parts[0] to parts[1] else null
-                    }
-                    .toMap()
+
+        // Try to get the key. If it doesn't exist, we have stale data.
+        val secretKey = getSecretKey() ?: run {
+            logger.warn("PPUAT file exists, but Keystore key is missing. Deleting stale file.")
+            file.delete()
+            return emptyMap()
+        }
+
+        return try {
+            file.inputStream().use { fis ->
+                val ivSize = fis.read()
+                if (ivSize == -1) return emptyMap() // Empty file
+                val iv = ByteArray(ivSize)
+                fis.read(iv)
+                val cipher = Cipher.getInstance(TRANSFORMATION)
+                cipher.init(Cipher.DECRYPT_MODE, secretKey, GCMParameterSpec(128, iv))
+                CipherInputStream(fis, cipher).use { cis ->
+                    val data = cis.readBytes().toString(Charsets.UTF_8)
+                    if (data.isBlank()) return emptyMap()
+                    return data.split(ENTRY_SEPARATOR)
+                        .mapNotNull {
+                            val parts = it.split(PAIR_SEPARATOR, limit = 2)
+                            if (parts.size == 2) parts[0] to parts[1] else null
+                        }
+                        .toMap()
+                }
             }
+        } catch (e: Exception) {
+            // This catches AEADBadTagException and other potential IOExceptions during decryption.
+            logger.error("Failed to decrypt PPUAT file, deleting it. ", e)
+            file.delete()
+            emptyMap()
         }
     }
 }
