Decrypt on Samsung N7100 sometimes fails about conceal HOT 9 CLOSED

That's interesting. Let me try getting a hold of this device to repro.

Till then, can you try running the integration tests on the note ||.

The steps should be simple:

1. Clone the repo
2. Run ./instrumentTest/crypto/run

This will help determine whether there is some bug on these phones

from conceal.

The integration tests runs ok. But my scenario may not be included in your test cases as I made a quick review of the tests. In my app, I encrypted the data once, and hold it in memory(no change to the encrypted data later). Then I decrypt the data multiple times. On NoteII, if there are continuous decryptions to the same data in a quick rate, normally after several successful decryptions, the later ones will fail with exception. If there is one failure, then all the later decryptions will fail as well. If at that time encryption is made, then I can notice that the encrypted data changes also. (I use a fake keychain which simply returns the bytes of a const string.)

from conceal.

I haven't been able to get a hold of a note 2 yet. I should be able to get it today. Thank you for the really useful info.
There is a test called SimpleDecryptTest which encrypts once in setUp

if you add test to this:

public void testDecryptValidDataMultipleTimes() throws Exception {
    for (int i = 0; i < 10000; ++i){
      byte[] plainText = mCrypto.decrypt(mCipheredData, new Entity(CryptoTestUtils.ENTITY_NAME));
      assertTrue(CryptoTestUtils.DECRYPTED_DATA_IS_DIFFERENT, Arrays.equals(mData, plainText));
    }
  }

It should be able to test the multiple quick decryption case. Are you able to repro this after adding this test.

If not it would be really awesome to have a test that is similar to the situation that you are using in your app.

from conceal.

I tried the new test. And I have also copied the logic of the test case into a simple app for test. The very interesting is that, in instrumentation test everything is ok; but in my test app it still fails. I have also tried to copy the .jar and so files from my local Conceal project to my test app project, but our of luck still.
My test app just have two buttons, before everything press button "encrypt" will encrypt the data:
mCipheredBytes = mCrypto.encrypt(mOrgBytes, mEntity);
And then pressing button "decrypt" will decrypt the data and check result:
byte[] bs = mCrypto.decrypt(mCipheredBytes, mEntity);
if(Arrays.equals(bs, mOrgBytes)){ .... }

from conceal.

I found the main difference of the test case and my test app is the implementation of keychain class.
In my KeyChain implementation, for methods of getCipherKey(), getMacKey() and getNewIV(), I return the same bytes of a string, like: "some string".getBytes().

Is this anything wrong?

from conceal.

Seems I have found the reason. Seems that for the native GCM cipher, the cipherKey and macKey must be 16 bytes long, and IV key must be 12 bytes long. There should be some javadoc about this requirement on the KeyChain interface, or there should be an exception thrown out if wrong length is returned.

from conceal.

That's awesome. Thanks for the feedback. I'll add an assert and a doc so that other people do not have to have the same problem.

from conceal.

#38

from conceal.

Thanks a lot!

from conceal.