2

I have encryption / decryption ciphers that I use in Android. It works great on Android 4.4

static void setKey(byte[] keybytes, byte[] iv) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
    key = new SecretKeySpec(keybytes, "AES");
    ivspec = new IvParameterSpec(iv);
    encryptcipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    encryptcipher.init(Cipher.ENCRYPT_MODE, key,ivspec);

    decryptcipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    decryptcipher.init(Cipher.DECRYPT_MODE, key,ivspec);        
}

However, whenever I run this on Android 4.3 I get this error 

07-25 17:17:25.917: W/System.err(27544): java.lang.RuntimeException: java.security.NoSuchAlgorithmException: SecureRandom SHA1PRNG implementation not found
07-25 17:17:25.927: W/System.err(27544):    at java.security.SecureRandom.<init>(SecureRandom.java:100)
07-25 17:17:25.927: W/System.err(27544):    at javax.crypto.Cipher.init(Cipher.java:564)
07-25 17:17:25.927: W/System.err(27544):    at com.chatads.sdk.bm.a(SourceFile:56)
07-25 17:17:25.927: W/System.err(27544):    at com.chatads.sdk.x.a(SourceFile:241)
07-25 17:17:25.927: W/System.err(27544):    at com.chatads.sdk.ax.run(SourceFile:66)
07-25 17:17:25.927: W/System.err(27544):    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:390)
07-25 17:17:25.927: W/System.err(27544):    at java.util.concurrent.FutureTask.run(FutureTask.java:234)
07-25 17:17:25.927: W/System.err(27544):    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:153)
07-25 17:17:25.927: W/System.err(27544):    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:267)
07-25 17:17:25.927: W/System.err(27544):    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)
07-25 17:17:25.927: W/System.err(27544):    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)
07-25 17:17:25.927: W/System.err(27544):    at java.lang.Thread.run(Thread.java:841)
07-25 17:17:25.927: W/System.err(27544): Caused by: java.security.NoSuchAlgorithmException: SecureRandom SHA1PRNG implementation not found
07-25 17:17:25.927: W/System.err(27544):    at java.security.Provider$Service.newInstance(Provider.java:1000)
07-25 17:17:25.927: W/System.err(27544):    at java.security.SecureRandom.<init>(SecureRandom.java:97)
07-25 17:17:25.927: W/System.err(27544):    ... 11 more
07-25 17:17:25.927: W/System.err(27544): Caused by: java.lang.IllegalAccessException: access to class not allowed
07-25 17:17:25.927: W/System.err(27544):    at java.lang.Class.newInstanceImpl(Native Method)
07-25 17:17:25.927: W/System.err(27544):    at java.lang.Class.newInstance(Class.java:1130)
07-25 17:17:25.927: W/System.err(27544):    at java.security.Provider$Service.newInstance(Provider.java:998)
07-25 17:17:25.927: W/System.err(27544):    ... 12 more

I ran this code 

Provider[] providers = Security.getProviders();
for (Provider provider : providers) {
    Log.i("CRYPTO","provider: "+provider.getName());
    Set<Provider.Service> services = provider.getServices();
    for (Provider.Service service : services) {
        Log.i("CRYPTO","  algorithm: "+service.getAlgorithm());
    }
}

found here What crypto algorithms does Android support?

All AES, AES/CBC/PKCS5Padding, and SHA1PRNG all appeared in the output. Is this an Android bug? or am I doing something wrong?

Community
  • 1
  • 1
Tyler Davis
  • 2,420
  • 2
  • 23
  • 19
  • This may help you: http://stackoverflow.com/questions/13433529/android-4-2-broke-my-encrypt-decrypt-code-and-the-provided-solutions-dont-work – Robin Ellerkmann Jul 28 '14 at 18:19
  • 1
    That has to do with generating keys pre and post Android 4.2 I don't do any Key generation at all, just use a key generated elsewhere to encrypt/decrypt – Tyler Davis Jul 28 '14 at 18:24
  • Which line of your code is throwing the exception? Also, notice that `Caused by: java.lang.IllegalAccessException: access to class not allowed` suggests something is very messed up. – President James K. Polk Jul 28 '14 at 23:02
  • @GregS encryptcipher.init(Cipher.ENCRYPT_MODE, key,ivspec); I agree that it is very messed up. – Tyler Davis Jul 29 '14 at 01:24

2 Answers2

1

I figured out how to guarantee the existence of the algorithms that I need. First I downloaded Spongey Castle and added that to my build path

I added SC as a Provider using this code

static {
    Security.insertProviderAt(new org.spongycastle.jce.provider.BouncyCastleProvider(), 1);
}

After doing so I still had the same error as before so then changing my code to 

static void setKey(byte[] keybytes, byte[] iv) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchProviderException
{
    /**
     * crypto is specifically stated here because without using AndroidOpenSSL for the SHA1PRNG breaks on some phones,
     * PRNGFixes.apply() should be called if using this
     * https://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html 
     */
    random = SecureRandom.getInstance("SHA1PRNG", "Crypto");
    key = new SecretKeySpec(keybytes, "AES");
    ivspec = new IvParameterSpec(iv);
    encryptcipher = Cipher.getInstance("AES/CFB/NoPadding", "SC");
    encryptcipher.init(Cipher.ENCRYPT_MODE, key, ivspec, random);

    decryptcipher = Cipher.getInstance("AES/CFB/NoPadding", "SC");
    decryptcipher.init(Cipher.DECRYPT_MODE, key, ivspec, random);       
}

fixed all of my problems, but then there is the security issue of using Crypto so I downloaded PRNGFixes found at https://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html and called apply elsewhere in the application before I used the crypto library

Tyler Davis
  • 2,420
  • 2
  • 23
  • 19
0

Simply removing the existing BC, and adding a new one works for me

static {
    Security.removeProvider("BC");
    Security.addProvider(new org.spongycastle.jce.provider.BouncyCastleProvider());
}
yerlilbilgin
  • 3,041
  • 2
  • 26
  • 21