fix(crypto): Serialize key usage during encrypt/decrypt to prevent AEADBadTagException

Author: harrytmthy

safebox/src/androidTest/java/com/harrytmthy/safebox/SafeBoxTest.kt

@@ -223,6 +223,26 @@ class SafeBoxTest {
         assertEquals(-1, safeBox.getInt("0", -1))
     }
 
+    @Test
+    fun apply_then_commit_whenRepeatedManyTimes_shouldReturnCorrectValues() {
+        safeBox = createSafeBox(ioDispatcher = Dispatchers.IO)
+
+        safeBox.edit().apply {
+            repeat(100) {
+                putInt(it.toString(), it)
+                if (it % 2 == 0) {
+                    apply()
+                } else {
+                    commit()
+                }
+            }
+        }
+
+        repeat(100) {
+            assertEquals(it, safeBox.getInt(it.toString(), -1))
+        }
+    }
+
     private fun createSafeBox(
         ioDispatcher: CoroutineDispatcher = UnconfinedTestDispatcher(),
         stateListener: SafeBoxStateListener? = null,

safebox/src/main/java/com/harrytmthy/safebox/cryptography/ChaCha20CipherProvider.kt

@@ -40,34 +40,38 @@ internal class ChaCha20CipherProvider(
 
     private val cipherPool = SingletonCipherPoolProvider.getChaCha20CipherPool()
 
-    override fun encrypt(plaintext: ByteArray): ByteArray {
-        val iv = if (deterministic) {
-            MessageDigest.getInstance(DIGEST_SHA256).digest(plaintext).copyOf(IV_SIZE)
-        } else {
-            SecureRandomProvider.generate(IV_SIZE)
-        }
-        val paramSpec = AEADParameterSpec(iv, MAC_SIZE_BITS)
-        val key = keyProvider.getOrCreateKey()
-        val encrypted = cipherPool.withCipher { cipher ->
-            cipher.init(Cipher.ENCRYPT_MODE, key, paramSpec)
-            cipher.doFinal(plaintext)
+    private val cipherLock = Any()
+
+    override fun encrypt(plaintext: ByteArray): ByteArray =
+        synchronized(cipherLock) {
+            val iv = if (deterministic) {
+                MessageDigest.getInstance(DIGEST_SHA256).digest(plaintext).copyOf(IV_SIZE)
+            } else {
+                SecureRandomProvider.generate(IV_SIZE)
+            }
+            val paramSpec = AEADParameterSpec(iv, MAC_SIZE_BITS)
+            val key = keyProvider.getOrCreateKey()
+            val encrypted = cipherPool.withCipher { cipher ->
+                cipher.init(Cipher.ENCRYPT_MODE, key, paramSpec)
+                cipher.doFinal(plaintext)
+            }
+            (key as? SafeSecretKey)?.releaseHeapCopy()
+            iv + encrypted
         }
-        (key as? SafeSecretKey)?.releaseHeapCopy()
-        return iv + encrypted
-    }
 
-    override fun decrypt(ciphertext: ByteArray): ByteArray {
-        val iv = ciphertext.copyOfRange(0, IV_SIZE)
-        val actual = ciphertext.copyOfRange(IV_SIZE, ciphertext.size)
-        val paramSpec = AEADParameterSpec(iv, MAC_SIZE_BITS)
-        val key = keyProvider.getOrCreateKey()
-        val plaintext = cipherPool.withCipher { cipher ->
-            cipher.init(Cipher.DECRYPT_MODE, key, paramSpec)
-            cipher.doFinal(actual)
+    override fun decrypt(ciphertext: ByteArray): ByteArray =
+        synchronized(cipherLock) {
+            val iv = ciphertext.copyOfRange(0, IV_SIZE)
+            val actual = ciphertext.copyOfRange(IV_SIZE, ciphertext.size)
+            val paramSpec = AEADParameterSpec(iv, MAC_SIZE_BITS)
+            val key = keyProvider.getOrCreateKey()
+            val plaintext = cipherPool.withCipher { cipher ->
+                cipher.init(Cipher.DECRYPT_MODE, key, paramSpec)
+                cipher.doFinal(actual)
+            }
+            (key as? SafeSecretKey)?.releaseHeapCopy()
+            plaintext
         }
-        (key as? SafeSecretKey)?.releaseHeapCopy()
-        return plaintext
-    }
 
     override fun destroyKey() {
         keyProvider.destroyKey()