• This repository has been archived on 03/Mar/2020
  • Stars
    star
    2,966
  • Rank 15,265 (Top 0.4 %)
  • Language
    C++
  • License
    Other
  • Created almost 11 years ago
  • Updated almost 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Conceal provides easy Android APIs for performing fast encryption and authentication of data.

What is Conceal? Build Status

Conceal provides a set of Java APIs to perform cryptography on Android. It was designed to be able to encrypt large files on disk in a fast and memory efficient manner.

The major target for this project is typical Android devices which run old Android versions, have low memory and slower processors.

Unlike other libraries, which provide a Smorgasbord of encryption algorithms and options, Conceal prefers to abstract this choice and use sane defaults. Thus Conceal is not a general purpose crypto library, however it aims to provide useful functionality.

Upgrading version? Check the Upgrade notes for key compatibility!

IMPORTANT: Initializing the library loader

Since v2.0.+ (2017-06-27) you will need to initialize the native library loader. This step is needed because the library loader uses the context. The highly suggested way to do it is in the application class onCreate method like this:

import com.facebook.soloader.SoLoader;
public class MyApplication extends Application {
    @Override
    public void onCreate() {
        super.onCreate();
        SoLoader.init(this, false);
    }
}

Quick start

Setup options

  1. Use Maven Central: Available on maven central under com.facebook.conceal:conceal:2.0.1@aar as an AAR package. If you use Android Studio and select the library using the UI, make sure to change build.gradle to include the @aar suffix. Otherwise the library won't be included.

  2. Build using gradle

./gradlew build

It uses gradlew so it takes care of downloading Gradle and all the dependencies it needs. Output will be in /build/outputs/aar/ directory.

  1. Use prebuilt binaries: http://facebook.github.io/conceal/documentation/. (linked documentation needs update)
An aside on KitKat

Conceal predates Jellybean 4.3. On KitKat, Android changed the provider for cryptographic algorithms to OpenSSL. The default Cipher stream however still does not perform well. When replaced with our Cipher stream (see BetterCipherInputStream), the default implementation is competitive against Conceal. On older phones, Conceal is faster than the system provided libraries.

Re-build OpenSSL library

You can run make from the openssl directory. It will download the code and copile the libraries for each architecture.

# go to /third-party/openssl
make

Before running any test!

Test uses BUCK build tool. BUCK uses the source code for OpenSSL. If you didn't already rebuilt OpenSSL form scrach (previous item) then run this:

# go to /third-party/openssl
make clone

That will download the OpenSSL code to a subdirectory.

Running unit tests

# C++ tests
buck test :cpp

Running integration tests

# Emulator/device tests
./instrumentTest/crypto/run

Since Conceal uses native libraries, the only way to run a test on the entire encryption process is using integration tests.

Running Benchmarks

./benchmarks/run \
  benchmarks/src/com/facebook/crypto/benchmarks/CipherReadBenchmark.java \
  -- -Dsize=102400

This script runs vogar with caliper benchmarks. You can also specify all the options caliper provides.

Usage

Entity and keys

Entity: this is a not-secret identifier of your data. It's used for integrity check purposes (to know that the content has not been tampered) and also to verify it was not swapped with another valid encrypted content/file.

Key: the key is provided by the KeyChain implementation passed to the Crypto object. So each time a new encryption is requested, the key is requested to the KeyChain. The key is generated randomly the first time on demand. You might change the implementation by we strongly suggest to generate a random value. If the encryption key needs for some reason to be based on a text password, you can try using the PasswordBasedKeyGenerator object.

Encryption

// Creates a new Crypto object with default implementations of a key chain
KeyChain keyChain = new SharedPrefsBackedKeyChain(context, CryptoConfig.KEY_256);
Crypto crypto = AndroidConceal.get().createDefaultCrypto(keyChain);

// Check for whether the crypto functionality is available
// This might fail if Android does not load libaries correctly.
if (!crypto.isAvailable()) {
  return;
}

OutputStream fileStream = new BufferedOutputStream(
  new FileOutputStream(file));

// Creates an output stream which encrypts the data as
// it is written to it and writes it out to the file.
OutputStream outputStream = crypto.getCipherOutputStream(
  fileStream,
  Entity.create("entity_id"));

// Write plaintext to it.
outputStream.write(plainText);
outputStream.close();

Decryption

// Get the file to which ciphertext has been written.
FileInputStream fileStream = new FileInputStream(file);

// Creates an input stream which decrypts the data as
// it is read from it.
InputStream inputStream = crypto.getCipherInputStream(
  fileStream,
  Entity.create("entity_id"));

// Read into a byte array.
int read;
byte[] buffer = new byte[1024];

// You must read the entire stream to completion.
// The verification is done at the end of the stream.
// Thus not reading till the end of the stream will cause
// a security bug. For safety, you should not
// use any of the data until it's been fully read or throw
// away the data if an exception occurs.
while ((read = inputStream.read(buffer)) != -1) {
  out.write(buffer, 0, read);
}

inputStream.close();

If you don't have a lot of data to encrypt, you could use the convenience functions:

byte[] cipherText = crypto.encrypt(plainText, Entity.create("mytext"));

byte[] plainText = crypto.decrypt(cipherText, Entity.create("mytext"));

Integrity

OutputStream outputStream = crypto.getMacOutputStream(fileStream, entity);
outputStream.write(plainTextBytes);
outputStream.close();

InputStream inputStream = crypto.getMacInputStream(fileStream, entity);

// Will throw an exception if mac verification fails.
// You must read the entire stream to completion.
// The verification is done at the end of the stream.
// Thus not reading till the end of the stream will cause
// a security bug. For safety, you should not
// use any of the data until it's been fully read or throw
// away the data if an exception occurs.
while((read = inputStream.read(buffer)) != -1) {
  out.write(buffer, 0, read);
}
inputStream.close();

Upgrade notes

Starting with v1.1 recommended encryption will use a 256-bit key (instead of 128-bit). This means stronger security. You should use this default.

If you need to read from an existing file, you still will need 128-bit encryption. You can use the old way of creating Crypto objects as it preserves its 128-bit behavior. Although ideally you should re-encrypt that content with a 256-bit key.

Also there's an improved way of creating Entity object which is platform independent. It's strongly recommended for new encrypted items although you need to stick to the old way for already encrypted content.

Existing code still with 128-bit keys and old Entity (deprecated)

// this constructor creates a key chain that produces 128-bit keys
KeyChain keyChain = new SharedPrefsBackedKeyChain(context);
// this constructor creates a crypto that uses  128-bit keys
Crypto crypto = new Crypto(keyChain, library);
Entity entity = new Entity(someStringId);

New code using 256-keys and Entity.create

We recommend the use of the factory class AndroidConceal.

// explicitely create 256-bit key chain
KeyChain keyChain = new SharedPrefsBackedKeyChain(context, CryptoConfig.KEY_256);
// create the default crypto (expects 256-bit key)
AndroidConceal.get().createDefaultCrypto(keyChain);
// factory class also has explicit methods: createCrypto128Bits and ceateCrypto256Bits if desired.
Entity entity = Entity.create(someStringId);

Troubleshooting

I'm getting NoSuchFieldError on runtime

If you hit an error on runtime and it says something similar to:

java.lang.NoSuchFieldError: no field with name='mCtxPtr' signature='J' in class Lcom/facebook/crypto/cipher/NativeGCMCipher;

This happens because native code needs to refer to Java fields/methods. For doing so it uses typical JNI functions which receive the name and signature. At the same time tools like proguard trim off or rename class members in order to get smaller executables. Normally this process is run on release versions. When native code request the member, it's not present anymore.

To avoid this kind of problems exceptions can be defined. You will need to configure proguard with the rules defined in proguard_annotations.pro. You can use the file as is, or you can include its content in your own proguard configuration file.

More Repositories

1

draft-js

A React framework for building text editors.
JavaScript
22,506
star
2

pop

An extensible iOS and OS X animation library, useful for physics-based interactions.
Objective-C++
19,716
star
3

flux

Application Architecture for Building User Interfaces
JavaScript
17,397
star
4

prepack

A JavaScript bundle optimizer.
JavaScript
14,271
star
5

AsyncDisplayKit

Smooth asynchronous user interfaces for iOS apps.
Objective-C++
13,447
star
6

stetho

Stetho is a debug bridge for Android applications, enabling the powerful Chrome Developer Tools and much more.
Java
12,653
star
7

Shimmer

An easy way to add a simple, shimmering effect to any view in an iOS app.
Objective-C
9,375
star
8

react-360

Create amazing 360 and VR content using React
JavaScript
8,702
star
9

caffe2

Caffe2 is a lightweight, modular, and scalable deep learning framework.
Shell
8,420
star
10

nuclide

An open IDE for web and native mobile development, built on top of Atom
JavaScript
7,816
star
11

KVOController

Simple, modern, thread-safe key-value observing for iOS and OS X.
Objective-C
7,359
star
12

three20

Three20 is an Objective-C library for iPhone developers
Objective-C
7,265
star
13

xctool

An extension for Apple's xcodebuild that makes it easier to test iOS and macOS apps.
Objective-C
6,954
star
14

fbctf

Platform to host Capture the Flag competitions
Hack
6,495
star
15

rebound

A Java library that models spring dynamics and adds real world physics to your app.
Java
5,444
star
16

Keyframes

A library for converting Adobe AE shape based animations to a data format and playing it back on Android and iOS devices.
JavaScript
5,343
star
17

shimmer-android

An easy, flexible way to add a shimmering effect to any view in an Android app.
Java
5,265
star
18

grace

Graceful restart & zero downtime deploy for Go servers.
Go
4,899
star
19

Tweaks

An easy way to fine-tune, and adjust parameters for iOS apps in development.
Objective-C
4,751
star
20

augmented-traffic-control

Augmented Traffic Control: A tool to simulate network conditions
Python
4,331
star
21

fixed-data-table

A React table component designed to allow presenting thousands of rows of data.
JavaScript
4,314
star
22

WebDriverAgent

A WebDriver server for iOS that runs inside the Simulator.
Objective-C
4,096
star
23

huxley

A testing system for catching visual regressions in Web applications.
Python
4,086
star
24

codemod

Codemod is a tool/library to assist you with large-scale codebase refactors that can be partially automated but still require human oversight and occasional intervention. Codemod was developed at Facebook and released as open source.
Python
4,069
star
25

scribe

Scribe is a server for aggregating log data streamed in real time from a large number of servers.
C++
3,932
star
26

FBMemoryProfiler

iOS tool that helps with profiling iOS Memory usage.
Objective-C
3,417
star
27

mention-bot

Automatically mention potential reviewers on pull requests.
JavaScript
3,371
star
28

facebook-php-sdk

This SDK is deprecated. Find the new SDK here: https://github.com/facebook/facebook-php-sdk-v4
PHP
3,289
star
29

origami

A Quartz Composer framework that enables interactive design prototyping without programming.
Objective-C
3,280
star
30

RakNet

RakNet is a cross platform, open source, C++ networking engine for game programmers.
HTML
3,211
star
31

network-connection-class

Listen to current network traffic in the app and categorize the quality of the network.
Java
3,178
star
32

beringei

Beringei is a high performance, in-memory storage engine for time series data.
C++
3,159
star
33

php-graph-sdk

The Facebook SDK for PHP provides a native interface to the Graph API and Facebook Login. https://developers.facebook.com/docs/php
PHP
3,146
star
34

react-native-fbsdk

A React Native wrapper around the Facebook SDKs for Android and iOS. Provides access to Facebook login, sharing, graph requests, app events etc.
Java
2,993
star
35

python-instagram

Python Client for Instagram API
Python
2,966
star
36

webscalesql-5.6

WebScaleSQL, Version 5.6, based upon the MySQL-5.6 community releases.
C++
2,954
star
37

ios-snapshot-test-case

Snapshot view unit tests for iOS
Objective-C
2,674
star
38

device-year-class

A library that analyzes an Android device's specifications and calculates which year the device would be considered "high end”.
Java
2,581
star
39

BOLT

Binary Optimization and Layout Tool - A linux command-line utility used for optimizing performance of binaries
2,497
star
40

pfff

Tools for code analysis, visualizations, or style-preserving source transformation.
OCaml
2,439
star
41

fb.resnet.torch

Torch implementation of ResNet from http://arxiv.org/abs/1512.03385 and training scripts
Lua
2,243
star
42

redux-react-hook

React Hook for accessing state and dispatch from a Redux store
TypeScript
2,164
star
43

Surround360

Surround360 is Facebook's open source hardware and software for capturing stereoscopic 3D 360 video for VR. The repo contains hardware designs, as well as software for camera control and rendering.
C++
2,153
star
44

xcbuild

Xcode-compatible build tool.
C++
2,000
star
45

LogDevice

Distributed storage for sequential data
C++
1,888
star
46

MemNN

Memory Networks implementations
Lua
1,757
star
47

rebound-js

Spring dynamics in JavaScript.
JavaScript
1,754
star
48

redis-faina

A query analyzer that parses Redis' MONITOR command for counter/timing stats about query patterns
Python
1,749
star
49

fb-flo

A Chrome extension that lets you modify running apps without reloading them.
JavaScript
1,692
star
50

planout

PlanOut is a library and interpreter for designing online experiments.
JavaScript
1,664
star
51

libphenom

An eventing framework for building high performance and high scalability systems in C.
C
1,662
star
52

flashcache

A general purpose, write-back block cache for Linux.
C
1,601
star
53

python-nubia

A command-line and interactive shell framework.
Python
1,595
star
54

profilo

A library for performance traces from production.
C
1,577
star
55

facebook-swift-sdk

Integrate your iOS apps in Swift with Facebook Platform.
Swift
1,519
star
56

instagram-ruby-gem

The official gem for the Instagram API
Ruby
1,461
star
57

inject

Package inject provides a reflect based injector.
Go
1,393
star
58

Flicks

A unit of time defined in C++.
C++
1,388
star
59

duckling_old

Deprecated in favor of https://github.com/facebook/duckling
Clojure
1,322
star
60

connect-js

Legacy JavaScript SDK
JavaScript
1,237
star
61

atom-in-orbit

Putting Atom in the browser
JavaScript
1,183
star
62

phpsh

A read-eval-print-loop for php
Emacs Lisp
1,160
star
63

C3D

C3D is a modified version of BVLC caffe to support 3D ConvNets.
Jupyter Notebook
1,159
star
64

sublime-react

Sublime Text helpers for React. Syntax highlighting DEPRECATED in favor of babel/babel-sublime
JavaScript
1,144
star
65

fb-adb

A better shell for Android devices
C
1,139
star
66

iTorch

IPython kernel for Torch with visualization and plotting
Jupyter Notebook
1,104
star
67

FBAllocationTracker

iOS library that helps tracking all allocated Objective-C objects
Objective-C++
1,094
star
68

fbcunn

Facebook's extensions to torch/cunn.
Lua
1,069
star
69

emitter

A JS EventEmitter foundation for evented code
JavaScript
1,041
star
70

bistro

Bistro is a flexible distributed scheduler, a high-performance framework supporting multiple paradigms while retaining ease of configuration, management, and monitoring.
C++
1,040
star
71

relay-starter-kit

Barebones starting point for a Relay application.
JavaScript
1,017
star
72

torchnet

Torch on steroids
Lua
992
star
73

react-meteor

React rendering for Meteor apps
JavaScript
953
star
74

atom-ide-ui

A collection of user interfaces for Atom IDE.
JavaScript
936
star
75

NAMAS

Neural Attention Model for Abstractive Summarization
Lua
910
star
76

nifty

Thrift on Netty
Java
899
star
77

swift

An annotation-based Java library for creating Thrift serializable types and services.
Java
889
star
78

bAbI-tasks

Task generation for testing text understanding and reasoning
Lua
886
star
79

hadoop-20

Facebook's Realtime Distributed FS based on Apache Hadoop 0.20-append
Java
876
star
80

loop

A method to generate speech across multiple speakers
Python
872
star
81

IGInterfaceDataTable

A category on WKInterfaceTable that makes configuring tables with multi-dimensional data easier.
Objective-C
837
star
82

mononoke

A Mercurial source control server, specifically designed to support large monorepos.
822
star
83

react-page

Easy Application Development with React JavaScript
JavaScript
795
star
84

f8DeveloperConferenceApp

[Archive] f8 2014 Conference App
HTML
761
star
85

nailgun

Nailgun is a client, protocol, and server for running Java programs from the command line without incurring the JVM startup overhead.
Java
734
star
86

WEASEL

DNS covert channel implant for Red Teams.
Python
725
star
87

RiftDK1

Firmware, Schematics, and Mechanicals for the Oculus Rift Development Kit 1
C
688
star
88

jcommon

concurrency, collections, stats/analytics, config, testing, etc
Java
677
star
89

proguard

A fork of ProGuard.
Java
661
star
90

bootstrapped

Generate bootstrapped confidence intervals for A/B testing in Python.
Python
631
star
91

ig-lazy-module-loader

Library that implements module lazy loading.
Java
630
star
92

opencompute

A community of engineers whose mission is to design and enable the delivery of the most efficient server, storage and data center hardware designs for scalable computing.
TeX
624
star
93

flint

An open-source lint program for C++ developed by, and formerly used at Facebook.
D
622
star
94

fblualib

Facebook libraries and utilities for Lua
Lua
615
star
95

remodel

Remodel is a tool that helps iOS and OS X developers avoid repetitive code by generating Objective-C models that support coding, value comparison, and immutability.
TypeScript
609
star
96

eyescream

natural image generation using ConvNets
Lua
599
star
97

react-python

Python bridge to JSX & the React JavaScript library.
Python
576
star
98

spacetime

Experimental iOS library for live transformations on parts of layers.
Objective-C
528
star
99

warp

A fast preprocessor for C and C++
D
521
star
100

FBNotifications

Facebook Analytics In-App Notifications Framework
Objective-C
494
star