Android: Provide option to lock saved credentials with PIN/biometrics

[charlag]

see issue #3444

Test notes

• First time after upgrading from the previous app version the prompt for selecting credential mode should be displayed.
  • Skip button for it uses authomatic mode
• First time saving credentials with fresh install should also prompt user for selection credential mode
  • Skip button for it uses authomatic mode
• Using saved credentials, successful unlock, cancelling prompt (when possible), failing (running out of attempts):
  • Android < 11 automatic
  • Android < 11 system password (unlock for 10 seconds after any authentication). Both biometrics and system password are available.
  • Android < 11 biometric
  • Android ≧ 11 automatic
  • Android ≧ 11 system password. Both biometrics and system password are available.
  • Android ≧ 11 biometric
• Check that switching between all modes works in Login settings. There's no button to skip in dialog.
  • Check that failing authentication shows a message
• Check that available modes are fetched correctly:
  • Android < 11 When there's no biometric added to the system there's no biometric mode
  • Android < 11 When there's no device password there's no biometric or system password mode
  • Android ≧ 11 When there's no biometric added to the system there's no biometric mode
  • Android ≧ 11 When there's no device password there's no biometric or system password mode
• Check key invalidation: Select biometric, add another fingerprint, try to log in with saved credentials. Message should be displayed that credentials are invalidated and all saved credentials should be deleted
  • Android < 11
  • Android ≧ 11

Regression testing

• Logging in with stored credentials
  • Webapp
  • Desktop app
  • iOS
• Logging in without stored credentials
  • Webapp
  • Desktop app
  • iOS
• Explorative testing
  • Calendar invites
  • Event invites
  • Search
  • External image blocking
  • Reading/writing/sending mails
  • Settings

[jowlo]

Testing on Android 9

• With System password or biometrics selected from Settings and a registered fingerprint after "entering" correct fingerprint:
  

  • Note one day later: We were again able to reproduce this, but could not really find a pattern. There is some state that if in this error occurs every time. But we don't really know how to get into the situation.

• Adding another fingerprint in the android settings after setting up Biometrics only in app does not invalidate credentials. Removing all fingerprints does invalidate.

Notes

• Switching from System password or biometrics to Biometrics only asks for fingerprint twice
• If a user does not have any device security activated, no dialog or setting option is shown at all. We might want to tell the user to setup a device password when saving the account's credentials.

[johnbotris]

Check key invalidation: Select biometric, add another fingerprint, try to log in with saved credentials. Message should be displayed that credentials are invalidated and all saved credentials should be deleted

It works, but the mail address field should be filled in in this case.

[johnbotris]

I setup stored credentials with biometrics only, then deleted one of my fingerprints, then got this error when trying to unlock credentials at the login screen.

Client: android
Type: UNKNOWN
Tutanota version: 3.89.7
Timestamp (UTC): Tue, 26 Oct 2021 14:25:22 GMT
User agent:
Mozilla/5.0 (Linux; Android 12; Pixel 4a Build/SP1A.210812.015; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/94.0.4606.85 Mobile Safari/537.36
de.tutao.tutanota.CryptoError
Error message: javax.crypto.IllegalBlockSizeException
Stacktrace:
de.tutao.tutanota.CryptoError: javax.crypto.IllegalBlockSizeException
at de.tutao.tutanota.AndroidKeyStoreFacade.decryptData(AndroidKeyStoreFacade.java:153)
at de.tutao.tutanota.credentials.CredentialsEncryptionFromAPI30.decryptUsingKeychain(CredentialsEncryptionFromAPI30.java:48)
at de.tutao.tutanota.Native.invokeMethod(Native.java:325)
at de.tutao.tutanota.Native.lambda$invoke$2(Native.java:98)
at de.tutao.tutanota.Native.$r8$lambda$f7qJ0eoqELxVifjuL5uWd7yLx-I(Unknown Source:0)
at de.tutao.tutanota.Native$$ExternalSyntheticLambda2.run(Unknown Source:4)
at java.lang.Thread.run(Thread.java:920)
Caused by: javax.crypto.IllegalBlockSizeException
at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:613)
at javax.crypto.Cipher.doFinal(Cipher.java:2055)
at de.tutao.tutanota.AndroidKeyStoreFacade.decryptData(AndroidKeyStoreFacade.java:151)
... 6 more
Caused by: android.security.KeyStoreException: Key user not authenticated
at android.security.KeyStore2.getKeyStoreException(KeyStore2.java:356)
at android.security.KeyStoreOperation.handleExceptions(KeyStoreOperation.java:78)
at android.security.KeyStoreOperation.update(KeyStoreOperation.java:114)
at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer$MainDataStream.update(KeyStoreCryptoOperationChunkedStreamer.java:222)
at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.update(KeyStoreCryptoOperationChunkedStreamer.java:156)
at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:179)
at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:603)

Login fails in this case. It seems like this breaks the app, since I can't delete the credentials because it's impossible to unlock the credentials. The only fix is to clear app storage.

[charlag]

Testing on Android 9

* With **System password or biometrics** selected from Settings and a registered fingerprint after "entering" correct fingerprint:
  <img alt="" width="180" src="https://user-images.githubusercontent.com/6842104/138706105-85e1d640-d5fd-4689-9956-a1675c4740b7.png"> <img alt="" width="180" src="https://user-images.githubusercontent.com/6842104/138706111-f95aae3d-90a8-407a-b7f5-b9ac018f236c.png"> <img alt="" width="180" src="https://user-images.githubusercontent.com/6842104/138706113-6f97a8cd-6396-48ad-9cda-624f3e61342c.png">
  
  * **Note one day later:** We were again able to reproduce this, but could not really find a pattern. There is some state that if in this error occurs every time. But we don't really know how to get into the situation.

* Adding another fingerprint in the android settings after setting up _Biometrics only_ in app does **not** invalidate credentials. Removing all fingerprints does invalidate.

Notes

* Switching from _System password or biometrics_ to _Biometrics only_ asks for fingerprint twice

* If a user does not have any device security activated, no dialog or setting option is shown at all. We might want to tell the user to setup a device password when saving the account's credentials.

important part about device password authentication is that it was time-based before Android 10. So it might not ask if you just authenticated (timer is 10 sec)

[charlag]

* Adding another fingerprint in the android settings after setting up _Biometrics only_ in app does **not** invalidate credentials. Removing all fingerprints does invalidate.

This seems to be an issue with Android Emulator since it happens with both Android 9 and 10 emulators but not with Android 10 device

[charlag]

If a user does not have any device security activated, no dialog or setting option is shown at all. We might want to tell the user to setup a device password when saving the account's credentials.

We actually always show automatic option because it is always available.