Merge branch 'release/2.10.4'

2.10.3

CHANGELOG

@@ -1,3 +1,55 @@
+KeePassDX(2.10.4)
+ * Hot fix to increase the opening speed of database #1028
+
+KeePassDX(2.10.3)
+ * Improve Magikeyboard options description #1022 #1023 (Thx @djibux)
+ * Fix database opened without notification (database is now closed when screen is killed in background #1025)
+ * Fix biometric prompt #1018
+
+KeePassDX(2.10.2)
+ * Fix search fields references #987
+ * Fix Auto-Types with same key #997
+
+KeePassDX(2.10.1)
+ * Fix parcelable with custom data #986
+
+KeePassDX(2.10.0)
+ * Manage new database format 4.1 #956
+ * Fix show button consistency #980
+ * Fix persistent notification #979
+
+KeePassDX(2.9.20)
+ * Fix search with non-latin chars #971
+ * Fix action mode with search #972 (rollback ignore accents #945)
+ * Fix timeout with 0s #974
+
+KeePassDX(2.9.19)
+ * Fix search slowdown #964
+ * Fix closing notification after lock request #965
+ * Better temp advanced unlocking code implementation #965
+ * Fix OTP token generation #967
+
+KeePassDX(2.9.18)
+ * Move groups #658
+ * Improve autofill recognition #960
+ * Remove diacritical marks in search string #945
+ * Fix search in references #962
+ * Fix themes in Libre version
+
+KeePassDX(2.9.17)
+ * Import / Export app properties #839
+ * Force twofish padding compatibility #955
+ * Better timeout preference #579
+
+KeePassDX(2.9.16)
+ * Fix small bugs #948
+
+KeePassDX(2.9.15)
+ * Fix themes #935 #926
+ * Decrease default clipboard time #934
+ * Better opening performance #929 #933
+ * Fix memory usage setting #941
+
 KeePassDX(2.9.14)
  * Add custom icons #96
  * Dark Themes #532 #714

app/build.gradle

@@ -9,10 +9,10 @@ android {
 
     defaultConfig {
         applicationId "com.kunzisoft.keepass"
-        minSdkVersion 14
+        minSdkVersion 15
         targetSdkVersion 30
-        versionCode = 65
-        versionName = "2.9.14"
+        versionCode = 82
+        versionName = "2.10.4"
         multiDexEnabled true
 
         testApplicationId = "com.kunzisoft.keepass.tests"
@@ -29,12 +29,6 @@ android {
         }
     }
 
-    externalNativeBuild {
-        cmake {
-            path "src/main/jni/CMakeLists.txt"
-        }
-    }
-
     buildTypes {
         release {
             minifyEnabled = false
@@ -115,7 +109,7 @@ dependencies {
     implementation 'androidx.constraintlayout:constraintlayout:2.0.4'
     implementation 'androidx.viewpager2:viewpager2:1.1.0-alpha01'
     implementation 'androidx.documentfile:documentfile:1.0.1'
-    implementation 'androidx.biometric:biometric:1.1.0-rc01'
+    implementation 'androidx.biometric:biometric:1.1.0'
     // Lifecycle - LiveData - ViewModel - Coroutines
     implementation "androidx.core:core-ktx:1.3.2"
     implementation 'androidx.fragment:fragment-ktx:1.2.5'
@@ -126,8 +120,6 @@ dependencies {
     kapt "androidx.room:room-compiler:$room_version"
     // Autofill
     implementation "androidx.autofill:autofill:1.1.0"
-    // Crypto
-    implementation 'org.bouncycastle:bcprov-jdk15on:1.65.01'
     // Time
     implementation 'joda-time:joda-time:2.10.6'
     // Color
@@ -137,6 +129,8 @@ dependencies {
     // Apache Commons
     implementation 'commons-io:commons-io:2.8.0'
     implementation 'commons-codec:commons-codec:1.15'
+    // Encrypt lib
+    implementation project(path: ':crypto')
     // Icon pack
     implementation project(path: ':icon-pack-classic')
     implementation project(path: ':icon-pack-material')

app/src/androidTest/java/com/kunzisoft/keepass/tests/crypto/AESKeyTest.kt

@@ -1,67 +0,0 @@
-/*
- * Copyright 2017 Brian Pellin, Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- * KeePassDX is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * KeePassDX is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with KeePassDX. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.tests.crypto
-
-import org.junit.Assert.assertArrayEquals
-
-import java.io.IOException
-import java.util.Random
-
-import junit.framework.TestCase
-
-import com.kunzisoft.keepass.crypto.finalkey.AndroidAESKeyTransformer
-import com.kunzisoft.keepass.crypto.finalkey.NativeAESKeyTransformer
-
-class AESKeyTest : TestCase() {
-    private lateinit var mRand: Random
-
-    @Throws(Exception::class)
-    override fun setUp() {
-        super.setUp()
-
-        mRand = Random()
-    }
-
-    @Throws(IOException::class)
-    fun testAES() {
-        // Test both an old and an even number to test my flip variable
-        testAESFinalKey(5)
-        testAESFinalKey(6)
-    }
-
-    @Throws(IOException::class)
-    private fun testAESFinalKey(rounds: Long) {
-        val seed = ByteArray(32)
-        val key = ByteArray(32)
-        val nativeKey: ByteArray?
-        val androidKey: ByteArray?
-
-        mRand.nextBytes(seed)
-        mRand.nextBytes(key)
-
-        val androidAESKey = AndroidAESKeyTransformer()
-        androidKey = androidAESKey.transformMasterKey(seed, key, rounds)
-
-        val nativeAESKey = NativeAESKeyTransformer()
-        nativeKey = nativeAESKey.transformMasterKey(seed, key, rounds)
-
-        assertArrayEquals("Does not match", androidKey, nativeKey)
-    }
-}

app/src/androidTest/java/com/kunzisoft/keepass/tests/crypto/AESTest.kt

@@ -1,83 +0,0 @@
-/*
- * Copyright 2017 Brian Pellin, Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- * KeePassDX is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * KeePassDX is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with KeePassDX. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.tests.crypto
-
-import com.kunzisoft.keepass.crypto.CipherFactory
-
-import junit.framework.TestCase
-
-import java.security.InvalidAlgorithmParameterException
-import java.security.InvalidKeyException
-import java.security.NoSuchAlgorithmException
-import java.util.Random
-
-import javax.crypto.BadPaddingException
-import javax.crypto.Cipher
-import javax.crypto.IllegalBlockSizeException
-import javax.crypto.NoSuchPaddingException
-import javax.crypto.spec.IvParameterSpec
-import javax.crypto.spec.SecretKeySpec
-
-import org.junit.Assert.assertArrayEquals
-
-class AESTest : TestCase() {
-
-    private val mRand = Random()
-
-    @Throws(InvalidKeyException::class, NoSuchAlgorithmException::class, NoSuchPaddingException::class, IllegalBlockSizeException::class, BadPaddingException::class, InvalidAlgorithmParameterException::class)
-    fun testEncrypt() {
-        // Test above below and at the blocksize
-        testFinal(15)
-        testFinal(16)
-        testFinal(17)
-
-        // Test random larger sizes
-        val size = mRand.nextInt(494) + 18
-        testFinal(size)
-    }
-
-    @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, IllegalBlockSizeException::class, BadPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
-    private fun testFinal(dataSize: Int) {
-
-        // Generate some input
-        val input = ByteArray(dataSize)
-        mRand.nextBytes(input)
-
-        // Generate key
-        val keyArray = ByteArray(32)
-        mRand.nextBytes(keyArray)
-        val key = SecretKeySpec(keyArray, "AES")
-
-        // Generate IV
-        val ivArray = ByteArray(16)
-        mRand.nextBytes(ivArray)
-        val iv = IvParameterSpec(ivArray)
-
-        val android = CipherFactory.getInstance("AES/CBC/PKCS5Padding", true)
-        android.init(Cipher.ENCRYPT_MODE, key, iv)
-        val outAndroid = android.doFinal(input, 0, dataSize)
-
-        val nat = CipherFactory.getInstance("AES/CBC/PKCS5Padding")
-        nat.init(Cipher.ENCRYPT_MODE, key, iv)
-        val outNative = nat.doFinal(input, 0, dataSize)
-
-        assertArrayEquals("Arrays differ on size: $dataSize", outAndroid, outNative)
-    }
-}

app/src/androidTest/java/com/kunzisoft/keepass/tests/crypto/EncryptionTest.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2017 Brian Pellin, Jeremy Jamet / Kunzisoft.
+ * Copyright 2021 Jeremy Jamet / Kunzisoft.
  *
  * This file is part of KeePassDX.
  *
@@ -19,44 +19,32 @@
  */
 package com.kunzisoft.keepass.tests.crypto
 
+import com.kunzisoft.keepass.utils.readBytesLength
+import com.kunzisoft.keepass.database.crypto.EncryptionAlgorithm
 import org.junit.Assert.assertArrayEquals
-
+import org.junit.Test
 import java.io.ByteArrayInputStream
 import java.io.ByteArrayOutputStream
-import java.io.IOException
-import java.security.InvalidAlgorithmParameterException
-import java.security.InvalidKeyException
-import java.security.NoSuchAlgorithmException
-import java.util.Random
-
-import javax.crypto.BadPaddingException
+import java.util.*
 import javax.crypto.Cipher
+import javax.crypto.CipherInputStream
 import javax.crypto.CipherOutputStream
-import javax.crypto.IllegalBlockSizeException
-import javax.crypto.NoSuchPaddingException
 
-import junit.framework.TestCase
-
-import com.kunzisoft.keepass.crypto.CipherFactory
-import com.kunzisoft.keepass.crypto.engine.AesEngine
-import com.kunzisoft.keepass.stream.BetterCipherInputStream
-import com.kunzisoft.keepass.stream.LittleEndianDataInputStream
-
-class CipherTest : TestCase() {
+class EncryptionTest {
     private val rand = Random()
 
-    @Throws(InvalidKeyException::class, NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidAlgorithmParameterException::class, IllegalBlockSizeException::class, BadPaddingException::class)
+    @Test
     fun testCipherFactory() {
         val key = ByteArray(32)
+        rand.nextBytes(key)
+
         val iv = ByteArray(16)
+        rand.nextBytes(iv)
 
         val plaintext = ByteArray(1024)
-
-        rand.nextBytes(key)
-        rand.nextBytes(iv)
         rand.nextBytes(plaintext)
 
-        val aes = CipherFactory.getInstance(AesEngine.CIPHER_UUID)
+        val aes = EncryptionAlgorithm.AESRijndael.cipherEngine
         val encrypt = aes.getCipher(Cipher.ENCRYPT_MODE, key, iv)
         val decrypt = aes.getCipher(Cipher.DECRYPT_MODE, key, iv)
 
@@ -66,20 +54,20 @@ class CipherTest : TestCase() {
         assertArrayEquals("Encryption and decryption failed", plaintext, decrypttext)
     }
 
-    @Throws(InvalidKeyException::class, NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidAlgorithmParameterException::class, IllegalBlockSizeException::class, BadPaddingException::class, IOException::class)
+    @Test
     fun testCipherStreams() {
-        val MESSAGE_LENGTH = 1024
+        val length = 1024
 
         val key = ByteArray(32)
-        val iv = ByteArray(16)
-
-        val plaintext = ByteArray(MESSAGE_LENGTH)
-
         rand.nextBytes(key)
+
+        val iv = ByteArray(16)
         rand.nextBytes(iv)
+
+        val plaintext = ByteArray(length)
         rand.nextBytes(plaintext)
 
-        val aes = CipherFactory.getInstance(AesEngine.CIPHER_UUID)
+        val aes = EncryptionAlgorithm.AESRijndael.cipherEngine
         val encrypt = aes.getCipher(Cipher.ENCRYPT_MODE, key, iv)
         val decrypt = aes.getCipher(Cipher.DECRYPT_MODE, key, iv)
 
@@ -91,10 +79,9 @@ class CipherTest : TestCase() {
         val secrettext = bos.toByteArray()
 
         val bis = ByteArrayInputStream(secrettext)
-        val cis = BetterCipherInputStream(bis, decrypt)
-        val lis = LittleEndianDataInputStream(cis)
+        val cis = CipherInputStream(bis, decrypt)
 
-        val decrypttext = lis.readBytes(MESSAGE_LENGTH)
+        val decrypttext = cis.readBytesLength(length)
 
         assertArrayEquals("Encryption and decryption failed", plaintext, decrypttext)
     }

app/src/androidTest/java/com/kunzisoft/keepass/tests/stream/BinaryDataTest.kt

@@ -2,10 +2,9 @@ package com.kunzisoft.keepass.tests.stream
 
 import android.content.Context
 import androidx.test.platform.app.InstrumentationRegistry
-import com.kunzisoft.keepass.database.element.Database
-import com.kunzisoft.keepass.database.element.database.BinaryByte
-import com.kunzisoft.keepass.database.element.database.BinaryFile
-import com.kunzisoft.keepass.stream.readAllBytes
+import com.kunzisoft.keepass.utils.readAllBytes
+import com.kunzisoft.keepass.database.element.binary.BinaryCache
+import com.kunzisoft.keepass.database.element.binary.BinaryFile
 import com.kunzisoft.keepass.utils.UriUtil
 import junit.framework.TestCase.assertEquals
 import org.junit.Test
@@ -25,11 +24,11 @@ class BinaryDataTest {
     private val fileB = File(cacheDirectory, TEST_FILE_CACHE_B)
     private val fileC = File(cacheDirectory, TEST_FILE_CACHE_C)
 
-    private val loadedKey = Database.LoadedKey.generateNewCipherKey()
+    private val binaryCache = BinaryCache()
 
     private fun saveBinary(asset: String, binaryData: BinaryFile) {
         context.assets.open(asset).use { assetInputStream ->
-            binaryData.getOutputDataStream(loadedKey).use { binaryOutputStream ->
+            binaryData.getOutputDataStream(binaryCache).use { binaryOutputStream ->
                 assetInputStream.readAllBytes(DEFAULT_BUFFER_SIZE) { buffer ->
                     binaryOutputStream.write(buffer)
                 }
@@ -65,11 +64,11 @@ class BinaryDataTest {
         saveBinary(TEST_TEXT_ASSET, binaryA)
         saveBinary(TEST_TEXT_ASSET, binaryB)
         saveBinary(TEST_TEXT_ASSET, binaryC)
-        binaryA.compress(loadedKey)
-        binaryB.compress(loadedKey)
+        binaryA.compress(binaryCache)
+        binaryB.compress(binaryCache)
         assertEquals("Compress text length failed.", binaryA.getSize(), binaryB.getSize())
         assertEquals("Compress text MD5 failed.", binaryA.binaryHash(), binaryB.binaryHash())
-        binaryB.decompress(loadedKey)
+        binaryB.decompress(binaryCache)
         assertEquals("Decompress text length failed.", binaryB.getSize(), binaryC.getSize())
         assertEquals("Decompress text MD5 failed.", binaryB.binaryHash(), binaryC.binaryHash())
     }
@@ -82,29 +81,46 @@ class BinaryDataTest {
         saveBinary(TEST_IMAGE_ASSET, binaryA)
         saveBinary(TEST_IMAGE_ASSET, binaryB)
         saveBinary(TEST_IMAGE_ASSET, binaryC)
-        binaryA.compress(loadedKey)
-        binaryB.compress(loadedKey)
+        binaryA.compress(binaryCache)
+        binaryB.compress(binaryCache)
         assertEquals("Compress image length failed.", binaryA.getSize(), binaryA.getSize())
         assertEquals("Compress image failed.", binaryA.binaryHash(), binaryA.binaryHash())
         binaryB = BinaryFile(fileB, true)
-        binaryB.decompress(loadedKey)
+        binaryB.decompress(binaryCache)
         assertEquals("Decompress image length failed.", binaryB.getSize(), binaryC.getSize())
         assertEquals("Decompress image failed.", binaryB.binaryHash(), binaryC.binaryHash())
     }
 
     @Test
     fun testCompressBytes() {
+        // Test random byte array
         val byteArray = ByteArray(50)
         Random.nextBytes(byteArray)
-        val binaryA = BinaryByte(byteArray)
-        val binaryB = BinaryByte(byteArray)
-        val binaryC = BinaryByte(byteArray)
-        binaryA.compress(loadedKey)
-        binaryB.compress(loadedKey)
+        testCompressBytes(byteArray)
+
+        // Test empty byte array
+        testCompressBytes(ByteArray(0))
+    }
+
+    private fun testCompressBytes(byteArray: ByteArray) {
+        val binaryA = binaryCache.getBinaryData("0", true)
+        binaryA.getOutputDataStream(binaryCache).use { outputStream ->
+            outputStream.write(byteArray)
+        }
+        val binaryB = binaryCache.getBinaryData("1", true)
+        binaryB.getOutputDataStream(binaryCache).use { outputStream ->
+            outputStream.write(byteArray)
+        }
+        val binaryC = binaryCache.getBinaryData("2", true)
+        binaryC.getOutputDataStream(binaryCache).use { outputStream ->
+            outputStream.write(byteArray)
+        }
+        binaryA.compress(binaryCache)
+        binaryB.compress(binaryCache)
         assertEquals("Compress bytes decompressed failed.", binaryA.isCompressed, true)
         assertEquals("Compress bytes length failed.", binaryA.getSize(), binaryA.getSize())
         assertEquals("Compress bytes failed.", binaryA.binaryHash(), binaryA.binaryHash())
-        binaryB.decompress(loadedKey)
+        binaryB.decompress(binaryCache)
         assertEquals("Decompress bytes decompressed failed.", binaryB.isCompressed, false)
         assertEquals("Decompress bytes length failed.", binaryB.getSize(), binaryC.getSize())
         assertEquals("Decompress bytes failed.", binaryB.binaryHash(), binaryC.binaryHash())
@@ -115,7 +131,7 @@ class BinaryDataTest {
         val binaryA = BinaryFile(fileA)
         saveBinary(TEST_TEXT_ASSET, binaryA)
         assert(streamAreEquals(context.assets.open(TEST_TEXT_ASSET),
-                binaryA.getInputDataStream(loadedKey)))
+                binaryA.getInputDataStream(binaryCache)))
     }
 
     @Test
@@ -123,7 +139,7 @@ class BinaryDataTest {
         val binaryA = BinaryFile(fileA)
         saveBinary(TEST_IMAGE_ASSET, binaryA)
         assert(streamAreEquals(context.assets.open(TEST_IMAGE_ASSET),
-                binaryA.getInputDataStream(loadedKey)))
+                binaryA.getInputDataStream(binaryCache)))
     }
 
     private fun streamAreEquals(inputStreamA: InputStream,

app/src/androidTest/java/com/kunzisoft/keepass/tests/utils/UUIDTest.kt

@@ -0,0 +1,15 @@
+package com.kunzisoft.keepass.tests.utils
+
+import com.kunzisoft.keepass.utils.UuidUtil
+import junit.framework.TestCase
+import java.util.*
+
+class UUIDTest: TestCase() {
+
+    fun testUUID() {
+        val randomUUID = UUID.randomUUID()
+        val hexStringUUID = UuidUtil.toHexString(randomUUID)
+        val retrievedUUID = UuidUtil.fromHexString(hexStringUUID)
+        assertEquals(randomUUID, retrievedUUID)
+    }
+}

app/src/androidTest/java/com/kunzisoft/keepass/tests/utils/ValuesTest.kt

@@ -20,9 +20,7 @@
 package com.kunzisoft.keepass.tests.utils
 
 import com.kunzisoft.keepass.database.element.DateInstant
-import com.kunzisoft.keepass.stream.*
-import com.kunzisoft.keepass.utils.UnsignedInt
-import com.kunzisoft.keepass.utils.UnsignedLong
+import com.kunzisoft.keepass.utils.*
 import junit.framework.TestCase
 import org.junit.Assert.assertArrayEquals
 import java.io.ByteArrayOutputStream
@@ -54,7 +52,7 @@ class ValuesTest : TestCase() {
         val orig = ByteArray(8)
         setArray(orig, value, 8)
 
-        assertArrayEquals(orig, longTo8Bytes(bytes64ToLong(orig)))
+        assertArrayEquals(orig, uLongTo8Bytes(bytes64ToULong(orig)))
     }
 
     fun testReadWriteIntZero() {
@@ -133,7 +131,7 @@ class ValuesTest : TestCase() {
     }
 
     private fun testReadWriteByte(value: Byte) {
-        val dest: Byte = UnsignedInt(UnsignedInt.fromKotlinByte(value)).toKotlinByte()
+        val dest: Byte = UnsignedInt(value.toInt() and 0xFF).toKotlinByte()
         assert(value == dest)
     }
 
@@ -144,13 +142,11 @@ class ValuesTest : TestCase() {
         expected.set(2008, 1, 2, 3, 4, 5)
 
         val actual = Calendar.getInstance()
-        dateTo5Bytes(expected.time, cal)?.let { buf ->
-            actual.time = bytes5ToDate(buf, cal).date
-        }
+        actual.time = DateInstant(bytes5ToDate(dateTo5Bytes(expected.time, cal), cal)).date
 
         val jDate = DateInstant(System.currentTimeMillis())
         val intermediate = DateInstant(jDate)
-        val cDate = bytes5ToDate(dateTo5Bytes(intermediate.date)!!)
+        val cDate = DateInstant(bytes5ToDate(dateTo5Bytes(intermediate.date)))
 
         assertEquals("Year mismatch: ", 2008, actual.get(Calendar.YEAR))
         assertEquals("Month mismatch: ", 1, actual.get(Calendar.MONTH))
@@ -183,12 +179,10 @@ class ValuesTest : TestCase() {
             ulongBytes[i] = -1
         }
 
-        val bos = ByteArrayOutputStream()
-        val leos = LittleEndianDataOutputStream(bos)
-        leos.writeLong(UnsignedLong.MAX_VALUE)
-        leos.close()
-
-        val uLongMax = bos.toByteArray()
+        val byteArrayOutputStream = ByteArrayOutputStream()
+        byteArrayOutputStream.write(UnsignedLong.MAX_BYTES)
+        byteArrayOutputStream.close()
+        val uLongMax = byteArrayOutputStream.toByteArray()
 
         assertArrayEquals(ulongBytes, uLongMax)
     }

app/src/main/java/com/kunzisoft/keepass/activities/EntryActivity.kt

@@ -39,6 +39,7 @@ import androidx.coordinatorlayout.widget.CoordinatorLayout
 import com.google.android.material.appbar.CollapsingToolbarLayout
 import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.activities.helpers.ReadOnlyHelper
+import com.kunzisoft.keepass.activities.helpers.ExternalFileHelper
 import com.kunzisoft.keepass.activities.helpers.SpecialMode
 import com.kunzisoft.keepass.activities.lock.LockingActivity
 import com.kunzisoft.keepass.activities.lock.resetAppTimeoutWhenViewFocusedOrChanged
@@ -93,6 +94,8 @@ class EntryActivity : LockingActivity() {
     private var clipboardHelper: ClipboardHelper? = null
     private var mFirstLaunchOfActivity: Boolean = false
 
+    private var mExternalFileHelper: ExternalFileHelper? = null
+
     private var iconColor: Int = 0
 
     override fun onCreate(savedInstanceState: Bundle?) {
@@ -125,7 +128,7 @@ class EntryActivity : LockingActivity() {
         historyView = findViewById(R.id.history_container)
         entryContentsView = findViewById(R.id.entry_contents)
         entryContentsView?.applyFontVisibilityToFields(PreferencesUtil.fieldFontIsInVisibility(this))
-        entryContentsView?.setAttachmentCipherKey(mDatabase?.loadedCipherKey)
+        entryContentsView?.setAttachmentCipherKey(mDatabase)
         entryProgress = findViewById(R.id.entry_progress)
         lockView = findViewById(R.id.lock_button)
 
@@ -140,6 +143,9 @@ class EntryActivity : LockingActivity() {
         clipboardHelper = ClipboardHelper(this)
         mFirstLaunchOfActivity = savedInstanceState?.getBoolean(KEY_FIRST_LAUNCH_ACTIVITY) ?: true
 
+        // Init SAF manager
+        mExternalFileHelper = ExternalFileHelper(this)
+
         // Init attachment service binder manager
         mAttachmentFileBinderManager = AttachmentFileBinderManager(this)
 
@@ -344,7 +350,7 @@ class EntryActivity : LockingActivity() {
 
         // Manage attachments
         entryContentsView?.assignAttachments(entryInfo.attachments.toSet(), StreamDirection.DOWNLOAD) { attachmentItem ->
-            createDocument(this, attachmentItem.name)?.let { requestCode ->
+            mExternalFileHelper?.createDocument(attachmentItem.name)?.let { requestCode ->
                 mAttachmentsToDownload[requestCode] = attachmentItem
             }
         }
@@ -380,7 +386,7 @@ class EntryActivity : LockingActivity() {
                 }
         }
 
-        onCreateDocumentResult(requestCode, resultCode, data) { createdFileUri ->
+        mExternalFileHelper?.onCreateDocumentResult(requestCode, resultCode, data) { createdFileUri ->
             if (createdFileUri != null) {
                 mAttachmentsToDownload[requestCode]?.let { attachmentToDownload ->
                     mAttachmentFileBinderManager

app/src/main/java/com/kunzisoft/keepass/activities/EntryEditActivity.kt

@@ -45,7 +45,7 @@ import com.kunzisoft.keepass.activities.dialogs.*
 import com.kunzisoft.keepass.activities.dialogs.FileTooBigDialogFragment.Companion.MAX_WARNING_BINARY_FILE
 import com.kunzisoft.keepass.activities.fragments.EntryEditFragment
 import com.kunzisoft.keepass.activities.helpers.EntrySelectionHelper
-import com.kunzisoft.keepass.activities.helpers.SelectFileHelper
+import com.kunzisoft.keepass.activities.helpers.ExternalFileHelper
 import com.kunzisoft.keepass.activities.lock.LockingActivity
 import com.kunzisoft.keepass.activities.lock.resetAppTimeoutWhenViewFocusedOrChanged
 import com.kunzisoft.keepass.autofill.AutofillComponent
@@ -103,7 +103,7 @@ class EntryEditActivity : LockingActivity(),
     private var lockView: View? = null
 
     // To manage attachments
-    private var mSelectFileHelper: SelectFileHelper? = null
+    private var mExternalFileHelper: ExternalFileHelper? = null
     private var mAttachmentFileBinderManager: AttachmentFileBinderManager? = null
     private var mAllowMultipleAttachments: Boolean = false
     private var mTempAttachments = ArrayList<EntryAttachmentState>()
@@ -202,7 +202,7 @@ class EntryEditActivity : LockingActivity(),
         // Build fragment to manage entry modification
         entryEditFragment = supportFragmentManager.findFragmentByTag(ENTRY_EDIT_FRAGMENT_TAG) as? EntryEditFragment?
         if (entryEditFragment == null) {
-            entryEditFragment = EntryEditFragment.getInstance(tempEntryInfo, mDatabase?.loadedCipherKey)
+            entryEditFragment = EntryEditFragment.getInstance(tempEntryInfo)
         }
         supportFragmentManager.beginTransaction()
                 .replace(R.id.entry_edit_contents, entryEditFragment!!, ENTRY_EDIT_FRAGMENT_TAG)
@@ -241,7 +241,7 @@ class EntryEditActivity : LockingActivity(),
         }
 
         // To retrieve attachment
-        mSelectFileHelper = SelectFileHelper(this)
+        mExternalFileHelper = ExternalFileHelper(this)
         mAttachmentFileBinderManager = AttachmentFileBinderManager(this)
 
         // Save button
@@ -458,8 +458,8 @@ class EntryEditActivity : LockingActivity(),
     /**
      * Add a new attachment
      */
-    private fun addNewAttachment(item: MenuItem) {
-        mSelectFileHelper?.selectFileOnClickViewListener?.onMenuItemClick(item)
+    private fun addNewAttachment() {
+        mExternalFileHelper?.openDocument()
     }
 
     override fun onValidateUploadFileTooBig(attachmentToUploadUri: Uri?, fileName: String?) {
@@ -485,7 +485,7 @@ class EntryEditActivity : LockingActivity(),
 
     private fun buildNewAttachment(attachmentToUploadUri: Uri, fileName: String) {
         val compression = mDatabase?.compressionForNewEntry() ?: false
-        mDatabase?.buildNewBinaryAttachment(UriUtil.getBinaryDir(this), compression)?.let { binaryAttachment ->
+        mDatabase?.buildNewBinaryAttachment(compression)?.let { binaryAttachment ->
             val entryAttachment = Attachment(fileName, binaryAttachment)
             // Ask to replace the current attachment
             if ((mDatabase?.allowMultipleAttachments != true && entryEditFragment?.containsAttachment() == true) ||
@@ -505,7 +505,7 @@ class EntryEditActivity : LockingActivity(),
             entryEditFragment?.icon = icon
         }
 
-        mSelectFileHelper?.onActivityResultCallback(requestCode, resultCode, data) { uri ->
+        mExternalFileHelper?.onOpenDocumentResult(requestCode, resultCode, data) { uri ->
             uri?.let { attachmentToUploadUri ->
                 UriUtil.getFileData(this, attachmentToUploadUri)?.also { documentFile ->
                     documentFile.name?.let { fileName ->
@@ -655,7 +655,7 @@ class EntryEditActivity : LockingActivity(),
                         && entryEditActivityEducation.checkAndPerformedAttachmentEducation(
                         attachmentView,
                         {
-                            mSelectFileHelper?.selectFileOnClickViewListener?.onClick(attachmentView)
+                            mExternalFileHelper?.openDocument()
                         },
                         {
                             performedNextEducation(entryEditActivityEducation)
@@ -683,7 +683,7 @@ class EntryEditActivity : LockingActivity(),
                 return true
             }
             R.id.menu_add_attachment -> {
-                addNewAttachment(item)
+                addNewAttachment()
                 return true
             }
             R.id.menu_add_otp -> {

app/src/main/java/com/kunzisoft/keepass/activities/FileDatabaseSelectActivity.kt

@@ -42,8 +42,9 @@ import com.google.android.material.snackbar.Snackbar
 import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.activities.dialogs.AssignMasterKeyDialogFragment
 import com.kunzisoft.keepass.activities.helpers.EntrySelectionHelper
-import com.kunzisoft.keepass.activities.helpers.SelectFileHelper
+import com.kunzisoft.keepass.activities.helpers.ExternalFileHelper
 import com.kunzisoft.keepass.activities.helpers.SpecialMode
+import com.kunzisoft.keepass.activities.helpers.setOpenDocumentClickListener
 import com.kunzisoft.keepass.activities.selection.SpecialModeActivity
 import com.kunzisoft.keepass.adapters.FileDatabaseHistoryAdapter
 import com.kunzisoft.keepass.app.database.FileDatabaseHistoryAction
@@ -82,7 +83,7 @@ class FileDatabaseSelectActivity : SpecialModeActivity(),
 
     private var mDatabaseFileUri: Uri? = null
 
-    private var mSelectFileHelper: SelectFileHelper? = null
+    private var mExternalFileHelper: ExternalFileHelper? = null
 
     private var mProgressDatabaseTaskProvider: ProgressDatabaseTaskProvider? = null
 
@@ -103,14 +104,9 @@ class FileDatabaseSelectActivity : SpecialModeActivity(),
         createDatabaseButtonView?.setOnClickListener { createNewFile() }
 
         // Open database button
-        mSelectFileHelper = SelectFileHelper(this)
+        mExternalFileHelper = ExternalFileHelper(this)
         openDatabaseButtonView = findViewById(R.id.open_keyfile_button)
-        openDatabaseButtonView?.apply {
-            mSelectFileHelper?.selectFileOnClickViewListener?.let {
-                setOnClickListener(it)
-                setOnLongClickListener(it)
-            }
-        }
+        openDatabaseButtonView?.setOpenDocumentClickListener(mExternalFileHelper)
 
         // History list
         val fileDatabaseHistoryRecyclerView = findViewById<RecyclerView>(R.id.file_list)
@@ -162,29 +158,31 @@ class FileDatabaseSelectActivity : SpecialModeActivity(),
 
         // Observe list of databases
         databaseFilesViewModel.databaseFilesLoaded.observe(this) { databaseFiles ->
-            when (databaseFiles.databaseFileAction) {
-                DatabaseFilesViewModel.DatabaseFileAction.NONE -> {
-                    mAdapterDatabaseHistory?.replaceAllDatabaseFileHistoryList(databaseFiles.databaseFileList)
-                }
-                DatabaseFilesViewModel.DatabaseFileAction.ADD -> {
-                    databaseFiles.databaseFileToActivate?.let { databaseFileToAdd ->
-                        mAdapterDatabaseHistory?.addDatabaseFileHistory(databaseFileToAdd)
+            try {
+                when (databaseFiles.databaseFileAction) {
+                    DatabaseFilesViewModel.DatabaseFileAction.NONE -> {
+                        mAdapterDatabaseHistory?.replaceAllDatabaseFileHistoryList(databaseFiles.databaseFileList)
                     }
-                    GroupActivity.launch(this@FileDatabaseSelectActivity,
-                            PreferencesUtil.enableReadOnlyDatabase(this@FileDatabaseSelectActivity))
-                }
-                DatabaseFilesViewModel.DatabaseFileAction.UPDATE -> {
-                    databaseFiles.databaseFileToActivate?.let { databaseFileToUpdate ->
-                        mAdapterDatabaseHistory?.updateDatabaseFileHistory(databaseFileToUpdate)
-                    }
-                }
-                DatabaseFilesViewModel.DatabaseFileAction.DELETE -> {
-                    databaseFiles.databaseFileToActivate?.let { databaseFileToDelete ->
-                        mAdapterDatabaseHistory?.deleteDatabaseFileHistory(databaseFileToDelete)
+                    DatabaseFilesViewModel.DatabaseFileAction.ADD -> {
+                        databaseFiles.databaseFileToActivate?.let { databaseFileToAdd ->
+                            mAdapterDatabaseHistory?.addDatabaseFileHistory(databaseFileToAdd)
+                        }
+                    }
+                    DatabaseFilesViewModel.DatabaseFileAction.UPDATE -> {
+                        databaseFiles.databaseFileToActivate?.let { databaseFileToUpdate ->
+                            mAdapterDatabaseHistory?.updateDatabaseFileHistory(databaseFileToUpdate)
+                        }
+                    }
+                    DatabaseFilesViewModel.DatabaseFileAction.DELETE -> {
+                        databaseFiles.databaseFileToActivate?.let { databaseFileToDelete ->
+                            mAdapterDatabaseHistory?.deleteDatabaseFileHistory(databaseFileToDelete)
+                        }
                     }
                 }
+                databaseFilesViewModel.consumeAction()
+            } catch (e: Exception) {
+                Log.e(TAG, "Unable to observe database action", e)
             }
-            databaseFilesViewModel.consumeAction()
         }
 
         // Observe default database
@@ -202,6 +200,8 @@ class FileDatabaseSelectActivity : SpecialModeActivity(),
                             val mainCredential = result.data?.getParcelable(DatabaseTaskNotificationService.MAIN_CREDENTIAL_KEY) ?: MainCredential()
                             databaseFilesViewModel.addDatabaseFile(databaseUri, mainCredential.keyFileUri)
                         }
+                        GroupActivity.launch(this@FileDatabaseSelectActivity,
+                                PreferencesUtil.enableReadOnlyDatabase(this@FileDatabaseSelectActivity))
                     }
                     ACTION_DATABASE_LOAD_TASK -> {
                         val database = Database.getInstance()
@@ -230,7 +230,7 @@ class FileDatabaseSelectActivity : SpecialModeActivity(),
      * Create a new file by calling the content provider
      */
     private fun createNewFile() {
-        createDocument(this, getString(R.string.database_file_name_default) +
+        mExternalFileHelper?.createDocument( getString(R.string.database_file_name_default) +
                 getString(R.string.database_file_extension_default), "application/x-keepass")
     }
 
@@ -282,7 +282,7 @@ class FileDatabaseSelectActivity : SpecialModeActivity(),
         // Show open and create button or special mode
         when (mSpecialMode) {
             SpecialMode.DEFAULT -> {
-                if (allowCreateDocumentByStorageAccessFramework(packageManager)) {
+                if (ExternalFileHelper.allowCreateDocumentByStorageAccessFramework(packageManager)) {
                     // There is an activity which can handle this intent.
                     createDatabaseButtonView?.visibility = View.VISIBLE
                 } else{
@@ -355,14 +355,14 @@ class FileDatabaseSelectActivity : SpecialModeActivity(),
             AutofillHelper.onActivityResultSetResultAndFinish(this, requestCode, resultCode, data)
         }
 
-        mSelectFileHelper?.onActivityResultCallback(requestCode, resultCode, data) { uri ->
+        mExternalFileHelper?.onOpenDocumentResult(requestCode, resultCode, data) { uri ->
             if (uri != null) {
                 launchPasswordActivityWithPath(uri)
             }
         }
 
         // Retrieve the created URI from the file manager
-        onCreateDocumentResult(requestCode, resultCode, data) { databaseFileCreatedUri ->
+        mExternalFileHelper?.onCreateDocumentResult(requestCode, resultCode, data) { databaseFileCreatedUri ->
             mDatabaseFileUri = databaseFileCreatedUri
             if (mDatabaseFileUri != null) {
                 AssignMasterKeyDialogFragment.getInstance(true)
@@ -390,9 +390,10 @@ class FileDatabaseSelectActivity : SpecialModeActivity(),
     private fun performedNextEducation(fileDatabaseSelectActivityEducation: FileDatabaseSelectActivityEducation) {
         // If no recent files
         val createDatabaseEducationPerformed =
-                createDatabaseButtonView != null && createDatabaseButtonView!!.visibility == View.VISIBLE
+                createDatabaseButtonView != null
+                && createDatabaseButtonView!!.visibility == View.VISIBLE
                 && mAdapterDatabaseHistory != null
-                && mAdapterDatabaseHistory!!.itemCount > 0
+                && mAdapterDatabaseHistory!!.itemCount == 0
                 && fileDatabaseSelectActivityEducation.checkAndPerformedCreateDatabaseEducation(
                         createDatabaseButtonView!!,
                 {
@@ -407,9 +408,9 @@ class FileDatabaseSelectActivity : SpecialModeActivity(),
             openDatabaseButtonView != null
                     && fileDatabaseSelectActivityEducation.checkAndPerformedSelectDatabaseEducation(
                     openDatabaseButtonView!!,
-                    {tapTargetView ->
+                    { tapTargetView ->
                         tapTargetView?.let {
-                            mSelectFileHelper?.selectFileOnClickViewListener?.onClick(it)
+                            mExternalFileHelper?.openDocument()
                         }
                     },
                     {}

app/src/main/java/com/kunzisoft/keepass/activities/GroupActivity.kt

@@ -382,6 +382,7 @@ class GroupActivity : LockingActivity(),
             Log.d(TAG, "setNewIntent: $intentNotNull")
             setIntent(intentNotNull)
             if (Intent.ACTION_SEARCH == intentNotNull.action) {
+                finishNodeAction()
                 // only one instance of search in backstack
                 deletePreviousSearchGroup()
                 openGroup(retrieveCurrentGroup(intentNotNull, null), true)
@@ -812,74 +813,75 @@ class GroupActivity : LockingActivity(),
 
     override fun onPasteMenuClick(pasteMode: ListNodesFragment.PasteMode?,
                                   nodes: List<Node>): Boolean {
-        // Move or copy only if allowed (in root if allowed)
-        if (mCurrentGroup != mDatabase?.rootGroup
-                || mDatabase?.rootCanContainsEntry() == true) {
-
-            when (pasteMode) {
-                ListNodesFragment.PasteMode.PASTE_FROM_COPY -> {
-                    // Copy
-                    mCurrentGroup?.let { newParent ->
-                        mProgressDatabaseTaskProvider?.startDatabaseCopyNodes(
-                                nodes,
-                                newParent,
-                                !mReadOnly && mAutoSaveEnable
-                        )
-                    }
-                }
-                ListNodesFragment.PasteMode.PASTE_FROM_MOVE -> {
-                    // Move
-                    mCurrentGroup?.let { newParent ->
-                        mProgressDatabaseTaskProvider?.startDatabaseMoveNodes(
-                                nodes,
-                                newParent,
-                                !mReadOnly && mAutoSaveEnable
-                        )
-                    }
-                }
-                else -> {
+        when (pasteMode) {
+            ListNodesFragment.PasteMode.PASTE_FROM_COPY -> {
+                // Copy
+                mCurrentGroup?.let { newParent ->
+                    mProgressDatabaseTaskProvider?.startDatabaseCopyNodes(
+                            nodes,
+                            newParent,
+                            !mReadOnly && mAutoSaveEnable
+                    )
                 }
             }
-        } else {
-            coordinatorLayout?.let { coordinatorLayout ->
-                Snackbar.make(coordinatorLayout,
-                        R.string.error_copy_entry_here,
-                        Snackbar.LENGTH_LONG).asError().show()
+            ListNodesFragment.PasteMode.PASTE_FROM_MOVE -> {
+                // Move
+                mCurrentGroup?.let { newParent ->
+                    mProgressDatabaseTaskProvider?.startDatabaseMoveNodes(
+                            nodes,
+                            newParent,
+                            !mReadOnly && mAutoSaveEnable
+                    )
+                }
             }
+            else -> {}
         }
         finishNodeAction()
         return true
     }
 
+    private fun eachNodeRecyclable(nodes: List<Node>): Boolean {
+        mDatabase?.let { database ->
+            return nodes.find { node ->
+                var cannotRecycle = true
+                if (node is Entry) {
+                    cannotRecycle = !database.canRecycle(node)
+                } else if (node is Group) {
+                    cannotRecycle = !database.canRecycle(node)
+                }
+                cannotRecycle
+            } == null
+        }
+        return false
+    }
+
     private fun deleteNodes(nodes: List<Node>, recycleBin: Boolean = false): Boolean {
-        val database = mDatabase
+        mDatabase?.let { database ->
 
-        // If recycle bin enabled, ensure it exists
-        if (database != null && database.isRecycleBinEnabled) {
-            database.ensureRecycleBinExists(resources)
-        }
-
-        // If recycle bin enabled and not in recycle bin, move in recycle bin
-        if (database != null
-                && database.isRecycleBinEnabled
-                && database.recycleBin != mCurrentGroup) {
-
-            mProgressDatabaseTaskProvider?.startDatabaseDeleteNodes(
-                    nodes,
-                    !mReadOnly && mAutoSaveEnable
-            )
-        }
-        // else open the dialog to confirm deletion
-        else {
-            val deleteNodesDialogFragment: DeleteNodesDialogFragment =
-            if (recycleBin) {
-                EmptyRecycleBinDialogFragment.getInstance(nodes)
-            } else {
-                DeleteNodesDialogFragment.getInstance(nodes)
+            // If recycle bin enabled, ensure it exists
+            if (database.isRecycleBinEnabled) {
+                database.ensureRecycleBinExists(resources)
             }
-            deleteNodesDialogFragment.show(supportFragmentManager, "deleteNodesDialogFragment")
+
+            // If recycle bin enabled and not in recycle bin, move in recycle bin
+            if (eachNodeRecyclable(nodes)) {
+                mProgressDatabaseTaskProvider?.startDatabaseDeleteNodes(
+                        nodes,
+                        !mReadOnly && mAutoSaveEnable
+                )
+            }
+            // else open the dialog to confirm deletion
+            else {
+                val deleteNodesDialogFragment: DeleteNodesDialogFragment =
+                        if (recycleBin) {
+                            EmptyRecycleBinDialogFragment.getInstance(nodes)
+                        } else {
+                            DeleteNodesDialogFragment.getInstance(nodes)
+                        }
+                deleteNodesDialogFragment.show(supportFragmentManager, "deleteNodesDialogFragment")
+            }
+            finishNodeAction()
         }
-        finishNodeAction()
         return true
     }
 
@@ -1076,6 +1078,16 @@ class GroupActivity : LockingActivity(),
         }
     }
 
+    override fun isValidGroupName(name: String): GroupEditDialogFragment.Error {
+        if (name.isEmpty()) {
+            return GroupEditDialogFragment.Error(true, R.string.error_no_name)
+        }
+        if (mDatabase?.groupNamesNotAllowed?.find { it.equals(name, ignoreCase = true) } != null) {
+            return GroupEditDialogFragment.Error(true, R.string.error_word_reserved)
+        }
+        return GroupEditDialogFragment.Error(false, null)
+    }
+
     override fun approveEditGroup(action: GroupEditDialogFragment.EditGroupDialogAction,
                                   groupInfo: GroupInfo) {
 

app/src/main/java/com/kunzisoft/keepass/activities/IconPickerActivity.kt

@@ -34,7 +34,8 @@ import androidx.fragment.app.commit
 import com.google.android.material.snackbar.Snackbar
 import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.activities.fragments.IconPickerFragment
-import com.kunzisoft.keepass.activities.helpers.SelectFileHelper
+import com.kunzisoft.keepass.activities.helpers.ExternalFileHelper
+import com.kunzisoft.keepass.activities.helpers.setOpenDocumentClickListener
 import com.kunzisoft.keepass.activities.lock.LockingActivity
 import com.kunzisoft.keepass.activities.lock.resetAppTimeoutWhenViewFocusedOrChanged
 import com.kunzisoft.keepass.database.element.Database
@@ -66,7 +67,7 @@ class IconPickerActivity : LockingActivity() {
 
     private var mDatabase: Database? = null
 
-    private var mSelectFileHelper: SelectFileHelper? = null
+    private var mExternalFileHelper: ExternalFileHelper? = null
 
     override fun onCreate(savedInstanceState: Bundle?) {
         super.onCreate(savedInstanceState)
@@ -84,15 +85,11 @@ class IconPickerActivity : LockingActivity() {
 
         coordinatorLayout = findViewById(R.id.icon_picker_coordinator)
 
+        mExternalFileHelper = ExternalFileHelper(this)
+
         uploadButton = findViewById(R.id.icon_picker_upload)
         if (mDatabase?.allowCustomIcons == true) {
-            uploadButton.setOnClickListener {
-                mSelectFileHelper?.selectFileOnClickViewListener?.onClick(it)
-            }
-            uploadButton.setOnLongClickListener {
-                mSelectFileHelper?.selectFileOnClickViewListener?.onLongClick(it)
-                true
-            }
+            uploadButton.setOpenDocumentClickListener(mExternalFileHelper)
         } else {
             uploadButton.visibility = View.GONE
         }
@@ -124,8 +121,6 @@ class IconPickerActivity : LockingActivity() {
         // Focus view to reinitialize timeout
         findViewById<ViewGroup>(R.id.icon_picker_container)?.resetAppTimeoutWhenViewFocusedOrChanged(this)
 
-        mSelectFileHelper = SelectFileHelper(this)
-
         iconPickerViewModel.standardIconPicked.observe(this) { iconStandard ->
             mIconImage.standard = iconStandard
             // Remove the custom icon if a standard one is selected
@@ -229,21 +224,26 @@ class IconPickerActivity : LockingActivity() {
                         if (documentFile.length() > MAX_ICON_SIZE) {
                             iconCustomState.errorStringId = R.string.error_file_to_big
                         } else {
-                            mDatabase?.buildNewCustomIcon(UriUtil.getBinaryDir(this@IconPickerActivity)) { customIcon, binary ->
+                            mDatabase?.buildNewCustomIcon { customIcon, binary ->
                                 if (customIcon != null) {
                                     iconCustomState.iconCustom = customIcon
-                                    BinaryDatabaseManager.resizeBitmapAndStoreDataInBinaryFile(contentResolver,
-                                            iconToUploadUri, binary)
-                                    when {
-                                        binary == null -> {
-                                        }
-                                        binary.getSize() <= 0 -> {
-                                        }
-                                        mDatabase?.isCustomIconBinaryDuplicate(binary) == true -> {
-                                            iconCustomState.errorStringId = R.string.error_duplicate_file
-                                        }
-                                        else -> {
-                                            iconCustomState.error = false
+                                    mDatabase?.let { database ->
+                                        BinaryDatabaseManager.resizeBitmapAndStoreDataInBinaryFile(
+                                                contentResolver,
+                                                database,
+                                                iconToUploadUri,
+                                                binary)
+                                        when {
+                                            binary == null -> {
+                                            }
+                                            binary.getSize() <= 0 -> {
+                                            }
+                                            database.isCustomIconBinaryDuplicate(binary) -> {
+                                                iconCustomState.errorStringId = R.string.error_duplicate_file
+                                            }
+                                            else -> {
+                                                iconCustomState.error = false
+                                            }
                                         }
                                     }
                                     if (iconCustomState.error) {
@@ -276,7 +276,7 @@ class IconPickerActivity : LockingActivity() {
     override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?) {
         super.onActivityResult(requestCode, resultCode, data)
 
-        mSelectFileHelper?.onActivityResultCallback(requestCode, resultCode, data) { uri ->
+        mExternalFileHelper?.onOpenDocumentResult(requestCode, resultCode, data) { uri ->
             addCustomIcon(uri)
         }
     }

app/src/main/java/com/kunzisoft/keepass/activities/ImageViewerActivity.kt

@@ -39,6 +39,8 @@ import kotlin.math.max
 
 class ImageViewerActivity : LockingActivity() {
 
+    private var mDatabase: Database? = null
+
     override fun onCreate(savedInstanceState: Bundle?) {
         super.onCreate(savedInstanceState)
 
@@ -59,23 +61,29 @@ class ImageViewerActivity : LockingActivity() {
                 resources.displayMetrics.heightPixels * 2
         )
 
+        mDatabase = Database.getInstance()
+
         try {
             progressView.visibility = View.VISIBLE
             intent.getParcelableExtra<Attachment>(IMAGE_ATTACHMENT_TAG)?.let { attachment ->
 
                 supportActionBar?.title = attachment.name
-                supportActionBar?.subtitle = Formatter.formatFileSize(this, attachment.binaryData.getSize())
 
-                BinaryDatabaseManager.loadBitmap(
-                        attachment.binaryData,
-                        Database.getInstance().loadedCipherKey,
-                        mImagePreviewMaxWidth
-                ) { bitmapLoaded ->
-                    if (bitmapLoaded == null) {
-                        finish()
-                    } else {
-                        progressView.visibility = View.GONE
-                        imageView.setImageBitmap(bitmapLoaded)
+                val size = attachment.binaryData.getSize()
+                supportActionBar?.subtitle = Formatter.formatFileSize(this, size)
+
+                mDatabase?.let { database ->
+                    BinaryDatabaseManager.loadBitmap(
+                            database,
+                            attachment.binaryData,
+                            mImagePreviewMaxWidth
+                    ) { bitmapLoaded ->
+                        if (bitmapLoaded == null) {
+                            finish()
+                        } else {
+                            progressView.visibility = View.GONE
+                            imageView.setImageBitmap(bitmapLoaded)
+                        }
                     }
                 }
             } ?: finish()

app/src/main/java/com/kunzisoft/keepass/activities/PasswordActivity.kt

@@ -42,10 +42,7 @@ import androidx.fragment.app.commit
 import com.google.android.material.snackbar.Snackbar
 import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.activities.dialogs.DuplicateUuidDialog
-import com.kunzisoft.keepass.activities.helpers.EntrySelectionHelper
-import com.kunzisoft.keepass.activities.helpers.ReadOnlyHelper
-import com.kunzisoft.keepass.activities.helpers.SelectFileHelper
-import com.kunzisoft.keepass.activities.helpers.SpecialMode
+import com.kunzisoft.keepass.activities.helpers.*
 import com.kunzisoft.keepass.activities.lock.LockingActivity
 import com.kunzisoft.keepass.activities.selection.SpecialModeActivity
 import com.kunzisoft.keepass.app.database.CipherDatabaseEntity
@@ -95,7 +92,7 @@ open class PasswordActivity : SpecialModeActivity(), AdvancedUnlockFragment.Buil
     private var mDatabaseKeyFileUri: Uri? = null
 
     private var mRememberKeyFile: Boolean = false
-    private var mSelectFileHelper: SelectFileHelper? = null
+    private var mExternalFileHelper: ExternalFileHelper? = null
 
     private var mPermissionAsked = false
     private var readOnly: Boolean = false
@@ -138,13 +135,8 @@ open class PasswordActivity : SpecialModeActivity(), AdvancedUnlockFragment.Buil
         readOnly = ReadOnlyHelper.retrieveReadOnlyFromInstanceStateOrPreference(this, savedInstanceState)
         mRememberKeyFile = PreferencesUtil.rememberKeyFileLocations(this)
 
-        mSelectFileHelper = SelectFileHelper(this@PasswordActivity)
-        keyFileSelectionView?.apply {
-            mSelectFileHelper?.selectFileOnClickViewListener?.let {
-                setOnClickListener(it)
-                setOnLongClickListener(it)
-            }
-        }
+        mExternalFileHelper = ExternalFileHelper(this@PasswordActivity)
+        keyFileSelectionView?.setOpenDocumentClickListener(mExternalFileHelper)
 
         passwordView?.setOnEditorActionListener(onEditorActionListener)
         passwordView?.addTextChangedListener(object : TextWatcher {
@@ -470,6 +462,11 @@ open class PasswordActivity : SpecialModeActivity(), AdvancedUnlockFragment.Buil
     override fun onPause() {
         mProgressDatabaseTaskProvider?.unregisterProgressTask()
 
+        // To prevent biometric prompt to appearing outside of the app
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
+            advancedUnlockFragment?.disconnect(hideViews = false, closePrompt = true)
+        }
+
         // Reinit locking activity UI variable
         LockingActivity.LOCKING_ACTIVITY_UI_VISIBLE_DURING_LOCK = null
         mAllowAutoOpenBiometricPrompt = true
@@ -702,8 +699,8 @@ open class PasswordActivity : SpecialModeActivity(), AdvancedUnlockFragment.Buil
         }
 
         var keyFileResult = false
-        mSelectFileHelper?.let {
-            keyFileResult = it.onActivityResultCallback(requestCode, resultCode, data
+        mExternalFileHelper?.let {
+            keyFileResult = it.onOpenDocumentResult(requestCode, resultCode, data
             ) { uri ->
                 if (uri != null) {
                     mDatabaseKeyFileUri = uri
@@ -716,7 +713,7 @@ open class PasswordActivity : SpecialModeActivity(), AdvancedUnlockFragment.Buil
             when (resultCode) {
                 LockingActivity.RESULT_EXIT_LOCK -> {
                     clearCredentialsViews()
-                    Database.getInstance().clearAndClose(UriUtil.getBinaryDir(this))
+                    Database.getInstance().clearAndClose(this)
                 }
                 Activity.RESULT_CANCELED -> {
                     clearCredentialsViews()

app/src/main/java/com/kunzisoft/keepass/activities/dialogs/AssignMasterKeyDialogFragment.kt

@@ -30,13 +30,13 @@ import android.text.SpannableStringBuilder
 import android.text.TextWatcher
 import android.view.View
 import android.widget.CompoundButton
-import android.widget.ImageView
 import android.widget.TextView
 import androidx.appcompat.app.AlertDialog
 import androidx.fragment.app.DialogFragment
 import com.google.android.material.textfield.TextInputLayout
 import com.kunzisoft.keepass.R
-import com.kunzisoft.keepass.activities.helpers.SelectFileHelper
+import com.kunzisoft.keepass.activities.helpers.ExternalFileHelper
+import com.kunzisoft.keepass.activities.helpers.setOpenDocumentClickListener
 import com.kunzisoft.keepass.model.MainCredential
 import com.kunzisoft.keepass.utils.UriUtil
 import com.kunzisoft.keepass.view.KeyFileSelectionView
@@ -60,7 +60,7 @@ class AssignMasterKeyDialogFragment : DialogFragment() {
 
     private var mListener: AssignPasswordDialogListener? = null
 
-    private var mSelectFileHelper: SelectFileHelper? = null
+    private var mExternalFileHelper: ExternalFileHelper? = null
 
     private var mEmptyPasswordConfirmationDialog: AlertDialog? = null
     private var mNoKeyConfirmationDialog: AlertDialog? = null
@@ -133,11 +133,8 @@ class AssignMasterKeyDialogFragment : DialogFragment() {
             keyFileCheckBox = rootView?.findViewById(R.id.keyfile_checkox)
             keyFileSelectionView = rootView?.findViewById(R.id.keyfile_selection)
 
-            mSelectFileHelper = SelectFileHelper(this)
-            keyFileSelectionView?.apply {
-                setOnClickListener(mSelectFileHelper?.selectFileOnClickViewListener)
-                setOnLongClickListener(mSelectFileHelper?.selectFileOnClickViewListener)
-            }
+            mExternalFileHelper = ExternalFileHelper(this)
+            keyFileSelectionView?.setOpenDocumentClickListener(mExternalFileHelper)
 
             val dialog = builder.create()
 
@@ -289,7 +286,7 @@ class AssignMasterKeyDialogFragment : DialogFragment() {
     override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?) {
         super.onActivityResult(requestCode, resultCode, data)
 
-        mSelectFileHelper?.onActivityResultCallback(requestCode, resultCode, data) { uri ->
+        mExternalFileHelper?.onOpenDocumentResult(requestCode, resultCode, data) { uri ->
             uri?.let { pathUri ->
                 UriUtil.getFileData(requireContext(), uri)?.length()?.let { lengthFile ->
                     keyFileSelectionView?.error = null

app/src/main/java/com/kunzisoft/keepass/activities/dialogs/GroupEditDialogFragment.kt

@@ -219,14 +219,19 @@ class GroupEditDialogFragment : DialogFragment() {
     }
 
     private fun isValid(): Boolean {
-        if (nameTextView.text.toString().isEmpty()) {
-            nameTextLayoutView.error = getString(R.string.error_no_name)
-            return false
+        val error = mEditGroupListener?.isValidGroupName(nameTextView.text.toString()) ?: Error(false, null)
+        error.messageId?.let { messageId ->
+            nameTextLayoutView.error = getString(messageId)
+        } ?: kotlin.run {
+            nameTextLayoutView.error = null
         }
-        return true
+        return !error.isError
     }
 
+    data class Error(val isError: Boolean, val messageId: Int?)
+
     interface EditGroupListener {
+        fun isValidGroupName(name: String): Error
         fun approveEditGroup(action: EditGroupDialogAction,
                              groupInfo: GroupInfo)
         fun cancelEditGroup(action: EditGroupDialogAction,

app/src/main/java/com/kunzisoft/keepass/activities/fragments/EntryEditFragment.kt

@@ -84,7 +84,6 @@ class EntryEditFragment: StylishFragment() {
 
     // Elements to modify the current entry
     private var mEntryInfo = EntryInfo()
-    private var mBinaryCipherKey: Database.LoadedKey? = null
     private var mLastFocusedEditField: FocusedEditField? = null
     private var mExtraViewToRequestFocus: EditText? = null
 
@@ -122,7 +121,9 @@ class EntryEditFragment: StylishFragment() {
         attachmentsContainerView = rootView.findViewById(R.id.entry_attachments_container)
         attachmentsListView = rootView.findViewById(R.id.entry_attachments_list)
         attachmentsAdapter = EntryAttachmentsItemsAdapter(requireContext())
-        attachmentsAdapter.binaryCipherKey = arguments?.getSerializable(KEY_BINARY_CIPHER_KEY) as? Database.LoadedKey?
+        // TODO retrieve current database with its unique key
+        attachmentsAdapter.database = Database.getInstance()
+        //attachmentsAdapter.database = arguments?.getInt(KEY_DATABASE)
         attachmentsAdapter.onListSizeChangedListener = { previousSize, newSize ->
             if (previousSize > 0 && newSize == 0) {
                 attachmentsContainerView.collapse(true)
@@ -502,7 +503,6 @@ class EntryEditFragment: StylishFragment() {
     override fun onSaveInstanceState(outState: Bundle) {
         populateEntryWithViews()
         outState.putParcelable(KEY_TEMP_ENTRY_INFO, mEntryInfo)
-        outState.putSerializable(KEY_BINARY_CIPHER_KEY, mBinaryCipherKey)
         outState.putParcelable(KEY_LAST_FOCUSED_FIELD, mLastFocusedEditField)
 
         super.onSaveInstanceState(outState)
@@ -510,15 +510,16 @@ class EntryEditFragment: StylishFragment() {
 
     companion object {
         const val KEY_TEMP_ENTRY_INFO = "KEY_TEMP_ENTRY_INFO"
-        const val KEY_BINARY_CIPHER_KEY = "KEY_BINARY_CIPHER_KEY"
+        const val KEY_DATABASE = "KEY_DATABASE"
         const val KEY_LAST_FOCUSED_FIELD = "KEY_LAST_FOCUSED_FIELD"
 
-        fun getInstance(entryInfo: EntryInfo?,
-                        loadedKey: Database.LoadedKey?): EntryEditFragment {
+        fun getInstance(entryInfo: EntryInfo?): EntryEditFragment {
+                        //database: Database?): EntryEditFragment {
             return EntryEditFragment().apply {
                 arguments = Bundle().apply {
                     putParcelable(KEY_TEMP_ENTRY_INFO, entryInfo)
-                    putSerializable(KEY_BINARY_CIPHER_KEY, loadedKey)
+                    // TODO Unique database key database.key
+                    putInt(KEY_DATABASE, 0)
                 }
             }
         }

app/src/main/java/com/kunzisoft/keepass/activities/fragments/ListNodesFragment.kt

@@ -311,13 +311,17 @@ class ListNodesFragment : StylishFragment(), SortDialogFragment.SortSelectionLis
                         menu?.removeItem(R.id.menu_edit)
                     }
 
-                    // Copy and Move (not for groups)
+                    // Move
+                    if (readOnly
+                            || isASearchResult) {
+                        menu?.removeItem(R.id.menu_move)
+                    }
+
+                    // Copy (not allowed for group)
                     if (readOnly
                             || isASearchResult
                             || nodes.any { it.type == Type.GROUP }) {
-                        // TODO Copy For Group
                         menu?.removeItem(R.id.menu_copy)
-                        menu?.removeItem(R.id.menu_move)
                     }
 
                     // Deletion

app/src/main/java/com/kunzisoft/keepass/activities/helpers/ExternalFileHelper.kt

@@ -0,0 +1,254 @@
+/*
+ * Copyright 2019 Jeremy Jamet / Kunzisoft.
+ *
+ * This file is part of KeePassDX.
+ *
+ *  KeePassDX is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  KeePassDX is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+package com.kunzisoft.keepass.activities.helpers
+
+import android.annotation.SuppressLint
+import android.app.Activity.RESULT_OK
+import android.content.Intent
+import android.content.pm.PackageManager
+import android.net.Uri
+import android.os.Build
+import android.util.Log
+import android.view.View
+import androidx.annotation.RequiresApi
+import androidx.fragment.app.Fragment
+import androidx.fragment.app.FragmentActivity
+import com.kunzisoft.keepass.activities.dialogs.FileManagerDialogFragment
+import com.kunzisoft.keepass.utils.UriUtil
+
+class ExternalFileHelper {
+
+    private var activity: FragmentActivity? = null
+    private var fragment: Fragment? = null
+
+    constructor(context: FragmentActivity) {
+        this.activity = context
+        this.fragment = null
+    }
+
+    constructor(context: Fragment) {
+        this.activity = context.activity
+        this.fragment = context
+    }
+
+    fun openDocument(getContent: Boolean = false,
+                     typeString: String = "*/*") {
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
+            try {
+                if (getContent) {
+                    openActivityWithActionGetContent(typeString)
+                } else {
+                    openActivityWithActionOpenDocument(typeString)
+                }
+            } catch (e: Exception) {
+                Log.e(TAG, "Unable to open document", e)
+                showFileManagerDialogFragment()
+            }
+        } else {
+            showFileManagerDialogFragment()
+        }
+    }
+
+    @RequiresApi(Build.VERSION_CODES.KITKAT)
+    private fun openActivityWithActionOpenDocument(typeString: String) {
+        val intentOpenDocument = Intent(Intent.ACTION_OPEN_DOCUMENT).apply {
+            addCategory(Intent.CATEGORY_OPENABLE)
+            type = typeString
+            addFlags(Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION)
+            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
+                addFlags(Intent.FLAG_GRANT_PREFIX_URI_PERMISSION)
+            }
+            addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION)
+            addFlags(Intent.FLAG_GRANT_WRITE_URI_PERMISSION)
+        }
+        if (fragment != null)
+            fragment?.startActivityForResult(intentOpenDocument, OPEN_DOC)
+        else
+            activity?.startActivityForResult(intentOpenDocument, OPEN_DOC)
+    }
+
+    @RequiresApi(Build.VERSION_CODES.KITKAT)
+    private fun openActivityWithActionGetContent(typeString: String) {
+        val intentGetContent = Intent(Intent.ACTION_GET_CONTENT).apply {
+            addCategory(Intent.CATEGORY_OPENABLE)
+            type = typeString
+            addFlags(Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION)
+            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
+                addFlags(Intent.FLAG_GRANT_PREFIX_URI_PERMISSION)
+            }
+            addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION)
+            addFlags(Intent.FLAG_GRANT_WRITE_URI_PERMISSION)
+        }
+        if (fragment != null)
+            fragment?.startActivityForResult(intentGetContent, GET_CONTENT)
+        else
+            activity?.startActivityForResult(intentGetContent, GET_CONTENT)
+    }
+
+    /**
+     * To use in onActivityResultCallback in Fragment or Activity
+     * @param onFileSelected Callback retrieve from data
+     * @return true if requestCode was captured, false elsewhere
+     */
+    fun onOpenDocumentResult(requestCode: Int, resultCode: Int, data: Intent?,
+                             onFileSelected: ((uri: Uri?) -> Unit)?): Boolean {
+
+        when (requestCode) {
+            FILE_BROWSE -> {
+                if (resultCode == RESULT_OK) {
+                    val filename = data?.dataString
+                    var keyUri: Uri? = null
+                    if (filename != null) {
+                        keyUri = UriUtil.parse(filename)
+                    }
+                    onFileSelected?.invoke(keyUri)
+                }
+                return true
+            }
+            GET_CONTENT, OPEN_DOC -> {
+                if (resultCode == RESULT_OK) {
+                    if (data != null) {
+                        val uri = data.data
+                        if (uri != null) {
+                            try {
+                                // try to persist read and write permissions
+                                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
+                                    activity?.contentResolver?.apply {
+                                        takePersistableUriPermission(uri, Intent.FLAG_GRANT_READ_URI_PERMISSION)
+                                        takePersistableUriPermission(uri, Intent.FLAG_GRANT_WRITE_URI_PERMISSION)
+                                    }
+                                }
+                            } catch (e: Exception) {
+                                // nop
+                            }
+                            onFileSelected?.invoke(uri)
+                        }
+                    }
+                }
+                return true
+            }
+        }
+        return false
+    }
+
+    /**
+     * Show Browser dialog to select file picker app
+     */
+    private fun showFileManagerDialogFragment() {
+        try {
+            if (fragment != null) {
+                fragment?.parentFragmentManager
+            } else {
+                activity?.supportFragmentManager
+            }?.let { fragmentManager ->
+                FileManagerDialogFragment().show(fragmentManager, "browserDialog")
+            }
+        } catch (e: Exception) {
+            Log.e(TAG, "Can't open BrowserDialog", e)
+        }
+    }
+
+    fun createDocument(titleString: String,
+                       typeString: String = "application/octet-stream"): Int? {
+        val idCode = getUnusedCreateFileRequestCode()
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
+            try {
+                val intent = Intent(Intent.ACTION_CREATE_DOCUMENT).apply {
+                    addCategory(Intent.CATEGORY_OPENABLE)
+                    type = typeString
+                    putExtra(Intent.EXTRA_TITLE, titleString)
+                }
+                if (fragment != null)
+                    fragment?.startActivityForResult(intent, idCode)
+                else
+                    activity?.startActivityForResult(intent, idCode)
+                return idCode
+            } catch (e: Exception) {
+                Log.e(TAG, "Unable to create document", e)
+                showFileManagerDialogFragment()
+            }
+        } else {
+            showFileManagerDialogFragment()
+        }
+        return null
+    }
+
+    /**
+     * To use in onActivityResultCallback in Fragment or Activity
+     * @param onFileCreated Callback retrieve from data
+     * @return true if requestCode was captured, false elsewhere
+     */
+    fun onCreateDocumentResult(requestCode: Int, resultCode: Int, data: Intent?,
+                               onFileCreated: (fileCreated: Uri?)->Unit) {
+        // Retrieve the created URI from the file manager
+        if (fileRequestCodes.contains(requestCode) && resultCode == RESULT_OK) {
+            onFileCreated.invoke(data?.data)
+            fileRequestCodes.remove(requestCode)
+        }
+    }
+
+    companion object {
+
+        private const val TAG = "OpenFileHelper"
+
+        private const val GET_CONTENT = 25745
+        private const val OPEN_DOC = 25845
+        private const val FILE_BROWSE = 25645
+
+        private var CREATE_FILE_REQUEST_CODE_DEFAULT = 3853
+        private var fileRequestCodes = ArrayList<Int>()
+
+        private fun getUnusedCreateFileRequestCode(): Int {
+            val newCreateFileRequestCode = CREATE_FILE_REQUEST_CODE_DEFAULT++
+            fileRequestCodes.add(newCreateFileRequestCode)
+            return newCreateFileRequestCode
+        }
+
+        @SuppressLint("InlinedApi")
+        fun allowCreateDocumentByStorageAccessFramework(packageManager: PackageManager,
+                                                        typeString: String = "application/octet-stream"): Boolean {
+            return when {
+                // To check if a custom file manager can manage the ACTION_CREATE_DOCUMENT
+                Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT -> {
+                    packageManager.queryIntentActivities(Intent(Intent.ACTION_CREATE_DOCUMENT).apply {
+                        addCategory(Intent.CATEGORY_OPENABLE)
+                        type = typeString
+                    }, PackageManager.MATCH_DEFAULT_ONLY).isNotEmpty()
+                }
+                else -> true
+            }
+        }
+    }
+}
+
+fun View.setOpenDocumentClickListener(externalFileHelper: ExternalFileHelper?) {
+    externalFileHelper?.let { fileHelper ->
+        setOnClickListener {
+            fileHelper.openDocument()
+        }
+        setOnLongClickListener {
+            fileHelper.openDocument(true)
+            true
+        }
+    } ?: kotlin.run {
+        setOnClickListener(null)
+        setOnLongClickListener(null)
+    }
+}

app/src/main/java/com/kunzisoft/keepass/activities/helpers/SelectFileHelper.kt

@@ -1,244 +0,0 @@
-/*
- * Copyright 2019 Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.activities.helpers
-
-import android.annotation.SuppressLint
-import android.app.Activity
-import android.app.Activity.RESULT_OK
-import android.content.Context
-import android.content.Intent
-import android.content.pm.PackageManager
-import android.net.Uri
-import android.os.Build
-import android.util.Log
-import android.view.MenuItem
-import android.view.View
-import androidx.fragment.app.Fragment
-import androidx.fragment.app.FragmentActivity
-import com.kunzisoft.keepass.activities.dialogs.FileManagerDialogFragment
-import com.kunzisoft.keepass.utils.UriUtil
-
-class SelectFileHelper {
-
-    private var activity: Activity? = null
-    private var fragment: Fragment? = null
-
-    val selectFileOnClickViewListener: SelectFileOnClickViewListener
-        get() = SelectFileOnClickViewListener()
-
-    constructor(context: Activity) {
-        this.activity = context
-        this.fragment = null
-    }
-
-    constructor(context: Fragment) {
-        this.activity = context.activity
-        this.fragment = context
-    }
-
-    inner class SelectFileOnClickViewListener :
-            View.OnClickListener,
-            View.OnLongClickListener,
-            MenuItem.OnMenuItemClickListener {
-
-        private fun onAbstractClick(longClick: Boolean = false) {
-            try {
-                if (longClick) {
-                    try {
-                        openActivityWithActionGetContent()
-                    } catch (e: Exception) {
-                        openActivityWithActionOpenDocument()
-                    }
-                } else {
-                    try {
-                        openActivityWithActionOpenDocument()
-                    } catch (e: Exception) {
-                        openActivityWithActionGetContent()
-                    }
-                }
-            } catch (e: Exception) {
-                Log.e(TAG, "Enable to start the file picker activity", e)
-                // Open browser dialog
-                if (lookForOpenIntentsFilePicker())
-                    showBrowserDialog()
-            }
-        }
-
-        override fun onClick(v: View) {
-            onAbstractClick()
-        }
-
-        override fun onLongClick(v: View?): Boolean {
-            onAbstractClick(true)
-            return true
-        }
-
-        override fun onMenuItemClick(item: MenuItem?): Boolean {
-            onAbstractClick()
-            return true
-        }
-    }
-
-    @SuppressLint("InlinedApi")
-    private fun openActivityWithActionOpenDocument() {
-        val intentOpenDocument = Intent(Intent.ACTION_OPEN_DOCUMENT).apply {
-            addCategory(Intent.CATEGORY_OPENABLE)
-            type = "*/*"
-            addFlags(Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION)
-            addFlags(Intent.FLAG_GRANT_PREFIX_URI_PERMISSION)
-            addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION)
-            addFlags(Intent.FLAG_GRANT_WRITE_URI_PERMISSION)
-        }
-        if (fragment != null)
-            fragment?.startActivityForResult(intentOpenDocument, OPEN_DOC)
-        else
-            activity?.startActivityForResult(intentOpenDocument, OPEN_DOC)
-    }
-
-    @SuppressLint("InlinedApi")
-    private fun openActivityWithActionGetContent() {
-        val intentGetContent = Intent(Intent.ACTION_GET_CONTENT).apply {
-            addCategory(Intent.CATEGORY_OPENABLE)
-            type = "*/*"
-            addFlags(Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION)
-            addFlags(Intent.FLAG_GRANT_PREFIX_URI_PERMISSION)
-            addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION)
-            addFlags(Intent.FLAG_GRANT_WRITE_URI_PERMISSION)
-        }
-        if (fragment != null)
-            fragment?.startActivityForResult(intentGetContent, GET_CONTENT)
-        else
-            activity?.startActivityForResult(intentGetContent, GET_CONTENT)
-    }
-
-    private fun lookForOpenIntentsFilePicker(): Boolean {
-        var showBrowser = false
-        try {
-            if (isIntentAvailable(activity!!, OPEN_INTENTS_FILE_BROWSE)) {
-                val intent = Intent(OPEN_INTENTS_FILE_BROWSE)
-                if (fragment != null)
-                    fragment?.startActivityForResult(intent, FILE_BROWSE)
-                else
-                    activity?.startActivityForResult(intent, FILE_BROWSE)
-            } else {
-                showBrowser = true
-            }
-        } catch (e: Exception) {
-            Log.w(TAG, "Enable to start OPEN_INTENTS_FILE_BROWSE", e)
-            showBrowser = true
-        }
-
-        return showBrowser
-    }
-
-    /**
-     * Indicates whether the specified action can be used as an intent. This
-     * method queries the package manager for installed packages that can
-     * respond to an intent with the specified action. If no suitable package is
-     * found, this method returns false.
-     *
-     * @param context The application's environment.
-     * @param action The Intent action to check for availability.
-     *
-     * @return True if an Intent with the specified action can be sent and
-     * responded to, false otherwise.
-     */
-    private fun isIntentAvailable(context: Context, action: String): Boolean {
-        val packageManager = context.packageManager
-        val intent = Intent(action)
-        val list = packageManager.queryIntentActivities(intent,
-                PackageManager.MATCH_DEFAULT_ONLY)
-        return list.size > 0
-    }
-
-    /**
-     * Show Browser dialog to select file picker app
-     */
-    private fun showBrowserDialog() {
-        try {
-            val fileManagerDialogFragment = FileManagerDialogFragment()
-            fragment?.let {
-                fileManagerDialogFragment.show(it.parentFragmentManager, "browserDialog")
-            } ?: fileManagerDialogFragment.show((activity as FragmentActivity).supportFragmentManager, "browserDialog")
-        } catch (e: Exception) {
-            Log.e(TAG, "Can't open BrowserDialog", e)
-        }
-    }
-
-    /**
-     * To use in onActivityResultCallback in Fragment or Activity
-     * @param keyFileCallback Callback retrieve from data
-     * @return true if requestCode was captured, false elsechere
-     */
-    fun onActivityResultCallback(
-            requestCode: Int,
-            resultCode: Int,
-            data: Intent?,
-            keyFileCallback: ((uri: Uri?) -> Unit)?): Boolean {
-
-        when (requestCode) {
-            FILE_BROWSE -> {
-                if (resultCode == RESULT_OK) {
-                    val filename = data?.dataString
-                    var keyUri: Uri? = null
-                    if (filename != null) {
-                        keyUri = UriUtil.parse(filename)
-                    }
-                    keyFileCallback?.invoke(keyUri)
-                }
-                return true
-            }
-            GET_CONTENT, OPEN_DOC -> {
-                if (resultCode == RESULT_OK) {
-                    if (data != null) {
-                        val uri = data.data
-                        if (uri != null) {
-                            try {
-                                // try to persist read and write permissions
-                                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
-                                    activity?.contentResolver?.apply {
-                                        takePersistableUriPermission(uri, Intent.FLAG_GRANT_READ_URI_PERMISSION)
-                                        takePersistableUriPermission(uri, Intent.FLAG_GRANT_WRITE_URI_PERMISSION)
-                                    }
-                                }
-                            } catch (e: Exception) {
-                                // nop
-                            }
-                            keyFileCallback?.invoke(uri)
-                        }
-                    }
-                }
-                return true
-            }
-        }
-        return false
-    }
-
-    companion object {
-
-        private const val TAG = "OpenFileHelper"
-
-        const val OPEN_INTENTS_FILE_BROWSE = "org.openintents.action.PICK_FILE"
-
-        private const val GET_CONTENT = 25745
-        private const val OPEN_DOC = 25845
-        private const val FILE_BROWSE = 25645
-    }
-}

app/src/main/java/com/kunzisoft/keepass/activities/stylish/Stylish.kt

@@ -37,12 +37,12 @@ object Stylish {
      * Initialize the class with a theme preference
      * @param context Context to retrieve the theme preference
      */
-    fun init(context: Context) {
+    fun load(context: Context) {
         Log.d(Stylish::class.java.name, "Attatching to " + context.packageName)
         themeString = PreferencesUtil.getStyle(context)
     }
 
-    private fun retrieveEquivalentSystemStyle(context: Context, styleString: String): String {
+    fun retrieveEquivalentSystemStyle(context: Context, styleString: String): String {
         val systemNightMode = when (PreferencesUtil.getStyleBrightness(context)) {
             context.getString(R.string.list_style_brightness_light) -> false
             context.getString(R.string.list_style_brightness_night) -> true
@@ -84,12 +84,16 @@ object Stylish {
         }
     }
 
+    fun defaultStyle(context: Context): String {
+        return context.getString(R.string.list_style_name_light)
+    }
+
     /**
      * Assign the style to the class attribute
      * @param styleString Style id String
      */
     fun assignStyle(context: Context, styleString: String) {
-        themeString = retrieveEquivalentSystemStyle(context, styleString)
+        PreferencesUtil.setStyle(context, styleString)
     }
 
     /**

app/src/main/java/com/kunzisoft/keepass/adapters/EntryAttachmentsItemsAdapter.kt

@@ -45,7 +45,7 @@ import kotlin.math.max
 class EntryAttachmentsItemsAdapter(context: Context)
     : AnimatedItemsAdapter<EntryAttachmentState, EntryAttachmentsItemsAdapter.EntryBinariesViewHolder>(context) {
 
-    var binaryCipherKey: Database.LoadedKey? = null
+    var database: Database? = null
     var onItemClickListener: ((item: EntryAttachmentState)->Unit)? = null
     var onBinaryPreviewLoaded: ((item: EntryAttachmentState) -> Unit)? = null
 
@@ -82,21 +82,23 @@ class EntryAttachmentsItemsAdapter(context: Context)
                 if (entryAttachmentState.previewState == AttachmentState.NULL) {
                     entryAttachmentState.previewState = AttachmentState.IN_PROGRESS
                     // Load the bitmap image
-                    BinaryDatabaseManager.loadBitmap(
-                            entryAttachmentState.attachment.binaryData,
-                            binaryCipherKey,
-                            mImagePreviewMaxWidth
-                    ) { imageLoaded ->
-                        if (imageLoaded == null) {
-                            entryAttachmentState.previewState = AttachmentState.ERROR
-                            visibility = View.GONE
-                            onBinaryPreviewLoaded?.invoke(entryAttachmentState)
-                        } else {
-                            entryAttachmentState.previewState = AttachmentState.COMPLETE
-                            setImageBitmap(imageLoaded)
-                            if (visibility != View.VISIBLE) {
-                                expand(true, resources.getDimensionPixelSize(R.dimen.item_file_info_height)) {
-                                    onBinaryPreviewLoaded?.invoke(entryAttachmentState)
+                    database?.let { database ->
+                        BinaryDatabaseManager.loadBitmap(
+                                database,
+                                entryAttachmentState.attachment.binaryData,
+                                mImagePreviewMaxWidth
+                        ) { imageLoaded ->
+                            if (imageLoaded == null) {
+                                entryAttachmentState.previewState = AttachmentState.ERROR
+                                visibility = View.GONE
+                                onBinaryPreviewLoaded?.invoke(entryAttachmentState)
+                            } else {
+                                entryAttachmentState.previewState = AttachmentState.COMPLETE
+                                setImageBitmap(imageLoaded)
+                                if (visibility != View.VISIBLE) {
+                                    expand(true, resources.getDimensionPixelSize(R.dimen.item_file_info_height)) {
+                                        onBinaryPreviewLoaded?.invoke(entryAttachmentState)
+                                    }
                                 }
                             }
                         }
@@ -123,8 +125,9 @@ class EntryAttachmentsItemsAdapter(context: Context)
         } else {
             holder.binaryFileTitle.setTextColor(mTitleColor)
         }
-        holder.binaryFileSize.text = Formatter.formatFileSize(context,
-                entryAttachmentState.attachment.binaryData.getSize())
+
+        val size = entryAttachmentState.attachment.binaryData.getSize()
+        holder.binaryFileSize.text = Formatter.formatFileSize(context, size)
         holder.binaryFileCompression.apply {
             if (entryAttachmentState.attachment.binaryData.isCompressed) {
                 text = CompressionAlgorithm.GZip.getName(context.resources)

app/src/main/java/com/kunzisoft/keepass/adapters/IconPickerAdapter.kt

@@ -5,6 +5,7 @@ import android.view.LayoutInflater
 import android.view.View
 import android.view.ViewGroup
 import android.widget.ImageView
+import android.widget.TextView
 import androidx.recyclerview.widget.RecyclerView
 import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.database.element.icon.IconImageDraw
@@ -95,6 +96,12 @@ class IconPickerAdapter<I: IconImageDraw>(val context: Context, private val tint
     override fun onBindViewHolder(holder: CustomIconViewHolder, position: Int) {
         val icon = iconList[position]
         iconDrawableFactory?.assignDatabaseIcon(holder.iconImageView, icon, tintIcon)
+        icon.getIconImageToDraw().custom.name.let { iconName ->
+            holder.iconTextView.apply {
+                text = iconName
+                visibility = if (iconName.isNotEmpty()) View.VISIBLE else View.GONE
+            }
+        }
         holder.iconContainerView.isSelected = icon.selected
         holder.itemView.setOnClickListener {
             iconPickerListener?.onIconClickListener(icon)
@@ -117,5 +124,6 @@ class IconPickerAdapter<I: IconImageDraw>(val context: Context, private val tint
     inner class CustomIconViewHolder(itemView: View) : RecyclerView.ViewHolder(itemView) {
         var iconContainerView: ViewGroup = itemView.findViewById(R.id.icon_container)
         var iconImageView: ImageView = itemView.findViewById(R.id.icon_image)
+        var iconTextView: TextView = itemView.findViewById(R.id.icon_name)
     }
 }

app/src/main/java/com/kunzisoft/keepass/adapters/SearchEntryCursorAdapter.kt

@@ -106,7 +106,6 @@ class SearchEntryCursorAdapter(private val context: Context,
 
     private fun getEntryFrom(cursor: Cursor): Entry? {
         return database.createEntry()?.apply {
-            database.startManageEntry(this)
             entryKDB?.let { entryKDB ->
                 (cursor as EntryCursorKDB).populateEntry(entryKDB,
                         { standardIconId ->
@@ -127,7 +126,6 @@ class SearchEntryCursorAdapter(private val context: Context,
                         }
                 )
             }
-            database.stopManageEntry(this)
         }
     }
 
@@ -150,12 +148,14 @@ class SearchEntryCursorAdapter(private val context: Context,
         if (searchGroup != null) {
             // Search in hide entries but not meta-stream
             for (entry in searchGroup.getFilteredChildEntries(Group.ChildFilter.getDefaults(context))) {
+                database.startManageEntry(entry)
                 entry.entryKDB?.let {
                     cursorKDB?.addEntry(it)
                 }
                 entry.entryKDBX?.let {
                     cursorKDBX?.addEntry(it)
                 }
+                database.stopManageEntry(entry)
             }
         }
 

app/src/main/java/com/kunzisoft/keepass/app/App.kt

@@ -22,19 +22,18 @@ package com.kunzisoft.keepass.app
 import androidx.multidex.MultiDexApplication
 import com.kunzisoft.keepass.activities.stylish.Stylish
 import com.kunzisoft.keepass.database.element.Database
-import com.kunzisoft.keepass.utils.UriUtil
 
 class App : MultiDexApplication() {
 
     override fun onCreate() {
         super.onCreate()
 
-        Stylish.init(this)
+        Stylish.load(this)
         PRNGFixes.apply()
     }
 
     override fun onTerminate() {
-        Database.getInstance().clearAndClose(UriUtil.getBinaryDir(this))
+        Database.getInstance().clearAndClose(this)
         super.onTerminate()
     }
 }

app/src/main/java/com/kunzisoft/keepass/app/database/CipherDatabaseAction.kt

@@ -19,12 +19,10 @@
  */
 package com.kunzisoft.keepass.app.database
 
-import android.content.ComponentName
-import android.content.Context
-import android.content.Intent
-import android.content.ServiceConnection
+import android.content.*
 import android.net.Uri
 import android.os.IBinder
+import android.util.Log
 import com.kunzisoft.keepass.services.AdvancedUnlockNotificationService
 import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.utils.SingletonHolderParameter
@@ -41,62 +39,95 @@ class CipherDatabaseAction(context: Context) {
     // Temp DAO to easily remove content if object no longer in memory
     private var useTempDao = PreferencesUtil.isTempAdvancedUnlockEnable(applicationContext)
 
-    private val mIntentAdvancedUnlockService = Intent(applicationContext,
-            AdvancedUnlockNotificationService::class.java)
     private var mBinder: AdvancedUnlockNotificationService.AdvancedUnlockBinder? = null
     private var mServiceConnection: ServiceConnection? = null
 
-    private var mDatabaseListeners = LinkedList<DatabaseListener>()
+    private var mDatabaseListeners = LinkedList<CipherDatabaseListener>()
+    private var mAdvancedUnlockBroadcastReceiver = AdvancedUnlockNotificationService.AdvancedUnlockReceiver {
+        deleteAll()
+        removeAllDataAndDetach()
+    }
 
     fun reloadPreferences() {
         useTempDao = PreferencesUtil.isTempAdvancedUnlockEnable(applicationContext)
     }
 
     @Synchronized
-    private fun attachService(performedAction: () -> Unit) {
-        // Check if a service is currently running else do nothing
-        if (mBinder != null) {
+    private fun serviceActionTask(startService: Boolean = false, performedAction: () -> Unit) {
+        // Check if a service is currently running else call action without info
+        if (startService && mServiceConnection == null) {
+            attachService(performedAction)
+        } else {
             performedAction.invoke()
-        } else if (mServiceConnection == null) {
-            mServiceConnection = object : ServiceConnection {
-                override fun onServiceConnected(name: ComponentName?, serviceBinder: IBinder?) {
-                    mBinder = (serviceBinder as AdvancedUnlockNotificationService.AdvancedUnlockBinder)
-                    performedAction.invoke()
-                }
-
-                override fun onServiceDisconnected(name: ComponentName?) {
-                    mBinder = null
-                    mServiceConnection = null
-                    mDatabaseListeners.forEach {
-                        it.onDatabaseCleared()
-                    }
-                }
-            }
-            applicationContext.bindService(mIntentAdvancedUnlockService,
-                    mServiceConnection!!,
-                    Context.BIND_ABOVE_CLIENT)
-            if (mBinder == null) {
-                applicationContext.startService(mIntentAdvancedUnlockService)
-            }
         }
     }
 
-    fun registerDatabaseListener(listener: DatabaseListener) {
-        mDatabaseListeners.add(listener)
+    @Synchronized
+    private fun attachService(performedAction: () -> Unit) {
+        applicationContext.registerReceiver(mAdvancedUnlockBroadcastReceiver, IntentFilter().apply {
+            addAction(AdvancedUnlockNotificationService.REMOVE_ADVANCED_UNLOCK_KEY_ACTION)
+        })
+
+        mServiceConnection = object : ServiceConnection {
+            override fun onServiceConnected(name: ComponentName?, serviceBinder: IBinder?) {
+                mBinder = (serviceBinder as AdvancedUnlockNotificationService.AdvancedUnlockBinder)
+                performedAction.invoke()
+            }
+
+            override fun onServiceDisconnected(name: ComponentName?) {
+                onClear()
+            }
+        }
+        try {
+            AdvancedUnlockNotificationService.bindService(applicationContext,
+                    mServiceConnection!!,
+                    Context.BIND_AUTO_CREATE)
+        } catch (e: Exception) {
+            Log.e(TAG, "Unable to start cipher action", e)
+            performedAction.invoke()
+        }
     }
 
-    fun unregisterDatabaseListener(listener: DatabaseListener) {
-        mDatabaseListeners.remove(listener)
+    @Synchronized
+    private fun detachService() {
+        try {
+            applicationContext.unregisterReceiver(mAdvancedUnlockBroadcastReceiver)
+        } catch (e: Exception) {}
+
+        mServiceConnection?.let {
+            AdvancedUnlockNotificationService.unbindService(applicationContext, it)
+        }
     }
 
-    interface DatabaseListener {
-        fun onDatabaseCleared()
+    private fun removeAllDataAndDetach() {
+        detachService()
+        onClear()
+    }
+
+    fun registerDatabaseListener(listenerCipher: CipherDatabaseListener) {
+        mDatabaseListeners.add(listenerCipher)
+    }
+
+    fun unregisterDatabaseListener(listenerCipher: CipherDatabaseListener) {
+        mDatabaseListeners.remove(listenerCipher)
+    }
+
+    private fun onClear() {
+        mBinder = null
+        mServiceConnection = null
+        mDatabaseListeners.forEach {
+            it.onCipherDatabaseCleared()
+        }
+    }
+
+    interface CipherDatabaseListener {
+        fun onCipherDatabaseCleared()
     }
 
     fun getCipherDatabase(databaseUri: Uri,
                           cipherDatabaseResultListener: (CipherDatabaseEntity?) -> Unit) {
         if (useTempDao) {
-            attachService {
+            serviceActionTask {
                 cipherDatabaseResultListener.invoke(mBinder?.getCipherDatabase(databaseUri))
             }
         } else {
@@ -121,7 +152,8 @@ class CipherDatabaseAction(context: Context) {
     fun addOrUpdateCipherDatabase(cipherDatabaseEntity: CipherDatabaseEntity,
                                   cipherDatabaseResultListener: (() -> Unit)? = null) {
         if (useTempDao) {
-            attachService {
+            // The only case to create service (not needed to get an info)
+            serviceActionTask(true) {
                 mBinder?.addOrUpdateCipherDatabase(cipherDatabaseEntity)
                 cipherDatabaseResultListener?.invoke()
             }
@@ -146,7 +178,7 @@ class CipherDatabaseAction(context: Context) {
     fun deleteByDatabaseUri(databaseUri: Uri,
                             cipherDatabaseResultListener: (() -> Unit)? = null) {
         if (useTempDao) {
-            attachService {
+            serviceActionTask {
                 mBinder?.deleteByDatabaseUri(databaseUri)
                 cipherDatabaseResultListener?.invoke()
             }
@@ -163,15 +195,22 @@ class CipherDatabaseAction(context: Context) {
     }
 
     fun deleteAll() {
-        attachService {
-            mBinder?.deleteAll()
+        if (useTempDao) {
+            serviceActionTask {
+                mBinder?.deleteAll()
+            }
         }
+        // To erase the residues
         IOActionTask(
                 {
                     cipherDatabaseDao.deleteAll()
                 }
         ).execute()
+        // Unbind
+        removeAllDataAndDetach()
     }
 
-    companion object : SingletonHolderParameter<CipherDatabaseAction, Context>(::CipherDatabaseAction)
+    companion object : SingletonHolderParameter<CipherDatabaseAction, Context>(::CipherDatabaseAction) {
+        private val TAG = CipherDatabaseAction::class.java.name
+    }
 }

app/src/main/java/com/kunzisoft/keepass/autofill/StructureParser.kt

@@ -223,9 +223,22 @@ class StructureParser(private val structure: AssistStructure) {
                         usernameValueCandidate = node.autofillValue
                         Log.d(TAG, "Autofill username candidate android text type: ${showHexInputType(inputType)}")
                     }
+                    inputIsVariationType(inputType,
+                            InputType.TYPE_TEXT_VARIATION_VISIBLE_PASSWORD) -> {
+                        // Some forms used visible password as username
+                        if (usernameCandidate == null && usernameValueCandidate == null) {
+                            usernameCandidate = autofillId
+                            usernameValueCandidate = node.autofillValue
+                            Log.d(TAG, "Autofill visible password android text type (as username): ${showHexInputType(inputType)}")
+                        } else if (result?.passwordId == null && result?.passwordValue == null) {
+                            result?.passwordId = autofillId
+                            result?.passwordValue = node.autofillValue
+                            Log.d(TAG, "Autofill visible password android text type (as password): ${showHexInputType(inputType)}")
+                            usernameNeeded = false
+                        }
+                    }
                     inputIsVariationType(inputType,
                             InputType.TYPE_TEXT_VARIATION_PASSWORD,
-                            InputType.TYPE_TEXT_VARIATION_VISIBLE_PASSWORD,
                             InputType.TYPE_TEXT_VARIATION_WEB_PASSWORD) -> {
                         result?.passwordId = autofillId
                         result?.passwordValue = node.autofillValue

app/src/main/java/com/kunzisoft/keepass/biometric/AdvancedUnlockFragment.kt

@@ -36,7 +36,6 @@ import com.kunzisoft.keepass.activities.stylish.StylishFragment
 import com.kunzisoft.keepass.app.database.CipherDatabaseAction
 import com.kunzisoft.keepass.database.exception.IODatabaseException
 import com.kunzisoft.keepass.education.PasswordActivityEducation
-import com.kunzisoft.keepass.services.AdvancedUnlockNotificationService
 import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.view.AdvancedUnlockInfoView
 
@@ -68,7 +67,7 @@ class AdvancedUnlockFragment: StylishFragment(), AdvancedUnlockManager.AdvancedU
 
     private lateinit var cipherDatabaseAction : CipherDatabaseAction
 
-    private var cipherDatabaseListener: CipherDatabaseAction.DatabaseListener? = null
+    private var cipherDatabaseListener: CipherDatabaseAction.CipherDatabaseListener? = null
 
     // Only to fix multiple fingerprint menu #332
     private var mAllowAdvancedUnlockMenu = false
@@ -125,8 +124,10 @@ class AdvancedUnlockFragment: StylishFragment(), AdvancedUnlockManager.AdvancedU
 
     override fun onResume() {
         super.onResume()
-        mAdvancedUnlockEnabled = PreferencesUtil.isAdvancedUnlockEnable(requireContext())
-        mAutoOpenPromptEnabled = PreferencesUtil.isAdvancedUnlockPromptAutoOpenEnable(requireContext())
+        context?.let {
+            mAdvancedUnlockEnabled = PreferencesUtil.isAdvancedUnlockEnable(it)
+            mAutoOpenPromptEnabled = PreferencesUtil.isAdvancedUnlockPromptAutoOpenEnable(it)
+        }
         keepConnection = false
     }
 
@@ -176,34 +177,36 @@ class AdvancedUnlockFragment: StylishFragment(), AdvancedUnlockManager.AdvancedU
      * Check unlock availability and change the current mode depending of device's state
      */
     fun checkUnlockAvailability() {
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-            allowOpenBiometricPrompt = true
-            if (PreferencesUtil.isBiometricUnlockEnable(requireContext())) {
-                mAdvancedUnlockInfoView?.setIconResource(R.drawable.fingerprint)
+        context?.let { context ->
+            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
+                allowOpenBiometricPrompt = true
+                if (PreferencesUtil.isBiometricUnlockEnable(context)) {
+                    mAdvancedUnlockInfoView?.setIconResource(R.drawable.fingerprint)
 
-                // biometric not supported (by API level or hardware) so keep option hidden
-                // or manually disable
-                val biometricCanAuthenticate = AdvancedUnlockManager.canAuthenticate(requireContext())
-                if (!PreferencesUtil.isAdvancedUnlockEnable(requireContext())
-                        || biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_HW_UNAVAILABLE
-                        || biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_NO_HARDWARE) {
-                    toggleMode(Mode.BIOMETRIC_UNAVAILABLE)
-                } else if (biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED) {
-                    toggleMode(Mode.BIOMETRIC_SECURITY_UPDATE_REQUIRED)
-                } else {
-                    // biometric is available but not configured, show icon but in disabled state with some information
-                    if (biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_NONE_ENROLLED) {
-                        toggleMode(Mode.DEVICE_CREDENTIAL_OR_BIOMETRIC_NOT_CONFIGURED)
+                    // biometric not supported (by API level or hardware) so keep option hidden
+                    // or manually disable
+                    val biometricCanAuthenticate = AdvancedUnlockManager.canAuthenticate(context)
+                    if (!PreferencesUtil.isAdvancedUnlockEnable(context)
+                            || biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_HW_UNAVAILABLE
+                            || biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_NO_HARDWARE) {
+                        toggleMode(Mode.BIOMETRIC_UNAVAILABLE)
+                    } else if (biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED) {
+                        toggleMode(Mode.BIOMETRIC_SECURITY_UPDATE_REQUIRED)
                     } else {
-                        selectMode()
+                        // biometric is available but not configured, show icon but in disabled state with some information
+                        if (biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_NONE_ENROLLED) {
+                            toggleMode(Mode.DEVICE_CREDENTIAL_OR_BIOMETRIC_NOT_CONFIGURED)
+                        } else {
+                            selectMode()
+                        }
+                    }
+                } else if (PreferencesUtil.isDeviceCredentialUnlockEnable(context)) {
+                    mAdvancedUnlockInfoView?.setIconResource(R.drawable.bolt)
+                    if (AdvancedUnlockManager.isDeviceSecure(context)) {
+                        selectMode()
+                    } else {
+                        toggleMode(Mode.DEVICE_CREDENTIAL_OR_BIOMETRIC_NOT_CONFIGURED)
                     }
-                }
-            } else if (PreferencesUtil.isDeviceCredentialUnlockEnable(requireContext())) {
-                mAdvancedUnlockInfoView?.setIconResource(R.drawable.bolt)
-                if (AdvancedUnlockManager.isDeviceSecure(requireContext())) {
-                    selectMode()
-                } else {
-                    toggleMode(Mode.DEVICE_CREDENTIAL_OR_BIOMETRIC_NOT_CONFIGURED)
                 }
             }
         }
@@ -261,7 +264,7 @@ class AdvancedUnlockFragment: StylishFragment(), AdvancedUnlockManager.AdvancedU
     private fun openBiometricSetting() {
         mAdvancedUnlockInfoView?.setIconViewClickListener(false) {
             // ACTION_SECURITY_SETTINGS does not contain fingerprint enrollment on some devices...
-            requireContext().startActivity(Intent(Settings.ACTION_SETTINGS))
+            context?.startActivity(Intent(Settings.ACTION_SETTINGS))
         }
     }
 
@@ -296,9 +299,11 @@ class AdvancedUnlockFragment: StylishFragment(), AdvancedUnlockManager.AdvancedU
         setAdvancedUnlockedTitleView(R.string.no_credentials_stored)
         setAdvancedUnlockedMessageView("")
 
-        mAdvancedUnlockInfoView?.setIconViewClickListener(false) {
-            onAuthenticationError(BiometricPrompt.ERROR_UNABLE_TO_PROCESS,
-                    requireContext().getString(R.string.credential_before_click_advanced_unlock_button))
+        context?.let { context ->
+            mAdvancedUnlockInfoView?.setIconViewClickListener(false) {
+                onAuthenticationError(BiometricPrompt.ERROR_UNABLE_TO_PROCESS,
+                        context.getString(R.string.credential_before_click_advanced_unlock_button))
+            }
         }
     }
 
@@ -402,9 +407,10 @@ class AdvancedUnlockFragment: StylishFragment(), AdvancedUnlockManager.AdvancedU
     fun connect(databaseUri: Uri) {
         showViews(true)
         this.databaseFileUri = databaseUri
-        cipherDatabaseListener = object: CipherDatabaseAction.DatabaseListener {
-            override fun onDatabaseCleared() {
-                deleteEncryptedDatabaseKey()
+        cipherDatabaseListener = object: CipherDatabaseAction.CipherDatabaseListener {
+            override fun onCipherDatabaseCleared() {
+                advancedUnlockManager?.closeBiometricPrompt()
+                checkUnlockAvailability()
             }
         }
         cipherDatabaseAction.apply {
@@ -435,14 +441,12 @@ class AdvancedUnlockFragment: StylishFragment(), AdvancedUnlockManager.AdvancedU
 
     @RequiresApi(Build.VERSION_CODES.M)
     fun deleteEncryptedDatabaseKey() {
-        allowOpenBiometricPrompt = false
-        mAdvancedUnlockInfoView?.setIconViewClickListener(false, null)
         advancedUnlockManager?.closeBiometricPrompt()
         databaseFileUri?.let { databaseUri ->
             cipherDatabaseAction.deleteByDatabaseUri(databaseUri) {
                 checkUnlockAvailability()
             }
-        }
+        } ?: checkUnlockAvailability()
     }
 
     override fun onAuthenticationError(errorCode: Int, errString: CharSequence) {
@@ -479,7 +483,6 @@ class AdvancedUnlockFragment: StylishFragment(), AdvancedUnlockManager.AdvancedU
                     mBuilderListener?.retrieveCredentialForEncryption()?.let { credential ->
                         advancedUnlockManager?.encryptData(credential)
                     }
-                    AdvancedUnlockNotificationService.startServiceForTimeout(requireContext())
                 }
                 Mode.EXTRACT_CREDENTIAL -> {
                     // retrieve the encrypted value from preferences

app/src/main/java/com/kunzisoft/keepass/crypto/CipherFactory.kt

@@ -1,79 +0,0 @@
-/*
- * Copyright 2019 Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.crypto
-
-import android.os.Build
-import com.kunzisoft.keepass.crypto.engine.AesEngine
-import com.kunzisoft.keepass.crypto.engine.ChaCha20Engine
-import com.kunzisoft.keepass.crypto.engine.CipherEngine
-import com.kunzisoft.keepass.crypto.engine.TwofishEngine
-import org.bouncycastle.jce.provider.BouncyCastleProvider
-import java.security.NoSuchAlgorithmException
-import java.security.Security
-import java.util.*
-import javax.crypto.Cipher
-import javax.crypto.NoSuchPaddingException
-
-object CipherFactory {
-
-    private var blacklistInit = false
-    private var blacklisted: Boolean = false
-
-    init {
-        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME)
-        Security.addProvider(BouncyCastleProvider())
-    }
-
-    fun deviceBlacklisted(): Boolean {
-        if (!blacklistInit) {
-            blacklistInit = true
-            // The Acer Iconia A500 is special and seems to always crash in the native crypto libraries
-            blacklisted = Build.MODEL == "A500"
-        }
-        return blacklisted
-    }
-
-    private fun hasNativeImplementation(transformation: String): Boolean {
-        return transformation == "AES/CBC/PKCS5Padding"
-    }
-
-    @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class)
-    fun getInstance(transformation: String, androidOverride: Boolean = false): Cipher {
-        // Return the native AES if it is possible
-        return if (!deviceBlacklisted() && !androidOverride && hasNativeImplementation(transformation) && NativeLib.loaded()) {
-            Cipher.getInstance(transformation, AESProvider())
-        } else {
-            Cipher.getInstance(transformation)
-        }
-    }
-
-    /**
-     * Generate appropriate cipher based on KeePass 2.x UUID's
-     */
-    @Throws(NoSuchAlgorithmException::class)
-    fun getInstance(uuid: UUID): CipherEngine {
-        return when (uuid) {
-            AesEngine.CIPHER_UUID -> AesEngine()
-            TwofishEngine.CIPHER_UUID -> TwofishEngine()
-            ChaCha20Engine.CIPHER_UUID -> ChaCha20Engine()
-            else -> throw NoSuchAlgorithmException("UUID unrecognized.")
-        }
-    }
-}

app/src/main/java/com/kunzisoft/keepass/crypto/CryptoUtil.kt

@@ -1,105 +0,0 @@
-/*
- * Copyright 2019 Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.crypto
-
-import com.kunzisoft.keepass.stream.NullOutputStream
-import com.kunzisoft.keepass.stream.longTo8Bytes
-import java.io.IOException
-import java.security.DigestOutputStream
-import java.security.MessageDigest
-import java.security.NoSuchAlgorithmException
-import java.util.*
-import javax.crypto.Mac
-import kotlin.math.min
-
-object CryptoUtil {
-
-    fun resizeKey(inBytes: ByteArray, inOffset: Int, cbIn: Int, cbOut: Int): ByteArray {
-        if (cbOut == 0) return ByteArray(0)
-
-        val hash: ByteArray = if (cbOut <= 32) {
-            hashSha256(inBytes, inOffset, cbIn)
-        } else {
-            hashSha512(inBytes, inOffset, cbIn)
-        }
-
-        if (cbOut == hash.size) {
-            return hash
-        }
-
-        val ret = ByteArray(cbOut)
-        if (cbOut < hash.size) {
-            System.arraycopy(hash, 0, ret, 0, cbOut)
-        } else {
-            var pos = 0
-            var r: Long = 0
-            while (pos < cbOut) {
-                val hmac: Mac
-                try {
-                    hmac = Mac.getInstance("HmacSHA256")
-                } catch (e: NoSuchAlgorithmException) {
-                    throw RuntimeException(e)
-                }
-
-                val pbR = longTo8Bytes(r)
-                val part = hmac.doFinal(pbR)
-
-                val copy = min(cbOut - pos, part.size)
-                System.arraycopy(part, 0, ret, pos, copy)
-                pos += copy
-                r++
-
-                Arrays.fill(part, 0.toByte())
-            }
-        }
-
-        Arrays.fill(hash, 0.toByte())
-        return ret
-    }
-
-    fun hashSha256(data: ByteArray, offset: Int = 0, count: Int = data.size): ByteArray {
-        return hashGen("SHA-256", data, offset, count)
-    }
-
-    fun hashSha512(data: ByteArray, offset: Int = 0, count: Int = data.size): ByteArray {
-        return hashGen("SHA-512", data, offset, count)
-    }
-
-    private fun hashGen(transform: String, data: ByteArray, offset: Int, count: Int): ByteArray {
-        val hash: MessageDigest
-        try {
-            hash = MessageDigest.getInstance(transform)
-        } catch (e: NoSuchAlgorithmException) {
-            throw RuntimeException(e)
-        }
-
-        val nos = NullOutputStream()
-        val dos = DigestOutputStream(nos, hash)
-
-        try {
-            dos.write(data, offset, count)
-            dos.close()
-        } catch (e: IOException) {
-            throw RuntimeException(e)
-        }
-
-        return hash.digest()
-    }
-}

app/src/main/java/com/kunzisoft/keepass/crypto/StreamCipherFactory.kt

@@ -1,71 +0,0 @@
-/*
- * Copyright 2019 Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.crypto
-
-import org.bouncycastle.crypto.StreamCipher
-import org.bouncycastle.crypto.engines.ChaCha7539Engine
-import org.bouncycastle.crypto.engines.Salsa20Engine
-import org.bouncycastle.crypto.params.KeyParameter
-import org.bouncycastle.crypto.params.ParametersWithIV
-
-object StreamCipherFactory {
-
-    private val SALSA_IV = byteArrayOf(0xE8.toByte(), 0x30, 0x09, 0x4B, 0x97.toByte(), 0x20, 0x5D, 0x2A)
-
-    @Throws(Exception::class)
-    fun getInstance(alg: CrsAlgorithm?, key: ByteArray): StreamCipher {
-        return when {
-            alg === CrsAlgorithm.Salsa20 -> getSalsa20(key)
-            alg === CrsAlgorithm.ChaCha20 -> getChaCha20(key)
-            else -> throw Exception("Invalid random cipher")
-        }
-    }
-
-    private fun getSalsa20(key: ByteArray): StreamCipher {
-        // Build stream cipher key
-        val key32 = CryptoUtil.hashSha256(key)
-
-        val keyParam = KeyParameter(key32)
-        val ivParam = ParametersWithIV(keyParam, SALSA_IV)
-
-        val cipher = Salsa20Engine()
-        cipher.init(true, ivParam)
-
-        return cipher
-    }
-
-    private fun getChaCha20(key: ByteArray): StreamCipher {
-        // Build stream cipher key
-        val hash = CryptoUtil.hashSha512(key)
-        val key32 = ByteArray(32)
-        val iv = ByteArray(12)
-
-        System.arraycopy(hash, 0, key32, 0, 32)
-        System.arraycopy(hash, 32, iv, 0, 12)
-
-        val keyParam = KeyParameter(key32)
-        val ivParam = ParametersWithIV(keyParam, iv)
-
-        val cipher = ChaCha7539Engine()
-        cipher.init(true, ivParam)
-
-        return cipher
-    }
-}

app/src/main/java/com/kunzisoft/keepass/crypto/engine/AesEngine.kt

@@ -1,68 +0,0 @@
-/*
- * Copyright 2019 Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.crypto.engine
-
-
-import com.kunzisoft.keepass.crypto.CipherFactory
-import com.kunzisoft.keepass.database.element.security.EncryptionAlgorithm
-import com.kunzisoft.keepass.stream.bytes16ToUuid
-import java.security.InvalidAlgorithmParameterException
-import java.security.InvalidKeyException
-import java.security.NoSuchAlgorithmException
-import java.util.*
-import javax.crypto.Cipher
-import javax.crypto.NoSuchPaddingException
-import javax.crypto.spec.IvParameterSpec
-import javax.crypto.spec.SecretKeySpec
-
-class AesEngine : CipherEngine() {
-
-    @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
-    override fun getCipher(opmode: Int, key: ByteArray, IV: ByteArray, androidOverride: Boolean): Cipher {
-        val cipher = CipherFactory.getInstance("AES/CBC/PKCS5Padding", androidOverride)
-        cipher.init(opmode, SecretKeySpec(key, "AES"), IvParameterSpec(IV))
-        return cipher
-    }
-
-    override fun getPwEncryptionAlgorithm(): EncryptionAlgorithm {
-        return EncryptionAlgorithm.AESRijndael
-    }
-
-    companion object {
-
-        val CIPHER_UUID: UUID = bytes16ToUuid(
-                byteArrayOf(0x31.toByte(),
-                        0xC1.toByte(),
-                        0xF2.toByte(),
-                        0xE6.toByte(),
-                        0xBF.toByte(),
-                        0x71.toByte(),
-                        0x43.toByte(),
-                        0x50.toByte(),
-                        0xBE.toByte(),
-                        0x58.toByte(),
-                        0x05.toByte(),
-                        0x21.toByte(),
-                        0x6A.toByte(),
-                        0xFC.toByte(),
-                        0x5A.toByte(),
-                        0xFF.toByte()))
-    }
-}

app/src/main/java/com/kunzisoft/keepass/crypto/engine/TwofishEngine.kt

@@ -1,72 +0,0 @@
-/*
- * Copyright 2019 Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.crypto.engine
-
-import com.kunzisoft.keepass.crypto.CipherFactory
-import com.kunzisoft.keepass.database.element.security.EncryptionAlgorithm
-import com.kunzisoft.keepass.stream.bytes16ToUuid
-import java.security.InvalidAlgorithmParameterException
-import java.security.InvalidKeyException
-import java.security.NoSuchAlgorithmException
-import java.util.*
-import javax.crypto.Cipher
-import javax.crypto.NoSuchPaddingException
-import javax.crypto.spec.IvParameterSpec
-import javax.crypto.spec.SecretKeySpec
-
-class TwofishEngine : CipherEngine() {
-
-    @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
-    override fun getCipher(opmode: Int, key: ByteArray, IV: ByteArray, androidOverride: Boolean): Cipher {
-        val cipher: Cipher = if (opmode == Cipher.ENCRYPT_MODE) {
-            CipherFactory.getInstance("Twofish/CBC/ZeroBytePadding", androidOverride)
-        } else {
-            CipherFactory.getInstance("Twofish/CBC/NoPadding", androidOverride)
-        }
-        cipher.init(opmode, SecretKeySpec(key, "AES"), IvParameterSpec(IV))
-
-        return cipher
-    }
-
-    override fun getPwEncryptionAlgorithm(): EncryptionAlgorithm {
-        return EncryptionAlgorithm.Twofish
-    }
-
-    companion object {
-
-        val CIPHER_UUID: UUID = bytes16ToUuid(
-                byteArrayOf(0xAD.toByte(),
-                        0x68.toByte(),
-                        0xF2.toByte(),
-                        0x9F.toByte(),
-                        0x57.toByte(),
-                        0x6F.toByte(),
-                        0x4B.toByte(),
-                        0xB9.toByte(),
-                        0xA3.toByte(),
-                        0x6A.toByte(),
-                        0xD4.toByte(),
-                        0x7A.toByte(),
-                        0xF9.toByte(),
-                        0x65.toByte(),
-                        0x34.toByte(),
-                        0x6C.toByte()))
-    }
-}

app/src/main/java/com/kunzisoft/keepass/crypto/finalkey/AESKeyTransformerFactory.kt

@@ -1,36 +0,0 @@
-/*
- * Copyright 2017 Brian Pellin, Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.crypto.finalkey
-
-import com.kunzisoft.keepass.crypto.CipherFactory.deviceBlacklisted
-
-object AESKeyTransformerFactory : KeyTransformer() {
-    override fun transformMasterKey(seed: ByteArray?, key: ByteArray?, rounds: Long?): ByteArray? {
-        // Prefer the native final key implementation
-        val keyTransformer = if (!deviceBlacklisted()
-                && NativeAESKeyTransformer.available()) {
-            NativeAESKeyTransformer()
-        } else {
-            // Fall back on the android crypto implementation
-            AndroidAESKeyTransformer()
-        }
-        return keyTransformer.transformMasterKey(seed, key, rounds)
-    }
-}

app/src/main/java/com/kunzisoft/keepass/crypto/keyDerivation/Argon2Native.java

@@ -1,65 +0,0 @@
-/*
- * Copyright 2017 Brian Pellin, Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.crypto.keyDerivation;
-
-import com.kunzisoft.keepass.crypto.NativeLib;
-import com.kunzisoft.keepass.utils.UnsignedInt;
-
-import java.io.IOException;
-
-public class Argon2Native {
-
-    enum CType {
-        ARGON2_D(0),
-        ARGON2_I(1),
-        ARGON2_ID(2);
-
-        int cValue = 0;
-
-        CType(int i) {
-            cValue = i;
-        }
-    }
-
-    public static byte[] transformKey(Argon2Kdf.Type type, byte[] password, byte[] salt, UnsignedInt parallelism,
-                                      UnsignedInt memory, UnsignedInt iterations, byte[] secretKey,
-                                      byte[] associatedData, UnsignedInt version) throws IOException {
-        NativeLib.INSTANCE.init();
-
-        CType cType = CType.ARGON2_D;
-        if (type.equals(Argon2Kdf.Type.ARGON2_ID))
-            cType = CType.ARGON2_ID;
-
-        return nTransformMasterKey(
-                cType.cValue,
-                password,
-                salt,
-                parallelism.toKotlinInt(),
-                memory.toKotlinInt(),
-                iterations.toKotlinInt(),
-                secretKey,
-                associatedData,
-                version.toKotlinInt());
-    }
-
-    private static native byte[] nTransformMasterKey(int type, byte[] password, byte[] salt, int parallelism,
-                                              int memory, int iterations, byte[] secretKey,
-                                              byte[] associatedData, int version) throws IOException;
-}

app/src/main/java/com/kunzisoft/keepass/database/action/CreateDatabaseRunnable.kt

@@ -26,7 +26,6 @@ import com.kunzisoft.keepass.app.database.FileDatabaseHistoryAction
 import com.kunzisoft.keepass.database.element.Database
 import com.kunzisoft.keepass.model.MainCredential
 import com.kunzisoft.keepass.settings.PreferencesUtil
-import com.kunzisoft.keepass.utils.UriUtil
 
 class CreateDatabaseRunnable(context: Context,
                              private val mDatabase: Database,
@@ -44,7 +43,7 @@ class CreateDatabaseRunnable(context: Context,
                 createData(mDatabaseUri, databaseName, rootName)
             }
         } catch (e: Exception) {
-            mDatabase.clearAndClose(UriUtil.getBinaryDir(context))
+            mDatabase.clearAndClose(context)
             setError(e)
         }
 

app/src/main/java/com/kunzisoft/keepass/database/action/LoadDatabaseRunnable.kt

@@ -25,6 +25,8 @@ import com.kunzisoft.keepass.app.database.CipherDatabaseAction
 import com.kunzisoft.keepass.app.database.CipherDatabaseEntity
 import com.kunzisoft.keepass.app.database.FileDatabaseHistoryAction
 import com.kunzisoft.keepass.database.element.Database
+import com.kunzisoft.keepass.database.element.binary.BinaryData
+import com.kunzisoft.keepass.database.element.binary.LoadedKey
 import com.kunzisoft.keepass.database.exception.LoadDatabaseException
 import com.kunzisoft.keepass.model.MainCredential
 import com.kunzisoft.keepass.settings.PreferencesUtil
@@ -45,7 +47,7 @@ class LoadDatabaseRunnable(private val context: Context,
 
     override fun onStartRun() {
         // Clear before we load
-        mDatabase.clearAndClose(UriUtil.getBinaryDir(context))
+        mDatabase.clearAndClose(context)
     }
 
     override fun onActionRun() {
@@ -55,7 +57,10 @@ class LoadDatabaseRunnable(private val context: Context,
                     mReadonly,
                     context.contentResolver,
                     UriUtil.getBinaryDir(context),
-                    Database.LoadedKey.generateNewCipherKey(),
+                    { memoryWanted ->
+                        BinaryData.canMemoryBeAllocatedInRAM(context, memoryWanted)
+                    },
+                    LoadedKey.generateNewCipherKey(),
                     mFixDuplicateUUID,
                     progressTaskUpdater)
         }
@@ -80,7 +85,7 @@ class LoadDatabaseRunnable(private val context: Context,
             // Register the current time to init the lock timer
             PreferencesUtil.saveCurrentTime(context)
         } else {
-            mDatabase.clearAndClose(UriUtil.getBinaryDir(context))
+            mDatabase.clearAndClose(context)
         }
     }
 

app/src/main/java/com/kunzisoft/keepass/database/action/ProgressDatabaseTaskProvider.kt

@@ -23,20 +23,24 @@ import android.content.*
 import android.content.Context.BIND_ABOVE_CLIENT
 import android.content.Context.BIND_NOT_FOREGROUND
 import android.net.Uri
+import android.os.Build
 import android.os.Bundle
 import android.os.IBinder
+import android.util.Log
+import android.widget.Toast
 import androidx.fragment.app.FragmentActivity
+import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.activities.dialogs.DatabaseChangedDialogFragment
 import com.kunzisoft.keepass.activities.dialogs.DatabaseChangedDialogFragment.Companion.DATABASE_CHANGED_DIALOG_TAG
 import com.kunzisoft.keepass.app.database.CipherDatabaseEntity
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfEngine
+import com.kunzisoft.keepass.database.crypto.EncryptionAlgorithm
+import com.kunzisoft.keepass.database.crypto.kdf.KdfEngine
 import com.kunzisoft.keepass.database.element.Entry
 import com.kunzisoft.keepass.database.element.Group
 import com.kunzisoft.keepass.database.element.database.CompressionAlgorithm
 import com.kunzisoft.keepass.database.element.node.Node
 import com.kunzisoft.keepass.database.element.node.NodeId
 import com.kunzisoft.keepass.database.element.node.Type
-import com.kunzisoft.keepass.database.element.security.EncryptionAlgorithm
 import com.kunzisoft.keepass.model.MainCredential
 import com.kunzisoft.keepass.model.SnapFileDatabaseInfo
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService
@@ -48,8 +52,8 @@ import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.ACTION_DATABASE_DELETE_ENTRY_HISTORY
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.ACTION_DATABASE_DELETE_NODES_TASK
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.ACTION_DATABASE_LOAD_TASK
-import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.ACTION_DATABASE_RELOAD_TASK
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.ACTION_DATABASE_MOVE_NODES_TASK
+import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.ACTION_DATABASE_RELOAD_TASK
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.ACTION_DATABASE_REMOVE_UNLINKED_DATA_TASK
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.ACTION_DATABASE_RESTORE_ENTRY_HISTORY
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.ACTION_DATABASE_SAVE
@@ -251,11 +255,15 @@ class ProgressDatabaseTaskProvider(private val activity: FragmentActivity) {
     }
 
     private fun start(bundle: Bundle? = null, actionTask: String) {
-        activity.stopService(intentDatabaseTask)
-        if (bundle != null)
-            intentDatabaseTask.putExtras(bundle)
-        intentDatabaseTask.action = actionTask
-        activity.startService(intentDatabaseTask)
+        try {
+            if (bundle != null)
+                intentDatabaseTask.putExtras(bundle)
+            intentDatabaseTask.action = actionTask
+            activity.startService(intentDatabaseTask)
+        } catch (e: Exception) {
+            Log.e(TAG, "Unable to perform database action", e)
+            Toast.makeText(activity, R.string.error_start_database_action, Toast.LENGTH_LONG).show()
+        }
     }
 
     /*
@@ -278,6 +286,11 @@ class ProgressDatabaseTaskProvider(private val activity: FragmentActivity) {
                           readOnly: Boolean,
                           cipherEntity: CipherDatabaseEntity?,
                           fixDuplicateUuid: Boolean) {
+        try {
+            activity.stopService(intentDatabaseTask)
+        } catch (e: Exception) {
+            Log.e(TAG, "Unable to stop the service", e)
+        }
         start(Bundle().apply {
             putParcelable(DatabaseTaskNotificationService.DATABASE_URI_KEY, databaseUri)
             putParcelable(DatabaseTaskNotificationService.MAIN_CREDENTIAL_KEY, mainCredential)
@@ -591,4 +604,8 @@ class ProgressDatabaseTaskProvider(private val activity: FragmentActivity) {
         }
                 , ACTION_DATABASE_SAVE)
     }
+
+    companion object {
+        private val TAG = ProgressDatabaseTaskProvider::class.java.name
+    }
 }

app/src/main/java/com/kunzisoft/keepass/database/action/ReloadDatabaseRunnable.kt

@@ -21,6 +21,8 @@ package com.kunzisoft.keepass.database.action
 
 import android.content.Context
 import com.kunzisoft.keepass.database.element.Database
+import com.kunzisoft.keepass.database.element.binary.BinaryData
+import com.kunzisoft.keepass.database.element.binary.LoadedKey
 import com.kunzisoft.keepass.database.exception.LoadDatabaseException
 import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.tasks.ActionRunnable
@@ -33,10 +35,10 @@ class ReloadDatabaseRunnable(private val context: Context,
                              private val mLoadDatabaseResult: ((Result) -> Unit)?)
     : ActionRunnable() {
 
-    private var tempCipherKey: Database.LoadedKey? = null
+    private var tempCipherKey: LoadedKey? = null
 
     override fun onStartRun() {
-        tempCipherKey = mDatabase.loadedCipherKey
+        tempCipherKey = mDatabase.binaryCache.loadedCipherKey
         // Clear before we load
         mDatabase.clear(UriUtil.getBinaryDir(context))
         mDatabase.wasReloaded = true
@@ -46,7 +48,10 @@ class ReloadDatabaseRunnable(private val context: Context,
         try {
             mDatabase.reloadData(context.contentResolver,
                     UriUtil.getBinaryDir(context),
-                    tempCipherKey ?: Database.LoadedKey.generateNewCipherKey(),
+                    { memoryWanted ->
+                        BinaryData.canMemoryBeAllocatedInRAM(context, memoryWanted)
+                    },
+                    tempCipherKey ?: LoadedKey.generateNewCipherKey(),
                     progressTaskUpdater)
         } catch (e: LoadDatabaseException) {
             setError(e)
@@ -57,7 +62,7 @@ class ReloadDatabaseRunnable(private val context: Context,
             PreferencesUtil.saveCurrentTime(context)
         } else {
             tempCipherKey = null
-            mDatabase.clearAndClose(UriUtil.getBinaryDir(context))
+            mDatabase.clearAndClose(context)
         }
     }
 

app/src/main/java/com/kunzisoft/keepass/database/action/node/DeleteNodesRunnable.kt

@@ -31,41 +31,47 @@ class DeleteNodesRunnable(context: Context,
                           afterActionNodesFinish: AfterActionNodesFinish)
     : ActionNodeDatabaseRunnable(context, database, afterActionNodesFinish, save) {
 
-    private var mParent: Group? = null
+    private var mOldParent: Group? = null
     private var mCanRecycle: Boolean = false
 
     private var mNodesToDeleteBackup = ArrayList<Node>()
 
     override fun nodeAction() {
 
-        foreachNode@ for(currentNode in mNodesToDelete) {
-            mParent = currentNode.parent
-            mParent?.touch(modified = false, touchParents = true)
+        foreachNode@ for(nodeToDelete in mNodesToDelete) {
+            mOldParent = nodeToDelete.parent
+            mOldParent?.touch(modified = false, touchParents = true)
 
-            when (currentNode.type) {
+            when (nodeToDelete.type) {
                 Type.GROUP -> {
+                    val groupToDelete = nodeToDelete as Group
                     // Create a copy to keep the old ref and remove it visually
-                    mNodesToDeleteBackup.add(Group(currentNode as Group))
+                    mNodesToDeleteBackup.add(Group(groupToDelete))
                     // Remove Node from parent
-                    mCanRecycle = database.canRecycle(currentNode)
+                    mCanRecycle = database.canRecycle(groupToDelete)
                     if (mCanRecycle) {
-                        database.recycle(currentNode, context.resources)
+                        groupToDelete.touch(modified = false, touchParents = true)
+                        database.recycle(groupToDelete, context.resources)
+                        groupToDelete.setPreviousParentGroup(mOldParent)
                     } else {
-                        database.deleteGroup(currentNode)
+                        database.deleteGroup(groupToDelete)
                     }
                 }
                 Type.ENTRY -> {
+                    val entryToDelete = nodeToDelete as Entry
                     // Create a copy to keep the old ref and remove it visually
-                    mNodesToDeleteBackup.add(Entry(currentNode as Entry))
+                    mNodesToDeleteBackup.add(Entry(entryToDelete))
                     // Remove Node from parent
-                    mCanRecycle = database.canRecycle(currentNode)
+                    mCanRecycle = database.canRecycle(entryToDelete)
                     if (mCanRecycle) {
-                        database.recycle(currentNode, context.resources)
+                        entryToDelete.touch(modified = false, touchParents = true)
+                        database.recycle(entryToDelete, context.resources)
+                        entryToDelete.setPreviousParentGroup(mOldParent)
                     } else {
-                        database.deleteEntry(currentNode)
+                        database.deleteEntry(entryToDelete)
                     }
                     // Remove the oldest attachments
-                    currentNode.getAttachments(database.attachmentPool).forEach {
+                    entryToDelete.getAttachments(database.attachmentPool).forEach {
                         database.removeAttachmentIfNotUsed(it)
                     }
                 }
@@ -76,7 +82,7 @@ class DeleteNodesRunnable(context: Context,
     override fun nodeFinish(): ActionNodesValues {
         if (!result.isSuccess) {
             if (mCanRecycle) {
-                mParent?.let {
+                mOldParent?.let {
                     mNodesToDeleteBackup.forEach { backupNode ->
                         when (backupNode.type) {
                             Type.GROUP -> {

app/src/main/java/com/kunzisoft/keepass/database/action/node/MoveNodesRunnable.kt

@@ -24,7 +24,7 @@ import android.util.Log
 import com.kunzisoft.keepass.database.element.*
 import com.kunzisoft.keepass.database.element.node.Node
 import com.kunzisoft.keepass.database.element.node.Type
-import com.kunzisoft.keepass.database.exception.EntryDatabaseException
+import com.kunzisoft.keepass.database.exception.MoveEntryDatabaseException
 import com.kunzisoft.keepass.database.exception.MoveGroupDatabaseException
 
 class MoveNodesRunnable constructor(
@@ -47,11 +47,14 @@ class MoveNodesRunnable constructor(
             when (nodeToMove.type) {
                 Type.GROUP -> {
                     val groupToMove = nodeToMove as Group
-                    // Move group in new parent if not in the current group
-                    if (groupToMove != mNewParent
+                    // Move group if the parent change
+                    if (mOldParent != mNewParent
+                            // and if not in the current group
+                            && groupToMove != mNewParent
                             && !mNewParent.isContainedIn(groupToMove)) {
-                        nodeToMove.touch(modified = true, touchParents = true)
+                        groupToMove.touch(modified = true, touchParents = true)
                         database.moveGroupTo(groupToMove, mNewParent)
+                        groupToMove.setPreviousParentGroup(mOldParent)
                     } else {
                         // Only finish thread
                         setError(MoveGroupDatabaseException())
@@ -64,11 +67,12 @@ class MoveNodesRunnable constructor(
                     if (mOldParent != mNewParent
                             // and root can contains entry
                             && (mNewParent != database.rootGroup || database.rootCanContainsEntry())) {
-                        nodeToMove.touch(modified = true, touchParents = true)
+                        entryToMove.touch(modified = true, touchParents = true)
                         database.moveEntryTo(entryToMove, mNewParent)
+                        entryToMove.setPreviousParentGroup(mOldParent)
                     } else {
                         // Only finish thread
-                        setError(EntryDatabaseException())
+                        setError(MoveEntryDatabaseException())
                         break@foreachNode
                     }
                 }

app/src/main/java/com/kunzisoft/keepass/database/crypto/AesEngine.kt

@@ -0,0 +1,40 @@
+/*
+ * Copyright 2019 Jeremy Jamet / Kunzisoft.
+ *
+ * This file is part of KeePassDX.
+ *
+ *  KeePassDX is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  KeePassDX is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+package com.kunzisoft.keepass.database.crypto
+
+
+import com.kunzisoft.encrypt.CipherFactory
+import java.security.InvalidAlgorithmParameterException
+import java.security.InvalidKeyException
+import java.security.NoSuchAlgorithmException
+import javax.crypto.Cipher
+import javax.crypto.NoSuchPaddingException
+
+class AesEngine : CipherEngine() {
+
+    @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
+    override fun getCipher(opmode: Int, key: ByteArray, IV: ByteArray): Cipher {
+        return CipherFactory.getAES(opmode, key, IV)
+    }
+
+    override fun getEncryptionAlgorithm(): EncryptionAlgorithm {
+        return EncryptionAlgorithm.AESRijndael
+    }
+}

app/src/main/java/com/kunzisoft/keepass/database/crypto/ChaCha20Engine.kt

@@ -17,19 +17,14 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.crypto.engine
+package com.kunzisoft.keepass.database.crypto
 
-import com.kunzisoft.keepass.database.element.security.EncryptionAlgorithm
-import com.kunzisoft.keepass.stream.bytes16ToUuid
-import org.bouncycastle.jce.provider.BouncyCastleProvider
+import com.kunzisoft.encrypt.CipherFactory
 import java.security.InvalidAlgorithmParameterException
 import java.security.InvalidKeyException
 import java.security.NoSuchAlgorithmException
-import java.util.*
 import javax.crypto.Cipher
 import javax.crypto.NoSuchPaddingException
-import javax.crypto.spec.IvParameterSpec
-import javax.crypto.spec.SecretKeySpec
 
 class ChaCha20Engine : CipherEngine() {
 
@@ -38,34 +33,11 @@ class ChaCha20Engine : CipherEngine() {
     }
 
     @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
-    override fun getCipher(opmode: Int, key: ByteArray, IV: ByteArray, androidOverride: Boolean): Cipher {
-        val cipher = Cipher.getInstance("Chacha7539", BouncyCastleProvider())
-        cipher.init(opmode, SecretKeySpec(key, "ChaCha7539"), IvParameterSpec(IV))
-        return cipher
+    override fun getCipher(opmode: Int, key: ByteArray, IV: ByteArray): Cipher {
+        return CipherFactory.getChacha20(opmode, key, IV)
     }
 
-    override fun getPwEncryptionAlgorithm(): EncryptionAlgorithm {
+    override fun getEncryptionAlgorithm(): EncryptionAlgorithm {
         return EncryptionAlgorithm.ChaCha20
     }
-
-    companion object {
-
-        val CIPHER_UUID: UUID = bytes16ToUuid(
-                byteArrayOf(0xD6.toByte(),
-                        0x03.toByte(),
-                        0x8A.toByte(),
-                        0x2B.toByte(),
-                        0x8B.toByte(),
-                        0x6F.toByte(),
-                        0x4C.toByte(),
-                        0xB5.toByte(),
-                        0xA5.toByte(),
-                        0x24.toByte(),
-                        0x33.toByte(),
-                        0x9A.toByte(),
-                        0x31.toByte(),
-                        0xDB.toByte(),
-                        0xB5.toByte(),
-                        0x9A.toByte()))
-    }
 }

app/src/main/java/com/kunzisoft/keepass/database/crypto/CipherEngine.kt

@@ -17,9 +17,7 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.crypto.engine
-
-import com.kunzisoft.keepass.database.element.security.EncryptionAlgorithm
+package com.kunzisoft.keepass.database.crypto
 
 import java.security.InvalidAlgorithmParameterException
 import java.security.InvalidKeyException
@@ -38,14 +36,12 @@ abstract class CipherEngine {
         return 16
     }
 
-    @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
-    abstract fun getCipher(opmode: Int, key: ByteArray, IV: ByteArray, androidOverride: Boolean): Cipher
+    // Used only with padding workaround
+    var forcePaddingCompatibility = false
 
     @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
-    fun getCipher(opmode: Int, key: ByteArray, IV: ByteArray): Cipher {
-        return getCipher(opmode, key, IV, false)
-    }
+    abstract fun getCipher(opmode: Int, key: ByteArray, IV: ByteArray): Cipher
 
-    abstract fun getPwEncryptionAlgorithm(): EncryptionAlgorithm
+    abstract fun getEncryptionAlgorithm(): EncryptionAlgorithm
 
 }

app/src/main/java/com/kunzisoft/keepass/database/crypto/CrsAlgorithm.kt

@@ -17,11 +17,13 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.crypto
+package com.kunzisoft.keepass.database.crypto
 
+import com.kunzisoft.encrypt.HashManager
 import com.kunzisoft.keepass.utils.UnsignedInt
+import com.kunzisoft.encrypt.StreamCipher
 
-enum class CrsAlgorithm constructor(val id: UnsignedInt) {
+enum class CrsAlgorithm(val id: UnsignedInt) {
 
     Null(UnsignedInt(0)),
     ArcFourVariant(UnsignedInt(1)),
@@ -30,6 +32,15 @@ enum class CrsAlgorithm constructor(val id: UnsignedInt) {
 
     companion object {
 
+        @Throws(Exception::class)
+        fun getCipher(algorithm: CrsAlgorithm?, key: ByteArray): StreamCipher {
+            return when (algorithm) {
+                Salsa20 -> HashManager.getSalsa20(key)
+                ChaCha20 -> HashManager.getChaCha20(key)
+                else -> throw Exception("Invalid random cipher")
+            }
+        }
+
         fun fromId(num: UnsignedInt): CrsAlgorithm? {
             for (e in values()) {
                 if (e.id == num) {

app/src/main/java/com/kunzisoft/keepass/database/crypto/EncryptionAlgorithm.kt

@@ -0,0 +1,133 @@
+/*
+ * Copyright 2019 Jeremy Jamet / Kunzisoft.
+ *     
+ * This file is part of KeePassDX.
+ *
+ *  KeePassDX is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  KeePassDX is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+package com.kunzisoft.keepass.database.crypto
+
+import com.kunzisoft.keepass.utils.bytes16ToUuid
+import java.security.NoSuchAlgorithmException
+import java.util.*
+
+enum class EncryptionAlgorithm {
+
+    AESRijndael,
+    Twofish,
+    ChaCha20;
+
+    val cipherEngine: CipherEngine
+        get() {
+            return when (this) {
+                AESRijndael -> AesEngine()
+                Twofish -> TwofishEngine()
+                ChaCha20 -> ChaCha20Engine()
+            }
+        }
+
+    val uuid: UUID
+        get() {
+            return when (this) {
+                AESRijndael -> AES_UUID
+                Twofish -> TWOFISH_UUID
+                ChaCha20 -> CHACHA20_UUID
+            }
+        }
+
+    override fun toString(): String {
+        return when (this) {
+            AESRijndael -> "Rijndael (AES)"
+            Twofish -> "Twofish"
+            ChaCha20 -> "ChaCha20"
+        }
+    }
+
+    companion object {
+
+        /**
+         * Generate appropriate cipher based on KeePass 2.x UUID's
+         */
+        @Throws(NoSuchAlgorithmException::class)
+        fun getFrom(uuid: UUID): EncryptionAlgorithm {
+            return when (uuid) {
+                AES_UUID -> AESRijndael
+                TWOFISH_UUID -> Twofish
+                CHACHA20_UUID -> ChaCha20
+                else -> throw NoSuchAlgorithmException("UUID unrecognized.")
+            }
+        }
+
+        private val AES_UUID: UUID by lazy {
+            bytes16ToUuid(
+                    byteArrayOf(0x31.toByte(),
+                            0xC1.toByte(),
+                            0xF2.toByte(),
+                            0xE6.toByte(),
+                            0xBF.toByte(),
+                            0x71.toByte(),
+                            0x43.toByte(),
+                            0x50.toByte(),
+                            0xBE.toByte(),
+                            0x58.toByte(),
+                            0x05.toByte(),
+                            0x21.toByte(),
+                            0x6A.toByte(),
+                            0xFC.toByte(),
+                            0x5A.toByte(),
+                            0xFF.toByte()))
+        }
+
+        private val TWOFISH_UUID: UUID by lazy {
+            bytes16ToUuid(
+                    byteArrayOf(0xAD.toByte(),
+                            0x68.toByte(),
+                            0xF2.toByte(),
+                            0x9F.toByte(),
+                            0x57.toByte(),
+                            0x6F.toByte(),
+                            0x4B.toByte(),
+                            0xB9.toByte(),
+                            0xA3.toByte(),
+                            0x6A.toByte(),
+                            0xD4.toByte(),
+                            0x7A.toByte(),
+                            0xF9.toByte(),
+                            0x65.toByte(),
+                            0x34.toByte(),
+                            0x6C.toByte()))
+        }
+
+        private val CHACHA20_UUID: UUID by lazy {
+            bytes16ToUuid(
+                    byteArrayOf(0xD6.toByte(),
+                            0x03.toByte(),
+                            0x8A.toByte(),
+                            0x2B.toByte(),
+                            0x8B.toByte(),
+                            0x6F.toByte(),
+                            0x4C.toByte(),
+                            0xB5.toByte(),
+                            0xA5.toByte(),
+                            0x24.toByte(),
+                            0x33.toByte(),
+                            0x9A.toByte(),
+                            0x31.toByte(),
+                            0xDB.toByte(),
+                            0xB5.toByte(),
+                            0x9A.toByte()))
+        }
+    }
+}

app/src/main/java/com/kunzisoft/keepass/database/crypto/HmacBlock.kt

@@ -17,35 +17,40 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.stream
+package com.kunzisoft.keepass.database.crypto
 
 import java.io.IOException
-import java.security.DigestOutputStream
+import java.security.InvalidKeyException
 import java.security.MessageDigest
 import java.security.NoSuchAlgorithmException
+import javax.crypto.Mac
+import javax.crypto.spec.SecretKeySpec
 
-object HmacBlockStream {
-    fun getHmacKey64(key: ByteArray, blockIndex: Long): ByteArray {
+object HmacBlock {
+
+    fun getHmacSha256(blockKey: ByteArray): Mac {
+        val hmac: Mac
+        try {
+            hmac = Mac.getInstance("HmacSHA256")
+            val signingKey = SecretKeySpec(blockKey, "HmacSHA256")
+            hmac.init(signingKey)
+        } catch (e: NoSuchAlgorithmException) {
+            throw IOException("No HmacAlogirthm")
+        } catch (e: InvalidKeyException) {
+            throw IOException("Invalid Hmac Key")
+        }
+        return hmac
+    }
+
+    fun getHmacKey64(key: ByteArray, blockIndex: ByteArray): ByteArray {
         val hash: MessageDigest
         try {
             hash = MessageDigest.getInstance("SHA-512")
         } catch (e: NoSuchAlgorithmException) {
             throw RuntimeException(e)
         }
-
-        val nos = NullOutputStream()
-        val dos = DigestOutputStream(nos, hash)
-        val leos = LittleEndianDataOutputStream(dos)
-
-        try {
-            leos.writeLong(blockIndex)
-            leos.write(key)
-            leos.close()
-        } catch (e: IOException) {
-            throw RuntimeException(e)
-        }
-
-        //assert(hashKey.length == 64);
+        hash.update(blockIndex)
+        hash.update(key)
         return hash.digest()
     }
 }

app/src/main/java/com/kunzisoft/keepass/database/crypto/TwofishEngine.kt

@@ -0,0 +1,39 @@
+/*
+ * Copyright 2019 Jeremy Jamet / Kunzisoft.
+ *
+ * This file is part of KeePassDX.
+ *
+ *  KeePassDX is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  KeePassDX is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+package com.kunzisoft.keepass.database.crypto
+
+import com.kunzisoft.encrypt.CipherFactory
+import java.security.InvalidAlgorithmParameterException
+import java.security.InvalidKeyException
+import java.security.NoSuchAlgorithmException
+import javax.crypto.Cipher
+import javax.crypto.NoSuchPaddingException
+
+class TwofishEngine : CipherEngine() {
+
+    @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
+    override fun getCipher(opmode: Int, key: ByteArray, IV: ByteArray): Cipher {
+        return CipherFactory.getTwofish(opmode, key, IV, forcePaddingCompatibility)
+    }
+
+    override fun getEncryptionAlgorithm(): EncryptionAlgorithm {
+        return EncryptionAlgorithm.Twofish
+    }
+}

app/src/main/java/com/kunzisoft/keepass/database/crypto/VariantDictionary.kt

@@ -17,13 +17,10 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.utils
+package com.kunzisoft.keepass.database.crypto
 
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfParameters
-import com.kunzisoft.keepass.stream.*
-import java.io.ByteArrayInputStream
-import java.io.ByteArrayOutputStream
-import java.io.IOException
+import com.kunzisoft.keepass.utils.*
+import java.io.*
 import java.nio.charset.Charset
 import java.util.*
 
@@ -55,12 +52,12 @@ open class VariantDictionary {
         return dict[name]?.value as UnsignedInt?
     }
 
-    fun setUInt64(name: String, value: Long) {
+    fun setUInt64(name: String, value: UnsignedLong) {
         putType(VdType.UInt64, name, value)
     }
 
-    fun getUInt64(name: String): Long? {
-        return dict[name]?.value as Long?
+    fun getUInt64(name: String): UnsignedLong? {
+        return dict[name]?.value as UnsignedLong?
     }
 
     fun setBool(name: String, value: Boolean) {
@@ -115,22 +112,21 @@ open class VariantDictionary {
 
         @Throws(IOException::class)
         fun deserialize(data: ByteArray): VariantDictionary {
-            val inputStream = LittleEndianDataInputStream(ByteArrayInputStream(data))
+            val inputStream = ByteArrayInputStream(data)
             return deserialize(inputStream)
         }
 
         @Throws(IOException::class)
-        fun serialize(kdfParameters: KdfParameters): ByteArray {
+        fun serialize(variantDictionary: VariantDictionary): ByteArray {
             val byteArrayOutputStream = ByteArrayOutputStream()
-            val outputStream = LittleEndianDataOutputStream(byteArrayOutputStream)
-            serialize(kdfParameters, outputStream)
+            serialize(variantDictionary, byteArrayOutputStream)
             return byteArrayOutputStream.toByteArray()
         }
 
         @Throws(IOException::class)
-        fun deserialize(inputStream: LittleEndianDataInputStream): VariantDictionary {
+        fun deserialize(inputStream: InputStream): VariantDictionary {
             val dictionary = VariantDictionary()
-            val version = inputStream.readUShort()
+            val version = inputStream.readBytes2ToUShort()
             if (version and VdmCritical > VdVersion and VdmCritical) {
                 throw IOException("Invalid format")
             }
@@ -143,14 +139,14 @@ open class VariantDictionary {
                 if (bType == VdType.None) {
                     break
                 }
-                val nameLen = inputStream.readUInt().toKotlinInt()
-                val nameBuf = inputStream.readBytes(nameLen)
+                val nameLen = inputStream.readBytes4ToUInt().toKotlinInt()
+                val nameBuf = inputStream.readBytesLength(nameLen)
                 if (nameLen != nameBuf.size) {
                     throw IOException("Invalid format")
                 }
                 val name = String(nameBuf, UTF8Charset)
-                val valueLen = inputStream.readUInt().toKotlinInt()
-                val valueBuf = inputStream.readBytes(valueLen)
+                val valueLen = inputStream.readBytes4ToUInt().toKotlinInt()
+                val valueBuf = inputStream.readBytesLength(valueLen)
                 if (valueLen != valueBuf.size) {
                     throw IOException("Invalid format")
                 }
@@ -159,7 +155,7 @@ open class VariantDictionary {
                         dictionary.setUInt32(name, bytes4ToUInt(valueBuf))
                     }
                     VdType.UInt64 -> if (valueLen == 8) {
-                        dictionary.setUInt64(name, bytes64ToLong(valueBuf))
+                        dictionary.setUInt64(name, bytes64ToULong(valueBuf))
                     }
                     VdType.Bool -> if (valueLen == 1) {
                         dictionary.setBool(name, valueBuf[0] != 0.toByte())
@@ -181,48 +177,47 @@ open class VariantDictionary {
 
         @Throws(IOException::class)
         fun serialize(variantDictionary: VariantDictionary,
-                      outputStream: LittleEndianDataOutputStream?) {
+                      outputStream: OutputStream?) {
             if (outputStream == null) {
                 return
             }
-            outputStream.writeUShort(VdVersion)
+            outputStream.write2BytesUShort(VdVersion)
             for ((name, vd) in variantDictionary.dict) {
                 val nameBuf = name.toByteArray(UTF8Charset)
-                outputStream.write(vd.type.toInt())
-                outputStream.writeInt(nameBuf.size)
+                outputStream.writeByte(vd.type)
+                outputStream.write4BytesUInt(UnsignedInt(nameBuf.size))
                 outputStream.write(nameBuf)
                 var buf: ByteArray
                 when (vd.type) {
                     VdType.UInt32 -> {
-                        outputStream.writeInt(4)
-                        outputStream.writeUInt((vd.value as UnsignedInt))
+                        outputStream.write4BytesUInt(UnsignedInt(4))
+                        outputStream.write4BytesUInt(vd.value as UnsignedInt)
                     }
                     VdType.UInt64 -> {
-                        outputStream.writeInt(8)
-                        outputStream.writeLong(vd.value as Long)
+                        outputStream.write4BytesUInt(UnsignedInt(8))
+                        outputStream.write8BytesLong(vd.value as UnsignedLong)
                     }
                     VdType.Bool -> {
-                        outputStream.writeInt(1)
-                        val bool = if (vd.value as Boolean) 1.toByte() else 0.toByte()
-                        outputStream.write(bool.toInt())
+                        outputStream.write4BytesUInt(UnsignedInt(1))
+                        outputStream.writeBooleanByte(vd.value as Boolean)
                     }
                     VdType.Int32 -> {
-                        outputStream.writeInt(4)
-                        outputStream.writeInt(vd.value as Int)
+                        outputStream.write4BytesUInt(UnsignedInt(4))
+                        outputStream.write4BytesUInt(UnsignedInt(vd.value as Int))
                     }
                     VdType.Int64 -> {
-                        outputStream.writeInt(8)
-                        outputStream.writeLong(vd.value as Long)
+                        outputStream.write4BytesUInt(UnsignedInt(8))
+                        outputStream.write8BytesLong(vd.value as Long)
                     }
                     VdType.String -> {
                         val value = vd.value as String
                         buf = value.toByteArray(UTF8Charset)
-                        outputStream.writeInt(buf.size)
+                        outputStream.write4BytesUInt(UnsignedInt(buf.size))
                         outputStream.write(buf)
                     }
                     VdType.ByteArray -> {
                         buf = vd.value as ByteArray
-                        outputStream.writeInt(buf.size)
+                        outputStream.write4BytesUInt(UnsignedInt(buf.size))
                         outputStream.write(buf)
                     }
                     else -> {

app/src/main/java/com/kunzisoft/keepass/database/crypto/kdf/AesKdf.kt

@@ -17,13 +17,12 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.crypto.keyDerivation
+package com.kunzisoft.keepass.database.crypto.kdf
 
-import android.content.res.Resources
-import com.kunzisoft.keepass.R
-import com.kunzisoft.keepass.crypto.CryptoUtil
-import com.kunzisoft.keepass.crypto.finalkey.AESKeyTransformerFactory
-import com.kunzisoft.keepass.stream.bytes16ToUuid
+import com.kunzisoft.encrypt.HashManager
+import com.kunzisoft.keepass.utils.UnsignedLong
+import com.kunzisoft.encrypt.aes.AESTransformer
+import com.kunzisoft.keepass.utils.bytes16ToUuid
 import java.io.IOException
 import java.security.SecureRandom
 import java.util.*
@@ -38,32 +37,28 @@ class AesKdf : KdfEngine() {
         get() {
             return KdfParameters(uuid!!).apply {
                 setParamUUID()
-                setUInt64(PARAM_ROUNDS, defaultKeyRounds)
+                setUInt64(PARAM_ROUNDS, UnsignedLong(defaultKeyRounds))
             }
         }
 
-    override val defaultKeyRounds: Long = 500000L
-
-    override fun getName(resources: Resources): String {
-        return resources.getString(R.string.kdf_AES)
-    }
+    override val defaultKeyRounds = 500000L
 
     @Throws(IOException::class)
     override fun transform(masterKey: ByteArray, kdfParameters: KdfParameters): ByteArray {
 
         var seed = kdfParameters.getByteArray(PARAM_SEED)
         if (seed != null && seed.size != 32) {
-            seed = CryptoUtil.hashSha256(seed)
+            seed = HashManager.hashSha256(seed)
         }
 
         var currentMasterKey = masterKey
         if (currentMasterKey.size != 32) {
-            currentMasterKey = CryptoUtil.hashSha256(currentMasterKey)
+            currentMasterKey = HashManager.hashSha256(currentMasterKey)
         }
 
-        val rounds = kdfParameters.getUInt64(PARAM_ROUNDS)
+        val rounds = kdfParameters.getUInt64(PARAM_ROUNDS)?.toKotlinLong()
 
-        return AESKeyTransformerFactory.transformMasterKey(seed, currentMasterKey, rounds) ?: ByteArray(0)
+        return AESTransformer.transformKey(seed, currentMasterKey, rounds) ?: ByteArray(0)
     }
 
     override fun randomize(kdfParameters: KdfParameters) {
@@ -76,11 +71,15 @@ class AesKdf : KdfEngine() {
     }
 
     override fun getKeyRounds(kdfParameters: KdfParameters): Long {
-        return kdfParameters.getUInt64(PARAM_ROUNDS) ?: defaultKeyRounds
+        return kdfParameters.getUInt64(PARAM_ROUNDS)?.toKotlinLong() ?: defaultKeyRounds
     }
 
     override fun setKeyRounds(kdfParameters: KdfParameters, keyRounds: Long) {
-        kdfParameters.setUInt64(PARAM_ROUNDS, keyRounds)
+        kdfParameters.setUInt64(PARAM_ROUNDS, UnsignedLong(keyRounds))
+    }
+
+    override fun toString(): String {
+        return "AES"
     }
 
     companion object {

app/src/main/java/com/kunzisoft/keepass/database/crypto/kdf/Argon2Kdf.kt

@@ -17,13 +17,13 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.crypto.keyDerivation
+package com.kunzisoft.keepass.database.crypto.kdf
 
-import android.content.res.Resources
-import androidx.annotation.StringRes
-import com.kunzisoft.keepass.R
-import com.kunzisoft.keepass.stream.bytes16ToUuid
 import com.kunzisoft.keepass.utils.UnsignedInt
+import com.kunzisoft.keepass.utils.UnsignedLong
+import com.kunzisoft.encrypt.argon2.Argon2Transformer
+import com.kunzisoft.encrypt.argon2.Argon2Type
+import com.kunzisoft.keepass.utils.bytes16ToUuid
 import java.io.IOException
 import java.security.SecureRandom
 import java.util.*
@@ -48,40 +48,30 @@ class Argon2Kdf(private val type: Type) : KdfEngine() {
         }
 
     override val defaultKeyRounds: Long
-        get() = DEFAULT_ITERATIONS
-
-    override fun getName(resources: Resources): String {
-        return resources.getString(type.nameId)
-    }
+        get() = DEFAULT_ITERATIONS.toKotlinLong()
 
     @Throws(IOException::class)
     override fun transform(masterKey: ByteArray, kdfParameters: KdfParameters): ByteArray {
 
-        val salt = kdfParameters.getByteArray(PARAM_SALT)
-        val parallelism = kdfParameters.getUInt32(PARAM_PARALLELISM)?.let {
-            UnsignedInt(it)
-        }
-        val memory = kdfParameters.getUInt64(PARAM_MEMORY)?.div(MEMORY_BLOCK_SIZE)?.let {
-            UnsignedInt.fromKotlinLong(it)
-        }
-        val iterations = kdfParameters.getUInt64(PARAM_ITERATIONS)?.let {
-            UnsignedInt.fromKotlinLong(it)
-        }
-        val version = kdfParameters.getUInt32(PARAM_VERSION)?.let {
-            UnsignedInt(it)
-        }
-        val secretKey = kdfParameters.getByteArray(PARAM_SECRET_KEY)
-        val assocData = kdfParameters.getByteArray(PARAM_ASSOC_DATA)
+        val salt = kdfParameters.getByteArray(PARAM_SALT) ?: ByteArray(0)
+        val parallelism = kdfParameters.getUInt32(PARAM_PARALLELISM)?.toKotlinLong() ?: DEFAULT_PARALLELISM.toKotlinLong()
+        val memory = kdfParameters.getUInt64(PARAM_MEMORY)?.toKotlinLong()?.div(MEMORY_BLOCK_SIZE) ?: DEFAULT_MEMORY.toKotlinLong()
+        val iterations = kdfParameters.getUInt64(PARAM_ITERATIONS)?.toKotlinLong() ?: DEFAULT_ITERATIONS.toKotlinLong()
+        val version = kdfParameters.getUInt32(PARAM_VERSION)?.toKotlinInt() ?: MAX_VERSION.toKotlinInt()
 
-        return Argon2Native.transformKey(
-                type,
+        // Not used
+        // val secretKey = kdfParameters.getByteArray(PARAM_SECRET_KEY)
+        // val assocData = kdfParameters.getByteArray(PARAM_ASSOC_DATA)
+
+        val argonType = if (type == Type.ARGON2_ID) Argon2Type.ARGON2_ID else Argon2Type.ARGON2_D
+
+        return Argon2Transformer.transformKey(
+                argonType,
                 masterKey,
                 salt,
                 parallelism,
                 memory,
                 iterations,
-                secretKey,
-                assocData,
                 version)
     }
 
@@ -95,32 +85,32 @@ class Argon2Kdf(private val type: Type) : KdfEngine() {
     }
 
     override fun getKeyRounds(kdfParameters: KdfParameters): Long {
-        return kdfParameters.getUInt64(PARAM_ITERATIONS) ?: defaultKeyRounds
+        return kdfParameters.getUInt64(PARAM_ITERATIONS)?.toKotlinLong() ?: defaultKeyRounds
     }
 
     override fun setKeyRounds(kdfParameters: KdfParameters, keyRounds: Long) {
-        kdfParameters.setUInt64(PARAM_ITERATIONS, keyRounds)
+        kdfParameters.setUInt64(PARAM_ITERATIONS, UnsignedLong(keyRounds))
     }
 
     override val minKeyRounds: Long
-        get() = MIN_ITERATIONS
+        get() = MIN_ITERATIONS.toKotlinLong()
 
     override val maxKeyRounds: Long
-        get() = MAX_ITERATIONS
+        get() = MAX_ITERATIONS.toKotlinLong()
 
     override fun getMemoryUsage(kdfParameters: KdfParameters): Long {
-        return kdfParameters.getUInt64(PARAM_MEMORY) ?: defaultMemoryUsage
+        return kdfParameters.getUInt64(PARAM_MEMORY)?.toKotlinLong() ?: defaultMemoryUsage
     }
 
     override fun setMemoryUsage(kdfParameters: KdfParameters, memory: Long) {
-        kdfParameters.setUInt64(PARAM_MEMORY, memory)
+        kdfParameters.setUInt64(PARAM_MEMORY, UnsignedLong(memory))
     }
 
     override val defaultMemoryUsage: Long
-        get() = DEFAULT_MEMORY
+        get() = DEFAULT_MEMORY.toKotlinLong()
 
     override val minMemoryUsage: Long
-        get() = MIN_MEMORY
+        get() = MIN_MEMORY.toKotlinLong()
 
     override val maxMemoryUsage: Long
         get() = MAX_MEMORY
@@ -135,16 +125,20 @@ class Argon2Kdf(private val type: Type) : KdfEngine() {
         kdfParameters.setUInt32(PARAM_PARALLELISM, UnsignedInt.fromKotlinLong(parallelism))
     }
 
+    override fun toString(): String {
+        return "$type"
+    }
+
     override val defaultParallelism: Long
         get() = DEFAULT_PARALLELISM.toKotlinLong()
 
     override val minParallelism: Long
-        get() = MIN_PARALLELISM
+        get() = MIN_PARALLELISM.toKotlinLong()
 
     override val maxParallelism: Long
-        get() = MAX_PARALLELISM
+        get() = MAX_PARALLELISM.toKotlinLong()
 
-    enum class Type(val CIPHER_UUID: UUID, @StringRes val nameId: Int) {
+    enum class Type(val CIPHER_UUID: UUID, private val typeName: String) {
         ARGON2_D(bytes16ToUuid(
                 byteArrayOf(0xEF.toByte(),
                         0x63.toByte(),
@@ -161,7 +155,7 @@ class Argon2Kdf(private val type: Type) : KdfEngine() {
                         0x03.toByte(),
                         0xE3.toByte(),
                         0x0A.toByte(),
-                        0x0C.toByte())), R.string.kdf_Argon2d),
+                        0x0C.toByte())), "Argon2d"),
         ARGON2_ID(bytes16ToUuid(
                 byteArrayOf(0x9E.toByte(),
                         0x29.toByte(),
@@ -178,7 +172,11 @@ class Argon2Kdf(private val type: Type) : KdfEngine() {
                         0xC6.toByte(),
                         0xF0.toByte(),
                         0xA1.toByte(),
-                        0xE6.toByte())), R.string.kdf_Argon2id);
+                        0xE6.toByte())), "Argon2id");
+
+        override fun toString(): String {
+            return typeName
+        }
     }
 
     companion object {
@@ -194,21 +192,17 @@ class Argon2Kdf(private val type: Type) : KdfEngine() {
         private val MIN_VERSION = UnsignedInt(0x10)
         private val MAX_VERSION = UnsignedInt(0x13)
 
-        private const val MIN_SALT = 8
-        private val MAX_SALT = UnsignedInt.MAX_VALUE.toKotlinLong()
+        private val DEFAULT_ITERATIONS = UnsignedLong(2L)
+        private val MIN_ITERATIONS = UnsignedLong(1L)
+        private val MAX_ITERATIONS = UnsignedLong(4294967295L)
 
-        private const val MIN_ITERATIONS: Long = 1L
-        private const val MAX_ITERATIONS = 4294967295L
-
-        private const val MIN_MEMORY = (1024 * 8).toLong()
+        private val DEFAULT_MEMORY = UnsignedLong((1024L * 1024L))
+        private val MIN_MEMORY = UnsignedLong(1024L * 8L)
         private val MAX_MEMORY = UnsignedInt.MAX_VALUE.toKotlinLong()
         private const val MEMORY_BLOCK_SIZE: Long = 1024L
 
-        private const val MIN_PARALLELISM: Long = 1L
-        private const val MAX_PARALLELISM: Long = ((1 shl 24) - 1).toLong()
-
-        private const val DEFAULT_ITERATIONS: Long = 2L
-        private const val DEFAULT_MEMORY = (1024 * 1024).toLong()
         private val DEFAULT_PARALLELISM = UnsignedInt(2)
+        private val MIN_PARALLELISM = UnsignedInt.fromKotlinLong(1L)
+        private val MAX_PARALLELISM = UnsignedInt.fromKotlinLong(((1 shl 24) - 1))
     }
 }

app/src/main/java/com/kunzisoft/keepass/database/crypto/kdf/KdfEngine.kt

@@ -17,17 +17,15 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.crypto.keyDerivation
+package com.kunzisoft.keepass.database.crypto.kdf
 
-import com.kunzisoft.keepass.utils.ObjectNameResource
 import com.kunzisoft.keepass.utils.UnsignedInt
-
 import java.io.IOException
 import java.io.Serializable
-import java.util.UUID
+import java.util.*
 
 // TODO Parcelable
-abstract class KdfEngine : ObjectNameResource, Serializable {
+abstract class KdfEngine : Serializable {
 
     var uuid: UUID? = null
 

app/src/main/java/com/kunzisoft/keepass/database/crypto/kdf/KdfFactory.kt

@@ -17,7 +17,7 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.crypto.keyDerivation
+package com.kunzisoft.keepass.database.crypto.kdf
 
 object KdfFactory {
     var aesKdf = AesKdf()

app/src/main/java/com/kunzisoft/keepass/database/crypto/kdf/KdfParameters.kt

@@ -17,11 +17,11 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.crypto.keyDerivation
+package com.kunzisoft.keepass.database.crypto.kdf
 
-import com.kunzisoft.keepass.stream.bytes16ToUuid
-import com.kunzisoft.keepass.stream.uuidTo16Bytes
-import com.kunzisoft.keepass.utils.VariantDictionary
+import com.kunzisoft.keepass.utils.bytes16ToUuid
+import com.kunzisoft.keepass.utils.uuidTo16Bytes
+import com.kunzisoft.keepass.database.crypto.VariantDictionary
 import java.io.IOException
 import java.util.*
 

app/src/main/java/com/kunzisoft/keepass/database/cursor/EntryCursorKDBX.kt

@@ -45,8 +45,8 @@ class EntryCursorKDBX : EntryCursorUUID<EntryKDBX>() {
                 entry.expires
         ))
 
-        for (element in entry.customFields.entries) {
-            extraFieldCursor.addExtraField(entryId, element.key, element.value)
+        entry.doForEachDecodedCustomField { key, value ->
+            extraFieldCursor.addExtraField(entryId, key, value)
         }
 
         entryId++

app/src/main/java/com/kunzisoft/keepass/database/cursor/ExtraFieldCursor.kt

@@ -42,7 +42,7 @@ class ExtraFieldCursor : MatrixCursor(arrayOf(
     }
 
     fun populateExtraFieldInEntry(pwEntry: EntryKDBX) {
-        pwEntry.putExtraField(getString(getColumnIndex(COLUMN_LABEL)),
+        pwEntry.putField(getString(getColumnIndex(COLUMN_LABEL)),
                 ProtectedString(getInt(getColumnIndex(COLUMN_PROTECTION)) > 0,
                         getString(getColumnIndex(COLUMN_VALUE))))
     }

app/src/main/java/com/kunzisoft/keepass/database/element/Attachment.kt

@@ -21,8 +21,8 @@ package com.kunzisoft.keepass.database.element
 
 import android.os.Parcel
 import android.os.Parcelable
-import com.kunzisoft.keepass.database.element.database.BinaryByte
-import com.kunzisoft.keepass.database.element.database.BinaryData
+import com.kunzisoft.keepass.database.element.binary.BinaryByte
+import com.kunzisoft.keepass.database.element.binary.BinaryData
 
 
 data class Attachment(var name: String,

app/src/main/java/com/kunzisoft/keepass/database/element/CustomData.kt

@@ -0,0 +1,66 @@
+package com.kunzisoft.keepass.database.element
+
+import android.os.Parcel
+import android.os.Parcelable
+import com.kunzisoft.keepass.utils.ParcelableUtil
+import java.util.*
+
+class CustomData : Parcelable {
+
+    private val mCustomDataItems = HashMap<String, CustomDataItem>()
+
+    constructor()
+
+    constructor(toCopy: CustomData) {
+        mCustomDataItems.clear()
+        mCustomDataItems.putAll(toCopy.mCustomDataItems)
+    }
+
+    constructor(parcel: Parcel) {
+        ParcelableUtil.readStringParcelableMap(parcel, CustomDataItem::class.java)
+    }
+
+    fun get(key: String): CustomDataItem? {
+        return mCustomDataItems[key]
+    }
+
+    fun put(customDataItem: CustomDataItem) {
+        mCustomDataItems[customDataItem.key] = customDataItem
+    }
+
+    fun containsItemWithValue(value: String): Boolean {
+        return mCustomDataItems.any { mapEntry -> mapEntry.value.value.equals(value, true) }
+    }
+
+    fun containsItemWithLastModificationTime(): Boolean {
+        return mCustomDataItems.any { mapEntry -> mapEntry.value.lastModificationTime != null }
+    }
+
+    fun isNotEmpty(): Boolean {
+        return mCustomDataItems.isNotEmpty()
+    }
+
+    fun doForEachItems(action: (CustomDataItem) -> Unit) {
+        for ((_, value) in mCustomDataItems) {
+            action.invoke(value)
+        }
+    }
+
+    override fun writeToParcel(parcel: Parcel, flags: Int) {
+        ParcelableUtil.writeStringParcelableMap(parcel, flags, mCustomDataItems)
+    }
+
+    override fun describeContents(): Int {
+        return 0
+    }
+
+    companion object CREATOR : Parcelable.Creator<CustomData> {
+        override fun createFromParcel(parcel: Parcel): CustomData {
+            return CustomData(parcel)
+        }
+
+        override fun newArray(size: Int): Array<CustomData?> {
+            return arrayOfNulls(size)
+        }
+    }
+}

app/src/main/java/com/kunzisoft/keepass/database/element/CustomDataItem.kt

@@ -0,0 +1,43 @@
+package com.kunzisoft.keepass.database.element
+
+import android.os.Parcel
+import android.os.Parcelable
+
+class CustomDataItem : Parcelable {
+
+    val key: String
+    var value: String
+    var lastModificationTime: DateInstant? = null
+
+    constructor(parcel: Parcel) {
+        key = parcel.readString() ?: ""
+        value = parcel.readString() ?: ""
+        lastModificationTime = parcel.readParcelable(DateInstant::class.java.classLoader)
+    }
+
+    constructor(key: String, value: String, lastModificationTime: DateInstant? = null) {
+        this.key = key
+        this.value = value
+        this.lastModificationTime = lastModificationTime
+    }
+
+    override fun writeToParcel(parcel: Parcel, flags: Int) {
+        parcel.writeString(key)
+        parcel.writeString(value)
+        parcel.writeParcelable(lastModificationTime, flags)
+    }
+
+    override fun describeContents(): Int {
+        return 0
+    }
+
+    companion object CREATOR : Parcelable.Creator<CustomDataItem> {
+        override fun createFromParcel(parcel: Parcel): CustomDataItem {
+            return CustomDataItem(parcel)
+        }
+
+        override fun newArray(size: Int): Array<CustomDataItem?> {
+            return arrayOfNulls(size)
+        }
+    }
+}

app/src/main/java/com/kunzisoft/keepass/database/element/Database.kt

@@ -20,22 +20,30 @@
 package com.kunzisoft.keepass.database.element
 
 import android.content.ContentResolver
+import android.content.Context
 import android.content.res.Resources
 import android.net.Uri
 import android.util.Log
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfEngine
 import com.kunzisoft.keepass.database.action.node.NodeHandler
-import com.kunzisoft.keepass.database.element.database.*
+import com.kunzisoft.keepass.database.crypto.EncryptionAlgorithm
+import com.kunzisoft.keepass.database.crypto.kdf.KdfEngine
+import com.kunzisoft.keepass.database.element.binary.AttachmentPool
+import com.kunzisoft.keepass.database.element.binary.BinaryCache
+import com.kunzisoft.keepass.database.element.binary.BinaryData
+import com.kunzisoft.keepass.database.element.binary.LoadedKey
+import com.kunzisoft.keepass.database.element.database.CompressionAlgorithm
+import com.kunzisoft.keepass.database.element.database.DatabaseKDB
+import com.kunzisoft.keepass.database.element.database.DatabaseKDBX
 import com.kunzisoft.keepass.database.element.icon.IconImageCustom
 import com.kunzisoft.keepass.database.element.icon.IconImageStandard
 import com.kunzisoft.keepass.database.element.icon.IconsManager
 import com.kunzisoft.keepass.database.element.node.NodeId
 import com.kunzisoft.keepass.database.element.node.NodeIdInt
 import com.kunzisoft.keepass.database.element.node.NodeIdUUID
-import com.kunzisoft.keepass.database.element.security.EncryptionAlgorithm
 import com.kunzisoft.keepass.database.exception.*
 import com.kunzisoft.keepass.database.file.DatabaseHeaderKDB
 import com.kunzisoft.keepass.database.file.DatabaseHeaderKDBX
+import com.kunzisoft.keepass.database.file.DatabaseHeaderKDBX.Companion.FILE_VERSION_40
 import com.kunzisoft.keepass.database.file.input.DatabaseInputKDB
 import com.kunzisoft.keepass.database.file.input.DatabaseInputKDBX
 import com.kunzisoft.keepass.database.file.output.DatabaseOutputKDB
@@ -44,15 +52,12 @@ import com.kunzisoft.keepass.database.search.SearchHelper
 import com.kunzisoft.keepass.database.search.SearchParameters
 import com.kunzisoft.keepass.icons.IconDrawableFactory
 import com.kunzisoft.keepass.model.MainCredential
-import com.kunzisoft.keepass.stream.readBytes4ToUInt
 import com.kunzisoft.keepass.tasks.ProgressTaskUpdater
 import com.kunzisoft.keepass.utils.SingletonHolder
 import com.kunzisoft.keepass.utils.UriUtil
+import com.kunzisoft.keepass.utils.readBytes4ToUInt
 import java.io.*
-import java.security.Key
-import java.security.SecureRandom
 import java.util.*
-import javax.crypto.KeyGenerator
 import kotlin.collections.ArrayList
 
 
@@ -70,7 +75,7 @@ class Database {
     var isReadOnly = false
 
     val iconDrawableFactory = IconDrawableFactory(
-            { loadedCipherKey },
+            { binaryCache },
             { iconId -> iconsManager.getBinaryForCustomIcon(iconId) }
     )
 
@@ -92,18 +97,18 @@ class Database {
      * Cipher key regenerated when the database is loaded and closed
      * Can be used to temporarily store database elements
      */
-    var loadedCipherKey: LoadedKey?
+    var binaryCache: BinaryCache
         private set(value) {
-            mDatabaseKDB?.loadedCipherKey = value
-            mDatabaseKDBX?.loadedCipherKey = value
+            mDatabaseKDB?.binaryCache = value
+            mDatabaseKDBX?.binaryCache = value
         }
         get() {
-            return mDatabaseKDB?.loadedCipherKey ?: mDatabaseKDBX?.loadedCipherKey
+            return mDatabaseKDB?.binaryCache ?: mDatabaseKDBX?.binaryCache ?: BinaryCache()
         }
 
     private val iconsManager: IconsManager
         get() {
-            return mDatabaseKDB?.iconsManager ?: mDatabaseKDBX?.iconsManager ?: IconsManager()
+            return mDatabaseKDB?.iconsManager ?: mDatabaseKDBX?.iconsManager ?: IconsManager(binaryCache)
         }
 
     fun doForEachStandardIcons(action: (IconImageStandard) -> Unit) {
@@ -125,9 +130,8 @@ class Database {
         return iconsManager.getIcon(iconId)
     }
 
-    fun buildNewCustomIcon(cacheDirectory: File,
-                           result: (IconImageCustom?, BinaryData?) -> Unit) {
-        mDatabaseKDBX?.buildNewCustomIcon(cacheDirectory, null, result)
+    fun buildNewCustomIcon(result: (IconImageCustom?, BinaryData?) -> Unit) {
+        mDatabaseKDBX?.buildNewCustomIcon(null, result)
     }
 
     fun isCustomIconBinaryDuplicate(binaryData: BinaryData): Boolean {
@@ -136,7 +140,7 @@ class Database {
 
     fun removeCustomIcon(customIcon: IconImageCustom) {
         iconDrawableFactory.clearFromCache(customIcon)
-        iconsManager.removeCustomIcon(customIcon.uuid)
+        iconsManager.removeCustomIcon(binaryCache, customIcon.uuid)
     }
 
     val allowName: Boolean
@@ -219,7 +223,7 @@ class Database {
         // Default compression not necessary if stored in header
         mDatabaseKDBX?.let {
             return it.compressionAlgorithm == CompressionAlgorithm.GZip
-                    && it.kdbxVersion.toKotlinLong() < DatabaseHeaderKDBX.FILE_VERSION_32_4.toKotlinLong()
+                    && it.kdbxVersion.isBefore(FILE_VERSION_40)
         }
         return false
     }
@@ -232,12 +236,9 @@ class Database {
     val allowNoMasterKey: Boolean
         get() = mDatabaseKDBX != null
 
-    val allowEncryptionAlgorithmModification: Boolean
-        get() = availableEncryptionAlgorithms.size > 1
-
-    fun getEncryptionAlgorithmName(resources: Resources): String {
-        return mDatabaseKDB?.encryptionAlgorithm?.getName(resources)
-                ?: mDatabaseKDBX?.encryptionAlgorithm?.getName(resources)
+    fun getEncryptionAlgorithmName(): String {
+        return mDatabaseKDB?.encryptionAlgorithm?.toString()
+                ?: mDatabaseKDBX?.encryptionAlgorithm?.toString()
                 ?: ""
     }
 
@@ -250,7 +251,7 @@ class Database {
             algorithm?.let {
                 mDatabaseKDBX?.encryptionAlgorithm = algorithm
                 mDatabaseKDBX?.setDataEngine(algorithm.cipherEngine)
-                mDatabaseKDBX?.dataCipher = algorithm.dataCipher
+                mDatabaseKDBX?.cipherUuid = algorithm.uuid
             }
         }
 
@@ -272,8 +273,8 @@ class Database {
             }
         }
 
-    fun getKeyDerivationName(resources: Resources): String {
-        return kdfEngine?.getName(resources) ?: ""
+    fun getKeyDerivationName(): String {
+        return kdfEngine?.toString() ?: ""
     }
 
     var numberKeyEncryptionRounds: Long
@@ -359,15 +360,10 @@ class Database {
             return null
         }
 
-    fun ensureRecycleBinExists(resources: Resources) {
-        mDatabaseKDB?.ensureBackupExists()
-        mDatabaseKDBX?.ensureRecycleBinExists(resources)
-    }
-
-    fun removeRecycleBin() {
-        // Don't allow remove backup in KDB
-        mDatabaseKDBX?.removeRecycleBin()
-    }
+    val groupNamesNotAllowed: List<String>
+        get() {
+            return mDatabaseKDB?.groupNamesNotAllowed ?: ArrayList()
+        }
 
     private fun setDatabaseKDB(databaseKDB: DatabaseKDB) {
         this.mDatabaseKDB = databaseKDB
@@ -381,25 +377,12 @@ class Database {
 
     fun createData(databaseUri: Uri, databaseName: String, rootName: String) {
         val newDatabase = DatabaseKDBX(databaseName, rootName)
-        newDatabase.loadedCipherKey = LoadedKey.generateNewCipherKey()
         setDatabaseKDBX(newDatabase)
         this.fileUri = databaseUri
         // Set Database state
         this.loaded = true
     }
 
-    class LoadedKey(val key: Key, val iv: ByteArray): Serializable {
-        companion object {
-            const val BINARY_CIPHER = "Blowfish/CBC/PKCS5Padding"
-
-            fun generateNewCipherKey(): LoadedKey {
-                val iv = ByteArray(8)
-                SecureRandom().nextBytes(iv)
-                return LoadedKey(KeyGenerator.getInstance("Blowfish").generateKey(), iv)
-            }
-        }
-    }
-
     @Throws(LoadDatabaseException::class)
     private fun readDatabaseStream(contentResolver: ContentResolver, uri: Uri,
                                    openDatabaseKDB: (InputStream) -> DatabaseKDB,
@@ -453,6 +436,7 @@ class Database {
                  readOnly: Boolean,
                  contentResolver: ContentResolver,
                  cacheDirectory: File,
+                 isRAMSufficient: (memoryWanted: Long) -> Boolean,
                  tempCipherKey: LoadedKey,
                  fixDuplicateUUID: Boolean,
                  progressTaskUpdater: ProgressTaskUpdater?) {
@@ -474,7 +458,7 @@ class Database {
             // Read database stream for the first time
             readDatabaseStream(contentResolver, uri,
                     { databaseInputStream ->
-                        DatabaseInputKDB(cacheDirectory)
+                        DatabaseInputKDB(cacheDirectory, isRAMSufficient)
                                 .openDatabase(databaseInputStream,
                                         mainCredential.masterPassword,
                                         keyFileInputStream,
@@ -483,7 +467,7 @@ class Database {
                                         fixDuplicateUUID)
                     },
                     { databaseInputStream ->
-                        DatabaseInputKDBX(cacheDirectory)
+                        DatabaseInputKDBX(cacheDirectory, isRAMSufficient)
                                 .openDatabase(databaseInputStream,
                                         mainCredential.masterPassword,
                                         keyFileInputStream,
@@ -507,6 +491,7 @@ class Database {
     @Throws(LoadDatabaseException::class)
     fun reloadData(contentResolver: ContentResolver,
                    cacheDirectory: File,
+                   isRAMSufficient: (memoryWanted: Long) -> Boolean,
                    tempCipherKey: LoadedKey,
                    progressTaskUpdater: ProgressTaskUpdater?) {
 
@@ -515,14 +500,14 @@ class Database {
             fileUri?.let { oldDatabaseUri ->
                 readDatabaseStream(contentResolver, oldDatabaseUri,
                         { databaseInputStream ->
-                            DatabaseInputKDB(cacheDirectory)
+                            DatabaseInputKDB(cacheDirectory, isRAMSufficient)
                                     .openDatabase(databaseInputStream,
                                             masterKey,
                                             tempCipherKey,
                                             progressTaskUpdater)
                         },
                         { databaseInputStream ->
-                            DatabaseInputKDBX(cacheDirectory)
+                            DatabaseInputKDBX(cacheDirectory, isRAMSufficient)
                                     .openDatabase(databaseInputStream,
                                             masterKey,
                                             tempCipherKey,
@@ -553,31 +538,32 @@ class Database {
                                      omitBackup: Boolean,
                                      max: Int = Integer.MAX_VALUE): Group? {
         return mSearchHelper?.createVirtualGroupWithSearchResult(this,
-                searchQuery, SearchParameters(), omitBackup, max)
+                SearchParameters().apply {
+                    this.searchQuery = searchQuery
+                }, omitBackup, max)
     }
 
     fun createVirtualGroupFromSearchInfo(searchInfoString: String,
                                          omitBackup: Boolean,
                                          max: Int = Integer.MAX_VALUE): Group? {
         return mSearchHelper?.createVirtualGroupWithSearchResult(this,
-                searchInfoString, SearchParameters().apply {
-            searchInTitles = true
-            searchInUserNames = false
-            searchInPasswords = false
-            searchInUrls = true
-            searchInNotes = true
-            searchInOTP = false
-            searchInOther = true
-            searchInUUIDs = false
-            searchInTags = false
-            ignoreCase = true
-        }, omitBackup, max)
+                SearchParameters().apply {
+                    searchQuery = searchInfoString
+                    searchInTitles = true
+                    searchInUserNames = false
+                    searchInPasswords = false
+                    searchInUrls = true
+                    searchInNotes = true
+                    searchInOTP = false
+                    searchInOther = true
+                    searchInUUIDs = false
+                    searchInTags = false
+                }, omitBackup, max)
     }
 
     val attachmentPool: AttachmentPool
         get() {
-            // Binary pool is functionally only in KDBX
-            return mDatabaseKDBX?.binaryPool ?: AttachmentPool()
+            return mDatabaseKDB?.attachmentPool ?: mDatabaseKDBX?.attachmentPool ?: AttachmentPool(binaryCache)
         }
 
     val allowMultipleAttachments: Boolean
@@ -589,11 +575,10 @@ class Database {
             return false
         }
 
-    fun buildNewBinaryAttachment(cacheDirectory: File,
-                                 compressed: Boolean = false,
+    fun buildNewBinaryAttachment(compressed: Boolean = false,
                                  protected: Boolean = false): BinaryData? {
-        return mDatabaseKDB?.buildNewAttachment(cacheDirectory)
-                ?: mDatabaseKDBX?.buildNewAttachment(cacheDirectory, compressed, protected)
+        return mDatabaseKDB?.buildNewAttachment()
+                ?: mDatabaseKDBX?.buildNewAttachment( false, compressed, protected)
     }
 
     fun removeAttachmentIfNotUsed(attachment: Attachment) {
@@ -668,6 +653,7 @@ class Database {
     }
 
     fun clear(filesDirectory: File? = null) {
+        binaryCache.clear()
         iconsManager.clearCache()
         iconDrawableFactory.clearCache()
         // Delete the cache of the database if present
@@ -683,8 +669,8 @@ class Database {
         }
     }
 
-    fun clearAndClose(filesDirectory: File? = null) {
-        clear(filesDirectory)
+    fun clearAndClose(context: Context? = null) {
+        clear(context?.let { UriUtil.getBinaryDir(context) })
         this.mDatabaseKDB = null
         this.mDatabaseKDBX = null
         this.fileUri = null
@@ -802,11 +788,11 @@ class Database {
     }
 
     fun addGroupTo(group: Group, parent: Group) {
-        group.groupKDB?.let { entryKDB ->
-            mDatabaseKDB?.addGroupTo(entryKDB, parent.groupKDB)
+        group.groupKDB?.let { groupKDB ->
+            mDatabaseKDB?.addGroupTo(groupKDB, parent.groupKDB)
         }
-        group.groupKDBX?.let { entryKDBX ->
-            mDatabaseKDBX?.addGroupTo(entryKDBX, parent.groupKDBX)
+        group.groupKDBX?.let { groupKDBX ->
+            mDatabaseKDBX?.addGroupTo(groupKDBX, parent.groupKDBX)
         }
         group.afterAssignNewParent()
     }
@@ -821,11 +807,11 @@ class Database {
     }
 
     fun removeGroupFrom(group: Group, parent: Group) {
-        group.groupKDB?.let { entryKDB ->
-            mDatabaseKDB?.removeGroupFrom(entryKDB, parent.groupKDB)
+        group.groupKDB?.let { groupKDB ->
+            mDatabaseKDB?.removeGroupFrom(groupKDB, parent.groupKDB)
         }
-        group.groupKDBX?.let { entryKDBX ->
-            mDatabaseKDBX?.removeGroupFrom(entryKDBX, parent.groupKDBX)
+        group.groupKDBX?.let { groupKDBX ->
+            mDatabaseKDBX?.removeGroupFrom(groupKDBX, parent.groupKDBX)
         }
         group.afterAssignNewParent()
     }
@@ -900,6 +886,16 @@ class Database {
         }
     }
 
+    fun ensureRecycleBinExists(resources: Resources) {
+        mDatabaseKDB?.ensureBackupExists()
+        mDatabaseKDBX?.ensureRecycleBinExists(resources)
+    }
+
+    fun removeRecycleBin() {
+        // Don't allow remove backup in KDB
+        mDatabaseKDBX?.removeRecycleBin()
+    }
+
     fun canRecycle(entry: Entry): Boolean {
         var canRecycle: Boolean? = null
         entry.entryKDB?.let {

app/src/main/java/com/kunzisoft/keepass/database/element/DateInstant.kt

@@ -55,7 +55,7 @@ class DateInstant : Parcelable {
         jDate = Date()
     }
 
-    protected constructor(parcel: Parcel) {
+    constructor(parcel: Parcel) {
         jDate = parcel.readSerializable() as Date
     }
 

app/src/main/java/com/kunzisoft/keepass/database/element/DeletedObject.kt

@@ -19,30 +19,37 @@
  */
 package com.kunzisoft.keepass.database.element
 
+import android.os.Parcel
+import android.os.ParcelUuid
+import android.os.Parcelable
 import com.kunzisoft.keepass.database.element.database.DatabaseVersioned
-import java.util.Date
-import java.util.UUID
+import java.util.*
 
-class DeletedObject {
+class DeletedObject : Parcelable {
 
     var uuid: UUID = DatabaseVersioned.UUID_ZERO
-    private var mDeletionTime: Date? = null
+    private var mDeletionTime: DateInstant? = null
 
-    fun getDeletionTime(): Date {
+    constructor()
+
+    constructor(uuid: UUID, deletionTime: DateInstant = DateInstant()) {
+        this.uuid = uuid
+        this.mDeletionTime = deletionTime
+    }
+
+    constructor(parcel: Parcel) {
+        uuid = parcel.readParcelable<ParcelUuid>(ParcelUuid::class.java.classLoader)?.uuid ?: DatabaseVersioned.UUID_ZERO
+        mDeletionTime = parcel.readParcelable(DateInstant::class.java.classLoader)
+    }
+
+    fun getDeletionTime(): DateInstant {
         if (mDeletionTime == null) {
-            mDeletionTime = Date(System.currentTimeMillis())
+            mDeletionTime = DateInstant(System.currentTimeMillis())
         }
         return mDeletionTime!!
     }
 
-    fun setDeletionTime(deletionTime: Date) {
-        this.mDeletionTime = deletionTime
-    }
-
-    constructor()
-
-    constructor(uuid: UUID, deletionTime: Date = Date()) {
-        this.uuid = uuid
+    fun setDeletionTime(deletionTime: DateInstant) {
         this.mDeletionTime = deletionTime
     }
 
@@ -59,4 +66,23 @@ class DeletedObject {
     override fun hashCode(): Int {
         return uuid.hashCode()
     }
+
+    override fun writeToParcel(parcel: Parcel, flags: Int) {
+        parcel.writeParcelable(ParcelUuid(uuid), flags)
+        parcel.writeParcelable(mDeletionTime, flags)
+    }
+
+    override fun describeContents(): Int {
+        return 0
+    }
+
+    companion object CREATOR : Parcelable.Creator<DeletedObject> {
+        override fun createFromParcel(parcel: Parcel): DeletedObject {
+            return DeletedObject(parcel)
+        }
+
+        override fun newArray(size: Int): Array<DeletedObject?> {
+            return arrayOfNulls(size)
+        }
+    }
 }

app/src/main/java/com/kunzisoft/keepass/database/element/Entry.kt

@@ -21,8 +21,9 @@ package com.kunzisoft.keepass.database.element
 
 import android.os.Parcel
 import android.os.Parcelable
-import com.kunzisoft.keepass.database.element.database.AttachmentPool
+import com.kunzisoft.keepass.database.element.binary.AttachmentPool
 import com.kunzisoft.keepass.database.element.database.DatabaseKDBX
+import com.kunzisoft.keepass.database.element.database.DatabaseVersioned
 import com.kunzisoft.keepass.database.element.entry.EntryKDB
 import com.kunzisoft.keepass.database.element.entry.EntryKDBX
 import com.kunzisoft.keepass.database.element.entry.EntryVersionedInterface
@@ -114,6 +115,20 @@ class Entry : Node, EntryVersionedInterface<Group> {
             entryKDBX?.icon = value
         }
 
+    var tags: Tags
+        get() = entryKDBX?.tags ?: Tags()
+        set(value) {
+            entryKDBX?.tags = value
+        }
+
+    var previousParentGroup: UUID = DatabaseVersioned.UUID_ZERO
+        get() = entryKDBX?.previousParentGroup ?: DatabaseVersioned.UUID_ZERO
+        private set
+
+    fun setPreviousParentGroup(previousParent: Group?) {
+        entryKDBX?.previousParentGroup = previousParent?.groupKDBX?.id ?: DatabaseVersioned.UUID_ZERO
+    }
+
     override val type: Type
         get() = Type.ENTRY
 
@@ -268,8 +283,8 @@ class Entry : Node, EntryVersionedInterface<Group> {
     fun getExtraFields(): List<Field> {
         val extraFields = ArrayList<Field>()
         entryKDBX?.let {
-            for (field in it.customFields) {
-                extraFields.add(Field(field.key, field.value))
+            it.doForEachDecodedCustomField { key, value ->
+                extraFields.add(Field(key, value))
             }
         }
         return extraFields
@@ -279,7 +294,7 @@ class Entry : Node, EntryVersionedInterface<Group> {
      * Update or add an extra field to the list (standard or custom)
      */
     fun putExtraField(field: Field) {
-        entryKDBX?.putExtraField(field.name, field.protectedValue)
+        entryKDBX?.putField(field.name, field.protectedValue)
     }
 
     private fun addExtraFields(fields: List<Field>) {
@@ -295,7 +310,7 @@ class Entry : Node, EntryVersionedInterface<Group> {
     fun getOtpElement(): OtpElement? {
         entryKDBX?.let {
             return OtpEntryFields.parseFields { key ->
-                it.customFields[key]?.toString()
+                it.getField(key)?.toString()
             }
         }
         return null
@@ -311,7 +326,7 @@ class Entry : Node, EntryVersionedInterface<Group> {
 
     fun getAttachments(attachmentPool: AttachmentPool, inHistory: Boolean = false): List<Attachment> {
         val attachments = ArrayList<Attachment>()
-        entryKDB?.getAttachment()?.let {
+        entryKDB?.getAttachment(attachmentPool)?.let {
             attachments.add(it)
         }
         entryKDBX?.getAttachments(attachmentPool, inHistory)?.let {
@@ -336,7 +351,7 @@ class Entry : Node, EntryVersionedInterface<Group> {
     }
 
     private fun putAttachment(attachment: Attachment, attachmentPool: AttachmentPool) {
-        entryKDB?.putAttachment(attachment)
+        entryKDB?.putAttachment(attachment, attachmentPool)
         entryKDBX?.putAttachment(attachment, attachmentPool)
     }
 
@@ -373,10 +388,6 @@ class Entry : Node, EntryVersionedInterface<Group> {
         return entryKDBX?.getSize(attachmentPool) ?: 0L
     }
 
-    fun containsCustomData(): Boolean {
-        return entryKDBX?.containsCustomData() ?: false
-    }
-
     /*
       ------------
       Converter
@@ -466,16 +477,7 @@ class Entry : Node, EntryVersionedInterface<Group> {
         return result
     }
 
-
-    companion object CREATOR : Parcelable.Creator<Entry> {
-        override fun createFromParcel(parcel: Parcel): Entry {
-            return Entry(parcel)
-        }
-
-        override fun newArray(size: Int): Array<Entry?> {
-            return arrayOfNulls(size)
-        }
-
+    companion object {
         const val PMS_TAN_ENTRY = "<TAN>"
 
         /**
@@ -484,5 +486,16 @@ class Entry : Node, EntryVersionedInterface<Group> {
         fun newExtraFieldNameAllowed(field: Field): Boolean {
             return EntryKDBX.newCustomNameAllowed(field.name)
         }
+
+        @JvmField
+        val CREATOR: Parcelable.Creator<Entry> = object : Parcelable.Creator<Entry> {
+            override fun createFromParcel(parcel: Parcel): Entry {
+                return Entry(parcel)
+            }
+
+            override fun newArray(size: Int): Array<Entry?> {
+                return arrayOfNulls(size)
+            }
+        }
     }
 }

app/src/main/java/com/kunzisoft/keepass/database/element/Group.kt

@@ -22,6 +22,7 @@ package com.kunzisoft.keepass.database.element
 import android.content.Context
 import android.os.Parcel
 import android.os.Parcelable
+import com.kunzisoft.keepass.database.element.database.DatabaseVersioned
 import com.kunzisoft.keepass.database.element.group.GroupKDB
 import com.kunzisoft.keepass.database.element.group.GroupKDBX
 import com.kunzisoft.keepass.database.element.group.GroupVersionedInterface
@@ -134,6 +135,20 @@ class Group : Node, GroupVersionedInterface<Group, Entry> {
             groupKDBX?.icon = value
         }
 
+    var tags: Tags
+        get() = groupKDBX?.tags ?: Tags()
+        set(value) {
+            groupKDBX?.tags = value
+        }
+
+    var previousParentGroup: UUID = DatabaseVersioned.UUID_ZERO
+        get() = groupKDBX?.previousParentGroup ?: DatabaseVersioned.UUID_ZERO
+        private set
+
+    fun setPreviousParentGroup(previousParent: Group?) {
+        groupKDBX?.previousParentGroup = previousParent?.groupKDBX?.id ?: DatabaseVersioned.UUID_ZERO
+    }
+
     override val type: Type
         get() = Type.GROUP
 
@@ -368,14 +383,6 @@ class Group : Node, GroupVersionedInterface<Group, Entry> {
         groupKDB?.nodeId = id
     }
 
-    fun getLevel(): Int {
-        return groupKDB?.level ?: -1
-    }
-
-    fun setLevel(level: Int) {
-        groupKDB?.level = level
-    }
-
     /*
       ------------
       KDBX Methods
@@ -402,10 +409,6 @@ class Group : Node, GroupVersionedInterface<Group, Entry> {
         groupKDBX?.isExpanded = expanded
     }
 
-    fun containsCustomData(): Boolean {
-        return groupKDBX?.containsCustomData() ?: false
-    }
-
     /*
       ------------
       Converter

app/src/main/java/com/kunzisoft/keepass/database/element/Tags.kt

@@ -0,0 +1,45 @@
+package com.kunzisoft.keepass.database.element
+
+import android.os.Parcel
+import android.os.Parcelable
+
+class Tags: Parcelable {
+
+    private val mTags = ArrayList<String>()
+
+    constructor()
+
+    constructor(values: String): this() {
+        mTags.addAll(values.split(';'))
+    }
+
+    constructor(parcel: Parcel) : this() {
+        parcel.readStringList(mTags)
+    }
+
+    override fun writeToParcel(parcel: Parcel, flags: Int) {
+        parcel.writeStringList(mTags)
+    }
+
+    override fun describeContents(): Int {
+        return 0
+    }
+
+    fun isEmpty(): Boolean {
+        return mTags.isEmpty()
+    }
+
+    override fun toString(): String {
+        return mTags.joinToString(";")
+    }
+
+    companion object CREATOR : Parcelable.Creator<Tags> {
+        override fun createFromParcel(parcel: Parcel): Tags {
+            return Tags(parcel)
+        }
+
+        override fun newArray(size: Int): Array<Tags?> {
+            return arrayOfNulls(size)
+        }
+    }
+}

app/src/main/java/com/kunzisoft/keepass/database/element/binary/AttachmentPool.kt

@@ -17,9 +17,9 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.database.element.database
+package com.kunzisoft.keepass.database.element.binary
 
-class AttachmentPool : BinaryPool<Int>() {
+class AttachmentPool(binaryCache: BinaryCache) : BinaryPool<Int>(binaryCache) {
 
     /**
      * Utility method to find an unused key in the pool

app/src/main/java/com/kunzisoft/keepass/database/element/binary/BinaryByte.kt

@@ -17,51 +17,62 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.database.element.database
+package com.kunzisoft.keepass.database.element.binary
 
 import android.os.Parcel
 import android.os.Parcelable
-import com.kunzisoft.keepass.database.element.Database
-import com.kunzisoft.keepass.stream.readAllBytes
+import android.util.Base64
+import android.util.Base64InputStream
+import android.util.Base64OutputStream
+import com.kunzisoft.keepass.utils.readAllBytes
+import com.kunzisoft.keepass.database.element.binary.BinaryCache.Companion.UNKNOWN
 import java.io.*
 import java.util.zip.GZIPOutputStream
 
 class BinaryByte : BinaryData {
 
-    private var mDataByte: ByteArray = ByteArray(0)
+    private var mDataByteId: String
 
-    /**
-     * Empty protected binary
-     */
-    constructor() : super()
+    private fun getByteArray(binaryCache: BinaryCache): ByteArray {
+        val keyData = binaryCache.getByteArray(mDataByteId)
+        mDataByteId = keyData.key
+        return keyData.data
+    }
 
-    constructor(byteArray: ByteArray,
+    constructor() : super() {
+        mDataByteId = UNKNOWN
+    }
+
+    constructor(id: String,
                 compressed: Boolean = false,
                 protected: Boolean = false) : super(compressed, protected) {
-        this.mDataByte = byteArray
+        mDataByteId = id
     }
 
     constructor(parcel: Parcel) : super(parcel) {
-        val byteArray = ByteArray(parcel.readInt())
-        parcel.readByteArray(byteArray)
-        mDataByte = byteArray
+        mDataByteId = parcel.readString() ?: UNKNOWN
+    }
+
+    override fun writeToParcel(dest: Parcel, flags: Int) {
+        super.writeToParcel(dest, flags)
+        dest.writeString(mDataByteId)
     }
 
     @Throws(IOException::class)
-    override fun getInputDataStream(cipherKey: Database.LoadedKey): InputStream {
-        return ByteArrayInputStream(mDataByte)
+    override fun getInputDataStream(binaryCache: BinaryCache): InputStream {
+        return Base64InputStream(ByteArrayInputStream(getByteArray(binaryCache)), Base64.NO_WRAP)
     }
 
     @Throws(IOException::class)
-    override fun getOutputDataStream(cipherKey: Database.LoadedKey): OutputStream {
-        return ByteOutputStream()
+    override fun getOutputDataStream(binaryCache: BinaryCache): OutputStream {
+        return BinaryCountingOutputStream(Base64OutputStream(ByteOutputStream(binaryCache), Base64.NO_WRAP))
     }
 
     @Throws(IOException::class)
-    override fun compress(cipherKey: Database.LoadedKey) {
+    override fun compress(binaryCache: BinaryCache) {
         if (!isCompressed) {
-            GZIPOutputStream(getOutputDataStream(cipherKey)).use { outputStream ->
-                getInputDataStream(cipherKey).use { inputStream ->
+            GZIPOutputStream(getOutputDataStream(binaryCache)).use { outputStream ->
+                getInputDataStream(binaryCache).use { inputStream ->
                     inputStream.readAllBytes { buffer ->
                         outputStream.write(buffer)
                     }
@@ -72,10 +83,10 @@ class BinaryByte : BinaryData {
     }
 
     @Throws(IOException::class)
-    override fun decompress(cipherKey: Database.LoadedKey) {
+    override fun decompress(binaryCache: BinaryCache) {
         if (isCompressed) {
-            getUnGzipInputDataStream(cipherKey).use { inputStream ->
-                getOutputDataStream(cipherKey).use { outputStream ->
+            getUnGzipInputDataStream(binaryCache).use { inputStream ->
+                getOutputDataStream(binaryCache).use { outputStream ->
                     inputStream.readAllBytes { buffer ->
                         outputStream.write(buffer)
                     }
@@ -86,36 +97,8 @@ class BinaryByte : BinaryData {
     }
 
     @Throws(IOException::class)
-    override fun clear() {
-        mDataByte = ByteArray(0)
-    }
-
-    override fun dataExists(): Boolean {
-        return mDataByte.isNotEmpty()
-    }
-
-    override fun getSize(): Long {
-        return mDataByte.size.toLong()
-    }
-
-    /**
-     * Hash of the raw encrypted file in temp folder, only to compare binary data
-     */
-    override fun binaryHash(): Int {
-        return if (dataExists())
-            mDataByte.contentHashCode()
-        else
-            0
-    }
-
-    override fun toString(): String {
-        return mDataByte.toString()
-    }
-
-    override fun writeToParcel(dest: Parcel, flags: Int) {
-        super.writeToParcel(dest, flags)
-        dest.writeInt(mDataByte.size)
-        dest.writeByteArray(mDataByte)
+    override fun clear(binaryCache: BinaryCache) {
+        binaryCache.removeByteArray(mDataByteId)
     }
 
     override fun equals(other: Any?): Boolean {
@@ -123,31 +106,29 @@ class BinaryByte : BinaryData {
         if (other !is BinaryByte) return false
         if (!super.equals(other)) return false
 
-        if (!mDataByte.contentEquals(other.mDataByte)) return false
+        if (mDataByteId != other.mDataByteId) return false
 
         return true
     }
 
     override fun hashCode(): Int {
         var result = super.hashCode()
-        result = 31 * result + mDataByte.contentHashCode()
+        result = 31 * result + mDataByteId.hashCode()
         return result
     }
 
     /**
      * Custom OutputStream to calculate the size and hash of binary file
      */
-    private inner class ByteOutputStream : ByteArrayOutputStream() {
+    private inner class ByteOutputStream(private val binaryCache: BinaryCache) : ByteArrayOutputStream() {
         override fun close() {
-            mDataByte = this.toByteArray()
+            binaryCache.setByteArray(mDataByteId, this.toByteArray())
             super.close()
         }
     }
 
     companion object {
-
         private val TAG = BinaryByte::class.java.name
-        const val MAX_BINARY_BYTES = 10240
 
         @JvmField
         val CREATOR: Parcelable.Creator<BinaryByte> = object : Parcelable.Creator<BinaryByte> {

app/src/main/java/com/kunzisoft/keepass/database/element/binary/BinaryCache.kt

@@ -0,0 +1,82 @@
+package com.kunzisoft.keepass.database.element.binary
+
+import java.io.File
+import java.util.*
+
+class BinaryCache {
+
+    /**
+     * Cipher key generated when the database is loaded, and destroyed when the database is closed
+     * Can be used to temporarily store database elements
+     */
+    var loadedCipherKey: LoadedKey = LoadedKey.generateNewCipherKey()
+
+    var cacheDirectory: File? = null
+
+    private val voidBinary = KeyByteArray(UNKNOWN, ByteArray(0))
+
+    fun getBinaryData(binaryId: String,
+                      smallSize: Boolean = false,
+                      compression: Boolean = false,
+                      protection: Boolean = false): BinaryData {
+        val cacheDir = cacheDirectory
+        return if (smallSize || cacheDir == null) {
+            BinaryByte(binaryId, compression, protection)
+        } else {
+            val fileInCache = File(cacheDir, binaryId)
+            BinaryFile(fileInCache, compression, protection)
+        }
+    }
+
+    // Similar to file storage but much faster TODO SparseArray
+    private val byteArrayList = HashMap<String, ByteArray>()
+
+    fun getByteArray(key: String): KeyByteArray {
+        if (key == UNKNOWN) {
+            return voidBinary
+        }
+        if (!byteArrayList.containsKey(key)) {
+            val newItem = KeyByteArray(key, ByteArray(0))
+            byteArrayList[newItem.key] = newItem.data
+            return newItem
+        }
+        return KeyByteArray(key, byteArrayList[key]!!)
+    }
+
+    fun setByteArray(key: String, data: ByteArray): KeyByteArray {
+        if (key == UNKNOWN) {
+            return voidBinary
+        }
+        byteArrayList[key] = data
+        return KeyByteArray(key, data)
+    }
+
+    fun removeByteArray(key: String?) {
+        key?.let {
+            byteArrayList.remove(it)
+        }
+    }
+
+    fun clear() {
+        byteArrayList.clear()
+    }
+
+    companion object {
+        const val UNKNOWN = "UNKNOWN"
+    }
+
+    data class KeyByteArray(val key: String, val data: ByteArray) {
+        override fun equals(other: Any?): Boolean {
+            if (this === other) return true
+            if (other !is KeyByteArray) return false
+
+            if (key != other.key) return false
+
+            return true
+        }
+
+        override fun hashCode(): Int {
+            return key.hashCode()
+        }
+    }
+}

app/src/main/java/com/kunzisoft/keepass/database/element/binary/BinaryData.kt

@@ -0,0 +1,192 @@
+/*
+ * Copyright 2018 Jeremy Jamet / Kunzisoft.
+ *     
+ * This file is part of KeePassDX.
+ *
+ *  KeePassDX is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  KeePassDX is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+package com.kunzisoft.keepass.database.element.binary
+
+import android.app.ActivityManager
+import android.content.Context
+import android.os.Parcel
+import android.os.Parcelable
+import org.apache.commons.io.output.CountingOutputStream
+import java.io.IOException
+import java.io.InputStream
+import java.io.OutputStream
+import java.nio.ByteBuffer
+import java.security.MessageDigest
+import java.util.zip.GZIPInputStream
+import java.util.zip.GZIPOutputStream
+
+abstract class BinaryData : Parcelable {
+
+    var isCompressed: Boolean = false
+        protected set
+    var isProtected: Boolean = false
+        protected set
+    var isCorrupted: Boolean = false
+    private var mLength: Long = 0
+    private var mBinaryHash = 0
+
+    protected constructor(compressed: Boolean = false, protected: Boolean = false) {
+        this.isCompressed = compressed
+        this.isProtected = protected
+        this.mLength = 0
+        this.mBinaryHash = 0
+    }
+
+    protected constructor(parcel: Parcel) {
+        isCompressed = parcel.readByte().toInt() != 0
+        isProtected = parcel.readByte().toInt() != 0
+        isCorrupted = parcel.readByte().toInt() != 0
+        mLength = parcel.readLong()
+        mBinaryHash = parcel.readInt()
+    }
+
+    override fun writeToParcel(dest: Parcel, flags: Int) {
+        dest.writeByte((if (isCompressed) 1 else 0).toByte())
+        dest.writeByte((if (isProtected) 1 else 0).toByte())
+        dest.writeByte((if (isCorrupted) 1 else 0).toByte())
+        dest.writeLong(mLength)
+        dest.writeInt(mBinaryHash)
+    }
+
+    @Throws(IOException::class)
+    abstract fun getInputDataStream(binaryCache: BinaryCache): InputStream
+
+    @Throws(IOException::class)
+    abstract fun getOutputDataStream(binaryCache: BinaryCache): OutputStream
+
+    @Throws(IOException::class)
+    fun getUnGzipInputDataStream(binaryCache: BinaryCache): InputStream {
+        return if (isCompressed) {
+            GZIPInputStream(getInputDataStream(binaryCache))
+        } else {
+            getInputDataStream(binaryCache)
+        }
+    }
+
+    @Throws(IOException::class)
+    fun getGzipOutputDataStream(binaryCache: BinaryCache): OutputStream {
+        return if (isCompressed) {
+            GZIPOutputStream(getOutputDataStream(binaryCache))
+        } else {
+            getOutputDataStream(binaryCache)
+        }
+    }
+
+    @Throws(IOException::class)
+    abstract fun compress(binaryCache: BinaryCache)
+
+    @Throws(IOException::class)
+    abstract fun decompress(binaryCache: BinaryCache)
+
+    @Throws(IOException::class)
+    fun dataExists(): Boolean {
+        return mLength > 0
+    }
+
+    @Throws(IOException::class)
+    fun getSize(): Long {
+        return mLength
+    }
+
+    @Throws(IOException::class)
+    fun binaryHash(): Int {
+        return mBinaryHash
+    }
+
+    @Throws(IOException::class)
+    abstract fun clear(binaryCache: BinaryCache)
+
+    override fun describeContents(): Int {
+        return 0
+    }
+
+    override fun equals(other: Any?): Boolean {
+        if (this === other) return true
+        if (other !is BinaryData) return false
+
+        if (isCompressed != other.isCompressed) return false
+        if (isProtected != other.isProtected) return false
+        if (isCorrupted != other.isCorrupted) return false
+
+        return true
+    }
+
+    override fun hashCode(): Int {
+        var result = isCompressed.hashCode()
+        result = 31 * result + isProtected.hashCode()
+        result = 31 * result + isCorrupted.hashCode()
+        result = 31 * result + mLength.hashCode()
+        result = 31 * result + mBinaryHash
+        return result
+    }
+
+
+    /**
+     * Custom OutputStream to calculate the size and hash of binary file
+     */
+    protected inner class BinaryCountingOutputStream(out: OutputStream): CountingOutputStream(out) {
+
+        private val mMessageDigest: MessageDigest
+        init {
+            mLength = 0
+            mMessageDigest = MessageDigest.getInstance("MD5")
+            mBinaryHash = 0
+        }
+
+        override fun beforeWrite(n: Int) {
+            super.beforeWrite(n)
+            mLength = byteCount
+        }
+
+        override fun write(idx: Int) {
+            super.write(idx)
+            mMessageDigest.update(idx.toByte())
+        }
+
+        override fun write(bts: ByteArray) {
+            super.write(bts)
+            mMessageDigest.update(bts)
+        }
+
+        override fun write(bts: ByteArray, st: Int, end: Int) {
+            super.write(bts, st, end)
+            mMessageDigest.update(bts, st, end)
+        }
+
+        override fun close() {
+            super.close()
+            mLength = byteCount
+            val bytes = mMessageDigest.digest()
+            mBinaryHash = ByteBuffer.wrap(bytes).int
+        }
+    }
+
+    companion object {
+        private val TAG = BinaryData::class.java.name
+
+        fun canMemoryBeAllocatedInRAM(context: Context, memoryWanted: Long): Boolean {
+            val memoryInfo = ActivityManager.MemoryInfo()
+            (context.getSystemService(Context.ACTIVITY_SERVICE) as ActivityManager).getMemoryInfo(memoryInfo)
+            val availableMemory = memoryInfo.availMem
+            return availableMemory > memoryWanted * 3
+        }
+    }
+
+}

app/src/main/java/com/kunzisoft/keepass/database/element/binary/BinaryFile.kt

@@ -17,19 +17,15 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.database.element.database
+package com.kunzisoft.keepass.database.element.binary
 
 import android.os.Parcel
 import android.os.Parcelable
 import android.util.Base64
 import android.util.Base64InputStream
 import android.util.Base64OutputStream
-import com.kunzisoft.keepass.database.element.Database
-import com.kunzisoft.keepass.stream.readAllBytes
-import org.apache.commons.io.output.CountingOutputStream
+import com.kunzisoft.keepass.utils.readAllBytes
 import java.io.*
-import java.nio.ByteBuffer
-import java.security.MessageDigest
 import java.util.zip.GZIPOutputStream
 import javax.crypto.Cipher
 import javax.crypto.CipherInputStream
@@ -39,44 +35,43 @@ import javax.crypto.spec.IvParameterSpec
 class BinaryFile : BinaryData {
 
     private var mDataFile: File? = null
-    private var mLength: Long = 0
-    private var mBinaryHash = 0
+
     // Cipher to encrypt temp file
     @Transient
-    private var cipherEncryption: Cipher = Cipher.getInstance(Database.LoadedKey.BINARY_CIPHER)
+    private var cipherEncryption: Cipher = Cipher.getInstance(LoadedKey.BINARY_CIPHER)
     @Transient
-    private var cipherDecryption: Cipher = Cipher.getInstance(Database.LoadedKey.BINARY_CIPHER)
-
-    constructor() : super()
+    private var cipherDecryption: Cipher = Cipher.getInstance(LoadedKey.BINARY_CIPHER)
 
     constructor(dataFile: File,
                 compressed: Boolean = false,
                 protected: Boolean = false) : super(compressed, protected) {
         this.mDataFile = dataFile
-        this.mLength = 0
-        this.mBinaryHash = 0
     }
 
     constructor(parcel: Parcel) : super(parcel) {
         parcel.readString()?.let {
             mDataFile = File(it)
         }
-        mLength = parcel.readLong()
-        mBinaryHash = parcel.readInt()
+    }
+
+    override fun writeToParcel(dest: Parcel, flags: Int) {
+        super.writeToParcel(dest, flags)
+        dest.writeString(mDataFile?.absolutePath)
     }
 
     @Throws(IOException::class)
-    override fun getInputDataStream(cipherKey: Database.LoadedKey): InputStream {
-        return buildInputStream(mDataFile, cipherKey)
+    override fun getInputDataStream(binaryCache: BinaryCache): InputStream {
+        return buildInputStream(mDataFile, binaryCache)
     }
 
     @Throws(IOException::class)
-    override fun getOutputDataStream(cipherKey: Database.LoadedKey): OutputStream {
-        return buildOutputStream(mDataFile, cipherKey)
+    override fun getOutputDataStream(binaryCache: BinaryCache): OutputStream {
+        return buildOutputStream(mDataFile, binaryCache)
     }
 
     @Throws(IOException::class)
-    private fun buildInputStream(file: File?, cipherKey: Database.LoadedKey): InputStream {
+    private fun buildInputStream(file: File?, binaryCache: BinaryCache): InputStream {
+        val cipherKey = binaryCache.loadedCipherKey
         return when {
             file != null && file.length() > 0 -> {
                 cipherDecryption.init(Cipher.DECRYPT_MODE, cipherKey.key, IvParameterSpec(cipherKey.iv))
@@ -87,7 +82,8 @@ class BinaryFile : BinaryData {
     }
 
     @Throws(IOException::class)
-    private fun buildOutputStream(file: File?, cipherKey: Database.LoadedKey): OutputStream {
+    private fun buildOutputStream(file: File?, binaryCache: BinaryCache): OutputStream {
+        val cipherKey = binaryCache.loadedCipherKey
         return when {
             file != null -> {
                 cipherEncryption.init(Cipher.ENCRYPT_MODE, cipherKey.key, IvParameterSpec(cipherKey.iv))
@@ -98,14 +94,14 @@ class BinaryFile : BinaryData {
     }
 
     @Throws(IOException::class)
-    override fun compress(cipherKey: Database.LoadedKey) {
+    override fun compress(binaryCache: BinaryCache) {
         mDataFile?.let { concreteDataFile ->
             // To compress, create a new binary with file
             if (!isCompressed) {
                 // Encrypt the new gzipped temp file
                 val fileBinaryCompress = File(concreteDataFile.parent, concreteDataFile.name + "_temp")
-                getInputDataStream(cipherKey).use { inputStream ->
-                    GZIPOutputStream(buildOutputStream(fileBinaryCompress, cipherKey)).use { outputStream ->
+                getInputDataStream(binaryCache).use { inputStream ->
+                    GZIPOutputStream(buildOutputStream(fileBinaryCompress, binaryCache)).use { outputStream ->
                         inputStream.readAllBytes { buffer ->
                             outputStream.write(buffer)
                         }
@@ -123,13 +119,13 @@ class BinaryFile : BinaryData {
     }
 
     @Throws(IOException::class)
-    override fun decompress(cipherKey: Database.LoadedKey) {
+    override fun decompress(binaryCache: BinaryCache) {
         mDataFile?.let { concreteDataFile ->
             if (isCompressed) {
                 // Encrypt the new ungzipped temp file
                 val fileBinaryDecompress = File(concreteDataFile.parent, concreteDataFile.name + "_temp")
-                getUnGzipInputDataStream(cipherKey).use { inputStream ->
-                    buildOutputStream(fileBinaryDecompress, cipherKey).use { outputStream ->
+                getUnGzipInputDataStream(binaryCache).use { inputStream ->
+                    buildOutputStream(fileBinaryDecompress, binaryCache).use { outputStream ->
                         inputStream.readAllBytes { buffer ->
                             outputStream.write(buffer)
                         }
@@ -146,39 +142,15 @@ class BinaryFile : BinaryData {
         }
     }
 
-    @Throws(IOException::class)
-    override fun clear() {
+    override fun clear(binaryCache: BinaryCache) {
         if (mDataFile != null && !mDataFile!!.delete())
             throw IOException("Unable to delete temp file " + mDataFile!!.absolutePath)
     }
 
-    override fun dataExists(): Boolean {
-        return mDataFile != null && mLength > 0
-    }
-
-    override fun getSize(): Long {
-        return mLength
-    }
-
-    /**
-     * Hash of the raw encrypted file in temp folder, only to compare binary data
-     */
-    @Throws(FileNotFoundException::class)
-    override fun binaryHash(): Int {
-        return mBinaryHash
-    }
-
     override fun toString(): String {
         return mDataFile.toString()
     }
 
-    override fun writeToParcel(dest: Parcel, flags: Int) {
-        super.writeToParcel(dest, flags)
-        dest.writeString(mDataFile?.absolutePath)
-        dest.writeLong(mLength)
-        dest.writeInt(mBinaryHash)
-    }
-
     override fun equals(other: Any?): Boolean {
         if (this === other) return true
         if (other !is BinaryFile) return false
@@ -190,53 +162,10 @@ class BinaryFile : BinaryData {
     override fun hashCode(): Int {
         var result = super.hashCode()
         result = 31 * result + (mDataFile?.hashCode() ?: 0)
-        result = 31 * result + mLength.hashCode()
-        result = 31 * result + mBinaryHash
         return result
     }
 
-    /**
-     * Custom OutputStream to calculate the size and hash of binary file
-     */
-    private inner class BinaryCountingOutputStream(out: OutputStream): CountingOutputStream(out) {
-
-        private val mMessageDigest: MessageDigest
-        init {
-            mLength = 0
-            mMessageDigest = MessageDigest.getInstance("MD5")
-            mBinaryHash = 0
-        }
-
-        override fun beforeWrite(n: Int) {
-            super.beforeWrite(n)
-            mLength = byteCount
-        }
-
-        override fun write(idx: Int) {
-            super.write(idx)
-            mMessageDigest.update(idx.toByte())
-        }
-
-        override fun write(bts: ByteArray) {
-            super.write(bts)
-            mMessageDigest.update(bts)
-        }
-
-        override fun write(bts: ByteArray, st: Int, end: Int) {
-            super.write(bts, st, end)
-            mMessageDigest.update(bts, st, end)
-        }
-
-        override fun close() {
-            super.close()
-            mLength = byteCount
-            val bytes = mMessageDigest.digest()
-            mBinaryHash = ByteBuffer.wrap(bytes).int
-        }
-    }
-
     companion object {
-
         private val TAG = BinaryFile::class.java.name
 
         @JvmField

app/src/main/java/com/kunzisoft/keepass/database/element/binary/BinaryPool.kt

@@ -17,20 +17,19 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.database.element.database
+package com.kunzisoft.keepass.database.element.binary
 
 import android.util.Log
-import java.io.File
 import java.io.IOException
 import kotlin.math.abs
 
-abstract class BinaryPool<T> {
+abstract class BinaryPool<T>(private val mBinaryCache: BinaryCache) {
 
     protected val pool = LinkedHashMap<T, BinaryData>()
 
     // To build unique file id
-    private var creationId: String = System.currentTimeMillis().toString()
-    private var poolId: String = abs(javaClass.simpleName.hashCode()).toString()
+    private var creationId: Long = System.currentTimeMillis()
+    private var poolId: Int = abs(javaClass.simpleName.hashCode())
     private var binaryFileIncrement = 0L
 
     /**
@@ -196,7 +195,7 @@ abstract class BinaryPool<T> {
      * Different from doForEach, provide an ordered index to each binary
      */
     private fun doForEachBinaryWithoutDuplication(action: (keyBinary: KeyBinary<T>) -> Unit,
-                                          conditionToAdd: (binary: BinaryData) -> Boolean) {
+                                                  conditionToAdd: (binary: BinaryData) -> Boolean) {
         orderedBinariesWithoutDuplication(conditionToAdd).forEach { keyBinary ->
             action.invoke(keyBinary)
         }
@@ -227,7 +226,7 @@ abstract class BinaryPool<T> {
     @Throws(IOException::class)
     fun clear() {
         doForEachBinary { _, binary ->
-            binary.clear()
+            binary.clear(mBinaryCache)
         }
         pool.clear()
     }

app/src/main/java/com/kunzisoft/keepass/database/element/binary/CustomIconPool.kt

@@ -0,0 +1,43 @@
+package com.kunzisoft.keepass.database.element.binary
+
+import com.kunzisoft.keepass.database.element.DateInstant
+import com.kunzisoft.keepass.database.element.icon.IconImageCustom
+import java.util.*
+
+class CustomIconPool(private val binaryCache: BinaryCache) : BinaryPool<UUID>(binaryCache) {
+
+    private val customIcons = HashMap<UUID, IconImageCustom>()
+
+    fun put(key: UUID? = null,
+            name: String,
+            lastModificationTime: DateInstant?,
+            smallSize: Boolean,
+            result: (IconImageCustom, BinaryData?) -> Unit) {
+        val keyBinary = super.put(key) { uniqueBinaryId ->
+            // Create a byte array for better performance with small data
+            binaryCache.getBinaryData(uniqueBinaryId, smallSize)
+        }
+        val uuid = keyBinary.keys.first()
+        val customIcon = IconImageCustom(uuid, name, lastModificationTime)
+        customIcons[uuid] = customIcon
+        result.invoke(customIcon, keyBinary.binary)
+    }
+
+    override fun findUnusedKey(): UUID {
+        var newUUID = UUID.randomUUID()
+        while (pool.containsKey(newUUID)) {
+            newUUID = UUID.randomUUID()
+        }
+        return newUUID
+    }
+
+    fun any(predicate: (IconImageCustom)-> Boolean): Boolean {
+        return customIcons.any { predicate(it.value) }
+    }
+
+    fun doForEachCustomIcon(action: (customIcon: IconImageCustom, binary: BinaryData) -> Unit) {
+        doForEachBinary { key, binary ->
+            action.invoke(customIcons[key] ?: IconImageCustom(key), binary)
+        }
+    }
+}

app/src/main/java/com/kunzisoft/keepass/database/element/binary/LoadedKey.kt

@@ -0,0 +1,18 @@
+package com.kunzisoft.keepass.database.element.binary
+
+import java.io.Serializable
+import java.security.Key
+import java.security.SecureRandom
+import javax.crypto.KeyGenerator
+
+class LoadedKey(val key: Key, val iv: ByteArray): Serializable {
+    companion object {
+        const val BINARY_CIPHER = "Blowfish/CBC/PKCS5Padding"
+
+        fun generateNewCipherKey(): LoadedKey {
+            val iv = ByteArray(8)
+            SecureRandom().nextBytes(iv)
+            return LoadedKey(KeyGenerator.getInstance("Blowfish").generateKey(), iv)
+        }
+    }
+}

app/src/main/java/com/kunzisoft/keepass/database/element/database/BinaryData.kt

@@ -1,126 +0,0 @@
-/*
- * Copyright 2018 Jeremy Jamet / Kunzisoft.
- *     
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.database.element.database
-
-import android.os.Parcel
-import android.os.Parcelable
-import com.kunzisoft.keepass.database.element.Database
-import java.io.IOException
-import java.io.InputStream
-import java.io.OutputStream
-import java.util.zip.GZIPInputStream
-import java.util.zip.GZIPOutputStream
-
-abstract class BinaryData : Parcelable {
-
-    var isCompressed: Boolean = false
-        protected set
-    var isProtected: Boolean = false
-        protected set
-    var isCorrupted: Boolean = false
-
-    /**
-     * Empty protected binary
-     */
-    protected constructor()
-
-    protected constructor(compressed: Boolean = false, protected: Boolean = false) {
-        this.isCompressed = compressed
-        this.isProtected = protected
-    }
-
-    protected constructor(parcel: Parcel) {
-        isCompressed = parcel.readByte().toInt() != 0
-        isProtected = parcel.readByte().toInt() != 0
-        isCorrupted = parcel.readByte().toInt() != 0
-    }
-
-    @Throws(IOException::class)
-    abstract fun getInputDataStream(cipherKey: Database.LoadedKey): InputStream
-
-    @Throws(IOException::class)
-    abstract fun getOutputDataStream(cipherKey: Database.LoadedKey): OutputStream
-
-    @Throws(IOException::class)
-    fun getUnGzipInputDataStream(cipherKey: Database.LoadedKey): InputStream {
-        return if (isCompressed) {
-            GZIPInputStream(getInputDataStream(cipherKey))
-        } else {
-            getInputDataStream(cipherKey)
-        }
-    }
-
-    @Throws(IOException::class)
-    fun getGzipOutputDataStream(cipherKey: Database.LoadedKey): OutputStream {
-        return if (isCompressed) {
-            GZIPOutputStream(getOutputDataStream(cipherKey))
-        } else {
-            getOutputDataStream(cipherKey)
-        }
-    }
-
-    @Throws(IOException::class)
-    abstract fun compress(cipherKey: Database.LoadedKey)
-
-    @Throws(IOException::class)
-    abstract fun decompress(cipherKey: Database.LoadedKey)
-
-    @Throws(IOException::class)
-    abstract fun clear()
-
-    abstract fun dataExists(): Boolean
-
-    abstract fun getSize(): Long
-
-    abstract fun binaryHash(): Int
-
-    override fun describeContents(): Int {
-        return 0
-    }
-
-    override fun writeToParcel(dest: Parcel, flags: Int) {
-        dest.writeByte((if (isCompressed) 1 else 0).toByte())
-        dest.writeByte((if (isProtected) 1 else 0).toByte())
-        dest.writeByte((if (isCorrupted) 1 else 0).toByte())
-    }
-
-    override fun equals(other: Any?): Boolean {
-        if (this === other) return true
-        if (other !is BinaryData) return false
-
-        if (isCompressed != other.isCompressed) return false
-        if (isProtected != other.isProtected) return false
-        if (isCorrupted != other.isCorrupted) return false
-
-        return true
-    }
-
-    override fun hashCode(): Int {
-        var result = isCompressed.hashCode()
-        result = 31 * result + isProtected.hashCode()
-        result = 31 * result + isCorrupted.hashCode()
-        return result
-    }
-
-    companion object {
-        private val TAG = BinaryData::class.java.name
-    }
-
-}

app/src/main/java/com/kunzisoft/keepass/database/element/database/CustomIconPool.kt

@@ -1,14 +0,0 @@
-package com.kunzisoft.keepass.database.element.database
-
-import java.util.*
-
-class CustomIconPool : BinaryPool<UUID>() {
-
-    override fun findUnusedKey(): UUID {
-        var newUUID = UUID.randomUUID()
-        while (pool.containsKey(newUUID)) {
-            newUUID = UUID.randomUUID()
-        }
-        return newUUID
-    }
-}

app/src/main/java/com/kunzisoft/keepass/database/element/database/DatabaseKDB.kt

@@ -19,35 +19,27 @@
 
 package com.kunzisoft.keepass.database.element.database
 
-import com.kunzisoft.keepass.crypto.finalkey.AESKeyTransformerFactory
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfEngine
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfFactory
+import com.kunzisoft.encrypt.HashManager
+import com.kunzisoft.encrypt.aes.AESTransformer
+import com.kunzisoft.keepass.database.crypto.EncryptionAlgorithm
+import com.kunzisoft.keepass.database.crypto.kdf.KdfEngine
+import com.kunzisoft.keepass.database.crypto.kdf.KdfFactory
+import com.kunzisoft.keepass.database.element.binary.BinaryData
 import com.kunzisoft.keepass.database.element.entry.EntryKDB
 import com.kunzisoft.keepass.database.element.group.GroupKDB
 import com.kunzisoft.keepass.database.element.icon.IconImageStandard
 import com.kunzisoft.keepass.database.element.node.NodeIdInt
 import com.kunzisoft.keepass.database.element.node.NodeIdUUID
 import com.kunzisoft.keepass.database.element.node.NodeVersioned
-import com.kunzisoft.keepass.database.element.security.EncryptionAlgorithm
-import com.kunzisoft.keepass.stream.NullOutputStream
-import java.io.File
 import java.io.IOException
 import java.io.InputStream
-import java.security.DigestOutputStream
-import java.security.MessageDigest
-import java.security.NoSuchAlgorithmException
 import java.util.*
 import kotlin.collections.ArrayList
 
 class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
 
-    private var backupGroupId: Int = BACKUP_FOLDER_UNDEFINED_ID
-
     private var kdfListV3: MutableList<KdfEngine> = ArrayList()
 
-    // Only to generate unique file name
-    private var binaryPool = AttachmentPool()
-
     override val version: String
         get() = "KeePass 1"
 
@@ -61,13 +53,14 @@ class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
         return getGroupById(NodeIdInt(groupId))
     }
 
-    // Retrieve backup group in index
     val backupGroup: GroupKDB?
         get() {
-            return if (backupGroupId == BACKUP_FOLDER_UNDEFINED_ID)
-                null
-            else
-                getGroupById(backupGroupId)
+            return retrieveBackup()
+        }
+
+    val groupNamesNotAllowed: List<String>
+        get() {
+            return listOf(BACKUP_FOLDER_TITLE)
         }
 
     override val kdfEngine: KdfEngine
@@ -80,17 +73,13 @@ class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
         get() {
             val list = ArrayList<EncryptionAlgorithm>()
             list.add(EncryptionAlgorithm.AESRijndael)
+            list.add(EncryptionAlgorithm.Twofish)
             return list
         }
 
     val rootGroups: List<GroupKDB>
         get() {
-            val kids = ArrayList<GroupKDB>()
-            doForEachGroupInIndex { group ->
-                if (group.level == 0)
-                    kids.add(group)
-            }
-            return kids
+            return rootGroup?.getChildGroups() ?: ArrayList()
         }
 
     override val passwordEncoding: String
@@ -145,24 +134,11 @@ class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
     }
 
     @Throws(IOException::class)
-    fun makeFinalKey(masterSeed: ByteArray, masterSeed2: ByteArray, numRounds: Long) {
-
-        // Write checksum Checksum
-        val messageDigest: MessageDigest
-        try {
-            messageDigest = MessageDigest.getInstance("SHA-256")
-        } catch (e: NoSuchAlgorithmException) {
-            throw IOException("SHA-256 not implemented here.")
-        }
-
-        val nos = NullOutputStream()
-        val dos = DigestOutputStream(nos, messageDigest)
-
+    fun makeFinalKey(masterSeed: ByteArray, transformSeed: ByteArray, numRounds: Long) {
         // Encrypt the master key a few times to make brute-force key-search harder
-        dos.write(masterSeed)
-        dos.write(AESKeyTransformerFactory.transformMasterKey(masterSeed2, masterKey, numRounds) ?: ByteArray(0))
-
-        finalKey = messageDigest.digest()
+        val transformedKey = AESTransformer.transformKey(transformSeed, masterKey, numRounds) ?: ByteArray(0)
+        // Write checksum Checksum
+        finalKey = HashManager.hashSha256(masterSeed, transformedKey)
     }
 
     override fun createGroup(): GroupKDB {
@@ -181,27 +157,16 @@ class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
         return this.iconsManager.getIcon(iconId)
     }
 
-    override fun containsCustomData(): Boolean {
-        return false
-    }
-
     override fun isInRecycleBin(group: GroupKDB): Boolean {
         var currentGroup: GroupKDB? = group
+        val currentBackupGroup = backupGroup ?: return false
 
-        // Init backup group variable
-        if (backupGroupId == BACKUP_FOLDER_UNDEFINED_ID)
-            findBackupGroupId()
-
-        if (backupGroup == null)
-            return false
-
-        if (currentGroup == backupGroup)
+        if (currentGroup == currentBackupGroup)
             return true
 
+        val backupGroupId = currentBackupGroup.id
         while (currentGroup != null) {
-            if (currentGroup.level == 0
-                    && currentGroup.title.equals(BACKUP_FOLDER_TITLE, ignoreCase = true)) {
-                backupGroupId = currentGroup.id
+            if (backupGroupId == currentGroup.id) {
                 return true
             }
             currentGroup = currentGroup.parent
@@ -209,12 +174,12 @@ class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
         return false
     }
 
-    private fun findBackupGroupId() {
-        rootGroups.forEach { currentGroup ->
-            if (currentGroup.level == 0
-                    && currentGroup.title.equals(BACKUP_FOLDER_TITLE, ignoreCase = true)) {
-                backupGroupId = currentGroup.id
-            }
+    /**
+     * Retrieve backup group with his name
+     */
+    private fun retrieveBackup(): GroupKDB? {
+        return rootGroup?.searchChildGroup {
+            it.title.equals(BACKUP_FOLDER_TITLE, ignoreCase = true)
         }
     }
 
@@ -223,8 +188,6 @@ class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
      * if it doesn't exist
      */
     fun ensureBackupExists() {
-        findBackupGroupId()
-
         if (backupGroup == null) {
             // Create recycle bin
             val recycleBinGroup = createGroup().apply {
@@ -232,7 +195,6 @@ class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
                 icon.standard = getStandardIcon(IconImageStandard.TRASH_ID)
             }
             addGroupTo(recycleBinGroup, rootGroup)
-            backupGroupId = recycleBinGroup.id
         }
     }
 
@@ -275,11 +237,10 @@ class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
         addEntryTo(entry, origParent)
     }
 
-    fun buildNewAttachment(cacheDirectory: File): BinaryData {
+    fun buildNewAttachment(): BinaryData {
         // Generate an unique new file
-        return binaryPool.put { uniqueBinaryId ->
-            val fileInCache = File(cacheDirectory, uniqueBinaryId)
-            BinaryFile(fileInCache)
+        return attachmentPool.put { uniqueBinaryId ->
+            binaryCache.getBinaryData(uniqueBinaryId, false)
         }.binary
     }
 
@@ -287,6 +248,5 @@ class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
         val TYPE = DatabaseKDB::class.java
 
         const val BACKUP_FOLDER_TITLE = "Backup"
-        private const val BACKUP_FOLDER_UNDEFINED_ID = -1
     }
 }

app/src/main/java/com/kunzisoft/keepass/database/element/database/DatabaseKDBX.kt

@@ -22,56 +22,63 @@ package com.kunzisoft.keepass.database.element.database
 import android.content.res.Resources
 import android.util.Base64
 import android.util.Log
+import com.kunzisoft.encrypt.HashManager
 import com.kunzisoft.keepass.R
-import com.kunzisoft.keepass.crypto.CryptoUtil
-import com.kunzisoft.keepass.crypto.engine.AesEngine
-import com.kunzisoft.keepass.crypto.engine.CipherEngine
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfEngine
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfFactory
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfParameters
 import com.kunzisoft.keepass.database.action.node.NodeHandler
+import com.kunzisoft.keepass.database.crypto.AesEngine
+import com.kunzisoft.keepass.database.crypto.CipherEngine
+import com.kunzisoft.keepass.database.crypto.EncryptionAlgorithm
+import com.kunzisoft.keepass.database.crypto.VariantDictionary
+import com.kunzisoft.keepass.database.crypto.kdf.KdfEngine
+import com.kunzisoft.keepass.database.crypto.kdf.KdfFactory
+import com.kunzisoft.keepass.database.crypto.kdf.KdfParameters
+import com.kunzisoft.keepass.database.element.CustomData
 import com.kunzisoft.keepass.database.element.DateInstant
 import com.kunzisoft.keepass.database.element.DeletedObject
+import com.kunzisoft.keepass.database.element.binary.BinaryData
 import com.kunzisoft.keepass.database.element.database.DatabaseKDB.Companion.BACKUP_FOLDER_TITLE
 import com.kunzisoft.keepass.database.element.entry.EntryKDBX
+import com.kunzisoft.keepass.database.element.entry.FieldReferencesEngine
 import com.kunzisoft.keepass.database.element.group.GroupKDBX
 import com.kunzisoft.keepass.database.element.icon.IconImageCustom
 import com.kunzisoft.keepass.database.element.icon.IconImageStandard
 import com.kunzisoft.keepass.database.element.node.NodeIdUUID
 import com.kunzisoft.keepass.database.element.node.NodeVersioned
-import com.kunzisoft.keepass.database.element.security.EncryptionAlgorithm
 import com.kunzisoft.keepass.database.element.security.MemoryProtectionConfig
 import com.kunzisoft.keepass.database.exception.UnknownKDF
-import com.kunzisoft.keepass.database.file.DatabaseHeaderKDBX.Companion.FILE_VERSION_32_3
-import com.kunzisoft.keepass.database.file.DatabaseHeaderKDBX.Companion.FILE_VERSION_32_4
+import com.kunzisoft.keepass.database.file.DatabaseHeaderKDBX.Companion.FILE_VERSION_31
+import com.kunzisoft.keepass.database.file.DatabaseHeaderKDBX.Companion.FILE_VERSION_40
+import com.kunzisoft.keepass.database.file.DatabaseHeaderKDBX.Companion.FILE_VERSION_41
 import com.kunzisoft.keepass.utils.StringUtil.removeSpaceChars
 import com.kunzisoft.keepass.utils.StringUtil.toHexString
 import com.kunzisoft.keepass.utils.UnsignedInt
-import com.kunzisoft.keepass.utils.VariantDictionary
+import com.kunzisoft.keepass.utils.longTo8Bytes
 import org.apache.commons.codec.binary.Hex
 import org.w3c.dom.Node
-import java.io.File
 import java.io.IOException
 import java.io.InputStream
 import java.security.MessageDigest
 import java.security.NoSuchAlgorithmException
 import java.util.*
+import javax.crypto.Mac
 import javax.xml.XMLConstants
 import javax.xml.parsers.DocumentBuilderFactory
 import javax.xml.parsers.ParserConfigurationException
+import kotlin.math.min
 
 
 class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
 
     var hmacKey: ByteArray? = null
         private set
-    var dataCipher = AesEngine.CIPHER_UUID
+    var cipherUuid = EncryptionAlgorithm.AESRijndael.uuid
     private var dataEngine: CipherEngine = AesEngine()
     var compressionAlgorithm = CompressionAlgorithm.GZip
     var kdfParameters: KdfParameters? = null
     private var kdfList: MutableList<KdfEngine> = ArrayList()
     private var numKeyEncRounds: Long = 0
     var publicCustomData = VariantDictionary()
+    private val mFieldReferenceEngine = FieldReferencesEngine(this)
 
     var kdbxVersion = UnsignedInt(0)
     var name = ""
@@ -97,7 +104,7 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
      */
     var isRecycleBinEnabled = true
     var recycleBinUUID: UUID = UUID_ZERO
-    var recycleBinChanged = Date()
+    var recycleBinChanged = DateInstant()
     var entryTemplatesGroup = UUID_ZERO
     var entryTemplatesGroupChanged = DateInstant()
     var historyMaxItems = DEFAULT_HISTORY_MAX_ITEMS
@@ -106,9 +113,7 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
     var lastTopVisibleGroupUUID = UUID_ZERO
     var memoryProtection = MemoryProtectionConfig()
     val deletedObjects = ArrayList<DeletedObject>()
-    val customData = HashMap<String, String>()
-
-    var binaryPool = AttachmentPool()
+    val customData = CustomData()
 
     var localizedAppName = "KeePassDX"
 
@@ -125,20 +130,20 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
      */
     constructor(databaseName: String, rootName: String) {
         name = databaseName
-        kdbxVersion = FILE_VERSION_32_3
+        kdbxVersion = FILE_VERSION_31
         val group = createGroup().apply {
             title = rootName
             icon.standard = getStandardIcon(IconImageStandard.FOLDER_ID)
         }
         rootGroup = group
-        addGroupIndex(group)
     }
 
     override val version: String
         get() {
             val kdbxStringVersion = when(kdbxVersion) {
-                FILE_VERSION_32_3 -> "3.1"
-                FILE_VERSION_32_4 -> "4.0"
+                FILE_VERSION_31 -> "3.1"
+                FILE_VERSION_40 -> "4.0"
+                FILE_VERSION_41 -> "4.1"
                 else -> "UNKNOWN"
             }
             return "KeePass 2 - KDBX$kdbxStringVersion"
@@ -186,7 +191,7 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
                     }
                     CompressionAlgorithm.GZip -> {
                         // Only in databaseV3.1, in databaseV4 the header is zipped during the save
-                        if (kdbxVersion.toKotlinLong() < FILE_VERSION_32_4.toKotlinLong()) {
+                        if (kdbxVersion.isBefore(FILE_VERSION_40)) {
                             compressAllBinaries()
                         }
                     }
@@ -194,9 +199,7 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
             }
             CompressionAlgorithm.GZip -> {
                 // In databaseV4 the header is zipped during the save, so not necessary here
-                if (kdbxVersion.toKotlinLong() >= FILE_VERSION_32_4.toKotlinLong()) {
-                    decompressAllBinaries()
-                } else {
+                if (kdbxVersion.isBefore(FILE_VERSION_40)) {
                     when (newCompression) {
                         CompressionAlgorithm.None -> {
                             decompressAllBinaries()
@@ -204,18 +207,18 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
                         CompressionAlgorithm.GZip -> {
                         }
                     }
+                } else {
+                    decompressAllBinaries()
                 }
             }
         }
     }
 
     private fun compressAllBinaries() {
-        binaryPool.doForEachBinary { _, binary ->
+        attachmentPool.doForEachBinary { _, binary ->
             try {
-                val cipherKey = loadedCipherKey
-                        ?: throw IOException("Unable to retrieve cipher key to compress binaries")
                 // To compress, create a new binary with file
-                binary.compress(cipherKey)
+                binary.compress(binaryCache)
             } catch (e: Exception) {
                 Log.e(TAG, "Unable to compress $binary", e)
             }
@@ -223,11 +226,9 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
     }
 
     private fun decompressAllBinaries() {
-        binaryPool.doForEachBinary { _, binary ->
+        attachmentPool.doForEachBinary { _, binary ->
             try {
-                val cipherKey = loadedCipherKey
-                        ?: throw IOException("Unable to retrieve cipher key to decompress binaries")
-                binary.decompress(cipherKey)
+                binary.decompress(binaryCache)
             } catch (e: Exception) {
                 Log.e(TAG, "Unable to decompress $binary", e)
             }
@@ -310,17 +311,17 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
         return this.iconsManager.getIcon(iconId)
     }
 
-    fun buildNewCustomIcon(cacheDirectory: File,
-                           customIconId: UUID? = null,
+    fun buildNewCustomIcon(customIconId: UUID? = null,
                            result: (IconImageCustom, BinaryData?) -> Unit) {
-        iconsManager.buildNewCustomIcon(cacheDirectory, customIconId, result)
+        iconsManager.buildNewCustomIcon(customIconId, result)
     }
 
-    fun addCustomIcon(cacheDirectory: File,
-                      customIconId: UUID? = null,
-                      dataSize: Int,
+    fun addCustomIcon(customIconId: UUID? = null,
+                      name: String,
+                      lastModificationTime: DateInstant?,
+                      smallSize: Boolean,
                       result: (IconImageCustom, BinaryData?) -> Unit) {
-        iconsManager.addCustomIcon(cacheDirectory, customIconId, dataSize, result)
+        iconsManager.addCustomIcon(customIconId, name, lastModificationTime, smallSize, result)
     }
 
     fun isCustomIconBinaryDuplicate(binary: BinaryData): Boolean {
@@ -331,12 +332,51 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
         return this.iconsManager.getIcon(iconUuid)
     }
 
-    fun putCustomData(label: String, value: String) {
-        this.customData[label] = value
+    /*
+     * Search methods
+     */
+
+    fun getEntryByTitle(title: String, recursionLevel: Int): EntryKDBX? {
+        return this.entryIndexes.values.find { entry ->
+            entry.decodeTitleKey(recursionLevel).equals(title, true)
+        }
     }
 
-    override fun containsCustomData(): Boolean {
-        return customData.isNotEmpty()
+    fun getEntryByUsername(username: String, recursionLevel: Int): EntryKDBX? {
+        return this.entryIndexes.values.find { entry ->
+            entry.decodeUsernameKey(recursionLevel).equals(username, true)
+        }
+    }
+
+    fun getEntryByURL(url: String, recursionLevel: Int): EntryKDBX? {
+        return this.entryIndexes.values.find { entry ->
+            entry.decodeUrlKey(recursionLevel).equals(url, true)
+        }
+    }
+
+    fun getEntryByPassword(password: String, recursionLevel: Int): EntryKDBX? {
+        return this.entryIndexes.values.find { entry ->
+            entry.decodePasswordKey(recursionLevel).equals(password, true)
+        }
+    }
+
+    fun getEntryByNotes(notes: String, recursionLevel: Int): EntryKDBX? {
+        return this.entryIndexes.values.find { entry ->
+            entry.decodeNotesKey(recursionLevel).equals(notes, true)
+        }
+    }
+
+    fun getEntryByCustomData(customDataValue: String): EntryKDBX? {
+        return entryIndexes.values.find { entry ->
+            entry.customData.containsItemWithValue(customDataValue)
+        }
+    }
+
+    /**
+     * Retrieve the value of a field reference
+     */
+    fun getFieldReferenceValue(textReference: String, recursionLevel: Int): String {
+        return mFieldReferenceEngine.compile(textReference, recursionLevel)
     }
 
     @Throws(IOException::class)
@@ -352,14 +392,7 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
             masterKey = getFileKey(keyInputStream)
         }
 
-        val messageDigest: MessageDigest
-        try {
-            messageDigest = MessageDigest.getInstance("SHA-256")
-        } catch (e: NoSuchAlgorithmException) {
-            throw IOException("No SHA-256 implementation")
-        }
-
-        return messageDigest.digest(masterKey)
+        return HashManager.hashSha256(masterKey)
     }
 
     @Throws(IOException::class)
@@ -370,13 +403,13 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
 
             var transformedMasterKey = kdfEngine.transform(masterKey, keyDerivationFunctionParameters)
             if (transformedMasterKey.size != 32) {
-                transformedMasterKey = CryptoUtil.hashSha256(transformedMasterKey)
+                transformedMasterKey = HashManager.hashSha256(transformedMasterKey)
             }
 
             val cmpKey = ByteArray(65)
             System.arraycopy(masterSeed, 0, cmpKey, 0, 32)
             System.arraycopy(transformedMasterKey, 0, cmpKey, 32, 32)
-            finalKey = CryptoUtil.resizeKey(cmpKey, 0, 64, dataEngine.keyLength())
+            finalKey = resizeKey(cmpKey, dataEngine.keyLength())
 
             val messageDigest: MessageDigest
             try {
@@ -391,6 +424,47 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
         }
     }
 
+    private fun resizeKey(inBytes: ByteArray, cbOut: Int): ByteArray {
+        if (cbOut == 0) return ByteArray(0)
+
+        val messageDigest = if (cbOut <= 32) HashManager.getHash256() else HashManager.getHash512()
+        messageDigest.update(inBytes, 0, 64)
+        val hash: ByteArray = messageDigest.digest()
+
+        if (cbOut == hash.size) {
+            return hash
+        }
+
+        val ret = ByteArray(cbOut)
+        if (cbOut < hash.size) {
+            System.arraycopy(hash, 0, ret, 0, cbOut)
+        } else {
+            var pos = 0
+            var r: Long = 0
+            while (pos < cbOut) {
+                val hmac: Mac
+                try {
+                    hmac = Mac.getInstance("HmacSHA256")
+                } catch (e: NoSuchAlgorithmException) {
+                    throw RuntimeException(e)
+                }
+
+                val pbR = longTo8Bytes(r)
+                val part = hmac.doFinal(pbR)
+
+                val copy = min(cbOut - pos, part.size)
+                System.arraycopy(part, 0, ret, pos, copy)
+                pos += copy
+                r++
+
+                Arrays.fill(part, 0.toByte())
+            }
+        }
+
+        Arrays.fill(hash, 0.toByte())
+        return ret
+    }
+
     override fun loadXmlKeyFile(keyInputStream: InputStream): ByteArray? {
         try {
             val documentBuilderFactory = DocumentBuilderFactory.newInstance()
@@ -488,17 +562,13 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
     }
 
     private fun checkKeyFileHash(data: String, hash: String): Boolean {
-        val digest: MessageDigest?
         var success = false
         try {
-            digest = MessageDigest.getInstance("SHA-256")
-            digest?.reset()
             // hexadecimal encoding of the first 4 bytes of the SHA-256 hash of the key.
-            val dataDigest = digest.digest(Hex.decodeHex(data.toCharArray()))
-                    .copyOfRange(0, 4)
-                    .toHexString()
+            val dataDigest = HashManager.hashSha256(Hex.decodeHex(data.toCharArray()))
+                    .copyOfRange(0, 4).toHexString()
             success = dataDigest == hash
-        } catch (e: NoSuchAlgorithmException) {
+        } catch (e: Exception) {
             e.printStackTrace()
         }
         return success
@@ -569,14 +639,14 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
             }
             addGroupTo(recycleBinGroup, rootGroup)
             recycleBinUUID = recycleBinGroup.id
-            recycleBinChanged = recycleBinGroup.lastModificationTime.date
+            recycleBinChanged = recycleBinGroup.lastModificationTime
         }
     }
 
     fun removeRecycleBin() {
         if (recycleBin != null) {
             recycleBinUUID = UUID_ZERO
-            recycleBinChanged = DateInstant().date
+            recycleBinChanged = DateInstant()
         }
     }
 
@@ -590,6 +660,9 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
             return false
         if (recycleBin == null)
             return false
+        if (node is GroupKDBX
+                && recycleBin!!.isContainedIn(node))
+            return false
         if (!node.isContainedIn(recycleBin!!))
             return true
         return false
@@ -627,9 +700,20 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
         this.deletedObjects.add(deletedObject)
     }
 
+    override fun addEntryTo(newEntry: EntryKDBX, parent: GroupKDBX?) {
+        super.addEntryTo(newEntry, parent)
+        mFieldReferenceEngine.clear()
+    }
+
+    override fun updateEntry(entry: EntryKDBX) {
+        super.updateEntry(entry)
+        mFieldReferenceEngine.clear()
+    }
+
     override fun removeEntryFrom(entryToRemove: EntryKDBX, parent: GroupKDBX?) {
         super.removeEntryFrom(entryToRemove, parent)
         deletedObjects.add(DeletedObject(entryToRemove.id))
+        mFieldReferenceEngine.clear()
     }
 
     override fun undoDeleteEntryFrom(entry: EntryKDBX, origParent: GroupKDBX?) {
@@ -641,13 +725,12 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
         return publicCustomData.size() > 0
     }
 
-    fun buildNewAttachment(cacheDirectory: File,
+    fun buildNewAttachment(smallSize: Boolean,
                            compression: Boolean,
                            protection: Boolean,
                            binaryPoolId: Int? = null): BinaryData {
-        return binaryPool.put(binaryPoolId) { uniqueBinaryId ->
-            val fileInCache = File(cacheDirectory, uniqueBinaryId)
-            BinaryFile(fileInCache, compression, protection)
+        return attachmentPool.put(binaryPoolId) { uniqueBinaryId ->
+            binaryCache.getBinaryData(uniqueBinaryId, smallSize, compression, protection)
         }.binary
     }
 
@@ -665,7 +748,7 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
         // Build binaries to remove with all binaries known
         val binariesToRemove = ArrayList<BinaryData>()
         if (binaries.isEmpty()) {
-            binaryPool.doForEachBinary { _, binary ->
+            attachmentPool.doForEachBinary { _, binary ->
                 binariesToRemove.add(binary)
             }
         } else {
@@ -674,7 +757,7 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
         // Remove binaries from the list
         rootGroup?.doForEachChild(object : NodeHandler<EntryKDBX>() {
             override fun operate(node: EntryKDBX): Boolean {
-                node.getAttachments(binaryPool, true).forEach {
+                node.getAttachments(attachmentPool, true).forEach {
                     binariesToRemove.remove(it.binaryData)
                 }
                 return binariesToRemove.isNotEmpty()
@@ -683,9 +766,9 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
         // Effective removing
         binariesToRemove.forEach {
             try {
-                binaryPool.remove(it)
+                attachmentPool.remove(it)
                 if (clear)
-                    it.clear()
+                    it.clear(binaryCache)
             } catch (e: Exception) {
                 Log.w(TAG, "Unable to clean binaries", e)
             }
@@ -701,7 +784,8 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
     override fun clearCache() {
         try {
             super.clearCache()
-            binaryPool.clear()
+            mFieldReferenceEngine.clear()
+            attachmentPool.clear()
         } catch (e: Exception) {
             Log.e(TAG, "Unable to clear cache", e)
         }

app/src/main/java/com/kunzisoft/keepass/database/element/database/DatabaseVersioned.kt

@@ -19,23 +19,22 @@
  */
 package com.kunzisoft.keepass.database.element.database
 
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfEngine
-import com.kunzisoft.keepass.database.element.Database
+import com.kunzisoft.encrypt.HashManager
+import com.kunzisoft.keepass.database.crypto.EncryptionAlgorithm
+import com.kunzisoft.keepass.database.element.binary.AttachmentPool
+import com.kunzisoft.keepass.database.element.binary.BinaryCache
 import com.kunzisoft.keepass.database.element.entry.EntryVersioned
 import com.kunzisoft.keepass.database.element.group.GroupVersioned
 import com.kunzisoft.keepass.database.element.icon.IconImageStandard
 import com.kunzisoft.keepass.database.element.icon.IconsManager
 import com.kunzisoft.keepass.database.element.node.NodeId
 import com.kunzisoft.keepass.database.element.node.Type
-import com.kunzisoft.keepass.database.element.security.EncryptionAlgorithm
 import com.kunzisoft.keepass.database.exception.DuplicateUuidDatabaseException
 import org.apache.commons.codec.binary.Hex
 import java.io.ByteArrayInputStream
 import java.io.IOException
 import java.io.InputStream
 import java.io.UnsupportedEncodingException
-import java.security.MessageDigest
-import java.security.NoSuchAlgorithmException
 import java.util.*
 
 abstract class DatabaseVersioned<
@@ -48,26 +47,27 @@ abstract class DatabaseVersioned<
     // Algorithm used to encrypt the database
     protected var algorithm: EncryptionAlgorithm? = null
 
-    abstract val kdfEngine: KdfEngine?
+    abstract val kdfEngine: com.kunzisoft.keepass.database.crypto.kdf.KdfEngine?
 
-    abstract val kdfAvailableList: List<KdfEngine>
+    abstract val kdfAvailableList: List<com.kunzisoft.keepass.database.crypto.kdf.KdfEngine>
 
     var masterKey = ByteArray(32)
     var finalKey: ByteArray? = null
         protected set
 
     /**
+     * To manage binaries in faster way
      * Cipher key generated when the database is loaded, and destroyed when the database is closed
      * Can be used to temporarily store database elements
      */
-    var loadedCipherKey: Database.LoadedKey? = null
-
-    val iconsManager = IconsManager()
+    var binaryCache = BinaryCache()
+    val iconsManager = IconsManager(binaryCache)
+    var attachmentPool = AttachmentPool(binaryCache)
 
     var changeDuplicateId = false
 
     private var groupIndexes = LinkedHashMap<NodeId<GroupId>, Group>()
-    private var entryIndexes = LinkedHashMap<NodeId<EntryId>, Entry>()
+    protected var entryIndexes = LinkedHashMap<NodeId<EntryId>, Entry>()
 
     abstract val version: String
 
@@ -86,6 +86,12 @@ abstract class DatabaseVersioned<
     abstract val availableEncryptionAlgorithms: List<EncryptionAlgorithm>
 
     var rootGroup: Group? = null
+        set(value) {
+            field = value
+            value?.let {
+                addGroupIndex(it)
+            }
+        }
 
     @Throws(IOException::class)
     protected abstract fun getMasterKey(key: String?, keyInputStream: InputStream?): ByteArray
@@ -99,42 +105,21 @@ abstract class DatabaseVersioned<
     protected fun getCompositeKey(key: String, keyfileInputStream: InputStream): ByteArray {
         val fileKey = getFileKey(keyfileInputStream)
         val passwordKey = getPasswordKey(key)
-
-        val messageDigest: MessageDigest
-        try {
-            messageDigest = MessageDigest.getInstance("SHA-256")
-        } catch (e: NoSuchAlgorithmException) {
-            throw IOException("SHA-256 not supported")
-        }
-
-        messageDigest.update(passwordKey)
-
-        return messageDigest.digest(fileKey)
+        return HashManager.hashSha256(passwordKey, fileKey)
     }
 
     @Throws(IOException::class)
     protected fun getPasswordKey(key: String): ByteArray {
-        val messageDigest: MessageDigest
-        try {
-            messageDigest = MessageDigest.getInstance("SHA-256")
-        } catch (e: NoSuchAlgorithmException) {
-            throw IOException("SHA-256 not supported")
-        }
-
         val bKey: ByteArray = try {
             key.toByteArray(charset(passwordEncoding))
         } catch (e: UnsupportedEncodingException) {
             key.toByteArray()
         }
-
-        messageDigest.update(bKey, 0, bKey.size)
-
-        return messageDigest.digest()
+        return HashManager.hashSha256(bKey)
     }
 
     @Throws(IOException::class)
     protected fun getFileKey(keyInputStream: InputStream): ByteArray {
-
         val keyData = keyInputStream.readBytes()
 
         // Check XML key file
@@ -152,13 +137,8 @@ abstract class DatabaseVersioned<
                 // Key is not base 64, treat it as binary data
             }
         }
-
         // Hash file as binary data
-        try {
-            return MessageDigest.getInstance("SHA-256").digest(keyData)
-        } catch (e: NoSuchAlgorithmException) {
-            throw IOException("SHA-256 not supported")
-        }
+        return HashManager.hashSha256(keyData)
     }
 
     protected open fun loadXmlKeyFile(keyInputStream: InputStream): ByteArray? {
@@ -337,8 +317,6 @@ abstract class DatabaseVersioned<
 
     abstract fun getStandardIcon(iconId: Int): IconImageStandard
 
-    abstract fun containsCustomData(): Boolean
-
     fun addGroupTo(newGroup: Group, parent: Group?) {
         // Add tree to parent tree
         parent?.addChildGroup(newGroup)
@@ -356,14 +334,14 @@ abstract class DatabaseVersioned<
         removeGroupIndex(groupToRemove)
     }
 
-    fun addEntryTo(newEntry: Entry, parent: Group?) {
+    open fun addEntryTo(newEntry: Entry, parent: Group?) {
         // Add entry to parent
         parent?.addChildEntry(newEntry)
         newEntry.parent = parent
         addEntryIndex(newEntry)
     }
 
-    fun updateEntry(entry: Entry) {
+    open fun updateEntry(entry: Entry) {
         updateEntryIndex(entry)
     }
 

app/src/main/java/com/kunzisoft/keepass/database/element/entry/AutoType.kt

@@ -21,8 +21,6 @@ package com.kunzisoft.keepass.database.element.entry
 
 import android.os.Parcel
 import android.os.Parcelable
-
-import com.kunzisoft.keepass.utils.ParcelableUtil
 import com.kunzisoft.keepass.utils.UnsignedInt
 
 class AutoType : Parcelable {
@@ -30,7 +28,7 @@ class AutoType : Parcelable {
     var enabled = true
     var obfuscationOptions = OBF_OPT_NONE
     var defaultSequence = ""
-    private var windowSeqPairs = LinkedHashMap<String, String>()
+    private var windowSeqPairs = ArrayList<AutoTypeItem>()
 
     constructor()
 
@@ -38,16 +36,15 @@ class AutoType : Parcelable {
         this.enabled = autoType.enabled
         this.obfuscationOptions = autoType.obfuscationOptions
         this.defaultSequence = autoType.defaultSequence
-        for ((key, value) in autoType.windowSeqPairs) {
-            this.windowSeqPairs[key] = value
-        }
+        this.windowSeqPairs.clear()
+        this.windowSeqPairs.addAll(autoType.windowSeqPairs)
     }
 
     constructor(parcel: Parcel) {
         this.enabled = parcel.readByte().toInt() != 0
         this.obfuscationOptions = UnsignedInt(parcel.readInt())
         this.defaultSequence = parcel.readString() ?: defaultSequence
-        this.windowSeqPairs = ParcelableUtil.readStringParcelableMap(parcel)
+        parcel.readTypedList(this.windowSeqPairs, AutoTypeItem.CREATOR)
     }
 
     override fun describeContents(): Int {
@@ -58,15 +55,43 @@ class AutoType : Parcelable {
         dest.writeByte((if (enabled) 1 else 0).toByte())
         dest.writeInt(obfuscationOptions.toKotlinInt())
         dest.writeString(defaultSequence)
-        ParcelableUtil.writeStringParcelableMap(dest, windowSeqPairs)
+        dest.writeTypedList(windowSeqPairs)
     }
 
-    fun put(key: String, value: String) {
-        windowSeqPairs[key] = value
+    fun add(key: String, value: String) {
+        windowSeqPairs.add(AutoTypeItem(key, value))
     }
 
-    fun entrySet(): Set<MutableMap.MutableEntry<String, String>> {
-        return windowSeqPairs.entries
+    fun doForEachAutoTypeItem(action: (key: String, value: String) -> Unit) {
+        windowSeqPairs.forEach {
+            action.invoke(it.key, it.value)
+        }
+    }
+
+    private data class AutoTypeItem(var key: String, var value: String): Parcelable {
+        constructor(parcel: Parcel) : this(
+                parcel.readString() ?: "",
+                parcel.readString() ?: "") {
+        }
+
+        override fun writeToParcel(parcel: Parcel, flags: Int) {
+            parcel.writeString(key)
+            parcel.writeString(value)
+        }
+
+        override fun describeContents(): Int {
+            return 0
+        }
+
+        companion object CREATOR : Parcelable.Creator<AutoTypeItem> {
+            override fun createFromParcel(parcel: Parcel): AutoTypeItem {
+                return AutoTypeItem(parcel)
+            }
+
+            override fun newArray(size: Int): Array<AutoTypeItem?> {
+                return arrayOfNulls(size)
+            }
+        }
     }
 
     companion object {

app/src/main/java/com/kunzisoft/keepass/database/element/entry/EntryKDB.kt

@@ -22,7 +22,8 @@ package com.kunzisoft.keepass.database.element.entry
 import android.os.Parcel
 import android.os.Parcelable
 import com.kunzisoft.keepass.database.element.Attachment
-import com.kunzisoft.keepass.database.element.database.BinaryData
+import com.kunzisoft.keepass.database.element.binary.AttachmentPool
+import com.kunzisoft.keepass.database.element.binary.BinaryData
 import com.kunzisoft.keepass.database.element.group.GroupKDB
 import com.kunzisoft.keepass.database.element.icon.IconImageStandard.Companion.KEY_ID
 import com.kunzisoft.keepass.database.element.node.NodeId
@@ -56,7 +57,7 @@ class EntryKDB : EntryVersioned<Int, UUID, GroupKDB, EntryKDB>, NodeKDBInterface
 
     /** A string describing what is in binaryData  */
     var binaryDescription = ""
-    var binaryData: BinaryData? = null
+    private var binaryDataId: Int? = null
 
     // Determine if this is a MetaStream entry
     val isMetaStream: Boolean
@@ -89,7 +90,8 @@ class EntryKDB : EntryVersioned<Int, UUID, GroupKDB, EntryKDB>, NodeKDBInterface
         url = parcel.readString() ?: url
         notes = parcel.readString() ?: notes
         binaryDescription = parcel.readString() ?: binaryDescription
-        binaryData = parcel.readParcelable(BinaryData::class.java.classLoader)
+        val rawBinaryDataId = parcel.readInt()
+        binaryDataId = if (rawBinaryDataId == -1) null else rawBinaryDataId
     }
 
     override fun readParentParcelable(parcel: Parcel): GroupKDB? {
@@ -108,7 +110,7 @@ class EntryKDB : EntryVersioned<Int, UUID, GroupKDB, EntryKDB>, NodeKDBInterface
         dest.writeString(url)
         dest.writeString(notes)
         dest.writeString(binaryDescription)
-        dest.writeParcelable(binaryData, flags)
+        dest.writeInt(binaryDataId ?: -1)
     }
 
     fun updateWith(source: EntryKDB) {
@@ -119,7 +121,7 @@ class EntryKDB : EntryVersioned<Int, UUID, GroupKDB, EntryKDB>, NodeKDBInterface
         url = source.url
         notes = source.notes
         binaryDescription = source.binaryDescription
-        binaryData = source.binaryData
+        binaryDataId = source.binaryDataId
     }
 
     override var username = ""
@@ -138,26 +140,39 @@ class EntryKDB : EntryVersioned<Int, UUID, GroupKDB, EntryKDB>, NodeKDBInterface
     override val type: Type
         get() = Type.ENTRY
 
-    fun getAttachment(): Attachment? {
-        val binary = binaryData
-        return if (binary != null)
-            Attachment(binaryDescription, binary)
-        else null
+    fun getAttachment(attachmentPool: AttachmentPool): Attachment? {
+        binaryDataId?.let { poolId ->
+            attachmentPool[poolId]?.let { binary ->
+                return Attachment(binaryDescription, binary)
+            }
+        }
+        return null
     }
 
     fun containsAttachment(): Boolean {
-        return binaryData != null
+        return binaryDataId != null
     }
 
-    fun putAttachment(attachment: Attachment) {
+    fun getBinary(attachmentPool: AttachmentPool): BinaryData? {
+        this.binaryDataId?.let {
+            return attachmentPool[it]
+        }
+        return null
+    }
+
+    fun putBinary(binaryData: BinaryData, attachmentPool: AttachmentPool) {
+        this.binaryDataId = attachmentPool.put(binaryData)
+    }
+
+    fun putAttachment(attachment: Attachment, attachmentPool: AttachmentPool) {
         this.binaryDescription = attachment.name
-        this.binaryData = attachment.binaryData
+        this.binaryDataId = attachmentPool.put(attachment.binaryData)
     }
 
     fun removeAttachment(attachment: Attachment? = null) {
         if (attachment == null || this.binaryDescription == attachment.name) {
             this.binaryDescription = ""
-            this.binaryData = null
+            this.binaryDataId = null
         }
     }
 

app/src/main/java/com/kunzisoft/keepass/database/element/entry/EntryKDBX.kt

@@ -20,11 +20,15 @@
 package com.kunzisoft.keepass.database.element.entry
 
 import android.os.Parcel
+import android.os.ParcelUuid
 import android.os.Parcelable
 import com.kunzisoft.keepass.database.element.Attachment
+import com.kunzisoft.keepass.database.element.CustomData
 import com.kunzisoft.keepass.database.element.DateInstant
-import com.kunzisoft.keepass.database.element.database.AttachmentPool
+import com.kunzisoft.keepass.database.element.Tags
+import com.kunzisoft.keepass.database.element.binary.AttachmentPool
 import com.kunzisoft.keepass.database.element.database.DatabaseKDBX
+import com.kunzisoft.keepass.database.element.database.DatabaseVersioned
 import com.kunzisoft.keepass.database.element.group.GroupKDBX
 import com.kunzisoft.keepass.database.element.node.NodeId
 import com.kunzisoft.keepass.database.element.node.NodeIdUUID
@@ -45,42 +49,20 @@ class EntryKDBX : EntryVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
     @Transient
     private var mDecodeRef = false
 
-    var customData = LinkedHashMap<String, String>()
+    override var usageCount = UnsignedLong(0)
+    override var locationChanged = DateInstant()
+    override var customData = CustomData()
     var fields = LinkedHashMap<String, ProtectedString>()
     var binaries = LinkedHashMap<String, Int>() // Map<Label, PoolId>
     var foregroundColor = ""
     var backgroundColor = ""
     var overrideURL = ""
+    override var tags = Tags()
+    override var previousParentGroup: UUID = DatabaseVersioned.UUID_ZERO
+    var qualityCheck = true
     var autoType = AutoType()
     var history = ArrayList<EntryKDBX>()
     var additional = ""
-    var tags = ""
-
-    fun getSize(attachmentPool: AttachmentPool): Long {
-        var size = FIXED_LENGTH_SIZE
-
-        for (entry in fields.entries) {
-            size += entry.key.length.toLong()
-            size += entry.value.length().toLong()
-        }
-
-        size += getAttachmentsSize(attachmentPool)
-
-        size += autoType.defaultSequence.length.toLong()
-        for ((key, value) in autoType.entrySet()) {
-            size += key.length.toLong()
-            size += value.length.toLong()
-        }
-
-        for (entry in history) {
-            size += entry.getSize(attachmentPool)
-        }
-
-        size += overrideURL.length.toLong()
-        size += tags.length.toLong()
-
-        return size
-    }
 
     override var expires: Boolean = false
 
@@ -89,34 +71,44 @@ class EntryKDBX : EntryVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
     constructor(parcel: Parcel) : super(parcel) {
         usageCount = UnsignedLong(parcel.readLong())
         locationChanged = parcel.readParcelable(DateInstant::class.java.classLoader) ?: locationChanged
-        customData = ParcelableUtil.readStringParcelableMap(parcel)
+        customData = parcel.readParcelable(CustomData::class.java.classLoader) ?: CustomData()
         fields = ParcelableUtil.readStringParcelableMap(parcel, ProtectedString::class.java)
         binaries = ParcelableUtil.readStringIntMap(parcel)
         foregroundColor = parcel.readString() ?: foregroundColor
         backgroundColor = parcel.readString() ?: backgroundColor
         overrideURL = parcel.readString() ?: overrideURL
+        tags = parcel.readParcelable(Tags::class.java.classLoader) ?: tags
+        previousParentGroup = parcel.readParcelable<ParcelUuid>(ParcelUuid::class.java.classLoader)?.uuid ?: DatabaseVersioned.UUID_ZERO
         autoType = parcel.readParcelable(AutoType::class.java.classLoader) ?: autoType
         parcel.readTypedList(history, CREATOR)
         url = parcel.readString() ?: url
         additional = parcel.readString() ?: additional
-        tags = parcel.readString() ?: tags
+    }
+
+    override fun readParentParcelable(parcel: Parcel): GroupKDBX? {
+        return parcel.readParcelable(GroupKDBX::class.java.classLoader)
+    }
+
+    override fun writeParentParcelable(parent: GroupKDBX?, parcel: Parcel, flags: Int) {
+        parcel.writeParcelable(parent, flags)
     }
 
     override fun writeToParcel(dest: Parcel, flags: Int) {
         super.writeToParcel(dest, flags)
         dest.writeLong(usageCount.toKotlinLong())
         dest.writeParcelable(locationChanged, flags)
-        ParcelableUtil.writeStringParcelableMap(dest, customData)
+        dest.writeParcelable(customData, flags)
         ParcelableUtil.writeStringParcelableMap(dest, flags, fields)
         ParcelableUtil.writeStringIntMap(dest, binaries)
         dest.writeString(foregroundColor)
         dest.writeString(backgroundColor)
         dest.writeString(overrideURL)
+        dest.writeParcelable(tags, flags)
+        dest.writeParcelable(ParcelUuid(previousParentGroup), flags)
         dest.writeParcelable(autoType, flags)
         dest.writeTypedList(history)
         dest.writeString(url)
         dest.writeString(additional)
-        dest.writeString(tags)
     }
 
     /**
@@ -127,9 +119,7 @@ class EntryKDBX : EntryVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
         super.updateWith(source)
         usageCount = source.usageCount
         locationChanged = DateInstant(source.locationChanged)
-        // Add all custom elements in map
-        customData.clear()
-        customData.putAll(source.customData)
+        customData = CustomData(source.customData)
         fields.clear()
         fields.putAll(source.fields)
         binaries.clear()
@@ -137,13 +127,14 @@ class EntryKDBX : EntryVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
         foregroundColor = source.foregroundColor
         backgroundColor = source.backgroundColor
         overrideURL = source.overrideURL
+        tags = source.tags
+        previousParentGroup = source.previousParentGroup
         autoType = AutoType(source.autoType)
         history.clear()
         if (copyHistory)
             history.addAll(source.history)
         url = source.url
         additional = source.additional
-        tags = source.tags
     }
 
     fun startToManageFieldReferences(database: DatabaseKDBX) {
@@ -164,13 +155,8 @@ class EntryKDBX : EntryVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
         return NodeIdUUID(nodeId.id)
     }
 
-    override fun readParentParcelable(parcel: Parcel): GroupKDBX? {
-        return parcel.readParcelable(GroupKDBX::class.java.classLoader)
-    }
-
-    override fun writeParentParcelable(parent: GroupKDBX?, parcel: Parcel, flags: Int) {
-        parcel.writeParcelable(parent, flags)
-    }
+    override val type: Type
+        get() = Type.ENTRY
 
     /**
      * Decode a reference key with the FieldReferencesEngine
@@ -178,55 +164,94 @@ class EntryKDBX : EntryVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
      * @param key
      * @return
      */
-    private fun decodeRefKey(decodeRef: Boolean, key: String): String {
+    private fun decodeRefKey(decodeRef: Boolean, key: String, recursionLevel: Int): String {
         return fields[key]?.toString()?.let { text ->
             return if (decodeRef) {
-                if (mDatabase == null) text else FieldReferencesEngine().compile(text, this, mDatabase!!)
+                mDatabase?.getFieldReferenceValue(text, recursionLevel) ?: text
             } else text
         } ?: ""
     }
 
+    fun decodeTitleKey(recursionLevel: Int): String {
+        return decodeRefKey(mDecodeRef, STR_TITLE, recursionLevel)
+    }
+
     override var title: String
-        get() = decodeRefKey(mDecodeRef, STR_TITLE)
+        get() = decodeTitleKey(0)
         set(value) {
             val protect = mDatabase != null && mDatabase!!.memoryProtection.protectTitle
             fields[STR_TITLE] = ProtectedString(protect, value)
         }
 
-    override val type: Type
-        get() = Type.ENTRY
+    fun decodeUsernameKey(recursionLevel: Int): String {
+        return decodeRefKey(mDecodeRef, STR_USERNAME, recursionLevel)
+    }
 
     override var username: String
-        get() = decodeRefKey(mDecodeRef, STR_USERNAME)
+        get() = decodeUsernameKey(0)
         set(value) {
             val protect = mDatabase != null && mDatabase!!.memoryProtection.protectUserName
             fields[STR_USERNAME] = ProtectedString(protect, value)
         }
 
+    fun decodePasswordKey(recursionLevel: Int): String {
+        return decodeRefKey(mDecodeRef, STR_PASSWORD, recursionLevel)
+    }
+
     override var password: String
-        get() = decodeRefKey(mDecodeRef, STR_PASSWORD)
+        get() = decodePasswordKey(0)
         set(value) {
             val protect = mDatabase != null && mDatabase!!.memoryProtection.protectPassword
             fields[STR_PASSWORD] = ProtectedString(protect, value)
         }
 
+    fun decodeUrlKey(recursionLevel: Int): String {
+        return decodeRefKey(mDecodeRef, STR_URL, recursionLevel)
+    }
+
     override var url
-        get() = decodeRefKey(mDecodeRef, STR_URL)
+        get() = decodeUrlKey(0)
         set(value) {
             val protect = mDatabase != null && mDatabase!!.memoryProtection.protectUrl
             fields[STR_URL] = ProtectedString(protect, value)
         }
 
+    fun decodeNotesKey(recursionLevel: Int): String {
+        return decodeRefKey(mDecodeRef, STR_NOTES, recursionLevel)
+    }
+
     override var notes: String
-        get() = decodeRefKey(mDecodeRef, STR_NOTES)
+        get() = decodeNotesKey(0)
         set(value) {
             val protect = mDatabase != null && mDatabase!!.memoryProtection.protectNotes
             fields[STR_NOTES] = ProtectedString(protect, value)
         }
 
-    override var usageCount = UnsignedLong(0)
+    fun getSize(attachmentPool: AttachmentPool): Long {
+        var size = FIXED_LENGTH_SIZE
 
-    override var locationChanged = DateInstant()
+        for (entry in fields.entries) {
+            size += entry.key.length.toLong()
+            size += entry.value.length().toLong()
+        }
+
+        size += getAttachmentsSize(attachmentPool)
+
+        size += autoType.defaultSequence.length.toLong()
+        autoType.doForEachAutoTypeItem { key, value ->
+            size += key.length.toLong()
+            size += value.length.toLong()
+        }
+
+        for (entry in history) {
+            size += entry.getSize(attachmentPool)
+        }
+
+        size += overrideURL.length.toLong()
+        size += tags.toString().length
+
+        return size
+    }
 
     fun afterChangeParent() {
         locationChanged = DateInstant()
@@ -240,25 +265,32 @@ class EntryKDBX : EntryVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
                 || key == STR_NOTES)
     }
 
-    var customFields = LinkedHashMap<String, ProtectedString>()
-        get() {
-            field.clear()
-            for ((key, value) in fields) {
-                if (!isStandardField(key)) {
-                    field[key] = ProtectedString(value.isProtected, decodeRefKey(mDecodeRef, key))
-                }
+    fun doForEachDecodedCustomField(action: (key: String, value: ProtectedString) -> Unit) {
+        val iterator = fields.entries.iterator()
+        while (iterator.hasNext()) {
+            val mapEntry = iterator.next()
+            if (!isStandardField(mapEntry.key)) {
+                action.invoke(mapEntry.key,
+                        ProtectedString(mapEntry.value.isProtected,
+                                decodeRefKey(mDecodeRef, mapEntry.key, 0)
+                        )
+                )
             }
-            return field
         }
+    }
+
+    fun getField(key: String): ProtectedString? {
+        return fields[key]
+    }
+
+    fun putField(label: String, value: ProtectedString) {
+        fields[label] = value
+    }
 
     fun removeAllFields() {
         fields.clear()
     }
 
-    fun putExtraField(label: String, value: ProtectedString) {
-        fields[label] = value
-    }
-
     /**
      * It's a list because history labels can be defined multiple times
      */
@@ -302,14 +334,6 @@ class EntryKDBX : EntryVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
         return size
     }
 
-    override fun putCustomData(key: String, value: String) {
-        customData[key] = value
-    }
-
-    override fun containsCustomData(): Boolean {
-        return customData.isNotEmpty()
-    }
-
     fun addEntryToHistory(entry: EntryKDBX) {
         history.add(entry)
     }
@@ -338,8 +362,7 @@ class EntryKDBX : EntryVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
 
     override fun touch(modified: Boolean, touchParents: Boolean) {
         super.touch(modified, touchParents)
-        // TODO unsigned long
-        usageCount = UnsignedLong(usageCount.toKotlinLong() + 1)
+        usageCount.plusOne()
     }
 
     companion object {
@@ -350,6 +373,8 @@ class EntryKDBX : EntryVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
         const val STR_URL = "URL"
         const val STR_NOTES = "Notes"
 
+        private const val FIXED_LENGTH_SIZE: Long = 128 // Approximate fixed length size
+
         fun newCustomNameAllowed(name: String): Boolean {
             return !(name.equals(STR_TITLE, true)
                     || name.equals(STR_USERNAME, true)
@@ -368,7 +393,5 @@ class EntryKDBX : EntryVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
                 return arrayOfNulls(size)
             }
         }
-
-        private const val FIXED_LENGTH_SIZE: Long = 128 // Approximate fixed length size
     }
 }

app/src/main/java/com/kunzisoft/keepass/database/element/entry/EntryVersioned.kt

@@ -36,6 +36,10 @@ abstract class EntryVersioned
 
     constructor(parcel: Parcel) : super(parcel)
 
+    override fun writeToParcel(dest: Parcel, flags: Int) {
+        super.writeToParcel(dest, flags)
+    }
+
     override fun nodeIndexInParentForNaturalOrder(): Int {
         if (nodeIndexInParentForNaturalOrder == -1) {
             val numberOfGroups = parent?.getChildGroups()?.size

app/src/main/java/com/kunzisoft/keepass/database/element/entry/FieldReferencesEngine.kt

@@ -19,269 +19,132 @@
  */
 package com.kunzisoft.keepass.database.element.entry
 
+import android.util.Log
 import com.kunzisoft.keepass.database.element.database.DatabaseKDBX
-import com.kunzisoft.keepass.database.element.group.GroupKDBX
-import com.kunzisoft.keepass.database.search.EntryKDBXSearchHandler
-import com.kunzisoft.keepass.database.search.SearchParameters
-import java.util.*
+import com.kunzisoft.keepass.database.element.node.NodeIdUUID
+import com.kunzisoft.keepass.utils.UuidUtil
+import java.util.concurrent.ConcurrentHashMap
 
-class FieldReferencesEngine {
+class FieldReferencesEngine(private val mDatabase: DatabaseKDBX) {
 
-    inner class TargetResult(var entry: EntryKDBX?, var wanted: Char)
+    // Key : <WantedField>@<SearchIn>:<Text>
+    // Value : content
+    private var refsCache = ConcurrentHashMap<String, String?>()
 
-    private inner class SprContextV4 {
-
-        var databaseV4: DatabaseKDBX? = null
-        var entry: EntryKDBX
-        var refsCache: MutableMap<String, String> = HashMap()
-
-        internal constructor(db: DatabaseKDBX, entry: EntryKDBX) {
-            this.databaseV4 = db
-            this.entry = entry
-        }
-
-        internal constructor(source: SprContextV4) {
-            this.databaseV4 = source.databaseV4
-            this.entry = source.entry
-            this.refsCache = source.refsCache
-        }
+    fun clear() {
+        refsCache.clear()
     }
 
-    fun compile(text: String, entry: EntryKDBX, database: DatabaseKDBX): String {
-        return compileInternal(text, SprContextV4(database, entry), 0)
-    }
-
-    private fun compileInternal(text: String?, sprContextV4: SprContextV4?, recursionLevel: Int): String {
-        if (text == null) {
-            return ""
-        }
-        if (sprContextV4 == null) {
-            return ""
-        }
+    fun compile(textReference: String, recursionLevel: Int): String {
         return if (recursionLevel >= MAX_RECURSION_DEPTH) {
             ""
-        } else fillRefPlaceholders(text, sprContextV4, recursionLevel)
-
+        } else
+            fillReferencesPlaceholders(textReference, recursionLevel)
     }
 
-    private fun fillRefPlaceholders(textReference: String, contextV4: SprContextV4, recursionLevel: Int): String {
-        var text = textReference
-
-        if (contextV4.databaseV4 == null) {
-            return text
-        }
+    /**
+     * Manage placeholders with {REF:<WantedField>@<SearchIn>:<Text>}
+     */
+    private fun fillReferencesPlaceholders(textReference: String, recursionLevel: Int): String {
+        var textValue = textReference
 
         var offset = 0
-        for (i in 0..19) {
-            text = fillRefsUsingCache(text, contextV4)
+        var numberInlineRef = 0
+        while (textValue.contains(STR_REF_START)
+                && numberInlineRef <= MAX_INLINE_REF) {
+            numberInlineRef++
 
-            val start = text.indexOf(STR_REF_START, offset, true)
-            if (start < 0) {
-                break
-            }
-            val end = text.indexOf(STR_REF_END, start + 1, true)
-            if (end <= start) {
-                break
-            }
+            try {
+                textValue = fillReferencesUsingCache(textValue)
 
-            val fullRef = text.substring(start, end + 1)
-            val result = findRefTarget(fullRef, contextV4)
-
-            if (result != null) {
-                val found = result.entry
-                found?.stopToManageFieldReferences()
-                val wanted = result.wanted
-
-                var data: String? = null
-                when (wanted) {
-                    'T' -> data = found?.title
-                    'U' -> data = found?.username
-                    'A' -> data = found?.url
-                    'P' -> data = found?.password
-                    'N' -> data = found?.notes
-                    'I' -> data = found?.nodeId.toString()
+                val start = textValue.indexOf(STR_REF_START, offset, true)
+                if (start < 0) {
+                    break
+                }
+                val end = textValue.indexOf(STR_REF_END, offset, true)
+                if (end <= start) {
+                    break
                 }
 
-                if (data != null && found != null) {
-                    val subCtx = SprContextV4(contextV4)
-                    subCtx.entry = found
+                val reference = textValue.substring(start + STR_REF_START.length, end)
+                val fullReference = "$STR_REF_START$reference$STR_REF_END"
 
-                    val innerContent = compileInternal(data, subCtx, recursionLevel + 1)
-                    addRefsToCache(fullRef, innerContent, contextV4)
-                    text = fillRefsUsingCache(text, contextV4)
-                } else {
-                    offset = start + 1
+                if (!refsCache.containsKey(fullReference)) {
+                    val newRecursionLevel = recursionLevel + 1
+                    val result = findReferenceTarget(reference, newRecursionLevel)
+                    val entryFound = result.entry
+                    val data: String? = when (result.wanted) {
+                        'T' -> entryFound?.decodeTitleKey(newRecursionLevel)
+                        'U' -> entryFound?.decodeUsernameKey(newRecursionLevel)
+                        'A' -> entryFound?.decodeUrlKey(newRecursionLevel)
+                        'P' -> entryFound?.decodePasswordKey(newRecursionLevel)
+                        'N' -> entryFound?.decodeNotesKey(newRecursionLevel)
+                        'I' -> UuidUtil.toHexString(entryFound?.nodeId?.id)
+                        else -> null
+                    }
+                    refsCache[fullReference] = data
+                    textValue = fillReferencesUsingCache(textValue)
                 }
+
+                offset = end
+            } catch (e: Exception) {
+                Log.e(TAG, "Error when fill placeholders by reference", e)
             }
-
         }
-
-        return text
+        return textValue
     }
 
-    private fun findRefTarget(fullReference: String?, contextV4: SprContextV4): TargetResult? {
-        var fullRef: String? = fullReference ?: return null
-
-        fullRef = fullRef!!.toUpperCase(Locale.ENGLISH)
-        if (!fullRef.startsWith(STR_REF_START) || !fullRef.endsWith(STR_REF_END)) {
-            return null
-        }
-
-        val ref = fullRef.substring(STR_REF_START.length, fullRef.length - STR_REF_END.length)
-        if (ref.length <= 4) {
-            return null
-        }
-        if (ref[1] != '@') {
-            return null
-        }
-        if (ref[3] != ':') {
-            return null
-        }
-
-        val scan = Character.toUpperCase(ref[2])
-        val wanted = Character.toUpperCase(ref[0])
-
-        val searchParameters = SearchParameters()
-        searchParameters.setupNone()
-
-        searchParameters.searchString = ref.substring(4)
-        when (scan) {
-            'T' -> searchParameters.searchInTitles = true
-            'U' -> searchParameters.searchInUserNames = true
-            'A' -> searchParameters.searchInUrls = true
-            'P' -> searchParameters.searchInPasswords = true
-            'N' -> searchParameters.searchInNotes = true
-            'I' -> searchParameters.searchInUUIDs = true
-            'O' -> searchParameters.searchInOther = true
-            else -> return null
-        }
-
-        val list = ArrayList<EntryKDBX>()
-        searchEntries(contextV4.databaseV4?.rootGroup, searchParameters, list)
-
-        return if (list.size > 0) {
-            TargetResult(list[0], wanted)
-        } else null
-
-    }
-
-    private fun addRefsToCache(ref: String?, value: String?, ctx: SprContextV4?) {
-        if (ref == null) {
-            return
-        }
-        if (value == null) {
-            return
-        }
-        if (ctx == null) {
-            return
-        }
-
-        if (!ctx.refsCache.containsKey(ref)) {
-            ctx.refsCache[ref] = value
-        }
-    }
-
-    private fun fillRefsUsingCache(text: String, sprContextV4: SprContextV4): String {
+    private fun fillReferencesUsingCache(text: String): String {
         var newText = text
-        for ((key, value) in sprContextV4.refsCache) {
-            newText = text.replace(key, value, true)
+        refsCache.keys.forEach { key ->
+            // Replace by key if value not found
+            newText = newText.replace(key, refsCache[key] ?: key, true)
         }
         return newText
     }
 
-    private fun searchEntries(root: GroupKDBX?, searchParameters: SearchParameters?, listStorage: MutableList<EntryKDBX>?) {
-        if (searchParameters == null) {
-            return
+    private fun findReferenceTarget(reference: String, recursionLevel: Int): TargetResult {
+
+        val targetResult = TargetResult(null, 'J')
+
+        if (reference.length <= 4) {
+            return targetResult
         }
-        if (listStorage == null) {
-            return
+        if (reference[1] != '@') {
+            return targetResult
+        }
+        if (reference[3] != ':') {
+            return targetResult
         }
 
-        val terms = splitStringTerms(searchParameters.searchString)
-        if (terms.size <= 1 || searchParameters.regularExpression) {
-            root!!.doForEachChild(EntryKDBXSearchHandler(searchParameters, listStorage), null)
-            return
-        }
-
-        // Search longest term first
-        val stringLengthComparator = Comparator<String> { lhs, rhs -> lhs.length - rhs.length }
-        Collections.sort(terms, stringLengthComparator)
-
-        val fullSearch = searchParameters.searchString
-        var childEntries: List<EntryKDBX>? = root!!.getChildEntries()
-        for (i in terms.indices) {
-            val pgNew = ArrayList<EntryKDBX>()
-
-            searchParameters.searchString = terms[i]
-
-            var negate = false
-            if (searchParameters.searchString.startsWith("-")) {
-                searchParameters.searchString = searchParameters.searchString.substring(1)
-                negate = searchParameters.searchString.isNotEmpty()
-            }
-
-            if (!root.doForEachChild(EntryKDBXSearchHandler(searchParameters, pgNew), null)) {
-                childEntries = null
-                break
-            }
-
-            childEntries = if (negate) {
-                val complement = ArrayList<EntryKDBX>()
-                for (entry in childEntries!!) {
-                    if (!pgNew.contains(entry)) {
-                        complement.add(entry)
-                    }
-                }
-                complement
-            } else {
-                pgNew
-            }
-        }
-
-        if (childEntries != null) {
-            listStorage.addAll(childEntries)
-        }
-        searchParameters.searchString = fullSearch
-    }
-
-    /**
-     * Create a list of String by split text when ' ', '\t', '\r' or '\n' is found
-     */
-    private fun splitStringTerms(text: String?): List<String> {
-        val list = ArrayList<String>()
-        if (text == null) {
-            return list
-        }
-
-        val stringBuilder = StringBuilder()
-        var quoted = false
-
-        for (element in text) {
-
-            if ((element == ' ' || element == '\t' || element == '\r' || element == '\n') && !quoted) {
-
-                val len = stringBuilder.length
-                when {
-                    len > 0 -> {
-                        list.add(stringBuilder.toString())
-                        stringBuilder.delete(0, len)
-                    }
-                    element == '\"' -> quoted = !quoted
-                    else -> stringBuilder.append(element)
+        targetResult.wanted = Character.toUpperCase(reference[0])
+        val searchIn = Character.toUpperCase(reference[2])
+        val searchQuery = reference.substring(4)
+        targetResult.entry = when (searchIn) {
+            'T' -> mDatabase.getEntryByTitle(searchQuery, recursionLevel)
+            'U' -> mDatabase.getEntryByUsername(searchQuery, recursionLevel)
+            'A' -> mDatabase.getEntryByURL(searchQuery, recursionLevel)
+            'P' -> mDatabase.getEntryByPassword(searchQuery, recursionLevel)
+            'N' -> mDatabase.getEntryByNotes(searchQuery, recursionLevel)
+            'I' -> {
+                UuidUtil.fromHexString(searchQuery)?.let { uuid ->
+                    mDatabase.getEntryById(NodeIdUUID(uuid))
                 }
             }
+            'O' -> mDatabase.getEntryByCustomData(searchQuery)
+            else -> null
         }
-
-        if (stringBuilder.isNotEmpty()) {
-            list.add(stringBuilder.toString())
-        }
-
-        return list
+        return targetResult
     }
 
+    private data class TargetResult(var entry: EntryKDBX?, var wanted: Char)
+
     companion object {
-        private const val MAX_RECURSION_DEPTH = 12
+        private const val MAX_RECURSION_DEPTH = 10
+        private const val MAX_INLINE_REF = 10
         private const val STR_REF_START = "{REF:"
         private const val STR_REF_END = "}"
+
+        private val TAG = FieldReferencesEngine::class.java.name
     }
 }

app/src/main/java/com/kunzisoft/keepass/database/element/group/GroupKDB.kt

@@ -31,14 +31,12 @@ import java.util.*
 
 class GroupKDB : GroupVersioned<Int, UUID, GroupKDB, EntryKDB>, NodeKDBInterface {
 
-    var level = 0 // short
     // Used by KeePass internally, don't use
     var groupFlags = 0
 
     constructor() : super()
 
     constructor(parcel: Parcel) : super(parcel) {
-        level = parcel.readInt()
         groupFlags = parcel.readInt()
     }
 
@@ -52,13 +50,11 @@ class GroupKDB : GroupVersioned<Int, UUID, GroupKDB, EntryKDB>, NodeKDBInterface
 
     override fun writeToParcel(dest: Parcel, flags: Int) {
         super.writeToParcel(dest, flags)
-        dest.writeInt(level)
         dest.writeInt(groupFlags)
     }
 
     fun updateWith(source: GroupKDB) {
         super.updateWith(source)
-        level = source.level
         groupFlags = source.groupFlags
     }
 
@@ -73,15 +69,12 @@ class GroupKDB : GroupVersioned<Int, UUID, GroupKDB, EntryKDB>, NodeKDBInterface
         return NodeIdInt(nodeId.id)
     }
 
-    override fun afterAssignNewParent() {
-        if (parent != null)
-            level = parent!!.level + 1
-    }
-
     fun setGroupId(groupId: Int) {
         this.nodeId = NodeIdInt(groupId)
     }
 
+    override fun afterAssignNewParent() {}
+
     companion object {
 
         @JvmField

app/src/main/java/com/kunzisoft/keepass/database/element/group/GroupKDBX.kt

@@ -20,8 +20,11 @@
 package com.kunzisoft.keepass.database.element.group
 
 import android.os.Parcel
+import android.os.ParcelUuid
 import android.os.Parcelable
+import com.kunzisoft.keepass.database.element.CustomData
 import com.kunzisoft.keepass.database.element.DateInstant
+import com.kunzisoft.keepass.database.element.Tags
 import com.kunzisoft.keepass.database.element.database.DatabaseVersioned
 import com.kunzisoft.keepass.database.element.entry.EntryKDBX
 import com.kunzisoft.keepass.database.element.node.NodeId
@@ -33,14 +36,17 @@ import java.util.*
 
 class GroupKDBX : GroupVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInterface {
 
-    private val customData = HashMap<String, String>()
+    override var usageCount = UnsignedLong(0)
+    override var locationChanged = DateInstant()
+    override var customData = CustomData()
     var notes = ""
-
     var isExpanded = true
     var defaultAutoTypeSequence = ""
     var enableAutoType: Boolean? = null
     var enableSearching: Boolean? = null
     var lastTopVisibleEntry: UUID = DatabaseVersioned.UUID_ZERO
+    override var tags = Tags()
+    override var previousParentGroup: UUID = DatabaseVersioned.UUID_ZERO
 
     override var expires: Boolean = false
 
@@ -60,7 +66,7 @@ class GroupKDBX : GroupVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
     constructor(parcel: Parcel) : super(parcel) {
         usageCount = UnsignedLong(parcel.readLong())
         locationChanged = parcel.readParcelable(DateInstant::class.java.classLoader) ?: locationChanged
-        // TODO customData = ParcelableUtil.readStringParcelableMap(parcel);
+        customData = parcel.readParcelable(CustomData::class.java.classLoader) ?: CustomData()
         notes = parcel.readString() ?: notes
         isExpanded = parcel.readByte().toInt() != 0
         defaultAutoTypeSequence = parcel.readString() ?: defaultAutoTypeSequence
@@ -69,6 +75,8 @@ class GroupKDBX : GroupVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
         val isSearchingEnabled = parcel.readInt()
         enableSearching = if (isSearchingEnabled == -1) null else isSearchingEnabled == 1
         lastTopVisibleEntry = parcel.readSerializable() as UUID
+        tags = parcel.readParcelable(Tags::class.java.classLoader) ?: tags
+        previousParentGroup = parcel.readParcelable<ParcelUuid>(ParcelUuid::class.java.classLoader)?.uuid ?: DatabaseVersioned.UUID_ZERO
     }
 
     override fun readParentParcelable(parcel: Parcel): GroupKDBX? {
@@ -83,13 +91,15 @@ class GroupKDBX : GroupVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
         super.writeToParcel(dest, flags)
         dest.writeLong(usageCount.toKotlinLong())
         dest.writeParcelable(locationChanged, flags)
-        // TODO ParcelableUtil.writeStringParcelableMap(dest, customData);
+        dest.writeParcelable(customData, flags)
         dest.writeString(notes)
         dest.writeByte((if (isExpanded) 1 else 0).toByte())
         dest.writeString(defaultAutoTypeSequence)
         dest.writeInt(if (enableAutoType == null) -1 else if (enableAutoType!!) 1 else 0)
         dest.writeInt(if (enableSearching == null) -1 else if (enableSearching!!) 1 else 0)
         dest.writeSerializable(lastTopVisibleEntry)
+        dest.writeParcelable(tags, flags)
+        dest.writeParcelable(ParcelUuid(previousParentGroup), flags)
     }
 
     fun updateWith(source: GroupKDBX) {
@@ -97,34 +107,21 @@ class GroupKDBX : GroupVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
         usageCount = source.usageCount
         locationChanged = DateInstant(source.locationChanged)
         // Add all custom elements in map
-        customData.clear()
-        for ((key, value) in source.customData) {
-            customData[key] = value
-        }
+        customData = CustomData(source.customData)
         notes = source.notes
         isExpanded = source.isExpanded
         defaultAutoTypeSequence = source.defaultAutoTypeSequence
         enableAutoType = source.enableAutoType
         enableSearching = source.enableSearching
         lastTopVisibleEntry = source.lastTopVisibleEntry
+        tags = source.tags
+        previousParentGroup = source.previousParentGroup
     }
 
-    override var usageCount = UnsignedLong(0)
-
-    override var locationChanged = DateInstant()
-
     override fun afterAssignNewParent() {
         locationChanged = DateInstant()
     }
 
-    override fun putCustomData(key: String, value: String) {
-        customData[key] = value
-    }
-
-    override fun containsCustomData(): Boolean {
-        return customData.isNotEmpty()
-    }
-
     companion object {
 
         @JvmField

app/src/main/java/com/kunzisoft/keepass/database/element/group/GroupVersioned.kt

@@ -63,6 +63,17 @@ abstract class GroupVersioned
         get() = titleGroup
         set(value) { titleGroup = value }
 
+    /**
+     *  To determine the level from the root group (root group level is -1)
+     */
+    fun getLevel(): Int {
+        var level = -1
+        parent?.let { parent ->
+            level = parent.getLevel() + 1
+        }
+        return level
+    }
+
     override fun getChildGroups(): List<Group> {
         return childGroups
     }

app/src/main/java/com/kunzisoft/keepass/database/element/group/GroupVersionedInterface.kt

@@ -45,23 +45,64 @@ interface GroupVersionedInterface<Group: GroupVersionedInterface<Group, Entry>,
         groupHandler.operate(this as Group)
     }
 
-    fun doForEachChild(entryHandler: NodeHandler<Entry>,
+    fun doForEachChild(entryHandler: NodeHandler<Entry>?,
                        groupHandler: NodeHandler<Group>?,
-                       stopIterationWhenGroupHandlerFails: Boolean = true): Boolean {
-        for (entry in this.getChildEntries()) {
-            if (!entryHandler.operate(entry))
-                return false
+                       stopIterationWhenGroupHandlerOperateFalse: Boolean = true): Boolean {
+        if (entryHandler != null) {
+            for (entry in this.getChildEntries()) {
+                if (!entryHandler.operate(entry))
+                    return false
+            }
         }
         for (group in this.getChildGroups()) {
             var doActionForChild = true
             if (groupHandler != null && !groupHandler.operate(group)) {
                 doActionForChild = false
-                if (stopIterationWhenGroupHandlerFails)
+                if (stopIterationWhenGroupHandlerOperateFalse)
                     return false
             }
             if (doActionForChild)
-                group.doForEachChild(entryHandler, groupHandler)
+                group.doForEachChild(entryHandler, groupHandler, stopIterationWhenGroupHandlerOperateFalse)
         }
         return true
     }
+
+    fun searchChildEntry(criteria: (entry: Entry) -> Boolean): Entry? {
+        return searchChildEntry(this, criteria)
+    }
+
+    private fun searchChildEntry(rootGroup: GroupVersionedInterface<Group, Entry>,
+                                 criteria: (entry: Entry) -> Boolean): Entry? {
+        for (childEntry in rootGroup.getChildEntries()) {
+            if (criteria.invoke(childEntry)) {
+                return childEntry
+            }
+        }
+        for (group in rootGroup.getChildGroups()) {
+            val searchChildEntry = searchChildEntry(group, criteria)
+            if (searchChildEntry != null) {
+                return searchChildEntry
+            }
+        }
+        return null
+    }
+
+    fun searchChildGroup(criteria: (group: Group) -> Boolean): Group? {
+        return searchChildGroup(this, criteria)
+    }
+
+    private fun searchChildGroup(rootGroup: GroupVersionedInterface<Group, Entry>,
+                                 criteria: (group: Group) -> Boolean): Group? {
+        for (childGroup in rootGroup.getChildGroups()) {
+            if (criteria.invoke(childGroup)) {
+                return childGroup
+            } else {
+                val subGroup = searchChildGroup(childGroup, criteria)
+                if (subGroup != null) {
+                    return subGroup
+                }
+            }
+        }
+        return null
+    }
 }

app/src/main/java/com/kunzisoft/keepass/database/element/icon/IconImage.kt

@@ -22,7 +22,7 @@ package com.kunzisoft.keepass.database.element.icon
 import android.os.Parcel
 import android.os.Parcelable
 
-class IconImage() : IconImageDraw(), Parcelable {
+class IconImage() : IconImageDraw() {
 
     var standard: IconImageStandard = IconImageStandard()
     var custom: IconImageCustom = IconImageCustom()

app/src/main/java/com/kunzisoft/keepass/database/element/icon/IconImageCustom.kt

@@ -20,34 +20,46 @@
 package com.kunzisoft.keepass.database.element.icon
 
 import android.os.Parcel
+import android.os.ParcelUuid
 import android.os.Parcelable
+import com.kunzisoft.keepass.database.element.DateInstant
 import com.kunzisoft.keepass.database.element.database.DatabaseVersioned
 import java.util.*
 
-class IconImageCustom : Parcelable, IconImageDraw {
+class IconImageCustom : IconImageDraw {
 
-    var uuid: UUID
+    val uuid: UUID
+    var name: String = ""
+    var lastModificationTime: DateInstant? = null
 
-    constructor() {
-        uuid = DatabaseVersioned.UUID_ZERO
+    constructor(name: String = "", lastModificationTime: DateInstant? = null) {
+        this.uuid = DatabaseVersioned.UUID_ZERO
+        this.name = name
+        this.lastModificationTime = lastModificationTime
     }
 
-    constructor(uuid: UUID) {
+    constructor(uuid: UUID, name: String = "", lastModificationTime: DateInstant? = null) {
         this.uuid = uuid
+        this.name = name
+        this.lastModificationTime = lastModificationTime
     }
 
     constructor(parcel: Parcel) {
-        uuid = parcel.readSerializable() as UUID
+        uuid = parcel.readParcelable<ParcelUuid>(ParcelUuid::class.java.classLoader)?.uuid ?: DatabaseVersioned.UUID_ZERO
+        name = parcel.readString() ?: name
+        lastModificationTime = parcel.readParcelable(DateInstant::class.java.classLoader)
+    }
+
+    override fun writeToParcel(dest: Parcel, flags: Int) {
+        dest.writeParcelable(ParcelUuid(uuid), flags)
+        dest.writeString(name)
+        dest.writeParcelable(lastModificationTime, flags)
     }
 
     override fun describeContents(): Int {
         return 0
     }
 
-    override fun writeToParcel(dest: Parcel, flags: Int) {
-        dest.writeSerializable(uuid)
-    }
-
     override fun hashCode(): Int {
         val prime = 31
         var result = 1

app/src/main/java/com/kunzisoft/keepass/database/element/icon/IconImageDraw.kt

@@ -19,7 +19,9 @@
  */
 package com.kunzisoft.keepass.database.element.icon
 
-abstract class IconImageDraw {
+import android.os.Parcelable
+
+abstract class IconImageDraw : Parcelable {
 
     var selected = false
     /**

app/src/main/java/com/kunzisoft/keepass/database/element/icon/IconImageStandard.kt

@@ -23,7 +23,7 @@ import android.os.Parcel
 import android.os.Parcelable
 import com.kunzisoft.keepass.icons.IconPack.Companion.NB_ICONS
 
-class IconImageStandard : Parcelable, IconImageDraw {
+class IconImageStandard : IconImageDraw {
 
     val id: Int
 

app/src/main/java/com/kunzisoft/keepass/database/element/icon/IconsManager.kt

@@ -20,22 +20,20 @@
 package com.kunzisoft.keepass.database.element.icon
 
 import android.util.Log
-import com.kunzisoft.keepass.database.element.database.BinaryByte
-import com.kunzisoft.keepass.database.element.database.BinaryByte.Companion.MAX_BINARY_BYTES
-import com.kunzisoft.keepass.database.element.database.BinaryData
-import com.kunzisoft.keepass.database.element.database.BinaryFile
-import com.kunzisoft.keepass.database.element.database.CustomIconPool
+import com.kunzisoft.keepass.database.element.DateInstant
+import com.kunzisoft.keepass.database.element.binary.BinaryCache
+import com.kunzisoft.keepass.database.element.binary.BinaryData
+import com.kunzisoft.keepass.database.element.binary.CustomIconPool
 import com.kunzisoft.keepass.database.element.icon.IconImageStandard.Companion.KEY_ID
 import com.kunzisoft.keepass.icons.IconPack.Companion.NB_ICONS
-import java.io.File
 import java.util.*
 
-class IconsManager {
+class IconsManager(binaryCache: BinaryCache) {
 
     private val standardCache = List(NB_ICONS) {
         IconImageStandard(it)
     }
-    private val customCache = CustomIconPool()
+    private val customCache = CustomIconPool(binaryCache)
 
     fun getIcon(iconId: Int): IconImageStandard {
         val searchIconId = if (IconImageStandard.isCorrectIconId(iconId)) iconId else KEY_ID
@@ -52,27 +50,18 @@ class IconsManager {
      *  Custom
      */
 
-    fun buildNewCustomIcon(cacheDirectory: File,
-                           key: UUID? = null,
+    fun buildNewCustomIcon(key: UUID? = null,
                            result: (IconImageCustom, BinaryData?) -> Unit) {
         // Create a binary file for a brand new custom icon
-        addCustomIcon(cacheDirectory, key, -1, result)
+        addCustomIcon(key, "", null, false, result)
     }
 
-    fun addCustomIcon(cacheDirectory: File,
-                      key: UUID? = null,
-                      dataSize: Int,
+    fun addCustomIcon(key: UUID? = null,
+                      name: String,
+                      lastModificationTime: DateInstant?,
+                      smallSize: Boolean,
                       result: (IconImageCustom, BinaryData?) -> Unit) {
-        val keyBinary = customCache.put(key) { uniqueBinaryId ->
-            // Create a byte array for better performance with small data
-            if (dataSize in 1..MAX_BINARY_BYTES) {
-                BinaryByte()
-            } else {
-                val fileInCache = File(cacheDirectory, uniqueBinaryId)
-                BinaryFile(fileInCache)
-            }
-        }
-        result.invoke(IconImageCustom(keyBinary.keys.first()), keyBinary.binary)
+        customCache.put(key, name, lastModificationTime, smallSize, result)
     }
 
     fun getIcon(iconUuid: UUID): IconImageCustom {
@@ -83,11 +72,11 @@ class IconsManager {
         return customCache.isBinaryDuplicate(binaryData)
     }
 
-    fun removeCustomIcon(iconUuid: UUID) {
+    fun removeCustomIcon(binaryCache: BinaryCache, iconUuid: UUID) {
         val binary = customCache[iconUuid]
         customCache.remove(iconUuid)
         try {
-            binary?.clear()
+            binary?.clear(binaryCache)
         } catch (e: Exception) {
             Log.w(TAG, "Unable to remove custom icon binary", e)
         }
@@ -98,8 +87,12 @@ class IconsManager {
     }
 
     fun doForEachCustomIcon(action: (IconImageCustom, BinaryData) -> Unit) {
-        customCache.doForEachBinary { key, binary ->
-            action.invoke(IconImageCustom(key), binary)
+        customCache.doForEachCustomIcon(action)
+    }
+
+    fun containsCustomIconWithNameOrLastModificationTime(): Boolean {
+        return customCache.any { customIcon ->
+            customIcon.name.isNotEmpty() || customIcon.lastModificationTime != null
         }
     }
 

app/src/main/java/com/kunzisoft/keepass/database/element/node/NodeIdUUID.kt

@@ -20,6 +20,7 @@
 package com.kunzisoft.keepass.database.element.node
 
 import android.os.Parcel
+import android.os.ParcelUuid
 import android.os.Parcelable
 import java.util.*
 
@@ -35,12 +36,12 @@ class NodeIdUUID : NodeId<UUID> {
     }
 
     constructor(parcel: Parcel) {
-        id = parcel.readSerializable() as UUID
+        id = parcel.readParcelable<ParcelUuid>(ParcelUuid::class.java.classLoader)?.uuid ?: id
     }
 
     override fun writeToParcel(dest: Parcel, flags: Int) {
         super.writeToParcel(dest, flags)
-        dest.writeSerializable(id)
+        dest.writeParcelable(ParcelUuid(id), flags)
     }
 
     override fun equals(other: Any?): Boolean {

app/src/main/java/com/kunzisoft/keepass/database/element/node/NodeKDBXInterface.kt

@@ -19,17 +19,17 @@
  */
 package com.kunzisoft.keepass.database.element.node
 
+import com.kunzisoft.keepass.database.element.CustomData
 import com.kunzisoft.keepass.database.element.DateInstant
+import com.kunzisoft.keepass.database.element.Tags
 import com.kunzisoft.keepass.utils.UnsignedLong
+import java.util.*
 
 interface NodeKDBXInterface : NodeTimeInterface {
 
     var usageCount: UnsignedLong
-
     var locationChanged: DateInstant
-
-    fun putCustomData(key: String, value: String)
-
-    fun containsCustomData(): Boolean
-
+    var customData: CustomData
+    var tags: Tags
+    var previousParentGroup: UUID
 }

app/src/main/java/com/kunzisoft/keepass/database/element/node/NodeVersionedInterface.kt

@@ -25,15 +25,7 @@ import com.kunzisoft.keepass.database.element.icon.IconImage
 interface NodeVersionedInterface<ParentGroup> : NodeTimeInterface, Parcelable {
 
     var title: String
-
-    /**
-     * @return Visual icon
-     */
     var icon: IconImage
-
-    /**
-     * @return Type of Node
-     */
     val type: Type
 
     /**

app/src/main/java/com/kunzisoft/keepass/database/element/security/EncryptionAlgorithm.kt

@@ -1,64 +0,0 @@
-/*
- * Copyright 2019 Jeremy Jamet / Kunzisoft.
- *     
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.database.element.security
-
-import android.content.res.Resources
-
-import com.kunzisoft.keepass.R
-import com.kunzisoft.keepass.crypto.engine.AesEngine
-import com.kunzisoft.keepass.crypto.engine.ChaCha20Engine
-import com.kunzisoft.keepass.crypto.engine.CipherEngine
-import com.kunzisoft.keepass.crypto.engine.TwofishEngine
-import com.kunzisoft.keepass.utils.ObjectNameResource
-
-import java.util.UUID
-
-enum class EncryptionAlgorithm : ObjectNameResource {
-
-    AESRijndael,
-    Twofish,
-    ChaCha20;
-
-    val cipherEngine: CipherEngine
-        get() {
-            return when (this) {
-                AESRijndael -> AesEngine()
-                Twofish -> TwofishEngine()
-                ChaCha20 -> ChaCha20Engine()
-            }
-        }
-
-    val dataCipher: UUID
-        get() {
-            return when (this) {
-                AESRijndael -> AesEngine.CIPHER_UUID
-                Twofish -> TwofishEngine.CIPHER_UUID
-                ChaCha20 -> ChaCha20Engine.CIPHER_UUID
-            }
-        }
-
-    override fun getName(resources: Resources): String {
-        return when (this) {
-            AESRijndael -> resources.getString(R.string.encryption_rijndael)
-            Twofish -> resources.getString(R.string.encryption_twofish)
-            ChaCha20 -> resources.getString(R.string.encryption_chacha20)
-        }
-    }
-}

app/src/main/java/com/kunzisoft/keepass/database/exception/DatabaseException.kt

@@ -114,7 +114,7 @@ class NoMemoryDatabaseException: LoadDatabaseException {
     constructor(exception: Throwable) : super(exception)
 }
 
-class EntryDatabaseException: LoadDatabaseException {
+class MoveEntryDatabaseException: LoadDatabaseException {
     @StringRes
     override var errorId: Int = R.string.error_move_entry_here
     constructor() : super()
@@ -123,7 +123,7 @@ class EntryDatabaseException: LoadDatabaseException {
 
 class MoveGroupDatabaseException: LoadDatabaseException {
     @StringRes
-    override var errorId: Int = R.string.error_move_folder_in_itself
+    override var errorId: Int = R.string.error_move_group_here
     constructor() : super()
     constructor(exception: Throwable) : super(exception)
 }

app/src/main/java/com/kunzisoft/keepass/database/file/DatabaseHeaderKDB.kt

@@ -21,9 +21,9 @@
 
 package com.kunzisoft.keepass.database.file
 
-import com.kunzisoft.keepass.stream.readBytesLength
-import com.kunzisoft.keepass.stream.readBytes4ToUInt
 import com.kunzisoft.keepass.utils.UnsignedInt
+import com.kunzisoft.keepass.utils.readBytes4ToUInt
+import com.kunzisoft.keepass.utils.readBytesLength
 import java.io.IOException
 import java.io.InputStream
 

app/src/main/java/com/kunzisoft/keepass/database/file/DatabaseHeaderKDBX.kt

@@ -19,30 +19,26 @@
  */
 package com.kunzisoft.keepass.database.file
 
-import com.kunzisoft.keepass.crypto.CrsAlgorithm
-import com.kunzisoft.keepass.crypto.keyDerivation.AesKdf
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfFactory
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfParameters
+import com.kunzisoft.encrypt.HashManager
 import com.kunzisoft.keepass.database.action.node.NodeHandler
+import com.kunzisoft.keepass.database.crypto.CrsAlgorithm
+import com.kunzisoft.keepass.database.crypto.VariantDictionary
+import com.kunzisoft.keepass.database.crypto.kdf.AesKdf
+import com.kunzisoft.keepass.database.crypto.kdf.KdfFactory
+import com.kunzisoft.keepass.database.crypto.kdf.KdfParameters
 import com.kunzisoft.keepass.database.element.database.CompressionAlgorithm
 import com.kunzisoft.keepass.database.element.database.DatabaseKDBX
 import com.kunzisoft.keepass.database.element.entry.EntryKDBX
 import com.kunzisoft.keepass.database.element.group.GroupKDBX
 import com.kunzisoft.keepass.database.element.node.NodeKDBXInterface
 import com.kunzisoft.keepass.database.exception.VersionDatabaseException
-import com.kunzisoft.keepass.stream.*
-import com.kunzisoft.keepass.utils.UnsignedInt
-import com.kunzisoft.keepass.utils.UnsignedLong
-import com.kunzisoft.keepass.utils.VariantDictionary
+import com.kunzisoft.keepass.stream.CopyInputStream
+import com.kunzisoft.keepass.utils.*
 import java.io.ByteArrayOutputStream
 import java.io.IOException
 import java.io.InputStream
 import java.security.DigestInputStream
-import java.security.InvalidKeyException
 import java.security.MessageDigest
-import java.security.NoSuchAlgorithmException
-import javax.crypto.Mac
-import javax.crypto.spec.SecretKeySpec
 
 class DatabaseHeaderKDBX(private val databaseV4: DatabaseKDBX) : DatabaseHeader() {
     var innerRandomStreamKey: ByteArray = ByteArray(32)
@@ -95,41 +91,64 @@ class DatabaseHeaderKDBX(private val databaseV4: DatabaseKDBX) : DatabaseHeader(
         this.masterSeed = ByteArray(32)
     }
 
-    private inner class NodeHasCustomData<T: NodeKDBXInterface> : NodeHandler<T>() {
-
-        internal var containsCustomData = false
-
+    private open class NodeOperationHandler<T: NodeKDBXInterface> : NodeHandler<T>() {
+        var containsCustomData = false
         override fun operate(node: T): Boolean {
-            if (node.containsCustomData()) {
+            if (node.customData.isNotEmpty()) {
                 containsCustomData = true
-                return false
             }
             return true
         }
     }
 
-    private fun getMinKdbxVersion(databaseV4: DatabaseKDBX): UnsignedInt {
+    private inner class EntryOperationHandler: NodeOperationHandler<EntryKDBX>() {
+        var passwordQualityEstimationDisabled = false
+        override fun operate(node: EntryKDBX): Boolean {
+            if (!node.qualityCheck) {
+                passwordQualityEstimationDisabled = true
+            }
+            return super.operate(node)
+        }
+    }
+
+    private inner class GroupOperationHandler: NodeOperationHandler<GroupKDBX>() {
+        var containsTags = false
+        override fun operate(node: GroupKDBX): Boolean {
+            if (!node.tags.isEmpty())
+                containsTags = true
+            return super.operate(node)
+        }
+    }
+
+    private fun getMinKdbxVersion(databaseKDBX: DatabaseKDBX): UnsignedInt {
+        val entryHandler = EntryOperationHandler()
+        val groupHandler = GroupOperationHandler()
+        databaseKDBX.rootGroup?.doForEachChildAndForIt(entryHandler, groupHandler)
+
+        // https://keepass.info/help/kb/kdbx_4.1.html
+        val containsGroupWithTag = groupHandler.containsTags
+        val containsEntryWithPasswordQualityEstimationDisabled = entryHandler.passwordQualityEstimationDisabled
+        val containsCustomIconWithNameOrLastModificationTime = databaseKDBX.iconsManager.containsCustomIconWithNameOrLastModificationTime()
+        val containsHeaderCustomDataWithLastModificationTime = databaseKDBX.customData.containsItemWithLastModificationTime()
+
         // https://keepass.info/help/kb/kdbx_4.html
+        // If AES is not use, it's at least 4.0
+        val kdfIsNotAes = databaseKDBX.kdfParameters?.uuid != AesKdf.CIPHER_UUID
+        val containsHeaderCustomData = databaseKDBX.customData.isNotEmpty()
+        val containsNodeCustomData = entryHandler.containsCustomData || groupHandler.containsCustomData
 
-        // Return v4 if AES is not use
-        if (databaseV4.kdfParameters != null
-                && databaseV4.kdfParameters!!.uuid != AesKdf.CIPHER_UUID) {
-            return FILE_VERSION_32_4
-        }
-
-        if (databaseV4.rootGroup == null) {
-            return FILE_VERSION_32_3
-        }
-
-        val entryHandler = NodeHasCustomData<EntryKDBX>()
-        val groupHandler = NodeHasCustomData<GroupKDBX>()
-        databaseV4.rootGroup?.doForEachChildAndForIt(entryHandler, groupHandler)
-        return if (databaseV4.containsCustomData()
-                    || entryHandler.containsCustomData
-                    || groupHandler.containsCustomData) {
-            FILE_VERSION_32_4
+        // Check each condition to determine version
+        return if (containsGroupWithTag
+                || containsEntryWithPasswordQualityEstimationDisabled
+                || containsCustomIconWithNameOrLastModificationTime
+                || containsHeaderCustomDataWithLastModificationTime) {
+            FILE_VERSION_41
+        } else if (kdfIsNotAes
+                || containsHeaderCustomData
+                || containsNodeCustomData) {
+            FILE_VERSION_40
         } else {
-            FILE_VERSION_32_3
+            FILE_VERSION_31
         }
     }
 
@@ -140,33 +159,27 @@ class DatabaseHeaderKDBX(private val databaseV4: DatabaseKDBX) : DatabaseHeader(
      */
     @Throws(IOException::class, VersionDatabaseException::class)
     fun loadFromFile(inputStream: InputStream): HeaderAndHash {
-        val messageDigest: MessageDigest
-        try {
-            messageDigest = MessageDigest.getInstance("SHA-256")
-        } catch (e: NoSuchAlgorithmException) {
-            throw IOException("No SHA-256 implementation")
-        }
+        val messageDigest: MessageDigest = HashManager.getHash256()
 
         val headerBOS = ByteArrayOutputStream()
         val copyInputStream = CopyInputStream(inputStream, headerBOS)
         val digestInputStream = DigestInputStream(copyInputStream, messageDigest)
-        val littleEndianDataInputStream = LittleEndianDataInputStream(digestInputStream)
 
-        val sig1 = littleEndianDataInputStream.readUInt()
-        val sig2 = littleEndianDataInputStream.readUInt()
+        val sig1 = digestInputStream.readBytes4ToUInt()
+        val sig2 = digestInputStream.readBytes4ToUInt()
 
         if (!matchesHeader(sig1, sig2)) {
             throw VersionDatabaseException()
         }
 
-        version = littleEndianDataInputStream.readUInt() // Erase previous value
+        version = digestInputStream.readBytes4ToUInt() // Erase previous value
         if (!validVersion(version)) {
             throw VersionDatabaseException()
         }
 
         var done = false
         while (!done) {
-            done = readHeaderField(littleEndianDataInputStream)
+            done = readHeaderField(digestInputStream)
         }
 
         val hash = messageDigest.digest()
@@ -174,13 +187,13 @@ class DatabaseHeaderKDBX(private val databaseV4: DatabaseKDBX) : DatabaseHeader(
     }
 
     @Throws(IOException::class)
-    private fun readHeaderField(dis: LittleEndianDataInputStream): Boolean {
+    private fun readHeaderField(dis: InputStream): Boolean {
         val fieldID = dis.read().toByte()
 
-        val fieldSize: Int = if (version.toKotlinLong() < FILE_VERSION_32_4.toKotlinLong()) {
-            dis.readUShort()
+        val fieldSize: Int = if (version.isBefore(FILE_VERSION_40)) {
+            dis.readBytes2ToUShort()
         } else {
-            dis.readUInt().toKotlinInt()
+            dis.readBytes4ToUInt().toKotlinInt()
         }
 
         var fieldData: ByteArray? = null
@@ -204,20 +217,20 @@ class DatabaseHeaderKDBX(private val databaseV4: DatabaseKDBX) : DatabaseHeader(
 
             PwDbHeaderV4Fields.MasterSeed -> masterSeed = fieldData
 
-            PwDbHeaderV4Fields.TransformSeed -> if (version.toKotlinLong() < FILE_VERSION_32_4.toKotlinLong())
+            PwDbHeaderV4Fields.TransformSeed -> if (version.isBefore(FILE_VERSION_40))
                 transformSeed = fieldData
 
-            PwDbHeaderV4Fields.TransformRounds -> if (version.toKotlinLong() < FILE_VERSION_32_4.toKotlinLong())
+            PwDbHeaderV4Fields.TransformRounds -> if (version.isBefore(FILE_VERSION_40))
                 setTransformRound(fieldData)
 
             PwDbHeaderV4Fields.EncryptionIV -> encryptionIV = fieldData
 
-            PwDbHeaderV4Fields.InnerRandomstreamKey -> if (version.toKotlinLong() < FILE_VERSION_32_4.toKotlinLong())
+            PwDbHeaderV4Fields.InnerRandomstreamKey -> if (version.isBefore(FILE_VERSION_40))
                 innerRandomStreamKey = fieldData
 
             PwDbHeaderV4Fields.StreamStartBytes -> streamStartBytes = fieldData
 
-            PwDbHeaderV4Fields.InnerRandomStreamID -> if (version.toKotlinLong() < FILE_VERSION_32_4.toKotlinLong())
+            PwDbHeaderV4Fields.InnerRandomStreamID -> if (version.isBefore(FILE_VERSION_40))
                 setRandomStreamID(fieldData)
 
             PwDbHeaderV4Fields.KdfParameters -> databaseV4.kdfParameters = KdfParameters.deserialize(fieldData)
@@ -244,14 +257,14 @@ class DatabaseHeaderKDBX(private val databaseV4: DatabaseKDBX) : DatabaseHeader(
             throw IOException("Invalid cipher ID.")
         }
 
-        databaseV4.dataCipher = bytes16ToUuid(pbId)
+        databaseV4.cipherUuid = bytes16ToUuid(pbId)
     }
 
     private fun setTransformRound(roundsByte: ByteArray) {
         assignAesKdfEngineIfNotExists()
-        val rounds = bytes64ToLong(roundsByte)
+        val rounds = bytes64ToULong(roundsByte)
         databaseV4.kdfParameters?.setUInt64(AesKdf.PARAM_ROUNDS, rounds)
-        databaseV4.numberKeyEncryptionRounds = rounds
+        databaseV4.numberKeyEncryptionRounds = rounds.toKotlinLong()
     }
 
     @Throws(IOException::class)
@@ -293,7 +306,7 @@ class DatabaseHeaderKDBX(private val databaseV4: DatabaseKDBX) : DatabaseHeader(
      */
     private fun validVersion(version: UnsignedInt): Boolean {
         return version.toKotlinInt() and FILE_VERSION_CRITICAL_MASK.toKotlinInt() <=
-                FILE_VERSION_32_4.toKotlinInt() and FILE_VERSION_CRITICAL_MASK.toKotlinInt()
+                FILE_VERSION_40.toKotlinInt() and FILE_VERSION_CRITICAL_MASK.toKotlinInt()
     }
 
     companion object {
@@ -302,8 +315,9 @@ class DatabaseHeaderKDBX(private val databaseV4: DatabaseKDBX) : DatabaseHeader(
         val DBSIG_2 = UnsignedInt(-0x4ab40499)
 
         private val FILE_VERSION_CRITICAL_MASK = UnsignedInt(-0x10000)
-        val FILE_VERSION_32_3 = UnsignedInt(0x00030001)
-        val FILE_VERSION_32_4 = UnsignedInt(0x00040000)
+        val FILE_VERSION_31 = UnsignedInt(0x00030001)
+        val FILE_VERSION_40 = UnsignedInt(0x00040000)
+        val FILE_VERSION_41 = UnsignedInt(0x00040001)
 
         fun getCompressionFromFlag(flag: UnsignedInt): CompressionAlgorithm? {
             return when (flag.toKotlinInt()) {
@@ -323,23 +337,5 @@ class DatabaseHeaderKDBX(private val databaseV4: DatabaseKDBX) : DatabaseHeader(
         fun matchesHeader(sig1: UnsignedInt, sig2: UnsignedInt): Boolean {
             return sig1 == PWM_DBSIG_1 && (sig2 == DBSIG_PRE2 || sig2 == DBSIG_2)
         }
-
-        @Throws(IOException::class)
-        fun computeHeaderHmac(header: ByteArray, key: ByteArray): ByteArray {
-            val blockKey = HmacBlockStream.getHmacKey64(key, UnsignedLong.MAX_VALUE)
-
-            val hmac: Mac
-            try {
-                hmac = Mac.getInstance("HmacSHA256")
-                val signingKey = SecretKeySpec(blockKey, "HmacSHA256")
-                hmac.init(signingKey)
-            } catch (e: NoSuchAlgorithmException) {
-                throw IOException("No HmacAlogirthm")
-            } catch (e: InvalidKeyException) {
-                throw IOException("Invalid Hmac Key")
-            }
-
-            return hmac.doFinal(header)
-        }
     }
 }