Merge branch 'release/2.9.19'

Currently translated at 96.9% (512 of 528 strings)

Translation: KeePassDX/Strings
Translate-URL: https://hosted.weblate.org/projects/keepass-dx/strings/de/

CHANGELOG

@@ -1,3 +1,30 @@
+KeePassDX(2.9.19)
+ * Fix search slowdown #964
+ * Fix closing notification after lock request #965
+ * Better temp advanced unlocking code implementation #965
+ * Fix OTP token generation #967
+
+KeePassDX(2.9.18)
+ * Move groups #658
+ * Improve autofill recognition #960
+ * Remove diacritical marks in search string #945
+ * Fix search in references #962
+ * Fix themes in Libre version
+
+KeePassDX(2.9.17)
+ * Import / Export app properties #839
+ * Force twofish padding compatibility #955
+ * Better timeout preference #579
+
+KeePassDX(2.9.16)
+ * Fix small bugs #948
+
+KeePassDX(2.9.15)
+ * Fix themes #935 #926
+ * Decrease default clipboard time #934
+ * Better opening performance #929 #933
+ * Fix memory usage setting #941
+
 KeePassDX(2.9.14)
  * Add custom icons #96
  * Dark Themes #532 #714

app/build.gradle

@@ -9,10 +9,10 @@ android {
 
     defaultConfig {
         applicationId "com.kunzisoft.keepass"
-        minSdkVersion 14
+        minSdkVersion 15
         targetSdkVersion 30
-        versionCode = 65
+        versionCode = 73
-        versionName = "2.9.14"
+        versionName = "2.9.19"
         multiDexEnabled true
 
         testApplicationId = "com.kunzisoft.keepass.tests"
@@ -29,12 +29,6 @@ android {
         }
     }
 
-    externalNativeBuild {
-        cmake {
-            path "src/main/jni/CMakeLists.txt"
-        }
-    }
-
     buildTypes {
         release {
             minifyEnabled = false
@@ -115,7 +109,7 @@ dependencies {
     implementation 'androidx.constraintlayout:constraintlayout:2.0.4'
     implementation 'androidx.viewpager2:viewpager2:1.1.0-alpha01'
     implementation 'androidx.documentfile:documentfile:1.0.1'
-    implementation 'androidx.biometric:biometric:1.1.0-rc01'
+    implementation 'androidx.biometric:biometric:1.1.0'
     // Lifecycle - LiveData - ViewModel - Coroutines
     implementation "androidx.core:core-ktx:1.3.2"
     implementation 'androidx.fragment:fragment-ktx:1.2.5'
@@ -126,8 +120,6 @@ dependencies {
     kapt "androidx.room:room-compiler:$room_version"
     // Autofill
     implementation "androidx.autofill:autofill:1.1.0"
-    // Crypto
-    implementation 'org.bouncycastle:bcprov-jdk15on:1.65.01'
     // Time
     implementation 'joda-time:joda-time:2.10.6'
     // Color
@@ -137,6 +129,8 @@ dependencies {
     // Apache Commons
     implementation 'commons-io:commons-io:2.8.0'
     implementation 'commons-codec:commons-codec:1.15'
+    // Encrypt lib
+    implementation project(path: ':crypto')
     // Icon pack
     implementation project(path: ':icon-pack-classic')
     implementation project(path: ':icon-pack-material')

app/src/androidTest/java/com/kunzisoft/keepass/tests/crypto/AESKeyTest.kt

@@ -1,67 +0,0 @@
-/*
- * Copyright 2017 Brian Pellin, Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- * KeePassDX is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * KeePassDX is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with KeePassDX. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.tests.crypto
-
-import org.junit.Assert.assertArrayEquals
-
-import java.io.IOException
-import java.util.Random
-
-import junit.framework.TestCase
-
-import com.kunzisoft.keepass.crypto.finalkey.AndroidAESKeyTransformer
-import com.kunzisoft.keepass.crypto.finalkey.NativeAESKeyTransformer
-
-class AESKeyTest : TestCase() {
-    private lateinit var mRand: Random
-
-    @Throws(Exception::class)
-    override fun setUp() {
-        super.setUp()
-
-        mRand = Random()
-    }
-
-    @Throws(IOException::class)
-    fun testAES() {
-        // Test both an old and an even number to test my flip variable
-        testAESFinalKey(5)
-        testAESFinalKey(6)
-    }
-
-    @Throws(IOException::class)
-    private fun testAESFinalKey(rounds: Long) {
-        val seed = ByteArray(32)
-        val key = ByteArray(32)
-        val nativeKey: ByteArray?
-        val androidKey: ByteArray?
-
-        mRand.nextBytes(seed)
-        mRand.nextBytes(key)
-
-        val androidAESKey = AndroidAESKeyTransformer()
-        androidKey = androidAESKey.transformMasterKey(seed, key, rounds)
-
-        val nativeAESKey = NativeAESKeyTransformer()
-        nativeKey = nativeAESKey.transformMasterKey(seed, key, rounds)
-
-        assertArrayEquals("Does not match", androidKey, nativeKey)
-    }
-}

app/src/androidTest/java/com/kunzisoft/keepass/tests/crypto/AESTest.kt

@@ -1,83 +0,0 @@
-/*
- * Copyright 2017 Brian Pellin, Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- * KeePassDX is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * KeePassDX is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with KeePassDX. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.tests.crypto
-
-import com.kunzisoft.keepass.crypto.CipherFactory
-
-import junit.framework.TestCase
-
-import java.security.InvalidAlgorithmParameterException
-import java.security.InvalidKeyException
-import java.security.NoSuchAlgorithmException
-import java.util.Random
-
-import javax.crypto.BadPaddingException
-import javax.crypto.Cipher
-import javax.crypto.IllegalBlockSizeException
-import javax.crypto.NoSuchPaddingException
-import javax.crypto.spec.IvParameterSpec
-import javax.crypto.spec.SecretKeySpec
-
-import org.junit.Assert.assertArrayEquals
-
-class AESTest : TestCase() {
-
-    private val mRand = Random()
-
-    @Throws(InvalidKeyException::class, NoSuchAlgorithmException::class, NoSuchPaddingException::class, IllegalBlockSizeException::class, BadPaddingException::class, InvalidAlgorithmParameterException::class)
-    fun testEncrypt() {
-        // Test above below and at the blocksize
-        testFinal(15)
-        testFinal(16)
-        testFinal(17)
-
-        // Test random larger sizes
-        val size = mRand.nextInt(494) + 18
-        testFinal(size)
-    }
-
-    @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, IllegalBlockSizeException::class, BadPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
-    private fun testFinal(dataSize: Int) {
-
-        // Generate some input
-        val input = ByteArray(dataSize)
-        mRand.nextBytes(input)
-
-        // Generate key
-        val keyArray = ByteArray(32)
-        mRand.nextBytes(keyArray)
-        val key = SecretKeySpec(keyArray, "AES")
-
-        // Generate IV
-        val ivArray = ByteArray(16)
-        mRand.nextBytes(ivArray)
-        val iv = IvParameterSpec(ivArray)
-
-        val android = CipherFactory.getInstance("AES/CBC/PKCS5Padding", true)
-        android.init(Cipher.ENCRYPT_MODE, key, iv)
-        val outAndroid = android.doFinal(input, 0, dataSize)
-
-        val nat = CipherFactory.getInstance("AES/CBC/PKCS5Padding")
-        nat.init(Cipher.ENCRYPT_MODE, key, iv)
-        val outNative = nat.doFinal(input, 0, dataSize)
-
-        assertArrayEquals("Arrays differ on size: $dataSize", outAndroid, outNative)
-    }
-}

app/src/androidTest/java/com/kunzisoft/keepass/tests/crypto/EncryptionTest.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2017 Brian Pellin, Jeremy Jamet / Kunzisoft.
+ * Copyright 2021 Jeremy Jamet / Kunzisoft.
  *
  * This file is part of KeePassDX.
  *
@@ -19,44 +19,32 @@
  */
 package com.kunzisoft.keepass.tests.crypto
 
+import com.kunzisoft.keepass.utils.readBytesLength
+import com.kunzisoft.keepass.database.crypto.EncryptionAlgorithm
 import org.junit.Assert.assertArrayEquals
-
+import org.junit.Test
 import java.io.ByteArrayInputStream
 import java.io.ByteArrayOutputStream
-import java.io.IOException
+import java.util.*
-import java.security.InvalidAlgorithmParameterException
-import java.security.InvalidKeyException
-import java.security.NoSuchAlgorithmException
-import java.util.Random
-
-import javax.crypto.BadPaddingException
 import javax.crypto.Cipher
+import javax.crypto.CipherInputStream
 import javax.crypto.CipherOutputStream
-import javax.crypto.IllegalBlockSizeException
-import javax.crypto.NoSuchPaddingException
 
-import junit.framework.TestCase
+class EncryptionTest {
-
-import com.kunzisoft.keepass.crypto.CipherFactory
-import com.kunzisoft.keepass.crypto.engine.AesEngine
-import com.kunzisoft.keepass.stream.BetterCipherInputStream
-import com.kunzisoft.keepass.stream.LittleEndianDataInputStream
-
-class CipherTest : TestCase() {
     private val rand = Random()
 
-    @Throws(InvalidKeyException::class, NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidAlgorithmParameterException::class, IllegalBlockSizeException::class, BadPaddingException::class)
+    @Test
     fun testCipherFactory() {
         val key = ByteArray(32)
+        rand.nextBytes(key)
+
         val iv = ByteArray(16)
+        rand.nextBytes(iv)
 
         val plaintext = ByteArray(1024)
-
-        rand.nextBytes(key)
-        rand.nextBytes(iv)
         rand.nextBytes(plaintext)
 
-        val aes = CipherFactory.getInstance(AesEngine.CIPHER_UUID)
+        val aes = EncryptionAlgorithm.AESRijndael.cipherEngine
         val encrypt = aes.getCipher(Cipher.ENCRYPT_MODE, key, iv)
         val decrypt = aes.getCipher(Cipher.DECRYPT_MODE, key, iv)
 
@@ -66,20 +54,20 @@ class CipherTest : TestCase() {
         assertArrayEquals("Encryption and decryption failed", plaintext, decrypttext)
     }
 
-    @Throws(InvalidKeyException::class, NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidAlgorithmParameterException::class, IllegalBlockSizeException::class, BadPaddingException::class, IOException::class)
+    @Test
     fun testCipherStreams() {
-        val MESSAGE_LENGTH = 1024
+        val length = 1024
 
         val key = ByteArray(32)
-        val iv = ByteArray(16)
-
-        val plaintext = ByteArray(MESSAGE_LENGTH)
-
         rand.nextBytes(key)
+
+        val iv = ByteArray(16)
         rand.nextBytes(iv)
+
+        val plaintext = ByteArray(length)
         rand.nextBytes(plaintext)
 
-        val aes = CipherFactory.getInstance(AesEngine.CIPHER_UUID)
+        val aes = EncryptionAlgorithm.AESRijndael.cipherEngine
         val encrypt = aes.getCipher(Cipher.ENCRYPT_MODE, key, iv)
         val decrypt = aes.getCipher(Cipher.DECRYPT_MODE, key, iv)
 
@@ -91,10 +79,9 @@ class CipherTest : TestCase() {
         val secrettext = bos.toByteArray()
 
         val bis = ByteArrayInputStream(secrettext)
-        val cis = BetterCipherInputStream(bis, decrypt)
+        val cis = CipherInputStream(bis, decrypt)
-        val lis = LittleEndianDataInputStream(cis)
 
-        val decrypttext = lis.readBytes(MESSAGE_LENGTH)
+        val decrypttext = cis.readBytesLength(length)
 
         assertArrayEquals("Encryption and decryption failed", plaintext, decrypttext)
     }

app/src/androidTest/java/com/kunzisoft/keepass/tests/stream/BinaryDataTest.kt

@@ -2,10 +2,9 @@ package com.kunzisoft.keepass.tests.stream
 
 import android.content.Context
 import androidx.test.platform.app.InstrumentationRegistry
-import com.kunzisoft.keepass.database.element.Database
+import com.kunzisoft.keepass.utils.readAllBytes
-import com.kunzisoft.keepass.database.element.database.BinaryByte
+import com.kunzisoft.keepass.database.element.binary.BinaryCache
-import com.kunzisoft.keepass.database.element.database.BinaryFile
+import com.kunzisoft.keepass.database.element.binary.BinaryFile
-import com.kunzisoft.keepass.stream.readAllBytes
 import com.kunzisoft.keepass.utils.UriUtil
 import junit.framework.TestCase.assertEquals
 import org.junit.Test
@@ -25,11 +24,11 @@ class BinaryDataTest {
     private val fileB = File(cacheDirectory, TEST_FILE_CACHE_B)
     private val fileC = File(cacheDirectory, TEST_FILE_CACHE_C)
 
-    private val loadedKey = Database.LoadedKey.generateNewCipherKey()
+    private val binaryCache = BinaryCache()
 
     private fun saveBinary(asset: String, binaryData: BinaryFile) {
         context.assets.open(asset).use { assetInputStream ->
-            binaryData.getOutputDataStream(loadedKey).use { binaryOutputStream ->
+            binaryData.getOutputDataStream(binaryCache).use { binaryOutputStream ->
                 assetInputStream.readAllBytes(DEFAULT_BUFFER_SIZE) { buffer ->
                     binaryOutputStream.write(buffer)
                 }
@@ -65,11 +64,11 @@ class BinaryDataTest {
         saveBinary(TEST_TEXT_ASSET, binaryA)
         saveBinary(TEST_TEXT_ASSET, binaryB)
         saveBinary(TEST_TEXT_ASSET, binaryC)
-        binaryA.compress(loadedKey)
+        binaryA.compress(binaryCache)
-        binaryB.compress(loadedKey)
+        binaryB.compress(binaryCache)
         assertEquals("Compress text length failed.", binaryA.getSize(), binaryB.getSize())
         assertEquals("Compress text MD5 failed.", binaryA.binaryHash(), binaryB.binaryHash())
-        binaryB.decompress(loadedKey)
+        binaryB.decompress(binaryCache)
         assertEquals("Decompress text length failed.", binaryB.getSize(), binaryC.getSize())
         assertEquals("Decompress text MD5 failed.", binaryB.binaryHash(), binaryC.binaryHash())
     }
@@ -82,29 +81,46 @@ class BinaryDataTest {
         saveBinary(TEST_IMAGE_ASSET, binaryA)
         saveBinary(TEST_IMAGE_ASSET, binaryB)
         saveBinary(TEST_IMAGE_ASSET, binaryC)
-        binaryA.compress(loadedKey)
+        binaryA.compress(binaryCache)
-        binaryB.compress(loadedKey)
+        binaryB.compress(binaryCache)
         assertEquals("Compress image length failed.", binaryA.getSize(), binaryA.getSize())
         assertEquals("Compress image failed.", binaryA.binaryHash(), binaryA.binaryHash())
         binaryB = BinaryFile(fileB, true)
-        binaryB.decompress(loadedKey)
+        binaryB.decompress(binaryCache)
         assertEquals("Decompress image length failed.", binaryB.getSize(), binaryC.getSize())
         assertEquals("Decompress image failed.", binaryB.binaryHash(), binaryC.binaryHash())
     }
 
     @Test
     fun testCompressBytes() {
+        // Test random byte array
         val byteArray = ByteArray(50)
         Random.nextBytes(byteArray)
-        val binaryA = BinaryByte(byteArray)
+        testCompressBytes(byteArray)
-        val binaryB = BinaryByte(byteArray)
+
-        val binaryC = BinaryByte(byteArray)
+        // Test empty byte array
-        binaryA.compress(loadedKey)
+        testCompressBytes(ByteArray(0))
-        binaryB.compress(loadedKey)
+    }
+
+    private fun testCompressBytes(byteArray: ByteArray) {
+        val binaryA = binaryCache.getBinaryData("0", true)
+        binaryA.getOutputDataStream(binaryCache).use { outputStream ->
+            outputStream.write(byteArray)
+        }
+        val binaryB = binaryCache.getBinaryData("1", true)
+        binaryB.getOutputDataStream(binaryCache).use { outputStream ->
+            outputStream.write(byteArray)
+        }
+        val binaryC = binaryCache.getBinaryData("2", true)
+        binaryC.getOutputDataStream(binaryCache).use { outputStream ->
+            outputStream.write(byteArray)
+        }
+        binaryA.compress(binaryCache)
+        binaryB.compress(binaryCache)
         assertEquals("Compress bytes decompressed failed.", binaryA.isCompressed, true)
         assertEquals("Compress bytes length failed.", binaryA.getSize(), binaryA.getSize())
         assertEquals("Compress bytes failed.", binaryA.binaryHash(), binaryA.binaryHash())
-        binaryB.decompress(loadedKey)
+        binaryB.decompress(binaryCache)
         assertEquals("Decompress bytes decompressed failed.", binaryB.isCompressed, false)
         assertEquals("Decompress bytes length failed.", binaryB.getSize(), binaryC.getSize())
         assertEquals("Decompress bytes failed.", binaryB.binaryHash(), binaryC.binaryHash())
@@ -115,7 +131,7 @@ class BinaryDataTest {
         val binaryA = BinaryFile(fileA)
         saveBinary(TEST_TEXT_ASSET, binaryA)
         assert(streamAreEquals(context.assets.open(TEST_TEXT_ASSET),
-                binaryA.getInputDataStream(loadedKey)))
+                binaryA.getInputDataStream(binaryCache)))
     }
 
     @Test
@@ -123,7 +139,7 @@ class BinaryDataTest {
         val binaryA = BinaryFile(fileA)
         saveBinary(TEST_IMAGE_ASSET, binaryA)
         assert(streamAreEquals(context.assets.open(TEST_IMAGE_ASSET),
-                binaryA.getInputDataStream(loadedKey)))
+                binaryA.getInputDataStream(binaryCache)))
     }
 
     private fun streamAreEquals(inputStreamA: InputStream,

app/src/androidTest/java/com/kunzisoft/keepass/tests/utils/UUIDTest.kt

@@ -0,0 +1,15 @@
+package com.kunzisoft.keepass.tests.utils
+
+import com.kunzisoft.keepass.utils.UuidUtil
+import junit.framework.TestCase
+import java.util.*
+
+class UUIDTest: TestCase() {
+
+    fun testUUID() {
+        val randomUUID = UUID.randomUUID()
+        val hexStringUUID = UuidUtil.toHexString(randomUUID)
+        val retrievedUUID = UuidUtil.fromHexString(hexStringUUID)
+        assertEquals(randomUUID, retrievedUUID)
+    }
+}

app/src/androidTest/java/com/kunzisoft/keepass/tests/utils/ValuesTest.kt

@@ -20,9 +20,7 @@
 package com.kunzisoft.keepass.tests.utils
 
 import com.kunzisoft.keepass.database.element.DateInstant
-import com.kunzisoft.keepass.stream.*
+import com.kunzisoft.keepass.utils.*
-import com.kunzisoft.keepass.utils.UnsignedInt
-import com.kunzisoft.keepass.utils.UnsignedLong
 import junit.framework.TestCase
 import org.junit.Assert.assertArrayEquals
 import java.io.ByteArrayOutputStream
@@ -54,7 +52,7 @@ class ValuesTest : TestCase() {
         val orig = ByteArray(8)
         setArray(orig, value, 8)
 
-        assertArrayEquals(orig, longTo8Bytes(bytes64ToLong(orig)))
+        assertArrayEquals(orig, uLongTo8Bytes(bytes64ToULong(orig)))
     }
 
     fun testReadWriteIntZero() {
@@ -133,7 +131,7 @@ class ValuesTest : TestCase() {
     }
 
     private fun testReadWriteByte(value: Byte) {
-        val dest: Byte = UnsignedInt(UnsignedInt.fromKotlinByte(value)).toKotlinByte()
+        val dest: Byte = UnsignedInt(value.toInt() and 0xFF).toKotlinByte()
         assert(value == dest)
     }
 
@@ -144,13 +142,11 @@ class ValuesTest : TestCase() {
         expected.set(2008, 1, 2, 3, 4, 5)
 
         val actual = Calendar.getInstance()
-        dateTo5Bytes(expected.time, cal)?.let { buf ->
+        actual.time = DateInstant(bytes5ToDate(dateTo5Bytes(expected.time, cal), cal)).date
-            actual.time = bytes5ToDate(buf, cal).date
-        }
 
         val jDate = DateInstant(System.currentTimeMillis())
         val intermediate = DateInstant(jDate)
-        val cDate = bytes5ToDate(dateTo5Bytes(intermediate.date)!!)
+        val cDate = DateInstant(bytes5ToDate(dateTo5Bytes(intermediate.date)))
 
         assertEquals("Year mismatch: ", 2008, actual.get(Calendar.YEAR))
         assertEquals("Month mismatch: ", 1, actual.get(Calendar.MONTH))
@@ -183,12 +179,10 @@ class ValuesTest : TestCase() {
             ulongBytes[i] = -1
         }
 
-        val bos = ByteArrayOutputStream()
+        val byteArrayOutputStream = ByteArrayOutputStream()
-        val leos = LittleEndianDataOutputStream(bos)
+        byteArrayOutputStream.write(UnsignedLong.MAX_BYTES)
-        leos.writeLong(UnsignedLong.MAX_VALUE)
+        byteArrayOutputStream.close()
-        leos.close()
+        val uLongMax = byteArrayOutputStream.toByteArray()
-
-        val uLongMax = bos.toByteArray()
 
         assertArrayEquals(ulongBytes, uLongMax)
     }

app/src/main/java/com/kunzisoft/keepass/activities/EntryActivity.kt

@@ -39,6 +39,7 @@ import androidx.coordinatorlayout.widget.CoordinatorLayout
 import com.google.android.material.appbar.CollapsingToolbarLayout
 import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.activities.helpers.ReadOnlyHelper
+import com.kunzisoft.keepass.activities.helpers.ExternalFileHelper
 import com.kunzisoft.keepass.activities.helpers.SpecialMode
 import com.kunzisoft.keepass.activities.lock.LockingActivity
 import com.kunzisoft.keepass.activities.lock.resetAppTimeoutWhenViewFocusedOrChanged
@@ -93,6 +94,8 @@ class EntryActivity : LockingActivity() {
     private var clipboardHelper: ClipboardHelper? = null
     private var mFirstLaunchOfActivity: Boolean = false
 
+    private var mExternalFileHelper: ExternalFileHelper? = null
+
     private var iconColor: Int = 0
 
     override fun onCreate(savedInstanceState: Bundle?) {
@@ -125,7 +128,7 @@ class EntryActivity : LockingActivity() {
         historyView = findViewById(R.id.history_container)
         entryContentsView = findViewById(R.id.entry_contents)
         entryContentsView?.applyFontVisibilityToFields(PreferencesUtil.fieldFontIsInVisibility(this))
-        entryContentsView?.setAttachmentCipherKey(mDatabase?.loadedCipherKey)
+        entryContentsView?.setAttachmentCipherKey(mDatabase)
         entryProgress = findViewById(R.id.entry_progress)
         lockView = findViewById(R.id.lock_button)
 
@@ -140,6 +143,9 @@ class EntryActivity : LockingActivity() {
         clipboardHelper = ClipboardHelper(this)
         mFirstLaunchOfActivity = savedInstanceState?.getBoolean(KEY_FIRST_LAUNCH_ACTIVITY) ?: true
 
+        // Init SAF manager
+        mExternalFileHelper = ExternalFileHelper(this)
+
         // Init attachment service binder manager
         mAttachmentFileBinderManager = AttachmentFileBinderManager(this)
 
@@ -344,7 +350,7 @@ class EntryActivity : LockingActivity() {
 
         // Manage attachments
         entryContentsView?.assignAttachments(entryInfo.attachments.toSet(), StreamDirection.DOWNLOAD) { attachmentItem ->
-            createDocument(this, attachmentItem.name)?.let { requestCode ->
+            mExternalFileHelper?.createDocument(attachmentItem.name)?.let { requestCode ->
                 mAttachmentsToDownload[requestCode] = attachmentItem
             }
         }
@@ -380,7 +386,7 @@ class EntryActivity : LockingActivity() {
                 }
         }
 
-        onCreateDocumentResult(requestCode, resultCode, data) { createdFileUri ->
+        mExternalFileHelper?.onCreateDocumentResult(requestCode, resultCode, data) { createdFileUri ->
             if (createdFileUri != null) {
                 mAttachmentsToDownload[requestCode]?.let { attachmentToDownload ->
                     mAttachmentFileBinderManager

app/src/main/java/com/kunzisoft/keepass/activities/EntryEditActivity.kt

@@ -45,7 +45,7 @@ import com.kunzisoft.keepass.activities.dialogs.*
 import com.kunzisoft.keepass.activities.dialogs.FileTooBigDialogFragment.Companion.MAX_WARNING_BINARY_FILE
 import com.kunzisoft.keepass.activities.fragments.EntryEditFragment
 import com.kunzisoft.keepass.activities.helpers.EntrySelectionHelper
-import com.kunzisoft.keepass.activities.helpers.SelectFileHelper
+import com.kunzisoft.keepass.activities.helpers.ExternalFileHelper
 import com.kunzisoft.keepass.activities.lock.LockingActivity
 import com.kunzisoft.keepass.activities.lock.resetAppTimeoutWhenViewFocusedOrChanged
 import com.kunzisoft.keepass.autofill.AutofillComponent
@@ -103,7 +103,7 @@ class EntryEditActivity : LockingActivity(),
     private var lockView: View? = null
 
     // To manage attachments
-    private var mSelectFileHelper: SelectFileHelper? = null
+    private var mExternalFileHelper: ExternalFileHelper? = null
     private var mAttachmentFileBinderManager: AttachmentFileBinderManager? = null
     private var mAllowMultipleAttachments: Boolean = false
     private var mTempAttachments = ArrayList<EntryAttachmentState>()
@@ -202,7 +202,7 @@ class EntryEditActivity : LockingActivity(),
         // Build fragment to manage entry modification
         entryEditFragment = supportFragmentManager.findFragmentByTag(ENTRY_EDIT_FRAGMENT_TAG) as? EntryEditFragment?
         if (entryEditFragment == null) {
-            entryEditFragment = EntryEditFragment.getInstance(tempEntryInfo, mDatabase?.loadedCipherKey)
+            entryEditFragment = EntryEditFragment.getInstance(tempEntryInfo)
         }
         supportFragmentManager.beginTransaction()
                 .replace(R.id.entry_edit_contents, entryEditFragment!!, ENTRY_EDIT_FRAGMENT_TAG)
@@ -241,7 +241,7 @@ class EntryEditActivity : LockingActivity(),
         }
 
         // To retrieve attachment
-        mSelectFileHelper = SelectFileHelper(this)
+        mExternalFileHelper = ExternalFileHelper(this)
         mAttachmentFileBinderManager = AttachmentFileBinderManager(this)
 
         // Save button
@@ -458,8 +458,8 @@ class EntryEditActivity : LockingActivity(),
     /**
      * Add a new attachment
      */
-    private fun addNewAttachment(item: MenuItem) {
+    private fun addNewAttachment() {
-        mSelectFileHelper?.selectFileOnClickViewListener?.onMenuItemClick(item)
+        mExternalFileHelper?.openDocument()
     }
 
     override fun onValidateUploadFileTooBig(attachmentToUploadUri: Uri?, fileName: String?) {
@@ -485,7 +485,7 @@ class EntryEditActivity : LockingActivity(),
 
     private fun buildNewAttachment(attachmentToUploadUri: Uri, fileName: String) {
         val compression = mDatabase?.compressionForNewEntry() ?: false
-        mDatabase?.buildNewBinaryAttachment(UriUtil.getBinaryDir(this), compression)?.let { binaryAttachment ->
+        mDatabase?.buildNewBinaryAttachment(compression)?.let { binaryAttachment ->
             val entryAttachment = Attachment(fileName, binaryAttachment)
             // Ask to replace the current attachment
             if ((mDatabase?.allowMultipleAttachments != true && entryEditFragment?.containsAttachment() == true) ||
@@ -505,7 +505,7 @@ class EntryEditActivity : LockingActivity(),
             entryEditFragment?.icon = icon
         }
 
-        mSelectFileHelper?.onActivityResultCallback(requestCode, resultCode, data) { uri ->
+        mExternalFileHelper?.onOpenDocumentResult(requestCode, resultCode, data) { uri ->
             uri?.let { attachmentToUploadUri ->
                 UriUtil.getFileData(this, attachmentToUploadUri)?.also { documentFile ->
                     documentFile.name?.let { fileName ->
@@ -655,7 +655,7 @@ class EntryEditActivity : LockingActivity(),
                         && entryEditActivityEducation.checkAndPerformedAttachmentEducation(
                         attachmentView,
                         {
-                            mSelectFileHelper?.selectFileOnClickViewListener?.onClick(attachmentView)
+                            mExternalFileHelper?.openDocument()
                         },
                         {
                             performedNextEducation(entryEditActivityEducation)
@@ -683,7 +683,7 @@ class EntryEditActivity : LockingActivity(),
                 return true
             }
             R.id.menu_add_attachment -> {
-                addNewAttachment(item)
+                addNewAttachment()
                 return true
             }
             R.id.menu_add_otp -> {

app/src/main/java/com/kunzisoft/keepass/activities/FileDatabaseSelectActivity.kt

@@ -42,8 +42,9 @@ import com.google.android.material.snackbar.Snackbar
 import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.activities.dialogs.AssignMasterKeyDialogFragment
 import com.kunzisoft.keepass.activities.helpers.EntrySelectionHelper
-import com.kunzisoft.keepass.activities.helpers.SelectFileHelper
+import com.kunzisoft.keepass.activities.helpers.ExternalFileHelper
 import com.kunzisoft.keepass.activities.helpers.SpecialMode
+import com.kunzisoft.keepass.activities.helpers.setOpenDocumentClickListener
 import com.kunzisoft.keepass.activities.selection.SpecialModeActivity
 import com.kunzisoft.keepass.adapters.FileDatabaseHistoryAdapter
 import com.kunzisoft.keepass.app.database.FileDatabaseHistoryAction
@@ -82,7 +83,7 @@ class FileDatabaseSelectActivity : SpecialModeActivity(),
 
     private var mDatabaseFileUri: Uri? = null
 
-    private var mSelectFileHelper: SelectFileHelper? = null
+    private var mExternalFileHelper: ExternalFileHelper? = null
 
     private var mProgressDatabaseTaskProvider: ProgressDatabaseTaskProvider? = null
 
@@ -103,14 +104,9 @@ class FileDatabaseSelectActivity : SpecialModeActivity(),
         createDatabaseButtonView?.setOnClickListener { createNewFile() }
 
         // Open database button
-        mSelectFileHelper = SelectFileHelper(this)
+        mExternalFileHelper = ExternalFileHelper(this)
         openDatabaseButtonView = findViewById(R.id.open_keyfile_button)
-        openDatabaseButtonView?.apply {
+        openDatabaseButtonView?.setOpenDocumentClickListener(mExternalFileHelper)
-            mSelectFileHelper?.selectFileOnClickViewListener?.let {
-                setOnClickListener(it)
-                setOnLongClickListener(it)
-            }
-        }
 
         // History list
         val fileDatabaseHistoryRecyclerView = findViewById<RecyclerView>(R.id.file_list)
@@ -162,29 +158,31 @@ class FileDatabaseSelectActivity : SpecialModeActivity(),
 
         // Observe list of databases
         databaseFilesViewModel.databaseFilesLoaded.observe(this) { databaseFiles ->
-            when (databaseFiles.databaseFileAction) {
+            try {
-                DatabaseFilesViewModel.DatabaseFileAction.NONE -> {
+                when (databaseFiles.databaseFileAction) {
-                    mAdapterDatabaseHistory?.replaceAllDatabaseFileHistoryList(databaseFiles.databaseFileList)
+                    DatabaseFilesViewModel.DatabaseFileAction.NONE -> {
-                }
+                        mAdapterDatabaseHistory?.replaceAllDatabaseFileHistoryList(databaseFiles.databaseFileList)
-                DatabaseFilesViewModel.DatabaseFileAction.ADD -> {
-                    databaseFiles.databaseFileToActivate?.let { databaseFileToAdd ->
-                        mAdapterDatabaseHistory?.addDatabaseFileHistory(databaseFileToAdd)
                     }
-                    GroupActivity.launch(this@FileDatabaseSelectActivity,
+                    DatabaseFilesViewModel.DatabaseFileAction.ADD -> {
-                            PreferencesUtil.enableReadOnlyDatabase(this@FileDatabaseSelectActivity))
+                        databaseFiles.databaseFileToActivate?.let { databaseFileToAdd ->
-                }
+                            mAdapterDatabaseHistory?.addDatabaseFileHistory(databaseFileToAdd)
-                DatabaseFilesViewModel.DatabaseFileAction.UPDATE -> {
+                        }
-                    databaseFiles.databaseFileToActivate?.let { databaseFileToUpdate ->
+                    }
-                        mAdapterDatabaseHistory?.updateDatabaseFileHistory(databaseFileToUpdate)
+                    DatabaseFilesViewModel.DatabaseFileAction.UPDATE -> {
-                    }
+                        databaseFiles.databaseFileToActivate?.let { databaseFileToUpdate ->
-                }
+                            mAdapterDatabaseHistory?.updateDatabaseFileHistory(databaseFileToUpdate)
-                DatabaseFilesViewModel.DatabaseFileAction.DELETE -> {
+                        }
-                    databaseFiles.databaseFileToActivate?.let { databaseFileToDelete ->
+                    }
-                        mAdapterDatabaseHistory?.deleteDatabaseFileHistory(databaseFileToDelete)
+                    DatabaseFilesViewModel.DatabaseFileAction.DELETE -> {
+                        databaseFiles.databaseFileToActivate?.let { databaseFileToDelete ->
+                            mAdapterDatabaseHistory?.deleteDatabaseFileHistory(databaseFileToDelete)
+                        }
                     }
                 }
+                databaseFilesViewModel.consumeAction()
+            } catch (e: Exception) {
+                Log.e(TAG, "Unable to observe database action", e)
             }
-            databaseFilesViewModel.consumeAction()
         }
 
         // Observe default database
@@ -202,6 +200,8 @@ class FileDatabaseSelectActivity : SpecialModeActivity(),
                             val mainCredential = result.data?.getParcelable(DatabaseTaskNotificationService.MAIN_CREDENTIAL_KEY) ?: MainCredential()
                             databaseFilesViewModel.addDatabaseFile(databaseUri, mainCredential.keyFileUri)
                         }
+                        GroupActivity.launch(this@FileDatabaseSelectActivity,
+                                PreferencesUtil.enableReadOnlyDatabase(this@FileDatabaseSelectActivity))
                     }
                     ACTION_DATABASE_LOAD_TASK -> {
                         val database = Database.getInstance()
@@ -230,7 +230,7 @@ class FileDatabaseSelectActivity : SpecialModeActivity(),
      * Create a new file by calling the content provider
      */
     private fun createNewFile() {
-        createDocument(this, getString(R.string.database_file_name_default) +
+        mExternalFileHelper?.createDocument( getString(R.string.database_file_name_default) +
                 getString(R.string.database_file_extension_default), "application/x-keepass")
     }
 
@@ -282,7 +282,7 @@ class FileDatabaseSelectActivity : SpecialModeActivity(),
         // Show open and create button or special mode
         when (mSpecialMode) {
             SpecialMode.DEFAULT -> {
-                if (allowCreateDocumentByStorageAccessFramework(packageManager)) {
+                if (ExternalFileHelper.allowCreateDocumentByStorageAccessFramework(packageManager)) {
                     // There is an activity which can handle this intent.
                     createDatabaseButtonView?.visibility = View.VISIBLE
                 } else{
@@ -355,14 +355,14 @@ class FileDatabaseSelectActivity : SpecialModeActivity(),
             AutofillHelper.onActivityResultSetResultAndFinish(this, requestCode, resultCode, data)
         }
 
-        mSelectFileHelper?.onActivityResultCallback(requestCode, resultCode, data) { uri ->
+        mExternalFileHelper?.onOpenDocumentResult(requestCode, resultCode, data) { uri ->
             if (uri != null) {
                 launchPasswordActivityWithPath(uri)
             }
         }
 
         // Retrieve the created URI from the file manager
-        onCreateDocumentResult(requestCode, resultCode, data) { databaseFileCreatedUri ->
+        mExternalFileHelper?.onCreateDocumentResult(requestCode, resultCode, data) { databaseFileCreatedUri ->
             mDatabaseFileUri = databaseFileCreatedUri
             if (mDatabaseFileUri != null) {
                 AssignMasterKeyDialogFragment.getInstance(true)
@@ -390,9 +390,10 @@ class FileDatabaseSelectActivity : SpecialModeActivity(),
     private fun performedNextEducation(fileDatabaseSelectActivityEducation: FileDatabaseSelectActivityEducation) {
         // If no recent files
         val createDatabaseEducationPerformed =
-                createDatabaseButtonView != null && createDatabaseButtonView!!.visibility == View.VISIBLE
+                createDatabaseButtonView != null
+                && createDatabaseButtonView!!.visibility == View.VISIBLE
                 && mAdapterDatabaseHistory != null
-                && mAdapterDatabaseHistory!!.itemCount > 0
+                && mAdapterDatabaseHistory!!.itemCount == 0
                 && fileDatabaseSelectActivityEducation.checkAndPerformedCreateDatabaseEducation(
                         createDatabaseButtonView!!,
                 {
@@ -407,9 +408,9 @@ class FileDatabaseSelectActivity : SpecialModeActivity(),
             openDatabaseButtonView != null
                     && fileDatabaseSelectActivityEducation.checkAndPerformedSelectDatabaseEducation(
                     openDatabaseButtonView!!,
-                    {tapTargetView ->
+                    { tapTargetView ->
                         tapTargetView?.let {
-                            mSelectFileHelper?.selectFileOnClickViewListener?.onClick(it)
+                            mExternalFileHelper?.openDocument()
                         }
                     },
                     {}

app/src/main/java/com/kunzisoft/keepass/activities/GroupActivity.kt

@@ -812,74 +812,75 @@ class GroupActivity : LockingActivity(),
 
     override fun onPasteMenuClick(pasteMode: ListNodesFragment.PasteMode?,
                                   nodes: List<Node>): Boolean {
-        // Move or copy only if allowed (in root if allowed)
+        when (pasteMode) {
-        if (mCurrentGroup != mDatabase?.rootGroup
+            ListNodesFragment.PasteMode.PASTE_FROM_COPY -> {
-                || mDatabase?.rootCanContainsEntry() == true) {
+                // Copy
-
+                mCurrentGroup?.let { newParent ->
-            when (pasteMode) {
+                    mProgressDatabaseTaskProvider?.startDatabaseCopyNodes(
-                ListNodesFragment.PasteMode.PASTE_FROM_COPY -> {
+                            nodes,
-                    // Copy
+                            newParent,
-                    mCurrentGroup?.let { newParent ->
+                            !mReadOnly && mAutoSaveEnable
-                        mProgressDatabaseTaskProvider?.startDatabaseCopyNodes(
+                    )
-                                nodes,
-                                newParent,
-                                !mReadOnly && mAutoSaveEnable
-                        )
-                    }
-                }
-                ListNodesFragment.PasteMode.PASTE_FROM_MOVE -> {
-                    // Move
-                    mCurrentGroup?.let { newParent ->
-                        mProgressDatabaseTaskProvider?.startDatabaseMoveNodes(
-                                nodes,
-                                newParent,
-                                !mReadOnly && mAutoSaveEnable
-                        )
-                    }
-                }
-                else -> {
                 }
             }
-        } else {
+            ListNodesFragment.PasteMode.PASTE_FROM_MOVE -> {
-            coordinatorLayout?.let { coordinatorLayout ->
+                // Move
-                Snackbar.make(coordinatorLayout,
+                mCurrentGroup?.let { newParent ->
-                        R.string.error_copy_entry_here,
+                    mProgressDatabaseTaskProvider?.startDatabaseMoveNodes(
-                        Snackbar.LENGTH_LONG).asError().show()
+                            nodes,
+                            newParent,
+                            !mReadOnly && mAutoSaveEnable
+                    )
+                }
             }
+            else -> {}
         }
         finishNodeAction()
         return true
     }
 
+    private fun eachNodeRecyclable(nodes: List<Node>): Boolean {
+        mDatabase?.let { database ->
+            return nodes.find { node ->
+                var cannotRecycle = true
+                if (node is Entry) {
+                    cannotRecycle = !database.canRecycle(node)
+                } else if (node is Group) {
+                    cannotRecycle = !database.canRecycle(node)
+                }
+                cannotRecycle
+            } == null
+        }
+        return false
+    }
+
     private fun deleteNodes(nodes: List<Node>, recycleBin: Boolean = false): Boolean {
-        val database = mDatabase
+        mDatabase?.let { database ->
 
-        // If recycle bin enabled, ensure it exists
+            // If recycle bin enabled, ensure it exists
-        if (database != null && database.isRecycleBinEnabled) {
+            if (database.isRecycleBinEnabled) {
-            database.ensureRecycleBinExists(resources)
+                database.ensureRecycleBinExists(resources)
-        }
-
-        // If recycle bin enabled and not in recycle bin, move in recycle bin
-        if (database != null
-                && database.isRecycleBinEnabled
-                && database.recycleBin != mCurrentGroup) {
-
-            mProgressDatabaseTaskProvider?.startDatabaseDeleteNodes(
-                    nodes,
-                    !mReadOnly && mAutoSaveEnable
-            )
-        }
-        // else open the dialog to confirm deletion
-        else {
-            val deleteNodesDialogFragment: DeleteNodesDialogFragment =
-            if (recycleBin) {
-                EmptyRecycleBinDialogFragment.getInstance(nodes)
-            } else {
-                DeleteNodesDialogFragment.getInstance(nodes)
             }
-            deleteNodesDialogFragment.show(supportFragmentManager, "deleteNodesDialogFragment")
+
+            // If recycle bin enabled and not in recycle bin, move in recycle bin
+            if (eachNodeRecyclable(nodes)) {
+                mProgressDatabaseTaskProvider?.startDatabaseDeleteNodes(
+                        nodes,
+                        !mReadOnly && mAutoSaveEnable
+                )
+            }
+            // else open the dialog to confirm deletion
+            else {
+                val deleteNodesDialogFragment: DeleteNodesDialogFragment =
+                        if (recycleBin) {
+                            EmptyRecycleBinDialogFragment.getInstance(nodes)
+                        } else {
+                            DeleteNodesDialogFragment.getInstance(nodes)
+                        }
+                deleteNodesDialogFragment.show(supportFragmentManager, "deleteNodesDialogFragment")
+            }
+            finishNodeAction()
         }
-        finishNodeAction()
         return true
     }
 
@@ -1076,6 +1077,16 @@ class GroupActivity : LockingActivity(),
         }
     }
 
+    override fun isValidGroupName(name: String): GroupEditDialogFragment.Error {
+        if (name.isEmpty()) {
+            return GroupEditDialogFragment.Error(true, R.string.error_no_name)
+        }
+        if (mDatabase?.groupNamesNotAllowed?.find { it.equals(name, ignoreCase = true) } != null) {
+            return GroupEditDialogFragment.Error(true, R.string.error_word_reserved)
+        }
+        return GroupEditDialogFragment.Error(false, null)
+    }
+
     override fun approveEditGroup(action: GroupEditDialogFragment.EditGroupDialogAction,
                                   groupInfo: GroupInfo) {
 

app/src/main/java/com/kunzisoft/keepass/activities/IconPickerActivity.kt

@@ -34,7 +34,8 @@ import androidx.fragment.app.commit
 import com.google.android.material.snackbar.Snackbar
 import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.activities.fragments.IconPickerFragment
-import com.kunzisoft.keepass.activities.helpers.SelectFileHelper
+import com.kunzisoft.keepass.activities.helpers.ExternalFileHelper
+import com.kunzisoft.keepass.activities.helpers.setOpenDocumentClickListener
 import com.kunzisoft.keepass.activities.lock.LockingActivity
 import com.kunzisoft.keepass.activities.lock.resetAppTimeoutWhenViewFocusedOrChanged
 import com.kunzisoft.keepass.database.element.Database
@@ -66,7 +67,7 @@ class IconPickerActivity : LockingActivity() {
 
     private var mDatabase: Database? = null
 
-    private var mSelectFileHelper: SelectFileHelper? = null
+    private var mExternalFileHelper: ExternalFileHelper? = null
 
     override fun onCreate(savedInstanceState: Bundle?) {
         super.onCreate(savedInstanceState)
@@ -84,15 +85,11 @@ class IconPickerActivity : LockingActivity() {
 
         coordinatorLayout = findViewById(R.id.icon_picker_coordinator)
 
+        mExternalFileHelper = ExternalFileHelper(this)
+
         uploadButton = findViewById(R.id.icon_picker_upload)
         if (mDatabase?.allowCustomIcons == true) {
-            uploadButton.setOnClickListener {
+            uploadButton.setOpenDocumentClickListener(mExternalFileHelper)
-                mSelectFileHelper?.selectFileOnClickViewListener?.onClick(it)
-            }
-            uploadButton.setOnLongClickListener {
-                mSelectFileHelper?.selectFileOnClickViewListener?.onLongClick(it)
-                true
-            }
         } else {
             uploadButton.visibility = View.GONE
         }
@@ -124,8 +121,6 @@ class IconPickerActivity : LockingActivity() {
         // Focus view to reinitialize timeout
         findViewById<ViewGroup>(R.id.icon_picker_container)?.resetAppTimeoutWhenViewFocusedOrChanged(this)
 
-        mSelectFileHelper = SelectFileHelper(this)
-
         iconPickerViewModel.standardIconPicked.observe(this) { iconStandard ->
             mIconImage.standard = iconStandard
             // Remove the custom icon if a standard one is selected
@@ -229,21 +224,26 @@ class IconPickerActivity : LockingActivity() {
                         if (documentFile.length() > MAX_ICON_SIZE) {
                             iconCustomState.errorStringId = R.string.error_file_to_big
                         } else {
-                            mDatabase?.buildNewCustomIcon(UriUtil.getBinaryDir(this@IconPickerActivity)) { customIcon, binary ->
+                            mDatabase?.buildNewCustomIcon { customIcon, binary ->
                                 if (customIcon != null) {
                                     iconCustomState.iconCustom = customIcon
-                                    BinaryDatabaseManager.resizeBitmapAndStoreDataInBinaryFile(contentResolver,
+                                    mDatabase?.let { database ->
-                                            iconToUploadUri, binary)
+                                        BinaryDatabaseManager.resizeBitmapAndStoreDataInBinaryFile(
-                                    when {
+                                                contentResolver,
-                                        binary == null -> {
+                                                database,
-                                        }
+                                                iconToUploadUri,
-                                        binary.getSize() <= 0 -> {
+                                                binary)
-                                        }
+                                        when {
-                                        mDatabase?.isCustomIconBinaryDuplicate(binary) == true -> {
+                                            binary == null -> {
-                                            iconCustomState.errorStringId = R.string.error_duplicate_file
+                                            }
-                                        }
+                                            binary.getSize() <= 0 -> {
-                                        else -> {
+                                            }
-                                            iconCustomState.error = false
+                                            database.isCustomIconBinaryDuplicate(binary) -> {
+                                                iconCustomState.errorStringId = R.string.error_duplicate_file
+                                            }
+                                            else -> {
+                                                iconCustomState.error = false
+                                            }
                                         }
                                     }
                                     if (iconCustomState.error) {
@@ -276,7 +276,7 @@ class IconPickerActivity : LockingActivity() {
     override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?) {
         super.onActivityResult(requestCode, resultCode, data)
 
-        mSelectFileHelper?.onActivityResultCallback(requestCode, resultCode, data) { uri ->
+        mExternalFileHelper?.onOpenDocumentResult(requestCode, resultCode, data) { uri ->
             addCustomIcon(uri)
         }
     }

app/src/main/java/com/kunzisoft/keepass/activities/ImageViewerActivity.kt

@@ -39,6 +39,8 @@ import kotlin.math.max
 
 class ImageViewerActivity : LockingActivity() {
 
+    private var mDatabase: Database? = null
+
     override fun onCreate(savedInstanceState: Bundle?) {
         super.onCreate(savedInstanceState)
 
@@ -59,23 +61,29 @@ class ImageViewerActivity : LockingActivity() {
                 resources.displayMetrics.heightPixels * 2
         )
 
+        mDatabase = Database.getInstance()
+
         try {
             progressView.visibility = View.VISIBLE
             intent.getParcelableExtra<Attachment>(IMAGE_ATTACHMENT_TAG)?.let { attachment ->
 
                 supportActionBar?.title = attachment.name
-                supportActionBar?.subtitle = Formatter.formatFileSize(this, attachment.binaryData.getSize())
 
-                BinaryDatabaseManager.loadBitmap(
+                val size = attachment.binaryData.getSize()
-                        attachment.binaryData,
+                supportActionBar?.subtitle = Formatter.formatFileSize(this, size)
-                        Database.getInstance().loadedCipherKey,
+
-                        mImagePreviewMaxWidth
+                mDatabase?.let { database ->
-                ) { bitmapLoaded ->
+                    BinaryDatabaseManager.loadBitmap(
-                    if (bitmapLoaded == null) {
+                            database,
-                        finish()
+                            attachment.binaryData,
-                    } else {
+                            mImagePreviewMaxWidth
-                        progressView.visibility = View.GONE
+                    ) { bitmapLoaded ->
-                        imageView.setImageBitmap(bitmapLoaded)
+                        if (bitmapLoaded == null) {
+                            finish()
+                        } else {
+                            progressView.visibility = View.GONE
+                            imageView.setImageBitmap(bitmapLoaded)
+                        }
                     }
                 }
             } ?: finish()

app/src/main/java/com/kunzisoft/keepass/activities/PasswordActivity.kt

@@ -42,10 +42,7 @@ import androidx.fragment.app.commit
 import com.google.android.material.snackbar.Snackbar
 import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.activities.dialogs.DuplicateUuidDialog
-import com.kunzisoft.keepass.activities.helpers.EntrySelectionHelper
+import com.kunzisoft.keepass.activities.helpers.*
-import com.kunzisoft.keepass.activities.helpers.ReadOnlyHelper
-import com.kunzisoft.keepass.activities.helpers.SelectFileHelper
-import com.kunzisoft.keepass.activities.helpers.SpecialMode
 import com.kunzisoft.keepass.activities.lock.LockingActivity
 import com.kunzisoft.keepass.activities.selection.SpecialModeActivity
 import com.kunzisoft.keepass.app.database.CipherDatabaseEntity
@@ -95,7 +92,7 @@ open class PasswordActivity : SpecialModeActivity(), AdvancedUnlockFragment.Buil
     private var mDatabaseKeyFileUri: Uri? = null
 
     private var mRememberKeyFile: Boolean = false
-    private var mSelectFileHelper: SelectFileHelper? = null
+    private var mExternalFileHelper: ExternalFileHelper? = null
 
     private var mPermissionAsked = false
     private var readOnly: Boolean = false
@@ -138,13 +135,8 @@ open class PasswordActivity : SpecialModeActivity(), AdvancedUnlockFragment.Buil
         readOnly = ReadOnlyHelper.retrieveReadOnlyFromInstanceStateOrPreference(this, savedInstanceState)
         mRememberKeyFile = PreferencesUtil.rememberKeyFileLocations(this)
 
-        mSelectFileHelper = SelectFileHelper(this@PasswordActivity)
+        mExternalFileHelper = ExternalFileHelper(this@PasswordActivity)
-        keyFileSelectionView?.apply {
+        keyFileSelectionView?.setOpenDocumentClickListener(mExternalFileHelper)
-            mSelectFileHelper?.selectFileOnClickViewListener?.let {
-                setOnClickListener(it)
-                setOnLongClickListener(it)
-            }
-        }
 
         passwordView?.setOnEditorActionListener(onEditorActionListener)
         passwordView?.addTextChangedListener(object : TextWatcher {
@@ -702,8 +694,8 @@ open class PasswordActivity : SpecialModeActivity(), AdvancedUnlockFragment.Buil
         }
 
         var keyFileResult = false
-        mSelectFileHelper?.let {
+        mExternalFileHelper?.let {
-            keyFileResult = it.onActivityResultCallback(requestCode, resultCode, data
+            keyFileResult = it.onOpenDocumentResult(requestCode, resultCode, data
             ) { uri ->
                 if (uri != null) {
                     mDatabaseKeyFileUri = uri

app/src/main/java/com/kunzisoft/keepass/activities/dialogs/AssignMasterKeyDialogFragment.kt

@@ -30,13 +30,13 @@ import android.text.SpannableStringBuilder
 import android.text.TextWatcher
 import android.view.View
 import android.widget.CompoundButton
-import android.widget.ImageView
 import android.widget.TextView
 import androidx.appcompat.app.AlertDialog
 import androidx.fragment.app.DialogFragment
 import com.google.android.material.textfield.TextInputLayout
 import com.kunzisoft.keepass.R
-import com.kunzisoft.keepass.activities.helpers.SelectFileHelper
+import com.kunzisoft.keepass.activities.helpers.ExternalFileHelper
+import com.kunzisoft.keepass.activities.helpers.setOpenDocumentClickListener
 import com.kunzisoft.keepass.model.MainCredential
 import com.kunzisoft.keepass.utils.UriUtil
 import com.kunzisoft.keepass.view.KeyFileSelectionView
@@ -60,7 +60,7 @@ class AssignMasterKeyDialogFragment : DialogFragment() {
 
     private var mListener: AssignPasswordDialogListener? = null
 
-    private var mSelectFileHelper: SelectFileHelper? = null
+    private var mExternalFileHelper: ExternalFileHelper? = null
 
     private var mEmptyPasswordConfirmationDialog: AlertDialog? = null
     private var mNoKeyConfirmationDialog: AlertDialog? = null
@@ -133,11 +133,8 @@ class AssignMasterKeyDialogFragment : DialogFragment() {
             keyFileCheckBox = rootView?.findViewById(R.id.keyfile_checkox)
             keyFileSelectionView = rootView?.findViewById(R.id.keyfile_selection)
 
-            mSelectFileHelper = SelectFileHelper(this)
+            mExternalFileHelper = ExternalFileHelper(this)
-            keyFileSelectionView?.apply {
+            keyFileSelectionView?.setOpenDocumentClickListener(mExternalFileHelper)
-                setOnClickListener(mSelectFileHelper?.selectFileOnClickViewListener)
-                setOnLongClickListener(mSelectFileHelper?.selectFileOnClickViewListener)
-            }
 
             val dialog = builder.create()
 
@@ -289,7 +286,7 @@ class AssignMasterKeyDialogFragment : DialogFragment() {
     override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?) {
         super.onActivityResult(requestCode, resultCode, data)
 
-        mSelectFileHelper?.onActivityResultCallback(requestCode, resultCode, data) { uri ->
+        mExternalFileHelper?.onOpenDocumentResult(requestCode, resultCode, data) { uri ->
             uri?.let { pathUri ->
                 UriUtil.getFileData(requireContext(), uri)?.length()?.let { lengthFile ->
                     keyFileSelectionView?.error = null

app/src/main/java/com/kunzisoft/keepass/activities/dialogs/GroupEditDialogFragment.kt

@@ -219,14 +219,19 @@ class GroupEditDialogFragment : DialogFragment() {
     }
 
     private fun isValid(): Boolean {
-        if (nameTextView.text.toString().isEmpty()) {
+        val error = mEditGroupListener?.isValidGroupName(nameTextView.text.toString()) ?: Error(false, null)
-            nameTextLayoutView.error = getString(R.string.error_no_name)
+        error.messageId?.let { messageId ->
-            return false
+            nameTextLayoutView.error = getString(messageId)
+        } ?: kotlin.run {
+            nameTextLayoutView.error = null
         }
-        return true
+        return !error.isError
     }
 
+    data class Error(val isError: Boolean, val messageId: Int?)
+
     interface EditGroupListener {
+        fun isValidGroupName(name: String): Error
         fun approveEditGroup(action: EditGroupDialogAction,
                              groupInfo: GroupInfo)
         fun cancelEditGroup(action: EditGroupDialogAction,

app/src/main/java/com/kunzisoft/keepass/activities/fragments/EntryEditFragment.kt

@@ -84,7 +84,6 @@ class EntryEditFragment: StylishFragment() {
 
     // Elements to modify the current entry
     private var mEntryInfo = EntryInfo()
-    private var mBinaryCipherKey: Database.LoadedKey? = null
     private var mLastFocusedEditField: FocusedEditField? = null
     private var mExtraViewToRequestFocus: EditText? = null
 
@@ -122,7 +121,9 @@ class EntryEditFragment: StylishFragment() {
         attachmentsContainerView = rootView.findViewById(R.id.entry_attachments_container)
         attachmentsListView = rootView.findViewById(R.id.entry_attachments_list)
         attachmentsAdapter = EntryAttachmentsItemsAdapter(requireContext())
-        attachmentsAdapter.binaryCipherKey = arguments?.getSerializable(KEY_BINARY_CIPHER_KEY) as? Database.LoadedKey?
+        // TODO retrieve current database with its unique key
+        attachmentsAdapter.database = Database.getInstance()
+        //attachmentsAdapter.database = arguments?.getInt(KEY_DATABASE)
         attachmentsAdapter.onListSizeChangedListener = { previousSize, newSize ->
             if (previousSize > 0 && newSize == 0) {
                 attachmentsContainerView.collapse(true)
@@ -502,7 +503,6 @@ class EntryEditFragment: StylishFragment() {
     override fun onSaveInstanceState(outState: Bundle) {
         populateEntryWithViews()
         outState.putParcelable(KEY_TEMP_ENTRY_INFO, mEntryInfo)
-        outState.putSerializable(KEY_BINARY_CIPHER_KEY, mBinaryCipherKey)
         outState.putParcelable(KEY_LAST_FOCUSED_FIELD, mLastFocusedEditField)
 
         super.onSaveInstanceState(outState)
@@ -510,15 +510,16 @@ class EntryEditFragment: StylishFragment() {
 
     companion object {
         const val KEY_TEMP_ENTRY_INFO = "KEY_TEMP_ENTRY_INFO"
-        const val KEY_BINARY_CIPHER_KEY = "KEY_BINARY_CIPHER_KEY"
+        const val KEY_DATABASE = "KEY_DATABASE"
         const val KEY_LAST_FOCUSED_FIELD = "KEY_LAST_FOCUSED_FIELD"
 
-        fun getInstance(entryInfo: EntryInfo?,
+        fun getInstance(entryInfo: EntryInfo?): EntryEditFragment {
-                        loadedKey: Database.LoadedKey?): EntryEditFragment {
+                        //database: Database?): EntryEditFragment {
             return EntryEditFragment().apply {
                 arguments = Bundle().apply {
                     putParcelable(KEY_TEMP_ENTRY_INFO, entryInfo)
-                    putSerializable(KEY_BINARY_CIPHER_KEY, loadedKey)
+                    // TODO Unique database key database.key
+                    putInt(KEY_DATABASE, 0)
                 }
             }
         }

app/src/main/java/com/kunzisoft/keepass/activities/fragments/ListNodesFragment.kt

@@ -311,13 +311,17 @@ class ListNodesFragment : StylishFragment(), SortDialogFragment.SortSelectionLis
                         menu?.removeItem(R.id.menu_edit)
                     }
 
-                    // Copy and Move (not for groups)
+                    // Move
+                    if (readOnly
+                            || isASearchResult) {
+                        menu?.removeItem(R.id.menu_move)
+                    }
+
+                    // Copy (not allowed for group)
                     if (readOnly
                             || isASearchResult
                             || nodes.any { it.type == Type.GROUP }) {
-                        // TODO Copy For Group
                         menu?.removeItem(R.id.menu_copy)
-                        menu?.removeItem(R.id.menu_move)
                     }
 
                     // Deletion

app/src/main/java/com/kunzisoft/keepass/activities/helpers/ExternalFileHelper.kt

@@ -0,0 +1,254 @@
+/*
+ * Copyright 2019 Jeremy Jamet / Kunzisoft.
+ *
+ * This file is part of KeePassDX.
+ *
+ *  KeePassDX is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  KeePassDX is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+package com.kunzisoft.keepass.activities.helpers
+
+import android.annotation.SuppressLint
+import android.app.Activity.RESULT_OK
+import android.content.Intent
+import android.content.pm.PackageManager
+import android.net.Uri
+import android.os.Build
+import android.util.Log
+import android.view.View
+import androidx.annotation.RequiresApi
+import androidx.fragment.app.Fragment
+import androidx.fragment.app.FragmentActivity
+import com.kunzisoft.keepass.activities.dialogs.FileManagerDialogFragment
+import com.kunzisoft.keepass.utils.UriUtil
+
+class ExternalFileHelper {
+
+    private var activity: FragmentActivity? = null
+    private var fragment: Fragment? = null
+
+    constructor(context: FragmentActivity) {
+        this.activity = context
+        this.fragment = null
+    }
+
+    constructor(context: Fragment) {
+        this.activity = context.activity
+        this.fragment = context
+    }
+
+    fun openDocument(getContent: Boolean = false,
+                     typeString: String = "*/*") {
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
+            try {
+                if (getContent) {
+                    openActivityWithActionGetContent(typeString)
+                } else {
+                    openActivityWithActionOpenDocument(typeString)
+                }
+            } catch (e: Exception) {
+                Log.e(TAG, "Unable to open document", e)
+                showFileManagerDialogFragment()
+            }
+        } else {
+            showFileManagerDialogFragment()
+        }
+    }
+
+    @RequiresApi(Build.VERSION_CODES.KITKAT)
+    private fun openActivityWithActionOpenDocument(typeString: String) {
+        val intentOpenDocument = Intent(Intent.ACTION_OPEN_DOCUMENT).apply {
+            addCategory(Intent.CATEGORY_OPENABLE)
+            type = typeString
+            addFlags(Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION)
+            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
+                addFlags(Intent.FLAG_GRANT_PREFIX_URI_PERMISSION)
+            }
+            addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION)
+            addFlags(Intent.FLAG_GRANT_WRITE_URI_PERMISSION)
+        }
+        if (fragment != null)
+            fragment?.startActivityForResult(intentOpenDocument, OPEN_DOC)
+        else
+            activity?.startActivityForResult(intentOpenDocument, OPEN_DOC)
+    }
+
+    @RequiresApi(Build.VERSION_CODES.KITKAT)
+    private fun openActivityWithActionGetContent(typeString: String) {
+        val intentGetContent = Intent(Intent.ACTION_GET_CONTENT).apply {
+            addCategory(Intent.CATEGORY_OPENABLE)
+            type = typeString
+            addFlags(Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION)
+            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
+                addFlags(Intent.FLAG_GRANT_PREFIX_URI_PERMISSION)
+            }
+            addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION)
+            addFlags(Intent.FLAG_GRANT_WRITE_URI_PERMISSION)
+        }
+        if (fragment != null)
+            fragment?.startActivityForResult(intentGetContent, GET_CONTENT)
+        else
+            activity?.startActivityForResult(intentGetContent, GET_CONTENT)
+    }
+
+    /**
+     * To use in onActivityResultCallback in Fragment or Activity
+     * @param onFileSelected Callback retrieve from data
+     * @return true if requestCode was captured, false elsewhere
+     */
+    fun onOpenDocumentResult(requestCode: Int, resultCode: Int, data: Intent?,
+                             onFileSelected: ((uri: Uri?) -> Unit)?): Boolean {
+
+        when (requestCode) {
+            FILE_BROWSE -> {
+                if (resultCode == RESULT_OK) {
+                    val filename = data?.dataString
+                    var keyUri: Uri? = null
+                    if (filename != null) {
+                        keyUri = UriUtil.parse(filename)
+                    }
+                    onFileSelected?.invoke(keyUri)
+                }
+                return true
+            }
+            GET_CONTENT, OPEN_DOC -> {
+                if (resultCode == RESULT_OK) {
+                    if (data != null) {
+                        val uri = data.data
+                        if (uri != null) {
+                            try {
+                                // try to persist read and write permissions
+                                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
+                                    activity?.contentResolver?.apply {
+                                        takePersistableUriPermission(uri, Intent.FLAG_GRANT_READ_URI_PERMISSION)
+                                        takePersistableUriPermission(uri, Intent.FLAG_GRANT_WRITE_URI_PERMISSION)
+                                    }
+                                }
+                            } catch (e: Exception) {
+                                // nop
+                            }
+                            onFileSelected?.invoke(uri)
+                        }
+                    }
+                }
+                return true
+            }
+        }
+        return false
+    }
+
+    /**
+     * Show Browser dialog to select file picker app
+     */
+    private fun showFileManagerDialogFragment() {
+        try {
+            if (fragment != null) {
+                fragment?.parentFragmentManager
+            } else {
+                activity?.supportFragmentManager
+            }?.let { fragmentManager ->
+                FileManagerDialogFragment().show(fragmentManager, "browserDialog")
+            }
+        } catch (e: Exception) {
+            Log.e(TAG, "Can't open BrowserDialog", e)
+        }
+    }
+
+    fun createDocument(titleString: String,
+                       typeString: String = "application/octet-stream"): Int? {
+        val idCode = getUnusedCreateFileRequestCode()
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
+            try {
+                val intent = Intent(Intent.ACTION_CREATE_DOCUMENT).apply {
+                    addCategory(Intent.CATEGORY_OPENABLE)
+                    type = typeString
+                    putExtra(Intent.EXTRA_TITLE, titleString)
+                }
+                if (fragment != null)
+                    fragment?.startActivityForResult(intent, idCode)
+                else
+                    activity?.startActivityForResult(intent, idCode)
+                return idCode
+            } catch (e: Exception) {
+                Log.e(TAG, "Unable to create document", e)
+                showFileManagerDialogFragment()
+            }
+        } else {
+            showFileManagerDialogFragment()
+        }
+        return null
+    }
+
+    /**
+     * To use in onActivityResultCallback in Fragment or Activity
+     * @param onFileCreated Callback retrieve from data
+     * @return true if requestCode was captured, false elsewhere
+     */
+    fun onCreateDocumentResult(requestCode: Int, resultCode: Int, data: Intent?,
+                               onFileCreated: (fileCreated: Uri?)->Unit) {
+        // Retrieve the created URI from the file manager
+        if (fileRequestCodes.contains(requestCode) && resultCode == RESULT_OK) {
+            onFileCreated.invoke(data?.data)
+            fileRequestCodes.remove(requestCode)
+        }
+    }
+
+    companion object {
+
+        private const val TAG = "OpenFileHelper"
+
+        private const val GET_CONTENT = 25745
+        private const val OPEN_DOC = 25845
+        private const val FILE_BROWSE = 25645
+
+        private var CREATE_FILE_REQUEST_CODE_DEFAULT = 3853
+        private var fileRequestCodes = ArrayList<Int>()
+
+        private fun getUnusedCreateFileRequestCode(): Int {
+            val newCreateFileRequestCode = CREATE_FILE_REQUEST_CODE_DEFAULT++
+            fileRequestCodes.add(newCreateFileRequestCode)
+            return newCreateFileRequestCode
+        }
+
+        @SuppressLint("InlinedApi")
+        fun allowCreateDocumentByStorageAccessFramework(packageManager: PackageManager,
+                                                        typeString: String = "application/octet-stream"): Boolean {
+            return when {
+                // To check if a custom file manager can manage the ACTION_CREATE_DOCUMENT
+                Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT -> {
+                    packageManager.queryIntentActivities(Intent(Intent.ACTION_CREATE_DOCUMENT).apply {
+                        addCategory(Intent.CATEGORY_OPENABLE)
+                        type = typeString
+                    }, PackageManager.MATCH_DEFAULT_ONLY).isNotEmpty()
+                }
+                else -> true
+            }
+        }
+    }
+}
+
+fun View.setOpenDocumentClickListener(externalFileHelper: ExternalFileHelper?) {
+    externalFileHelper?.let { fileHelper ->
+        setOnClickListener {
+            fileHelper.openDocument()
+        }
+        setOnLongClickListener {
+            fileHelper.openDocument(true)
+            true
+        }
+    } ?: kotlin.run {
+        setOnClickListener(null)
+        setOnLongClickListener(null)
+    }
+}

app/src/main/java/com/kunzisoft/keepass/activities/helpers/SelectFileHelper.kt

@@ -1,244 +0,0 @@
-/*
- * Copyright 2019 Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.activities.helpers
-
-import android.annotation.SuppressLint
-import android.app.Activity
-import android.app.Activity.RESULT_OK
-import android.content.Context
-import android.content.Intent
-import android.content.pm.PackageManager
-import android.net.Uri
-import android.os.Build
-import android.util.Log
-import android.view.MenuItem
-import android.view.View
-import androidx.fragment.app.Fragment
-import androidx.fragment.app.FragmentActivity
-import com.kunzisoft.keepass.activities.dialogs.FileManagerDialogFragment
-import com.kunzisoft.keepass.utils.UriUtil
-
-class SelectFileHelper {
-
-    private var activity: Activity? = null
-    private var fragment: Fragment? = null
-
-    val selectFileOnClickViewListener: SelectFileOnClickViewListener
-        get() = SelectFileOnClickViewListener()
-
-    constructor(context: Activity) {
-        this.activity = context
-        this.fragment = null
-    }
-
-    constructor(context: Fragment) {
-        this.activity = context.activity
-        this.fragment = context
-    }
-
-    inner class SelectFileOnClickViewListener :
-            View.OnClickListener,
-            View.OnLongClickListener,
-            MenuItem.OnMenuItemClickListener {
-
-        private fun onAbstractClick(longClick: Boolean = false) {
-            try {
-                if (longClick) {
-                    try {
-                        openActivityWithActionGetContent()
-                    } catch (e: Exception) {
-                        openActivityWithActionOpenDocument()
-                    }
-                } else {
-                    try {
-                        openActivityWithActionOpenDocument()
-                    } catch (e: Exception) {
-                        openActivityWithActionGetContent()
-                    }
-                }
-            } catch (e: Exception) {
-                Log.e(TAG, "Enable to start the file picker activity", e)
-                // Open browser dialog
-                if (lookForOpenIntentsFilePicker())
-                    showBrowserDialog()
-            }
-        }
-
-        override fun onClick(v: View) {
-            onAbstractClick()
-        }
-
-        override fun onLongClick(v: View?): Boolean {
-            onAbstractClick(true)
-            return true
-        }
-
-        override fun onMenuItemClick(item: MenuItem?): Boolean {
-            onAbstractClick()
-            return true
-        }
-    }
-
-    @SuppressLint("InlinedApi")
-    private fun openActivityWithActionOpenDocument() {
-        val intentOpenDocument = Intent(Intent.ACTION_OPEN_DOCUMENT).apply {
-            addCategory(Intent.CATEGORY_OPENABLE)
-            type = "*/*"
-            addFlags(Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION)
-            addFlags(Intent.FLAG_GRANT_PREFIX_URI_PERMISSION)
-            addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION)
-            addFlags(Intent.FLAG_GRANT_WRITE_URI_PERMISSION)
-        }
-        if (fragment != null)
-            fragment?.startActivityForResult(intentOpenDocument, OPEN_DOC)
-        else
-            activity?.startActivityForResult(intentOpenDocument, OPEN_DOC)
-    }
-
-    @SuppressLint("InlinedApi")
-    private fun openActivityWithActionGetContent() {
-        val intentGetContent = Intent(Intent.ACTION_GET_CONTENT).apply {
-            addCategory(Intent.CATEGORY_OPENABLE)
-            type = "*/*"
-            addFlags(Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION)
-            addFlags(Intent.FLAG_GRANT_PREFIX_URI_PERMISSION)
-            addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION)
-            addFlags(Intent.FLAG_GRANT_WRITE_URI_PERMISSION)
-        }
-        if (fragment != null)
-            fragment?.startActivityForResult(intentGetContent, GET_CONTENT)
-        else
-            activity?.startActivityForResult(intentGetContent, GET_CONTENT)
-    }
-
-    private fun lookForOpenIntentsFilePicker(): Boolean {
-        var showBrowser = false
-        try {
-            if (isIntentAvailable(activity!!, OPEN_INTENTS_FILE_BROWSE)) {
-                val intent = Intent(OPEN_INTENTS_FILE_BROWSE)
-                if (fragment != null)
-                    fragment?.startActivityForResult(intent, FILE_BROWSE)
-                else
-                    activity?.startActivityForResult(intent, FILE_BROWSE)
-            } else {
-                showBrowser = true
-            }
-        } catch (e: Exception) {
-            Log.w(TAG, "Enable to start OPEN_INTENTS_FILE_BROWSE", e)
-            showBrowser = true
-        }
-
-        return showBrowser
-    }
-
-    /**
-     * Indicates whether the specified action can be used as an intent. This
-     * method queries the package manager for installed packages that can
-     * respond to an intent with the specified action. If no suitable package is
-     * found, this method returns false.
-     *
-     * @param context The application's environment.
-     * @param action The Intent action to check for availability.
-     *
-     * @return True if an Intent with the specified action can be sent and
-     * responded to, false otherwise.
-     */
-    private fun isIntentAvailable(context: Context, action: String): Boolean {
-        val packageManager = context.packageManager
-        val intent = Intent(action)
-        val list = packageManager.queryIntentActivities(intent,
-                PackageManager.MATCH_DEFAULT_ONLY)
-        return list.size > 0
-    }
-
-    /**
-     * Show Browser dialog to select file picker app
-     */
-    private fun showBrowserDialog() {
-        try {
-            val fileManagerDialogFragment = FileManagerDialogFragment()
-            fragment?.let {
-                fileManagerDialogFragment.show(it.parentFragmentManager, "browserDialog")
-            } ?: fileManagerDialogFragment.show((activity as FragmentActivity).supportFragmentManager, "browserDialog")
-        } catch (e: Exception) {
-            Log.e(TAG, "Can't open BrowserDialog", e)
-        }
-    }
-
-    /**
-     * To use in onActivityResultCallback in Fragment or Activity
-     * @param keyFileCallback Callback retrieve from data
-     * @return true if requestCode was captured, false elsechere
-     */
-    fun onActivityResultCallback(
-            requestCode: Int,
-            resultCode: Int,
-            data: Intent?,
-            keyFileCallback: ((uri: Uri?) -> Unit)?): Boolean {
-
-        when (requestCode) {
-            FILE_BROWSE -> {
-                if (resultCode == RESULT_OK) {
-                    val filename = data?.dataString
-                    var keyUri: Uri? = null
-                    if (filename != null) {
-                        keyUri = UriUtil.parse(filename)
-                    }
-                    keyFileCallback?.invoke(keyUri)
-                }
-                return true
-            }
-            GET_CONTENT, OPEN_DOC -> {
-                if (resultCode == RESULT_OK) {
-                    if (data != null) {
-                        val uri = data.data
-                        if (uri != null) {
-                            try {
-                                // try to persist read and write permissions
-                                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
-                                    activity?.contentResolver?.apply {
-                                        takePersistableUriPermission(uri, Intent.FLAG_GRANT_READ_URI_PERMISSION)
-                                        takePersistableUriPermission(uri, Intent.FLAG_GRANT_WRITE_URI_PERMISSION)
-                                    }
-                                }
-                            } catch (e: Exception) {
-                                // nop
-                            }
-                            keyFileCallback?.invoke(uri)
-                        }
-                    }
-                }
-                return true
-            }
-        }
-        return false
-    }
-
-    companion object {
-
-        private const val TAG = "OpenFileHelper"
-
-        const val OPEN_INTENTS_FILE_BROWSE = "org.openintents.action.PICK_FILE"
-
-        private const val GET_CONTENT = 25745
-        private const val OPEN_DOC = 25845
-        private const val FILE_BROWSE = 25645
-    }
-}

app/src/main/java/com/kunzisoft/keepass/activities/stylish/Stylish.kt

@@ -37,12 +37,12 @@ object Stylish {
      * Initialize the class with a theme preference
      * @param context Context to retrieve the theme preference
      */
-    fun init(context: Context) {
+    fun load(context: Context) {
         Log.d(Stylish::class.java.name, "Attatching to " + context.packageName)
         themeString = PreferencesUtil.getStyle(context)
     }
 
-    private fun retrieveEquivalentSystemStyle(context: Context, styleString: String): String {
+    fun retrieveEquivalentSystemStyle(context: Context, styleString: String): String {
         val systemNightMode = when (PreferencesUtil.getStyleBrightness(context)) {
             context.getString(R.string.list_style_brightness_light) -> false
             context.getString(R.string.list_style_brightness_night) -> true
@@ -84,12 +84,16 @@ object Stylish {
         }
     }
 
+    fun defaultStyle(context: Context): String {
+        return context.getString(R.string.list_style_name_light)
+    }
+
     /**
      * Assign the style to the class attribute
      * @param styleString Style id String
      */
     fun assignStyle(context: Context, styleString: String) {
-        themeString = retrieveEquivalentSystemStyle(context, styleString)
+        PreferencesUtil.setStyle(context, styleString)
     }
 
     /**

app/src/main/java/com/kunzisoft/keepass/adapters/EntryAttachmentsItemsAdapter.kt

@@ -45,7 +45,7 @@ import kotlin.math.max
 class EntryAttachmentsItemsAdapter(context: Context)
     : AnimatedItemsAdapter<EntryAttachmentState, EntryAttachmentsItemsAdapter.EntryBinariesViewHolder>(context) {
 
-    var binaryCipherKey: Database.LoadedKey? = null
+    var database: Database? = null
     var onItemClickListener: ((item: EntryAttachmentState)->Unit)? = null
     var onBinaryPreviewLoaded: ((item: EntryAttachmentState) -> Unit)? = null
 
@@ -82,21 +82,23 @@ class EntryAttachmentsItemsAdapter(context: Context)
                 if (entryAttachmentState.previewState == AttachmentState.NULL) {
                     entryAttachmentState.previewState = AttachmentState.IN_PROGRESS
                     // Load the bitmap image
-                    BinaryDatabaseManager.loadBitmap(
+                    database?.let { database ->
-                            entryAttachmentState.attachment.binaryData,
+                        BinaryDatabaseManager.loadBitmap(
-                            binaryCipherKey,
+                                database,
-                            mImagePreviewMaxWidth
+                                entryAttachmentState.attachment.binaryData,
-                    ) { imageLoaded ->
+                                mImagePreviewMaxWidth
-                        if (imageLoaded == null) {
+                        ) { imageLoaded ->
-                            entryAttachmentState.previewState = AttachmentState.ERROR
+                            if (imageLoaded == null) {
-                            visibility = View.GONE
+                                entryAttachmentState.previewState = AttachmentState.ERROR
-                            onBinaryPreviewLoaded?.invoke(entryAttachmentState)
+                                visibility = View.GONE
-                        } else {
+                                onBinaryPreviewLoaded?.invoke(entryAttachmentState)
-                            entryAttachmentState.previewState = AttachmentState.COMPLETE
+                            } else {
-                            setImageBitmap(imageLoaded)
+                                entryAttachmentState.previewState = AttachmentState.COMPLETE
-                            if (visibility != View.VISIBLE) {
+                                setImageBitmap(imageLoaded)
-                                expand(true, resources.getDimensionPixelSize(R.dimen.item_file_info_height)) {
+                                if (visibility != View.VISIBLE) {
-                                    onBinaryPreviewLoaded?.invoke(entryAttachmentState)
+                                    expand(true, resources.getDimensionPixelSize(R.dimen.item_file_info_height)) {
+                                        onBinaryPreviewLoaded?.invoke(entryAttachmentState)
+                                    }
                                 }
                             }
                         }
@@ -123,8 +125,9 @@ class EntryAttachmentsItemsAdapter(context: Context)
         } else {
             holder.binaryFileTitle.setTextColor(mTitleColor)
         }
-        holder.binaryFileSize.text = Formatter.formatFileSize(context,
+
-                entryAttachmentState.attachment.binaryData.getSize())
+        val size = entryAttachmentState.attachment.binaryData.getSize()
+        holder.binaryFileSize.text = Formatter.formatFileSize(context, size)
         holder.binaryFileCompression.apply {
             if (entryAttachmentState.attachment.binaryData.isCompressed) {
                 text = CompressionAlgorithm.GZip.getName(context.resources)

app/src/main/java/com/kunzisoft/keepass/adapters/SearchEntryCursorAdapter.kt

@@ -106,7 +106,6 @@ class SearchEntryCursorAdapter(private val context: Context,
 
     private fun getEntryFrom(cursor: Cursor): Entry? {
         return database.createEntry()?.apply {
-            database.startManageEntry(this)
             entryKDB?.let { entryKDB ->
                 (cursor as EntryCursorKDB).populateEntry(entryKDB,
                         { standardIconId ->
@@ -127,7 +126,6 @@ class SearchEntryCursorAdapter(private val context: Context,
                         }
                 )
             }
-            database.stopManageEntry(this)
         }
     }
 
@@ -150,12 +148,14 @@ class SearchEntryCursorAdapter(private val context: Context,
         if (searchGroup != null) {
             // Search in hide entries but not meta-stream
             for (entry in searchGroup.getFilteredChildEntries(Group.ChildFilter.getDefaults(context))) {
+                database.startManageEntry(entry)
                 entry.entryKDB?.let {
                     cursorKDB?.addEntry(it)
                 }
                 entry.entryKDBX?.let {
                     cursorKDBX?.addEntry(it)
                 }
+                database.stopManageEntry(entry)
             }
         }
 

app/src/main/java/com/kunzisoft/keepass/app/App.kt

@@ -29,7 +29,7 @@ class App : MultiDexApplication() {
     override fun onCreate() {
         super.onCreate()
 
-        Stylish.init(this)
+        Stylish.load(this)
         PRNGFixes.apply()
     }
 

app/src/main/java/com/kunzisoft/keepass/app/database/CipherDatabaseAction.kt

@@ -19,12 +19,10 @@
  */
 package com.kunzisoft.keepass.app.database
 
-import android.content.ComponentName
+import android.content.*
-import android.content.Context
-import android.content.Intent
-import android.content.ServiceConnection
 import android.net.Uri
 import android.os.IBinder
+import android.util.Log
 import com.kunzisoft.keepass.services.AdvancedUnlockNotificationService
 import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.utils.SingletonHolderParameter
@@ -41,62 +39,95 @@ class CipherDatabaseAction(context: Context) {
     // Temp DAO to easily remove content if object no longer in memory
     private var useTempDao = PreferencesUtil.isTempAdvancedUnlockEnable(applicationContext)
 
-    private val mIntentAdvancedUnlockService = Intent(applicationContext,
-            AdvancedUnlockNotificationService::class.java)
     private var mBinder: AdvancedUnlockNotificationService.AdvancedUnlockBinder? = null
     private var mServiceConnection: ServiceConnection? = null
 
-    private var mDatabaseListeners = LinkedList<DatabaseListener>()
+    private var mDatabaseListeners = LinkedList<CipherDatabaseListener>()
+    private var mAdvancedUnlockBroadcastReceiver = AdvancedUnlockNotificationService.AdvancedUnlockReceiver {
+        deleteAll()
+        removeAllDataAndDetach()
+    }
 
     fun reloadPreferences() {
         useTempDao = PreferencesUtil.isTempAdvancedUnlockEnable(applicationContext)
     }
 
     @Synchronized
-    private fun attachService(performedAction: () -> Unit) {
+    private fun serviceActionTask(startService: Boolean = false, performedAction: () -> Unit) {
-        // Check if a service is currently running else do nothing
+        // Check if a service is currently running else call action without info
-        if (mBinder != null) {
+        if (startService && mServiceConnection == null) {
+            attachService(performedAction)
+        } else {
             performedAction.invoke()
-        } else if (mServiceConnection == null) {
-            mServiceConnection = object : ServiceConnection {
-                override fun onServiceConnected(name: ComponentName?, serviceBinder: IBinder?) {
-                    mBinder = (serviceBinder as AdvancedUnlockNotificationService.AdvancedUnlockBinder)
-                    performedAction.invoke()
-                }
-
-                override fun onServiceDisconnected(name: ComponentName?) {
-                    mBinder = null
-                    mServiceConnection = null
-                    mDatabaseListeners.forEach {
-                        it.onDatabaseCleared()
-                    }
-                }
-            }
-            applicationContext.bindService(mIntentAdvancedUnlockService,
-                    mServiceConnection!!,
-                    Context.BIND_ABOVE_CLIENT)
-            if (mBinder == null) {
-                applicationContext.startService(mIntentAdvancedUnlockService)
-            }
         }
     }
 
-    fun registerDatabaseListener(listener: DatabaseListener) {
+    @Synchronized
-        mDatabaseListeners.add(listener)
+    private fun attachService(performedAction: () -> Unit) {
+        applicationContext.registerReceiver(mAdvancedUnlockBroadcastReceiver, IntentFilter().apply {
+            addAction(AdvancedUnlockNotificationService.REMOVE_ADVANCED_UNLOCK_KEY_ACTION)
+        })
+
+        mServiceConnection = object : ServiceConnection {
+            override fun onServiceConnected(name: ComponentName?, serviceBinder: IBinder?) {
+                mBinder = (serviceBinder as AdvancedUnlockNotificationService.AdvancedUnlockBinder)
+                performedAction.invoke()
+            }
+
+            override fun onServiceDisconnected(name: ComponentName?) {
+                onClear()
+            }
+        }
+        try {
+            AdvancedUnlockNotificationService.bindService(applicationContext,
+                    mServiceConnection!!,
+                    Context.BIND_AUTO_CREATE)
+        } catch (e: Exception) {
+            Log.e(TAG, "Unable to start cipher action", e)
+            performedAction.invoke()
+        }
     }
 
-    fun unregisterDatabaseListener(listener: DatabaseListener) {
+    @Synchronized
-        mDatabaseListeners.remove(listener)
+    private fun detachService() {
+        try {
+            applicationContext.unregisterReceiver(mAdvancedUnlockBroadcastReceiver)
+        } catch (e: Exception) {}
+
+        mServiceConnection?.let {
+            AdvancedUnlockNotificationService.unbindService(applicationContext, it)
+        }
     }
 
-    interface DatabaseListener {
+    private fun removeAllDataAndDetach() {
-        fun onDatabaseCleared()
+        detachService()
+        onClear()
+    }
+
+    fun registerDatabaseListener(listenerCipher: CipherDatabaseListener) {
+        mDatabaseListeners.add(listenerCipher)
+    }
+
+    fun unregisterDatabaseListener(listenerCipher: CipherDatabaseListener) {
+        mDatabaseListeners.remove(listenerCipher)
+    }
+
+    private fun onClear() {
+        mBinder = null
+        mServiceConnection = null
+        mDatabaseListeners.forEach {
+            it.onCipherDatabaseCleared()
+        }
+    }
+
+    interface CipherDatabaseListener {
+        fun onCipherDatabaseCleared()
     }
 
     fun getCipherDatabase(databaseUri: Uri,
                           cipherDatabaseResultListener: (CipherDatabaseEntity?) -> Unit) {
         if (useTempDao) {
-            attachService {
+            serviceActionTask {
                 cipherDatabaseResultListener.invoke(mBinder?.getCipherDatabase(databaseUri))
             }
         } else {
@@ -121,7 +152,8 @@ class CipherDatabaseAction(context: Context) {
     fun addOrUpdateCipherDatabase(cipherDatabaseEntity: CipherDatabaseEntity,
                                   cipherDatabaseResultListener: (() -> Unit)? = null) {
         if (useTempDao) {
-            attachService {
+            // The only case to create service (not needed to get an info)
+            serviceActionTask(true) {
                 mBinder?.addOrUpdateCipherDatabase(cipherDatabaseEntity)
                 cipherDatabaseResultListener?.invoke()
             }
@@ -146,7 +178,7 @@ class CipherDatabaseAction(context: Context) {
     fun deleteByDatabaseUri(databaseUri: Uri,
                             cipherDatabaseResultListener: (() -> Unit)? = null) {
         if (useTempDao) {
-            attachService {
+            serviceActionTask {
                 mBinder?.deleteByDatabaseUri(databaseUri)
                 cipherDatabaseResultListener?.invoke()
             }
@@ -163,15 +195,22 @@ class CipherDatabaseAction(context: Context) {
     }
 
     fun deleteAll() {
-        attachService {
+        if (useTempDao) {
-            mBinder?.deleteAll()
+            serviceActionTask {
+                mBinder?.deleteAll()
+            }
         }
+        // To erase the residues
         IOActionTask(
                 {
                     cipherDatabaseDao.deleteAll()
                 }
         ).execute()
+        // Unbind
+        removeAllDataAndDetach()
     }
 
-    companion object : SingletonHolderParameter<CipherDatabaseAction, Context>(::CipherDatabaseAction)
+    companion object : SingletonHolderParameter<CipherDatabaseAction, Context>(::CipherDatabaseAction) {
+        private val TAG = CipherDatabaseAction::class.java.name
+    }
 }

app/src/main/java/com/kunzisoft/keepass/autofill/StructureParser.kt

@@ -223,9 +223,22 @@ class StructureParser(private val structure: AssistStructure) {
                         usernameValueCandidate = node.autofillValue
                         Log.d(TAG, "Autofill username candidate android text type: ${showHexInputType(inputType)}")
                     }
+                    inputIsVariationType(inputType,
+                            InputType.TYPE_TEXT_VARIATION_VISIBLE_PASSWORD) -> {
+                        // Some forms used visible password as username
+                        if (usernameCandidate == null && usernameValueCandidate == null) {
+                            usernameCandidate = autofillId
+                            usernameValueCandidate = node.autofillValue
+                            Log.d(TAG, "Autofill visible password android text type (as username): ${showHexInputType(inputType)}")
+                        } else if (result?.passwordId == null && result?.passwordValue == null) {
+                            result?.passwordId = autofillId
+                            result?.passwordValue = node.autofillValue
+                            Log.d(TAG, "Autofill visible password android text type (as password): ${showHexInputType(inputType)}")
+                            usernameNeeded = false
+                        }
+                    }
                     inputIsVariationType(inputType,
                             InputType.TYPE_TEXT_VARIATION_PASSWORD,
-                            InputType.TYPE_TEXT_VARIATION_VISIBLE_PASSWORD,
                             InputType.TYPE_TEXT_VARIATION_WEB_PASSWORD) -> {
                         result?.passwordId = autofillId
                         result?.passwordValue = node.autofillValue

app/src/main/java/com/kunzisoft/keepass/biometric/AdvancedUnlockFragment.kt

@@ -36,7 +36,6 @@ import com.kunzisoft.keepass.activities.stylish.StylishFragment
 import com.kunzisoft.keepass.app.database.CipherDatabaseAction
 import com.kunzisoft.keepass.database.exception.IODatabaseException
 import com.kunzisoft.keepass.education.PasswordActivityEducation
-import com.kunzisoft.keepass.services.AdvancedUnlockNotificationService
 import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.view.AdvancedUnlockInfoView
 
@@ -68,7 +67,7 @@ class AdvancedUnlockFragment: StylishFragment(), AdvancedUnlockManager.AdvancedU
 
     private lateinit var cipherDatabaseAction : CipherDatabaseAction
 
-    private var cipherDatabaseListener: CipherDatabaseAction.DatabaseListener? = null
+    private var cipherDatabaseListener: CipherDatabaseAction.CipherDatabaseListener? = null
 
     // Only to fix multiple fingerprint menu #332
     private var mAllowAdvancedUnlockMenu = false
@@ -402,9 +401,10 @@ class AdvancedUnlockFragment: StylishFragment(), AdvancedUnlockManager.AdvancedU
     fun connect(databaseUri: Uri) {
         showViews(true)
         this.databaseFileUri = databaseUri
-        cipherDatabaseListener = object: CipherDatabaseAction.DatabaseListener {
+        cipherDatabaseListener = object: CipherDatabaseAction.CipherDatabaseListener {
-            override fun onDatabaseCleared() {
+            override fun onCipherDatabaseCleared() {
-                deleteEncryptedDatabaseKey()
+                advancedUnlockManager?.closeBiometricPrompt()
+                checkUnlockAvailability()
             }
         }
         cipherDatabaseAction.apply {
@@ -435,14 +435,12 @@ class AdvancedUnlockFragment: StylishFragment(), AdvancedUnlockManager.AdvancedU
 
     @RequiresApi(Build.VERSION_CODES.M)
     fun deleteEncryptedDatabaseKey() {
-        allowOpenBiometricPrompt = false
-        mAdvancedUnlockInfoView?.setIconViewClickListener(false, null)
         advancedUnlockManager?.closeBiometricPrompt()
         databaseFileUri?.let { databaseUri ->
             cipherDatabaseAction.deleteByDatabaseUri(databaseUri) {
                 checkUnlockAvailability()
             }
-        }
+        } ?: checkUnlockAvailability()
     }
 
     override fun onAuthenticationError(errorCode: Int, errString: CharSequence) {
@@ -479,7 +477,6 @@ class AdvancedUnlockFragment: StylishFragment(), AdvancedUnlockManager.AdvancedU
                     mBuilderListener?.retrieveCredentialForEncryption()?.let { credential ->
                         advancedUnlockManager?.encryptData(credential)
                     }
-                    AdvancedUnlockNotificationService.startServiceForTimeout(requireContext())
                 }
                 Mode.EXTRACT_CREDENTIAL -> {
                     // retrieve the encrypted value from preferences

app/src/main/java/com/kunzisoft/keepass/crypto/CipherFactory.kt

@@ -1,79 +0,0 @@
-/*
- * Copyright 2019 Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.crypto
-
-import android.os.Build
-import com.kunzisoft.keepass.crypto.engine.AesEngine
-import com.kunzisoft.keepass.crypto.engine.ChaCha20Engine
-import com.kunzisoft.keepass.crypto.engine.CipherEngine
-import com.kunzisoft.keepass.crypto.engine.TwofishEngine
-import org.bouncycastle.jce.provider.BouncyCastleProvider
-import java.security.NoSuchAlgorithmException
-import java.security.Security
-import java.util.*
-import javax.crypto.Cipher
-import javax.crypto.NoSuchPaddingException
-
-object CipherFactory {
-
-    private var blacklistInit = false
-    private var blacklisted: Boolean = false
-
-    init {
-        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME)
-        Security.addProvider(BouncyCastleProvider())
-    }
-
-    fun deviceBlacklisted(): Boolean {
-        if (!blacklistInit) {
-            blacklistInit = true
-            // The Acer Iconia A500 is special and seems to always crash in the native crypto libraries
-            blacklisted = Build.MODEL == "A500"
-        }
-        return blacklisted
-    }
-
-    private fun hasNativeImplementation(transformation: String): Boolean {
-        return transformation == "AES/CBC/PKCS5Padding"
-    }
-
-    @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class)
-    fun getInstance(transformation: String, androidOverride: Boolean = false): Cipher {
-        // Return the native AES if it is possible
-        return if (!deviceBlacklisted() && !androidOverride && hasNativeImplementation(transformation) && NativeLib.loaded()) {
-            Cipher.getInstance(transformation, AESProvider())
-        } else {
-            Cipher.getInstance(transformation)
-        }
-    }
-
-    /**
-     * Generate appropriate cipher based on KeePass 2.x UUID's
-     */
-    @Throws(NoSuchAlgorithmException::class)
-    fun getInstance(uuid: UUID): CipherEngine {
-        return when (uuid) {
-            AesEngine.CIPHER_UUID -> AesEngine()
-            TwofishEngine.CIPHER_UUID -> TwofishEngine()
-            ChaCha20Engine.CIPHER_UUID -> ChaCha20Engine()
-            else -> throw NoSuchAlgorithmException("UUID unrecognized.")
-        }
-    }
-}

app/src/main/java/com/kunzisoft/keepass/crypto/CryptoUtil.kt

@@ -1,105 +0,0 @@
-/*
- * Copyright 2019 Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.crypto
-
-import com.kunzisoft.keepass.stream.NullOutputStream
-import com.kunzisoft.keepass.stream.longTo8Bytes
-import java.io.IOException
-import java.security.DigestOutputStream
-import java.security.MessageDigest
-import java.security.NoSuchAlgorithmException
-import java.util.*
-import javax.crypto.Mac
-import kotlin.math.min
-
-object CryptoUtil {
-
-    fun resizeKey(inBytes: ByteArray, inOffset: Int, cbIn: Int, cbOut: Int): ByteArray {
-        if (cbOut == 0) return ByteArray(0)
-
-        val hash: ByteArray = if (cbOut <= 32) {
-            hashSha256(inBytes, inOffset, cbIn)
-        } else {
-            hashSha512(inBytes, inOffset, cbIn)
-        }
-
-        if (cbOut == hash.size) {
-            return hash
-        }
-
-        val ret = ByteArray(cbOut)
-        if (cbOut < hash.size) {
-            System.arraycopy(hash, 0, ret, 0, cbOut)
-        } else {
-            var pos = 0
-            var r: Long = 0
-            while (pos < cbOut) {
-                val hmac: Mac
-                try {
-                    hmac = Mac.getInstance("HmacSHA256")
-                } catch (e: NoSuchAlgorithmException) {
-                    throw RuntimeException(e)
-                }
-
-                val pbR = longTo8Bytes(r)
-                val part = hmac.doFinal(pbR)
-
-                val copy = min(cbOut - pos, part.size)
-                System.arraycopy(part, 0, ret, pos, copy)
-                pos += copy
-                r++
-
-                Arrays.fill(part, 0.toByte())
-            }
-        }
-
-        Arrays.fill(hash, 0.toByte())
-        return ret
-    }
-
-    fun hashSha256(data: ByteArray, offset: Int = 0, count: Int = data.size): ByteArray {
-        return hashGen("SHA-256", data, offset, count)
-    }
-
-    fun hashSha512(data: ByteArray, offset: Int = 0, count: Int = data.size): ByteArray {
-        return hashGen("SHA-512", data, offset, count)
-    }
-
-    private fun hashGen(transform: String, data: ByteArray, offset: Int, count: Int): ByteArray {
-        val hash: MessageDigest
-        try {
-            hash = MessageDigest.getInstance(transform)
-        } catch (e: NoSuchAlgorithmException) {
-            throw RuntimeException(e)
-        }
-
-        val nos = NullOutputStream()
-        val dos = DigestOutputStream(nos, hash)
-
-        try {
-            dos.write(data, offset, count)
-            dos.close()
-        } catch (e: IOException) {
-            throw RuntimeException(e)
-        }
-
-        return hash.digest()
-    }
-}

app/src/main/java/com/kunzisoft/keepass/crypto/StreamCipherFactory.kt

@@ -1,71 +0,0 @@
-/*
- * Copyright 2019 Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.crypto
-
-import org.bouncycastle.crypto.StreamCipher
-import org.bouncycastle.crypto.engines.ChaCha7539Engine
-import org.bouncycastle.crypto.engines.Salsa20Engine
-import org.bouncycastle.crypto.params.KeyParameter
-import org.bouncycastle.crypto.params.ParametersWithIV
-
-object StreamCipherFactory {
-
-    private val SALSA_IV = byteArrayOf(0xE8.toByte(), 0x30, 0x09, 0x4B, 0x97.toByte(), 0x20, 0x5D, 0x2A)
-
-    @Throws(Exception::class)
-    fun getInstance(alg: CrsAlgorithm?, key: ByteArray): StreamCipher {
-        return when {
-            alg === CrsAlgorithm.Salsa20 -> getSalsa20(key)
-            alg === CrsAlgorithm.ChaCha20 -> getChaCha20(key)
-            else -> throw Exception("Invalid random cipher")
-        }
-    }
-
-    private fun getSalsa20(key: ByteArray): StreamCipher {
-        // Build stream cipher key
-        val key32 = CryptoUtil.hashSha256(key)
-
-        val keyParam = KeyParameter(key32)
-        val ivParam = ParametersWithIV(keyParam, SALSA_IV)
-
-        val cipher = Salsa20Engine()
-        cipher.init(true, ivParam)
-
-        return cipher
-    }
-
-    private fun getChaCha20(key: ByteArray): StreamCipher {
-        // Build stream cipher key
-        val hash = CryptoUtil.hashSha512(key)
-        val key32 = ByteArray(32)
-        val iv = ByteArray(12)
-
-        System.arraycopy(hash, 0, key32, 0, 32)
-        System.arraycopy(hash, 32, iv, 0, 12)
-
-        val keyParam = KeyParameter(key32)
-        val ivParam = ParametersWithIV(keyParam, iv)
-
-        val cipher = ChaCha7539Engine()
-        cipher.init(true, ivParam)
-
-        return cipher
-    }
-}

app/src/main/java/com/kunzisoft/keepass/crypto/engine/AesEngine.kt

@@ -1,68 +0,0 @@
-/*
- * Copyright 2019 Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.crypto.engine
-
-
-import com.kunzisoft.keepass.crypto.CipherFactory
-import com.kunzisoft.keepass.database.element.security.EncryptionAlgorithm
-import com.kunzisoft.keepass.stream.bytes16ToUuid
-import java.security.InvalidAlgorithmParameterException
-import java.security.InvalidKeyException
-import java.security.NoSuchAlgorithmException
-import java.util.*
-import javax.crypto.Cipher
-import javax.crypto.NoSuchPaddingException
-import javax.crypto.spec.IvParameterSpec
-import javax.crypto.spec.SecretKeySpec
-
-class AesEngine : CipherEngine() {
-
-    @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
-    override fun getCipher(opmode: Int, key: ByteArray, IV: ByteArray, androidOverride: Boolean): Cipher {
-        val cipher = CipherFactory.getInstance("AES/CBC/PKCS5Padding", androidOverride)
-        cipher.init(opmode, SecretKeySpec(key, "AES"), IvParameterSpec(IV))
-        return cipher
-    }
-
-    override fun getPwEncryptionAlgorithm(): EncryptionAlgorithm {
-        return EncryptionAlgorithm.AESRijndael
-    }
-
-    companion object {
-
-        val CIPHER_UUID: UUID = bytes16ToUuid(
-                byteArrayOf(0x31.toByte(),
-                        0xC1.toByte(),
-                        0xF2.toByte(),
-                        0xE6.toByte(),
-                        0xBF.toByte(),
-                        0x71.toByte(),
-                        0x43.toByte(),
-                        0x50.toByte(),
-                        0xBE.toByte(),
-                        0x58.toByte(),
-                        0x05.toByte(),
-                        0x21.toByte(),
-                        0x6A.toByte(),
-                        0xFC.toByte(),
-                        0x5A.toByte(),
-                        0xFF.toByte()))
-    }
-}

app/src/main/java/com/kunzisoft/keepass/crypto/engine/TwofishEngine.kt

@@ -1,72 +0,0 @@
-/*
- * Copyright 2019 Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.crypto.engine
-
-import com.kunzisoft.keepass.crypto.CipherFactory
-import com.kunzisoft.keepass.database.element.security.EncryptionAlgorithm
-import com.kunzisoft.keepass.stream.bytes16ToUuid
-import java.security.InvalidAlgorithmParameterException
-import java.security.InvalidKeyException
-import java.security.NoSuchAlgorithmException
-import java.util.*
-import javax.crypto.Cipher
-import javax.crypto.NoSuchPaddingException
-import javax.crypto.spec.IvParameterSpec
-import javax.crypto.spec.SecretKeySpec
-
-class TwofishEngine : CipherEngine() {
-
-    @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
-    override fun getCipher(opmode: Int, key: ByteArray, IV: ByteArray, androidOverride: Boolean): Cipher {
-        val cipher: Cipher = if (opmode == Cipher.ENCRYPT_MODE) {
-            CipherFactory.getInstance("Twofish/CBC/ZeroBytePadding", androidOverride)
-        } else {
-            CipherFactory.getInstance("Twofish/CBC/NoPadding", androidOverride)
-        }
-        cipher.init(opmode, SecretKeySpec(key, "AES"), IvParameterSpec(IV))
-
-        return cipher
-    }
-
-    override fun getPwEncryptionAlgorithm(): EncryptionAlgorithm {
-        return EncryptionAlgorithm.Twofish
-    }
-
-    companion object {
-
-        val CIPHER_UUID: UUID = bytes16ToUuid(
-                byteArrayOf(0xAD.toByte(),
-                        0x68.toByte(),
-                        0xF2.toByte(),
-                        0x9F.toByte(),
-                        0x57.toByte(),
-                        0x6F.toByte(),
-                        0x4B.toByte(),
-                        0xB9.toByte(),
-                        0xA3.toByte(),
-                        0x6A.toByte(),
-                        0xD4.toByte(),
-                        0x7A.toByte(),
-                        0xF9.toByte(),
-                        0x65.toByte(),
-                        0x34.toByte(),
-                        0x6C.toByte()))
-    }
-}

app/src/main/java/com/kunzisoft/keepass/crypto/finalkey/AESKeyTransformerFactory.kt

@@ -1,36 +0,0 @@
-/*
- * Copyright 2017 Brian Pellin, Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.crypto.finalkey
-
-import com.kunzisoft.keepass.crypto.CipherFactory.deviceBlacklisted
-
-object AESKeyTransformerFactory : KeyTransformer() {
-    override fun transformMasterKey(seed: ByteArray?, key: ByteArray?, rounds: Long?): ByteArray? {
-        // Prefer the native final key implementation
-        val keyTransformer = if (!deviceBlacklisted()
-                && NativeAESKeyTransformer.available()) {
-            NativeAESKeyTransformer()
-        } else {
-            // Fall back on the android crypto implementation
-            AndroidAESKeyTransformer()
-        }
-        return keyTransformer.transformMasterKey(seed, key, rounds)
-    }
-}

app/src/main/java/com/kunzisoft/keepass/crypto/keyDerivation/Argon2Native.java

@@ -1,65 +0,0 @@
-/*
- * Copyright 2017 Brian Pellin, Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.crypto.keyDerivation;
-
-import com.kunzisoft.keepass.crypto.NativeLib;
-import com.kunzisoft.keepass.utils.UnsignedInt;
-
-import java.io.IOException;
-
-public class Argon2Native {
-
-    enum CType {
-        ARGON2_D(0),
-        ARGON2_I(1),
-        ARGON2_ID(2);
-
-        int cValue = 0;
-
-        CType(int i) {
-            cValue = i;
-        }
-    }
-
-    public static byte[] transformKey(Argon2Kdf.Type type, byte[] password, byte[] salt, UnsignedInt parallelism,
-                                      UnsignedInt memory, UnsignedInt iterations, byte[] secretKey,
-                                      byte[] associatedData, UnsignedInt version) throws IOException {
-        NativeLib.INSTANCE.init();
-
-        CType cType = CType.ARGON2_D;
-        if (type.equals(Argon2Kdf.Type.ARGON2_ID))
-            cType = CType.ARGON2_ID;
-
-        return nTransformMasterKey(
-                cType.cValue,
-                password,
-                salt,
-                parallelism.toKotlinInt(),
-                memory.toKotlinInt(),
-                iterations.toKotlinInt(),
-                secretKey,
-                associatedData,
-                version.toKotlinInt());
-    }
-
-    private static native byte[] nTransformMasterKey(int type, byte[] password, byte[] salt, int parallelism,
-                                              int memory, int iterations, byte[] secretKey,
-                                              byte[] associatedData, int version) throws IOException;
-}

app/src/main/java/com/kunzisoft/keepass/database/action/LoadDatabaseRunnable.kt

@@ -25,6 +25,8 @@ import com.kunzisoft.keepass.app.database.CipherDatabaseAction
 import com.kunzisoft.keepass.app.database.CipherDatabaseEntity
 import com.kunzisoft.keepass.app.database.FileDatabaseHistoryAction
 import com.kunzisoft.keepass.database.element.Database
+import com.kunzisoft.keepass.database.element.binary.LoadedKey
+import com.kunzisoft.keepass.database.element.binary.BinaryData
 import com.kunzisoft.keepass.database.exception.LoadDatabaseException
 import com.kunzisoft.keepass.model.MainCredential
 import com.kunzisoft.keepass.settings.PreferencesUtil
@@ -55,7 +57,10 @@ class LoadDatabaseRunnable(private val context: Context,
                     mReadonly,
                     context.contentResolver,
                     UriUtil.getBinaryDir(context),
-                    Database.LoadedKey.generateNewCipherKey(),
+                    { memoryWanted ->
+                        BinaryData.canMemoryBeAllocatedInRAM(context, memoryWanted)
+                    },
+                    LoadedKey.generateNewCipherKey(),
                     mFixDuplicateUUID,
                     progressTaskUpdater)
         }

app/src/main/java/com/kunzisoft/keepass/database/action/ProgressDatabaseTaskProvider.kt

@@ -25,18 +25,21 @@ import android.content.Context.BIND_NOT_FOREGROUND
 import android.net.Uri
 import android.os.Bundle
 import android.os.IBinder
+import android.util.Log
+import android.widget.Toast
 import androidx.fragment.app.FragmentActivity
+import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.activities.dialogs.DatabaseChangedDialogFragment
 import com.kunzisoft.keepass.activities.dialogs.DatabaseChangedDialogFragment.Companion.DATABASE_CHANGED_DIALOG_TAG
 import com.kunzisoft.keepass.app.database.CipherDatabaseEntity
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfEngine
+import com.kunzisoft.keepass.database.crypto.EncryptionAlgorithm
+import com.kunzisoft.keepass.database.crypto.kdf.KdfEngine
 import com.kunzisoft.keepass.database.element.Entry
 import com.kunzisoft.keepass.database.element.Group
 import com.kunzisoft.keepass.database.element.database.CompressionAlgorithm
 import com.kunzisoft.keepass.database.element.node.Node
 import com.kunzisoft.keepass.database.element.node.NodeId
 import com.kunzisoft.keepass.database.element.node.Type
-import com.kunzisoft.keepass.database.element.security.EncryptionAlgorithm
 import com.kunzisoft.keepass.model.MainCredential
 import com.kunzisoft.keepass.model.SnapFileDatabaseInfo
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService
@@ -48,8 +51,8 @@ import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.ACTION_DATABASE_DELETE_ENTRY_HISTORY
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.ACTION_DATABASE_DELETE_NODES_TASK
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.ACTION_DATABASE_LOAD_TASK
-import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.ACTION_DATABASE_RELOAD_TASK
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.ACTION_DATABASE_MOVE_NODES_TASK
+import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.ACTION_DATABASE_RELOAD_TASK
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.ACTION_DATABASE_REMOVE_UNLINKED_DATA_TASK
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.ACTION_DATABASE_RESTORE_ENTRY_HISTORY
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.ACTION_DATABASE_SAVE
@@ -251,11 +254,16 @@ class ProgressDatabaseTaskProvider(private val activity: FragmentActivity) {
     }
 
     private fun start(bundle: Bundle? = null, actionTask: String) {
-        activity.stopService(intentDatabaseTask)
+        try {
-        if (bundle != null)
+            activity.stopService(intentDatabaseTask)
-            intentDatabaseTask.putExtras(bundle)
+            if (bundle != null)
-        intentDatabaseTask.action = actionTask
+                intentDatabaseTask.putExtras(bundle)
-        activity.startService(intentDatabaseTask)
+            intentDatabaseTask.action = actionTask
+            activity.startService(intentDatabaseTask)
+        } catch (e: Exception) {
+            Log.e(TAG, "Unable to perform database action", e)
+            Toast.makeText(activity, R.string.error_start_database_action, Toast.LENGTH_LONG).show()
+        }
     }
 
     /*
@@ -591,4 +599,8 @@ class ProgressDatabaseTaskProvider(private val activity: FragmentActivity) {
         }
                 , ACTION_DATABASE_SAVE)
     }
+
+    companion object {
+        private val TAG = ProgressDatabaseTaskProvider::class.java.name
+    }
 }

app/src/main/java/com/kunzisoft/keepass/database/action/ReloadDatabaseRunnable.kt

@@ -21,6 +21,8 @@ package com.kunzisoft.keepass.database.action
 
 import android.content.Context
 import com.kunzisoft.keepass.database.element.Database
+import com.kunzisoft.keepass.database.element.binary.LoadedKey
+import com.kunzisoft.keepass.database.element.binary.BinaryData
 import com.kunzisoft.keepass.database.exception.LoadDatabaseException
 import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.tasks.ActionRunnable
@@ -33,10 +35,10 @@ class ReloadDatabaseRunnable(private val context: Context,
                              private val mLoadDatabaseResult: ((Result) -> Unit)?)
     : ActionRunnable() {
 
-    private var tempCipherKey: Database.LoadedKey? = null
+    private var tempCipherKey: LoadedKey? = null
 
     override fun onStartRun() {
-        tempCipherKey = mDatabase.loadedCipherKey
+        tempCipherKey = mDatabase.binaryCache.loadedCipherKey
         // Clear before we load
         mDatabase.clear(UriUtil.getBinaryDir(context))
         mDatabase.wasReloaded = true
@@ -46,7 +48,10 @@ class ReloadDatabaseRunnable(private val context: Context,
         try {
             mDatabase.reloadData(context.contentResolver,
                     UriUtil.getBinaryDir(context),
-                    tempCipherKey ?: Database.LoadedKey.generateNewCipherKey(),
+                    { memoryWanted ->
+                        BinaryData.canMemoryBeAllocatedInRAM(context, memoryWanted)
+                    },
+                    tempCipherKey ?: LoadedKey.generateNewCipherKey(),
                     progressTaskUpdater)
         } catch (e: LoadDatabaseException) {
             setError(e)

app/src/main/java/com/kunzisoft/keepass/database/action/node/MoveNodesRunnable.kt

@@ -24,7 +24,7 @@ import android.util.Log
 import com.kunzisoft.keepass.database.element.*
 import com.kunzisoft.keepass.database.element.node.Node
 import com.kunzisoft.keepass.database.element.node.Type
-import com.kunzisoft.keepass.database.exception.EntryDatabaseException
+import com.kunzisoft.keepass.database.exception.MoveEntryDatabaseException
 import com.kunzisoft.keepass.database.exception.MoveGroupDatabaseException
 
 class MoveNodesRunnable constructor(
@@ -47,8 +47,10 @@ class MoveNodesRunnable constructor(
             when (nodeToMove.type) {
                 Type.GROUP -> {
                     val groupToMove = nodeToMove as Group
-                    // Move group in new parent if not in the current group
+                    // Move group if the parent change
-                    if (groupToMove != mNewParent
+                    if (mOldParent != mNewParent
+                            // and if not in the current group
+                            && groupToMove != mNewParent
                             && !mNewParent.isContainedIn(groupToMove)) {
                         nodeToMove.touch(modified = true, touchParents = true)
                         database.moveGroupTo(groupToMove, mNewParent)
@@ -68,7 +70,7 @@ class MoveNodesRunnable constructor(
                         database.moveEntryTo(entryToMove, mNewParent)
                     } else {
                         // Only finish thread
-                        setError(EntryDatabaseException())
+                        setError(MoveEntryDatabaseException())
                         break@foreachNode
                     }
                 }

app/src/main/java/com/kunzisoft/keepass/database/crypto/AesEngine.kt

@@ -0,0 +1,40 @@
+/*
+ * Copyright 2019 Jeremy Jamet / Kunzisoft.
+ *
+ * This file is part of KeePassDX.
+ *
+ *  KeePassDX is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  KeePassDX is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+package com.kunzisoft.keepass.database.crypto
+
+
+import com.kunzisoft.encrypt.CipherFactory
+import java.security.InvalidAlgorithmParameterException
+import java.security.InvalidKeyException
+import java.security.NoSuchAlgorithmException
+import javax.crypto.Cipher
+import javax.crypto.NoSuchPaddingException
+
+class AesEngine : CipherEngine() {
+
+    @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
+    override fun getCipher(opmode: Int, key: ByteArray, IV: ByteArray): Cipher {
+        return CipherFactory.getAES(opmode, key, IV)
+    }
+
+    override fun getEncryptionAlgorithm(): EncryptionAlgorithm {
+        return EncryptionAlgorithm.AESRijndael
+    }
+}

app/src/main/java/com/kunzisoft/keepass/database/crypto/ChaCha20Engine.kt

@@ -17,19 +17,14 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.crypto.engine
+package com.kunzisoft.keepass.database.crypto
 
-import com.kunzisoft.keepass.database.element.security.EncryptionAlgorithm
+import com.kunzisoft.encrypt.CipherFactory
-import com.kunzisoft.keepass.stream.bytes16ToUuid
-import org.bouncycastle.jce.provider.BouncyCastleProvider
 import java.security.InvalidAlgorithmParameterException
 import java.security.InvalidKeyException
 import java.security.NoSuchAlgorithmException
-import java.util.*
 import javax.crypto.Cipher
 import javax.crypto.NoSuchPaddingException
-import javax.crypto.spec.IvParameterSpec
-import javax.crypto.spec.SecretKeySpec
 
 class ChaCha20Engine : CipherEngine() {
 
@@ -38,34 +33,11 @@ class ChaCha20Engine : CipherEngine() {
     }
 
     @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
-    override fun getCipher(opmode: Int, key: ByteArray, IV: ByteArray, androidOverride: Boolean): Cipher {
+    override fun getCipher(opmode: Int, key: ByteArray, IV: ByteArray): Cipher {
-        val cipher = Cipher.getInstance("Chacha7539", BouncyCastleProvider())
+        return CipherFactory.getChacha20(opmode, key, IV)
-        cipher.init(opmode, SecretKeySpec(key, "ChaCha7539"), IvParameterSpec(IV))
-        return cipher
     }
 
-    override fun getPwEncryptionAlgorithm(): EncryptionAlgorithm {
+    override fun getEncryptionAlgorithm(): EncryptionAlgorithm {
         return EncryptionAlgorithm.ChaCha20
     }
-
-    companion object {
-
-        val CIPHER_UUID: UUID = bytes16ToUuid(
-                byteArrayOf(0xD6.toByte(),
-                        0x03.toByte(),
-                        0x8A.toByte(),
-                        0x2B.toByte(),
-                        0x8B.toByte(),
-                        0x6F.toByte(),
-                        0x4C.toByte(),
-                        0xB5.toByte(),
-                        0xA5.toByte(),
-                        0x24.toByte(),
-                        0x33.toByte(),
-                        0x9A.toByte(),
-                        0x31.toByte(),
-                        0xDB.toByte(),
-                        0xB5.toByte(),
-                        0x9A.toByte()))
-    }
 }

app/src/main/java/com/kunzisoft/keepass/database/crypto/CipherEngine.kt

@@ -17,9 +17,7 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.crypto.engine
+package com.kunzisoft.keepass.database.crypto
-
-import com.kunzisoft.keepass.database.element.security.EncryptionAlgorithm
 
 import java.security.InvalidAlgorithmParameterException
 import java.security.InvalidKeyException
@@ -38,14 +36,12 @@ abstract class CipherEngine {
         return 16
     }
 
-    @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
+    // Used only with padding workaround
-    abstract fun getCipher(opmode: Int, key: ByteArray, IV: ByteArray, androidOverride: Boolean): Cipher
+    var forcePaddingCompatibility = false
 
     @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
-    fun getCipher(opmode: Int, key: ByteArray, IV: ByteArray): Cipher {
+    abstract fun getCipher(opmode: Int, key: ByteArray, IV: ByteArray): Cipher
-        return getCipher(opmode, key, IV, false)
-    }
 
-    abstract fun getPwEncryptionAlgorithm(): EncryptionAlgorithm
+    abstract fun getEncryptionAlgorithm(): EncryptionAlgorithm
 
 }

app/src/main/java/com/kunzisoft/keepass/database/crypto/CrsAlgorithm.kt

@@ -17,11 +17,13 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.crypto
+package com.kunzisoft.keepass.database.crypto
 
+import com.kunzisoft.encrypt.HashManager
 import com.kunzisoft.keepass.utils.UnsignedInt
+import com.kunzisoft.encrypt.StreamCipher
 
-enum class CrsAlgorithm constructor(val id: UnsignedInt) {
+enum class CrsAlgorithm(val id: UnsignedInt) {
 
     Null(UnsignedInt(0)),
     ArcFourVariant(UnsignedInt(1)),
@@ -30,6 +32,15 @@ enum class CrsAlgorithm constructor(val id: UnsignedInt) {
 
     companion object {
 
+        @Throws(Exception::class)
+        fun getCipher(algorithm: CrsAlgorithm?, key: ByteArray): StreamCipher {
+            return when (algorithm) {
+                Salsa20 -> HashManager.getSalsa20(key)
+                ChaCha20 -> HashManager.getChaCha20(key)
+                else -> throw Exception("Invalid random cipher")
+            }
+        }
+
         fun fromId(num: UnsignedInt): CrsAlgorithm? {
             for (e in values()) {
                 if (e.id == num) {

app/src/main/java/com/kunzisoft/keepass/database/crypto/EncryptionAlgorithm.kt

@@ -0,0 +1,133 @@
+/*
+ * Copyright 2019 Jeremy Jamet / Kunzisoft.
+ *     
+ * This file is part of KeePassDX.
+ *
+ *  KeePassDX is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  KeePassDX is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+package com.kunzisoft.keepass.database.crypto
+
+import com.kunzisoft.keepass.utils.bytes16ToUuid
+import java.security.NoSuchAlgorithmException
+import java.util.*
+
+enum class EncryptionAlgorithm {
+
+    AESRijndael,
+    Twofish,
+    ChaCha20;
+
+    val cipherEngine: CipherEngine
+        get() {
+            return when (this) {
+                AESRijndael -> AesEngine()
+                Twofish -> TwofishEngine()
+                ChaCha20 -> ChaCha20Engine()
+            }
+        }
+
+    val uuid: UUID
+        get() {
+            return when (this) {
+                AESRijndael -> AES_UUID
+                Twofish -> TWOFISH_UUID
+                ChaCha20 -> CHACHA20_UUID
+            }
+        }
+
+    override fun toString(): String {
+        return when (this) {
+            AESRijndael -> "Rijndael (AES)"
+            Twofish -> "Twofish"
+            ChaCha20 -> "ChaCha20"
+        }
+    }
+
+    companion object {
+
+        /**
+         * Generate appropriate cipher based on KeePass 2.x UUID's
+         */
+        @Throws(NoSuchAlgorithmException::class)
+        fun getFrom(uuid: UUID): EncryptionAlgorithm {
+            return when (uuid) {
+                AES_UUID -> AESRijndael
+                TWOFISH_UUID -> Twofish
+                CHACHA20_UUID -> ChaCha20
+                else -> throw NoSuchAlgorithmException("UUID unrecognized.")
+            }
+        }
+
+        private val AES_UUID: UUID by lazy {
+            bytes16ToUuid(
+                    byteArrayOf(0x31.toByte(),
+                            0xC1.toByte(),
+                            0xF2.toByte(),
+                            0xE6.toByte(),
+                            0xBF.toByte(),
+                            0x71.toByte(),
+                            0x43.toByte(),
+                            0x50.toByte(),
+                            0xBE.toByte(),
+                            0x58.toByte(),
+                            0x05.toByte(),
+                            0x21.toByte(),
+                            0x6A.toByte(),
+                            0xFC.toByte(),
+                            0x5A.toByte(),
+                            0xFF.toByte()))
+        }
+
+        private val TWOFISH_UUID: UUID by lazy {
+            bytes16ToUuid(
+                    byteArrayOf(0xAD.toByte(),
+                            0x68.toByte(),
+                            0xF2.toByte(),
+                            0x9F.toByte(),
+                            0x57.toByte(),
+                            0x6F.toByte(),
+                            0x4B.toByte(),
+                            0xB9.toByte(),
+                            0xA3.toByte(),
+                            0x6A.toByte(),
+                            0xD4.toByte(),
+                            0x7A.toByte(),
+                            0xF9.toByte(),
+                            0x65.toByte(),
+                            0x34.toByte(),
+                            0x6C.toByte()))
+        }
+
+        private val CHACHA20_UUID: UUID by lazy {
+            bytes16ToUuid(
+                    byteArrayOf(0xD6.toByte(),
+                            0x03.toByte(),
+                            0x8A.toByte(),
+                            0x2B.toByte(),
+                            0x8B.toByte(),
+                            0x6F.toByte(),
+                            0x4C.toByte(),
+                            0xB5.toByte(),
+                            0xA5.toByte(),
+                            0x24.toByte(),
+                            0x33.toByte(),
+                            0x9A.toByte(),
+                            0x31.toByte(),
+                            0xDB.toByte(),
+                            0xB5.toByte(),
+                            0x9A.toByte()))
+        }
+    }
+}

app/src/main/java/com/kunzisoft/keepass/database/crypto/HmacBlock.kt

@@ -17,35 +17,40 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.stream
+package com.kunzisoft.keepass.database.crypto
 
 import java.io.IOException
-import java.security.DigestOutputStream
+import java.security.InvalidKeyException
 import java.security.MessageDigest
 import java.security.NoSuchAlgorithmException
+import javax.crypto.Mac
+import javax.crypto.spec.SecretKeySpec
 
-object HmacBlockStream {
+object HmacBlock {
-    fun getHmacKey64(key: ByteArray, blockIndex: Long): ByteArray {
+
+    fun getHmacSha256(blockKey: ByteArray): Mac {
+        val hmac: Mac
+        try {
+            hmac = Mac.getInstance("HmacSHA256")
+            val signingKey = SecretKeySpec(blockKey, "HmacSHA256")
+            hmac.init(signingKey)
+        } catch (e: NoSuchAlgorithmException) {
+            throw IOException("No HmacAlogirthm")
+        } catch (e: InvalidKeyException) {
+            throw IOException("Invalid Hmac Key")
+        }
+        return hmac
+    }
+
+    fun getHmacKey64(key: ByteArray, blockIndex: ByteArray): ByteArray {
         val hash: MessageDigest
         try {
             hash = MessageDigest.getInstance("SHA-512")
         } catch (e: NoSuchAlgorithmException) {
             throw RuntimeException(e)
         }
-
+        hash.update(blockIndex)
-        val nos = NullOutputStream()
+        hash.update(key)
-        val dos = DigestOutputStream(nos, hash)
-        val leos = LittleEndianDataOutputStream(dos)
-
-        try {
-            leos.writeLong(blockIndex)
-            leos.write(key)
-            leos.close()
-        } catch (e: IOException) {
-            throw RuntimeException(e)
-        }
-
-        //assert(hashKey.length == 64);
         return hash.digest()
     }
 }

app/src/main/java/com/kunzisoft/keepass/database/crypto/TwofishEngine.kt

@@ -0,0 +1,39 @@
+/*
+ * Copyright 2019 Jeremy Jamet / Kunzisoft.
+ *
+ * This file is part of KeePassDX.
+ *
+ *  KeePassDX is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  KeePassDX is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+package com.kunzisoft.keepass.database.crypto
+
+import com.kunzisoft.encrypt.CipherFactory
+import java.security.InvalidAlgorithmParameterException
+import java.security.InvalidKeyException
+import java.security.NoSuchAlgorithmException
+import javax.crypto.Cipher
+import javax.crypto.NoSuchPaddingException
+
+class TwofishEngine : CipherEngine() {
+
+    @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
+    override fun getCipher(opmode: Int, key: ByteArray, IV: ByteArray): Cipher {
+        return CipherFactory.getTwofish(opmode, key, IV, forcePaddingCompatibility)
+    }
+
+    override fun getEncryptionAlgorithm(): EncryptionAlgorithm {
+        return EncryptionAlgorithm.Twofish
+    }
+}

app/src/main/java/com/kunzisoft/keepass/database/crypto/VariantDictionary.kt

@@ -17,13 +17,10 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.utils
+package com.kunzisoft.keepass.database.crypto
 
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfParameters
+import com.kunzisoft.keepass.utils.*
-import com.kunzisoft.keepass.stream.*
+import java.io.*
-import java.io.ByteArrayInputStream
-import java.io.ByteArrayOutputStream
-import java.io.IOException
 import java.nio.charset.Charset
 import java.util.*
 
@@ -55,12 +52,12 @@ open class VariantDictionary {
         return dict[name]?.value as UnsignedInt?
     }
 
-    fun setUInt64(name: String, value: Long) {
+    fun setUInt64(name: String, value: UnsignedLong) {
         putType(VdType.UInt64, name, value)
     }
 
-    fun getUInt64(name: String): Long? {
+    fun getUInt64(name: String): UnsignedLong? {
-        return dict[name]?.value as Long?
+        return dict[name]?.value as UnsignedLong?
     }
 
     fun setBool(name: String, value: Boolean) {
@@ -115,22 +112,21 @@ open class VariantDictionary {
 
         @Throws(IOException::class)
         fun deserialize(data: ByteArray): VariantDictionary {
-            val inputStream = LittleEndianDataInputStream(ByteArrayInputStream(data))
+            val inputStream = ByteArrayInputStream(data)
             return deserialize(inputStream)
         }
 
         @Throws(IOException::class)
-        fun serialize(kdfParameters: KdfParameters): ByteArray {
+        fun serialize(variantDictionary: VariantDictionary): ByteArray {
             val byteArrayOutputStream = ByteArrayOutputStream()
-            val outputStream = LittleEndianDataOutputStream(byteArrayOutputStream)
+            serialize(variantDictionary, byteArrayOutputStream)
-            serialize(kdfParameters, outputStream)
             return byteArrayOutputStream.toByteArray()
         }
 
         @Throws(IOException::class)
-        fun deserialize(inputStream: LittleEndianDataInputStream): VariantDictionary {
+        fun deserialize(inputStream: InputStream): VariantDictionary {
             val dictionary = VariantDictionary()
-            val version = inputStream.readUShort()
+            val version = inputStream.readBytes2ToUShort()
             if (version and VdmCritical > VdVersion and VdmCritical) {
                 throw IOException("Invalid format")
             }
@@ -143,14 +139,14 @@ open class VariantDictionary {
                 if (bType == VdType.None) {
                     break
                 }
-                val nameLen = inputStream.readUInt().toKotlinInt()
+                val nameLen = inputStream.readBytes4ToUInt().toKotlinInt()
-                val nameBuf = inputStream.readBytes(nameLen)
+                val nameBuf = inputStream.readBytesLength(nameLen)
                 if (nameLen != nameBuf.size) {
                     throw IOException("Invalid format")
                 }
                 val name = String(nameBuf, UTF8Charset)
-                val valueLen = inputStream.readUInt().toKotlinInt()
+                val valueLen = inputStream.readBytes4ToUInt().toKotlinInt()
-                val valueBuf = inputStream.readBytes(valueLen)
+                val valueBuf = inputStream.readBytesLength(valueLen)
                 if (valueLen != valueBuf.size) {
                     throw IOException("Invalid format")
                 }
@@ -159,7 +155,7 @@ open class VariantDictionary {
                         dictionary.setUInt32(name, bytes4ToUInt(valueBuf))
                     }
                     VdType.UInt64 -> if (valueLen == 8) {
-                        dictionary.setUInt64(name, bytes64ToLong(valueBuf))
+                        dictionary.setUInt64(name, bytes64ToULong(valueBuf))
                     }
                     VdType.Bool -> if (valueLen == 1) {
                         dictionary.setBool(name, valueBuf[0] != 0.toByte())
@@ -181,48 +177,47 @@ open class VariantDictionary {
 
         @Throws(IOException::class)
         fun serialize(variantDictionary: VariantDictionary,
-                      outputStream: LittleEndianDataOutputStream?) {
+                      outputStream: OutputStream?) {
             if (outputStream == null) {
                 return
             }
-            outputStream.writeUShort(VdVersion)
+            outputStream.write2BytesUShort(VdVersion)
             for ((name, vd) in variantDictionary.dict) {
                 val nameBuf = name.toByteArray(UTF8Charset)
-                outputStream.write(vd.type.toInt())
+                outputStream.writeByte(vd.type)
-                outputStream.writeInt(nameBuf.size)
+                outputStream.write4BytesUInt(UnsignedInt(nameBuf.size))
                 outputStream.write(nameBuf)
                 var buf: ByteArray
                 when (vd.type) {
                     VdType.UInt32 -> {
-                        outputStream.writeInt(4)
+                        outputStream.write4BytesUInt(UnsignedInt(4))
-                        outputStream.writeUInt((vd.value as UnsignedInt))
+                        outputStream.write4BytesUInt(vd.value as UnsignedInt)
                     }
                     VdType.UInt64 -> {
-                        outputStream.writeInt(8)
+                        outputStream.write4BytesUInt(UnsignedInt(8))
-                        outputStream.writeLong(vd.value as Long)
+                        outputStream.write8BytesLong(vd.value as UnsignedLong)
                     }
                     VdType.Bool -> {
-                        outputStream.writeInt(1)
+                        outputStream.write4BytesUInt(UnsignedInt(1))
-                        val bool = if (vd.value as Boolean) 1.toByte() else 0.toByte()
+                        outputStream.writeBooleanByte(vd.value as Boolean)
-                        outputStream.write(bool.toInt())
                     }
                     VdType.Int32 -> {
-                        outputStream.writeInt(4)
+                        outputStream.write4BytesUInt(UnsignedInt(4))
-                        outputStream.writeInt(vd.value as Int)
+                        outputStream.write4BytesUInt(UnsignedInt(vd.value as Int))
                     }
                     VdType.Int64 -> {
-                        outputStream.writeInt(8)
+                        outputStream.write4BytesUInt(UnsignedInt(8))
-                        outputStream.writeLong(vd.value as Long)
+                        outputStream.write8BytesLong(vd.value as Long)
                     }
                     VdType.String -> {
                         val value = vd.value as String
                         buf = value.toByteArray(UTF8Charset)
-                        outputStream.writeInt(buf.size)
+                        outputStream.write4BytesUInt(UnsignedInt(buf.size))
                         outputStream.write(buf)
                     }
                     VdType.ByteArray -> {
                         buf = vd.value as ByteArray
-                        outputStream.writeInt(buf.size)
+                        outputStream.write4BytesUInt(UnsignedInt(buf.size))
                         outputStream.write(buf)
                     }
                     else -> {

app/src/main/java/com/kunzisoft/keepass/database/crypto/kdf/AesKdf.kt

@@ -17,13 +17,12 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.crypto.keyDerivation
+package com.kunzisoft.keepass.database.crypto.kdf
 
-import android.content.res.Resources
+import com.kunzisoft.encrypt.HashManager
-import com.kunzisoft.keepass.R
+import com.kunzisoft.keepass.utils.UnsignedLong
-import com.kunzisoft.keepass.crypto.CryptoUtil
+import com.kunzisoft.encrypt.aes.AESTransformer
-import com.kunzisoft.keepass.crypto.finalkey.AESKeyTransformerFactory
+import com.kunzisoft.keepass.utils.bytes16ToUuid
-import com.kunzisoft.keepass.stream.bytes16ToUuid
 import java.io.IOException
 import java.security.SecureRandom
 import java.util.*
@@ -38,32 +37,28 @@ class AesKdf : KdfEngine() {
         get() {
             return KdfParameters(uuid!!).apply {
                 setParamUUID()
-                setUInt64(PARAM_ROUNDS, defaultKeyRounds)
+                setUInt64(PARAM_ROUNDS, UnsignedLong(defaultKeyRounds))
             }
         }
 
-    override val defaultKeyRounds: Long = 500000L
+    override val defaultKeyRounds = 500000L
-
-    override fun getName(resources: Resources): String {
-        return resources.getString(R.string.kdf_AES)
-    }
 
     @Throws(IOException::class)
     override fun transform(masterKey: ByteArray, kdfParameters: KdfParameters): ByteArray {
 
         var seed = kdfParameters.getByteArray(PARAM_SEED)
         if (seed != null && seed.size != 32) {
-            seed = CryptoUtil.hashSha256(seed)
+            seed = HashManager.hashSha256(seed)
         }
 
         var currentMasterKey = masterKey
         if (currentMasterKey.size != 32) {
-            currentMasterKey = CryptoUtil.hashSha256(currentMasterKey)
+            currentMasterKey = HashManager.hashSha256(currentMasterKey)
         }
 
-        val rounds = kdfParameters.getUInt64(PARAM_ROUNDS)
+        val rounds = kdfParameters.getUInt64(PARAM_ROUNDS)?.toKotlinLong()
 
-        return AESKeyTransformerFactory.transformMasterKey(seed, currentMasterKey, rounds) ?: ByteArray(0)
+        return AESTransformer.transformKey(seed, currentMasterKey, rounds) ?: ByteArray(0)
     }
 
     override fun randomize(kdfParameters: KdfParameters) {
@@ -76,11 +71,15 @@ class AesKdf : KdfEngine() {
     }
 
     override fun getKeyRounds(kdfParameters: KdfParameters): Long {
-        return kdfParameters.getUInt64(PARAM_ROUNDS) ?: defaultKeyRounds
+        return kdfParameters.getUInt64(PARAM_ROUNDS)?.toKotlinLong() ?: defaultKeyRounds
     }
 
     override fun setKeyRounds(kdfParameters: KdfParameters, keyRounds: Long) {
-        kdfParameters.setUInt64(PARAM_ROUNDS, keyRounds)
+        kdfParameters.setUInt64(PARAM_ROUNDS, UnsignedLong(keyRounds))
+    }
+
+    override fun toString(): String {
+        return "AES"
     }
 
     companion object {

app/src/main/java/com/kunzisoft/keepass/database/crypto/kdf/Argon2Kdf.kt

@@ -17,13 +17,13 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.crypto.keyDerivation
+package com.kunzisoft.keepass.database.crypto.kdf
 
-import android.content.res.Resources
-import androidx.annotation.StringRes
-import com.kunzisoft.keepass.R
-import com.kunzisoft.keepass.stream.bytes16ToUuid
 import com.kunzisoft.keepass.utils.UnsignedInt
+import com.kunzisoft.keepass.utils.UnsignedLong
+import com.kunzisoft.encrypt.argon2.Argon2Transformer
+import com.kunzisoft.encrypt.argon2.Argon2Type
+import com.kunzisoft.keepass.utils.bytes16ToUuid
 import java.io.IOException
 import java.security.SecureRandom
 import java.util.*
@@ -48,40 +48,30 @@ class Argon2Kdf(private val type: Type) : KdfEngine() {
         }
 
     override val defaultKeyRounds: Long
-        get() = DEFAULT_ITERATIONS
+        get() = DEFAULT_ITERATIONS.toKotlinLong()
-
-    override fun getName(resources: Resources): String {
-        return resources.getString(type.nameId)
-    }
 
     @Throws(IOException::class)
     override fun transform(masterKey: ByteArray, kdfParameters: KdfParameters): ByteArray {
 
-        val salt = kdfParameters.getByteArray(PARAM_SALT)
+        val salt = kdfParameters.getByteArray(PARAM_SALT) ?: ByteArray(0)
-        val parallelism = kdfParameters.getUInt32(PARAM_PARALLELISM)?.let {
+        val parallelism = kdfParameters.getUInt32(PARAM_PARALLELISM)?.toKotlinLong() ?: DEFAULT_PARALLELISM.toKotlinLong()
-            UnsignedInt(it)
+        val memory = kdfParameters.getUInt64(PARAM_MEMORY)?.toKotlinLong()?.div(MEMORY_BLOCK_SIZE) ?: DEFAULT_MEMORY.toKotlinLong()
-        }
+        val iterations = kdfParameters.getUInt64(PARAM_ITERATIONS)?.toKotlinLong() ?: DEFAULT_ITERATIONS.toKotlinLong()
-        val memory = kdfParameters.getUInt64(PARAM_MEMORY)?.div(MEMORY_BLOCK_SIZE)?.let {
+        val version = kdfParameters.getUInt32(PARAM_VERSION)?.toKotlinInt() ?: MAX_VERSION.toKotlinInt()
-            UnsignedInt.fromKotlinLong(it)
-        }
-        val iterations = kdfParameters.getUInt64(PARAM_ITERATIONS)?.let {
-            UnsignedInt.fromKotlinLong(it)
-        }
-        val version = kdfParameters.getUInt32(PARAM_VERSION)?.let {
-            UnsignedInt(it)
-        }
-        val secretKey = kdfParameters.getByteArray(PARAM_SECRET_KEY)
-        val assocData = kdfParameters.getByteArray(PARAM_ASSOC_DATA)
 
-        return Argon2Native.transformKey(
+        // Not used
-                type,
+        // val secretKey = kdfParameters.getByteArray(PARAM_SECRET_KEY)
+        // val assocData = kdfParameters.getByteArray(PARAM_ASSOC_DATA)
+
+        val argonType = if (type == Type.ARGON2_ID) Argon2Type.ARGON2_ID else Argon2Type.ARGON2_D
+
+        return Argon2Transformer.transformKey(
+                argonType,
                 masterKey,
                 salt,
                 parallelism,
                 memory,
                 iterations,
-                secretKey,
-                assocData,
                 version)
     }
 
@@ -95,32 +85,32 @@ class Argon2Kdf(private val type: Type) : KdfEngine() {
     }
 
     override fun getKeyRounds(kdfParameters: KdfParameters): Long {
-        return kdfParameters.getUInt64(PARAM_ITERATIONS) ?: defaultKeyRounds
+        return kdfParameters.getUInt64(PARAM_ITERATIONS)?.toKotlinLong() ?: defaultKeyRounds
     }
 
     override fun setKeyRounds(kdfParameters: KdfParameters, keyRounds: Long) {
-        kdfParameters.setUInt64(PARAM_ITERATIONS, keyRounds)
+        kdfParameters.setUInt64(PARAM_ITERATIONS, UnsignedLong(keyRounds))
     }
 
     override val minKeyRounds: Long
-        get() = MIN_ITERATIONS
+        get() = MIN_ITERATIONS.toKotlinLong()
 
     override val maxKeyRounds: Long
-        get() = MAX_ITERATIONS
+        get() = MAX_ITERATIONS.toKotlinLong()
 
     override fun getMemoryUsage(kdfParameters: KdfParameters): Long {
-        return kdfParameters.getUInt64(PARAM_MEMORY) ?: defaultMemoryUsage
+        return kdfParameters.getUInt64(PARAM_MEMORY)?.toKotlinLong() ?: defaultMemoryUsage
     }
 
     override fun setMemoryUsage(kdfParameters: KdfParameters, memory: Long) {
-        kdfParameters.setUInt64(PARAM_MEMORY, memory)
+        kdfParameters.setUInt64(PARAM_MEMORY, UnsignedLong(memory))
     }
 
     override val defaultMemoryUsage: Long
-        get() = DEFAULT_MEMORY
+        get() = DEFAULT_MEMORY.toKotlinLong()
 
     override val minMemoryUsage: Long
-        get() = MIN_MEMORY
+        get() = MIN_MEMORY.toKotlinLong()
 
     override val maxMemoryUsage: Long
         get() = MAX_MEMORY
@@ -135,16 +125,20 @@ class Argon2Kdf(private val type: Type) : KdfEngine() {
         kdfParameters.setUInt32(PARAM_PARALLELISM, UnsignedInt.fromKotlinLong(parallelism))
     }
 
+    override fun toString(): String {
+        return "$type"
+    }
+
     override val defaultParallelism: Long
         get() = DEFAULT_PARALLELISM.toKotlinLong()
 
     override val minParallelism: Long
-        get() = MIN_PARALLELISM
+        get() = MIN_PARALLELISM.toKotlinLong()
 
     override val maxParallelism: Long
-        get() = MAX_PARALLELISM
+        get() = MAX_PARALLELISM.toKotlinLong()
 
-    enum class Type(val CIPHER_UUID: UUID, @StringRes val nameId: Int) {
+    enum class Type(val CIPHER_UUID: UUID, private val typeName: String) {
         ARGON2_D(bytes16ToUuid(
                 byteArrayOf(0xEF.toByte(),
                         0x63.toByte(),
@@ -161,7 +155,7 @@ class Argon2Kdf(private val type: Type) : KdfEngine() {
                         0x03.toByte(),
                         0xE3.toByte(),
                         0x0A.toByte(),
-                        0x0C.toByte())), R.string.kdf_Argon2d),
+                        0x0C.toByte())), "Argon2d"),
         ARGON2_ID(bytes16ToUuid(
                 byteArrayOf(0x9E.toByte(),
                         0x29.toByte(),
@@ -178,7 +172,11 @@ class Argon2Kdf(private val type: Type) : KdfEngine() {
                         0xC6.toByte(),
                         0xF0.toByte(),
                         0xA1.toByte(),
-                        0xE6.toByte())), R.string.kdf_Argon2id);
+                        0xE6.toByte())), "Argon2id");
+
+        override fun toString(): String {
+            return typeName
+        }
     }
 
     companion object {
@@ -194,21 +192,17 @@ class Argon2Kdf(private val type: Type) : KdfEngine() {
         private val MIN_VERSION = UnsignedInt(0x10)
         private val MAX_VERSION = UnsignedInt(0x13)
 
-        private const val MIN_SALT = 8
+        private val DEFAULT_ITERATIONS = UnsignedLong(2L)
-        private val MAX_SALT = UnsignedInt.MAX_VALUE.toKotlinLong()
+        private val MIN_ITERATIONS = UnsignedLong(1L)
+        private val MAX_ITERATIONS = UnsignedLong(4294967295L)
 
-        private const val MIN_ITERATIONS: Long = 1L
+        private val DEFAULT_MEMORY = UnsignedLong((1024L * 1024L))
-        private const val MAX_ITERATIONS = 4294967295L
+        private val MIN_MEMORY = UnsignedLong(1024L * 8L)
-
-        private const val MIN_MEMORY = (1024 * 8).toLong()
         private val MAX_MEMORY = UnsignedInt.MAX_VALUE.toKotlinLong()
         private const val MEMORY_BLOCK_SIZE: Long = 1024L
 
-        private const val MIN_PARALLELISM: Long = 1L
-        private const val MAX_PARALLELISM: Long = ((1 shl 24) - 1).toLong()
-
-        private const val DEFAULT_ITERATIONS: Long = 2L
-        private const val DEFAULT_MEMORY = (1024 * 1024).toLong()
         private val DEFAULT_PARALLELISM = UnsignedInt(2)
+        private val MIN_PARALLELISM = UnsignedInt.fromKotlinLong(1L)
+        private val MAX_PARALLELISM = UnsignedInt.fromKotlinLong(((1 shl 24) - 1))
     }
 }

app/src/main/java/com/kunzisoft/keepass/database/crypto/kdf/KdfEngine.kt

@@ -17,17 +17,15 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.crypto.keyDerivation
+package com.kunzisoft.keepass.database.crypto.kdf
 
-import com.kunzisoft.keepass.utils.ObjectNameResource
 import com.kunzisoft.keepass.utils.UnsignedInt
-
 import java.io.IOException
 import java.io.Serializable
-import java.util.UUID
+import java.util.*
 
 // TODO Parcelable
-abstract class KdfEngine : ObjectNameResource, Serializable {
+abstract class KdfEngine : Serializable {
 
     var uuid: UUID? = null
 

app/src/main/java/com/kunzisoft/keepass/database/crypto/kdf/KdfFactory.kt

@@ -17,7 +17,7 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.crypto.keyDerivation
+package com.kunzisoft.keepass.database.crypto.kdf
 
 object KdfFactory {
     var aesKdf = AesKdf()

app/src/main/java/com/kunzisoft/keepass/database/crypto/kdf/KdfParameters.kt

@@ -17,11 +17,11 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.crypto.keyDerivation
+package com.kunzisoft.keepass.database.crypto.kdf
 
-import com.kunzisoft.keepass.stream.bytes16ToUuid
+import com.kunzisoft.keepass.utils.bytes16ToUuid
-import com.kunzisoft.keepass.stream.uuidTo16Bytes
+import com.kunzisoft.keepass.utils.uuidTo16Bytes
-import com.kunzisoft.keepass.utils.VariantDictionary
+import com.kunzisoft.keepass.database.crypto.VariantDictionary
 import java.io.IOException
 import java.util.*
 

app/src/main/java/com/kunzisoft/keepass/database/element/Attachment.kt

@@ -21,8 +21,8 @@ package com.kunzisoft.keepass.database.element
 
 import android.os.Parcel
 import android.os.Parcelable
-import com.kunzisoft.keepass.database.element.database.BinaryByte
+import com.kunzisoft.keepass.database.element.binary.BinaryByte
-import com.kunzisoft.keepass.database.element.database.BinaryData
+import com.kunzisoft.keepass.database.element.binary.BinaryData
 
 
 data class Attachment(var name: String,

app/src/main/java/com/kunzisoft/keepass/database/element/Database.kt

@@ -23,19 +23,26 @@ import android.content.ContentResolver
 import android.content.res.Resources
 import android.net.Uri
 import android.util.Log
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfEngine
 import com.kunzisoft.keepass.database.action.node.NodeHandler
-import com.kunzisoft.keepass.database.element.database.*
+import com.kunzisoft.keepass.database.crypto.EncryptionAlgorithm
+import com.kunzisoft.keepass.database.crypto.kdf.KdfEngine
+import com.kunzisoft.keepass.database.element.binary.AttachmentPool
+import com.kunzisoft.keepass.database.element.binary.BinaryCache
+import com.kunzisoft.keepass.database.element.binary.BinaryData
+import com.kunzisoft.keepass.database.element.binary.LoadedKey
+import com.kunzisoft.keepass.database.element.database.CompressionAlgorithm
+import com.kunzisoft.keepass.database.element.database.DatabaseKDB
+import com.kunzisoft.keepass.database.element.database.DatabaseKDBX
 import com.kunzisoft.keepass.database.element.icon.IconImageCustom
 import com.kunzisoft.keepass.database.element.icon.IconImageStandard
 import com.kunzisoft.keepass.database.element.icon.IconsManager
 import com.kunzisoft.keepass.database.element.node.NodeId
 import com.kunzisoft.keepass.database.element.node.NodeIdInt
 import com.kunzisoft.keepass.database.element.node.NodeIdUUID
-import com.kunzisoft.keepass.database.element.security.EncryptionAlgorithm
 import com.kunzisoft.keepass.database.exception.*
 import com.kunzisoft.keepass.database.file.DatabaseHeaderKDB
 import com.kunzisoft.keepass.database.file.DatabaseHeaderKDBX
+import com.kunzisoft.keepass.database.file.DatabaseHeaderKDBX.Companion.FILE_VERSION_32_4
 import com.kunzisoft.keepass.database.file.input.DatabaseInputKDB
 import com.kunzisoft.keepass.database.file.input.DatabaseInputKDBX
 import com.kunzisoft.keepass.database.file.output.DatabaseOutputKDB
@@ -44,15 +51,12 @@ import com.kunzisoft.keepass.database.search.SearchHelper
 import com.kunzisoft.keepass.database.search.SearchParameters
 import com.kunzisoft.keepass.icons.IconDrawableFactory
 import com.kunzisoft.keepass.model.MainCredential
-import com.kunzisoft.keepass.stream.readBytes4ToUInt
 import com.kunzisoft.keepass.tasks.ProgressTaskUpdater
 import com.kunzisoft.keepass.utils.SingletonHolder
 import com.kunzisoft.keepass.utils.UriUtil
+import com.kunzisoft.keepass.utils.readBytes4ToUInt
 import java.io.*
-import java.security.Key
-import java.security.SecureRandom
 import java.util.*
-import javax.crypto.KeyGenerator
 import kotlin.collections.ArrayList
 
 
@@ -70,7 +74,7 @@ class Database {
     var isReadOnly = false
 
     val iconDrawableFactory = IconDrawableFactory(
-            { loadedCipherKey },
+            { binaryCache },
             { iconId -> iconsManager.getBinaryForCustomIcon(iconId) }
     )
 
@@ -92,18 +96,18 @@ class Database {
      * Cipher key regenerated when the database is loaded and closed
      * Can be used to temporarily store database elements
      */
-    var loadedCipherKey: LoadedKey?
+    var binaryCache: BinaryCache
         private set(value) {
-            mDatabaseKDB?.loadedCipherKey = value
+            mDatabaseKDB?.binaryCache = value
-            mDatabaseKDBX?.loadedCipherKey = value
+            mDatabaseKDBX?.binaryCache = value
         }
         get() {
-            return mDatabaseKDB?.loadedCipherKey ?: mDatabaseKDBX?.loadedCipherKey
+            return mDatabaseKDB?.binaryCache ?: mDatabaseKDBX?.binaryCache ?: BinaryCache()
         }
 
     private val iconsManager: IconsManager
         get() {
-            return mDatabaseKDB?.iconsManager ?: mDatabaseKDBX?.iconsManager ?: IconsManager()
+            return mDatabaseKDB?.iconsManager ?: mDatabaseKDBX?.iconsManager ?: IconsManager(binaryCache)
         }
 
     fun doForEachStandardIcons(action: (IconImageStandard) -> Unit) {
@@ -125,9 +129,8 @@ class Database {
         return iconsManager.getIcon(iconId)
     }
 
-    fun buildNewCustomIcon(cacheDirectory: File,
+    fun buildNewCustomIcon(result: (IconImageCustom?, BinaryData?) -> Unit) {
-                           result: (IconImageCustom?, BinaryData?) -> Unit) {
+        mDatabaseKDBX?.buildNewCustomIcon(null, result)
-        mDatabaseKDBX?.buildNewCustomIcon(cacheDirectory, null, result)
     }
 
     fun isCustomIconBinaryDuplicate(binaryData: BinaryData): Boolean {
@@ -136,7 +139,7 @@ class Database {
 
     fun removeCustomIcon(customIcon: IconImageCustom) {
         iconDrawableFactory.clearFromCache(customIcon)
-        iconsManager.removeCustomIcon(customIcon.uuid)
+        iconsManager.removeCustomIcon(binaryCache, customIcon.uuid)
     }
 
     val allowName: Boolean
@@ -219,7 +222,7 @@ class Database {
         // Default compression not necessary if stored in header
         mDatabaseKDBX?.let {
             return it.compressionAlgorithm == CompressionAlgorithm.GZip
-                    && it.kdbxVersion.toKotlinLong() < DatabaseHeaderKDBX.FILE_VERSION_32_4.toKotlinLong()
+                    && it.kdbxVersion.isBefore(FILE_VERSION_32_4)
         }
         return false
     }
@@ -232,12 +235,9 @@ class Database {
     val allowNoMasterKey: Boolean
         get() = mDatabaseKDBX != null
 
-    val allowEncryptionAlgorithmModification: Boolean
+    fun getEncryptionAlgorithmName(): String {
-        get() = availableEncryptionAlgorithms.size > 1
+        return mDatabaseKDB?.encryptionAlgorithm?.toString()
-
+                ?: mDatabaseKDBX?.encryptionAlgorithm?.toString()
-    fun getEncryptionAlgorithmName(resources: Resources): String {
-        return mDatabaseKDB?.encryptionAlgorithm?.getName(resources)
-                ?: mDatabaseKDBX?.encryptionAlgorithm?.getName(resources)
                 ?: ""
     }
 
@@ -250,7 +250,7 @@ class Database {
             algorithm?.let {
                 mDatabaseKDBX?.encryptionAlgorithm = algorithm
                 mDatabaseKDBX?.setDataEngine(algorithm.cipherEngine)
-                mDatabaseKDBX?.dataCipher = algorithm.dataCipher
+                mDatabaseKDBX?.cipherUuid = algorithm.uuid
             }
         }
 
@@ -272,8 +272,8 @@ class Database {
             }
         }
 
-    fun getKeyDerivationName(resources: Resources): String {
+    fun getKeyDerivationName(): String {
-        return kdfEngine?.getName(resources) ?: ""
+        return kdfEngine?.toString() ?: ""
     }
 
     var numberKeyEncryptionRounds: Long
@@ -359,15 +359,10 @@ class Database {
             return null
         }
 
-    fun ensureRecycleBinExists(resources: Resources) {
+    val groupNamesNotAllowed: List<String>
-        mDatabaseKDB?.ensureBackupExists()
+        get() {
-        mDatabaseKDBX?.ensureRecycleBinExists(resources)
+            return mDatabaseKDB?.groupNamesNotAllowed ?: ArrayList()
-    }
+        }
-
-    fun removeRecycleBin() {
-        // Don't allow remove backup in KDB
-        mDatabaseKDBX?.removeRecycleBin()
-    }
 
     private fun setDatabaseKDB(databaseKDB: DatabaseKDB) {
         this.mDatabaseKDB = databaseKDB
@@ -381,25 +376,12 @@ class Database {
 
     fun createData(databaseUri: Uri, databaseName: String, rootName: String) {
         val newDatabase = DatabaseKDBX(databaseName, rootName)
-        newDatabase.loadedCipherKey = LoadedKey.generateNewCipherKey()
         setDatabaseKDBX(newDatabase)
         this.fileUri = databaseUri
         // Set Database state
         this.loaded = true
     }
 
-    class LoadedKey(val key: Key, val iv: ByteArray): Serializable {
-        companion object {
-            const val BINARY_CIPHER = "Blowfish/CBC/PKCS5Padding"
-
-            fun generateNewCipherKey(): LoadedKey {
-                val iv = ByteArray(8)
-                SecureRandom().nextBytes(iv)
-                return LoadedKey(KeyGenerator.getInstance("Blowfish").generateKey(), iv)
-            }
-        }
-    }
-
     @Throws(LoadDatabaseException::class)
     private fun readDatabaseStream(contentResolver: ContentResolver, uri: Uri,
                                    openDatabaseKDB: (InputStream) -> DatabaseKDB,
@@ -453,6 +435,7 @@ class Database {
                  readOnly: Boolean,
                  contentResolver: ContentResolver,
                  cacheDirectory: File,
+                 isRAMSufficient: (memoryWanted: Long) -> Boolean,
                  tempCipherKey: LoadedKey,
                  fixDuplicateUUID: Boolean,
                  progressTaskUpdater: ProgressTaskUpdater?) {
@@ -474,7 +457,7 @@ class Database {
             // Read database stream for the first time
             readDatabaseStream(contentResolver, uri,
                     { databaseInputStream ->
-                        DatabaseInputKDB(cacheDirectory)
+                        DatabaseInputKDB(cacheDirectory, isRAMSufficient)
                                 .openDatabase(databaseInputStream,
                                         mainCredential.masterPassword,
                                         keyFileInputStream,
@@ -483,7 +466,7 @@ class Database {
                                         fixDuplicateUUID)
                     },
                     { databaseInputStream ->
-                        DatabaseInputKDBX(cacheDirectory)
+                        DatabaseInputKDBX(cacheDirectory, isRAMSufficient)
                                 .openDatabase(databaseInputStream,
                                         mainCredential.masterPassword,
                                         keyFileInputStream,
@@ -507,6 +490,7 @@ class Database {
     @Throws(LoadDatabaseException::class)
     fun reloadData(contentResolver: ContentResolver,
                    cacheDirectory: File,
+                   isRAMSufficient: (memoryWanted: Long) -> Boolean,
                    tempCipherKey: LoadedKey,
                    progressTaskUpdater: ProgressTaskUpdater?) {
 
@@ -515,14 +499,14 @@ class Database {
             fileUri?.let { oldDatabaseUri ->
                 readDatabaseStream(contentResolver, oldDatabaseUri,
                         { databaseInputStream ->
-                            DatabaseInputKDB(cacheDirectory)
+                            DatabaseInputKDB(cacheDirectory, isRAMSufficient)
                                     .openDatabase(databaseInputStream,
                                             masterKey,
                                             tempCipherKey,
                                             progressTaskUpdater)
                         },
                         { databaseInputStream ->
-                            DatabaseInputKDBX(cacheDirectory)
+                            DatabaseInputKDBX(cacheDirectory, isRAMSufficient)
                                     .openDatabase(databaseInputStream,
                                             masterKey,
                                             tempCipherKey,
@@ -553,31 +537,32 @@ class Database {
                                      omitBackup: Boolean,
                                      max: Int = Integer.MAX_VALUE): Group? {
         return mSearchHelper?.createVirtualGroupWithSearchResult(this,
-                searchQuery, SearchParameters(), omitBackup, max)
+                SearchParameters().apply {
+                    this.searchQuery = searchQuery
+                }, omitBackup, max)
     }
 
     fun createVirtualGroupFromSearchInfo(searchInfoString: String,
                                          omitBackup: Boolean,
                                          max: Int = Integer.MAX_VALUE): Group? {
         return mSearchHelper?.createVirtualGroupWithSearchResult(this,
-                searchInfoString, SearchParameters().apply {
+                SearchParameters().apply {
-            searchInTitles = true
+                    searchQuery = searchInfoString
-            searchInUserNames = false
+                    searchInTitles = true
-            searchInPasswords = false
+                    searchInUserNames = false
-            searchInUrls = true
+                    searchInPasswords = false
-            searchInNotes = true
+                    searchInUrls = true
-            searchInOTP = false
+                    searchInNotes = true
-            searchInOther = true
+                    searchInOTP = false
-            searchInUUIDs = false
+                    searchInOther = true
-            searchInTags = false
+                    searchInUUIDs = false
-            ignoreCase = true
+                    searchInTags = false
-        }, omitBackup, max)
+                }, omitBackup, max)
     }
 
     val attachmentPool: AttachmentPool
         get() {
-            // Binary pool is functionally only in KDBX
+            return mDatabaseKDB?.attachmentPool ?: mDatabaseKDBX?.attachmentPool ?: AttachmentPool(binaryCache)
-            return mDatabaseKDBX?.binaryPool ?: AttachmentPool()
         }
 
     val allowMultipleAttachments: Boolean
@@ -589,11 +574,10 @@ class Database {
             return false
         }
 
-    fun buildNewBinaryAttachment(cacheDirectory: File,
+    fun buildNewBinaryAttachment(compressed: Boolean = false,
-                                 compressed: Boolean = false,
                                  protected: Boolean = false): BinaryData? {
-        return mDatabaseKDB?.buildNewAttachment(cacheDirectory)
+        return mDatabaseKDB?.buildNewAttachment()
-                ?: mDatabaseKDBX?.buildNewAttachment(cacheDirectory, compressed, protected)
+                ?: mDatabaseKDBX?.buildNewAttachment( false, compressed, protected)
     }
 
     fun removeAttachmentIfNotUsed(attachment: Attachment) {
@@ -668,6 +652,7 @@ class Database {
     }
 
     fun clear(filesDirectory: File? = null) {
+        binaryCache.clear()
         iconsManager.clearCache()
         iconDrawableFactory.clearCache()
         // Delete the cache of the database if present
@@ -802,11 +787,11 @@ class Database {
     }
 
     fun addGroupTo(group: Group, parent: Group) {
-        group.groupKDB?.let { entryKDB ->
+        group.groupKDB?.let { groupKDB ->
-            mDatabaseKDB?.addGroupTo(entryKDB, parent.groupKDB)
+            mDatabaseKDB?.addGroupTo(groupKDB, parent.groupKDB)
         }
-        group.groupKDBX?.let { entryKDBX ->
+        group.groupKDBX?.let { groupKDBX ->
-            mDatabaseKDBX?.addGroupTo(entryKDBX, parent.groupKDBX)
+            mDatabaseKDBX?.addGroupTo(groupKDBX, parent.groupKDBX)
         }
         group.afterAssignNewParent()
     }
@@ -821,11 +806,11 @@ class Database {
     }
 
     fun removeGroupFrom(group: Group, parent: Group) {
-        group.groupKDB?.let { entryKDB ->
+        group.groupKDB?.let { groupKDB ->
-            mDatabaseKDB?.removeGroupFrom(entryKDB, parent.groupKDB)
+            mDatabaseKDB?.removeGroupFrom(groupKDB, parent.groupKDB)
         }
-        group.groupKDBX?.let { entryKDBX ->
+        group.groupKDBX?.let { groupKDBX ->
-            mDatabaseKDBX?.removeGroupFrom(entryKDBX, parent.groupKDBX)
+            mDatabaseKDBX?.removeGroupFrom(groupKDBX, parent.groupKDBX)
         }
         group.afterAssignNewParent()
     }
@@ -900,6 +885,16 @@ class Database {
         }
     }
 
+    fun ensureRecycleBinExists(resources: Resources) {
+        mDatabaseKDB?.ensureBackupExists()
+        mDatabaseKDBX?.ensureRecycleBinExists(resources)
+    }
+
+    fun removeRecycleBin() {
+        // Don't allow remove backup in KDB
+        mDatabaseKDBX?.removeRecycleBin()
+    }
+
     fun canRecycle(entry: Entry): Boolean {
         var canRecycle: Boolean? = null
         entry.entryKDB?.let {

app/src/main/java/com/kunzisoft/keepass/database/element/Entry.kt

@@ -21,7 +21,7 @@ package com.kunzisoft.keepass.database.element
 
 import android.os.Parcel
 import android.os.Parcelable
-import com.kunzisoft.keepass.database.element.database.AttachmentPool
+import com.kunzisoft.keepass.database.element.binary.AttachmentPool
 import com.kunzisoft.keepass.database.element.database.DatabaseKDBX
 import com.kunzisoft.keepass.database.element.entry.EntryKDB
 import com.kunzisoft.keepass.database.element.entry.EntryKDBX
@@ -311,7 +311,7 @@ class Entry : Node, EntryVersionedInterface<Group> {
 
     fun getAttachments(attachmentPool: AttachmentPool, inHistory: Boolean = false): List<Attachment> {
         val attachments = ArrayList<Attachment>()
-        entryKDB?.getAttachment()?.let {
+        entryKDB?.getAttachment(attachmentPool)?.let {
             attachments.add(it)
         }
         entryKDBX?.getAttachments(attachmentPool, inHistory)?.let {
@@ -336,7 +336,7 @@ class Entry : Node, EntryVersionedInterface<Group> {
     }
 
     private fun putAttachment(attachment: Attachment, attachmentPool: AttachmentPool) {
-        entryKDB?.putAttachment(attachment)
+        entryKDB?.putAttachment(attachment, attachmentPool)
         entryKDBX?.putAttachment(attachment, attachmentPool)
     }
 
@@ -466,16 +466,7 @@ class Entry : Node, EntryVersionedInterface<Group> {
         return result
     }
 
-
+    companion object {
-    companion object CREATOR : Parcelable.Creator<Entry> {
-        override fun createFromParcel(parcel: Parcel): Entry {
-            return Entry(parcel)
-        }
-
-        override fun newArray(size: Int): Array<Entry?> {
-            return arrayOfNulls(size)
-        }
-
         const val PMS_TAN_ENTRY = "<TAN>"
 
         /**
@@ -484,5 +475,16 @@ class Entry : Node, EntryVersionedInterface<Group> {
         fun newExtraFieldNameAllowed(field: Field): Boolean {
             return EntryKDBX.newCustomNameAllowed(field.name)
         }
+
+        @JvmField
+        val CREATOR: Parcelable.Creator<Entry> = object : Parcelable.Creator<Entry> {
+            override fun createFromParcel(parcel: Parcel): Entry {
+                return Entry(parcel)
+            }
+
+            override fun newArray(size: Int): Array<Entry?> {
+                return arrayOfNulls(size)
+            }
+        }
     }
 }

app/src/main/java/com/kunzisoft/keepass/database/element/Group.kt

@@ -368,14 +368,6 @@ class Group : Node, GroupVersionedInterface<Group, Entry> {
         groupKDB?.nodeId = id
     }
 
-    fun getLevel(): Int {
-        return groupKDB?.level ?: -1
-    }
-
-    fun setLevel(level: Int) {
-        groupKDB?.level = level
-    }
-
     /*
       ------------
       KDBX Methods

app/src/main/java/com/kunzisoft/keepass/database/element/binary/AttachmentPool.kt

@@ -17,9 +17,9 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.database.element.database
+package com.kunzisoft.keepass.database.element.binary
 
-class AttachmentPool : BinaryPool<Int>() {
+class AttachmentPool(binaryCache: BinaryCache) : BinaryPool<Int>(binaryCache) {
 
     /**
      * Utility method to find an unused key in the pool

app/src/main/java/com/kunzisoft/keepass/database/element/binary/BinaryByte.kt

@@ -17,51 +17,62 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.database.element.database
+package com.kunzisoft.keepass.database.element.binary
 
 import android.os.Parcel
 import android.os.Parcelable
-import com.kunzisoft.keepass.database.element.Database
+import android.util.Base64
-import com.kunzisoft.keepass.stream.readAllBytes
+import android.util.Base64InputStream
+import android.util.Base64OutputStream
+import com.kunzisoft.keepass.utils.readAllBytes
+import com.kunzisoft.keepass.database.element.binary.BinaryCache.Companion.UNKNOWN
 import java.io.*
 import java.util.zip.GZIPOutputStream
 
 class BinaryByte : BinaryData {
 
-    private var mDataByte: ByteArray = ByteArray(0)
+    private var mDataByteId: String
 
-    /**
+    private fun getByteArray(binaryCache: BinaryCache): ByteArray {
-     * Empty protected binary
+        val keyData = binaryCache.getByteArray(mDataByteId)
-     */
+        mDataByteId = keyData.key
-    constructor() : super()
+        return keyData.data
+    }
 
-    constructor(byteArray: ByteArray,
+    constructor() : super() {
+        mDataByteId = UNKNOWN
+    }
+
+    constructor(id: String,
                 compressed: Boolean = false,
                 protected: Boolean = false) : super(compressed, protected) {
-        this.mDataByte = byteArray
+        mDataByteId = id
     }
 
     constructor(parcel: Parcel) : super(parcel) {
-        val byteArray = ByteArray(parcel.readInt())
+        mDataByteId = parcel.readString() ?: UNKNOWN
-        parcel.readByteArray(byteArray)
+    }
-        mDataByte = byteArray
+
+    override fun writeToParcel(dest: Parcel, flags: Int) {
+        super.writeToParcel(dest, flags)
+        dest.writeString(mDataByteId)
     }
 
     @Throws(IOException::class)
-    override fun getInputDataStream(cipherKey: Database.LoadedKey): InputStream {
+    override fun getInputDataStream(binaryCache: BinaryCache): InputStream {
-        return ByteArrayInputStream(mDataByte)
+        return Base64InputStream(ByteArrayInputStream(getByteArray(binaryCache)), Base64.NO_WRAP)
     }
 
     @Throws(IOException::class)
-    override fun getOutputDataStream(cipherKey: Database.LoadedKey): OutputStream {
+    override fun getOutputDataStream(binaryCache: BinaryCache): OutputStream {
-        return ByteOutputStream()
+        return BinaryCountingOutputStream(Base64OutputStream(ByteOutputStream(binaryCache), Base64.NO_WRAP))
     }
 
     @Throws(IOException::class)
-    override fun compress(cipherKey: Database.LoadedKey) {
+    override fun compress(binaryCache: BinaryCache) {
         if (!isCompressed) {
-            GZIPOutputStream(getOutputDataStream(cipherKey)).use { outputStream ->
+            GZIPOutputStream(getOutputDataStream(binaryCache)).use { outputStream ->
-                getInputDataStream(cipherKey).use { inputStream ->
+                getInputDataStream(binaryCache).use { inputStream ->
                     inputStream.readAllBytes { buffer ->
                         outputStream.write(buffer)
                     }
@@ -72,10 +83,10 @@ class BinaryByte : BinaryData {
     }
 
     @Throws(IOException::class)
-    override fun decompress(cipherKey: Database.LoadedKey) {
+    override fun decompress(binaryCache: BinaryCache) {
         if (isCompressed) {
-            getUnGzipInputDataStream(cipherKey).use { inputStream ->
+            getUnGzipInputDataStream(binaryCache).use { inputStream ->
-                getOutputDataStream(cipherKey).use { outputStream ->
+                getOutputDataStream(binaryCache).use { outputStream ->
                     inputStream.readAllBytes { buffer ->
                         outputStream.write(buffer)
                     }
@@ -86,36 +97,8 @@ class BinaryByte : BinaryData {
     }
 
     @Throws(IOException::class)
-    override fun clear() {
+    override fun clear(binaryCache: BinaryCache) {
-        mDataByte = ByteArray(0)
+        binaryCache.removeByteArray(mDataByteId)
-    }
-
-    override fun dataExists(): Boolean {
-        return mDataByte.isNotEmpty()
-    }
-
-    override fun getSize(): Long {
-        return mDataByte.size.toLong()
-    }
-
-    /**
-     * Hash of the raw encrypted file in temp folder, only to compare binary data
-     */
-    override fun binaryHash(): Int {
-        return if (dataExists())
-            mDataByte.contentHashCode()
-        else
-            0
-    }
-
-    override fun toString(): String {
-        return mDataByte.toString()
-    }
-
-    override fun writeToParcel(dest: Parcel, flags: Int) {
-        super.writeToParcel(dest, flags)
-        dest.writeInt(mDataByte.size)
-        dest.writeByteArray(mDataByte)
     }
 
     override fun equals(other: Any?): Boolean {
@@ -123,31 +106,29 @@ class BinaryByte : BinaryData {
         if (other !is BinaryByte) return false
         if (!super.equals(other)) return false
 
-        if (!mDataByte.contentEquals(other.mDataByte)) return false
+        if (mDataByteId != other.mDataByteId) return false
 
         return true
     }
 
     override fun hashCode(): Int {
         var result = super.hashCode()
-        result = 31 * result + mDataByte.contentHashCode()
+        result = 31 * result + mDataByteId.hashCode()
         return result
     }
 
     /**
      * Custom OutputStream to calculate the size and hash of binary file
      */
-    private inner class ByteOutputStream : ByteArrayOutputStream() {
+    private inner class ByteOutputStream(private val binaryCache: BinaryCache) : ByteArrayOutputStream() {
         override fun close() {
-            mDataByte = this.toByteArray()
+            binaryCache.setByteArray(mDataByteId, this.toByteArray())
             super.close()
         }
     }
 
     companion object {
-
         private val TAG = BinaryByte::class.java.name
-        const val MAX_BINARY_BYTES = 10240
 
         @JvmField
         val CREATOR: Parcelable.Creator<BinaryByte> = object : Parcelable.Creator<BinaryByte> {

app/src/main/java/com/kunzisoft/keepass/database/element/binary/BinaryCache.kt

@@ -0,0 +1,82 @@
+package com.kunzisoft.keepass.database.element.binary
+
+import java.io.File
+import java.util.*
+
+class BinaryCache {
+
+    /**
+     * Cipher key generated when the database is loaded, and destroyed when the database is closed
+     * Can be used to temporarily store database elements
+     */
+    var loadedCipherKey: LoadedKey = LoadedKey.generateNewCipherKey()
+
+    var cacheDirectory: File? = null
+
+    private val voidBinary = KeyByteArray(UNKNOWN, ByteArray(0))
+
+    fun getBinaryData(binaryId: String,
+                      smallSize: Boolean = false,
+                      compression: Boolean = false,
+                      protection: Boolean = false): BinaryData {
+        val cacheDir = cacheDirectory
+        return if (smallSize || cacheDir == null) {
+            BinaryByte(binaryId, compression, protection)
+        } else {
+            val fileInCache = File(cacheDir, binaryId)
+            BinaryFile(fileInCache, compression, protection)
+        }
+    }
+
+    // Similar to file storage but much faster TODO SparseArray
+    private val byteArrayList = HashMap<String, ByteArray>()
+
+    fun getByteArray(key: String): KeyByteArray {
+        if (key == UNKNOWN) {
+            return voidBinary
+        }
+        if (!byteArrayList.containsKey(key)) {
+            val newItem = KeyByteArray(key, ByteArray(0))
+            byteArrayList[newItem.key] = newItem.data
+            return newItem
+        }
+        return KeyByteArray(key, byteArrayList[key]!!)
+    }
+
+    fun setByteArray(key: String, data: ByteArray): KeyByteArray {
+        if (key == UNKNOWN) {
+            return voidBinary
+        }
+        byteArrayList[key] = data
+        return KeyByteArray(key, data)
+    }
+
+    fun removeByteArray(key: String?) {
+        key?.let {
+            byteArrayList.remove(it)
+        }
+    }
+
+    fun clear() {
+        byteArrayList.clear()
+    }
+
+    companion object {
+        const val UNKNOWN = "UNKNOWN"
+    }
+
+    data class KeyByteArray(val key: String, val data: ByteArray) {
+        override fun equals(other: Any?): Boolean {
+            if (this === other) return true
+            if (other !is KeyByteArray) return false
+
+            if (key != other.key) return false
+
+            return true
+        }
+
+        override fun hashCode(): Int {
+            return key.hashCode()
+        }
+    }
+}

app/src/main/java/com/kunzisoft/keepass/database/element/binary/BinaryData.kt

@@ -0,0 +1,192 @@
+/*
+ * Copyright 2018 Jeremy Jamet / Kunzisoft.
+ *     
+ * This file is part of KeePassDX.
+ *
+ *  KeePassDX is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  KeePassDX is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+package com.kunzisoft.keepass.database.element.binary
+
+import android.app.ActivityManager
+import android.content.Context
+import android.os.Parcel
+import android.os.Parcelable
+import org.apache.commons.io.output.CountingOutputStream
+import java.io.IOException
+import java.io.InputStream
+import java.io.OutputStream
+import java.nio.ByteBuffer
+import java.security.MessageDigest
+import java.util.zip.GZIPInputStream
+import java.util.zip.GZIPOutputStream
+
+abstract class BinaryData : Parcelable {
+
+    var isCompressed: Boolean = false
+        protected set
+    var isProtected: Boolean = false
+        protected set
+    var isCorrupted: Boolean = false
+    private var mLength: Long = 0
+    private var mBinaryHash = 0
+
+    protected constructor(compressed: Boolean = false, protected: Boolean = false) {
+        this.isCompressed = compressed
+        this.isProtected = protected
+        this.mLength = 0
+        this.mBinaryHash = 0
+    }
+
+    protected constructor(parcel: Parcel) {
+        isCompressed = parcel.readByte().toInt() != 0
+        isProtected = parcel.readByte().toInt() != 0
+        isCorrupted = parcel.readByte().toInt() != 0
+        mLength = parcel.readLong()
+        mBinaryHash = parcel.readInt()
+    }
+
+    override fun writeToParcel(dest: Parcel, flags: Int) {
+        dest.writeByte((if (isCompressed) 1 else 0).toByte())
+        dest.writeByte((if (isProtected) 1 else 0).toByte())
+        dest.writeByte((if (isCorrupted) 1 else 0).toByte())
+        dest.writeLong(mLength)
+        dest.writeInt(mBinaryHash)
+    }
+
+    @Throws(IOException::class)
+    abstract fun getInputDataStream(binaryCache: BinaryCache): InputStream
+
+    @Throws(IOException::class)
+    abstract fun getOutputDataStream(binaryCache: BinaryCache): OutputStream
+
+    @Throws(IOException::class)
+    fun getUnGzipInputDataStream(binaryCache: BinaryCache): InputStream {
+        return if (isCompressed) {
+            GZIPInputStream(getInputDataStream(binaryCache))
+        } else {
+            getInputDataStream(binaryCache)
+        }
+    }
+
+    @Throws(IOException::class)
+    fun getGzipOutputDataStream(binaryCache: BinaryCache): OutputStream {
+        return if (isCompressed) {
+            GZIPOutputStream(getOutputDataStream(binaryCache))
+        } else {
+            getOutputDataStream(binaryCache)
+        }
+    }
+
+    @Throws(IOException::class)
+    abstract fun compress(binaryCache: BinaryCache)
+
+    @Throws(IOException::class)
+    abstract fun decompress(binaryCache: BinaryCache)
+
+    @Throws(IOException::class)
+    fun dataExists(): Boolean {
+        return mLength > 0
+    }
+
+    @Throws(IOException::class)
+    fun getSize(): Long {
+        return mLength
+    }
+
+    @Throws(IOException::class)
+    fun binaryHash(): Int {
+        return mBinaryHash
+    }
+
+    @Throws(IOException::class)
+    abstract fun clear(binaryCache: BinaryCache)
+
+    override fun describeContents(): Int {
+        return 0
+    }
+
+    override fun equals(other: Any?): Boolean {
+        if (this === other) return true
+        if (other !is BinaryData) return false
+
+        if (isCompressed != other.isCompressed) return false
+        if (isProtected != other.isProtected) return false
+        if (isCorrupted != other.isCorrupted) return false
+
+        return true
+    }
+
+    override fun hashCode(): Int {
+        var result = isCompressed.hashCode()
+        result = 31 * result + isProtected.hashCode()
+        result = 31 * result + isCorrupted.hashCode()
+        result = 31 * result + mLength.hashCode()
+        result = 31 * result + mBinaryHash
+        return result
+    }
+
+
+    /**
+     * Custom OutputStream to calculate the size and hash of binary file
+     */
+    protected inner class BinaryCountingOutputStream(out: OutputStream): CountingOutputStream(out) {
+
+        private val mMessageDigest: MessageDigest
+        init {
+            mLength = 0
+            mMessageDigest = MessageDigest.getInstance("MD5")
+            mBinaryHash = 0
+        }
+
+        override fun beforeWrite(n: Int) {
+            super.beforeWrite(n)
+            mLength = byteCount
+        }
+
+        override fun write(idx: Int) {
+            super.write(idx)
+            mMessageDigest.update(idx.toByte())
+        }
+
+        override fun write(bts: ByteArray) {
+            super.write(bts)
+            mMessageDigest.update(bts)
+        }
+
+        override fun write(bts: ByteArray, st: Int, end: Int) {
+            super.write(bts, st, end)
+            mMessageDigest.update(bts, st, end)
+        }
+
+        override fun close() {
+            super.close()
+            mLength = byteCount
+            val bytes = mMessageDigest.digest()
+            mBinaryHash = ByteBuffer.wrap(bytes).int
+        }
+    }
+
+    companion object {
+        private val TAG = BinaryData::class.java.name
+
+        fun canMemoryBeAllocatedInRAM(context: Context, memoryWanted: Long): Boolean {
+            val memoryInfo = ActivityManager.MemoryInfo()
+            (context.getSystemService(Context.ACTIVITY_SERVICE) as ActivityManager).getMemoryInfo(memoryInfo)
+            val availableMemory = memoryInfo.availMem
+            return availableMemory > memoryWanted * 3
+        }
+    }
+
+}

app/src/main/java/com/kunzisoft/keepass/database/element/binary/BinaryFile.kt

@@ -17,19 +17,15 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.database.element.database
+package com.kunzisoft.keepass.database.element.binary
 
 import android.os.Parcel
 import android.os.Parcelable
 import android.util.Base64
 import android.util.Base64InputStream
 import android.util.Base64OutputStream
-import com.kunzisoft.keepass.database.element.Database
+import com.kunzisoft.keepass.utils.readAllBytes
-import com.kunzisoft.keepass.stream.readAllBytes
-import org.apache.commons.io.output.CountingOutputStream
 import java.io.*
-import java.nio.ByteBuffer
-import java.security.MessageDigest
 import java.util.zip.GZIPOutputStream
 import javax.crypto.Cipher
 import javax.crypto.CipherInputStream
@@ -39,44 +35,43 @@ import javax.crypto.spec.IvParameterSpec
 class BinaryFile : BinaryData {
 
     private var mDataFile: File? = null
-    private var mLength: Long = 0
+
-    private var mBinaryHash = 0
     // Cipher to encrypt temp file
     @Transient
-    private var cipherEncryption: Cipher = Cipher.getInstance(Database.LoadedKey.BINARY_CIPHER)
+    private var cipherEncryption: Cipher = Cipher.getInstance(LoadedKey.BINARY_CIPHER)
     @Transient
-    private var cipherDecryption: Cipher = Cipher.getInstance(Database.LoadedKey.BINARY_CIPHER)
+    private var cipherDecryption: Cipher = Cipher.getInstance(LoadedKey.BINARY_CIPHER)
-
-    constructor() : super()
 
     constructor(dataFile: File,
                 compressed: Boolean = false,
                 protected: Boolean = false) : super(compressed, protected) {
         this.mDataFile = dataFile
-        this.mLength = 0
-        this.mBinaryHash = 0
     }
 
     constructor(parcel: Parcel) : super(parcel) {
         parcel.readString()?.let {
             mDataFile = File(it)
         }
-        mLength = parcel.readLong()
+    }
-        mBinaryHash = parcel.readInt()
+
+    override fun writeToParcel(dest: Parcel, flags: Int) {
+        super.writeToParcel(dest, flags)
+        dest.writeString(mDataFile?.absolutePath)
     }
 
     @Throws(IOException::class)
-    override fun getInputDataStream(cipherKey: Database.LoadedKey): InputStream {
+    override fun getInputDataStream(binaryCache: BinaryCache): InputStream {
-        return buildInputStream(mDataFile, cipherKey)
+        return buildInputStream(mDataFile, binaryCache)
     }
 
     @Throws(IOException::class)
-    override fun getOutputDataStream(cipherKey: Database.LoadedKey): OutputStream {
+    override fun getOutputDataStream(binaryCache: BinaryCache): OutputStream {
-        return buildOutputStream(mDataFile, cipherKey)
+        return buildOutputStream(mDataFile, binaryCache)
     }
 
     @Throws(IOException::class)
-    private fun buildInputStream(file: File?, cipherKey: Database.LoadedKey): InputStream {
+    private fun buildInputStream(file: File?, binaryCache: BinaryCache): InputStream {
+        val cipherKey = binaryCache.loadedCipherKey
         return when {
             file != null && file.length() > 0 -> {
                 cipherDecryption.init(Cipher.DECRYPT_MODE, cipherKey.key, IvParameterSpec(cipherKey.iv))
@@ -87,7 +82,8 @@ class BinaryFile : BinaryData {
     }
 
     @Throws(IOException::class)
-    private fun buildOutputStream(file: File?, cipherKey: Database.LoadedKey): OutputStream {
+    private fun buildOutputStream(file: File?, binaryCache: BinaryCache): OutputStream {
+        val cipherKey = binaryCache.loadedCipherKey
         return when {
             file != null -> {
                 cipherEncryption.init(Cipher.ENCRYPT_MODE, cipherKey.key, IvParameterSpec(cipherKey.iv))
@@ -98,14 +94,14 @@ class BinaryFile : BinaryData {
     }
 
     @Throws(IOException::class)
-    override fun compress(cipherKey: Database.LoadedKey) {
+    override fun compress(binaryCache: BinaryCache) {
         mDataFile?.let { concreteDataFile ->
             // To compress, create a new binary with file
             if (!isCompressed) {
                 // Encrypt the new gzipped temp file
                 val fileBinaryCompress = File(concreteDataFile.parent, concreteDataFile.name + "_temp")
-                getInputDataStream(cipherKey).use { inputStream ->
+                getInputDataStream(binaryCache).use { inputStream ->
-                    GZIPOutputStream(buildOutputStream(fileBinaryCompress, cipherKey)).use { outputStream ->
+                    GZIPOutputStream(buildOutputStream(fileBinaryCompress, binaryCache)).use { outputStream ->
                         inputStream.readAllBytes { buffer ->
                             outputStream.write(buffer)
                         }
@@ -123,13 +119,13 @@ class BinaryFile : BinaryData {
     }
 
     @Throws(IOException::class)
-    override fun decompress(cipherKey: Database.LoadedKey) {
+    override fun decompress(binaryCache: BinaryCache) {
         mDataFile?.let { concreteDataFile ->
             if (isCompressed) {
                 // Encrypt the new ungzipped temp file
                 val fileBinaryDecompress = File(concreteDataFile.parent, concreteDataFile.name + "_temp")
-                getUnGzipInputDataStream(cipherKey).use { inputStream ->
+                getUnGzipInputDataStream(binaryCache).use { inputStream ->
-                    buildOutputStream(fileBinaryDecompress, cipherKey).use { outputStream ->
+                    buildOutputStream(fileBinaryDecompress, binaryCache).use { outputStream ->
                         inputStream.readAllBytes { buffer ->
                             outputStream.write(buffer)
                         }
@@ -146,39 +142,15 @@ class BinaryFile : BinaryData {
         }
     }
 
-    @Throws(IOException::class)
+    override fun clear(binaryCache: BinaryCache) {
-    override fun clear() {
         if (mDataFile != null && !mDataFile!!.delete())
             throw IOException("Unable to delete temp file " + mDataFile!!.absolutePath)
     }
 
-    override fun dataExists(): Boolean {
-        return mDataFile != null && mLength > 0
-    }
-
-    override fun getSize(): Long {
-        return mLength
-    }
-
-    /**
-     * Hash of the raw encrypted file in temp folder, only to compare binary data
-     */
-    @Throws(FileNotFoundException::class)
-    override fun binaryHash(): Int {
-        return mBinaryHash
-    }
-
     override fun toString(): String {
         return mDataFile.toString()
     }
 
-    override fun writeToParcel(dest: Parcel, flags: Int) {
-        super.writeToParcel(dest, flags)
-        dest.writeString(mDataFile?.absolutePath)
-        dest.writeLong(mLength)
-        dest.writeInt(mBinaryHash)
-    }
-
     override fun equals(other: Any?): Boolean {
         if (this === other) return true
         if (other !is BinaryFile) return false
@@ -190,53 +162,10 @@ class BinaryFile : BinaryData {
     override fun hashCode(): Int {
         var result = super.hashCode()
         result = 31 * result + (mDataFile?.hashCode() ?: 0)
-        result = 31 * result + mLength.hashCode()
-        result = 31 * result + mBinaryHash
         return result
     }
 
-    /**
-     * Custom OutputStream to calculate the size and hash of binary file
-     */
-    private inner class BinaryCountingOutputStream(out: OutputStream): CountingOutputStream(out) {
-
-        private val mMessageDigest: MessageDigest
-        init {
-            mLength = 0
-            mMessageDigest = MessageDigest.getInstance("MD5")
-            mBinaryHash = 0
-        }
-
-        override fun beforeWrite(n: Int) {
-            super.beforeWrite(n)
-            mLength = byteCount
-        }
-
-        override fun write(idx: Int) {
-            super.write(idx)
-            mMessageDigest.update(idx.toByte())
-        }
-
-        override fun write(bts: ByteArray) {
-            super.write(bts)
-            mMessageDigest.update(bts)
-        }
-
-        override fun write(bts: ByteArray, st: Int, end: Int) {
-            super.write(bts, st, end)
-            mMessageDigest.update(bts, st, end)
-        }
-
-        override fun close() {
-            super.close()
-            mLength = byteCount
-            val bytes = mMessageDigest.digest()
-            mBinaryHash = ByteBuffer.wrap(bytes).int
-        }
-    }
-
     companion object {
-
         private val TAG = BinaryFile::class.java.name
 
         @JvmField

app/src/main/java/com/kunzisoft/keepass/database/element/binary/BinaryPool.kt

@@ -17,20 +17,19 @@
  *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-package com.kunzisoft.keepass.database.element.database
+package com.kunzisoft.keepass.database.element.binary
 
 import android.util.Log
-import java.io.File
 import java.io.IOException
 import kotlin.math.abs
 
-abstract class BinaryPool<T> {
+abstract class BinaryPool<T>(private val mBinaryCache: BinaryCache) {
 
     protected val pool = LinkedHashMap<T, BinaryData>()
 
     // To build unique file id
-    private var creationId: String = System.currentTimeMillis().toString()
+    private var creationId: Long = System.currentTimeMillis()
-    private var poolId: String = abs(javaClass.simpleName.hashCode()).toString()
+    private var poolId: Int = abs(javaClass.simpleName.hashCode())
     private var binaryFileIncrement = 0L
 
     /**
@@ -196,7 +195,7 @@ abstract class BinaryPool<T> {
      * Different from doForEach, provide an ordered index to each binary
      */
     private fun doForEachBinaryWithoutDuplication(action: (keyBinary: KeyBinary<T>) -> Unit,
-                                          conditionToAdd: (binary: BinaryData) -> Boolean) {
+                                                  conditionToAdd: (binary: BinaryData) -> Boolean) {
         orderedBinariesWithoutDuplication(conditionToAdd).forEach { keyBinary ->
             action.invoke(keyBinary)
         }
@@ -227,7 +226,7 @@ abstract class BinaryPool<T> {
     @Throws(IOException::class)
     fun clear() {
         doForEachBinary { _, binary ->
-            binary.clear()
+            binary.clear(mBinaryCache)
         }
         pool.clear()
     }

app/src/main/java/com/kunzisoft/keepass/database/element/binary/CustomIconPool.kt

@@ -1,8 +1,8 @@
-package com.kunzisoft.keepass.database.element.database
+package com.kunzisoft.keepass.database.element.binary
 
 import java.util.*
 
-class CustomIconPool : BinaryPool<UUID>() {
+class CustomIconPool(binaryCache: BinaryCache) : BinaryPool<UUID>(binaryCache) {
 
     override fun findUnusedKey(): UUID {
         var newUUID = UUID.randomUUID()

app/src/main/java/com/kunzisoft/keepass/database/element/binary/LoadedKey.kt

@@ -0,0 +1,18 @@
+package com.kunzisoft.keepass.database.element.binary
+
+import java.io.Serializable
+import java.security.Key
+import java.security.SecureRandom
+import javax.crypto.KeyGenerator
+
+class LoadedKey(val key: Key, val iv: ByteArray): Serializable {
+    companion object {
+        const val BINARY_CIPHER = "Blowfish/CBC/PKCS5Padding"
+
+        fun generateNewCipherKey(): LoadedKey {
+            val iv = ByteArray(8)
+            SecureRandom().nextBytes(iv)
+            return LoadedKey(KeyGenerator.getInstance("Blowfish").generateKey(), iv)
+        }
+    }
+}

app/src/main/java/com/kunzisoft/keepass/database/element/database/BinaryData.kt

@@ -1,126 +0,0 @@
-/*
- * Copyright 2018 Jeremy Jamet / Kunzisoft.
- *     
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.database.element.database
-
-import android.os.Parcel
-import android.os.Parcelable
-import com.kunzisoft.keepass.database.element.Database
-import java.io.IOException
-import java.io.InputStream
-import java.io.OutputStream
-import java.util.zip.GZIPInputStream
-import java.util.zip.GZIPOutputStream
-
-abstract class BinaryData : Parcelable {
-
-    var isCompressed: Boolean = false
-        protected set
-    var isProtected: Boolean = false
-        protected set
-    var isCorrupted: Boolean = false
-
-    /**
-     * Empty protected binary
-     */
-    protected constructor()
-
-    protected constructor(compressed: Boolean = false, protected: Boolean = false) {
-        this.isCompressed = compressed
-        this.isProtected = protected
-    }
-
-    protected constructor(parcel: Parcel) {
-        isCompressed = parcel.readByte().toInt() != 0
-        isProtected = parcel.readByte().toInt() != 0
-        isCorrupted = parcel.readByte().toInt() != 0
-    }
-
-    @Throws(IOException::class)
-    abstract fun getInputDataStream(cipherKey: Database.LoadedKey): InputStream
-
-    @Throws(IOException::class)
-    abstract fun getOutputDataStream(cipherKey: Database.LoadedKey): OutputStream
-
-    @Throws(IOException::class)
-    fun getUnGzipInputDataStream(cipherKey: Database.LoadedKey): InputStream {
-        return if (isCompressed) {
-            GZIPInputStream(getInputDataStream(cipherKey))
-        } else {
-            getInputDataStream(cipherKey)
-        }
-    }
-
-    @Throws(IOException::class)
-    fun getGzipOutputDataStream(cipherKey: Database.LoadedKey): OutputStream {
-        return if (isCompressed) {
-            GZIPOutputStream(getOutputDataStream(cipherKey))
-        } else {
-            getOutputDataStream(cipherKey)
-        }
-    }
-
-    @Throws(IOException::class)
-    abstract fun compress(cipherKey: Database.LoadedKey)
-
-    @Throws(IOException::class)
-    abstract fun decompress(cipherKey: Database.LoadedKey)
-
-    @Throws(IOException::class)
-    abstract fun clear()
-
-    abstract fun dataExists(): Boolean
-
-    abstract fun getSize(): Long
-
-    abstract fun binaryHash(): Int
-
-    override fun describeContents(): Int {
-        return 0
-    }
-
-    override fun writeToParcel(dest: Parcel, flags: Int) {
-        dest.writeByte((if (isCompressed) 1 else 0).toByte())
-        dest.writeByte((if (isProtected) 1 else 0).toByte())
-        dest.writeByte((if (isCorrupted) 1 else 0).toByte())
-    }
-
-    override fun equals(other: Any?): Boolean {
-        if (this === other) return true
-        if (other !is BinaryData) return false
-
-        if (isCompressed != other.isCompressed) return false
-        if (isProtected != other.isProtected) return false
-        if (isCorrupted != other.isCorrupted) return false
-
-        return true
-    }
-
-    override fun hashCode(): Int {
-        var result = isCompressed.hashCode()
-        result = 31 * result + isProtected.hashCode()
-        result = 31 * result + isCorrupted.hashCode()
-        return result
-    }
-
-    companion object {
-        private val TAG = BinaryData::class.java.name
-    }
-
-}

app/src/main/java/com/kunzisoft/keepass/database/element/database/DatabaseKDB.kt

@@ -19,35 +19,27 @@
 
 package com.kunzisoft.keepass.database.element.database
 
-import com.kunzisoft.keepass.crypto.finalkey.AESKeyTransformerFactory
+import com.kunzisoft.encrypt.HashManager
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfEngine
+import com.kunzisoft.encrypt.aes.AESTransformer
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfFactory
+import com.kunzisoft.keepass.database.crypto.EncryptionAlgorithm
+import com.kunzisoft.keepass.database.crypto.kdf.KdfEngine
+import com.kunzisoft.keepass.database.crypto.kdf.KdfFactory
+import com.kunzisoft.keepass.database.element.binary.BinaryData
 import com.kunzisoft.keepass.database.element.entry.EntryKDB
 import com.kunzisoft.keepass.database.element.group.GroupKDB
 import com.kunzisoft.keepass.database.element.icon.IconImageStandard
 import com.kunzisoft.keepass.database.element.node.NodeIdInt
 import com.kunzisoft.keepass.database.element.node.NodeIdUUID
 import com.kunzisoft.keepass.database.element.node.NodeVersioned
-import com.kunzisoft.keepass.database.element.security.EncryptionAlgorithm
-import com.kunzisoft.keepass.stream.NullOutputStream
-import java.io.File
 import java.io.IOException
 import java.io.InputStream
-import java.security.DigestOutputStream
-import java.security.MessageDigest
-import java.security.NoSuchAlgorithmException
 import java.util.*
 import kotlin.collections.ArrayList
 
 class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
 
-    private var backupGroupId: Int = BACKUP_FOLDER_UNDEFINED_ID
-
     private var kdfListV3: MutableList<KdfEngine> = ArrayList()
 
-    // Only to generate unique file name
-    private var binaryPool = AttachmentPool()
-
     override val version: String
         get() = "KeePass 1"
 
@@ -61,13 +53,14 @@ class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
         return getGroupById(NodeIdInt(groupId))
     }
 
-    // Retrieve backup group in index
     val backupGroup: GroupKDB?
         get() {
-            return if (backupGroupId == BACKUP_FOLDER_UNDEFINED_ID)
+            return retrieveBackup()
-                null
+        }
-            else
+
-                getGroupById(backupGroupId)
+    val groupNamesNotAllowed: List<String>
+        get() {
+            return listOf(BACKUP_FOLDER_TITLE)
         }
 
     override val kdfEngine: KdfEngine
@@ -80,17 +73,13 @@ class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
         get() {
             val list = ArrayList<EncryptionAlgorithm>()
             list.add(EncryptionAlgorithm.AESRijndael)
+            list.add(EncryptionAlgorithm.Twofish)
             return list
         }
 
     val rootGroups: List<GroupKDB>
         get() {
-            val kids = ArrayList<GroupKDB>()
+            return rootGroup?.getChildGroups() ?: ArrayList()
-            doForEachGroupInIndex { group ->
-                if (group.level == 0)
-                    kids.add(group)
-            }
-            return kids
         }
 
     override val passwordEncoding: String
@@ -145,24 +134,11 @@ class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
     }
 
     @Throws(IOException::class)
-    fun makeFinalKey(masterSeed: ByteArray, masterSeed2: ByteArray, numRounds: Long) {
+    fun makeFinalKey(masterSeed: ByteArray, transformSeed: ByteArray, numRounds: Long) {
-
-        // Write checksum Checksum
-        val messageDigest: MessageDigest
-        try {
-            messageDigest = MessageDigest.getInstance("SHA-256")
-        } catch (e: NoSuchAlgorithmException) {
-            throw IOException("SHA-256 not implemented here.")
-        }
-
-        val nos = NullOutputStream()
-        val dos = DigestOutputStream(nos, messageDigest)
-
         // Encrypt the master key a few times to make brute-force key-search harder
-        dos.write(masterSeed)
+        val transformedKey = AESTransformer.transformKey(transformSeed, masterKey, numRounds) ?: ByteArray(0)
-        dos.write(AESKeyTransformerFactory.transformMasterKey(masterSeed2, masterKey, numRounds) ?: ByteArray(0))
+        // Write checksum Checksum
-
+        finalKey = HashManager.hashSha256(masterSeed, transformedKey)
-        finalKey = messageDigest.digest()
     }
 
     override fun createGroup(): GroupKDB {
@@ -187,21 +163,14 @@ class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
 
     override fun isInRecycleBin(group: GroupKDB): Boolean {
         var currentGroup: GroupKDB? = group
+        val currentBackupGroup = backupGroup ?: return false
 
-        // Init backup group variable
+        if (currentGroup == currentBackupGroup)
-        if (backupGroupId == BACKUP_FOLDER_UNDEFINED_ID)
-            findBackupGroupId()
-
-        if (backupGroup == null)
-            return false
-
-        if (currentGroup == backupGroup)
             return true
 
+        val backupGroupId = currentBackupGroup.id
         while (currentGroup != null) {
-            if (currentGroup.level == 0
+            if (backupGroupId == currentGroup.id) {
-                    && currentGroup.title.equals(BACKUP_FOLDER_TITLE, ignoreCase = true)) {
-                backupGroupId = currentGroup.id
                 return true
             }
             currentGroup = currentGroup.parent
@@ -209,12 +178,12 @@ class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
         return false
     }
 
-    private fun findBackupGroupId() {
+    /**
-        rootGroups.forEach { currentGroup ->
+     * Retrieve backup group with his name
-            if (currentGroup.level == 0
+     */
-                    && currentGroup.title.equals(BACKUP_FOLDER_TITLE, ignoreCase = true)) {
+    private fun retrieveBackup(): GroupKDB? {
-                backupGroupId = currentGroup.id
+        return rootGroup?.searchChildGroup {
-            }
+            it.title.equals(BACKUP_FOLDER_TITLE, ignoreCase = true)
         }
     }
 
@@ -223,8 +192,6 @@ class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
      * if it doesn't exist
      */
     fun ensureBackupExists() {
-        findBackupGroupId()
-
         if (backupGroup == null) {
             // Create recycle bin
             val recycleBinGroup = createGroup().apply {
@@ -232,7 +199,6 @@ class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
                 icon.standard = getStandardIcon(IconImageStandard.TRASH_ID)
             }
             addGroupTo(recycleBinGroup, rootGroup)
-            backupGroupId = recycleBinGroup.id
         }
     }
 
@@ -275,11 +241,10 @@ class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
         addEntryTo(entry, origParent)
     }
 
-    fun buildNewAttachment(cacheDirectory: File): BinaryData {
+    fun buildNewAttachment(): BinaryData {
         // Generate an unique new file
-        return binaryPool.put { uniqueBinaryId ->
+        return attachmentPool.put { uniqueBinaryId ->
-            val fileInCache = File(cacheDirectory, uniqueBinaryId)
+            binaryCache.getBinaryData(uniqueBinaryId, false)
-            BinaryFile(fileInCache)
         }.binary
     }
 
@@ -287,6 +252,5 @@ class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
         val TYPE = DatabaseKDB::class.java
 
         const val BACKUP_FOLDER_TITLE = "Backup"
-        private const val BACKUP_FOLDER_UNDEFINED_ID = -1
     }
 }

app/src/main/java/com/kunzisoft/keepass/database/element/database/DatabaseKDBX.kt

@@ -22,24 +22,27 @@ package com.kunzisoft.keepass.database.element.database
 import android.content.res.Resources
 import android.util.Base64
 import android.util.Log
+import com.kunzisoft.encrypt.HashManager
 import com.kunzisoft.keepass.R
-import com.kunzisoft.keepass.crypto.CryptoUtil
-import com.kunzisoft.keepass.crypto.engine.AesEngine
-import com.kunzisoft.keepass.crypto.engine.CipherEngine
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfEngine
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfFactory
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfParameters
 import com.kunzisoft.keepass.database.action.node.NodeHandler
+import com.kunzisoft.keepass.database.crypto.AesEngine
+import com.kunzisoft.keepass.database.crypto.CipherEngine
+import com.kunzisoft.keepass.database.crypto.EncryptionAlgorithm
+import com.kunzisoft.keepass.database.crypto.VariantDictionary
+import com.kunzisoft.keepass.database.crypto.kdf.KdfEngine
+import com.kunzisoft.keepass.database.crypto.kdf.KdfFactory
+import com.kunzisoft.keepass.database.crypto.kdf.KdfParameters
 import com.kunzisoft.keepass.database.element.DateInstant
 import com.kunzisoft.keepass.database.element.DeletedObject
+import com.kunzisoft.keepass.database.element.binary.BinaryData
 import com.kunzisoft.keepass.database.element.database.DatabaseKDB.Companion.BACKUP_FOLDER_TITLE
 import com.kunzisoft.keepass.database.element.entry.EntryKDBX
+import com.kunzisoft.keepass.database.element.entry.FieldReferencesEngine
 import com.kunzisoft.keepass.database.element.group.GroupKDBX
 import com.kunzisoft.keepass.database.element.icon.IconImageCustom
 import com.kunzisoft.keepass.database.element.icon.IconImageStandard
 import com.kunzisoft.keepass.database.element.node.NodeIdUUID
 import com.kunzisoft.keepass.database.element.node.NodeVersioned
-import com.kunzisoft.keepass.database.element.security.EncryptionAlgorithm
 import com.kunzisoft.keepass.database.element.security.MemoryProtectionConfig
 import com.kunzisoft.keepass.database.exception.UnknownKDF
 import com.kunzisoft.keepass.database.file.DatabaseHeaderKDBX.Companion.FILE_VERSION_32_3
@@ -47,31 +50,33 @@ import com.kunzisoft.keepass.database.file.DatabaseHeaderKDBX.Companion.FILE_VER
 import com.kunzisoft.keepass.utils.StringUtil.removeSpaceChars
 import com.kunzisoft.keepass.utils.StringUtil.toHexString
 import com.kunzisoft.keepass.utils.UnsignedInt
-import com.kunzisoft.keepass.utils.VariantDictionary
+import com.kunzisoft.keepass.utils.longTo8Bytes
 import org.apache.commons.codec.binary.Hex
 import org.w3c.dom.Node
-import java.io.File
 import java.io.IOException
 import java.io.InputStream
 import java.security.MessageDigest
 import java.security.NoSuchAlgorithmException
 import java.util.*
+import javax.crypto.Mac
 import javax.xml.XMLConstants
 import javax.xml.parsers.DocumentBuilderFactory
 import javax.xml.parsers.ParserConfigurationException
+import kotlin.math.min
 
 
 class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
 
     var hmacKey: ByteArray? = null
         private set
-    var dataCipher = AesEngine.CIPHER_UUID
+    var cipherUuid = EncryptionAlgorithm.AESRijndael.uuid
     private var dataEngine: CipherEngine = AesEngine()
     var compressionAlgorithm = CompressionAlgorithm.GZip
     var kdfParameters: KdfParameters? = null
     private var kdfList: MutableList<KdfEngine> = ArrayList()
     private var numKeyEncRounds: Long = 0
     var publicCustomData = VariantDictionary()
+    private val mFieldReferenceEngine = FieldReferencesEngine(this)
 
     var kdbxVersion = UnsignedInt(0)
     var name = ""
@@ -108,8 +113,6 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
     val deletedObjects = ArrayList<DeletedObject>()
     val customData = HashMap<String, String>()
 
-    var binaryPool = AttachmentPool()
-
     var localizedAppName = "KeePassDX"
 
     init {
@@ -131,7 +134,6 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
             icon.standard = getStandardIcon(IconImageStandard.FOLDER_ID)
         }
         rootGroup = group
-        addGroupIndex(group)
     }
 
     override val version: String
@@ -186,7 +188,7 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
                     }
                     CompressionAlgorithm.GZip -> {
                         // Only in databaseV3.1, in databaseV4 the header is zipped during the save
-                        if (kdbxVersion.toKotlinLong() < FILE_VERSION_32_4.toKotlinLong()) {
+                        if (kdbxVersion.isBefore(FILE_VERSION_32_4)) {
                             compressAllBinaries()
                         }
                     }
@@ -194,9 +196,7 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
             }
             CompressionAlgorithm.GZip -> {
                 // In databaseV4 the header is zipped during the save, so not necessary here
-                if (kdbxVersion.toKotlinLong() >= FILE_VERSION_32_4.toKotlinLong()) {
+                if (kdbxVersion.isBefore(FILE_VERSION_32_4)) {
-                    decompressAllBinaries()
-                } else {
                     when (newCompression) {
                         CompressionAlgorithm.None -> {
                             decompressAllBinaries()
@@ -204,18 +204,18 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
                         CompressionAlgorithm.GZip -> {
                         }
                     }
+                } else {
+                    decompressAllBinaries()
                 }
             }
         }
     }
 
     private fun compressAllBinaries() {
-        binaryPool.doForEachBinary { _, binary ->
+        attachmentPool.doForEachBinary { _, binary ->
             try {
-                val cipherKey = loadedCipherKey
-                        ?: throw IOException("Unable to retrieve cipher key to compress binaries")
                 // To compress, create a new binary with file
-                binary.compress(cipherKey)
+                binary.compress(binaryCache)
             } catch (e: Exception) {
                 Log.e(TAG, "Unable to compress $binary", e)
             }
@@ -223,11 +223,9 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
     }
 
     private fun decompressAllBinaries() {
-        binaryPool.doForEachBinary { _, binary ->
+        attachmentPool.doForEachBinary { _, binary ->
             try {
-                val cipherKey = loadedCipherKey
+                binary.decompress(binaryCache)
-                        ?: throw IOException("Unable to retrieve cipher key to decompress binaries")
-                binary.decompress(cipherKey)
             } catch (e: Exception) {
                 Log.e(TAG, "Unable to decompress $binary", e)
             }
@@ -310,17 +308,15 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
         return this.iconsManager.getIcon(iconId)
     }
 
-    fun buildNewCustomIcon(cacheDirectory: File,
+    fun buildNewCustomIcon(customIconId: UUID? = null,
-                           customIconId: UUID? = null,
                            result: (IconImageCustom, BinaryData?) -> Unit) {
-        iconsManager.buildNewCustomIcon(cacheDirectory, customIconId, result)
+        iconsManager.buildNewCustomIcon(customIconId, result)
     }
 
-    fun addCustomIcon(cacheDirectory: File,
+    fun addCustomIcon(customIconId: UUID? = null,
-                      customIconId: UUID? = null,
+                      smallSize: Boolean,
-                      dataSize: Int,
                       result: (IconImageCustom, BinaryData?) -> Unit) {
-        iconsManager.addCustomIcon(cacheDirectory, customIconId, dataSize, result)
+        iconsManager.addCustomIcon(customIconId, smallSize, result)
     }
 
     fun isCustomIconBinaryDuplicate(binary: BinaryData): Boolean {
@@ -339,6 +335,19 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
         return customData.isNotEmpty()
     }
 
+    fun getEntryByCustomData(customDataValue: String): EntryKDBX? {
+        return entryIndexes.values.find { entry ->
+            entry.customData.containsValue(customDataValue)
+        }
+    }
+
+    /**
+     * Retrieve the value of a field reference
+     */
+    fun getFieldReferenceValue(textReference: String, recursionLevel: Int): String {
+        return mFieldReferenceEngine.compile(textReference, recursionLevel)
+    }
+
     @Throws(IOException::class)
     public override fun getMasterKey(key: String?, keyInputStream: InputStream?): ByteArray {
 
@@ -352,14 +361,7 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
             masterKey = getFileKey(keyInputStream)
         }
 
-        val messageDigest: MessageDigest
+        return HashManager.hashSha256(masterKey)
-        try {
-            messageDigest = MessageDigest.getInstance("SHA-256")
-        } catch (e: NoSuchAlgorithmException) {
-            throw IOException("No SHA-256 implementation")
-        }
-
-        return messageDigest.digest(masterKey)
     }
 
     @Throws(IOException::class)
@@ -370,13 +372,13 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
 
             var transformedMasterKey = kdfEngine.transform(masterKey, keyDerivationFunctionParameters)
             if (transformedMasterKey.size != 32) {
-                transformedMasterKey = CryptoUtil.hashSha256(transformedMasterKey)
+                transformedMasterKey = HashManager.hashSha256(transformedMasterKey)
             }
 
             val cmpKey = ByteArray(65)
             System.arraycopy(masterSeed, 0, cmpKey, 0, 32)
             System.arraycopy(transformedMasterKey, 0, cmpKey, 32, 32)
-            finalKey = CryptoUtil.resizeKey(cmpKey, 0, 64, dataEngine.keyLength())
+            finalKey = resizeKey(cmpKey, dataEngine.keyLength())
 
             val messageDigest: MessageDigest
             try {
@@ -391,6 +393,47 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
         }
     }
 
+    private fun resizeKey(inBytes: ByteArray, cbOut: Int): ByteArray {
+        if (cbOut == 0) return ByteArray(0)
+
+        val messageDigest = if (cbOut <= 32) HashManager.getHash256() else HashManager.getHash512()
+        messageDigest.update(inBytes, 0, 64)
+        val hash: ByteArray = messageDigest.digest()
+
+        if (cbOut == hash.size) {
+            return hash
+        }
+
+        val ret = ByteArray(cbOut)
+        if (cbOut < hash.size) {
+            System.arraycopy(hash, 0, ret, 0, cbOut)
+        } else {
+            var pos = 0
+            var r: Long = 0
+            while (pos < cbOut) {
+                val hmac: Mac
+                try {
+                    hmac = Mac.getInstance("HmacSHA256")
+                } catch (e: NoSuchAlgorithmException) {
+                    throw RuntimeException(e)
+                }
+
+                val pbR = longTo8Bytes(r)
+                val part = hmac.doFinal(pbR)
+
+                val copy = min(cbOut - pos, part.size)
+                System.arraycopy(part, 0, ret, pos, copy)
+                pos += copy
+                r++
+
+                Arrays.fill(part, 0.toByte())
+            }
+        }
+
+        Arrays.fill(hash, 0.toByte())
+        return ret
+    }
+
     override fun loadXmlKeyFile(keyInputStream: InputStream): ByteArray? {
         try {
             val documentBuilderFactory = DocumentBuilderFactory.newInstance()
@@ -488,17 +531,13 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
     }
 
     private fun checkKeyFileHash(data: String, hash: String): Boolean {
-        val digest: MessageDigest?
         var success = false
         try {
-            digest = MessageDigest.getInstance("SHA-256")
-            digest?.reset()
             // hexadecimal encoding of the first 4 bytes of the SHA-256 hash of the key.
-            val dataDigest = digest.digest(Hex.decodeHex(data.toCharArray()))
+            val dataDigest = HashManager.hashSha256(Hex.decodeHex(data.toCharArray()))
-                    .copyOfRange(0, 4)
+                    .copyOfRange(0, 4).toHexString()
-                    .toHexString()
             success = dataDigest == hash
-        } catch (e: NoSuchAlgorithmException) {
+        } catch (e: Exception) {
             e.printStackTrace()
         }
         return success
@@ -590,6 +629,9 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
             return false
         if (recycleBin == null)
             return false
+        if (node is GroupKDBX
+                && recycleBin!!.isContainedIn(node))
+            return false
         if (!node.isContainedIn(recycleBin!!))
             return true
         return false
@@ -627,9 +669,20 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
         this.deletedObjects.add(deletedObject)
     }
 
+    override fun addEntryTo(newEntry: EntryKDBX, parent: GroupKDBX?) {
+        super.addEntryTo(newEntry, parent)
+        mFieldReferenceEngine.clear()
+    }
+
+    override fun updateEntry(entry: EntryKDBX) {
+        super.updateEntry(entry)
+        mFieldReferenceEngine.clear()
+    }
+
     override fun removeEntryFrom(entryToRemove: EntryKDBX, parent: GroupKDBX?) {
         super.removeEntryFrom(entryToRemove, parent)
         deletedObjects.add(DeletedObject(entryToRemove.id))
+        mFieldReferenceEngine.clear()
     }
 
     override fun undoDeleteEntryFrom(entry: EntryKDBX, origParent: GroupKDBX?) {
@@ -641,13 +694,12 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
         return publicCustomData.size() > 0
     }
 
-    fun buildNewAttachment(cacheDirectory: File,
+    fun buildNewAttachment(smallSize: Boolean,
                            compression: Boolean,
                            protection: Boolean,
                            binaryPoolId: Int? = null): BinaryData {
-        return binaryPool.put(binaryPoolId) { uniqueBinaryId ->
+        return attachmentPool.put(binaryPoolId) { uniqueBinaryId ->
-            val fileInCache = File(cacheDirectory, uniqueBinaryId)
+            binaryCache.getBinaryData(uniqueBinaryId, smallSize, compression, protection)
-            BinaryFile(fileInCache, compression, protection)
         }.binary
     }
 
@@ -665,7 +717,7 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
         // Build binaries to remove with all binaries known
         val binariesToRemove = ArrayList<BinaryData>()
         if (binaries.isEmpty()) {
-            binaryPool.doForEachBinary { _, binary ->
+            attachmentPool.doForEachBinary { _, binary ->
                 binariesToRemove.add(binary)
             }
         } else {
@@ -674,7 +726,7 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
         // Remove binaries from the list
         rootGroup?.doForEachChild(object : NodeHandler<EntryKDBX>() {
             override fun operate(node: EntryKDBX): Boolean {
-                node.getAttachments(binaryPool, true).forEach {
+                node.getAttachments(attachmentPool, true).forEach {
                     binariesToRemove.remove(it.binaryData)
                 }
                 return binariesToRemove.isNotEmpty()
@@ -683,9 +735,9 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
         // Effective removing
         binariesToRemove.forEach {
             try {
-                binaryPool.remove(it)
+                attachmentPool.remove(it)
                 if (clear)
-                    it.clear()
+                    it.clear(binaryCache)
             } catch (e: Exception) {
                 Log.w(TAG, "Unable to clean binaries", e)
             }
@@ -701,7 +753,8 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
     override fun clearCache() {
         try {
             super.clearCache()
-            binaryPool.clear()
+            mFieldReferenceEngine.clear()
+            attachmentPool.clear()
         } catch (e: Exception) {
             Log.e(TAG, "Unable to clear cache", e)
         }

app/src/main/java/com/kunzisoft/keepass/database/element/database/DatabaseVersioned.kt

@@ -19,23 +19,22 @@
  */
 package com.kunzisoft.keepass.database.element.database
 
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfEngine
+import com.kunzisoft.encrypt.HashManager
-import com.kunzisoft.keepass.database.element.Database
+import com.kunzisoft.keepass.database.crypto.EncryptionAlgorithm
+import com.kunzisoft.keepass.database.element.binary.AttachmentPool
+import com.kunzisoft.keepass.database.element.binary.BinaryCache
 import com.kunzisoft.keepass.database.element.entry.EntryVersioned
 import com.kunzisoft.keepass.database.element.group.GroupVersioned
 import com.kunzisoft.keepass.database.element.icon.IconImageStandard
 import com.kunzisoft.keepass.database.element.icon.IconsManager
 import com.kunzisoft.keepass.database.element.node.NodeId
 import com.kunzisoft.keepass.database.element.node.Type
-import com.kunzisoft.keepass.database.element.security.EncryptionAlgorithm
 import com.kunzisoft.keepass.database.exception.DuplicateUuidDatabaseException
 import org.apache.commons.codec.binary.Hex
 import java.io.ByteArrayInputStream
 import java.io.IOException
 import java.io.InputStream
 import java.io.UnsupportedEncodingException
-import java.security.MessageDigest
-import java.security.NoSuchAlgorithmException
 import java.util.*
 
 abstract class DatabaseVersioned<
@@ -48,26 +47,27 @@ abstract class DatabaseVersioned<
     // Algorithm used to encrypt the database
     protected var algorithm: EncryptionAlgorithm? = null
 
-    abstract val kdfEngine: KdfEngine?
+    abstract val kdfEngine: com.kunzisoft.keepass.database.crypto.kdf.KdfEngine?
 
-    abstract val kdfAvailableList: List<KdfEngine>
+    abstract val kdfAvailableList: List<com.kunzisoft.keepass.database.crypto.kdf.KdfEngine>
 
     var masterKey = ByteArray(32)
     var finalKey: ByteArray? = null
         protected set
 
     /**
+     * To manage binaries in faster way
      * Cipher key generated when the database is loaded, and destroyed when the database is closed
      * Can be used to temporarily store database elements
      */
-    var loadedCipherKey: Database.LoadedKey? = null
+    var binaryCache = BinaryCache()
-
+    val iconsManager = IconsManager(binaryCache)
-    val iconsManager = IconsManager()
+    var attachmentPool = AttachmentPool(binaryCache)
 
     var changeDuplicateId = false
 
     private var groupIndexes = LinkedHashMap<NodeId<GroupId>, Group>()
-    private var entryIndexes = LinkedHashMap<NodeId<EntryId>, Entry>()
+    protected var entryIndexes = LinkedHashMap<NodeId<EntryId>, Entry>()
 
     abstract val version: String
 
@@ -86,6 +86,12 @@ abstract class DatabaseVersioned<
     abstract val availableEncryptionAlgorithms: List<EncryptionAlgorithm>
 
     var rootGroup: Group? = null
+        set(value) {
+            field = value
+            value?.let {
+                addGroupIndex(it)
+            }
+        }
 
     @Throws(IOException::class)
     protected abstract fun getMasterKey(key: String?, keyInputStream: InputStream?): ByteArray
@@ -99,42 +105,21 @@ abstract class DatabaseVersioned<
     protected fun getCompositeKey(key: String, keyfileInputStream: InputStream): ByteArray {
         val fileKey = getFileKey(keyfileInputStream)
         val passwordKey = getPasswordKey(key)
-
+        return HashManager.hashSha256(passwordKey, fileKey)
-        val messageDigest: MessageDigest
-        try {
-            messageDigest = MessageDigest.getInstance("SHA-256")
-        } catch (e: NoSuchAlgorithmException) {
-            throw IOException("SHA-256 not supported")
-        }
-
-        messageDigest.update(passwordKey)
-
-        return messageDigest.digest(fileKey)
     }
 
     @Throws(IOException::class)
     protected fun getPasswordKey(key: String): ByteArray {
-        val messageDigest: MessageDigest
-        try {
-            messageDigest = MessageDigest.getInstance("SHA-256")
-        } catch (e: NoSuchAlgorithmException) {
-            throw IOException("SHA-256 not supported")
-        }
-
         val bKey: ByteArray = try {
             key.toByteArray(charset(passwordEncoding))
         } catch (e: UnsupportedEncodingException) {
             key.toByteArray()
         }
-
+        return HashManager.hashSha256(bKey)
-        messageDigest.update(bKey, 0, bKey.size)
-
-        return messageDigest.digest()
     }
 
     @Throws(IOException::class)
     protected fun getFileKey(keyInputStream: InputStream): ByteArray {
-
         val keyData = keyInputStream.readBytes()
 
         // Check XML key file
@@ -152,13 +137,8 @@ abstract class DatabaseVersioned<
                 // Key is not base 64, treat it as binary data
             }
         }
-
         // Hash file as binary data
-        try {
+        return HashManager.hashSha256(keyData)
-            return MessageDigest.getInstance("SHA-256").digest(keyData)
-        } catch (e: NoSuchAlgorithmException) {
-            throw IOException("SHA-256 not supported")
-        }
     }
 
     protected open fun loadXmlKeyFile(keyInputStream: InputStream): ByteArray? {
@@ -291,6 +271,26 @@ abstract class DatabaseVersioned<
         return this.entryIndexes[id]
     }
 
+    fun getEntryByTitle(title: String): Entry? {
+        return this.entryIndexes.values.find { entry -> entry.title.equals(title, true) }
+    }
+
+    fun getEntryByUsername(username: String): Entry? {
+        return this.entryIndexes.values.find { entry -> entry.username.equals(username, true) }
+    }
+
+    fun getEntryByURL(url: String): Entry? {
+        return this.entryIndexes.values.find { entry -> entry.url.equals(url, true) }
+    }
+
+    fun getEntryByPassword(password: String): Entry? {
+        return this.entryIndexes.values.find { entry -> entry.password.equals(password, true) }
+    }
+
+    fun getEntryByNotes(notes: String): Entry? {
+        return this.entryIndexes.values.find { entry -> entry.notes.equals(notes, true) }
+    }
+
     fun addEntryIndex(entry: Entry) {
         val entryId = entry.nodeId
         if (entryIndexes.containsKey(entryId)) {
@@ -356,14 +356,14 @@ abstract class DatabaseVersioned<
         removeGroupIndex(groupToRemove)
     }
 
-    fun addEntryTo(newEntry: Entry, parent: Group?) {
+    open fun addEntryTo(newEntry: Entry, parent: Group?) {
         // Add entry to parent
         parent?.addChildEntry(newEntry)
         newEntry.parent = parent
         addEntryIndex(newEntry)
     }
 
-    fun updateEntry(entry: Entry) {
+    open fun updateEntry(entry: Entry) {
         updateEntryIndex(entry)
     }
 

app/src/main/java/com/kunzisoft/keepass/database/element/entry/EntryKDB.kt

@@ -22,7 +22,8 @@ package com.kunzisoft.keepass.database.element.entry
 import android.os.Parcel
 import android.os.Parcelable
 import com.kunzisoft.keepass.database.element.Attachment
-import com.kunzisoft.keepass.database.element.database.BinaryData
+import com.kunzisoft.keepass.database.element.binary.AttachmentPool
+import com.kunzisoft.keepass.database.element.binary.BinaryData
 import com.kunzisoft.keepass.database.element.group.GroupKDB
 import com.kunzisoft.keepass.database.element.icon.IconImageStandard.Companion.KEY_ID
 import com.kunzisoft.keepass.database.element.node.NodeId
@@ -56,7 +57,7 @@ class EntryKDB : EntryVersioned<Int, UUID, GroupKDB, EntryKDB>, NodeKDBInterface
 
     /** A string describing what is in binaryData  */
     var binaryDescription = ""
-    var binaryData: BinaryData? = null
+    private var binaryDataId: Int? = null
 
     // Determine if this is a MetaStream entry
     val isMetaStream: Boolean
@@ -89,7 +90,8 @@ class EntryKDB : EntryVersioned<Int, UUID, GroupKDB, EntryKDB>, NodeKDBInterface
         url = parcel.readString() ?: url
         notes = parcel.readString() ?: notes
         binaryDescription = parcel.readString() ?: binaryDescription
-        binaryData = parcel.readParcelable(BinaryData::class.java.classLoader)
+        val rawBinaryDataId = parcel.readInt()
+        binaryDataId = if (rawBinaryDataId == -1) null else rawBinaryDataId
     }
 
     override fun readParentParcelable(parcel: Parcel): GroupKDB? {
@@ -108,7 +110,7 @@ class EntryKDB : EntryVersioned<Int, UUID, GroupKDB, EntryKDB>, NodeKDBInterface
         dest.writeString(url)
         dest.writeString(notes)
         dest.writeString(binaryDescription)
-        dest.writeParcelable(binaryData, flags)
+        dest.writeInt(binaryDataId ?: -1)
     }
 
     fun updateWith(source: EntryKDB) {
@@ -119,7 +121,7 @@ class EntryKDB : EntryVersioned<Int, UUID, GroupKDB, EntryKDB>, NodeKDBInterface
         url = source.url
         notes = source.notes
         binaryDescription = source.binaryDescription
-        binaryData = source.binaryData
+        binaryDataId = source.binaryDataId
     }
 
     override var username = ""
@@ -138,26 +140,39 @@ class EntryKDB : EntryVersioned<Int, UUID, GroupKDB, EntryKDB>, NodeKDBInterface
     override val type: Type
         get() = Type.ENTRY
 
-    fun getAttachment(): Attachment? {
+    fun getAttachment(attachmentPool: AttachmentPool): Attachment? {
-        val binary = binaryData
+        binaryDataId?.let { poolId ->
-        return if (binary != null)
+            attachmentPool[poolId]?.let { binary ->
-            Attachment(binaryDescription, binary)
+                return Attachment(binaryDescription, binary)
-        else null
+            }
+        }
+        return null
     }
 
     fun containsAttachment(): Boolean {
-        return binaryData != null
+        return binaryDataId != null
     }
 
-    fun putAttachment(attachment: Attachment) {
+    fun getBinary(attachmentPool: AttachmentPool): BinaryData? {
+        this.binaryDataId?.let {
+            return attachmentPool[it]
+        }
+        return null
+    }
+
+    fun putBinary(binaryData: BinaryData, attachmentPool: AttachmentPool) {
+        this.binaryDataId = attachmentPool.put(binaryData)
+    }
+
+    fun putAttachment(attachment: Attachment, attachmentPool: AttachmentPool) {
         this.binaryDescription = attachment.name
-        this.binaryData = attachment.binaryData
+        this.binaryDataId = attachmentPool.put(attachment.binaryData)
     }
 
     fun removeAttachment(attachment: Attachment? = null) {
         if (attachment == null || this.binaryDescription == attachment.name) {
             this.binaryDescription = ""
-            this.binaryData = null
+            this.binaryDataId = null
         }
     }
 

app/src/main/java/com/kunzisoft/keepass/database/element/entry/EntryKDBX.kt

@@ -21,9 +21,10 @@ package com.kunzisoft.keepass.database.element.entry
 
 import android.os.Parcel
 import android.os.Parcelable
+import com.kunzisoft.keepass.utils.UnsignedLong
 import com.kunzisoft.keepass.database.element.Attachment
 import com.kunzisoft.keepass.database.element.DateInstant
-import com.kunzisoft.keepass.database.element.database.AttachmentPool
+import com.kunzisoft.keepass.database.element.binary.AttachmentPool
 import com.kunzisoft.keepass.database.element.database.DatabaseKDBX
 import com.kunzisoft.keepass.database.element.group.GroupKDBX
 import com.kunzisoft.keepass.database.element.node.NodeId
@@ -32,7 +33,6 @@ import com.kunzisoft.keepass.database.element.node.NodeKDBXInterface
 import com.kunzisoft.keepass.database.element.node.Type
 import com.kunzisoft.keepass.database.element.security.ProtectedString
 import com.kunzisoft.keepass.utils.ParcelableUtil
-import com.kunzisoft.keepass.utils.UnsignedLong
 import java.util.*
 import kotlin.collections.ArrayList
 import kotlin.collections.LinkedHashMap
@@ -56,32 +56,6 @@ class EntryKDBX : EntryVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
     var additional = ""
     var tags = ""
 
-    fun getSize(attachmentPool: AttachmentPool): Long {
-        var size = FIXED_LENGTH_SIZE
-
-        for (entry in fields.entries) {
-            size += entry.key.length.toLong()
-            size += entry.value.length().toLong()
-        }
-
-        size += getAttachmentsSize(attachmentPool)
-
-        size += autoType.defaultSequence.length.toLong()
-        for ((key, value) in autoType.entrySet()) {
-            size += key.length.toLong()
-            size += value.length.toLong()
-        }
-
-        for (entry in history) {
-            size += entry.getSize(attachmentPool)
-        }
-
-        size += overrideURL.length.toLong()
-        size += tags.length.toLong()
-
-        return size
-    }
-
     override var expires: Boolean = false
 
     constructor() : super()
@@ -102,6 +76,14 @@ class EntryKDBX : EntryVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
         tags = parcel.readString() ?: tags
     }
 
+    override fun readParentParcelable(parcel: Parcel): GroupKDBX? {
+        return parcel.readParcelable(GroupKDBX::class.java.classLoader)
+    }
+
+    override fun writeParentParcelable(parent: GroupKDBX?, parcel: Parcel, flags: Int) {
+        parcel.writeParcelable(parent, flags)
+    }
+
     override fun writeToParcel(dest: Parcel, flags: Int) {
         super.writeToParcel(dest, flags)
         dest.writeLong(usageCount.toKotlinLong())
@@ -164,13 +146,8 @@ class EntryKDBX : EntryVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
         return NodeIdUUID(nodeId.id)
     }
 
-    override fun readParentParcelable(parcel: Parcel): GroupKDBX? {
+    override val type: Type
-        return parcel.readParcelable(GroupKDBX::class.java.classLoader)
+        get() = Type.ENTRY
-    }
-
-    override fun writeParentParcelable(parent: GroupKDBX?, parcel: Parcel, flags: Int) {
-        parcel.writeParcelable(parent, flags)
-    }
 
     /**
      * Decode a reference key with the FieldReferencesEngine
@@ -178,47 +155,64 @@ class EntryKDBX : EntryVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
      * @param key
      * @return
      */
-    private fun decodeRefKey(decodeRef: Boolean, key: String): String {
+    private fun decodeRefKey(decodeRef: Boolean, key: String, recursionLevel: Int): String {
         return fields[key]?.toString()?.let { text ->
             return if (decodeRef) {
-                if (mDatabase == null) text else FieldReferencesEngine().compile(text, this, mDatabase!!)
+                mDatabase?.getFieldReferenceValue(text, recursionLevel) ?: text
             } else text
         } ?: ""
     }
 
+    fun decodeTitleKey(recursionLevel: Int): String {
+        return decodeRefKey(mDecodeRef, STR_TITLE, recursionLevel)
+    }
+
     override var title: String
-        get() = decodeRefKey(mDecodeRef, STR_TITLE)
+        get() = decodeTitleKey(0)
         set(value) {
             val protect = mDatabase != null && mDatabase!!.memoryProtection.protectTitle
             fields[STR_TITLE] = ProtectedString(protect, value)
         }
 
-    override val type: Type
+    fun decodeUsernameKey(recursionLevel: Int): String {
-        get() = Type.ENTRY
+        return decodeRefKey(mDecodeRef, STR_USERNAME, recursionLevel)
+    }
 
     override var username: String
-        get() = decodeRefKey(mDecodeRef, STR_USERNAME)
+        get() = decodeUsernameKey(0)
         set(value) {
             val protect = mDatabase != null && mDatabase!!.memoryProtection.protectUserName
             fields[STR_USERNAME] = ProtectedString(protect, value)
         }
 
+    fun decodePasswordKey(recursionLevel: Int): String {
+        return decodeRefKey(mDecodeRef, STR_PASSWORD, recursionLevel)
+    }
+
     override var password: String
-        get() = decodeRefKey(mDecodeRef, STR_PASSWORD)
+        get() = decodePasswordKey(0)
         set(value) {
             val protect = mDatabase != null && mDatabase!!.memoryProtection.protectPassword
             fields[STR_PASSWORD] = ProtectedString(protect, value)
         }
 
+    fun decodeUrlKey(recursionLevel: Int): String {
+        return decodeRefKey(mDecodeRef, STR_URL, recursionLevel)
+    }
+
     override var url
-        get() = decodeRefKey(mDecodeRef, STR_URL)
+        get() = decodeUrlKey(0)
         set(value) {
             val protect = mDatabase != null && mDatabase!!.memoryProtection.protectUrl
             fields[STR_URL] = ProtectedString(protect, value)
         }
 
+    fun decodeNotesKey(recursionLevel: Int): String {
+        return decodeRefKey(mDecodeRef, STR_NOTES, recursionLevel)
+    }
+
     override var notes: String
-        get() = decodeRefKey(mDecodeRef, STR_NOTES)
+        get() = decodeNotesKey(0)
         set(value) {
             val protect = mDatabase != null && mDatabase!!.memoryProtection.protectNotes
             fields[STR_NOTES] = ProtectedString(protect, value)
@@ -228,6 +222,32 @@ class EntryKDBX : EntryVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
 
     override var locationChanged = DateInstant()
 
+    fun getSize(attachmentPool: AttachmentPool): Long {
+        var size = FIXED_LENGTH_SIZE
+
+        for (entry in fields.entries) {
+            size += entry.key.length.toLong()
+            size += entry.value.length().toLong()
+        }
+
+        size += getAttachmentsSize(attachmentPool)
+
+        size += autoType.defaultSequence.length.toLong()
+        for ((key, value) in autoType.entrySet()) {
+            size += key.length.toLong()
+            size += value.length.toLong()
+        }
+
+        for (entry in history) {
+            size += entry.getSize(attachmentPool)
+        }
+
+        size += overrideURL.length.toLong()
+        size += tags.length.toLong()
+
+        return size
+    }
+
     fun afterChangeParent() {
         locationChanged = DateInstant()
     }
@@ -245,7 +265,7 @@ class EntryKDBX : EntryVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
             field.clear()
             for ((key, value) in fields) {
                 if (!isStandardField(key)) {
-                    field[key] = ProtectedString(value.isProtected, decodeRefKey(mDecodeRef, key))
+                    field[key] = ProtectedString(value.isProtected, decodeRefKey(mDecodeRef, key, 0))
                 }
             }
             return field
@@ -338,8 +358,7 @@ class EntryKDBX : EntryVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
 
     override fun touch(modified: Boolean, touchParents: Boolean) {
         super.touch(modified, touchParents)
-        // TODO unsigned long
+        usageCount.plusOne()
-        usageCount = UnsignedLong(usageCount.toKotlinLong() + 1)
     }
 
     companion object {
@@ -350,6 +369,8 @@ class EntryKDBX : EntryVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
         const val STR_URL = "URL"
         const val STR_NOTES = "Notes"
 
+        private const val FIXED_LENGTH_SIZE: Long = 128 // Approximate fixed length size
+
         fun newCustomNameAllowed(name: String): Boolean {
             return !(name.equals(STR_TITLE, true)
                     || name.equals(STR_USERNAME, true)
@@ -368,7 +389,5 @@ class EntryKDBX : EntryVersioned<UUID, UUID, GroupKDBX, EntryKDBX>, NodeKDBXInte
                 return arrayOfNulls(size)
             }
         }
-
-        private const val FIXED_LENGTH_SIZE: Long = 128 // Approximate fixed length size
     }
 }

app/src/main/java/com/kunzisoft/keepass/database/element/entry/EntryVersioned.kt

@@ -36,6 +36,10 @@ abstract class EntryVersioned
 
     constructor(parcel: Parcel) : super(parcel)
 
+    override fun writeToParcel(dest: Parcel, flags: Int) {
+        super.writeToParcel(dest, flags)
+    }
+
     override fun nodeIndexInParentForNaturalOrder(): Int {
         if (nodeIndexInParentForNaturalOrder == -1) {
             val numberOfGroups = parent?.getChildGroups()?.size

app/src/main/java/com/kunzisoft/keepass/database/element/entry/FieldReferencesEngine.kt

@@ -20,267 +20,123 @@
 package com.kunzisoft.keepass.database.element.entry
 
 import com.kunzisoft.keepass.database.element.database.DatabaseKDBX
-import com.kunzisoft.keepass.database.element.group.GroupKDBX
+import com.kunzisoft.keepass.database.element.node.NodeIdUUID
-import com.kunzisoft.keepass.database.search.EntryKDBXSearchHandler
+import com.kunzisoft.keepass.utils.UuidUtil
-import com.kunzisoft.keepass.database.search.SearchParameters
 import java.util.*
 
-class FieldReferencesEngine {
+class FieldReferencesEngine(private val mDatabase: DatabaseKDBX) {
 
-    inner class TargetResult(var entry: EntryKDBX?, var wanted: Char)
+    // Key : <WantedField>@<SearchIn>:<Text>
+    // Value : content
+    private var refsCache: MutableMap<String, String?> = HashMap()
 
-    private inner class SprContextV4 {
+    fun clear() {
-
+        refsCache.clear()
-        var databaseV4: DatabaseKDBX? = null
-        var entry: EntryKDBX
-        var refsCache: MutableMap<String, String> = HashMap()
-
-        internal constructor(db: DatabaseKDBX, entry: EntryKDBX) {
-            this.databaseV4 = db
-            this.entry = entry
-        }
-
-        internal constructor(source: SprContextV4) {
-            this.databaseV4 = source.databaseV4
-            this.entry = source.entry
-            this.refsCache = source.refsCache
-        }
     }
 
-    fun compile(text: String, entry: EntryKDBX, database: DatabaseKDBX): String {
+    fun compile(textReference: String, recursionLevel: Int): String {
-        return compileInternal(text, SprContextV4(database, entry), 0)
-    }
-
-    private fun compileInternal(text: String?, sprContextV4: SprContextV4?, recursionLevel: Int): String {
-        if (text == null) {
-            return ""
-        }
-        if (sprContextV4 == null) {
-            return ""
-        }
         return if (recursionLevel >= MAX_RECURSION_DEPTH) {
             ""
-        } else fillRefPlaceholders(text, sprContextV4, recursionLevel)
+        } else
-
+            fillReferencesPlaceholders(textReference, recursionLevel)
     }
 
-    private fun fillRefPlaceholders(textReference: String, contextV4: SprContextV4, recursionLevel: Int): String {
+    /**
-        var text = textReference
+     * Manage placeholders with {REF:<WantedField>@<SearchIn>:<Text>}
-
+     */
-        if (contextV4.databaseV4 == null) {
+    private fun fillReferencesPlaceholders(textReference: String, recursionLevel: Int): String {
-            return text
+        var textValue = textReference
-        }
 
         var offset = 0
-        for (i in 0..19) {
+        var numberInlineRef = 0
-            text = fillRefsUsingCache(text, contextV4)
+        while (textValue.contains(STR_REF_START)
+                && numberInlineRef <= MAX_INLINE_REF) {
+            numberInlineRef++
 
-            val start = text.indexOf(STR_REF_START, offset, true)
+            textValue = fillReferencesUsingCache(textValue)
+
+            val start = textValue.indexOf(STR_REF_START, offset, true)
             if (start < 0) {
                 break
             }
-            val end = text.indexOf(STR_REF_END, start + 1, true)
+            val end = textValue.indexOf(STR_REF_END, offset, true)
             if (end <= start) {
                 break
             }
 
-            val fullRef = text.substring(start, end + 1)
+            val reference = textValue.substring(start + STR_REF_START.length, end)
-            val result = findRefTarget(fullRef, contextV4)
+            val fullReference = "$STR_REF_START$reference$STR_REF_END"
 
-            if (result != null) {
+            if (!refsCache.containsKey(fullReference)) {
-                val found = result.entry
+                val result = findReferenceTarget(reference)
-                found?.stopToManageFieldReferences()
+                val entryFound = result.entry
-                val wanted = result.wanted
+                val newRecursionLevel = recursionLevel + 1
-
+                val data: String? = when (result.wanted) {
-                var data: String? = null
+                    'T' -> entryFound?.decodeTitleKey(newRecursionLevel)
-                when (wanted) {
+                    'U' -> entryFound?.decodeUsernameKey(newRecursionLevel)
-                    'T' -> data = found?.title
+                    'A' -> entryFound?.decodeUrlKey(newRecursionLevel)
-                    'U' -> data = found?.username
+                    'P' -> entryFound?.decodePasswordKey(newRecursionLevel)
-                    'A' -> data = found?.url
+                    'N' -> entryFound?.decodeNotesKey(newRecursionLevel)
-                    'P' -> data = found?.password
+                    'I' -> UuidUtil.toHexString(entryFound?.nodeId?.id)
-                    'N' -> data = found?.notes
+                    else -> null
-                    'I' -> data = found?.nodeId.toString()
-                }
-
-                if (data != null && found != null) {
-                    val subCtx = SprContextV4(contextV4)
-                    subCtx.entry = found
-
-                    val innerContent = compileInternal(data, subCtx, recursionLevel + 1)
-                    addRefsToCache(fullRef, innerContent, contextV4)
-                    text = fillRefsUsingCache(text, contextV4)
-                } else {
-                    offset = start + 1
                 }
+                refsCache[fullReference] = data
+                textValue = fillReferencesUsingCache(textValue)
             }
 
+            offset = end
         }
-
+        return textValue
-        return text
     }
 
-    private fun findRefTarget(fullReference: String?, contextV4: SprContextV4): TargetResult? {
+    private fun fillReferencesUsingCache(text: String): String {
-        var fullRef: String? = fullReference ?: return null
-
-        fullRef = fullRef!!.toUpperCase(Locale.ENGLISH)
-        if (!fullRef.startsWith(STR_REF_START) || !fullRef.endsWith(STR_REF_END)) {
-            return null
-        }
-
-        val ref = fullRef.substring(STR_REF_START.length, fullRef.length - STR_REF_END.length)
-        if (ref.length <= 4) {
-            return null
-        }
-        if (ref[1] != '@') {
-            return null
-        }
-        if (ref[3] != ':') {
-            return null
-        }
-
-        val scan = Character.toUpperCase(ref[2])
-        val wanted = Character.toUpperCase(ref[0])
-
-        val searchParameters = SearchParameters()
-        searchParameters.setupNone()
-
-        searchParameters.searchString = ref.substring(4)
-        when (scan) {
-            'T' -> searchParameters.searchInTitles = true
-            'U' -> searchParameters.searchInUserNames = true
-            'A' -> searchParameters.searchInUrls = true
-            'P' -> searchParameters.searchInPasswords = true
-            'N' -> searchParameters.searchInNotes = true
-            'I' -> searchParameters.searchInUUIDs = true
-            'O' -> searchParameters.searchInOther = true
-            else -> return null
-        }
-
-        val list = ArrayList<EntryKDBX>()
-        searchEntries(contextV4.databaseV4?.rootGroup, searchParameters, list)
-
-        return if (list.size > 0) {
-            TargetResult(list[0], wanted)
-        } else null
-
-    }
-
-    private fun addRefsToCache(ref: String?, value: String?, ctx: SprContextV4?) {
-        if (ref == null) {
-            return
-        }
-        if (value == null) {
-            return
-        }
-        if (ctx == null) {
-            return
-        }
-
-        if (!ctx.refsCache.containsKey(ref)) {
-            ctx.refsCache[ref] = value
-        }
-    }
-
-    private fun fillRefsUsingCache(text: String, sprContextV4: SprContextV4): String {
         var newText = text
-        for ((key, value) in sprContextV4.refsCache) {
+        for ((key, value) in refsCache) {
-            newText = text.replace(key, value, true)
+            // Replace by key if value not found
+            newText = newText.replace(key, value ?: key, true)
         }
         return newText
     }
 
-    private fun searchEntries(root: GroupKDBX?, searchParameters: SearchParameters?, listStorage: MutableList<EntryKDBX>?) {
+    private fun findReferenceTarget(reference: String): TargetResult {
-        if (searchParameters == null) {
+
-            return
+        val targetResult = TargetResult(null, 'J')
+
+        if (reference.length <= 4) {
+            return targetResult
         }
-        if (listStorage == null) {
+        if (reference[1] != '@') {
-            return
+            return targetResult
+        }
+        if (reference[3] != ':') {
+            return targetResult
         }
 
-        val terms = splitStringTerms(searchParameters.searchString)
+        targetResult.wanted = Character.toUpperCase(reference[0])
-        if (terms.size <= 1 || searchParameters.regularExpression) {
+        val searchIn = Character.toUpperCase(reference[2])
-            root!!.doForEachChild(EntryKDBXSearchHandler(searchParameters, listStorage), null)
+        val searchQuery = reference.substring(4)
-            return
+        targetResult.entry = when (searchIn) {
-        }
+            'T' -> mDatabase.getEntryByTitle(searchQuery)
-
+            'U' -> mDatabase.getEntryByUsername(searchQuery)
-        // Search longest term first
+            'A' -> mDatabase.getEntryByURL(searchQuery)
-        val stringLengthComparator = Comparator<String> { lhs, rhs -> lhs.length - rhs.length }
+            'P' -> mDatabase.getEntryByPassword(searchQuery)
-        Collections.sort(terms, stringLengthComparator)
+            'N' -> mDatabase.getEntryByNotes(searchQuery)
-
+            'I' -> {
-        val fullSearch = searchParameters.searchString
+                UuidUtil.fromHexString(searchQuery)?.let { uuid ->
-        var childEntries: List<EntryKDBX>? = root!!.getChildEntries()
+                    mDatabase.getEntryById(NodeIdUUID(uuid))
-        for (i in terms.indices) {
-            val pgNew = ArrayList<EntryKDBX>()
-
-            searchParameters.searchString = terms[i]
-
-            var negate = false
-            if (searchParameters.searchString.startsWith("-")) {
-                searchParameters.searchString = searchParameters.searchString.substring(1)
-                negate = searchParameters.searchString.isNotEmpty()
-            }
-
-            if (!root.doForEachChild(EntryKDBXSearchHandler(searchParameters, pgNew), null)) {
-                childEntries = null
-                break
-            }
-
-            childEntries = if (negate) {
-                val complement = ArrayList<EntryKDBX>()
-                for (entry in childEntries!!) {
-                    if (!pgNew.contains(entry)) {
-                        complement.add(entry)
-                    }
-                }
-                complement
-            } else {
-                pgNew
-            }
-        }
-
-        if (childEntries != null) {
-            listStorage.addAll(childEntries)
-        }
-        searchParameters.searchString = fullSearch
-    }
-
-    /**
-     * Create a list of String by split text when ' ', '\t', '\r' or '\n' is found
-     */
-    private fun splitStringTerms(text: String?): List<String> {
-        val list = ArrayList<String>()
-        if (text == null) {
-            return list
-        }
-
-        val stringBuilder = StringBuilder()
-        var quoted = false
-
-        for (element in text) {
-
-            if ((element == ' ' || element == '\t' || element == '\r' || element == '\n') && !quoted) {
-
-                val len = stringBuilder.length
-                when {
-                    len > 0 -> {
-                        list.add(stringBuilder.toString())
-                        stringBuilder.delete(0, len)
-                    }
-                    element == '\"' -> quoted = !quoted
-                    else -> stringBuilder.append(element)
                 }
             }
+            'O' -> mDatabase.getEntryByCustomData(searchQuery)
+            else -> null
         }
-
+        return targetResult
-        if (stringBuilder.isNotEmpty()) {
-            list.add(stringBuilder.toString())
-        }
-
-        return list
     }
 
+    private data class TargetResult(var entry: EntryKDBX?, var wanted: Char)
+
     companion object {
-        private const val MAX_RECURSION_DEPTH = 12
+        private const val MAX_RECURSION_DEPTH = 10
+        private const val MAX_INLINE_REF = 10
         private const val STR_REF_START = "{REF:"
         private const val STR_REF_END = "}"
     }

app/src/main/java/com/kunzisoft/keepass/database/element/group/GroupKDB.kt

@@ -31,14 +31,12 @@ import java.util.*
 
 class GroupKDB : GroupVersioned<Int, UUID, GroupKDB, EntryKDB>, NodeKDBInterface {
 
-    var level = 0 // short
     // Used by KeePass internally, don't use
     var groupFlags = 0
 
     constructor() : super()
 
     constructor(parcel: Parcel) : super(parcel) {
-        level = parcel.readInt()
         groupFlags = parcel.readInt()
     }
 
@@ -52,13 +50,11 @@ class GroupKDB : GroupVersioned<Int, UUID, GroupKDB, EntryKDB>, NodeKDBInterface
 
     override fun writeToParcel(dest: Parcel, flags: Int) {
         super.writeToParcel(dest, flags)
-        dest.writeInt(level)
         dest.writeInt(groupFlags)
     }
 
     fun updateWith(source: GroupKDB) {
         super.updateWith(source)
-        level = source.level
         groupFlags = source.groupFlags
     }
 
@@ -73,15 +69,12 @@ class GroupKDB : GroupVersioned<Int, UUID, GroupKDB, EntryKDB>, NodeKDBInterface
         return NodeIdInt(nodeId.id)
     }
 
-    override fun afterAssignNewParent() {
-        if (parent != null)
-            level = parent!!.level + 1
-    }
-
     fun setGroupId(groupId: Int) {
         this.nodeId = NodeIdInt(groupId)
     }
 
+    override fun afterAssignNewParent() {}
+
     companion object {
 
         @JvmField

app/src/main/java/com/kunzisoft/keepass/database/element/group/GroupVersioned.kt

@@ -63,6 +63,17 @@ abstract class GroupVersioned
         get() = titleGroup
         set(value) { titleGroup = value }
 
+    /**
+     *  To determine the level from the root group (root group level is -1)
+     */
+    fun getLevel(): Int {
+        var level = -1
+        parent?.let { parent ->
+            level = parent.getLevel() + 1
+        }
+        return level
+    }
+
     override fun getChildGroups(): List<Group> {
         return childGroups
     }

app/src/main/java/com/kunzisoft/keepass/database/element/group/GroupVersionedInterface.kt

@@ -45,23 +45,64 @@ interface GroupVersionedInterface<Group: GroupVersionedInterface<Group, Entry>,
         groupHandler.operate(this as Group)
     }
 
-    fun doForEachChild(entryHandler: NodeHandler<Entry>,
+    fun doForEachChild(entryHandler: NodeHandler<Entry>?,
                        groupHandler: NodeHandler<Group>?,
-                       stopIterationWhenGroupHandlerFails: Boolean = true): Boolean {
+                       stopIterationWhenGroupHandlerOperateFalse: Boolean = true): Boolean {
-        for (entry in this.getChildEntries()) {
+        if (entryHandler != null) {
-            if (!entryHandler.operate(entry))
+            for (entry in this.getChildEntries()) {
-                return false
+                if (!entryHandler.operate(entry))
+                    return false
+            }
         }
         for (group in this.getChildGroups()) {
             var doActionForChild = true
             if (groupHandler != null && !groupHandler.operate(group)) {
                 doActionForChild = false
-                if (stopIterationWhenGroupHandlerFails)
+                if (stopIterationWhenGroupHandlerOperateFalse)
                     return false
             }
             if (doActionForChild)
-                group.doForEachChild(entryHandler, groupHandler)
+                group.doForEachChild(entryHandler, groupHandler, stopIterationWhenGroupHandlerOperateFalse)
         }
         return true
     }
+
+    fun searchChildEntry(criteria: (entry: Entry) -> Boolean): Entry? {
+        return searchChildEntry(this, criteria)
+    }
+
+    private fun searchChildEntry(rootGroup: GroupVersionedInterface<Group, Entry>,
+                                 criteria: (entry: Entry) -> Boolean): Entry? {
+        for (childEntry in rootGroup.getChildEntries()) {
+            if (criteria.invoke(childEntry)) {
+                return childEntry
+            }
+        }
+        for (group in rootGroup.getChildGroups()) {
+            val searchChildEntry = searchChildEntry(group, criteria)
+            if (searchChildEntry != null) {
+                return searchChildEntry
+            }
+        }
+        return null
+    }
+
+    fun searchChildGroup(criteria: (group: Group) -> Boolean): Group? {
+        return searchChildGroup(this, criteria)
+    }
+
+    private fun searchChildGroup(rootGroup: GroupVersionedInterface<Group, Entry>,
+                                 criteria: (group: Group) -> Boolean): Group? {
+        for (childGroup in rootGroup.getChildGroups()) {
+            if (criteria.invoke(childGroup)) {
+                return childGroup
+            } else {
+                val subGroup = searchChildGroup(childGroup, criteria)
+                if (subGroup != null) {
+                    return subGroup
+                }
+            }
+        }
+        return null
+    }
 }

app/src/main/java/com/kunzisoft/keepass/database/element/icon/IconImage.kt

@@ -22,7 +22,7 @@ package com.kunzisoft.keepass.database.element.icon
 import android.os.Parcel
 import android.os.Parcelable
 
-class IconImage() : IconImageDraw(), Parcelable {
+class IconImage() : IconImageDraw() {
 
     var standard: IconImageStandard = IconImageStandard()
     var custom: IconImageCustom = IconImageCustom()

app/src/main/java/com/kunzisoft/keepass/database/element/icon/IconImageCustom.kt

@@ -20,11 +20,12 @@
 package com.kunzisoft.keepass.database.element.icon
 
 import android.os.Parcel
+import android.os.ParcelUuid
 import android.os.Parcelable
 import com.kunzisoft.keepass.database.element.database.DatabaseVersioned
 import java.util.*
 
-class IconImageCustom : Parcelable, IconImageDraw {
+class IconImageCustom : IconImageDraw {
 
     var uuid: UUID
 
@@ -37,17 +38,17 @@ class IconImageCustom : Parcelable, IconImageDraw {
     }
 
     constructor(parcel: Parcel) {
-        uuid = parcel.readSerializable() as UUID
+        uuid = parcel.readParcelable<ParcelUuid>(ParcelUuid::class.java.classLoader)?.uuid ?: DatabaseVersioned.UUID_ZERO
+    }
+
+    override fun writeToParcel(dest: Parcel, flags: Int) {
+        dest.writeParcelable(ParcelUuid(uuid), flags)
     }
 
     override fun describeContents(): Int {
         return 0
     }
 
-    override fun writeToParcel(dest: Parcel, flags: Int) {
-        dest.writeSerializable(uuid)
-    }
-
     override fun hashCode(): Int {
         val prime = 31
         var result = 1

app/src/main/java/com/kunzisoft/keepass/database/element/icon/IconImageDraw.kt

@@ -19,7 +19,9 @@
  */
 package com.kunzisoft.keepass.database.element.icon
 
-abstract class IconImageDraw {
+import android.os.Parcelable
+
+abstract class IconImageDraw : Parcelable {
 
     var selected = false
     /**

app/src/main/java/com/kunzisoft/keepass/database/element/icon/IconImageStandard.kt

@@ -23,7 +23,7 @@ import android.os.Parcel
 import android.os.Parcelable
 import com.kunzisoft.keepass.icons.IconPack.Companion.NB_ICONS
 
-class IconImageStandard : Parcelable, IconImageDraw {
+class IconImageStandard : IconImageDraw {
 
     val id: Int
 

app/src/main/java/com/kunzisoft/keepass/database/element/icon/IconsManager.kt

@@ -20,22 +20,19 @@
 package com.kunzisoft.keepass.database.element.icon
 
 import android.util.Log
-import com.kunzisoft.keepass.database.element.database.BinaryByte
+import com.kunzisoft.keepass.database.element.binary.BinaryCache
-import com.kunzisoft.keepass.database.element.database.BinaryByte.Companion.MAX_BINARY_BYTES
+import com.kunzisoft.keepass.database.element.binary.BinaryData
-import com.kunzisoft.keepass.database.element.database.BinaryData
+import com.kunzisoft.keepass.database.element.binary.CustomIconPool
-import com.kunzisoft.keepass.database.element.database.BinaryFile
-import com.kunzisoft.keepass.database.element.database.CustomIconPool
 import com.kunzisoft.keepass.database.element.icon.IconImageStandard.Companion.KEY_ID
 import com.kunzisoft.keepass.icons.IconPack.Companion.NB_ICONS
-import java.io.File
 import java.util.*
 
-class IconsManager {
+class IconsManager(private val binaryCache: BinaryCache) {
 
     private val standardCache = List(NB_ICONS) {
         IconImageStandard(it)
     }
-    private val customCache = CustomIconPool()
+    private val customCache = CustomIconPool(binaryCache)
 
     fun getIcon(iconId: Int): IconImageStandard {
         val searchIconId = if (IconImageStandard.isCorrectIconId(iconId)) iconId else KEY_ID
@@ -52,25 +49,18 @@ class IconsManager {
      *  Custom
      */
 
-    fun buildNewCustomIcon(cacheDirectory: File,
+    fun buildNewCustomIcon(key: UUID? = null,
-                           key: UUID? = null,
                            result: (IconImageCustom, BinaryData?) -> Unit) {
         // Create a binary file for a brand new custom icon
-        addCustomIcon(cacheDirectory, key, -1, result)
+        addCustomIcon(key, false, result)
     }
 
-    fun addCustomIcon(cacheDirectory: File,
+    fun addCustomIcon(key: UUID? = null,
-                      key: UUID? = null,
+                      smallSize: Boolean,
-                      dataSize: Int,
                       result: (IconImageCustom, BinaryData?) -> Unit) {
         val keyBinary = customCache.put(key) { uniqueBinaryId ->
             // Create a byte array for better performance with small data
-            if (dataSize in 1..MAX_BINARY_BYTES) {
+            binaryCache.getBinaryData(uniqueBinaryId, smallSize)
-                BinaryByte()
-            } else {
-                val fileInCache = File(cacheDirectory, uniqueBinaryId)
-                BinaryFile(fileInCache)
-            }
         }
         result.invoke(IconImageCustom(keyBinary.keys.first()), keyBinary.binary)
     }
@@ -83,11 +73,11 @@ class IconsManager {
         return customCache.isBinaryDuplicate(binaryData)
     }
 
-    fun removeCustomIcon(iconUuid: UUID) {
+    fun removeCustomIcon(binaryCache: BinaryCache, iconUuid: UUID) {
         val binary = customCache[iconUuid]
         customCache.remove(iconUuid)
         try {
-            binary?.clear()
+            binary?.clear(binaryCache)
         } catch (e: Exception) {
             Log.w(TAG, "Unable to remove custom icon binary", e)
         }

app/src/main/java/com/kunzisoft/keepass/database/element/node/NodeIdUUID.kt

@@ -20,6 +20,7 @@
 package com.kunzisoft.keepass.database.element.node
 
 import android.os.Parcel
+import android.os.ParcelUuid
 import android.os.Parcelable
 import java.util.*
 
@@ -35,12 +36,12 @@ class NodeIdUUID : NodeId<UUID> {
     }
 
     constructor(parcel: Parcel) {
-        id = parcel.readSerializable() as UUID
+        id = parcel.readParcelable<ParcelUuid>(ParcelUuid::class.java.classLoader)?.uuid ?: id
     }
 
     override fun writeToParcel(dest: Parcel, flags: Int) {
         super.writeToParcel(dest, flags)
-        dest.writeSerializable(id)
+        dest.writeParcelable(ParcelUuid(id), flags)
     }
 
     override fun equals(other: Any?): Boolean {

app/src/main/java/com/kunzisoft/keepass/database/element/security/EncryptionAlgorithm.kt

@@ -1,64 +0,0 @@
-/*
- * Copyright 2019 Jeremy Jamet / Kunzisoft.
- *     
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.database.element.security
-
-import android.content.res.Resources
-
-import com.kunzisoft.keepass.R
-import com.kunzisoft.keepass.crypto.engine.AesEngine
-import com.kunzisoft.keepass.crypto.engine.ChaCha20Engine
-import com.kunzisoft.keepass.crypto.engine.CipherEngine
-import com.kunzisoft.keepass.crypto.engine.TwofishEngine
-import com.kunzisoft.keepass.utils.ObjectNameResource
-
-import java.util.UUID
-
-enum class EncryptionAlgorithm : ObjectNameResource {
-
-    AESRijndael,
-    Twofish,
-    ChaCha20;
-
-    val cipherEngine: CipherEngine
-        get() {
-            return when (this) {
-                AESRijndael -> AesEngine()
-                Twofish -> TwofishEngine()
-                ChaCha20 -> ChaCha20Engine()
-            }
-        }
-
-    val dataCipher: UUID
-        get() {
-            return when (this) {
-                AESRijndael -> AesEngine.CIPHER_UUID
-                Twofish -> TwofishEngine.CIPHER_UUID
-                ChaCha20 -> ChaCha20Engine.CIPHER_UUID
-            }
-        }
-
-    override fun getName(resources: Resources): String {
-        return when (this) {
-            AESRijndael -> resources.getString(R.string.encryption_rijndael)
-            Twofish -> resources.getString(R.string.encryption_twofish)
-            ChaCha20 -> resources.getString(R.string.encryption_chacha20)
-        }
-    }
-}

app/src/main/java/com/kunzisoft/keepass/database/exception/DatabaseException.kt

@@ -114,7 +114,7 @@ class NoMemoryDatabaseException: LoadDatabaseException {
     constructor(exception: Throwable) : super(exception)
 }
 
-class EntryDatabaseException: LoadDatabaseException {
+class MoveEntryDatabaseException: LoadDatabaseException {
     @StringRes
     override var errorId: Int = R.string.error_move_entry_here
     constructor() : super()
@@ -123,7 +123,7 @@ class EntryDatabaseException: LoadDatabaseException {
 
 class MoveGroupDatabaseException: LoadDatabaseException {
     @StringRes
-    override var errorId: Int = R.string.error_move_folder_in_itself
+    override var errorId: Int = R.string.error_move_group_here
     constructor() : super()
     constructor(exception: Throwable) : super(exception)
 }

app/src/main/java/com/kunzisoft/keepass/database/file/DatabaseHeaderKDB.kt

@@ -21,9 +21,9 @@
 
 package com.kunzisoft.keepass.database.file
 
-import com.kunzisoft.keepass.stream.readBytesLength
-import com.kunzisoft.keepass.stream.readBytes4ToUInt
 import com.kunzisoft.keepass.utils.UnsignedInt
+import com.kunzisoft.keepass.utils.readBytes4ToUInt
+import com.kunzisoft.keepass.utils.readBytesLength
 import java.io.IOException
 import java.io.InputStream
 

app/src/main/java/com/kunzisoft/keepass/database/file/DatabaseHeaderKDBX.kt

@@ -19,30 +19,26 @@
  */
 package com.kunzisoft.keepass.database.file
 
-import com.kunzisoft.keepass.crypto.CrsAlgorithm
+import com.kunzisoft.keepass.database.crypto.CrsAlgorithm
-import com.kunzisoft.keepass.crypto.keyDerivation.AesKdf
+import com.kunzisoft.encrypt.HashManager
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfFactory
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfParameters
 import com.kunzisoft.keepass.database.action.node.NodeHandler
+import com.kunzisoft.keepass.database.crypto.VariantDictionary
+import com.kunzisoft.keepass.database.crypto.kdf.AesKdf
+import com.kunzisoft.keepass.database.crypto.kdf.KdfFactory
+import com.kunzisoft.keepass.database.crypto.kdf.KdfParameters
 import com.kunzisoft.keepass.database.element.database.CompressionAlgorithm
 import com.kunzisoft.keepass.database.element.database.DatabaseKDBX
 import com.kunzisoft.keepass.database.element.entry.EntryKDBX
 import com.kunzisoft.keepass.database.element.group.GroupKDBX
 import com.kunzisoft.keepass.database.element.node.NodeKDBXInterface
 import com.kunzisoft.keepass.database.exception.VersionDatabaseException
-import com.kunzisoft.keepass.stream.*
+import com.kunzisoft.keepass.stream.CopyInputStream
-import com.kunzisoft.keepass.utils.UnsignedInt
+import com.kunzisoft.keepass.utils.*
-import com.kunzisoft.keepass.utils.UnsignedLong
-import com.kunzisoft.keepass.utils.VariantDictionary
 import java.io.ByteArrayOutputStream
 import java.io.IOException
 import java.io.InputStream
 import java.security.DigestInputStream
-import java.security.InvalidKeyException
 import java.security.MessageDigest
-import java.security.NoSuchAlgorithmException
-import javax.crypto.Mac
-import javax.crypto.spec.SecretKeySpec
 
 class DatabaseHeaderKDBX(private val databaseV4: DatabaseKDBX) : DatabaseHeader() {
     var innerRandomStreamKey: ByteArray = ByteArray(32)
@@ -140,33 +136,27 @@ class DatabaseHeaderKDBX(private val databaseV4: DatabaseKDBX) : DatabaseHeader(
      */
     @Throws(IOException::class, VersionDatabaseException::class)
     fun loadFromFile(inputStream: InputStream): HeaderAndHash {
-        val messageDigest: MessageDigest
+        val messageDigest: MessageDigest = HashManager.getHash256()
-        try {
-            messageDigest = MessageDigest.getInstance("SHA-256")
-        } catch (e: NoSuchAlgorithmException) {
-            throw IOException("No SHA-256 implementation")
-        }
 
         val headerBOS = ByteArrayOutputStream()
         val copyInputStream = CopyInputStream(inputStream, headerBOS)
         val digestInputStream = DigestInputStream(copyInputStream, messageDigest)
-        val littleEndianDataInputStream = LittleEndianDataInputStream(digestInputStream)
 
-        val sig1 = littleEndianDataInputStream.readUInt()
+        val sig1 = digestInputStream.readBytes4ToUInt()
-        val sig2 = littleEndianDataInputStream.readUInt()
+        val sig2 = digestInputStream.readBytes4ToUInt()
 
         if (!matchesHeader(sig1, sig2)) {
             throw VersionDatabaseException()
         }
 
-        version = littleEndianDataInputStream.readUInt() // Erase previous value
+        version = digestInputStream.readBytes4ToUInt() // Erase previous value
         if (!validVersion(version)) {
             throw VersionDatabaseException()
         }
 
         var done = false
         while (!done) {
-            done = readHeaderField(littleEndianDataInputStream)
+            done = readHeaderField(digestInputStream)
         }
 
         val hash = messageDigest.digest()
@@ -174,13 +164,13 @@ class DatabaseHeaderKDBX(private val databaseV4: DatabaseKDBX) : DatabaseHeader(
     }
 
     @Throws(IOException::class)
-    private fun readHeaderField(dis: LittleEndianDataInputStream): Boolean {
+    private fun readHeaderField(dis: InputStream): Boolean {
         val fieldID = dis.read().toByte()
 
-        val fieldSize: Int = if (version.toKotlinLong() < FILE_VERSION_32_4.toKotlinLong()) {
+        val fieldSize: Int = if (version.isBefore(FILE_VERSION_32_4)) {
-            dis.readUShort()
+            dis.readBytes2ToUShort()
         } else {
-            dis.readUInt().toKotlinInt()
+            dis.readBytes4ToUInt().toKotlinInt()
         }
 
         var fieldData: ByteArray? = null
@@ -204,20 +194,20 @@ class DatabaseHeaderKDBX(private val databaseV4: DatabaseKDBX) : DatabaseHeader(
 
             PwDbHeaderV4Fields.MasterSeed -> masterSeed = fieldData
 
-            PwDbHeaderV4Fields.TransformSeed -> if (version.toKotlinLong() < FILE_VERSION_32_4.toKotlinLong())
+            PwDbHeaderV4Fields.TransformSeed -> if (version.isBefore(FILE_VERSION_32_4))
                 transformSeed = fieldData
 
-            PwDbHeaderV4Fields.TransformRounds -> if (version.toKotlinLong() < FILE_VERSION_32_4.toKotlinLong())
+            PwDbHeaderV4Fields.TransformRounds -> if (version.isBefore(FILE_VERSION_32_4))
                 setTransformRound(fieldData)
 
             PwDbHeaderV4Fields.EncryptionIV -> encryptionIV = fieldData
 
-            PwDbHeaderV4Fields.InnerRandomstreamKey -> if (version.toKotlinLong() < FILE_VERSION_32_4.toKotlinLong())
+            PwDbHeaderV4Fields.InnerRandomstreamKey -> if (version.isBefore(FILE_VERSION_32_4))
                 innerRandomStreamKey = fieldData
 
             PwDbHeaderV4Fields.StreamStartBytes -> streamStartBytes = fieldData
 
-            PwDbHeaderV4Fields.InnerRandomStreamID -> if (version.toKotlinLong() < FILE_VERSION_32_4.toKotlinLong())
+            PwDbHeaderV4Fields.InnerRandomStreamID -> if (version.isBefore(FILE_VERSION_32_4))
                 setRandomStreamID(fieldData)
 
             PwDbHeaderV4Fields.KdfParameters -> databaseV4.kdfParameters = KdfParameters.deserialize(fieldData)
@@ -244,14 +234,14 @@ class DatabaseHeaderKDBX(private val databaseV4: DatabaseKDBX) : DatabaseHeader(
             throw IOException("Invalid cipher ID.")
         }
 
-        databaseV4.dataCipher = bytes16ToUuid(pbId)
+        databaseV4.cipherUuid = bytes16ToUuid(pbId)
     }
 
     private fun setTransformRound(roundsByte: ByteArray) {
         assignAesKdfEngineIfNotExists()
-        val rounds = bytes64ToLong(roundsByte)
+        val rounds = bytes64ToULong(roundsByte)
         databaseV4.kdfParameters?.setUInt64(AesKdf.PARAM_ROUNDS, rounds)
-        databaseV4.numberKeyEncryptionRounds = rounds
+        databaseV4.numberKeyEncryptionRounds = rounds.toKotlinLong()
     }
 
     @Throws(IOException::class)
@@ -323,23 +313,5 @@ class DatabaseHeaderKDBX(private val databaseV4: DatabaseKDBX) : DatabaseHeader(
         fun matchesHeader(sig1: UnsignedInt, sig2: UnsignedInt): Boolean {
             return sig1 == PWM_DBSIG_1 && (sig2 == DBSIG_PRE2 || sig2 == DBSIG_2)
         }
-
-        @Throws(IOException::class)
-        fun computeHeaderHmac(header: ByteArray, key: ByteArray): ByteArray {
-            val blockKey = HmacBlockStream.getHmacKey64(key, UnsignedLong.MAX_VALUE)
-
-            val hmac: Mac
-            try {
-                hmac = Mac.getInstance("HmacSHA256")
-                val signingKey = SecretKeySpec(blockKey, "HmacSHA256")
-                hmac.init(signingKey)
-            } catch (e: NoSuchAlgorithmException) {
-                throw IOException("No HmacAlogirthm")
-            } catch (e: InvalidKeyException) {
-                throw IOException("Invalid Hmac Key")
-            }
-
-            return hmac.doFinal(header)
-        }
     }
 }

app/src/main/java/com/kunzisoft/keepass/database/file/DateKDBXUtil.java

@@ -1,52 +0,0 @@
-/*
- * Copyright 2019 Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.database.file;
-
-import org.joda.time.DateTime;
-import org.joda.time.DateTimeZone;
-import org.joda.time.Duration;
-
-import java.util.Date;
-
-public class DateKDBXUtil {
-    private static final DateTime dotNetEpoch = new DateTime(1, 1, 1, 0, 0, 0, DateTimeZone.UTC);
-    private static final DateTime javaEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeZone.UTC);
-
-    private static final long epochOffset;
-
-    static {
-        epochOffset = (javaEpoch.getMillis() - dotNetEpoch.getMillis()) / 1000L;
-    }
-
-    public static Date convertKDBX4Time(long seconds) {
-        DateTime dt = dotNetEpoch.plus(seconds * 1000L);
-        // Switch corrupted dates to a more recent date that won't cause issues on the client
-        if (dt.isBefore(javaEpoch)) {
-            return javaEpoch.toDate();
-        }
-        return dt.toDate();
-    }
-
-    public static long convertDateToKDBX4Time(DateTime dt) {
-        Duration duration = new Duration( javaEpoch, dt );
-        long seconds = ( duration.getMillis() / 1000L );
-        return seconds + epochOffset;
-    }
-}

app/src/main/java/com/kunzisoft/keepass/database/file/DateKDBXUtil.kt

@@ -0,0 +1,46 @@
+/*
+ * Copyright 2019 Jeremy Jamet / Kunzisoft.
+ *
+ * This file is part of KeePassDX.
+ *
+ *  KeePassDX is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  KeePassDX is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+package com.kunzisoft.keepass.database.file
+
+import org.joda.time.DateTime
+import org.joda.time.DateTimeZone
+import org.joda.time.Duration
+import java.util.*
+
+object DateKDBXUtil {
+
+    private val dotNetEpoch = DateTime(1, 1, 1, 0, 0, 0, DateTimeZone.UTC)
+    private val javaEpoch = DateTime(1970, 1, 1, 0, 0, 0, DateTimeZone.UTC)
+    private val epochOffset = (javaEpoch.millis - dotNetEpoch.millis) / 1000L
+
+    fun convertKDBX4Time(seconds: Long): Date {
+        val dt = dotNetEpoch.plus(seconds * 1000L)
+        // Switch corrupted dates to a more recent date that won't cause issues on the client
+        return if (dt.isBefore(javaEpoch)) {
+            javaEpoch.toDate()
+        } else dt.toDate()
+    }
+
+    fun convertDateToKDBX4Time(dt: DateTime?): Long {
+        val duration = Duration(javaEpoch, dt)
+        val seconds = duration.millis / 1000L
+        return seconds + epochOffset
+    }
+}

app/src/main/java/com/kunzisoft/keepass/database/file/input/DatabaseInput.kt

@@ -19,15 +19,21 @@
  */
 package com.kunzisoft.keepass.database.file.input
 
-import com.kunzisoft.keepass.database.element.Database
+import android.util.Log
+import com.kunzisoft.keepass.R
+import com.kunzisoft.keepass.database.element.binary.LoadedKey
 import com.kunzisoft.keepass.database.element.database.DatabaseVersioned
 import com.kunzisoft.keepass.database.exception.LoadDatabaseException
 import com.kunzisoft.keepass.tasks.ProgressTaskUpdater
 import java.io.File
 import java.io.InputStream
 
-abstract class DatabaseInput<PwDb : DatabaseVersioned<*, *, *, *>>
+abstract class DatabaseInput<D : DatabaseVersioned<*, *, *, *>>
-    (protected val cacheDirectory: File) {
+    (protected val cacheDirectory: File,
+     protected val isRAMSufficient: (memoryWanted: Long) -> Boolean) {
+
+    private var startTimeKey = System.currentTimeMillis()
+    private var startTimeContent = System.currentTimeMillis()
 
     /**
      * Load a versioned database file, return contents in a new DatabaseVersioned.
@@ -43,15 +49,39 @@ abstract class DatabaseInput<PwDb : DatabaseVersioned<*, *, *, *>>
     abstract fun openDatabase(databaseInputStream: InputStream,
                               password: String?,
                               keyfileInputStream: InputStream?,
-                              loadedCipherKey: Database.LoadedKey,
+                              loadedCipherKey: LoadedKey,
                               progressTaskUpdater: ProgressTaskUpdater?,
-                              fixDuplicateUUID: Boolean = false): PwDb
+                              fixDuplicateUUID: Boolean = false): D
 
 
     @Throws(LoadDatabaseException::class)
     abstract fun openDatabase(databaseInputStream: InputStream,
                               masterKey: ByteArray,
-                              loadedCipherKey: Database.LoadedKey,
+                              loadedCipherKey: LoadedKey,
                               progressTaskUpdater: ProgressTaskUpdater?,
-                              fixDuplicateUUID: Boolean = false): PwDb
+                              fixDuplicateUUID: Boolean = false): D
+
+    protected fun startKeyTimer(progressTaskUpdater: ProgressTaskUpdater?) {
+        progressTaskUpdater?.updateMessage(R.string.retrieving_db_key)
+        Log.d(TAG, "Start retrieving database key...")
+        startTimeKey = System.currentTimeMillis()
+    }
+
+    protected fun stopKeyTimer() {
+        Log.d(TAG, "Stop retrieving database key... ${System.currentTimeMillis() - startTimeKey} ms")
+    }
+
+    protected fun startContentTimer(progressTaskUpdater: ProgressTaskUpdater?) {
+        progressTaskUpdater?.updateMessage(R.string.decrypting_db)
+        Log.d(TAG, "Start decrypting database content...")
+        startTimeContent = System.currentTimeMillis()
+    }
+
+    protected fun stopContentTimer() {
+        Log.d(TAG, "Stop retrieving database content... ${System.currentTimeMillis() - startTimeContent} ms")
+    }
+
+    companion object {
+        private val TAG = DatabaseInput::class.java.name
+    }
 }

app/src/main/java/com/kunzisoft/keepass/database/file/input/DatabaseInputKDB.kt

@@ -20,34 +20,35 @@
 
 package com.kunzisoft.keepass.database.file.input
 
-import com.kunzisoft.keepass.R
+import com.kunzisoft.encrypt.HashManager
-import com.kunzisoft.keepass.crypto.CipherFactory
+import com.kunzisoft.keepass.database.crypto.EncryptionAlgorithm
-import com.kunzisoft.keepass.database.element.Database
+import com.kunzisoft.keepass.database.element.DateInstant
+import com.kunzisoft.keepass.database.element.binary.LoadedKey
 import com.kunzisoft.keepass.database.element.database.DatabaseKDB
 import com.kunzisoft.keepass.database.element.entry.EntryKDB
 import com.kunzisoft.keepass.database.element.group.GroupKDB
 import com.kunzisoft.keepass.database.element.node.NodeIdInt
 import com.kunzisoft.keepass.database.element.node.NodeIdUUID
-import com.kunzisoft.keepass.database.element.security.EncryptionAlgorithm
 import com.kunzisoft.keepass.database.exception.*
 import com.kunzisoft.keepass.database.file.DatabaseHeader
 import com.kunzisoft.keepass.database.file.DatabaseHeaderKDB
-import com.kunzisoft.keepass.stream.*
 import com.kunzisoft.keepass.tasks.ProgressTaskUpdater
+import com.kunzisoft.keepass.utils.*
 import java.io.*
-import java.security.*
+import java.security.DigestInputStream
+import java.security.MessageDigest
 import java.util.*
 import javax.crypto.Cipher
-import javax.crypto.NoSuchPaddingException
+import javax.crypto.CipherInputStream
-import javax.crypto.spec.IvParameterSpec
+import kotlin.collections.HashMap
-import javax.crypto.spec.SecretKeySpec
 
 
 /**
  * Load a KDB database file.
  */
-class DatabaseInputKDB(cacheDirectory: File)
+class DatabaseInputKDB(cacheDirectory: File,
-    : DatabaseInput<DatabaseKDB>(cacheDirectory) {
+                       isRAMSufficient: (memoryWanted: Long) -> Boolean)
+    : DatabaseInput<DatabaseKDB>(cacheDirectory, isRAMSufficient) {
 
     private lateinit var mDatabase: DatabaseKDB
 
@@ -55,11 +56,11 @@ class DatabaseInputKDB(cacheDirectory: File)
     override fun openDatabase(databaseInputStream: InputStream,
                               password: String?,
                               keyfileInputStream: InputStream?,
-                              loadedCipherKey: Database.LoadedKey,
+                              loadedCipherKey: LoadedKey,
                               progressTaskUpdater: ProgressTaskUpdater?,
                               fixDuplicateUUID: Boolean): DatabaseKDB {
         return openDatabase(databaseInputStream, progressTaskUpdater, fixDuplicateUUID) {
-            mDatabase.loadedCipherKey = loadedCipherKey
+            mDatabase.binaryCache.loadedCipherKey = loadedCipherKey
             mDatabase.retrieveMasterKey(password, keyfileInputStream)
         }
     }
@@ -67,11 +68,11 @@ class DatabaseInputKDB(cacheDirectory: File)
     @Throws(LoadDatabaseException::class)
     override fun openDatabase(databaseInputStream: InputStream,
                               masterKey: ByteArray,
-                              loadedCipherKey: Database.LoadedKey,
+                              loadedCipherKey: LoadedKey,
                               progressTaskUpdater: ProgressTaskUpdater?,
                               fixDuplicateUUID: Boolean): DatabaseKDB {
         return openDatabase(databaseInputStream, progressTaskUpdater, fixDuplicateUUID) {
-            mDatabase.loadedCipherKey = loadedCipherKey
+            mDatabase.binaryCache.loadedCipherKey = loadedCipherKey
             mDatabase.masterKey = masterKey
         }
     }
@@ -83,6 +84,7 @@ class DatabaseInputKDB(cacheDirectory: File)
                              assignMasterKey: (() -> Unit)? = null): DatabaseKDB {
 
         try {
+            startKeyTimer(progressTaskUpdater)
             // Load entire file, most of it's encrypted.
             val fileSize = databaseInputStream.available()
 
@@ -105,8 +107,8 @@ class DatabaseInputKDB(cacheDirectory: File)
                 throw VersionDatabaseException()
             }
 
-            progressTaskUpdater?.updateMessage(R.string.retrieving_db_key)
             mDatabase = DatabaseKDB()
+            mDatabase.binaryCache.cacheDirectory = cacheDirectory
 
             mDatabase.changeDuplicateId = fixDuplicateUUID
             assignMasterKey?.invoke()
@@ -130,56 +132,33 @@ class DatabaseInputKDB(cacheDirectory: File)
                     header.transformSeed,
                     mDatabase.numberKeyEncryptionRounds)
 
-            progressTaskUpdater?.updateMessage(R.string.decrypting_db)
+            stopKeyTimer()
-            // Initialize Rijndael algorithm
+            startContentTimer(progressTaskUpdater)
+
             val cipher: Cipher = try {
-                when {
+                mDatabase.encryptionAlgorithm
-                    mDatabase.encryptionAlgorithm === EncryptionAlgorithm.AESRijndael -> {
+                        .cipherEngine.getCipher(Cipher.DECRYPT_MODE,
-                        CipherFactory.getInstance("AES/CBC/PKCS5Padding")
+                                mDatabase.finalKey ?: ByteArray(0),
-                    }
+                                header.encryptionIV)
-                    mDatabase.encryptionAlgorithm === EncryptionAlgorithm.Twofish -> {
+            } catch (e: Exception) {
-                        CipherFactory.getInstance("Twofish/CBC/PKCS7PADDING")
+                throw IOException("Algorithm not supported.", e)
-                    }
-                    else -> throw IOException("Encryption algorithm is not supported")
-                }
-            } catch (e1: NoSuchAlgorithmException) {
-                throw IOException("No such algorithm")
-            } catch (e1: NoSuchPaddingException) {
-                throw IOException("No such pdading")
-            }
-
-            try {
-                cipher.init(Cipher.DECRYPT_MODE,
-                        SecretKeySpec(mDatabase.finalKey, "AES"),
-                        IvParameterSpec(header.encryptionIV))
-            } catch (e1: InvalidKeyException) {
-                throw IOException("Invalid key")
-            } catch (e1: InvalidAlgorithmParameterException) {
-                throw IOException("Invalid algorithm parameter.")
-            }
-
-            val messageDigest: MessageDigest
-            try {
-                messageDigest = MessageDigest.getInstance("SHA-256")
-            } catch (e: NoSuchAlgorithmException) {
-                throw IOException("No SHA-256 algorithm")
             }
 
             // Decrypt content
+            val messageDigest: MessageDigest = HashManager.getHash256()
             val cipherInputStream = BufferedInputStream(
                     DigestInputStream(
-                            BetterCipherInputStream(databaseInputStream, cipher),
+                            CipherInputStream(databaseInputStream, cipher),
                             messageDigest
                     )
             )
 
             // New manual root because KDB contains multiple root groups (here available with getRootGroups())
             val newRoot = mDatabase.createGroup()
-            newRoot.level = -1
             mDatabase.rootGroup = newRoot
-            mDatabase.addGroupIndex(newRoot)
 
             // Import all nodes
+            val groupLevelList = HashMap<GroupKDB, Int>()
             var newGroup: GroupKDB? = null
             var newEntry: EntryKDB? = null
             var currentGroupNumber = 0
@@ -224,7 +203,7 @@ class DatabaseInputKDB(cacheDirectory: File)
                     }
                     0x0003 -> {
                         newGroup?.let { group ->
-                            group.creationTime = cipherInputStream.readBytes5ToDate()
+                            group.creationTime = DateInstant(cipherInputStream.readBytes5ToDate())
                         } ?:
                         newEntry?.let { entry ->
                             var iconId = cipherInputStream.readBytes4ToUInt().toKotlinInt()
@@ -237,7 +216,7 @@ class DatabaseInputKDB(cacheDirectory: File)
                     }
                     0x0004 -> {
                         newGroup?.let { group ->
-                            group.lastModificationTime = cipherInputStream.readBytes5ToDate()
+                            group.lastModificationTime = DateInstant(cipherInputStream.readBytes5ToDate())
                         } ?:
                         newEntry?.let { entry ->
                             entry.title = cipherInputStream.readBytesToString(fieldSize)
@@ -245,7 +224,7 @@ class DatabaseInputKDB(cacheDirectory: File)
                     }
                     0x0005 -> {
                         newGroup?.let { group ->
-                            group.lastAccessTime = cipherInputStream.readBytes5ToDate()
+                            group.lastAccessTime = DateInstant(cipherInputStream.readBytes5ToDate())
                         } ?:
                         newEntry?.let { entry ->
                             entry.url = cipherInputStream.readBytesToString(fieldSize)
@@ -253,7 +232,7 @@ class DatabaseInputKDB(cacheDirectory: File)
                     }
                     0x0006 -> {
                         newGroup?.let { group ->
-                            group.expiryTime = cipherInputStream.readBytes5ToDate()
+                            group.expiryTime = DateInstant(cipherInputStream.readBytes5ToDate())
                         } ?:
                         newEntry?.let { entry ->
                             entry.username = cipherInputStream.readBytesToString(fieldSize)
@@ -269,7 +248,7 @@ class DatabaseInputKDB(cacheDirectory: File)
                     }
                     0x0008 -> {
                         newGroup?.let { group ->
-                            group.level = cipherInputStream.readBytes2ToUShort()
+                            groupLevelList.put(group, cipherInputStream.readBytes2ToUShort())
                         } ?:
                         newEntry?.let { entry ->
                             entry.notes = cipherInputStream.readBytesToString(fieldSize)
@@ -280,22 +259,22 @@ class DatabaseInputKDB(cacheDirectory: File)
                             group.groupFlags = cipherInputStream.readBytes4ToUInt().toKotlinInt()
                         } ?:
                         newEntry?.let { entry ->
-                            entry.creationTime = cipherInputStream.readBytes5ToDate()
+                            entry.creationTime = DateInstant(cipherInputStream.readBytes5ToDate())
                         }
                     }
                     0x000A -> {
                         newEntry?.let { entry ->
-                            entry.lastModificationTime = cipherInputStream.readBytes5ToDate()
+                            entry.lastModificationTime = DateInstant(cipherInputStream.readBytes5ToDate())
                         }
                     }
                     0x000B -> {
                         newEntry?.let { entry ->
-                            entry.lastAccessTime = cipherInputStream.readBytes5ToDate()
+                            entry.lastAccessTime = DateInstant(cipherInputStream.readBytes5ToDate())
                         }
                     }
                     0x000C -> {
                         newEntry?.let { entry ->
-                            entry.expiryTime = cipherInputStream.readBytes5ToDate()
+                            entry.expiryTime = DateInstant(cipherInputStream.readBytes5ToDate())
                         }
                     }
                     0x000D -> {
@@ -306,11 +285,9 @@ class DatabaseInputKDB(cacheDirectory: File)
                     0x000E -> {
                         newEntry?.let { entry ->
                             if (fieldSize > 0) {
-                                val binaryAttachment = mDatabase.buildNewAttachment(cacheDirectory)
+                                val binaryData = mDatabase.buildNewAttachment()
-                                entry.binaryData = binaryAttachment
+                                entry.putBinary(binaryData, mDatabase.attachmentPool)
-                                val cipherKey = mDatabase.loadedCipherKey
+                                BufferedOutputStream(binaryData.getOutputDataStream(mDatabase.binaryCache)).use { outputStream ->
-                                        ?: throw IOException("Unable to retrieve cipher key to load binaries")
-                                BufferedOutputStream(binaryAttachment.getOutputDataStream(cipherKey)).use { outputStream ->
                                     cipherInputStream.readBytes(fieldSize) { buffer ->
                                         outputStream.write(buffer)
                                     }
@@ -341,7 +318,9 @@ class DatabaseInputKDB(cacheDirectory: File)
             if (!Arrays.equals(messageDigest.digest(), header.contentsHash)) {
                 throw InvalidCredentialsDatabaseException()
             }
-            constructTreeFromIndex()
+            constructTreeFromIndex(groupLevelList)
+
+            stopContentTimer()
 
         } catch (e: LoadDatabaseException) {
             mDatabase.clearCache()
@@ -360,34 +339,40 @@ class DatabaseInputKDB(cacheDirectory: File)
         return mDatabase
     }
 
-    private fun buildTreeGroups(previousGroup: GroupKDB, currentGroup: GroupKDB, groupIterator: Iterator<GroupKDB>) {
+    private fun buildTreeGroups(groupLevelList: HashMap<GroupKDB, Int>,
+                                previousGroup: GroupKDB,
+                                currentGroup: GroupKDB,
+                                groupIterator: Iterator<GroupKDB>) {
 
-        if (currentGroup.parent == null && (previousGroup.level + 1) == currentGroup.level) {
+        val previousGroupLevel = groupLevelList[previousGroup] ?: -1
+        val currentGroupLevel = groupLevelList[currentGroup] ?: -1
+
+        if (currentGroup.parent == null && (previousGroupLevel + 1) == currentGroupLevel) {
             // Current group has an increment level compare to the previous, current group is a child
             previousGroup.addChildGroup(currentGroup)
             currentGroup.parent = previousGroup
-        } else if (previousGroup.parent != null && previousGroup.level == currentGroup.level) {
+        } else if (previousGroup.parent != null && previousGroupLevel == currentGroupLevel) {
             // In the same level, previous parent is the same as previous group
             previousGroup.parent!!.addChildGroup(currentGroup)
             currentGroup.parent = previousGroup.parent
         } else if (previousGroup.parent != null) {
             // Previous group has a higher level than the current group, check it's parent
-            buildTreeGroups(previousGroup.parent!!, currentGroup, groupIterator)
+            buildTreeGroups(groupLevelList, previousGroup.parent!!, currentGroup, groupIterator)
         }
 
         // Next current group
         if (groupIterator.hasNext()){
-            buildTreeGroups(currentGroup, groupIterator.next(), groupIterator)
+            buildTreeGroups(groupLevelList, currentGroup, groupIterator.next(), groupIterator)
         }
     }
 
-    private fun constructTreeFromIndex() {
+    private fun constructTreeFromIndex(groupLevelList: HashMap<GroupKDB, Int>) {
-        mDatabase.rootGroup?.let {
+        mDatabase.rootGroup?.let { root ->
 
             // add each group
             val groupIterator = mDatabase.getGroupIndexes().iterator()
             if (groupIterator.hasNext())
-                buildTreeGroups(it, groupIterator.next(), groupIterator)
+                buildTreeGroups(groupLevelList, root, groupIterator.next(), groupIterator)
 
             // add each child
             for (currentEntry in mDatabase.getEntryIndexes()) {

app/src/main/java/com/kunzisoft/keepass/database/file/input/DatabaseInputKDBX.kt

@@ -21,15 +21,16 @@ package com.kunzisoft.keepass.database.file.input
 
 import android.util.Base64
 import android.util.Log
-import com.kunzisoft.keepass.R
+import com.kunzisoft.encrypt.StreamCipher
-import com.kunzisoft.keepass.crypto.CipherFactory
+import com.kunzisoft.keepass.database.crypto.CipherEngine
-import com.kunzisoft.keepass.crypto.StreamCipherFactory
+import com.kunzisoft.keepass.database.crypto.CrsAlgorithm
-import com.kunzisoft.keepass.crypto.engine.CipherEngine
+import com.kunzisoft.keepass.database.crypto.EncryptionAlgorithm
+import com.kunzisoft.keepass.database.crypto.HmacBlock
 import com.kunzisoft.keepass.database.element.Attachment
-import com.kunzisoft.keepass.database.element.Database
 import com.kunzisoft.keepass.database.element.DateInstant
 import com.kunzisoft.keepass.database.element.DeletedObject
-import com.kunzisoft.keepass.database.element.database.BinaryData
+import com.kunzisoft.keepass.database.element.binary.BinaryData
+import com.kunzisoft.keepass.database.element.binary.LoadedKey
 import com.kunzisoft.keepass.database.element.database.CompressionAlgorithm
 import com.kunzisoft.keepass.database.element.database.DatabaseKDBX
 import com.kunzisoft.keepass.database.element.database.DatabaseKDBX.Companion.BASE_64_FLAG
@@ -41,13 +42,13 @@ import com.kunzisoft.keepass.database.element.node.NodeKDBXInterface
 import com.kunzisoft.keepass.database.element.security.ProtectedString
 import com.kunzisoft.keepass.database.exception.*
 import com.kunzisoft.keepass.database.file.DatabaseHeaderKDBX
+import com.kunzisoft.keepass.database.file.DatabaseHeaderKDBX.Companion.FILE_VERSION_32_4
 import com.kunzisoft.keepass.database.file.DatabaseKDBXXML
 import com.kunzisoft.keepass.database.file.DateKDBXUtil
-import com.kunzisoft.keepass.stream.*
+import com.kunzisoft.keepass.stream.HashedBlockInputStream
+import com.kunzisoft.keepass.stream.HmacBlockInputStream
 import com.kunzisoft.keepass.tasks.ProgressTaskUpdater
-import com.kunzisoft.keepass.utils.UnsignedInt
+import com.kunzisoft.keepass.utils.*
-import com.kunzisoft.keepass.utils.UnsignedLong
-import org.bouncycastle.crypto.StreamCipher
 import org.xmlpull.v1.XmlPullParser
 import org.xmlpull.v1.XmlPullParserException
 import org.xmlpull.v1.XmlPullParserFactory
@@ -61,10 +62,12 @@ import java.util.*
 import java.util.zip.GZIPInputStream
 import javax.crypto.Cipher
 import javax.crypto.CipherInputStream
+import javax.crypto.Mac
 import kotlin.math.min
 
-class DatabaseInputKDBX(cacheDirectory: File)
+class DatabaseInputKDBX(cacheDirectory: File,
-    : DatabaseInput<DatabaseKDBX>(cacheDirectory) {
+                        isRAMSufficient: (memoryWanted: Long) -> Boolean)
+    : DatabaseInput<DatabaseKDBX>(cacheDirectory, isRAMSufficient) {
 
     private var randomStream: StreamCipher? = null
     private lateinit var mDatabase: DatabaseKDBX
@@ -97,11 +100,11 @@ class DatabaseInputKDBX(cacheDirectory: File)
     override fun openDatabase(databaseInputStream: InputStream,
                               password: String?,
                               keyfileInputStream: InputStream?,
-                              loadedCipherKey: Database.LoadedKey,
+                              loadedCipherKey: LoadedKey,
                               progressTaskUpdater: ProgressTaskUpdater?,
                               fixDuplicateUUID: Boolean): DatabaseKDBX {
         return openDatabase(databaseInputStream, progressTaskUpdater, fixDuplicateUUID) {
-            mDatabase.loadedCipherKey = loadedCipherKey
+            mDatabase.binaryCache.loadedCipherKey = loadedCipherKey
             mDatabase.retrieveMasterKey(password, keyfileInputStream)
         }
     }
@@ -109,11 +112,11 @@ class DatabaseInputKDBX(cacheDirectory: File)
     @Throws(LoadDatabaseException::class)
     override fun openDatabase(databaseInputStream: InputStream,
                               masterKey: ByteArray,
-                              loadedCipherKey: Database.LoadedKey,
+                              loadedCipherKey: LoadedKey,
                               progressTaskUpdater: ProgressTaskUpdater?,
                               fixDuplicateUUID: Boolean): DatabaseKDBX {
         return openDatabase(databaseInputStream, progressTaskUpdater, fixDuplicateUUID) {
-            mDatabase.loadedCipherKey = loadedCipherKey
+            mDatabase.binaryCache.loadedCipherKey = loadedCipherKey
             mDatabase.masterKey = masterKey
         }
     }
@@ -124,8 +127,9 @@ class DatabaseInputKDBX(cacheDirectory: File)
                              fixDuplicateUUID: Boolean,
                              assignMasterKey: (() -> Unit)? = null): DatabaseKDBX {
         try {
-            progressTaskUpdater?.updateMessage(R.string.retrieving_db_key)
+            startKeyTimer(progressTaskUpdater)
             mDatabase = DatabaseKDBX()
+            mDatabase.binaryCache.cacheDirectory = cacheDirectory
 
             mDatabase.changeDuplicateId = fixDuplicateUUID
 
@@ -140,26 +144,29 @@ class DatabaseInputKDBX(cacheDirectory: File)
             assignMasterKey?.invoke()
             mDatabase.makeFinalKey(header.masterSeed)
 
-            progressTaskUpdater?.updateMessage(R.string.decrypting_db)
+            stopKeyTimer()
+            startContentTimer(progressTaskUpdater)
+
             val engine: CipherEngine
             val cipher: Cipher
             try {
-                engine = CipherFactory.getInstance(mDatabase.dataCipher)
+                engine = EncryptionAlgorithm.getFrom(mDatabase.cipherUuid).cipherEngine
+                engine.forcePaddingCompatibility = true
                 mDatabase.setDataEngine(engine)
-                mDatabase.encryptionAlgorithm = engine.getPwEncryptionAlgorithm()
+                mDatabase.encryptionAlgorithm = engine.getEncryptionAlgorithm()
                 cipher = engine.getCipher(Cipher.DECRYPT_MODE, mDatabase.finalKey!!, header.encryptionIV)
+                engine.forcePaddingCompatibility = false
             } catch (e: Exception) {
                 throw InvalidAlgorithmDatabaseException(e)
             }
 
-            val isPlain: InputStream
+            val plainInputStream: InputStream
-            if (mDatabase.kdbxVersion.toKotlinLong() < DatabaseHeaderKDBX.FILE_VERSION_32_4.toKotlinLong()) {
+            if (mDatabase.kdbxVersion.isBefore(FILE_VERSION_32_4)) {
 
-                val decrypted = attachCipherStream(databaseInputStream, cipher)
+                val dataDecrypted = CipherInputStream(databaseInputStream, cipher)
-                val dataDecrypted = LittleEndianDataInputStream(decrypted)
                 val storedStartBytes: ByteArray?
                 try {
-                    storedStartBytes = dataDecrypted.readBytes(32)
+                    storedStartBytes = dataDecrypted.readBytesLength(32)
                     if (storedStartBytes.size != 32) {
                         throw InvalidCredentialsDatabaseException()
                     }
@@ -171,47 +178,57 @@ class DatabaseInputKDBX(cacheDirectory: File)
                     throw InvalidCredentialsDatabaseException()
                 }
 
-                isPlain = HashedBlockInputStream(dataDecrypted)
+                plainInputStream = HashedBlockInputStream(dataDecrypted)
             } else { // KDBX 4
-                val isData = LittleEndianDataInputStream(databaseInputStream)
+                val storedHash = databaseInputStream.readBytesLength(32)
-                val storedHash = isData.readBytes(32)
+                if (!storedHash.contentEquals(hashOfHeader)) {
-                if (!Arrays.equals(storedHash, hashOfHeader)) {
                     throw InvalidCredentialsDatabaseException()
                 }
 
                 val hmacKey = mDatabase.hmacKey ?: throw LoadDatabaseException()
-                val headerHmac = DatabaseHeaderKDBX.computeHeaderHmac(pbHeader, hmacKey)
+
-                val storedHmac = isData.readBytes(32)
+                val blockKey = HmacBlock.getHmacKey64(hmacKey, UnsignedLong.MAX_BYTES)
+                val hmac: Mac = HmacBlock.getHmacSha256(blockKey)
+                val headerHmac = hmac.doFinal(pbHeader)
+
+                val storedHmac = databaseInputStream.readBytesLength(32)
                 if (storedHmac.size != 32) {
                     throw InvalidCredentialsDatabaseException()
                 }
                 // Mac doesn't match
-                if (!Arrays.equals(headerHmac, storedHmac)) {
+                if (!headerHmac.contentEquals(storedHmac)) {
                     throw InvalidCredentialsDatabaseException()
                 }
 
-                val hmIs = HmacBlockInputStream(isData, true, hmacKey)
+                val hmIs = HmacBlockInputStream(databaseInputStream, true, hmacKey)
 
-                isPlain = attachCipherStream(hmIs, cipher)
+                plainInputStream = CipherInputStream(hmIs, cipher)
             }
 
-            val inputStreamXml: InputStream
+            val inputStreamXml: InputStream = when (mDatabase.compressionAlgorithm) {
-            inputStreamXml = when (mDatabase.compressionAlgorithm) {
+                CompressionAlgorithm.GZip -> GZIPInputStream(plainInputStream)
-                CompressionAlgorithm.GZip -> GZIPInputStream(isPlain)
+                else -> plainInputStream
-                else -> isPlain
             }
 
-            if (mDatabase.kdbxVersion.toKotlinLong() >= DatabaseHeaderKDBX.FILE_VERSION_32_4.toKotlinLong()) {
+            if (!mDatabase.kdbxVersion.isBefore(FILE_VERSION_32_4)) {
-                loadInnerHeader(inputStreamXml, header)
+                readInnerHeader(inputStreamXml, header)
             }
 
             try {
-                randomStream = StreamCipherFactory.getInstance(header.innerRandomStream, header.innerRandomStreamKey)
+                randomStream = CrsAlgorithm.getCipher(header.innerRandomStream, header.innerRandomStreamKey)
             } catch (e: Exception) {
                 throw LoadDatabaseException(e)
             }
 
-            readDocumentStreamed(createPullParser(inputStreamXml))
+            val xmlPullParserFactory = XmlPullParserFactory.newInstance().apply {
+                isNamespaceAware = false
+            }
+            val xmlPullParser = xmlPullParserFactory.newPullParser().apply {
+                setInput(inputStreamXml, null)
+            }
+            readDocumentStreamed(xmlPullParser)
+
+            stopContentTimer()
 
         } catch (e: LoadDatabaseException) {
             throw e
@@ -231,63 +248,55 @@ class DatabaseInputKDBX(cacheDirectory: File)
         return mDatabase
     }
 
-    private fun attachCipherStream(inputStream: InputStream, cipher: Cipher): InputStream {
-        return CipherInputStream(inputStream, cipher)
-    }
-
     @Throws(IOException::class)
-    private fun loadInnerHeader(inputStream: InputStream, header: DatabaseHeaderKDBX) {
+    private fun readInnerHeader(dataInputStream: InputStream,
-        val lis = LittleEndianDataInputStream(inputStream)
+                                header: DatabaseHeaderKDBX) {
 
-        while (true) {
+        var readStream = true
-            if (!readInnerHeader(lis, header)) break
+        while (readStream) {
-        }
+            val fieldId = dataInputStream.read().toByte()
-    }
 
-    @Throws(IOException::class)
+            val size = dataInputStream.readBytes4ToUInt().toKotlinInt()
-    private fun readInnerHeader(dataInputStream: LittleEndianDataInputStream,
+            if (size < 0) throw IOException("Corrupted file")
-                                header: DatabaseHeaderKDBX): Boolean {
-        val fieldId = dataInputStream.read().toByte()
 
-        val size = dataInputStream.readUInt().toKotlinInt()
+            var data = ByteArray(0)
-        if (size < 0) throw IOException("Corrupted file")
+            try {
-
+                if (size > 0) {
-        var data = ByteArray(0)
+                    if (fieldId != DatabaseHeaderKDBX.PwDbInnerHeaderV4Fields.Binary) {
-        if (size > 0) {
+                        data = dataInputStream.readBytesLength(size)
-            if (fieldId != DatabaseHeaderKDBX.PwDbInnerHeaderV4Fields.Binary) {
+                    }
-                // TODO OOM here
+                }
-                data = dataInputStream.readBytes(size)
+            } catch (e: Exception) {
+                // OOM only if corrupted file
+                throw IOException("Corrupted file")
             }
-        }
 
-        var result = true
+            readStream = true
-        when (fieldId) {
+            when (fieldId) {
-            DatabaseHeaderKDBX.PwDbInnerHeaderV4Fields.EndOfHeader -> {
+                DatabaseHeaderKDBX.PwDbInnerHeaderV4Fields.EndOfHeader -> {
-                result = false
+                    readStream = false
-            }
+                }
-            DatabaseHeaderKDBX.PwDbInnerHeaderV4Fields.InnerRandomStreamID -> {
+                DatabaseHeaderKDBX.PwDbInnerHeaderV4Fields.InnerRandomStreamID -> {
-                header.setRandomStreamID(data)
+                    header.setRandomStreamID(data)
-            }
+                }
-            DatabaseHeaderKDBX.PwDbInnerHeaderV4Fields.InnerRandomstreamKey -> {
+                DatabaseHeaderKDBX.PwDbInnerHeaderV4Fields.InnerRandomstreamKey -> {
-                header.innerRandomStreamKey = data
+                    header.innerRandomStreamKey = data
-            }
+                }
-            DatabaseHeaderKDBX.PwDbInnerHeaderV4Fields.Binary -> {
+                DatabaseHeaderKDBX.PwDbInnerHeaderV4Fields.Binary -> {
-                // Read in a file
+                    // Read in a file
-                val protectedFlag = dataInputStream.read().toByte() == DatabaseHeaderKDBX.KdbxBinaryFlags.Protected
+                    val protectedFlag = dataInputStream.read().toByte() == DatabaseHeaderKDBX.KdbxBinaryFlags.Protected
-                val byteLength = size - 1
+                    val byteLength = size - 1
-                // No compression at this level
+                    // No compression at this level
-                val protectedBinary = mDatabase.buildNewAttachment(cacheDirectory, false, protectedFlag)
+                    val protectedBinary = mDatabase.buildNewAttachment(
-                val cipherKey = mDatabase.loadedCipherKey
+                            isRAMSufficient.invoke(byteLength.toLong()), false, protectedFlag)
-                        ?: throw IOException("Unable to retrieve cipher key to load binaries")
+                    protectedBinary.getOutputDataStream(mDatabase.binaryCache).use { outputStream ->
-                protectedBinary.getOutputDataStream(cipherKey).use { outputStream ->
+                        dataInputStream.readBytes(byteLength) { buffer ->
-                    dataInputStream.readBytes(byteLength) { buffer ->
+                            outputStream.write(buffer)
-                        outputStream.write(buffer)
+                        }
                     }
                 }
             }
         }
-
-        return result
     }
 
     private enum class KdbContext {
@@ -703,12 +712,11 @@ class DatabaseInputKDBX(cacheDirectory: File)
         } else if (ctx == KdbContext.CustomIcons && name.equals(DatabaseKDBXXML.ElemCustomIcons, ignoreCase = true)) {
             return KdbContext.Meta
         } else if (ctx == KdbContext.CustomIcon && name.equals(DatabaseKDBXXML.ElemCustomIconItem, ignoreCase = true)) {
-            if (customIconID != DatabaseVersioned.UUID_ZERO && customIconData != null) {
+            val iconData = customIconData
-                mDatabase.addCustomIcon(cacheDirectory, customIconID, customIconData!!.size) { _, binary ->
+            if (customIconID != DatabaseVersioned.UUID_ZERO && iconData != null) {
-                    mDatabase.loadedCipherKey?.let { cipherKey ->
+                mDatabase.addCustomIcon(customIconID, isRAMSufficient.invoke(iconData.size.toLong())) { _, binary ->
-                        binary?.getOutputDataStream(cipherKey)?.use { outputStream ->
+                    binary?.getOutputDataStream(mDatabase.binaryCache)?.use { outputStream ->
-                            outputStream.write(customIconData)
+                        outputStream.write(iconData)
-                        }
                     }
                 }
             }
@@ -784,7 +792,7 @@ class DatabaseInputKDBX(cacheDirectory: File)
             return KdbContext.Entry
         } else if (ctx == KdbContext.EntryBinary && name.equals(DatabaseKDBXXML.ElemBinary, ignoreCase = true)) {
             if (ctxBinaryName != null && ctxBinaryValue != null) {
-                ctxEntry?.putAttachment(Attachment(ctxBinaryName!!, ctxBinaryValue!!), mDatabase.binaryPool)
+                ctxEntry?.putAttachment(Attachment(ctxBinaryName!!, ctxBinaryValue!!), mDatabase.attachmentPool)
             }
             ctxBinaryName = null
             ctxBinaryValue = null
@@ -837,7 +845,13 @@ class DatabaseInputKDBX(cacheDirectory: File)
         val sDate = readString(xpp)
         var utcDate: Date? = null
 
-        if (mDatabase.kdbxVersion.toKotlinLong() >= DatabaseHeaderKDBX.FILE_VERSION_32_4.toKotlinLong()) {
+        if (mDatabase.kdbxVersion.isBefore(FILE_VERSION_32_4)) {
+            try {
+                utcDate = DatabaseKDBXXML.DateFormatter.parse(sDate)
+            } catch (e: ParseException) {
+                // Catch with null test below
+            }
+        } else {
             var buf = Base64.decode(sDate, BASE_64_FLAG)
             if (buf.size != 8) {
                 val buf8 = ByteArray(8)
@@ -847,14 +861,6 @@ class DatabaseInputKDBX(cacheDirectory: File)
 
             val seconds = bytes64ToLong(buf)
             utcDate = DateKDBXUtil.convertKDBX4Time(seconds)
-
-        } else {
-
-            try {
-                utcDate = DatabaseKDBXXML.DateFormatter.parse(sDate)
-            } catch (e: ParseException) {
-                // Catch with null test below
-            }
         }
 
         return utcDate ?: Date(0L)
@@ -978,11 +984,14 @@ class DatabaseInputKDBX(cacheDirectory: File)
                 xpp.next() // Consume end tag
                 val id = Integer.parseInt(ref)
                 // A ref is not necessarily an index in Database V3.1
-                var binaryRetrieve = mDatabase.binaryPool[id]
+                var binaryRetrieve = mDatabase.attachmentPool[id]
                 // Create empty binary if not retrieved in pool
                 if (binaryRetrieve == null) {
-                    binaryRetrieve = mDatabase.buildNewAttachment(cacheDirectory,
+                    binaryRetrieve = mDatabase.buildNewAttachment(
-                            compression = false, protection = false, binaryPoolId = id)
+                            smallSize = false,
+                            compression = false,
+                            protection = false,
+                            binaryPoolId = id)
                 }
                 return binaryRetrieve
             }
@@ -1018,17 +1027,16 @@ class DatabaseInputKDBX(cacheDirectory: File)
             return null
 
         // Build the new binary and compress
-        val binaryAttachment = mDatabase.buildNewAttachment(cacheDirectory, compressed, protected, binaryId)
+        val binaryAttachment = mDatabase.buildNewAttachment(
-        val binaryCipherKey = mDatabase.loadedCipherKey
+                isRAMSufficient.invoke(base64.length.toLong()), compressed, protected, binaryId)
-                ?: throw IOException("Unable to retrieve cipher key to load binaries")
         try {
-            binaryAttachment.getOutputDataStream(binaryCipherKey).use { outputStream ->
+            binaryAttachment.getOutputDataStream(mDatabase.binaryCache).use { outputStream ->
                 outputStream.write(Base64.decode(base64, BASE_64_FLAG))
             }
         } catch (e: Exception) {
             Log.e(TAG, "Unable to read base 64 attachment", e)
             binaryAttachment.isCorrupted = true
-            binaryAttachment.getOutputDataStream(binaryCipherKey).use { outputStream ->
+            binaryAttachment.getOutputDataStream(mDatabase.binaryCache).use { outputStream ->
                 outputStream.write(base64.toByteArray())
             }
         }
@@ -1057,9 +1065,7 @@ class DatabaseInputKDBX(cacheDirectory: File)
             val protect = xpp.getAttributeValue(null, DatabaseKDBXXML.AttrProtected)
             if (protect != null && protect.equals(DatabaseKDBXXML.ValTrue, ignoreCase = true)) {
                 Base64.decode(xpp.safeNextText(), BASE_64_FLAG)?.let { data ->
-                    val plainText = ByteArray(data.size)
+                    return randomStream?.processBytes(data)
-                    randomStream?.processBytes(data, 0, data.size, plainText, 0)
-                    return plainText
                 }
                 return ByteArray(0)
             }
@@ -1083,17 +1089,6 @@ class DatabaseInputKDBX(cacheDirectory: File)
         private val TAG = DatabaseInputKDBX::class.java.name
 
         private val DEFAULT_HISTORY_DAYS = UnsignedInt(365)
-
-        @Throws(XmlPullParserException::class)
-        private fun createPullParser(readerStream: InputStream): XmlPullParser {
-            val xmlPullParserFactory = XmlPullParserFactory.newInstance()
-            xmlPullParserFactory.isNamespaceAware = false
-
-            val xpp = xmlPullParserFactory.newPullParser()
-            xpp.setInput(readerStream, null)
-
-            return xpp
-        }
     }
 
 }

app/src/main/java/com/kunzisoft/keepass/database/file/output/DatabaseHeaderOutputKDB.kt

@@ -19,8 +19,8 @@
  */
 package com.kunzisoft.keepass.database.file.output
 
+import com.kunzisoft.keepass.utils.uIntTo4Bytes
 import com.kunzisoft.keepass.database.file.DatabaseHeaderKDB
-import com.kunzisoft.keepass.stream.uIntTo4Bytes
 import java.io.IOException
 import java.io.OutputStream
 

app/src/main/java/com/kunzisoft/keepass/database/file/output/DatabaseHeaderOutputKDBX.kt

@@ -19,30 +19,29 @@
  */
 package com.kunzisoft.keepass.database.file.output
 
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfParameters
+import com.kunzisoft.encrypt.HashManager
+import com.kunzisoft.keepass.database.crypto.HmacBlock
+import com.kunzisoft.keepass.database.crypto.VariantDictionary
+import com.kunzisoft.keepass.database.crypto.kdf.KdfParameters
 import com.kunzisoft.keepass.database.element.database.DatabaseKDBX
 import com.kunzisoft.keepass.database.exception.DatabaseOutputException
 import com.kunzisoft.keepass.database.file.DatabaseHeader
 import com.kunzisoft.keepass.database.file.DatabaseHeaderKDBX
-import com.kunzisoft.keepass.stream.*
+import com.kunzisoft.keepass.database.file.DatabaseHeaderKDBX.Companion.FILE_VERSION_32_4
-import com.kunzisoft.keepass.utils.UnsignedLong
+import com.kunzisoft.keepass.stream.MacOutputStream
-import com.kunzisoft.keepass.utils.VariantDictionary
+import com.kunzisoft.keepass.utils.*
 import java.io.ByteArrayOutputStream
 import java.io.IOException
 import java.io.OutputStream
 import java.security.DigestOutputStream
-import java.security.InvalidKeyException
 import java.security.MessageDigest
-import java.security.NoSuchAlgorithmException
 import javax.crypto.Mac
-import javax.crypto.spec.SecretKeySpec
 
-class DatabaseHeaderOutputKDBX @Throws(DatabaseOutputException::class)
+class DatabaseHeaderOutputKDBX @Throws(IOException::class)
 constructor(private val databaseKDBX: DatabaseKDBX,
             private val header: DatabaseHeaderKDBX,
             outputStream: OutputStream) {
 
-    private val los: LittleEndianDataOutputStream
     private val mos: MacOutputStream
     private val dos: DigestOutputStream
     lateinit var headerHmac: ByteArray
@@ -51,14 +50,6 @@ constructor(private val databaseKDBX: DatabaseKDBX,
         private set
 
     init {
-
-        val md: MessageDigest
-        try {
-            md = MessageDigest.getInstance("SHA-256")
-        } catch (e: NoSuchAlgorithmException) {
-            throw DatabaseOutputException("SHA-256 not implemented here.", e)
-        }
-
         try {
             databaseKDBX.makeFinalKey(header.masterSeed)
         } catch (e: IOException) {
@@ -66,34 +57,26 @@ constructor(private val databaseKDBX: DatabaseKDBX,
         }
 
         val hmacKey = databaseKDBX.hmacKey ?: throw DatabaseOutputException("HmacKey is not defined")
-        val hmac: Mac
+        val blockKey = HmacBlock.getHmacKey64(hmacKey, UnsignedLong.MAX_BYTES)
-        try {
+        val hmac: Mac = HmacBlock.getHmacSha256(blockKey)
-            hmac = Mac.getInstance("HmacSHA256")
-            val signingKey = SecretKeySpec(HmacBlockStream.getHmacKey64(hmacKey, UnsignedLong.MAX_VALUE), "HmacSHA256")
-            hmac.init(signingKey)
-        } catch (e: NoSuchAlgorithmException) {
-            throw DatabaseOutputException(e)
-        } catch (e: InvalidKeyException) {
-            throw DatabaseOutputException(e)
-        }
 
-        dos = DigestOutputStream(outputStream, md)
+        val messageDigest: MessageDigest = HashManager.getHash256()
+        dos = DigestOutputStream(outputStream, messageDigest)
         mos = MacOutputStream(dos, hmac)
-        los = LittleEndianDataOutputStream(mos)
     }
 
     @Throws(IOException::class)
     fun output() {
 
-        los.writeUInt(DatabaseHeader.PWM_DBSIG_1)
+        mos.write4BytesUInt(DatabaseHeader.PWM_DBSIG_1)
-        los.writeUInt(DatabaseHeaderKDBX.DBSIG_2)
+        mos.write4BytesUInt(DatabaseHeaderKDBX.DBSIG_2)
-        los.writeUInt(header.version)
+        mos.write4BytesUInt(header.version)
 
-        writeHeaderField(DatabaseHeaderKDBX.PwDbHeaderV4Fields.CipherID, uuidTo16Bytes(databaseKDBX.dataCipher))
+        writeHeaderField(DatabaseHeaderKDBX.PwDbHeaderV4Fields.CipherID, uuidTo16Bytes(databaseKDBX.cipherUuid))
         writeHeaderField(DatabaseHeaderKDBX.PwDbHeaderV4Fields.CompressionFlags, uIntTo4Bytes(DatabaseHeaderKDBX.getFlagFromCompression(databaseKDBX.compressionAlgorithm)))
         writeHeaderField(DatabaseHeaderKDBX.PwDbHeaderV4Fields.MasterSeed, header.masterSeed)
 
-        if (header.version.toKotlinLong() < DatabaseHeaderKDBX.FILE_VERSION_32_4.toKotlinLong()) {
+        if (header.version.isBefore(FILE_VERSION_32_4)) {
             writeHeaderField(DatabaseHeaderKDBX.PwDbHeaderV4Fields.TransformSeed, header.transformSeed)
             writeHeaderField(DatabaseHeaderKDBX.PwDbHeaderV4Fields.TransformRounds, longTo8Bytes(databaseKDBX.numberKeyEncryptionRounds))
         } else {
@@ -104,7 +87,7 @@ constructor(private val databaseKDBX: DatabaseKDBX,
             writeHeaderField(DatabaseHeaderKDBX.PwDbHeaderV4Fields.EncryptionIV, header.encryptionIV)
         }
 
-        if (header.version.toKotlinLong() < DatabaseHeaderKDBX.FILE_VERSION_32_4.toKotlinLong()) {
+        if (header.version.isBefore(FILE_VERSION_32_4)) {
             writeHeaderField(DatabaseHeaderKDBX.PwDbHeaderV4Fields.InnerRandomstreamKey, header.innerRandomStreamKey)
             writeHeaderField(DatabaseHeaderKDBX.PwDbHeaderV4Fields.StreamStartBytes, header.streamStartBytes)
             writeHeaderField(DatabaseHeaderKDBX.PwDbHeaderV4Fields.InnerRandomStreamID, uIntTo4Bytes(header.innerRandomStream!!.id))
@@ -112,14 +95,13 @@ constructor(private val databaseKDBX: DatabaseKDBX,
 
         if (databaseKDBX.containsPublicCustomData()) {
             val bos = ByteArrayOutputStream()
-            val los = LittleEndianDataOutputStream(bos)
+            VariantDictionary.serialize(databaseKDBX.publicCustomData, bos)
-            VariantDictionary.serialize(databaseKDBX.publicCustomData, los)
             writeHeaderField(DatabaseHeaderKDBX.PwDbHeaderV4Fields.PublicCustomData, bos.toByteArray())
         }
 
         writeHeaderField(DatabaseHeaderKDBX.PwDbHeaderV4Fields.EndOfHeader, EndHeaderValue)
 
-        los.flush()
+        mos.flush()
         hashOfHeader = dos.messageDigest.digest()
         headerHmac = mos.mac
     }
@@ -127,11 +109,11 @@ constructor(private val databaseKDBX: DatabaseKDBX,
     @Throws(IOException::class)
     private fun writeHeaderField(fieldId: Byte, pbData: ByteArray?) {
         // Write the field id
-        los.write(fieldId.toInt())
+        mos.write(fieldId.toInt())
 
         if (pbData != null) {
             writeHeaderFieldSize(pbData.size)
-            los.write(pbData)
+            mos.write(pbData)
         } else {
             writeHeaderFieldSize(0)
         }
@@ -139,10 +121,10 @@ constructor(private val databaseKDBX: DatabaseKDBX,
 
     @Throws(IOException::class)
     private fun writeHeaderFieldSize(size: Int) {
-        if (header.version.toKotlinLong() < DatabaseHeaderKDBX.FILE_VERSION_32_4.toKotlinLong()) {
+        if (header.version.isBefore(FILE_VERSION_32_4)) {
-            los.writeUShort(size)
+            mos.write2BytesUShort(size)
         } else {
-            los.writeInt(size)
+            mos.write4BytesUInt(UnsignedInt(size))
         }
 
     }

app/src/main/java/com/kunzisoft/keepass/database/file/output/DatabaseOutputKDB.kt

@@ -19,16 +19,16 @@
  */
 package com.kunzisoft.keepass.database.file.output
 
-import com.kunzisoft.keepass.crypto.CipherFactory
+import com.kunzisoft.encrypt.HashManager
+import com.kunzisoft.keepass.database.crypto.EncryptionAlgorithm
 import com.kunzisoft.keepass.database.element.database.DatabaseKDB
 import com.kunzisoft.keepass.database.element.group.GroupKDB
-import com.kunzisoft.keepass.database.element.security.EncryptionAlgorithm
 import com.kunzisoft.keepass.database.exception.DatabaseOutputException
 import com.kunzisoft.keepass.database.file.DatabaseHeader
 import com.kunzisoft.keepass.database.file.DatabaseHeaderKDB
-import com.kunzisoft.keepass.stream.LittleEndianDataOutputStream
-import com.kunzisoft.keepass.stream.NullOutputStream
 import com.kunzisoft.keepass.utils.UnsignedInt
+import com.kunzisoft.keepass.utils.write2BytesUShort
+import com.kunzisoft.keepass.utils.write4BytesUInt
 import java.io.BufferedOutputStream
 import java.io.ByteArrayOutputStream
 import java.io.IOException
@@ -37,8 +37,6 @@ import java.security.*
 import java.util.*
 import javax.crypto.Cipher
 import javax.crypto.CipherOutputStream
-import javax.crypto.spec.IvParameterSpec
-import javax.crypto.spec.SecretKeySpec
 
 class DatabaseOutputKDB(private val mDatabaseKDB: DatabaseKDB,
                         outputStream: OutputStream)
@@ -61,44 +59,39 @@ class DatabaseOutputKDB(private val mDatabaseKDB: DatabaseKDB,
     override fun output() {
         // Before we output the header, we should sort our list of groups
         // and remove any orphaned nodes that are no longer part of the tree hierarchy
+        // also remove the virtual root not present in kdb
+        val rootGroup = mDatabaseKDB.rootGroup
         sortGroupsForOutput()
 
         val header = outputHeader(mOutputStream)
 
         val finalKey = getFinalKey(header)
 
-        val cipher: Cipher
+        val cipher: Cipher = try {
-        cipher = try {
+            mDatabaseKDB.encryptionAlgorithm
-            when {
+                    .cipherEngine.getCipher(Cipher.ENCRYPT_MODE,
-                mDatabaseKDB.encryptionAlgorithm === EncryptionAlgorithm.AESRijndael->
+                            finalKey ?: ByteArray(0),
-                    CipherFactory.getInstance("AES/CBC/PKCS5Padding")
+                            header.encryptionIV)
-                mDatabaseKDB.encryptionAlgorithm === EncryptionAlgorithm.Twofish ->
-                    CipherFactory.getInstance("Twofish/CBC/PKCS7PADDING")
-                else ->
-                    throw Exception()
-            }
         } catch (e: Exception) {
-            throw DatabaseOutputException("Algorithm not supported.", e)
+            throw IOException("Algorithm not supported.", e)
         }
 
         try {
-            cipher.init(Cipher.ENCRYPT_MODE,
-                    SecretKeySpec(finalKey, "AES"),
-                    IvParameterSpec(header.encryptionIV))
             val cos = CipherOutputStream(mOutputStream, cipher)
             val bos = BufferedOutputStream(cos)
             outputPlanGroupAndEntries(bos)
             bos.flush()
             bos.close()
-
         } catch (e: InvalidKeyException) {
             throw DatabaseOutputException("Invalid key", e)
         } catch (e: InvalidAlgorithmParameterException) {
             throw DatabaseOutputException("Invalid algorithm parameter.", e)
         } catch (e: IOException) {
             throw DatabaseOutputException("Failed to output final encrypted part.", e)
+        } finally {
+            // Add again the virtual root group for better management
+            mDatabaseKDB.rootGroup = rootGroup
         }
-
     }
 
     @Throws(DatabaseOutputException::class)
@@ -116,11 +109,11 @@ class DatabaseOutputKDB(private val mDatabaseKDB: DatabaseKDB,
         header.signature2 = DatabaseHeaderKDB.DBSIG_2
         header.flags = DatabaseHeaderKDB.FLAG_SHA2
 
-        when {
+        when (mDatabaseKDB.encryptionAlgorithm) {
-            mDatabaseKDB.encryptionAlgorithm === EncryptionAlgorithm.AESRijndael -> {
+            EncryptionAlgorithm.AESRijndael -> {
                 header.flags = UnsignedInt(header.flags.toKotlinInt() or DatabaseHeaderKDB.FLAG_RIJNDAEL.toKotlinInt())
             }
-            mDatabaseKDB.encryptionAlgorithm === EncryptionAlgorithm.Twofish -> {
+            EncryptionAlgorithm.Twofish -> {
                 header.flags = UnsignedInt(header.flags.toKotlinInt() or DatabaseHeaderKDB.FLAG_TWOFISH.toKotlinInt())
             }
             else -> throw DatabaseOutputException("Unsupported algorithm.")
@@ -133,26 +126,11 @@ class DatabaseOutputKDB(private val mDatabaseKDB: DatabaseKDB,
 
         setIVs(header)
 
-        // Content checksum
-        val messageDigest: MessageDigest?
-        try {
-            messageDigest = MessageDigest.getInstance("SHA-256")
-        } catch (e: NoSuchAlgorithmException) {
-            throw DatabaseOutputException("SHA-256 not implemented here.", e)
-        }
-
         // Header checksum
-        val headerDigest: MessageDigest
+        val headerDigest: MessageDigest = HashManager.getHash256()
-        try {
-            headerDigest = MessageDigest.getInstance("SHA-256")
-        } catch (e: NoSuchAlgorithmException) {
-            throw DatabaseOutputException("SHA-256 not implemented here.", e)
-        }
-
-        var nos = NullOutputStream()
-        val headerDos = DigestOutputStream(nos, headerDigest)
 
         // Output header for the purpose of calculating the header checksum
+        val headerDos = DigestOutputStream(NullOutputStream(), headerDigest)
         var pho = DatabaseHeaderOutputKDB(header, headerDos)
         try {
             pho.outputStart()
@@ -165,9 +143,11 @@ class DatabaseOutputKDB(private val mDatabaseKDB: DatabaseKDB,
         val headerHash = headerDigest.digest()
         headerHashBlock = getHeaderHashBuffer(headerHash)
 
+        // Content checksum
+        val messageDigest: MessageDigest = HashManager.getHash256()
+
         // Output database for the purpose of calculating the content checksum
-        nos = NullOutputStream()
+        val dos = DigestOutputStream(NullOutputStream(), messageDigest)
-        val dos = DigestOutputStream(nos, messageDigest)
         val bos = BufferedOutputStream(dos)
         try {
             outputPlanGroupAndEntries(bos)
@@ -177,7 +157,7 @@ class DatabaseOutputKDB(private val mDatabaseKDB: DatabaseKDB,
             throw DatabaseOutputException("Failed to generate checksum.", e)
         }
 
-        header.contentsHash = messageDigest!!.digest()
+        header.contentsHash = messageDigest.digest()
 
         // Output header for real output, containing content hash
         pho = DatabaseHeaderOutputKDB(header, outputStream)
@@ -195,17 +175,19 @@ class DatabaseOutputKDB(private val mDatabaseKDB: DatabaseKDB,
         return header
     }
 
-    @Suppress("CAST_NEVER_SUCCEEDS")
+    class NullOutputStream : OutputStream() {
+        override fun write(oneByte: Int) {}
+    }
+
     @Throws(DatabaseOutputException::class)
     fun outputPlanGroupAndEntries(outputStream: OutputStream) {
-        val littleEndianDataOutputStream = LittleEndianDataOutputStream(outputStream)
 
         // useHeaderHash
         if (headerHashBlock != null) {
             try {
-                littleEndianDataOutputStream.writeUShort(0x0000)
+                outputStream.write2BytesUShort(0x0000)
-                littleEndianDataOutputStream.writeInt(headerHashBlock!!.size)
+                outputStream.write4BytesUInt(UnsignedInt(headerHashBlock!!.size))
-                littleEndianDataOutputStream.write(headerHashBlock!!)
+                outputStream.write(headerHashBlock!!)
             } catch (e: IOException) {
                 throw DatabaseOutputException("Failed to output header hash.", e)
             }
@@ -217,13 +199,13 @@ class DatabaseOutputKDB(private val mDatabaseKDB: DatabaseKDB,
         }
         // Entries
         mDatabaseKDB.doForEachEntryInIndex { entry ->
-            EntryOutputKDB(entry, outputStream, mDatabaseKDB.loadedCipherKey).output()
+            EntryOutputKDB(mDatabaseKDB, entry, outputStream).output()
         }
     }
 
     private fun sortGroupsForOutput() {
         val groupList = ArrayList<GroupKDB>()
-        // Rebuild list according to coalation sorting order removing any orphaned groups
+        // Rebuild list according to sorting order removing any orphaned groups
         for (rootGroup in mDatabaseKDB.rootGroups) {
             sortGroup(rootGroup, groupList)
         }
@@ -252,24 +234,22 @@ class DatabaseOutputKDB(private val mDatabaseKDB: DatabaseKDB,
     }
 
     @Throws(IOException::class)
-    private fun writeExtData(headerDigest: ByteArray, os: OutputStream) {
+    private fun writeExtData(headerDigest: ByteArray, outputStream: OutputStream) {
-        val los = LittleEndianDataOutputStream(os)
+        writeExtDataField(outputStream, 0x0001, headerDigest, headerDigest.size)
-
-        writeExtDataField(los, 0x0001, headerDigest, headerDigest.size)
         val headerRandom = ByteArray(32)
         val rand = SecureRandom()
         rand.nextBytes(headerRandom)
-        writeExtDataField(los, 0x0002, headerRandom, headerRandom.size)
+        writeExtDataField(outputStream, 0x0002, headerRandom, headerRandom.size)
-        writeExtDataField(los, 0xFFFF, null, 0)
+        writeExtDataField(outputStream, 0xFFFF, null, 0)
 
     }
 
     @Throws(IOException::class)
-    private fun writeExtDataField(los: LittleEndianDataOutputStream, fieldType: Int, data: ByteArray?, fieldSize: Int) {
+    private fun writeExtDataField(outputStream: OutputStream, fieldType: Int, data: ByteArray?, fieldSize: Int) {
-        los.writeUShort(fieldType)
+        outputStream.write2BytesUShort(fieldType)
-        los.writeInt(fieldSize)
+        outputStream.write4BytesUInt(UnsignedInt(fieldSize))
         if (data != null) {
-            los.write(data)
+            outputStream.write(data)
         }
     }
 }

app/src/main/java/com/kunzisoft/keepass/database/file/output/DatabaseOutputKDBX.kt

@@ -22,12 +22,12 @@ package com.kunzisoft.keepass.database.file.output
 import android.util.Base64
 import android.util.Log
 import android.util.Xml
-import com.kunzisoft.keepass.crypto.CipherFactory
+import com.kunzisoft.encrypt.StreamCipher
-import com.kunzisoft.keepass.crypto.CrsAlgorithm
+import com.kunzisoft.keepass.database.crypto.CrsAlgorithm
-import com.kunzisoft.keepass.crypto.StreamCipherFactory
-import com.kunzisoft.keepass.crypto.engine.CipherEngine
-import com.kunzisoft.keepass.crypto.keyDerivation.KdfFactory
 import com.kunzisoft.keepass.database.action.node.NodeHandler
+import com.kunzisoft.keepass.database.crypto.CipherEngine
+import com.kunzisoft.keepass.database.crypto.EncryptionAlgorithm
+import com.kunzisoft.keepass.database.crypto.kdf.KdfFactory
 import com.kunzisoft.keepass.database.element.DeletedObject
 import com.kunzisoft.keepass.database.element.database.CompressionAlgorithm
 import com.kunzisoft.keepass.database.element.database.DatabaseKDBX
@@ -41,11 +41,12 @@ import com.kunzisoft.keepass.database.element.security.ProtectedString
 import com.kunzisoft.keepass.database.exception.DatabaseOutputException
 import com.kunzisoft.keepass.database.exception.UnknownKDF
 import com.kunzisoft.keepass.database.file.DatabaseHeaderKDBX
+import com.kunzisoft.keepass.database.file.DatabaseHeaderKDBX.Companion.FILE_VERSION_32_4
 import com.kunzisoft.keepass.database.file.DatabaseKDBXXML
 import com.kunzisoft.keepass.database.file.DateKDBXUtil
-import com.kunzisoft.keepass.stream.*
+import com.kunzisoft.keepass.stream.HashedBlockOutputStream
-import com.kunzisoft.keepass.utils.UnsignedInt
+import com.kunzisoft.keepass.stream.HmacBlockOutputStream
-import org.bouncycastle.crypto.StreamCipher
+import com.kunzisoft.keepass.utils.*
 import org.joda.time.DateTime
 import org.xmlpull.v1.XmlSerializer
 import java.io.IOException
@@ -75,15 +76,14 @@ class DatabaseOutputKDBX(private val mDatabaseKDBX: DatabaseKDBX,
 
         try {
             try {
-                engine = CipherFactory.getInstance(mDatabaseKDBX.dataCipher)
+                engine = EncryptionAlgorithm.getFrom(mDatabaseKDBX.cipherUuid).cipherEngine
             } catch (e: NoSuchAlgorithmException) {
                 throw DatabaseOutputException("No such cipher", e)
             }
 
             header = outputHeader(mOutputStream)
 
-            val osPlain: OutputStream
+            val osPlain: OutputStream = if (header!!.version.isBefore(FILE_VERSION_32_4)) {
-            osPlain = if (header!!.version.toKotlinLong() < DatabaseHeaderKDBX.FILE_VERSION_32_4.toKotlinLong()) {
                 val cos = attachStreamEncryptor(header!!, mOutputStream)
                 cos.write(header!!.streamStartBytes)
 
@@ -95,19 +95,19 @@ class DatabaseOutputKDBX(private val mDatabaseKDBX: DatabaseKDBX,
                 attachStreamEncryptor(header!!, HmacBlockOutputStream(mOutputStream, mDatabaseKDBX.hmacKey!!))
             }
 
-            val osXml: OutputStream
+            val xmlOutputStream: OutputStream
             try {
-                osXml = when(mDatabaseKDBX.compressionAlgorithm) {
+                xmlOutputStream = when(mDatabaseKDBX.compressionAlgorithm) {
                     CompressionAlgorithm.GZip -> GZIPOutputStream(osPlain)
                     else -> osPlain
                 }
 
-                if (header!!.version.toKotlinLong() >= DatabaseHeaderKDBX.FILE_VERSION_32_4.toKotlinLong()) {
+                if (!header!!.version.isBefore(FILE_VERSION_32_4)) {
-                    outputInnerHeader(mDatabaseKDBX, header!!, osXml)
+                    outputInnerHeader(mDatabaseKDBX, header!!, xmlOutputStream)
                 }
 
-                outputDatabase(osXml)
+                outputDatabase(xmlOutputStream)
-                osXml.close()
+                xmlOutputStream.close()
             } catch (e: IllegalArgumentException) {
                 throw DatabaseOutputException(e)
             } catch (e: IllegalStateException) {
@@ -122,45 +122,42 @@ class DatabaseOutputKDBX(private val mDatabaseKDBX: DatabaseKDBX,
     @Throws(IOException::class)
     private fun outputInnerHeader(database: DatabaseKDBX,
                                   header: DatabaseHeaderKDBX,
-                                  outputStream: OutputStream) {
+                                  dataOutputStream: OutputStream) {
-        val dataOutputStream = LittleEndianDataOutputStream(outputStream)
-
         dataOutputStream.writeByte(DatabaseHeaderKDBX.PwDbInnerHeaderV4Fields.InnerRandomStreamID)
-        dataOutputStream.writeInt(4)
+        dataOutputStream.write4BytesUInt(UnsignedInt(4))
         if (header.innerRandomStream == null)
             throw IOException("Can't write innerRandomStream")
-        dataOutputStream.writeUInt(header.innerRandomStream!!.id)
+        dataOutputStream.write4BytesUInt(header.innerRandomStream!!.id)
 
         val streamKeySize = header.innerRandomStreamKey.size
         dataOutputStream.writeByte(DatabaseHeaderKDBX.PwDbInnerHeaderV4Fields.InnerRandomstreamKey)
-        dataOutputStream.writeInt(streamKeySize)
+        dataOutputStream.write4BytesUInt(UnsignedInt(streamKeySize))
         dataOutputStream.write(header.innerRandomStreamKey)
 
-        database.loadedCipherKey?.let { binaryCipherKey ->
+        val binaryCache = database.binaryCache
-            database.binaryPool.doForEachOrderedBinaryWithoutDuplication { _, binary ->
+        database.attachmentPool.doForEachOrderedBinaryWithoutDuplication { _, binary ->
-                // Force decompression to add binary in header
+            // Force decompression to add binary in header
-                binary.decompress(binaryCipherKey)
+            binary.decompress(binaryCache)
-                // Write type binary
+            // Write type binary
-                dataOutputStream.writeByte(DatabaseHeaderKDBX.PwDbInnerHeaderV4Fields.Binary)
+            dataOutputStream.writeByte(DatabaseHeaderKDBX.PwDbInnerHeaderV4Fields.Binary)
-                // Write size
+            // Write size
-                dataOutputStream.writeUInt(UnsignedInt.fromKotlinLong(binary.getSize() + 1))
+            dataOutputStream.write4BytesUInt(UnsignedInt.fromKotlinLong(binary.getSize() + 1))
-                // Write protected flag
+            // Write protected flag
-                var flag = DatabaseHeaderKDBX.KdbxBinaryFlags.None
+            var flag = DatabaseHeaderKDBX.KdbxBinaryFlags.None
-                if (binary.isProtected) {
+            if (binary.isProtected) {
-                    flag = flag or DatabaseHeaderKDBX.KdbxBinaryFlags.Protected
+                flag = flag or DatabaseHeaderKDBX.KdbxBinaryFlags.Protected
-                }
+            }
-                dataOutputStream.writeByte(flag)
+            dataOutputStream.writeByte(flag)
 
-                binary.getInputDataStream(binaryCipherKey).use { inputStream ->
+            binary.getInputDataStream(binaryCache).use { inputStream ->
-                    inputStream.readAllBytes { buffer ->
+                inputStream.readAllBytes { buffer ->
-                        dataOutputStream.write(buffer)
+                    dataOutputStream.write(buffer)
-                    }
                 }
             }
-        } ?: Log.e(TAG, "Unable to retrieve cipher key to write head binaries")
+        }
 
         dataOutputStream.writeByte(DatabaseHeaderKDBX.PwDbInnerHeaderV4Fields.EndOfHeader)
-        dataOutputStream.writeInt(0)
+        dataOutputStream.write4BytesUInt(UnsignedInt(0))
     }
 
     @Throws(IllegalArgumentException::class, IllegalStateException::class, IOException::class)
@@ -270,7 +267,7 @@ class DatabaseOutputKDBX(private val mDatabaseKDBX: DatabaseKDBX,
         writeUuid(DatabaseKDBXXML.ElemLastTopVisibleGroup, mDatabaseKDBX.lastTopVisibleGroupUUID)
 
         // Seem to work properly if always in meta
-        if (header!!.version.toKotlinLong() < DatabaseHeaderKDBX.FILE_VERSION_32_4.toKotlinLong())
+        if (header!!.version.isBefore(FILE_VERSION_32_4))
             writeMetaBinaries()
 
         writeCustomData(mDatabaseKDBX.customData)
@@ -282,8 +279,6 @@ class DatabaseOutputKDBX(private val mDatabaseKDBX: DatabaseKDBX,
     private fun attachStreamEncryptor(header: DatabaseHeaderKDBX, os: OutputStream): CipherOutputStream {
         val cipher: Cipher
         try {
-            //mDatabaseKDBX.makeFinalKey(header.masterSeed, mDatabaseKDBX.kdfParameters);
-
             cipher = engine!!.getCipher(Cipher.ENCRYPT_MODE, mDatabaseKDBX.finalKey!!, header.encryptionIV)
         } catch (e: Exception) {
             throw DatabaseOutputException("Invalid algorithm.", e)
@@ -314,7 +309,7 @@ class DatabaseOutputKDBX(private val mDatabaseKDBX: DatabaseKDBX,
             Log.e(TAG, "Unable to retrieve header", unknownKDF)
         }
 
-        if (header.version.toKotlinLong() < DatabaseHeaderKDBX.FILE_VERSION_32_4.toKotlinLong()) {
+        if (header.version.isBefore(FILE_VERSION_32_4)) {
             header.innerRandomStream = CrsAlgorithm.Salsa20
             header.innerRandomStreamKey = ByteArray(32)
         } else {
@@ -324,12 +319,12 @@ class DatabaseOutputKDBX(private val mDatabaseKDBX: DatabaseKDBX,
         random.nextBytes(header.innerRandomStreamKey)
 
         try {
-            randomStream = StreamCipherFactory.getInstance(header.innerRandomStream, header.innerRandomStreamKey)
+            randomStream = CrsAlgorithm.getCipher(header.innerRandomStream, header.innerRandomStreamKey)
         } catch (e: Exception) {
             throw DatabaseOutputException(e)
         }
 
-        if (header.version.toKotlinLong() < DatabaseHeaderKDBX.FILE_VERSION_32_4.toKotlinLong()) {
+        if (header.version.isBefore(FILE_VERSION_32_4)) {
             random.nextBytes(header.streamStartBytes)
         }
 
@@ -338,21 +333,20 @@ class DatabaseOutputKDBX(private val mDatabaseKDBX: DatabaseKDBX,
 
     @Throws(DatabaseOutputException::class)
     override fun outputHeader(outputStream: OutputStream): DatabaseHeaderKDBX {
-
-        val header = DatabaseHeaderKDBX(mDatabaseKDBX)
-        setIVs(header)
-
-        val pho = DatabaseHeaderOutputKDBX(mDatabaseKDBX, header, outputStream)
         try {
+            val header = DatabaseHeaderKDBX(mDatabaseKDBX)
+            setIVs(header)
+
+            val pho = DatabaseHeaderOutputKDBX(mDatabaseKDBX, header, outputStream)
             pho.output()
+
+            hashOfHeader = pho.hashOfHeader
+            headerHmac = pho.headerHmac
+
+            return header
         } catch (e: IOException) {
             throw DatabaseOutputException("Failed to output the header.", e)
         }
-
-        hashOfHeader = pho.hashOfHeader
-        headerHmac = pho.headerHmac
-
-        return header
     }
 
     @Throws(IllegalArgumentException::class, IllegalStateException::class, IOException::class)
@@ -429,7 +423,7 @@ class DatabaseOutputKDBX(private val mDatabaseKDBX: DatabaseKDBX,
 
     @Throws(IllegalArgumentException::class, IllegalStateException::class, IOException::class)
     private fun writeObject(name: String, value: Date) {
-        if (header!!.version.toKotlinLong() < DatabaseHeaderKDBX.FILE_VERSION_32_4.toKotlinLong()) {
+        if (header!!.version.isBefore(FILE_VERSION_32_4)) {
             writeObject(name, DatabaseKDBXXML.DateFormatter.format(value))
         } else {
             val dt = DateTime(value)
@@ -494,31 +488,30 @@ class DatabaseOutputKDBX(private val mDatabaseKDBX: DatabaseKDBX,
     // With kdbx4, don't use this method because binaries are in header file
     @Throws(IllegalArgumentException::class, IllegalStateException::class, IOException::class)
     private fun writeMetaBinaries() {
-        mDatabaseKDBX.loadedCipherKey?.let { binaryCipherKey ->
+        xml.startTag(null, DatabaseKDBXXML.ElemBinaries)
-            xml.startTag(null, DatabaseKDBXXML.ElemBinaries)
+        // Use indexes because necessarily (binary header ref is the order)
-            // Use indexes because necessarily (binary header ref is the order)
+        val binaryCache = mDatabaseKDBX.binaryCache
-            mDatabaseKDBX.binaryPool.doForEachOrderedBinaryWithoutDuplication { index, binary ->
+        mDatabaseKDBX.attachmentPool.doForEachOrderedBinaryWithoutDuplication { index, binary ->
-                xml.startTag(null, DatabaseKDBXXML.ElemBinary)
+            xml.startTag(null, DatabaseKDBXXML.ElemBinary)
-                xml.attribute(null, DatabaseKDBXXML.AttrId, index.toString())
+            xml.attribute(null, DatabaseKDBXXML.AttrId, index.toString())
-                if (binary.getSize() > 0) {
+            if (binary.getSize() > 0) {
-                    if (binary.isCompressed) {
+                if (binary.isCompressed) {
-                        xml.attribute(null, DatabaseKDBXXML.AttrCompressed, DatabaseKDBXXML.ValTrue)
+                    xml.attribute(null, DatabaseKDBXXML.AttrCompressed, DatabaseKDBXXML.ValTrue)
-                    }
+                }
-                    try {
+                try {
-                        // Write the XML
+                    // Write the XML
-                        binary.getInputDataStream(binaryCipherKey).use { inputStream ->
+                    binary.getInputDataStream(binaryCache).use { inputStream ->
-                            inputStream.readAllBytes { buffer ->
+                        inputStream.readAllBytes { buffer ->
-                                xml.text(String(Base64.encode(buffer, BASE_64_FLAG)))
+                            xml.text(String(Base64.encode(buffer, BASE_64_FLAG)))
-                            }
+                        }
-                        }
+                    }
-                    } catch (e: Exception) {
+                } catch (e: Exception) {
-                        Log.e(TAG, "Unable to write binary", e)
+                    Log.e(TAG, "Unable to write binary", e)
-                    }
                 }
-                xml.endTag(null, DatabaseKDBXXML.ElemBinary)
             }
-            xml.endTag(null, DatabaseKDBXXML.ElemBinaries)
+            xml.endTag(null, DatabaseKDBXXML.ElemBinary)
-        } ?: Log.e(TAG, "Unable to retrieve cipher key to write binaries")
+        }
+        xml.endTag(null, DatabaseKDBXXML.ElemBinaries)
     }
 
     @Throws(IllegalArgumentException::class, IllegalStateException::class, IOException::class)
@@ -584,12 +577,8 @@ class DatabaseOutputKDBX(private val mDatabaseKDBX: DatabaseKDBX,
         if (protect) {
             xml.attribute(null, DatabaseKDBXXML.AttrProtected, DatabaseKDBXXML.ValTrue)
             val data = value.toString().toByteArray()
-            val dataLength = data.size
+            val encoded = randomStream?.processBytes(data) ?: ByteArray(0)
-            if (data.isNotEmpty()) {
+            xml.text(String(Base64.encode(encoded, BASE_64_FLAG)))
-                val encoded = ByteArray(dataLength)
-                randomStream!!.processBytes(data, 0, dataLength, encoded, 0)
-                xml.text(String(Base64.encode(encoded, BASE_64_FLAG)))
-            }
         } else {
             xml.text(value.toString())
         }
@@ -612,7 +601,7 @@ class DatabaseOutputKDBX(private val mDatabaseKDBX: DatabaseKDBX,
     private fun writeEntryBinaries(binaries: LinkedHashMap<String, Int>) {
         for ((label, poolId) in binaries) {
             // Retrieve the right index with the poolId, don't use ref because of header in DatabaseV4
-            mDatabaseKDBX.binaryPool.getBinaryIndexFromKey(poolId)?.toString()?.let { indexString ->
+            mDatabaseKDBX.attachmentPool.getBinaryIndexFromKey(poolId)?.toString()?.let { indexString ->
                 xml.startTag(null, DatabaseKDBXXML.ElemBinary)
                 xml.startTag(null, DatabaseKDBXXML.ElemKey)
                 xml.text(safeXmlString(label))
@@ -699,39 +688,38 @@ class DatabaseOutputKDBX(private val mDatabaseKDBX: DatabaseKDBX,
 
     @Throws(IllegalArgumentException::class, IllegalStateException::class, IOException::class)
     private fun writeCustomIconList() {
-        mDatabaseKDBX.loadedCipherKey?.let { cipherKey ->
+        var firstElement = true
-            var firstElement = true
+        val binaryCache = mDatabaseKDBX.binaryCache
-            mDatabaseKDBX.iconsManager.doForEachCustomIcon { iconCustom, binary ->
+        mDatabaseKDBX.iconsManager.doForEachCustomIcon { iconCustom, binary ->
-                if (binary.dataExists()) {
+            if (binary.dataExists()) {
-                    // Write the parent tag
+                // Write the parent tag
-                    if (firstElement) {
+                if (firstElement) {
-                        xml.startTag(null, DatabaseKDBXXML.ElemCustomIcons)
+                    xml.startTag(null, DatabaseKDBXXML.ElemCustomIcons)
-                        firstElement = false
+                    firstElement = false
-                    }
-
-                    xml.startTag(null, DatabaseKDBXXML.ElemCustomIconItem)
-
-                    writeUuid(DatabaseKDBXXML.ElemCustomIconItemID, iconCustom.uuid)
-                    var customImageData = ByteArray(0)
-                    try {
-                        binary.getInputDataStream(cipherKey).use { inputStream ->
-                            customImageData = inputStream.readBytes()
-                        }
-                    } catch (e: Exception) {
-                        Log.e(TAG, "Unable to write custom icon", e)
-                    } finally {
-                        writeObject(DatabaseKDBXXML.ElemCustomIconItemData,
-                                String(Base64.encode(customImageData, BASE_64_FLAG)))
-                    }
-
-                    xml.endTag(null, DatabaseKDBXXML.ElemCustomIconItem)
                 }
+
+                xml.startTag(null, DatabaseKDBXXML.ElemCustomIconItem)
+
+                writeUuid(DatabaseKDBXXML.ElemCustomIconItemID, iconCustom.uuid)
+                var customImageData = ByteArray(0)
+                try {
+                    binary.getInputDataStream(binaryCache).use { inputStream ->
+                        customImageData = inputStream.readBytes()
+                    }
+                } catch (e: Exception) {
+                    Log.e(TAG, "Unable to write custom icon", e)
+                } finally {
+                    writeObject(DatabaseKDBXXML.ElemCustomIconItemData,
+                            String(Base64.encode(customImageData, BASE_64_FLAG)))
+                }
+
+                xml.endTag(null, DatabaseKDBXXML.ElemCustomIconItem)
             }
-            // Close the parent tag
+        }
-            if (!firstElement) {
+        // Close the parent tag
-                xml.endTag(null, DatabaseKDBXXML.ElemCustomIcons)
+        if (!firstElement) {
-            }
+            xml.endTag(null, DatabaseKDBXXML.ElemCustomIcons)
-        } ?: Log.e(TAG, "Unable to retrieve cipher key to write custom icons")
+        }
     }
 
     private fun safeXmlString(text: String): String {

app/src/main/java/com/kunzisoft/keepass/database/file/output/EntryOutputKDB.kt

@@ -19,13 +19,10 @@
  */
 package com.kunzisoft.keepass.database.file.output
 
-import android.util.Log
+import com.kunzisoft.keepass.database.element.database.DatabaseKDB
-import com.kunzisoft.keepass.database.element.Database
 import com.kunzisoft.keepass.database.element.entry.EntryKDB
 import com.kunzisoft.keepass.database.exception.DatabaseOutputException
-import com.kunzisoft.keepass.stream.*
+import com.kunzisoft.keepass.utils.*
-import com.kunzisoft.keepass.utils.StringDatabaseKDBUtils
-import com.kunzisoft.keepass.utils.UnsignedInt
 import java.io.IOException
 import java.io.OutputStream
 import java.nio.charset.Charset
@@ -33,9 +30,9 @@ import java.nio.charset.Charset
 /**
  * Output the GroupKDB to the stream
  */
-class EntryOutputKDB(private val mEntry: EntryKDB,
+class EntryOutputKDB(private val mDatabase: DatabaseKDB,
-                     private val mOutputStream: OutputStream,
+                     private val mEntry: EntryKDB,
-                     private val mCipherKey: Database.LoadedKey?) {
+                     private val mOutputStream: OutputStream) {
 
     //NOTE: Need be to careful about using ints.  The actual type written to file is a unsigned int
     @Throws(DatabaseOutputException::class)
@@ -59,15 +56,15 @@ class EntryOutputKDB(private val mEntry: EntryKDB,
             // Title
             //byte[] title = mEntry.title.getBytes("UTF-8");
             mOutputStream.write(TITLE_FIELD_TYPE)
-            StringDatabaseKDBUtils.writeStringToStream(mOutputStream, mEntry.title)
+            writeStringToStream(mOutputStream, mEntry.title)
 
             // URL
             mOutputStream.write(URL_FIELD_TYPE)
-            StringDatabaseKDBUtils.writeStringToStream(mOutputStream, mEntry.url)
+            writeStringToStream(mOutputStream, mEntry.url)
 
             // Username
             mOutputStream.write(USERNAME_FIELD_TYPE)
-            StringDatabaseKDBUtils.writeStringToStream(mOutputStream, mEntry.username)
+            writeStringToStream(mOutputStream, mEntry.username)
 
             // Password
             mOutputStream.write(PASSWORD_FIELD_TYPE)
@@ -75,7 +72,7 @@ class EntryOutputKDB(private val mEntry: EntryKDB,
 
             // Additional
             mOutputStream.write(ADDITIONAL_FIELD_TYPE)
-            StringDatabaseKDBUtils.writeStringToStream(mOutputStream, mEntry.notes)
+            writeStringToStream(mOutputStream, mEntry.notes)
 
             // Create date
             writeDate(CREATE_FIELD_TYPE, dateTo5Bytes(mEntry.creationTime.date))
@@ -91,25 +88,23 @@ class EntryOutputKDB(private val mEntry: EntryKDB,
 
             // Binary description
             mOutputStream.write(BINARY_DESC_FIELD_TYPE)
-            StringDatabaseKDBUtils.writeStringToStream(mOutputStream, mEntry.binaryDescription)
+            writeStringToStream(mOutputStream, mEntry.binaryDescription)
 
             // Binary
-            mCipherKey?.let { cipherKey ->
+            mOutputStream.write(BINARY_DATA_FIELD_TYPE)
-                mOutputStream.write(BINARY_DATA_FIELD_TYPE)
+            val binaryData = mEntry.getBinary(mDatabase.attachmentPool)
-                val binaryData = mEntry.binaryData
+            val binaryDataLength = binaryData?.getSize() ?: 0L
-                val binaryDataLength = binaryData?.getSize() ?: 0L
+            // Write data length
-                // Write data length
+            mOutputStream.write(uIntTo4Bytes(UnsignedInt.fromKotlinLong(binaryDataLength)))
-                mOutputStream.write(uIntTo4Bytes(UnsignedInt.fromKotlinLong(binaryDataLength)))
+            // Write data
-                // Write data
+            if (binaryDataLength > 0) {
-                if (binaryDataLength > 0) {
+                binaryData?.getInputDataStream(mDatabase.binaryCache).use { inputStream ->
-                    binaryData?.getInputDataStream(cipherKey).use { inputStream ->
+                    inputStream?.readAllBytes { buffer ->
-                        inputStream?.readAllBytes { buffer ->
+                        mOutputStream.write(buffer)
-                            mOutputStream.write(buffer)
-                        }
-                        inputStream?.close()
                     }
+                    inputStream?.close()
                 }
-            } ?: Log.e(TAG, "Unable to retrieve cipher key to write entry binary")
+            }
 
             // End
             mOutputStream.write(END_FIELD_TYPE)

app/src/main/java/com/kunzisoft/keepass/database/file/output/GroupOutputKDB.kt

@@ -21,11 +21,7 @@ package com.kunzisoft.keepass.database.file.output
 
 import com.kunzisoft.keepass.database.element.group.GroupKDB
 import com.kunzisoft.keepass.database.exception.DatabaseOutputException
-import com.kunzisoft.keepass.stream.dateTo5Bytes
+import com.kunzisoft.keepass.utils.*
-import com.kunzisoft.keepass.stream.uIntTo4Bytes
-import com.kunzisoft.keepass.stream.uShortTo2Bytes
-import com.kunzisoft.keepass.utils.StringDatabaseKDBUtils
-import com.kunzisoft.keepass.utils.UnsignedInt
 import java.io.IOException
 import java.io.OutputStream
 
@@ -47,7 +43,7 @@ class GroupOutputKDB(private val mGroup: GroupKDB,
 
             // Name
             mOutputStream.write(NAME_FIELD_TYPE)
-            StringDatabaseKDBUtils.writeStringToStream(mOutputStream, mGroup.title)
+            writeStringToStream(mOutputStream, mGroup.title)
 
             // Create date
             mOutputStream.write(CREATE_FIELD_TYPE)
@@ -77,7 +73,7 @@ class GroupOutputKDB(private val mGroup: GroupKDB,
             // Level
             mOutputStream.write(LEVEL_FIELD_TYPE)
             mOutputStream.write(LEVEL_FIELD_SIZE)
-            mOutputStream.write(uShortTo2Bytes(mGroup.level))
+            mOutputStream.write(uShortTo2Bytes(mGroup.getLevel()))
 
             // Flags
             mOutputStream.write(FLAGS_FIELD_TYPE)

app/src/main/java/com/kunzisoft/keepass/database/search/EntryKDBXSearchHandler.kt

@@ -1,89 +0,0 @@
-/*
- * Copyright 2020 Jeremy Jamet / Kunzisoft.
- *     
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.database.search
-
-import com.kunzisoft.keepass.database.action.node.NodeHandler
-import com.kunzisoft.keepass.database.element.entry.EntryKDBX
-import com.kunzisoft.keepass.database.search.iterator.EntrySearchStringIteratorKDBX
-
-class EntryKDBXSearchHandler(private val mSearchParametersKDBX: SearchParameters,
-                             private val mListStorage: MutableList<EntryKDBX>)
-    : NodeHandler<EntryKDBX>() {
-
-    override fun operate(node: EntryKDBX): Boolean {
-
-        if (mSearchParametersKDBX.excludeExpired
-                && node.isCurrentlyExpires) {
-            return true
-        }
-
-        if (searchStrings(node)) {
-            mListStorage.add(node)
-            return true
-        }
-
-        if (searchInGroupNames(node)) {
-            mListStorage.add(node)
-            return true
-        }
-
-        if (searchInUUID(node)) {
-            mListStorage.add(node)
-            return true
-        }
-
-        return true
-    }
-
-    private fun searchInGroupNames(entry: EntryKDBX): Boolean {
-        if (mSearchParametersKDBX.searchInGroupNames) {
-            val parent = entry.parent
-            if (parent != null) {
-                return parent.title
-                        .contains(mSearchParametersKDBX.searchString, mSearchParametersKDBX.ignoreCase)
-            }
-        }
-
-        return false
-    }
-
-    private fun searchInUUID(entry: EntryKDBX): Boolean {
-        if (mSearchParametersKDBX.searchInUUIDs) {
-            return UuidUtil.toHexString(entry.id)
-                    .contains(mSearchParametersKDBX.searchString, true)
-        }
-
-        return false
-    }
-
-    private fun searchStrings(entry: EntryKDBX): Boolean {
-        val iterator = EntrySearchStringIteratorKDBX(entry, mSearchParametersKDBX)
-        while (iterator.hasNext()) {
-            val stringValue = iterator.next()
-            if (stringValue.isNotEmpty()) {
-                if (stringValue.contains(mSearchParametersKDBX.searchString, mSearchParametersKDBX.ignoreCase)) {
-                    return true
-                }
-            }
-        }
-
-        return false
-    }
-}

app/src/main/java/com/kunzisoft/keepass/database/search/SearchHelper.kt

@@ -24,15 +24,68 @@ import com.kunzisoft.keepass.database.action.node.NodeHandler
 import com.kunzisoft.keepass.database.element.Database
 import com.kunzisoft.keepass.database.element.Entry
 import com.kunzisoft.keepass.database.element.Group
-import com.kunzisoft.keepass.database.search.iterator.EntrySearchStringIteratorKDB
-import com.kunzisoft.keepass.database.search.iterator.EntrySearchStringIteratorKDBX
 import com.kunzisoft.keepass.model.EntryInfo
 import com.kunzisoft.keepass.model.SearchInfo
+import com.kunzisoft.keepass.otp.OtpEntryFields.OTP_FIELD
 import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.timeout.TimeoutHelper
+import com.kunzisoft.keepass.utils.StringUtil.flattenToAscii
+import com.kunzisoft.keepass.utils.UuidUtil
 
 class SearchHelper {
 
+    private var incrementEntry = 0
+
+    fun createVirtualGroupWithSearchResult(database: Database,
+                                           searchParameters: SearchParameters,
+                                           omitBackup: Boolean,
+                                           max: Int): Group? {
+
+        val searchGroup = database.createGroup()
+        searchGroup?.isVirtual = true
+        searchGroup?.title = "\"" + searchParameters.searchQuery + "\""
+
+        // Search all entries
+        incrementEntry = 0
+        database.rootGroup?.doForEachChild(
+                object : NodeHandler<Entry>() {
+                    override fun operate(node: Entry): Boolean {
+                        if (incrementEntry >= max)
+                            return false
+                        if (entryContainsString(database, node, searchParameters)) {
+                            searchGroup?.addChildEntry(node)
+                            incrementEntry++
+                        }
+                        // Stop searching when we have max entries
+                        return incrementEntry < max
+                    }
+                },
+                object : NodeHandler<Group>() {
+                    override fun operate(node: Group): Boolean {
+                        return when {
+                            incrementEntry >= max -> false
+                            database.isGroupSearchable(node, omitBackup) -> true
+                            else -> false
+                        }
+                    }
+                },
+                false)
+
+        return searchGroup
+    }
+
+    private fun entryContainsString(database: Database,
+                                    entry: Entry,
+                                    searchParameters: SearchParameters): Boolean {
+        // To search in field references
+        database.startManageEntry(entry)
+        // Search all strings in the entry
+        val searchFound = searchInEntry(entry, searchParameters)
+        database.stopManageEntry(entry)
+
+        return searchFound
+    }
+
     companion object {
         const val MAX_SEARCH_ENTRY = 10
 
@@ -70,75 +123,67 @@ class SearchHelper {
                 onDatabaseClosed.invoke()
             }
         }
-    }
 
-    private var incrementEntry = 0
+        /**
+         * Return true if the search query in search parameters is found in available parameters
+         */
+        fun searchInEntry(entry: Entry,
+                          searchParameters: SearchParameters): Boolean {
+            val searchQuery = searchParameters.searchQuery
+            // Entry don't contains string if the search string is empty
+            if (searchQuery.isEmpty())
+                return false
 
-    fun createVirtualGroupWithSearchResult(database: Database,
+            // Search all strings in the KDBX entry
-                                           searchQuery: String,
+            if (searchParameters.searchInTitles) {
-                                           searchParameters: SearchParameters,
+                if (checkSearchQuery(entry.title, searchParameters))
-                                           omitBackup: Boolean,
+                    return true
-                                           max: Int): Group? {
+            }
-
+            if (searchParameters.searchInUserNames) {
-        val searchGroup = database.createGroup()
+                if (checkSearchQuery(entry.username, searchParameters))
-        searchGroup?.isVirtual = true
+                    return true
-        searchGroup?.title = "\"" + searchQuery + "\""
+            }
-
+            if (searchParameters.searchInPasswords) {
-        // Search all entries
+                if (checkSearchQuery(entry.password, searchParameters))
-        incrementEntry = 0
+                    return true
-        database.rootGroup?.doForEachChild(
+            }
-                object : NodeHandler<Entry>() {
+            if (searchParameters.searchInUrls) {
-                    override fun operate(node: Entry): Boolean {
+                if (checkSearchQuery(entry.url, searchParameters))
-                        if (incrementEntry >= max)
+                    return true
-                            return false
+            }
-                        if (entryContainsString(node, searchQuery, searchParameters)) {
+            if (searchParameters.searchInNotes) {
-                            searchGroup?.addChildEntry(node)
+                if (checkSearchQuery(entry.notes, searchParameters))
-                            incrementEntry++
+                    return true
-                        }
+            }
-                        // Stop searching when we have max entries
+            if (searchParameters.searchInUUIDs) {
-                        return incrementEntry < max
+                val hexString = UuidUtil.toHexString(entry.nodeId.id)
+                if (hexString != null && hexString.contains(searchQuery, true))
+                    return true
+            }
+            if (searchParameters.searchInOther) {
+                entry.getExtraFields().forEach { field ->
+                    if (field.name != OTP_FIELD
+                            || (field.name == OTP_FIELD && searchParameters.searchInOTP)) {
+                        if (checkSearchQuery(field.protectedValue.toString(), searchParameters))
+                            return true
                     }
-                },
-                object : NodeHandler<Group>() {
-                    override fun operate(node: Group): Boolean {
-                        return when {
-                            incrementEntry >= max -> false
-                            database.isGroupSearchable(node, omitBackup) -> true
-                            else -> false
-                        }
-                    }
-                },
-                false)
-
-        return searchGroup
-    }
-
-    private fun entryContainsString(entry: Entry,
-                                    searchQuery: String,
-                                    searchParameters: SearchParameters): Boolean {
-
-        // Entry don't contains string if the search string is empty
-        if (searchQuery.isEmpty())
-            return false
-
-        // Search all strings in the entry
-        var iterator: Iterator<String>? = null
-        entry.entryKDB?.let {
-            iterator = EntrySearchStringIteratorKDB(it, searchParameters)
-        }
-        entry.entryKDBX?.let {
-            iterator = EntrySearchStringIteratorKDBX(it, searchParameters)
-        }
-
-        iterator?.let {
-            while (it.hasNext()) {
-                val currentString = it.next()
-                if (currentString.isNotEmpty()
-                        && currentString.contains(searchQuery, true)) {
-                        return true
                 }
             }
+            return false
+        }
+
+        private fun checkSearchQuery(stringToCheck: String, searchParameters: SearchParameters): Boolean {
+            /*
+            // TODO Search settings
+            var regularExpression = false
+            var ignoreCase = true
+            var flattenToASCII = true
+            var excludeExpired = false
+            var searchOnlyInCurrentGroup = false
+            */
+            return stringToCheck.isNotEmpty()
+                    && stringToCheck.flattenToAscii().contains(
+                        searchParameters.searchQuery.flattenToAscii(), true)
         }
-        return false
     }
 }

app/src/main/java/com/kunzisoft/keepass/database/search/SearchParameters.kt

@@ -23,57 +23,15 @@ package com.kunzisoft.keepass.database.search
  * Parameters for searching strings in the database.
  */
 class SearchParameters {
+    var searchQuery: String = ""
 
-    var searchString: String = ""
-
-    var regularExpression = false
     var searchInTitles = true
     var searchInUserNames = true
     var searchInPasswords = false
     var searchInUrls = true
-    var searchInGroupNames = false
     var searchInNotes = true
     var searchInOTP = false
     var searchInOther = true
     var searchInUUIDs = false
     var searchInTags = true
-    var ignoreCase = true
-    var ignoreExpired = false
-    var excludeExpired = false
-
-    constructor()
-
-    /**
-     * Copy search parameters
-     * @param source
-     */
-    constructor(source: SearchParameters) {
-        this.regularExpression = source.regularExpression
-        this.searchInTitles = source.searchInTitles
-        this.searchInUserNames = source.searchInUserNames
-        this.searchInPasswords = source.searchInPasswords
-        this.searchInUrls = source.searchInUrls
-        this.searchInGroupNames = source.searchInGroupNames
-        this.searchInNotes = source.searchInNotes
-        this.searchInOTP = source.searchInOTP
-        this.searchInOther = source.searchInOther
-        this.searchInUUIDs = source.searchInUUIDs
-        this.searchInTags = source.searchInTags
-        this.ignoreCase = source.ignoreCase
-        this.ignoreExpired = source.ignoreExpired
-        this.excludeExpired = source.excludeExpired
-    }
-
-    fun setupNone() {
-        searchInTitles = false
-        searchInUserNames = false
-        searchInPasswords = false
-        searchInUrls = false
-        searchInGroupNames = false
-        searchInNotes = false
-        searchInOTP = false
-        searchInOther = false
-        searchInUUIDs = false
-        searchInTags = false
-    }
 }

app/src/main/java/com/kunzisoft/keepass/database/search/UuidUtil.java

@@ -1,60 +0,0 @@
-/*
- * Copyright 2019 Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.database.search;
-
-import java.util.UUID;
-
-import static com.kunzisoft.keepass.stream.StreamBytesUtilsKt.uuidTo16Bytes;
-
-public class UuidUtil {
-
-    public static String toHexString(UUID uuid) {
-        if (uuid == null) { return null; }
-
-        byte[] buf = uuidTo16Bytes(uuid);
-
-        int len = buf.length;
-        if (len == 0) { return ""; }
-
-        StringBuilder sb = new StringBuilder();
-
-        short bt;
-        char high, low;
-        for (byte b : buf) {
-            bt = (short) (b & 0xFF);
-            high = (char) (bt >>> 4);
-            low = (char) (bt & 0x0F);
-            sb.append(byteToChar(high));
-            sb.append(byteToChar(low));
-        }
-
-        return sb.toString();
-    }
-
-    // Use short to represent unsigned byte
-    private static char byteToChar(char bt) {
-        if (bt >= 10) {
-            return (char)('A' + bt - 10);
-        }
-        else {
-            return (char)('0' + bt);
-        }
-    }
-}