Enable import for 2fas v4 (#372)

New translations via [Crowdin GH
Action](https://github.com/crowdin/github-action)

Co-authored-by: Crowdin Bot <support+bot@crowdin.com>

assets/custom-icons/_data/custom-icons.json

@@ -163,6 +163,9 @@
     {
       "title": "Proton"
     },
+    {
+      "title": "Proxmox"
+    },
     {
       "title": "Revolt",
       "hex": "858585"
@@ -206,10 +209,6 @@
       "title": "Twingate",
       "hex": "858585"
     },
-    {
-      "title": "Twitter",
-      "slug": "x"
-    },
     {
       "title": "Ubisoft",
       "hex": "4285f4"
@@ -229,7 +228,9 @@
       "title": "Wise"
     },
     {
-      "title": "X"
+      "title": "X",
+      "altNames": ["twitter"],
+      "slug": "x"
     },
     {
       "title": "NextDNS"
@@ -237,9 +238,6 @@
     {
       "title": "Skiff",
       "hex": "EF5A3C"
-    },
-    {
-      "title": "zzz_dev_test_icon"
     }
   ]
 }

assets/custom-icons/icons/proxmox.svg

@@ -0,0 +1,6 @@
+<svg width="500" height="500" viewBox="0 0 500 500" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M0 388.755L126.571 249.665L0 110.571C13.9095 96.6616 33.3816 87.8523 54.7141 87.8523C77.4297 87.8523 97.3643 97.5937 111.274 112.89L181.281 189.854L235.992 249.665L181.281 309.942L111.274 386.902C97.3643 402.202 77.4297 411.94 54.7141 411.94C33.3816 411.94 13.9095 403.127 0 388.755ZM500 388.757L373.43 249.667L500 110.573C486.091 96.6633 466.619 87.8536 445.286 87.8536C422.571 87.8536 402.636 97.5956 388.726 112.892L318.719 189.856L264.008 249.667L318.719 309.943L388.726 386.904C402.636 402.204 422.571 411.942 445.286 411.942C466.619 411.942 486.091 403.128 500 388.757Z" fill="#E57000"/>
+<g style="mix-blend-mode:difference">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M249.934 235.708L299.87 180.692L415.394 53.7358C402.7 41.0404 384.926 33 365.456 33C344.722 33 326.528 41.8913 313.83 55.8522L249.934 126.1L185.607 55.8522C172.491 41.4659 155.138 33 134.4 33C114.941 33 97.163 41.0404 84.4681 53.7358L199.996 180.692L249.934 235.708ZM249.937 263.615L299.873 318.631L415.398 445.588C402.703 458.283 384.929 466.323 365.459 466.323C344.725 466.323 326.531 457.432 313.834 443.471L249.937 373.224L185.61 443.471C172.494 457.857 155.141 466.323 134.403 466.323C114.944 466.323 97.1661 458.283 84.4713 445.588L200 318.631L249.937 263.615Z" fill="white"/>
+</g>
+</svg>

assets/custom-icons/icons/zzz_dev_test_icon.svg

@@ -1,5 +0,0 @@
-<svg width="500" height="500" viewBox="0 0 500 500" fill="none" xmlns="http://www.w3.org/2000/svg">
-<g style="mix-blend-mode:difference">
-<path fill-rule="evenodd" clip-rule="evenodd" d="M250.207 5C111.849 5 0 117.52 0 256.723C0 367.996 71.6655 462.186 171.084 495.522C183.514 498.028 188.067 490.106 188.067 483.442C188.067 477.606 187.658 457.603 187.658 436.761C118.056 451.767 103.562 406.754 103.562 406.754C92.3769 377.581 75.8036 370.083 75.8036 370.083C53.0231 354.662 77.463 354.662 77.463 354.662C102.733 356.329 115.992 380.501 115.992 380.501C138.358 418.84 174.398 408.007 188.897 401.338C190.966 385.084 197.599 373.832 204.641 367.582C149.128 361.746 90.7226 340.075 90.7226 243.385C90.7226 215.879 100.658 193.374 116.402 175.872C113.918 169.622 105.217 143.779 118.891 109.189C118.891 109.189 140.017 102.519 187.653 135.028C208.047 129.517 229.079 126.714 250.207 126.691C271.333 126.691 292.869 129.611 312.756 135.028C360.396 102.519 381.523 109.189 381.523 109.189C395.197 143.779 386.491 169.622 384.007 175.872C400.165 193.374 409.691 215.879 409.691 243.385C409.691 340.075 351.285 361.326 295.358 367.582C304.474 375.499 312.341 390.5 312.341 414.257C312.341 448.013 311.931 475.105 311.931 483.437C311.931 490.106 316.49 498.028 328.914 495.527C428.333 462.18 499.999 367.996 499.999 256.723C500.409 117.52 388.15 5 250.207 5Z" fill="white"/>
-</g>
-</svg>

lib/l10n/arb/app_ar.arb

@@ -0,0 +1 @@
+{}

lib/l10n/arb/app_en.arb

@@ -84,10 +84,12 @@
   "importFromApp": "Import codes from {appName}",
   "importGoogleAuthGuide": "Export your accounts from Google Authenticator to a QR code using the \"Transfer Accounts\" option. Then using another device, scan the QR code.\n\nTip: You can use your laptop's webcam to take a picture of the QR code.",
   "importSelectJsonFile": "Select JSON file",
+  "importSelectAppExport": "Select {appName} export file",
   "importEnteEncGuide": "Select the encrypted JSON file exported from ente",
   "importRaivoGuide": "Use the \"Export OTPs to Zip archive\" option in Raivo's Settings.\n\nExtract the zip file and import the JSON file.",
   "importBitwardenGuide": "Use the \"Export vault\" option within Bitwarden Tools and import the unencrypted JSON file.",
   "importAegisGuide": "Use the \"Export the vault\" option in Aegis's Settings.\n\nIf your vault is encrypted, you will need to enter vault password to decrypt the vault.",
+  "import2FasGuide": "Use the \"Settings->Backup -Export\" option in 2FAS.\n\nIf your backup is encrypted, you will need to enter the password to decrypt the backup",
   "exportCodes": "Export codes",
   "importLabel": "Import",
   "importInstruction": "Please select a file that contains a list of your codes in the following format",

lib/l10n/arb/app_ru.arb

@@ -391,5 +391,7 @@
   "iOSOkButton": "ОК",
   "@iOSOkButton": {
     "description": "Message showed on a button that the user can click to leave the current dialog. It is used on iOS side. Maximum 30 characters."
-  }
+  },
+  "noInternetConnection": "Нет подключения к Интернету",
+  "pleaseCheckYourInternetConnectionAndTryAgain": "Проверьте подключение к Интернету и повторите попытку."
 }

lib/l10n/arb/app_tr.arb

@@ -1,5 +1,6 @@
 {
   "account": "Hesabım",
+  "unlock": "Kilidi aç",
   "recoveryKey": "Kurtarma Anahtarı",
   "counterAppBarTitle": "Sayaç",
   "@counterAppBarTitle": {
@@ -83,6 +84,7 @@
   "importSelectJsonFile": "JSON dosyasını seçin",
   "importEnteEncGuide": "Ente'den dışa aktarılan şifrelenmiş JSON dosyasını seçin",
   "importRaivoGuide": "Raivo'nun ayarlarında \"OTP'leri Zip arşivine aktar\" seçeneğini kullanın.\n\nZip dosyasını çıkarın ve JSON dosyasını içe aktarın.",
+  "importBitwardenGuide": "Bitwarden Tools içindeki \"Kasayı dışa aktar\" seçeneğini kullanın ve şifrelenmemiş JSON dosyasını içe aktarın.",
   "importAegisGuide": "Aegis'in Ayarlarında \"Kasayı dışa aktar\" seçeneğini kullanın.\n\nKasanız şifrelenmişse, kasanın şifresini çözmek için kasa parolasını girmeniz gerekecektir.",
   "exportCodes": "Kodu dışa aktar",
   "importLabel": "İçe aktar",
@@ -90,16 +92,19 @@
   "importCodeDelimiterInfo": "Kodlar, virgülle ya da yeni bir satırla ayrılabilir",
   "selectFile": "Dosya seç",
   "emailVerificationToggle": "E-posta doğrulama",
+  "emailVerificationEnableWarning": "E-postanız için 2FA'yı bizde saklıyorsanız, e-posta doğrulamasını açmak bir kilitlenmeye neden olabilir. Bir hizmetin dışında kalırsanız, diğerine giriş yapamayabilirsiniz.",
   "authToChangeEmailVerificationSetting": "E-posta doğrulamasını değiştirmek için lütfen kimlik doğrulaması yapın",
   "authToViewYourRecoveryKey": "Kurtarma anahtarınızı görmek için lütfen kimliğinizi doğrulayın",
   "authToChangeYourEmail": "Epostanızı değiştirmek için lütfen kimliğinizi doğrulayın",
   "authToChangeYourPassword": "Şifrenizi değiştirmek için lütfen kimliğinizi doğrulayın",
+  "authToInitiateSignIn": "Yedekleme için giriş yapmayı başlatmak üzere lütfen kimlik doğrulaması yapın.",
   "ok": "Tamam",
   "cancel": "İptal Et",
   "yes": "Evet",
   "no": "Hayır",
   "email": "E-Posta",
   "support": "Destek",
+  "general": "Genel",
   "settings": "Ayarlar",
   "copied": "Kopyalandı",
   "pleaseTryAgain": "Lütfen tekrar deneyin",
@@ -179,6 +184,7 @@
   "enterDetailsManually": "Bilgileri elle girin",
   "edit": "Düzenle",
   "copiedToClipboard": "Panoya kopyalandı",
+  "copiedNextToClipboard": "Sonraki kod panoya kopyalandı",
   "error": "Hata",
   "recoveryKeyCopiedToClipboard": "Kurtarma anahtarı panoya kopyalandı",
   "recoveryKeyOnForgotPassword": "Eğer şifrenizi unutursanız, verilerinizi kurtarabileceğiniz tek yol bu anahtardır.",
@@ -249,6 +255,10 @@
   "privacy": "Gizlilik",
   "terms": "Şartlar",
   "checkForUpdates": "Güncellemeleri denetleyin",
+  "downloadUpdate": "İndir",
+  "criticalUpdateAvailable": "Kritik güncelleme mevcut",
+  "updateAvailable": "Güncelleme mevcut",
+  "update": "Güncelle",
   "checking": "Denetleniyor...",
   "youAreOnTheLatestVersion": "En son sürümdesiniz",
   "warning": "Uyarı",
@@ -313,7 +323,69 @@
   "plainText": "Düz metin",
   "passwordToEncryptExport": "Dışa aktarımı şifrelemek için parola",
   "export": "Dışa aktar",
+  "useOffline": "Yedekleme olmadan kullan",
+  "signInToBackup": "Kodlarınızı yedeklemek için giriş yapın",
+  "singIn": "Giriş yap",
+  "sigInBackupReminder": "Geri yükleyebileceğiniz bir yedeğiniz olduğundan emin olmak için lütfen kodlarınızı dışa aktarın.",
+  "offlineModeWarning": "Yedekleme yapmadan devam etmeyi seçtiniz. Kodlarınızın güvende olduğundan emin olmak için lütfen manuel yedekleme yapın.",
+  "showLargeIcons": "Büyük simgeler göster",
+  "shouldHideCode": "Kodları gizle",
+  "doubleTapToViewHiddenCode": "Kodu görüntülemek için bir girdiye çift dokunabilirsiniz",
+  "focusOnSearchBar": "Uygulama başladığında arama bölümüne odaklan",
+  "minimizeAppOnCopy": "Kopyalarken uygulamayı küçült",
   "editCodeAuthMessage": "Kodu düzenlemek için doğrulama yapın",
   "deleteCodeAuthMessage": "Kodu silmek için doğrulama yapın",
-  "showQRAuthMessage": "QR kodunu göstermek için doğrulama yapın"
+  "showQRAuthMessage": "QR kodunu göstermek için doğrulama yapın",
+  "confirmAccountDeleteTitle": "Hesap silme işlemini onayla",
+  "confirmAccountDeleteMessage": "Bu hesap, eğer kullanıyorsanız, diğer ente uygulamalarıyla bağlantılıdır.\n\nTüm ente uygulamalarında yüklediğiniz veriler silinmek üzere programlanacak ve hesabınız kalıcı olarak silinecektir.",
+  "androidBiometricHint": "Kimliği doğrula",
+  "@androidBiometricHint": {
+    "description": "Hint message advising the user how to authenticate with biometrics. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricNotRecognized": "Tanınmadı. Tekrar deneyin.",
+  "@androidBiometricNotRecognized": {
+    "description": "Message to let the user know that authentication was failed. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricSuccess": "Başarılı",
+  "@androidBiometricSuccess": {
+    "description": "Message to let the user know that authentication was successful. It is used on Android side. Maximum 60 characters."
+  },
+  "androidCancelButton": "İptal et",
+  "@androidCancelButton": {
+    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on Android side. Maximum 30 characters."
+  },
+  "androidSignInTitle": "Kimlik doğrulaması gerekli",
+  "@androidSignInTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user that they need to scan biometric to continue. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricRequiredTitle": "Biyometrik gerekli",
+  "@androidBiometricRequiredTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user has not set up biometric authentication on their device. It is used on Android side. Maximum 60 characters."
+  },
+  "androidDeviceCredentialsRequiredTitle": "Cihaz kimlik bilgileri gerekli",
+  "@androidDeviceCredentialsRequiredTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user has not set up credentials authentication on their device. It is used on Android side. Maximum 60 characters."
+  },
+  "goToSettings": "Ayarlara git",
+  "@goToSettings": {
+    "description": "Message showed on a button that the user can click to go to settings pages from the current dialog. It is used on both Android and iOS side. Maximum 30 characters."
+  },
+  "androidGoToSettingsDescription": "Biyometrik kimlik doğrulama cihazınızda ayarlanmamış. Biyometrik kimlik doğrulama eklemek için 'Ayarlar > Güvenlik' bölümüne gidin.",
+  "@androidGoToSettingsDescription": {
+    "description": "Message advising the user to go to the settings and configure biometric on their device. It shows in a dialog on Android side."
+  },
+  "iOSLockOut": "Biyometrik kimlik doğrulama devre dışı. Etkinleştirmek için lütfen ekranınızı kilitleyin ve kilidini açın.",
+  "@iOSLockOut": {
+    "description": "Message advising the user to re-enable biometrics on their device. It shows in a dialog on iOS side."
+  },
+  "iOSGoToSettingsDescription": "Cihazınızda biyometrik kimlik doğrulama ayarlanmamış. Lütfen telefonunuzda Touch ID veya Face ID'yi etkinleştirin.",
+  "@iOSGoToSettingsDescription": {
+    "description": "Message advising the user to go to the settings and configure Biometrics for their device. It shows in a dialog on iOS side."
+  },
+  "iOSOkButton": "Tamam",
+  "@iOSOkButton": {
+    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on iOS side. Maximum 30 characters."
+  },
+  "noInternetConnection": "İnternet bağlantısı yok",
+  "pleaseCheckYourInternetConnectionAndTryAgain": "Lütfen internet bağlantınızı kontrol edin ve yeniden deneyin."
 }

lib/l10n/arb/app_zh.arb

@@ -100,6 +100,7 @@
   "authToChangeYourEmail": "请验证以更改您的电子邮件",
   "authToChangeYourPassword": "请验证以更改密码",
   "authToViewSecrets": "请进行身份验证以查看您的秘密",
+  "authToInitiateSignIn": "请进行身份验证以启动登录进行备份。",
   "ok": "好的",
   "cancel": "取消",
   "yes": "是",
@@ -332,6 +333,7 @@
   "offlineModeWarning": "您已选择在不进行备份的情况下继续操作。请手动备份以确保您的代码安全。",
   "showLargeIcons": "显示大图标",
   "shouldHideCode": "隐藏代码",
+  "doubleTapToViewHiddenCode": "您可以双击条目来查看代码",
   "focusOnSearchBar": "应用启动后聚焦搜索",
   "confirmUpdatingkey": "您确定要更新此密钥吗？",
   "minimizeAppOnCopy": "复制时最小化应用",

lib/services/user_service.dart

@@ -146,9 +146,13 @@ class UserService {
       if (shouldCache) {
         if (userDetails.profileData != null) {
           _preferences.setBool(
-              kIsEmailMFAEnabled, userDetails.profileData!.isEmailMFAEnabled);
+            kIsEmailMFAEnabled,
+            userDetails.profileData!.isEmailMFAEnabled,
+          );
           _preferences.setBool(
-              kCanDisableEmailMFA, userDetails.profileData!.canDisableEmailMFA);
+            kCanDisableEmailMFA,
+            userDetails.profileData!.canDisableEmailMFA,
+          );
         }
         // handle email change from different client
         if (userDetails.email != _config.getEmail()) {

lib/ui/settings/data/import/2fas_import.dart

@@ -0,0 +1,209 @@
+import 'dart:async';
+import 'dart:convert';
+import 'dart:io';
+import 'dart:typed_data';
+
+import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/models/code.dart';
+import 'package:ente_auth/services/authenticator_service.dart';
+import 'package:ente_auth/store/code_store.dart';
+import 'package:ente_auth/ui/common/progress_dialog.dart';
+import 'package:ente_auth/ui/components/buttons/button_widget.dart';
+import 'package:ente_auth/ui/components/dialog_widget.dart';
+import 'package:ente_auth/ui/components/models/button_type.dart';
+import 'package:ente_auth/ui/settings/data/import/import_success.dart';
+import 'package:ente_auth/utils/dialog_util.dart';
+import 'package:file_picker/file_picker.dart';
+import 'package:flutter/cupertino.dart';
+import 'package:flutter/material.dart';
+import 'package:logging/logging.dart';
+import 'package:pointycastle/export.dart';
+
+Future<void> show2FasImportInstruction(BuildContext context) async {
+  final l10n = context.l10n;
+  final result = await showDialogWidget(
+    context: context,
+    title: l10n.importFromApp("2FAS Authenticator"),
+    body: l10n.import2FasGuide,
+    buttons: [
+      ButtonWidget(
+        buttonType: ButtonType.primary,
+        labelText: l10n.importSelectAppExport("2FAS Authenticator"),
+        isInAlert: true,
+        buttonSize: ButtonSize.large,
+        buttonAction: ButtonAction.first,
+      ),
+      ButtonWidget(
+        buttonType: ButtonType.secondary,
+        labelText: context.l10n.cancel,
+        buttonSize: ButtonSize.large,
+        isInAlert: true,
+        buttonAction: ButtonAction.second,
+      ),
+    ],
+  );
+  if (result?.action != null && result!.action != ButtonAction.cancel) {
+    if (result.action == ButtonAction.first) {
+      await _pick2FasFile(context);
+    } else {}
+  }
+}
+
+Future<void> _pick2FasFile(BuildContext context) async {
+  final l10n = context.l10n;
+  FilePickerResult? result = await FilePicker.platform
+      .pickFiles(dialogTitle: l10n.importSelectJsonFile);
+  if (result == null) {
+    return;
+  }
+  final ProgressDialog progressDialog =
+      createProgressDialog(context, l10n.pleaseWait);
+  await progressDialog.show();
+  try {
+    String path = result.files.single.path!;
+    int? count = await _process2FasExportFile(context, path, progressDialog);
+    await progressDialog.hide();
+    if (count != null) {
+      await importSuccessDialog(context, count);
+    }
+  } catch (e, s) {
+    Logger('2FASImport').severe('exception while processing import', e, s);
+    await progressDialog.hide();
+    await showErrorDialog(
+      context,
+      context.l10n.sorry,
+      context.l10n.importFailureDesc,
+    );
+  }
+}
+
+Future<int?> _process2FasExportFile(
+  BuildContext context,
+  String path,
+  final ProgressDialog dialog,
+) async {
+  File file = File(path);
+
+  final jsonString = await file.readAsString();
+  final decodedJson = jsonDecode(jsonString);
+  int version = (decodedJson['schemaVersion'] ?? 0) as int;
+  if (version != 3 && version != 4) {
+    await dialog.hide();
+    // todo: extract strings for l10n. Use same naming format as in aegis
+    // to avoid duplicate translation efforts.
+    await showErrorDialog(
+      context,
+      'Unsupported format: $version',
+      version == 0
+          ? "The selected file is not a valid 2FAS Authenticator export."
+          : "Sorry, the app doesn't support this version of 2FAS Authenticator export",
+    );
+    return null;
+  }
+
+  var decodedServices = decodedJson['services'];
+  // https://github.com/twofas/2fas-android/blob/e97f1a1040eafaed6d5284d54d33403dff215886/data/services/src/main/java/com/twofasapp/data/services/domain/BackupContent.kt#L39
+  final isEncrypted = decodedJson['reference'] != null;
+  if (isEncrypted) {
+    String? password;
+    try {
+      await showTextInputDialog(
+        context,
+        title: "Enter password to decrypt 2FAS backup",
+        submitButtonLabel: "Submit",
+        isPasswordInput: true,
+        onSubmit: (value) async {
+          password = value;
+        },
+      );
+      if (password == null) {
+        await dialog.hide();
+        return null;
+      }
+      final content = decrypt2FasVault(decodedJson, password: password!);
+      decodedServices = jsonDecode(content);
+    } catch (e, s) {
+      Logger("2FASImport").warning("exception while decrypting  backup", e, s);
+      await dialog.hide();
+      if (password != null) {
+        await showErrorDialog(
+          context,
+          "Failed to decrypt 2Fas export",
+          "Please check your password and try again.",
+        );
+      }
+      return null;
+    }
+  }
+  final parsedCodes = [];
+  for (var item in decodedServices) {
+    var kind = item['otp']['tokenType'];
+    var account = item['otp']['account'] ?? '';
+    var issuer = item['otp']['issuer'] ?? item['name'] ?? '';
+    var algorithm = item['otp']['algorithm'];
+    var secret = item['secret'];
+    var timer = item['otp']['period'];
+    var digits = item['otp']['digits'];
+    var counter = item['otp']['counter'];
+
+    // Build the OTP URL
+    String otpUrl;
+
+    if (kind.toLowerCase() == 'totp') {
+      otpUrl =
+          'otpauth://$kind/$issuer:$account?secret=$secret&issuer=$issuer&algorithm=$algorithm&digits=$digits&period=$timer';
+    } else if (kind.toLowerCase() == 'hotp') {
+      otpUrl =
+          'otpauth://$kind/$issuer:$account?secret=$secret&issuer=$issuer&algorithm=$algorithm&digits=$digits&counter=$counter';
+    } else {
+      throw Exception('Invalid OTP type');
+    }
+    parsedCodes.add(Code.fromRawData(otpUrl));
+  }
+
+  for (final code in parsedCodes) {
+    await CodeStore.instance.addCode(code, shouldSync: false);
+  }
+  unawaited(AuthenticatorService.instance.onlineSync());
+  int count = parsedCodes.length;
+  return count;
+}
+
+String decrypt2FasVault(dynamic data, {required String password}) {
+  int ITERATION_COUNT = 10000;
+  int KEY_SIZE = 256;
+  final String encryptedServices = data["servicesEncrypted"];
+  var split = encryptedServices.split(":");
+  final encryptedData = base64.decode(split[0]);
+  final salt = base64.decode(split[1]);
+  final iv = base64.decode(split[2]);
+  // derive 256 key using PBKDF2WithHmacSHA256 and 10000 iterations and above salt
+  final pbkdf2 = PBKDF2KeyDerivator(HMac(SHA256Digest(), 64));
+  final params = Pbkdf2Parameters(
+    salt,
+    ITERATION_COUNT,
+    KEY_SIZE ~/ 8,
+  );
+  pbkdf2.init(params);
+  Uint8List key = Uint8List(KEY_SIZE ~/ 8);
+  pbkdf2.deriveKey(Uint8List.fromList(utf8.encode(password)), 0, key, 0);
+  final decrypted = decrypt(key, iv, encryptedData);
+  final utf8Decode = utf8.decode(decrypted);
+  return utf8Decode;
+}
+
+Uint8List decrypt(Uint8List key, Uint8List iv, Uint8List data) {
+  final cipher = GCMBlockCipher(AESEngine())
+    ..init(
+      false,
+      AEADParameters(
+        KeyParameter(key),
+        128,
+        iv,
+        Uint8List.fromList(<int>[]),
+      ),
+    );
+
+  final dbBytes = cipher.process(data);
+  return dbBytes;
+}

lib/ui/settings/data/import/import_service.dart

@@ -1,3 +1,4 @@
+import 'package:ente_auth/ui/settings/data/import/2fas_import.dart';
 import 'package:ente_auth/ui/settings/data/import/aegis_import.dart';
 import 'package:ente_auth/ui/settings/data/import/bitwarden_import.dart';
 import 'package:ente_auth/ui/settings/data/import/encrypted_ente_import.dart';
@@ -32,6 +33,9 @@ class ImportService {
       case ImportType.aegis:
         showAegisImportInstruction(context);
         break;
+      case ImportType.twoFas:
+        show2FasImportInstruction(context);
+        break;
       case ImportType.bitwarden:
         showBitwardenImportInstruction(context);
         break;

lib/ui/settings/data/import_page.dart

@@ -15,6 +15,7 @@ enum ImportType {
   ravio,
   googleAuthenticator,
   aegis,
+  twoFas,
   bitwarden,
 }
 
@@ -22,10 +23,11 @@ class ImportCodePage extends StatelessWidget {
   late List<ImportType> importOptions = [
     ImportType.plainText,
     ImportType.encrypted,
-    ImportType.ravio,
+    ImportType.twoFas,
     ImportType.aegis,
-    ImportType.googleAuthenticator,
     ImportType.bitwarden,
+    ImportType.googleAuthenticator,
+    ImportType.ravio,
   ];
 
   ImportCodePage({super.key});
@@ -42,6 +44,8 @@ class ImportCodePage extends StatelessWidget {
         return 'Google Authenticator';
       case ImportType.aegis:
         return 'Aegis Authenticator';
+      case ImportType.twoFas:
+        return '2FAS Authenticator';
       case ImportType.bitwarden:
         return 'Bitwarden';
     }
@@ -66,7 +70,7 @@ class ImportCodePage extends StatelessWidget {
                   iconButtonType: IconButtonType.secondary,
                   onTap: () {
                     Navigator.pop(context);
-                    if(Navigator.canPop(context)) {
+                    if (Navigator.canPop(context)) {
                       Navigator.pop(context);
                     }
                   },

lib/utils/crypto_util.dart

@@ -451,9 +451,9 @@ class CryptoUtil {
     Uint8List salt,
     int memLimit,
     int opsLimit,
-  ) {
+  ) async {
     try {
-      return _computer.compute(
+      return await _computer.compute(
         cryptoPwHash,
         param: {
           "password": password,

pubspec.yaml

@@ -1,6 +1,6 @@
 name: ente_auth
 description: ente two-factor authenticator
-version: 2.0.22+222
+version: 2.0.25+225
 publish_to: none
 
 environment: