empathicqubit/Signal-Android
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Replace spongy with libsignal x509 generation for device transfer.

Browse source
This commit is contained in:
Cody Henthorne 2021-05-19 17:29:48 -04:00 committed by GitHub
parent 6770d21cf7
commit 11df2bc51f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 16 additions and 100 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
app/witness-verifications.gradle
View file

@ -378,18 +378,6 @@ dependencyVerification {
['com.klinkerapps:logger:1.0.3',
'177e325259a8b111ad6745ec10db5861723c99f402222b80629f576f49408541'],
['com.madgag.spongycastle:core:1.58.0.0',
'199617dd5698c5a9312b898c0a4cec7ce9dd8649d07f65d91629f58229d72728'],
['com.madgag.spongycastle:pg:1.54.0.0',
'3f1011ec280c51434dd94396ec25c8d7876d861c0fb1fa9ae70824eddcda2f8f'],
['com.madgag.spongycastle:pkix:1.54.0.0',
'721a302f5ce18bf6fff89d514ef224c37b5dd9ca67a16b56fafaea4b24a51482'],
['com.madgag.spongycastle:prov:1.58.0.0',
'092fd09e7006b0814980513b013d4c2b3ffd24a49a635ab4b2d204bb51af1727'],
['com.makeramen:roundedimageview:2.1.0',
'1f5a1865796b308c6cdd114acc6e78408b110f0a62fc63553278fbeacd489cd1'],

12
device-transfer/lib/build.gradle
View file

@ -13,7 +13,6 @@ android {
defaultConfig {
minSdkVersion MINIMUM_SDK
targetSdkVersion TARGET_SDK
consumerProguardFiles 'lib-proguard-rules.pro'
}
compileOptions {
@ -29,16 +28,7 @@ dependencyVerification {
dependencies {
implementation 'androidx.appcompat:appcompat:1.2.0'
implementation project(':core-util')
implementation 'com.madgag.spongycastle:core:1.58.0.0'
implementation('com.madgag.spongycastle:prov:1.58.0.0') {
exclude group: 'junit'
}
implementation('com.madgag.spongycastle:pkix:1.54.0.0') {
exclude group: 'junit'
}
implementation('com.madgag.spongycastle:pg:1.54.0.0') {
exclude group: 'junit'
}
implementation 'org.whispersystems:signal-client-java:0.5.1'
api 'org.greenrobot:eventbus:3.0.0'
testImplementation 'junit:junit:4.12'

8
device-transfer/lib/lib-proguard-rules.pro
View file

@ -1,8 +0,0 @@
-keep class org.spongycastle.jcajce.provider.digest.SHA256** {*;}
-keepclassmembers class org.spongycastle.jcajce.provider.digest.SHA256** {*;}
-keep class org.spongycastle.jcajce.provider.asymmetric.RSA**
-keepclassmembers class org.spongycastle.jcajce.provider.asymmetric.RSA** {*;}
-keep class org.spongycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi** {*;}
-keepclassmembers class org.spongycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi** {*;}

69
device-transfer/lib/src/main/java/org/signal/devicetransfer/SelfSignedIdentity.java
View file

@ -3,32 +3,22 @@ package org.signal.devicetransfer;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x500.X500NameBuilder;
import org.spongycastle.asn1.x500.style.BCStyle;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.X509v3CertificateBuilder;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.operator.ContentSigner;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.signal.libsignal.devicetransfer.DeviceTransferKey;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
@ -43,24 +33,19 @@ import javax.net.ssl.X509TrustManager;
final class SelfSignedIdentity {
private static final String KEY_GENERATION_ALGORITHM = "RSA";
private static final int KEY_SIZE = 4096;
private static final String SSL_CONTEXT_PROTOCOL = "TLS";
private static final String CERTIFICATE_TYPE = "X509";
private static final String KEYSTORE_TYPE = "BKS";
private static final String SIGNATURE_ALGORITHM = "SHA256WithRSAEncryption";
private SelfSignedIdentity() { }
public static @NonNull SelfSignedKeys create() throws KeyGenerationFailedException {
try {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_GENERATION_ALGORITHM);
keyPairGenerator.initialize(KEY_SIZE);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
X509CertificateHolder x509 = createX509(keyPair);
return new SelfSignedKeys(x509.getEncoded(), keyPair.getPrivate());
} catch (GeneralSecurityException | OperatorCreationException | IOException e) {
DeviceTransferKey key = new DeviceTransferKey();
byte[] x509 = key.generateCertificate("SignalTransfer", 1);
PrivateKey privateKey = KeyFactory.getInstance(KEY_GENERATION_ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(key.keyMaterial()));
return new SelfSignedKeys(x509, privateKey);
} catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
throw new KeyGenerationFailedException(e);
}
}
@ -73,7 +58,7 @@ final class SelfSignedIdentity {
KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
keyStore.load(null);
keyStore.setKeyEntry("client", keys.getPrivateKey(), null, new Certificate[]{certificate});
keyStore.setKeyEntry("client", keys.getPrivateKey(), null, new Certificate[] { certificate });
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, null);
@ -88,40 +73,10 @@ final class SelfSignedIdentity {
throws GeneralSecurityException
{
SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_PROTOCOL);
sslContext.init(null, new TrustManager[]{trustManager}, new SecureRandom());
sslContext.init(null, new TrustManager[] { trustManager }, new SecureRandom());
return sslContext.getSocketFactory();
}
private static @NonNull X509CertificateHolder createX509(@NonNull KeyPair keyPair) throws OperatorCreationException {
Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
Date endDate = new Date(System.currentTimeMillis() + 24 * 60 * 60 * 1000);
X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
nameBuilder.addRDN(BCStyle.C, "United States");
nameBuilder.addRDN(BCStyle.ST, "California");
nameBuilder.addRDN(BCStyle.L, "San Francisco");
nameBuilder.addRDN(BCStyle.O, "Signal Foundation");
nameBuilder.addRDN(BCStyle.CN, "SignalTransfer");
X500Name x500Name = nameBuilder.build();
BigInteger serialNumber = BigInteger.valueOf(new SecureRandom().nextLong()).abs();
SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(x500Name,
serialNumber,
startDate,
endDate,
x500Name,
subjectPublicKeyInfo);
Security.addProvider(new BouncyCastleProvider());
ContentSigner signer = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(BouncyCastleProvider.PROVIDER_NAME)
.build(keyPair.getPrivate());
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
return certificateBuilder.build(signer);
}
static final class SelfSignedKeys {
private final byte[] x509Encoded;
private final PrivateKey privateKey;

15
device-transfer/lib/witness-verifications.gradle
View file

@ -78,19 +78,10 @@ dependencyVerification {
['com.google.protobuf:protobuf-javalite:3.10.0',
'215a94dbe100130295906b531bb72a26965c7ac8fcd9a75bf8054a8ac2abf4b4'],
['com.madgag.spongycastle:core:1.58.0.0',
'199617dd5698c5a9312b898c0a4cec7ce9dd8649d07f65d91629f58229d72728'],
['com.madgag.spongycastle:pg:1.54.0.0',
'3f1011ec280c51434dd94396ec25c8d7876d861c0fb1fa9ae70824eddcda2f8f'],
['com.madgag.spongycastle:pkix:1.54.0.0',
'721a302f5ce18bf6fff89d514ef224c37b5dd9ca67a16b56fafaea4b24a51482'],
['com.madgag.spongycastle:prov:1.58.0.0',
'092fd09e7006b0814980513b013d4c2b3ffd24a49a635ab4b2d204bb51af1727'],
['org.greenrobot:eventbus:3.0.0',
'180d4212467df06f2fbc9c8d8a2984533ac79c87769ad883bc421612f0b4e17c'],
['org.whispersystems:signal-client-java:0.5.1',
'682a8094d38a91c8759071b77177ed8196a7137314fdfbb17e819c9ca57a0397'],
]
}