diff --git a/app/witness-verifications.gradle b/app/witness-verifications.gradle index d811df6ed..f51c946f5 100644 --- a/app/witness-verifications.gradle +++ b/app/witness-verifications.gradle @@ -378,18 +378,6 @@ dependencyVerification { ['com.klinkerapps:logger:1.0.3', '177e325259a8b111ad6745ec10db5861723c99f402222b80629f576f49408541'], - ['com.madgag.spongycastle:core:1.58.0.0', - '199617dd5698c5a9312b898c0a4cec7ce9dd8649d07f65d91629f58229d72728'], - - ['com.madgag.spongycastle:pg:1.54.0.0', - '3f1011ec280c51434dd94396ec25c8d7876d861c0fb1fa9ae70824eddcda2f8f'], - - ['com.madgag.spongycastle:pkix:1.54.0.0', - '721a302f5ce18bf6fff89d514ef224c37b5dd9ca67a16b56fafaea4b24a51482'], - - ['com.madgag.spongycastle:prov:1.58.0.0', - '092fd09e7006b0814980513b013d4c2b3ffd24a49a635ab4b2d204bb51af1727'], - ['com.makeramen:roundedimageview:2.1.0', '1f5a1865796b308c6cdd114acc6e78408b110f0a62fc63553278fbeacd489cd1'], diff --git a/device-transfer/lib/build.gradle b/device-transfer/lib/build.gradle index 2285a21a2..d76925b9a 100644 --- a/device-transfer/lib/build.gradle +++ b/device-transfer/lib/build.gradle @@ -13,7 +13,6 @@ android { defaultConfig { minSdkVersion MINIMUM_SDK targetSdkVersion TARGET_SDK - consumerProguardFiles 'lib-proguard-rules.pro' } compileOptions { @@ -29,16 +28,7 @@ dependencyVerification { dependencies { implementation 'androidx.appcompat:appcompat:1.2.0' implementation project(':core-util') - implementation 'com.madgag.spongycastle:core:1.58.0.0' - implementation('com.madgag.spongycastle:prov:1.58.0.0') { - exclude group: 'junit' - } - implementation('com.madgag.spongycastle:pkix:1.54.0.0') { - exclude group: 'junit' - } - implementation('com.madgag.spongycastle:pg:1.54.0.0') { - exclude group: 'junit' - } + implementation 'org.whispersystems:signal-client-java:0.5.1' api 'org.greenrobot:eventbus:3.0.0' testImplementation 'junit:junit:4.12' diff --git a/device-transfer/lib/lib-proguard-rules.pro b/device-transfer/lib/lib-proguard-rules.pro deleted file mode 100644 index 3540c440b..000000000 --- a/device-transfer/lib/lib-proguard-rules.pro +++ /dev/null @@ -1,8 +0,0 @@ --keep class org.spongycastle.jcajce.provider.digest.SHA256** {*;} --keepclassmembers class org.spongycastle.jcajce.provider.digest.SHA256** {*;} - --keep class org.spongycastle.jcajce.provider.asymmetric.RSA** --keepclassmembers class org.spongycastle.jcajce.provider.asymmetric.RSA** {*;} - --keep class org.spongycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi** {*;} --keepclassmembers class org.spongycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi** {*;} diff --git a/device-transfer/lib/src/main/java/org/signal/devicetransfer/SelfSignedIdentity.java b/device-transfer/lib/src/main/java/org/signal/devicetransfer/SelfSignedIdentity.java index 3b60cfd95..4a4a29d33 100644 --- a/device-transfer/lib/src/main/java/org/signal/devicetransfer/SelfSignedIdentity.java +++ b/device-transfer/lib/src/main/java/org/signal/devicetransfer/SelfSignedIdentity.java @@ -3,32 +3,22 @@ package org.signal.devicetransfer; import androidx.annotation.NonNull; import androidx.annotation.Nullable; -import org.spongycastle.asn1.x500.X500Name; -import org.spongycastle.asn1.x500.X500NameBuilder; -import org.spongycastle.asn1.x500.style.BCStyle; -import org.spongycastle.asn1.x509.SubjectPublicKeyInfo; -import org.spongycastle.cert.X509CertificateHolder; -import org.spongycastle.cert.X509v3CertificateBuilder; -import org.spongycastle.jce.provider.BouncyCastleProvider; -import org.spongycastle.operator.ContentSigner; -import org.spongycastle.operator.OperatorCreationException; -import org.spongycastle.operator.jcajce.JcaContentSignerBuilder; +import org.signal.libsignal.devicetransfer.DeviceTransferKey; import java.io.ByteArrayInputStream; import java.io.IOException; -import java.math.BigInteger; import java.security.GeneralSecurityException; -import java.security.KeyPair; -import java.security.KeyPairGenerator; +import java.security.KeyFactory; import java.security.KeyStore; +import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.SecureRandom; -import java.security.Security; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; -import java.util.Date; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; @@ -43,24 +33,19 @@ import javax.net.ssl.X509TrustManager; final class SelfSignedIdentity { private static final String KEY_GENERATION_ALGORITHM = "RSA"; - private static final int KEY_SIZE = 4096; private static final String SSL_CONTEXT_PROTOCOL = "TLS"; private static final String CERTIFICATE_TYPE = "X509"; private static final String KEYSTORE_TYPE = "BKS"; - private static final String SIGNATURE_ALGORITHM = "SHA256WithRSAEncryption"; private SelfSignedIdentity() { } public static @NonNull SelfSignedKeys create() throws KeyGenerationFailedException { try { - KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_GENERATION_ALGORITHM); - keyPairGenerator.initialize(KEY_SIZE); - - KeyPair keyPair = keyPairGenerator.generateKeyPair(); - X509CertificateHolder x509 = createX509(keyPair); - - return new SelfSignedKeys(x509.getEncoded(), keyPair.getPrivate()); - } catch (GeneralSecurityException | OperatorCreationException | IOException e) { + DeviceTransferKey key = new DeviceTransferKey(); + byte[] x509 = key.generateCertificate("SignalTransfer", 1); + PrivateKey privateKey = KeyFactory.getInstance(KEY_GENERATION_ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(key.keyMaterial())); + return new SelfSignedKeys(x509, privateKey); + } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { throw new KeyGenerationFailedException(e); } } @@ -73,7 +58,7 @@ final class SelfSignedIdentity { KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE); keyStore.load(null); - keyStore.setKeyEntry("client", keys.getPrivateKey(), null, new Certificate[]{certificate}); + keyStore.setKeyEntry("client", keys.getPrivateKey(), null, new Certificate[] { certificate }); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, null); @@ -88,40 +73,10 @@ final class SelfSignedIdentity { throws GeneralSecurityException { SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_PROTOCOL); - sslContext.init(null, new TrustManager[]{trustManager}, new SecureRandom()); + sslContext.init(null, new TrustManager[] { trustManager }, new SecureRandom()); return sslContext.getSocketFactory(); } - private static @NonNull X509CertificateHolder createX509(@NonNull KeyPair keyPair) throws OperatorCreationException { - Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); - Date endDate = new Date(System.currentTimeMillis() + 24 * 60 * 60 * 1000); - - X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE); - nameBuilder.addRDN(BCStyle.C, "United States"); - nameBuilder.addRDN(BCStyle.ST, "California"); - nameBuilder.addRDN(BCStyle.L, "San Francisco"); - nameBuilder.addRDN(BCStyle.O, "Signal Foundation"); - nameBuilder.addRDN(BCStyle.CN, "SignalTransfer"); - - X500Name x500Name = nameBuilder.build(); - BigInteger serialNumber = BigInteger.valueOf(new SecureRandom().nextLong()).abs(); - SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()); - - X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(x500Name, - serialNumber, - startDate, - endDate, - x500Name, - subjectPublicKeyInfo); - - Security.addProvider(new BouncyCastleProvider()); - ContentSigner signer = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(BouncyCastleProvider.PROVIDER_NAME) - .build(keyPair.getPrivate()); - Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME); - - return certificateBuilder.build(signer); - } - static final class SelfSignedKeys { private final byte[] x509Encoded; private final PrivateKey privateKey; diff --git a/device-transfer/lib/witness-verifications.gradle b/device-transfer/lib/witness-verifications.gradle index 0657a0ed9..e597f7e91 100644 --- a/device-transfer/lib/witness-verifications.gradle +++ b/device-transfer/lib/witness-verifications.gradle @@ -78,19 +78,10 @@ dependencyVerification { ['com.google.protobuf:protobuf-javalite:3.10.0', '215a94dbe100130295906b531bb72a26965c7ac8fcd9a75bf8054a8ac2abf4b4'], - ['com.madgag.spongycastle:core:1.58.0.0', - '199617dd5698c5a9312b898c0a4cec7ce9dd8649d07f65d91629f58229d72728'], - - ['com.madgag.spongycastle:pg:1.54.0.0', - '3f1011ec280c51434dd94396ec25c8d7876d861c0fb1fa9ae70824eddcda2f8f'], - - ['com.madgag.spongycastle:pkix:1.54.0.0', - '721a302f5ce18bf6fff89d514ef224c37b5dd9ca67a16b56fafaea4b24a51482'], - - ['com.madgag.spongycastle:prov:1.58.0.0', - '092fd09e7006b0814980513b013d4c2b3ffd24a49a635ab4b2d204bb51af1727'], - ['org.greenrobot:eventbus:3.0.0', '180d4212467df06f2fbc9c8d8a2984533ac79c87769ad883bc421612f0b4e17c'], + + ['org.whispersystems:signal-client-java:0.5.1', + '682a8094d38a91c8759071b77177ed8196a7137314fdfbb17e819c9ca57a0397'], ] }