yetangitu/timelimit-android
1
0
Fork 0
mirror of https://codeberg.org/timelimit/timelimit-android.git synced 2025-10-06 03:50:23 +02:00
Code Issues Projects Releases Wiki Activity

Validate signatures without bouncycastle

Browse source
This commit is contained in:
Jonas Lochmann 2022-08-08 02:00:00 +02:00
parent 9a06227ced
commit f3e83f9954
No known key found for this signature in database
GPG key ID: 8B8C9AEE10FA5B36
5 changed files with 108 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

37
app/src/main/java/io/timelimit/android/u2f/U2FSignatureValidation.kt
View file

@ -16,26 +16,13 @@
package io.timelimit.android.u2f
import io.timelimit.android.u2f.protocol.U2FResponse
import org.bouncycastle.asn1.sec.SECNamedCurves
import org.bouncycastle.crypto.CryptoException
import org.bouncycastle.jce.provider.BouncyCastleProvider
import org.bouncycastle.jce.spec.ECParameterSpec
import org.bouncycastle.jce.spec.ECPublicKeySpec
import java.security.KeyFactory
import java.security.Security
import java.security.Signature
import java.security.spec.InvalidKeySpecException
import java.security.spec.X509EncodedKeySpec
object U2FSignatureValidation {
init {
Security.removeProvider("BC")
Security.addProvider(BouncyCastleProvider())
}
private val curve = SECNamedCurves.getByName("secp256r1")
private val ecParamSpec = ECParameterSpec(curve.getCurve(), curve.getG(), curve.getN(), curve.getH())
// based on https://github.com/Yubico/java-u2flib-server/blob/dd44d3cdce4eeaeb517f2acd1fd520d5a42ce752/u2flib-server-core/src/main/java/com/yubico/u2f/crypto/BouncyCastleCrypto.java
fun validate(
applicationId: ByteArray,
challenge: ByteArray,
@ -54,22 +41,22 @@ object U2FSignatureValidation {
if (publicKey.size != 65 || publicKey[0] != 4.toByte()) return false
val point = curve.getCurve().decodePoint(publicKey)
val verifier = Signature.getInstance("SHA256withECDSA")
val decodedPublicKey = KeyFactory.getInstance("EC", "BC").generatePublic(
ECPublicKeySpec(point, ecParamSpec)
verifier.initVerify(
KeyFactory
.getInstance("EC")
.generatePublic(
X509EncodedKeySpec(
byteArrayOf(48, 89, 48, 19, 6, 7, 42, -122, 72, -50, 61, 2, 1, 6, 8, 42, -122, 72, -50, 61, 3, 1, 7, 3, 66, 0) + publicKey
)
)
)
val verifier = Signature.getInstance("SHA256withECDSA", "BC")
verifier.initVerify(decodedPublicKey)
verifier.update(signedData)
return verifier.verify(response.signature)
} catch (ex: CryptoException) {
return false
} catch (ex: IllegalArgumentException) {
} catch (ex: InvalidKeySpecException) {
return false
}
}

4
app/src/main/res/values/strings.xml
View file

@ -107,10 +107,6 @@
(<a href="https://github.com/zxing/zxing/blob/master/LICENSE">Apache License 2.0</a>)
\n<a href="https://github.com/square/wire/blob/master/README.md">Wire</a>
(<a href="https://github.com/square/wire/blob/master/LICENSE.txt">Apache License 2.0</a>)
\n<a href="https://www.bouncycastle.org/">Bouncy Castle</a>
(<a href="https://www.bouncycastle.org/licence.html">MIT License</a>)
\n<a href="https://github.com/Yubico/java-u2flib-server">java-u2flib-server</a>
(<a href="https://github.com/Yubico/java-u2flib-server/blob/master/COPYING">BSD License</a>)
</string>
<string name="about_diagnose_title">Error diagnose</string>