README.md

@@ -1,3 +1,7 @@
+# DEPRECATED
+
+**This project is not maintained.** Please migrate to [Akamai MFA](https://mfa.akamai.com/help).
+
 <a href="https://krypt.co"><img src="https://krypt.co/static/dist/img/krypton_core_logo.svg" width="200"/> </a>
 
 __Krypton__ generates and stores an SSH key pair on a mobile phone. The

app/build.gradle

@@ -1,14 +1,15 @@
 apply plugin: 'com.android.application'
+apply plugin: 'io.fabric'
 
 android {
     compileSdkVersion 27
-    buildToolsVersion '27.0.3'
+    buildToolsVersion '28.0.3'
     defaultConfig {
         applicationId "co.krypt.kryptonite"
         minSdkVersion 23
-        targetSdkVersion 27
-        versionCode 45
-        versionName "2.4.4"
+        targetSdkVersion 26
+        versionCode 61
+        versionName "2.5.6"
         testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
         externalNativeBuild {
             cmake {
@@ -43,14 +44,17 @@ android {
         sourceCompatibility JavaVersion.VERSION_1_8
         targetCompatibility JavaVersion.VERSION_1_8
     }
+    //https://stackoverflow.com/questions/47298895/more-than-one-file-was-found-with-os-independent-path-protobuf-meta
+    packagingOptions {
+        exclude 'build-data.properties'
+    }
 }
 
 dependencies {
     implementation fileTree(include: ['*.jar'], dir: 'libs')
     androidTestImplementation('com.android.support.test.espresso:espresso-core:2.2.2', {
         exclude group: 'com.android.support', module: 'support-annotations'
     })
-    // Optional -- Mockito framework
     implementation project(':libsodium-jni-release')
     testImplementation project(':libsodium-jni-release')
     implementation 'org.cache2k:cache2k-api:0.19.1'
@@ -59,17 +63,20 @@ dependencies {
     implementation 'com.google.guava:guava:23.4-android'
     implementation 'com.android.support:appcompat-v7:27.0.2'
     implementation 'com.android.support:support-compat:27.0.2'
-    implementation 'com.google.android.gms:play-services-base:11.6.2'
+    implementation 'com.google.android.gms:play-services-base:15.0.1'
     implementation 'com.android.support:design:27.0.2'
     implementation 'com.google.code.gson:gson:2.8.0'
     implementation 'com.amazonaws:aws-android-sdk-core:2.2.22'
     implementation 'com.amazonaws:aws-android-sdk-sqs:2.2.22'
     implementation 'com.amazonaws:aws-android-sdk-sns:2.2.22'
-    implementation 'com.google.firebase:firebase-messaging:11.6.2'
-    implementation 'com.google.firebase:firebase-crash:11.6.2'
+    implementation 'com.google.firebase:firebase-messaging:17.3.1'
+    implementation 'com.google.firebase:firebase-core:16.0.3'
+    implementation 'com.crashlytics.sdk.android:crashlytics:2.9.5'
     implementation 'com.android.support:recyclerview-v7:27.0.2'
     implementation 'com.android.support:cardview-v7:27.0.2'
-    implementation 'com.github.anrwatchdog:anrwatchdog:1.3.+'
+    implementation 'com.github.anrwatchdog:anrwatchdog:1.3.0'
+    implementation 'org.bouncycastle:bcpkix-jdk15on:1.60'
+    implementation 'com.google.crypto.tink:tink-android:1.1.1'
     implementation 'com.jakewharton:disklrucache:2.0.2'
     implementation 'com.j256.ormlite:ormlite-android:5.0'
     implementation 'com.jaredrummler:android-device-names:1.1.2'
@@ -78,6 +85,7 @@ dependencies {
     implementation 'com.google.zxing:core:3.3.1'
     implementation 'mobi.upod:time-duration-picker:1.1.3'
     implementation 'org.greenrobot:eventbus:3.1.1'
+    implementation 'commons-codec:commons-codec:1.11'
     testImplementation 'junit:junit:4.12'
     testImplementation 'org.mockito:mockito-core:1.10.19'
     testImplementation 'org.powermock:powermock-module-junit4:1.6.4'
@@ -89,4 +97,4 @@ dependencies {
 
 
 
-apply plugin: 'com.google.gms.google-services'
+apply plugin: 'com.google.gms.google-services'

app/release/output.json

@@ -1 +1 @@
-[{"outputType":{"type":"APK"},"apkInfo":{"type":"MAIN","splits":[],"versionCode":45,"versionName":"2.4.4","enabled":true,"outputFile":"app-release.apk","fullName":"release","baseName":"release"},"path":"app-release.apk","properties":{}}]
+[{"outputType":{"type":"APK"},"apkInfo":{"type":"MAIN","splits":[],"versionCode":61,"versionName":"2.5.6","enabled":true,"outputFile":"app-release.apk","fullName":"release","baseName":"release"},"path":"app-release.apk","properties":{}}]

app/src/main/AndroidManifest.xml

@@ -10,7 +10,6 @@
 
     <uses-permission android:name="android.permission.BLUETOOTH"/>
     <uses-permission android:name="android.permission.BLUETOOTH_ADMIN"/>
-
     <uses-permission android:name="android.permission.WAKE_LOCK"/>
 
     <uses-feature
@@ -24,7 +23,6 @@
         android:supportsRtl="true"
         android:theme="@style/AppTheme"
         tools:replace="android:allowBackup">
-        <activity android:name=".MeActivity"/>
         <!-- Note: MainActivity kept the legacy package so that launch icons on the home screen remained. -->
         <activity
             android:name="co.krypt.kryptonite.MainActivity"
@@ -45,6 +43,18 @@
             android:taskAffinity=""
             android:theme="@android:style/Theme.Translucent.NoTitleBar"/>
 
+        <activity
+            android:name="co.krypt.krypton.u2f.U2FAuthenticateActivity"
+            android:launchMode="standard"
+            android:theme="@style/Theme.Transparent"
+            >
+            <intent-filter>
+                <action android:name="com.google.android.apps.authenticator.AUTHENTICATE"/>
+                <category android:name="android.intent.category.DEFAULT"/>
+                <category android:name="android.intent.category.BROWSABLE"/>
+            </intent-filter>
+        </activity>
+
         <service
             android:name=".transport.FirebaseMessagingService"
             android:enabled="true">
@@ -74,15 +84,14 @@
         <activity
             android:name=".onboarding.OnboardingActivity"
             android:launchMode="singleTop"
-            android:theme="@style/AppTheme.Launcher"
-            android:screenOrientation="portrait"/>
+            android:screenOrientation="portrait"
+            android:theme="@style/AppTheme.Launcher"/>
         <activity
             android:name=".team.onboarding.TeamOnboardingActivity"
             android:launchMode="singleTask"
             android:screenOrientation="portrait"
-            android:windowSoftInputMode="adjustNothing"
             android:theme="@style/AppTheme.Launcher"
-            >
+            android:windowSoftInputMode="adjustNothing">
             <intent-filter>
                 <action android:name="android.intent.action.VIEW"/>
 
@@ -120,6 +129,7 @@
             android:name=".log.AuditLogContentProvider"
             android:authorities="co.krypt.krypton.log.AuditLogContentProvider"
             android:exported="true"/>
+
     </application>
 
 </manifest>

app/src/main/java/co/krypt/krypton/analytics/Analytics.java

@@ -58,34 +58,6 @@ private String getPublishedEmail() {
         }
     }
 
-    public void publishEmailToTeamsIfNeeded(final String email) {
-        synchronized (lock) {
-            if (isDisabled()) {
-                return;
-            }
-            if (!email.equals(getPublishedEmail())) {
-                threadPool.submit(() -> {
-                    Uri.Builder uri = new Uri.Builder().scheme("https").authority("teams.krypt.co")
-                            .appendQueryParameter("id", getClientID())
-                            .appendQueryParameter("email", email);
-                    try {
-                        URL url = new URL(uri.toString());
-                        HttpURLConnection connection = (HttpURLConnection) url.openConnection();
-                        connection.setRequestMethod("PUT");
-                        try {
-                            InputStream in = new BufferedInputStream(connection.getInputStream());
-                            preferences.edit().putString(PUBLISHED_EMAIL_KEY, email).apply();
-                        } finally {
-                            connection.disconnect();
-                        }
-                    } catch (IOException e) {
-                        e.printStackTrace();
-                    }
-                });
-            }
-        }
-    }
-
     private void post(String clientID, HashMap<String, String> params, boolean force) {
         if (isDisabled() && !force) {
             return;
@@ -101,6 +73,8 @@ private void post(String clientID, HashMap<String, String> params, boolean force
         defaultParams.put("cd6", DeviceName.getDeviceName());
         defaultParams.put("cd7", clientID);
         defaultParams.put("cd9", BuildConfig.VERSION_NAME);
+        //  anonymize IP address
+        defaultParams.put("aip", "1");
 
         defaultParams.putAll(params);
 
@@ -115,6 +89,7 @@ private void post(String clientID, HashMap<String, String> params, boolean force
                 HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection();
                 try {
                     InputStream in = new BufferedInputStream(urlConnection.getInputStream());
+                    in.close();
                 } finally {
                     urlConnection.disconnect();
                 }
@@ -134,7 +109,10 @@ public void postPageView(String page) {
         post(getClientID(), params, false);
     }
 
-    public void postEvent(String category, String action, @Nullable String label, @Nullable Integer value, boolean force) {
+    public void postEvent(@Nullable String category, String action, @Nullable String label, @Nullable Integer value, boolean force) {
+        if (category == null) {
+            return;
+        }
         HashMap<String, String> params = new HashMap<>();
         params.put("t", "event");
         params.put("ec", category);

app/src/main/java/co/krypt/krypton/approval/ApprovalDialog.java

@@ -5,6 +5,7 @@
 import android.support.v4.util.Pair;
 import android.support.v7.app.AlertDialog;
 import android.util.Log;
+import android.util.MutableBoolean;
 import android.view.View;
 import android.widget.TextView;
 
@@ -20,7 +21,10 @@
 import co.krypt.krypton.protocol.RequestBody;
 import co.krypt.krypton.protocol.SignRequest;
 import co.krypt.krypton.protocol.TeamOperationRequest;
+import co.krypt.krypton.protocol.U2FAuthenticateRequest;
+import co.krypt.krypton.protocol.U2FRegisterRequest;
 import co.krypt.krypton.protocol.UnpairRequest;
+import co.krypt.krypton.silo.Silo;
 
 /**
  * Created by Kevin King on 5/5/17.
@@ -125,17 +129,55 @@ public Void visit(TeamOperationRequest teamOperationRequest) throws RuntimeExcep
                         (dialog, id) -> Policy.onAction(activity.getApplicationContext(), requestID, Policy.APPROVE_ONCE));
                 return null;
             }
+
+            @Override
+            public Void visit(U2FRegisterRequest u2FRegisterRequest) throws RuntimeException {
+                MutableBoolean isZeroTouchChecked = new MutableBoolean(false);
+                final CharSequence[] options = {"Automatically approve future requests from this device"};
+                builder.setMultiChoiceItems(options, null, (dialog, which, isChecked) -> {isZeroTouchChecked.value = isChecked;});
+                builder.setPositiveButton("Allow",
+                        (dialog, id) -> {
+                            // Only overwrite this setting when the box is checked.
+                            // If the setting was already true, the user shouldn't have gotten here,
+                            // and if it was changed while the notification was pending we don't want to overwrite that.
+                            if (isZeroTouchChecked.value) {
+                                Silo silo = Silo.shared(activity.getApplicationContext());
+                                silo.pairings().setU2FZeroTouchAllowed(pairing.getUUIDString(), isZeroTouchChecked.value);
+                            }
+                            Policy.onAction(activity.getApplicationContext(), requestID, Policy.APPROVE_ONCE);
+                        });
+                return null;
+            }
+
+            @Override
+            public Void visit(U2FAuthenticateRequest u2FAuthenticateRequest) throws RuntimeException {
+                MutableBoolean isZeroTouchChecked = new MutableBoolean(false);
+                final CharSequence[] options = {"Automatically approve future requests from this device"};
+                builder.setMultiChoiceItems(options, null, (dialog, which, isChecked) -> {isZeroTouchChecked.value = isChecked;});
+                builder.setPositiveButton("Allow",
+                        (dialog, id) -> {
+                            // Only overwrite this setting when the box is checked.
+                            // If the setting was already true, the user shouldn't have gotten here,
+                            // and if it was changed while the notification was pending we don't want to overwrite that.
+                            if (isZeroTouchChecked.value) {
+                                Silo silo = Silo.shared(activity.getApplicationContext());
+                                silo.pairings().setU2FZeroTouchAllowed(pairing.getUUIDString(), isZeroTouchChecked.value);
+                            }
+                            Policy.onAction(activity.getApplicationContext(), requestID, Policy.APPROVE_ONCE);
+                        });
+                return null;
+            }
         });
 
         builder.setOnDismissListener(dialogInterface -> {
             Policy.onAction(activity.getApplicationContext(), requestID, Policy.REJECT);
         });
         View requestView = activity.getLayoutInflater().inflate(R.layout.request, null);
         TextView workstationNameText = (TextView) requestView.findViewById(R.id.workstationName);
-        workstationNameText.setText(pairing.workstationName);
+        workstationNameText.setText(pairing.getDisplayName());
         ConstraintLayout content = (ConstraintLayout) requestView.findViewById(R.id.content);
         request.fillView(content);
-        builder.setView(requestView);
+        builder.setCustomTitle(requestView);
         builder.create().show();
     }
 }

app/src/main/java/co/krypt/krypton/crypto/Base64.java

@@ -10,19 +10,22 @@
 public class Base64 {
     public static byte[] decode(String s) throws CryptoException {
         try {
-            return android.util.Base64.decode(s, android.util.Base64.DEFAULT);
+            return com.google.crypto.tink.subtle.Base64.decode(s);
         } catch (IllegalArgumentException e) {
             throw new CryptoException(e.getMessage());
         }
     }
     public static byte[] decodeURLSafe(String s) throws CryptoException {
         try {
-            return android.util.Base64.decode(s, android.util.Base64.URL_SAFE);
+            return com.google.crypto.tink.subtle.Base64.urlSafeDecode(s);
         } catch (IllegalArgumentException e) {
             throw new CryptoException(e.getMessage());
         }
     }
     public static String encode(byte[] b) {
-        return com.amazonaws.util.Base64.encodeAsString(b);
+        return com.google.crypto.tink.subtle.Base64.encode(b);
+    }
+    public static String encodeURLSafe(byte[] b) {
+        return com.google.crypto.tink.subtle.Base64.urlSafeEncode(b);
     }
 }

app/src/main/java/co/krypt/krypton/crypto/RSAKeyManager.java

@@ -63,7 +63,7 @@ public SSHKeyPairI loadOrGenerateKeyPair(String tag) throws CryptoException {
                     //  java.security.KeyStore.getEntry (KeyStore.java:645)
                     //  co.krypt.krypton.crypto.RSAKeyManager.loadOrGenerateKeyPair (RSAKeyManager.java:58)
                     //  co.krypt.krypton.crypto.KeyManager.loadOrGenerateKeyPair (KeyManager.java:16)
-                    //  co.krypt.krypton.onboarding.GenerateFragment$3.run (GenerateFragment.java:105)
+                    //  co.krypt.krypton.onboarding.WelcomeFragment$3.run (WelcomeFragment.java:105)
                     //  java.lang.Thread.run (Thread.java:818)
                     privateKeyEntry = keyStore.getEntry(tag, null);
                 } catch (NullPointerException npe) {
@@ -134,23 +134,7 @@ public SSHKeyPairI loadOrGenerateNoDigestKeyPair(String tag) throws CryptoExcept
                 long genStop = System.currentTimeMillis();
                 Log.i(LOG_TAG, "KeyGen took " + String.valueOf((genStop - genStart)));
                 return new RSASSHKeyPair(keyPair, 0);
-            } catch (CertificateException e) {
-                throw new CryptoException(e.getMessage());
-            } catch (InvalidAlgorithmParameterException e) {
-                throw new CryptoException(e.getMessage());
-            } catch (IOException e) {
-                throw new CryptoException(e.getMessage());
-            } catch (KeyStoreException e) {
-                throw new CryptoException(e.getMessage());
-            } catch (NoSuchAlgorithmException e) {
-                throw new CryptoException(e.getMessage());
-            } catch (NoSuchProviderException e) {
-                throw new CryptoException(e.getMessage());
-            } catch (ProviderException e) {
-                throw new CryptoException(e.getMessage());
-            } catch (UnrecoverableEntryException e) {
-                throw new CryptoException(e.getMessage());
-            } catch (UnsupportedOperationException e) {
+            } catch (CertificateException | UnsupportedOperationException | UnrecoverableEntryException | ProviderException | NoSuchProviderException | NoSuchAlgorithmException | KeyStoreException | IOException | InvalidAlgorithmParameterException e) {
                 throw new CryptoException(e.getMessage());
             }
         }
@@ -165,19 +149,7 @@ public boolean keyExists(String tag) throws CryptoException {
                 if (privateKeyEntry instanceof KeyStore.PrivateKeyEntry) {
                     return true;
                 }
-            } catch (CertificateException e) {
-                throw new CryptoException(e.getMessage());
-            } catch (IOException e) {
-                throw new CryptoException(e.getMessage());
-            } catch (KeyStoreException e) {
-                throw new CryptoException(e.getMessage());
-            } catch (NoSuchAlgorithmException e) {
-                throw new CryptoException(e.getMessage());
-            } catch (ProviderException e) {
-                throw new CryptoException(e.getMessage());
-            } catch (UnrecoverableEntryException e) {
-                throw new CryptoException(e.getMessage());
-            } catch (UnsupportedOperationException e) {
+            } catch (CertificateException | IOException | KeyStoreException | ProviderException | NoSuchAlgorithmException | UnrecoverableEntryException | UnsupportedOperationException e) {
                 throw new CryptoException(e.getMessage());
             }
             return false;
@@ -197,7 +169,7 @@ public void deleteKeyPair(String tag) throws CryptoException {
         }
     }
 
-    public void logKeyInfo(PrivateKey sk) {
+    public static void logKeyInfo(PrivateKey sk) {
         try {
             KeyInfo keyInfo;
             KeyFactory factory = KeyFactory.getInstance(sk.getAlgorithm(), "AndroidKeyStore");