Merge remote-tracking branch 'origin/master'

app/build.gradle

@@ -146,6 +146,7 @@ dependencies {
     compile 'com.github.castorflex.smoothprogressbar:library:1.1.0'
     compile 'com.nispok:snackbar:2.11.0'
     compile 'com.koushikdutta.ion:ion:2.1.9'
+    compile 'com.github.instacart.truetime-android:library:3.0'
     compile 'com.github.daniele-athome:FloatingActionButton:b976d71658'
     compile 'de.hdodenhof:circleimageview:2.1.0'
     compile 'com.github.vlivanov:ListViewVariants:f606578467'

app/src/main/java/org/kontalk/crypto/PGP.java

@@ -154,7 +154,7 @@ public static final class PRNGFixException extends SecurityException {
     }
 
     /** Creates an ECDSA/ECDH key pair. */
-    public static PGPDecryptedKeyPairRing create()
+    public static PGPDecryptedKeyPairRing create(Date timestamp)
             throws NoSuchAlgorithmException, NoSuchProviderException, PGPException, InvalidAlgorithmParameterException {
 
         KeyPairGenerator gen;
@@ -163,17 +163,17 @@ public static PGPDecryptedKeyPairRing create()
         gen = KeyPairGenerator.getInstance("RSA", PROVIDER);
         gen.initialize(RSA_KEY_LENGTH);
 
-        authKp = new JcaPGPKeyPair(PGPPublicKey.RSA_GENERAL, gen.generateKeyPair(), new Date());
+        authKp = new JcaPGPKeyPair(PGPPublicKey.RSA_GENERAL, gen.generateKeyPair(), timestamp);
 
         gen = KeyPairGenerator.getInstance("ECDH", PROVIDER);
         gen.initialize(new ECGenParameterSpec(EC_CURVE));
 
-        encryptKp = new JcaPGPKeyPair(PGPPublicKey.ECDH, gen.generateKeyPair(), new Date());
+        encryptKp = new JcaPGPKeyPair(PGPPublicKey.ECDH, gen.generateKeyPair(), timestamp);
 
         gen = KeyPairGenerator.getInstance("ECDSA", PROVIDER);
         gen.initialize(new ECGenParameterSpec(EC_CURVE));
 
-        signKp = new JcaPGPKeyPair(PGPPublicKey.ECDSA, gen.generateKeyPair(), new Date());
+        signKp = new JcaPGPKeyPair(PGPPublicKey.ECDSA, gen.generateKeyPair(), timestamp);
 
         return new PGPDecryptedKeyPairRing(authKp, signKp, encryptKp);
     }

app/src/main/java/org/kontalk/crypto/PersonalKey.java

@@ -31,6 +31,7 @@
 import java.security.SignatureException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+import java.util.Date;
 import java.util.Iterator;
 
 import org.spongycastle.openpgp.PGPException;
@@ -388,9 +389,9 @@ public static PersonalKey load(PGPSecretKeyRing secRing, PGPPublicKeyRing pubRin
         throw new PGPException("invalid key data");
     }
 
-    public static PersonalKey create() throws IOException {
+    public static PersonalKey create(Date timestamp) throws IOException {
         try {
-            PGPDecryptedKeyPairRing kp = PGP.create();
+            PGPDecryptedKeyPairRing kp = PGP.create(timestamp);
             return new PersonalKey(kp, null);
         }
         catch (Exception e) {

app/src/main/java/org/kontalk/service/KeyPairGeneratorService.java

@@ -20,6 +20,9 @@
 
 import java.io.IOException;
 import java.lang.ref.WeakReference;
+import java.util.Date;
+
+import com.instacart.library.truetime.TrueTime;
 
 import android.app.Notification;
 import android.app.PendingIntent;
@@ -59,6 +62,9 @@ public class KeyPairGeneratorService extends Service {
     public static final String EXTRA_KEY = "org.kontalk.keypair.KEY";
     public static final String EXTRA_FOREGROUND = "org.kontalk.keypair.FOREGROUND";
 
+    private static final String NTP_DEFAULT_SERVER = "time.google.com";
+    private static final int NTP_MAX_RETRIES = 3;
+
     private GeneratorThread mThread;
     private volatile PersonalKey mKey;
 
@@ -137,8 +143,8 @@ private void keypairGenerated(PersonalKey key) {
     private static final class GeneratorThread extends Thread {
         private WeakReference<KeyPairGeneratorService> s;
 
-        public GeneratorThread(KeyPairGeneratorService service) {
-            s = new WeakReference<KeyPairGeneratorService>(service);
+        GeneratorThread(KeyPairGeneratorService service) {
+            s = new WeakReference<>(service);
         }
 
         @Override
@@ -148,8 +154,11 @@ public void run() {
 
             KeyPairGeneratorService service = s.get();
             if (service != null) {
+                // we need the real time from the Internet
+                Date timestamp = getRealtime(service);
+
                 try {
-                    PersonalKey key = PersonalKey.create();
+                    PersonalKey key = PersonalKey.create(timestamp);
                     Log.v("KeyPair", "key pair generated: " + key);
                     service.keypairGenerated(key);
                 }
@@ -161,10 +170,39 @@ public void run() {
                 service.stopForeground();
             }
         }
+
+        private Date getRealtime(Context context) {
+            try {
+                return TrueTime.now();
+            }
+            catch (IllegalStateException e) {
+                int retryCount = 0;
+                while (retryCount < NTP_MAX_RETRIES) {
+                    try {
+                        TrueTime.build()
+                            .withSharedPreferences(context)
+                            .withNtpHost(NTP_DEFAULT_SERVER)
+                            .initialize();
+                        break;
+                    }
+                    catch (IOException ioe) {
+                        retryCount++;
+                    }
+                }
+
+                try {
+                    return TrueTime.now();
+                }
+                catch (IllegalStateException ise) {
+                    Log.w("KeyPair", "unable to retrieve real time from network, using system time");
+                    return new Date();
+                }
+            }
+        }
     }
 
     public interface PersonalKeyRunnable {
-        public void run(PersonalKey key);
+        void run(PersonalKey key);
     }
 
     public final static class KeyGeneratorReceiver extends BroadcastReceiver {