Migrate to Curve25519.

1) Generate a Curve25519 identity key.

2) Use Curve25519 ephemerals and identities for v2 3DHE agreements.

3) Initiate v2 key exchange messages.

4) Accept v1 key exchange messages.

5) TOFU Curve25519 identities.

.gitignore

@@ -20,3 +20,5 @@ signing.properties
 gradle
 gradlew
 gradlew.bat
+library/lib/
+library/obj/

library/build.gradle

@@ -22,7 +22,8 @@ dependencies {
     compile 'com.google.protobuf:protobuf-java:2.4.1'
     compile 'com.madgag:sc-light-jdk15on:1.47.0.2'
     compile 'com.googlecode.libphonenumber:libphonenumber:5.3'
-    compile 'org.whispersystems:gson:2.1'
+    compile 'org.whispersystems:gson:2.2.4'
+    compile fileTree(dir: 'libs', include: 'armeabi.jar')
 }
 
 android {

library/jni/Android.mk

@@ -0,0 +1,17 @@
+LOCAL_PATH:= $(call my-dir)
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE    := libcurve25519-donna
+LOCAL_SRC_FILES := curve25519-donna.c
+
+include $(BUILD_STATIC_LIBRARY)
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE    := libcurve25519
+LOCAL_SRC_FILES := curve25519-donna-jni.c
+
+LOCAL_STATIC_LIBRARIES := libcurve25519-donna
+
+include $(BUILD_SHARED_LIBRARY)

library/jni/curve25519-donna-jni.c

@@ -0,0 +1,70 @@
+/**
+ * Copyright (C) 2013 Open Whisper Systems
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <string.h>
+#include <stdint.h>
+
+#include <jni.h>
+#include "curve25519-donna.h"
+
+JNIEXPORT jbyteArray JNICALL Java_org_whispersystems_textsecure_crypto_ecc_Curve25519_generatePrivateKey
+  (JNIEnv *env, jclass clazz, jbyteArray random)
+{
+  uint8_t* privateKey = (uint8_t*)(*env)->GetByteArrayElements(env, random, 0);
+
+  privateKey[0] &= 248;
+  privateKey[31] &= 127;
+  privateKey[31] |= 64;
+
+  (*env)->ReleaseByteArrayElements(env, random, privateKey, 0);
+
+  return random;
+}
+
+JNIEXPORT jbyteArray JNICALL Java_org_whispersystems_textsecure_crypto_ecc_Curve25519_generatePublicKey
+  (JNIEnv *env, jclass clazz, jbyteArray privateKey)
+{
+    static const uint8_t  basepoint[32] = {9};
+
+    jbyteArray publicKey       = (*env)->NewByteArray(env, 32);
+    uint8_t*   publicKeyBytes  = (uint8_t*)(*env)->GetByteArrayElements(env, publicKey, 0);
+    uint8_t*   privateKeyBytes = (uint8_t*)(*env)->GetByteArrayElements(env, privateKey, 0);
+
+    curve25519_donna(publicKeyBytes, privateKeyBytes, basepoint);
+
+    (*env)->ReleaseByteArrayElements(env, publicKey, publicKeyBytes, 0);
+    (*env)->ReleaseByteArrayElements(env, privateKey, privateKeyBytes, 0);
+
+    return publicKey;
+}
+
+JNIEXPORT jbyteArray JNICALL Java_org_whispersystems_textsecure_crypto_ecc_Curve25519_calculateAgreement
+  (JNIEnv *env, jclass clazz, jbyteArray privateKey, jbyteArray publicKey)
+{
+    jbyteArray sharedKey       = (*env)->NewByteArray(env, 32);
+    uint8_t*   sharedKeyBytes  = (uint8_t*)(*env)->GetByteArrayElements(env, sharedKey, 0);
+    uint8_t*   privateKeyBytes = (uint8_t*)(*env)->GetByteArrayElements(env, privateKey, 0);
+    uint8_t*   publicKeyBytes  = (uint8_t*)(*env)->GetByteArrayElements(env, publicKey, 0);
+
+    curve25519_donna(sharedKeyBytes, privateKeyBytes, publicKeyBytes);
+
+    (*env)->ReleaseByteArrayElements(env, sharedKey, sharedKeyBytes, 0);
+    (*env)->ReleaseByteArrayElements(env, publicKey, publicKeyBytes, 0);
+    (*env)->ReleaseByteArrayElements(env, privateKey, privateKeyBytes, 0);
+
+    return sharedKey;
+}