From b14d9d84ad37fb9df71df594285daf63d2f8053d Mon Sep 17 00:00:00 2001
From: Moxie Marlinspike <moxie@thoughtcrime.org>
Date: Thu, 15 Aug 2013 10:49:06 -0700
Subject: [PATCH] Fix for Android PRNG bug.

There is apparently an Android vulnerability with the PRNG it
provides through the JCE. This uses their suggested code to patch
the PRNG, and provides the option to regenerate identity keys.

http://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html
---
 AndroidManifest.xml                           |   6 +-
 res/drawable-hdpi/refresh.png                 | Bin 0 -> 3138 bytes
 res/drawable-mdpi/refresh.png                 | Bin 0 -> 3033 bytes
 res/drawable-xhdpi/refresh.png                | Bin 0 -> 3219 bytes
 res/menu/local_identity.xml                   |   7 +
 res/values/strings.xml                        |  19 +-
 .../securesms/ApplicationListener.java        |  37 ++
 .../securesms/ConversationListActivity.java   |   6 +-
 .../securesms/ViewIdentityActivity.java       |   4 +
 .../securesms/ViewLocalIdentityActivity.java  | 123 +++++++
 .../securesms/crypto/PRNGFixes.java           | 337 ++++++++++++++++++
 11 files changed, 533 insertions(+), 6 deletions(-)
 create mode 100644 res/drawable-hdpi/refresh.png
 create mode 100644 res/drawable-mdpi/refresh.png
 create mode 100644 res/drawable-xhdpi/refresh.png
 create mode 100644 res/menu/local_identity.xml
 create mode 100644 src/org/thoughtcrime/securesms/ApplicationListener.java
 create mode 100644 src/org/thoughtcrime/securesms/ViewLocalIdentityActivity.java
 create mode 100644 src/org/thoughtcrime/securesms/crypto/PRNGFixes.java

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 024c919258..21e50c9ff4 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -38,7 +38,8 @@
                 android:protectionLevel="signature" />
     <uses-permission android:name="org.thoughtcrime.securesms.permission.C2D_MESSAGE" />
         
-    <application android:icon="@drawable/icon"
+    <application android:name="org.thoughtcrime.securesms.ApplicationListener"
+                 android:icon="@drawable/icon"
                  android:label="@string/app_name"
                  android:theme="@style/TextSecure.LightTheme">
 
@@ -124,6 +125,9 @@
               android:label="@string/AndroidManifest__public_identity_key"
               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
 
+    <activity android:name=".ViewLocalIdentityActivity"
+              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+
     <activity android:name=".PassphraseChangeActivity"
               android:label="@string/AndroidManifest__change_passphrase"
               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
diff --git a/res/drawable-hdpi/refresh.png b/res/drawable-hdpi/refresh.png
new file mode 100644
index 0000000000000000000000000000000000000000..bb9d855f77692343e173f814ca1e546393b707d8
GIT binary patch
literal 3138
zcmb7`_dnH-`^H})duL>v-bBX9o>>Ry*qd|Y7?piU9Hgx1AiIoYJ0jT}B1gyS7}<`H
zd5o-tH@+EB#`$>v3E%tixbEjK*ZsqN{d6T-Ss1b~@-qSez+!BqXLCup|3puHxt-@3
znl8cMZ)E=%0GK%c6V>=a<QV`kT6)7^R#sl<AoOD|w7-xs3?}3si1ze;<N*L7b67YE
z0pH}&I$k`4nkHc0n4)dC>4j{d$r!G5F|aTLyGep@@hrD>Cx^a1jX-}<0(D9X<|Vha
z6mt^e4BeXWyOfxcgrvdK<?s@pskY-EBNt86kd2xHY~v^$k)AorNYPpu!(0iy!SOw&
zucvo;O-3h*QPdw`r*Cu@eta%M1)M}`YTmv{r0W2vLME8#0it<6QBE+P!nOs?b)v$&
zpdtpP-!Y}fZ~;1DDbO-N$AAih%@KnGMKpl(kell&U?mMWi$DJ{0bsBvx#3iR;~Qaa
zs-kp2=$c1@9^j<`)QsLu(g%=o0GFp}j~Xx|4agbWc^U!r%>a?a&eQ<VGXrwg39*s@
zO*r7(FCr2GyvPN(4EF6bf8EBhZ-6h8%5Bgjh^pyFInql9(An9^+>js{^WNrCak=7>
zrz6u9n#-pUrNs9AU>E?3(z!3cJva{`vEoQ1l@vVd1L>{Lw3M5!uB#X8qt*U80I(bs
zId&l>+sKd6pvCxJyt}na<8_~@=*e-iX9Jr~6Hv4{XLsQLUpD&1X@uF?^|iGblOCv}
z%b;Dv1*+=-(eC`wpGeKK<D>5#E22>f_o57GPQG^yADWd4j=pAi;X3~#)$pvDiE;*-
zxY=XuN<f0SR;@V$QuOj(9w?OFOoYCc{BmoY;=ZyZbxI9cQU>ZDLa4&ir7P~aQU5j-
zXGaDRSB?Q-zZKp2O@f{p;}x?!8cf;KJ~u471z<dlUk3odeLYbb#9*U#A3Xr*6-9yT
zbp;MPuS*eW1v{_KcQTzhtGs}U_H;qnp^WYr!9ZupnrNs*+(<nL>@53D2c$%__KM5!
zXO-!){lu!}&-T}azOYlGEsB9gx1au+i|||mm1`1GB!!+gH}*uh(};#MSyX5sfy?@)
zX}YqJyiF29$kqt7uN8PjE#AqXC0(N*P>4Q@YcrI86V+g?^^Lg+MyOEbe_`;B>8pE?
zd|oO~QU2G!kNjFMRf;#hR(r9{r9xnRa>Sq4=@fe&$;tF~LqFV+V#shC`f#&`xw@CX
z{%#F*YvPgH=!ak$&M18%g9=SBRLJFqt`X7<X)$9|AtWfO#4*R9%0T_Xx=Z|KMuq7|
zu@;U$J=a|o<l~V>QX*5Fsn=xL!xLaVs-m2UFa>c!+7;su?-Api;|Ak?HX@r+mHA3W
z{300xbM8J3bZT#;gl_l8u3^`@*A&+T)`a&R8L_T90q;-XD-t$?4^8;i+1HiUX+3fj
zbZtxWY!)ht5gf{?4$#_SyiJ{Te8n}TCwXckF+9emrM2%eC-}X1y^g)>eg?I0EM(rW
z$o^_KKD250Gy5m?VK6gG9Cu7#0!o4}|2o}u6kqW5x*W4IzKLYMK7^dA{C3VpE?X|z
z7750KpK+%TGG>}&ie(CbWf7HCWmSt+OtuHMLx|MM`|t>yfvqBZwUXgmR<&&v)@mCr
z07q47RK!=ID$oe+_mTGJiM00JX5E&s_tr%p9;~+Y3Ng9yHHJtD`><5UJ&9885&JMQ
z`|K&WHRl}Enygh-S*!+AG*Pr`v^jX=sZF<<6L3-xWWlf@QJ#GenY75YC%GaiP^M%?
zkoR!%smjXELRK49TUQ%yx2xcG%CTkb`mOe-QLMUsCgM)whNx81RqO_Q7QRr<Sk7av
zrGA8ysq!fmC~nmY{_I!2n^V|vA5&<CE?*37-}oySA$yKE_x)RbWXO!9ZDbauB{P$*
zYkpA<Kx=|z`^dknVfVUqV5KgZF4@a3(g|alC6flP4A@?J_d2bLuKM=+_LhjziV2IE
zns1r!=GmAN$|TD)%rwmUMutb;jZEb#=WEGND{SO%<WJ`>H9I?mI7s0u@Si-48`d1k
z?04~Pez6W}_N7Q$hkK0%wb<HQQ?0eF<s9V%iwukE!YNdD{V)6gzOtFGetm|PjKlll
zBV16fyr||cxbEGI_Kb*@h*#%YbS&|+tkoa~P~_u}fn4f$)fe+f1-sf2Uk<Z2Wl_jc
z_R$%|Rs6Lf$sTVkJb%Iv#fu_5jyXt3PBe`klF5e1<O}pJ^tZ2>1RVw3TMipP!sa*T
zckNV=>vmOky?5j1-wrFil`OPZeEhY$ANJjPeN3C_ZKj;hQca{K%rXkqv>_tvCYx?o
zJ6+#g8eDbkvd0Vg4GDa^3R%@uT~t`Ke=w{{Z0>I!vg}3|K8Rg{Jr|+4Q^F`?Ksn|X
z6^c4BN;k^!%IQhiGvUuE+UjJF-wm@nx-W|ey4<>{(Y4X*owdSV{r{%b3LkIekkU!s
ztg%*+Kc~LZx%_ZR?v7*@kByJDi_=c=PeAgI$!9AEkIlm#FX{c&%hFrSN6A~N)k&Ku
zgCSKi4>jjhTa;R~du2TBhbNI(r12wDK{XjLPQ~w0$I{u(LHr7Kg=saMH%GSro_}aD
zsp~MdoTpNTQ%XHc$1K6(&YS<!Wd~RAyu7u4E%;UnV`vws3w2X=Ol2%#2Id65VX<!n
zHV=FKZ+e?@sOT5PQmJ*q3-QXdHZvBpg?#lwp1h|*z6x6E?ea0N)6)W=Rl?>Oc+?i^
zhv(Cw8jsk9i!Xl3&9XN#=>~in(`v5TOEco3Wj_%P64PM129$@L=jV~cLA9*v!rLP|
z!;ORFG}VH=x0D^uF3#oG_|iC2J82N|M|;gfwFb?AP%`5x_to2RcWG-hKPBP8zLS>K
zJ9gQ)$ab+XbDyaDorBSxO;kSHOty^cu@T$z(>wPpk+SwnO)h`qumTY7#3URSnKzsJ
z`HaMT$hts0dhm1Z{F{%J)jb6FQO|MD%^!=>g^sLQRoOqXS^ZdM=RUG5-Tk<8^jn`S
zn>`{yZjHgi2qm92Kec(350FMQv=Q$ShlsxjmEG}$CYR|Gzp-6`@V4Jd|4xz}+m6p6
z107^rDqHhO&q<F{<I~1tZCqm2=1JD6@4Z?J-+-My>T&9GIuTa<G~wGMXj}_nlR9;K
z+mN;IpN<RcUa&Na3XAQlg5DJof4$JP&0~h8;~OmMb5CD}*DTXb{PPrq0?9sv=I!Sh
z<iqn$9bFw;EQcXuQ(KE+XNKf|*b0<1?L$ot5Ch(Go6!>)sQuBG*i39hq|BdrXYxCI
z_=X#4=^-0>uZ2Bmd0d~8yrI#iL2}yv6tv$!UcYAd$u6%>{ekaR(3a*!#)M^GYe8!s
zj^N}&*bQrM3imwT6ev_BEgZIo{^FrbO%|$YEwmqmp^v{DA1(1LL<WkVlZIMngT;4i
z+br829O~@o&cYVrC$$|f=4bZipFbo97afev8y?ff#*AL1AEmOvuBPUu4#ly=Z5Q5w
zsHv@J2cB=9mBU8eN5u+xFWy}Y;dpsuBTpu`r%7WuW5wC~*%_aGpOv0(5x4p3$h}>?
zH#!DF6y@(9-aXyv44w}L?UgLCS*|@3dM-in`t#uk{<ZuxgD)e4LPMQ%aOS2cO}^}#
zLT*Mj<^T|O3ji=N0Pu%$$xQ%wa#>8boB=>R2LO1{uOECdxb!MonIZHk|NmKM|7m!6
z&Jko|0S8$4#T0eS9XuanUgecF5{K(L21)^dio;k>7jd0$r<3d#BgduRxx>^;l)q1*
zG(9mj;-0k7-Eu=6?xFA0IXW5t)$gy)^;N41h^+~JwixPA!sz~rFkB6qQQ~3*m8Dz#
zv1y)1t~>M7XIf?*ItzZ=xIF^dd=p~zc8seWzVaTY2QRQlEUzd8Ral6l%^@LA%#@6$
zYl%1ka9R+yJfKD9ioU8IQ7J8ubiYo_c>+UaT^F4z%|8=WA>dVjOIB)ep)#8$Fb=oK
zOoTl76Vh*Q8RZGLT#?*d1Djh}u6_K;1s-{a>+i0baPm%qXK&PR33Eei>!?_tVBHED
z0xEPx4s#}~mgCj8Sz<WvcI?b<f=ccTm?v{fkOdEuonriqbtz#GfZc|7x$|gF>@qpP
MSl>bq2X&7AABcbM^#A|>

literal 0
HcmV?d00001

diff --git a/res/drawable-mdpi/refresh.png b/res/drawable-mdpi/refresh.png
new file mode 100644
index 0000000000000000000000000000000000000000..bd611e8e24d2e211a94d1658a49c823c4201716f
GIT binary patch
literal 3033
zcmb7G<yRE`)BPYwEZrpv(kq?PuuFF=?gA>!f{3IdAh>i2BGN8`NSA^xE+yS8CAox@
z2z-G@LQv|5f5J28+_^7i=A1kC%!`RPH`Swsa6te7v<CXxmY2-?50s>rS^IrL_a#yJ
z=-c=MK+W_IBxCborvO0AJm7G1b9e6mZ+~}hA6^4EoY%+C+s)&lD*#Vtu~uk=)dri|
z(ZT`DC=T=5$lH>YlGhTJh+#<;g7Q%@7{>7x%&=OtG3w}$arfrOktQc&l2|RoXc8dP
z6svsik|PV_68cY;LJB=6n~r`AoqwKEU$5N9)(um%QqpAT%UZ}|Xv$#M8NWyNbapST
zN@#{d1bhGkWt|J3{~13CI1W=)y>+vdq6LsV9jB%QttPpxQrBWH=r>{6cS$f&B&`9d
zw~Z(<EI>0j8CDE5bxAPTEFmk9PX-(YoSjyHxj1kTe*R+|V6ey8Atb==H6JTUek$N)
zc8${p?kb>i_)dZjKuG}>H=|A^Ff9(G43KX6;6puVB`{Fe0!kVnWf2!G3dll$LoYx7
zQxKI6SakQ0s=sbkGps`|oyx9N#S19ugxgVy`%)m064ylt2JE+36dbQO=4eW^2W4~0
zgv-%?-yZ}ZKb7@z+x@er1iEShK_MAOXD`0_mHgtSlhexi+Hi%BCICwTVWa0_l671d
z6>^N%`8&ZKGWYw``Hznh-D>GIKZE>@S>(RYKW}sjUgBqF)>c=i4Lf0Wj{V5cb9B3X
zEAs5&pD@+aqr>kl%L3st_rmqaj=#4L9vBy08-7I<<uvyrMenqp`r?#l{AQ<t6CMR+
zS+QX9P1epy+LtN184r6U+9f!4;j+9ac0#JYC=Wh7P$vmV6)(N#O#0hMm;n{gx_kt{
zUZZ#0HxWuwjC<tLaNxzR#+hEeAi%g8yz&L$zP5k_qQ6d~hw}0S^TVMZw73u2IK*1X
zueDvBYok7OP>6yFbhg77U=SC~H9rT@$_SW9%+LoOsDtD;O&+;c3-_2bA3BM4>o0U_
zKJ<SbDf8Myn!>5bw0bF-9r<SCNSqQ-{K=H;+0n;*ZTe(Pi2}TRaV!=$jZ)?Hr7aT>
zyw>_Wduo1Hlw$AdHl(Wb0-1=@m?k~x*WtAmYTsx+!||nxTv593s7G7^q;pc(@^eT0
zK5?lfDHN=aRJha6rl`Yvq*{M+P{?*Zl#=M~fPK6zMwR9~@bP9PO+`1?hdY&|jq!)h
z!yg05n8I~hsT9ZpVZ4slwe(TODAQ^EQr>F<a*VT7id3Xg7VW|}(@Kp#2{kbO>Ev*d
zk&Z>_i}6n~r7%k}gv7x+6$O~$;WEPbmsbovzDJBPjp>d(vgF?oE6bJB=i*Q6n|1N5
zrBHe;#(S$bdKJ6cu`0XDy~?*|2f;dN`o2H5S{AYFe_+VD#;_*0M(&y=qh(!~V>w@1
zfMAqQv4vF?;4Et_VoRCj9_J_xMY0(f6;-`UALnvscR%u|`5Dl_IG=vqG;;(wHn5@h
zGxI0uK_Crn3~OXh99o1kmxF=>%^Ap1lVx1YIiASbgOE~`-pX3frqA}aMnQ4VXRN9H
zkaWXzp>%GjB%-XmxO}0U+Iru50FhF5-zv0P*IL$UrHtxZMul}b)_lu~+X`K#QW{&1
zF7-xeybrTEizm0~FzzsezqiQ$Xus0b%}edfS@%?o&y%(y=5e@ur_jftnP*R+jag?r
zjfraIWd%xbSwmT5o#p;(Hw}uFEZ^fd0j5;zA|;voVF?Q?yQ0gY+{JRncxl(Wp5+;t
z8K?^V3X2N8t!9Pl?GkKpvrePUNjRNWkD>5gVLfyT;VO3BYQ}251X99gqNaRUEm7`S
z#9h#+9r*Q8$xc>Y%Y96qv3JQrQ1klVYoU^7h%>LhC5L)6DDpZQ0dgV@fkU-R-q%}|
zN3w_b%L0C{Lla))nC_Ul6qSk}RV|#*eW6RA<k5Y1MPS9N+pD`!h+K$I$jD^VWGBbc
z1Yay#tYWNU+%q&d^loS}TRvA!dP-(JcRhD1cd_2V_NlEHt`zsh)u49Ow%BF|*Yqgb
zR>`IaWo>(}PPYnMB{<nw)mXw<f;UYwt;m~1cYOGT>%*1RbADKxCMQ<oyl|n8XeV}b
zeOGnIPFizXXhZ0WGc^j@*crMC9$TI;|4)7_%6F6(atLpBG(x)$GBza9s9}cTY1tJV
z^MGil2i7WgTo28T#`{O^$0f!aMGQz}s!QZ@chC1WuNnp%`rca#9y`S5*5$TumlA7s
z6m~pzV&~ot%DolMvyt^5>F9-jw^$q1pnjV!<+)fHW(GG4M}J=Dmvoj)MOICHs4ogE
zKXTk<SO2Z<_jW~nMOAS@X2HgOP_ebXw|>B^!#mGDdJ+Dd|H9=W_+k{4U<66fr19Ze
z;dWO}j)R}^eNEO-Cc6Hvo!Qn(%ExQ5YNbR}MXa?|@wxZ@_p*xbXg!ONO7NhIHV^wb
zIYQz1!!fZVj7B&*HX0eDk?a$P;u@9Cln)%8gZnRP|JBaWUdTmDn<>?Z8_Gk~%OxJD
z&MG#@HE488xY-O&ps*-|hep?wB%sv_j~=!xo^J2QE@PLeS3=mcBzy1q1Qih4528!h
z$|RV?lruDq<4kYA{y!}SXenEg;2v|JU@|1Aou?grQ*u;cG;SJx7kb@vPakR${OZ5d
zCix(NF4-cnHGGtC*~=zlTI2a#<vg~WC%j%VYRb*hk*`u;`ohZjOww@ZP4o}9Cj*tP
z(Y5DYj}q%8ucuS=dDgwGylNv3!NH1uB5XybpcJ)eSESq5q4<8KjEcNlL)(LO{lu4w
zZ+72aY%{epExp1O#TX&Qc~C!^D<3G;s`>^IAuFs`Z^hgpuT=e#fP;EXm{n{eGpoaz
zg@R2y!|%8CN3?w=@!X=ehO9-0Zp}??-!nr=+AMx{{2PPiR%eY*sAeIuXR<z@7MXjx
z#vSY3|22E=^{29mPQ1&o+nC$Nj|K5OJGzYW%paL_k7#FRKhZAU`LuobTZbr_IV3`C
zjKsn5g<n;_G`W`a5r$MW5bqHOh`$Jhow51Pj#I~vMt8VFntsduH$k*(IyzJDYav>b
zSes0^O}L&IoYWm@RL7TZ9A}((-K#S7^4;zs9V0!X;HSe);lEArjHw|kQzmb1>CyGv
zXgSC328z=v&|1HE)4j~^qaC!maYVIvbe&dt_DNDm<r2mCjVC;49?1u=oV^^~T&tWD
zJ14savqAOI$<2k}Q$6Ah`Zsc_HbI8_h(3?mjfn9y^xkk1HXR!pCh=#^f%py=vhGY+
zd_eEL+rSX8G^TTrxUSNqLb$v4C19_XxW<h9g3PH=w)ff$*i=1F8#n7|eAAdyjlb)O
z-wAI19O8Dg!JVf_m_KL^`o(rJIgzKNHs8D-?0wXAbhyYiALb`~Mi^+E2^8L`YBFoG
zKhWIPnt{*9PH5Pj&rR>nJ%7*|n7=<dr*}ji9XWiSdYD2FznYSrG7v)>vz2#ST}f$K
z!|!b4v;;ovGAxwGe*W%!pqiacGVFL_Yl<+MHCm9lmznm}>sis+X6qJb4Y9ku`+7^?
zQ(5Wz2X{`k+XCkTd3FmI>CIN3@je&1aR2l1&}yXQB#kpI?ShOnYyZ?)R-E|n`E=H|
zGyx!35CBXh0Dmqnc>{pQQUGi^0HB-&0K4}q`!3zfURiTvgwDnPKh_w2>RpaA23VR}
z0a`90SxpmLH-F5FoZ`CH!J3x7qRV2bfwmTcgL9%y>s1sli+0<U7Dz%z<AsNv!)PgE
zWr)n7|3jO>Ehf6=Kh5T6f;S++@y}RCB2~V;5$!f!d0bDbR4M}<A0pS5FEG#6t=6<;
zh71*tLQ0gqu~Q-)?>IHBUdms!q34uK*RsO6vGsBVZ8bG8-+7^s!}Lu+#FW1fs%1i^
zFwc=*2H~83yzcIow6W@UTg`|0@QO#tt;Q+hM?=DL*TL>Hu!N*WlFD(9TxtdeI;Psy
IFo%f$0VKS%G5`Po

literal 0
HcmV?d00001

diff --git a/res/drawable-xhdpi/refresh.png b/res/drawable-xhdpi/refresh.png
new file mode 100644
index 0000000000000000000000000000000000000000..a7fdc0dfcb1dc50bd0ebd2527d174398b8470797
GIT binary patch
literal 3219
zcmb7`_dnZ<7sfv+wRer0mr^6OXKfODk07X8B~)#<iqfcEN>O4oYSf-JqIT>ZMa>ws
z*Tt>TQ0wdd3E%U2J?H()IX|4|`Q^l!7->^euu%X2K&`8zVRlQk|3pS~+tH2T|J;Jy
zN5|S904N#$6KG;F>=FPdjNPG76B9S@0B?UcZy#=5D3sgB&)e1gg$n?@nn#->VCFl_
z%7mp8h<+^cqrSHp6B)M|Bp%6_%n#-vr_+n&$(v&`?WEV#BxWDTjU`G<L?$qq3RAtK
zm?d53$xn<Zh<!J7u@X|?G2Keo9KCLsQQ4|EM%RszV#%n|b)-yXkW{4*F8ZGl{XKmv
z>!NDm6ns7a9a-Ho9{(#|5O5Zzr1a<kmb4uJy_%#X1F(kKSaFV+8`@n+<`WPy5`+y%
zeymT1WCYZL6Cp)_nidF&&fqr(a)|+lVP~f`z(fRa5O}jW2_VsDnIRy+_9G7yC^s44
zzULCF0k|mw6=Rm~Gy%9c!04*qBM;1q0OGn<t~x+XBY?%xQPu)vRDif?Y?Kf{90E8D
z@bbO_A~OL-ts^U?UyrKjw!pVeW!5S+@yTn3+mea+l3H1batY#eSspRUI^J>2QWNb8
z%4C%cm!|!BJOTi@$xOG`9$&q}(Ny7ZvWXZPdy(A^lA8xkPHWd2W92@#!L0;@jb96k
z)v+NJNsyk``410>-JVkB{!NH?t)*3K0CIQct&V;E^F}l8L(|;c#`^lKUJu09amXt4
z8qsBswYqw79;S3jIQ`ka$`>wa7p_fw_Ool`#GsI4EQLJMX<;)-`?8Vp=8|*rL65Fe
z6CBLAX3F53sF9U$ELr#<4w53&`*7ms+3K?J1(C|K3{dl21r(AjQex*!^jlwm4jzDA
zB>=!ti+AS_K{6twTg1v(;LV}xm3Hn!0O_im;tK#zHTXnfLv^bCWB{O%8xF2fXFut@
zFN`JO=)AkoNqOlY8wug->4MNfD4roX{2YWT-a-VUM{7924q`vlIHj?sZqcbeG@@M=
z-)NM5X#Y5p<#Y<RhLaPk50Kq+<e85JIlY7PCX%saMxF6=>JT%;^KlQxGMYZnPnOY<
zFnb5%w$R}`QuezeAM-@3IazT4kbHX?-Ks6|F}&7P`3F@4w5ddnEmA9=^82#@iL4~%
z-0bgu^=!%svUywI%iU<_lT@Jn;@Iu`q*6UE#6|nMAzvR0lczcle|=CvRo=%|V_8Ae
z5_jr6_BD{0AzTwnE=wE;;dbOw*MS?rjb?R9xH<Tw>F3Gi$cZ9Ny96Gjmgv{>H`AZ@
z+;@_ch=J<}^G-7)-4mk=iG}va@iD|fB?X#3+|m8|1vbGjp*7)U#=9e2nk}uv#+y1g
z|IDM7RQ{td_oIQRb@Y1oy3{)RI?s_U1=>l?_sg02s-W4>b3N7#x((?K5|<1~b&G;5
zv&E7;7`;rA4Wu#;V^(b%Q*uxG?=1Pz2xeXV!pi)#Nj5hYH-dZhc0e=zVj7nb>bup%
z@Q(I2YMbaJkcv8*DWX3XA;_A2pY%S0HSm6QhCvbQWISs>Ok7T4FJmi{Hq+Yz4#t3A
zGbImEr0J#cr?G>@V5Mb6WlLq07RMIDu%yzb=Al(u7E<PGrQ|=-%Pq>#CVS@W=7>_o
zl9)0?i8oC3OPKXl9Eo+eLANpVi)rpx`?c0SZc1m?x>v$H9@OR0e}~KT@P8ehd;JpJ
zl5xe^60clVnkNsH(vz~PGduq1s!F<+;d}Nez=(WHuo!h5_HK#sP-s<%y-3=iNy6oc
zM_D>59bT?eZd$Ir*Ct!FUyLql(`>Q62&Yl+*AsXmpp8hv-9>Mi&zUb4Qxr2BDl42;
ziI#a3vgfsE1a^28A7tdTKSkykco#1PwQc?32o<}6U3vZ~KGmjzlhjf1k>IIt_mz5O
ze7%)8#rpBTOrdt&YS2Q*G)L4*WOCEEQo)qgdo9`o_r51<d~2S4o_z)UB>X)5`i8rP
z2U%u@O+`XQiUx`X{i7qJ`J>aBGTF)!Gm=}`TiG+&%Z&~;uWW=dC75q6y0z;zMb-zH
zR<9@<dFw*Bg^gXERwcUf;dD!7OEG<MlToTsdCoMVyXF^W5L4R7TC*`rg0I4OVnQ7e
zPArJV-m30{)V9>n=Fs<7%B0jWb2R0gHk@Jp^?r;BmI_N*xK9VFp}i;RJ7Ng<7~R;c
z)EegAuuzXX+B|zw8^MBT@{c%<jgQlRJ1mM)5zS`rTO4Rx*9$oHwOa|EI7MgIWq0kD
z;HwX058Mx87Cw(ie-_HImh%7JJplb_x-qUw`8iG8W4R*C7-}4jXxQQva~4ass+_55
zEDS6oI3BX7{8sV%yr#0IB)25FWNkkphix2a95(Lu&asbLhQ8swd3F<gGY%9ZAA%4>
zapCIWws$Vhf?xA=B&sUlU4GZj?W-r`HmNhIC%vtFyU|(6<2LZmhe{s8Rt7E^=S~x4
z61F}4oz!vDF}^#DN+2pG$|_nl(I*zpHZFmZ2^?R5`Y&tz(MZ==%0@^S%U6r&$$(YL
zM4v0o%QZ_ktM-YyT8~V@(Qw@t`W*72;3`?K7wyZJ`^Pb>=vB(K5S9$F0Xv_dJY3gF
zR55d@D1)#<x|%_((c_Q*s?&i>m=hiz-3xq}ND<V<*@bu@HZD6JI}3dR<}y0c0UHLV
z{FB@&6U5gmRVcjC6e&>pq1AxeU@==EhdJvdx2L4CLYqWHO7aI^NEwe|Dh9EO*mQk4
zT;UQ`d)@05-zdhFMmp$G_o3phwFm_UQnU@T5u5>&)*@W2TsubNhUC-Ba~_TEkJJs}
zKgfML{Cu;|(8aKlf+>vFw-VumZ?;uDm#<aw4Z>5bG2ML>ZAnt0^z9u6>^WszzHf!9
z3TxvJHuMO8+Bx*LvjOC>M`=N^5f!?(FtcxG3>ULrZgBh)jb>M2ihEbZh-X1Dy_pqU
zc(uVE<2}@ox$v>Rw7jS3*_i8u>(1tqNRBN{dKqdHMdL+1H(yV^Y+1j5`dbq(h8h*b
zw?tr|O$8lF-&$RY2XUi{s<1Dx6WAY^?7_rhgX7GZ*Z2W@Nb7Iuf2Q!Zt%NI;!FId_
z$ii^Sb;{*J_o9xVS`}BebC!PLX;*3F>AT-gG(mJl%1eWpY5Fn6IiU<QOPYSPr%luU
zSNk>kFi?bAmfGU|r@mEQAB~{(9Rm3>fs0yU{$)Z)#R}=<UoSZkoMO)*Sw~q~+2&an
zwobOq#v>}@)4NN-m)iKhXg^6SSqJGI!v@{wciv8>B96uq&}rz<Fwye`2YfyzWXl=1
z{G8VNu$eAkWkT~NeoL`c5%=WiTfk8*e&e3iH><2_1$)okfL*2Q)Jfz1mQO8NRZUMk
znht{78bVwNJM1}fxW$vUpkK^4(^EO}%8PBs!QO;k!s#;eVwj)66>hj?E>Pg0vemfN
z{zPqGeGa-9Go@;Ky)b*Y@a8!-F!y+TL7PAl6)|?5e40cHy_=MoG#pJGy_fS?MP7bY
z)$eNOvKTt{Y>YpL<vRa*xQc~YEbMG*Zw5D>F`kDyLZx<izAn7l#qP0I<NLb$xY`F_
zNl83CvAo#t3|t80JS<qIHC}(s{YLP{?fmPh`S;?BRMyng8)Bl2<4b2L5&Z4H$?dFT
zW(WYm4*>uf0RZPWx7-1Mzr_Jy*8u<&G5~<ZJH@_N>vmSk!~mvw^Z(Zd-M04aI(>kd
zkvTxk#xJF2XyfXSe4kZRhaIVIA1nj_kdv;4It<>uZ#9@6$xU}ph`#>g<;@HZG~=EQ
zdD<bLAV0y!+(6vC_q4SndYAn?zLNJu<4g5x7#Wq9I#wY`-39bX+H%jgTe8gS4i=)I
zvchTxvPtd%|Fm5<*)-nToTJf@=9*(9=XfoP@;l<mrF`9pKv$J-CLk$#moanO&#l#>
zc0>Gar)F|$Qix5mKC^6h=Zp|2@9-ec+e?JhCOUaQyT9t$)zfP;K)@K$wh~}4b{_hL
z*n%5Si|}Au`L-FFyZzWX7-is~bCKfc`ZE79s`@W!A}^+Y-|uscxSzEIk?-RwL9mhd
zL>F!k`K-*$ppN*W4CVRSN>0?Dt45!ls&mGrGqCGe6dV7!>zbl&dDu~0LGcj9C%JG*
zjwG<%&UZ2VG19!a?9FF`G7tKHwY(~?SGEHE<%TYUODipR3H7w`nAZNz#PziT<geeB
nMf2rF8!xF2>k0Pbsy(z@yh0KA0s`i@Q2@G{MjBNRhqwO&HJc!<

literal 0
HcmV?d00001

diff --git a/res/menu/local_identity.xml b/res/menu/local_identity.xml
new file mode 100644
index 0000000000..6f97941610
--- /dev/null
+++ b/res/menu/local_identity.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<menu xmlns:android="http://schemas.android.com/apk/res/android">
+    <item android:title="@string/local_identity__regenerate_key"
+          android:id="@+id/menu_regenerate_key"
+          android:icon="@drawable/refresh"/>
+</menu>
\ No newline at end of file
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 9d0d384358..870b9c9558 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -257,6 +257,22 @@
     <string name="MessageNotifier_mark_all_as_read">Mark all as read</string>
     <string name="MessageNotifier_mark_as_read">Mark as read</string>
 
+    <!-- ViewLocalIdentityActivity -->
+    <string name="ViewLocalIdentityActivity_regenerating">Regenerating...</string>
+    <string name="ViewLocalIdentityActivity_regenerating_identity_key">Regenerating identity
+        key...
+    </string>
+    <string name="ViewLocalIdentityActivity_regenerated">Regenerated!</string>
+    <string name="ViewLocalIdentityActivity_reset_identity_key">Reset Identity Key?</string>
+    <string name="ViewLocalIdentityActivity_by_regenerating_your_identity_key_your_existing_contacts_will_receive_warnings">
+        Caution! By regenerating your identity key, your current identity key will be permanently lost,
+        and your existing contacts will receive warnings when establishing new secure sessions with you.
+        Are you sure you would like to continue?
+    </string>
+    <string name="ViewLocalIdentityActivity_cancel">Cancel</string>
+    <string name="ViewLocalIdentityActivity_continue">Continue</string>
+
+
     <!-- SmsReceiver -->
     <string name="SmsReceiver_currently_unable_to_send_your_sms_message">Currently unable to send your SMS message. It will be sent once service becomes available.</string>
     
@@ -332,6 +348,7 @@
     <string name="import_fragment__import_a_plaintext_backup_file">
         Import a plaintext backup file. Compatible with \'SMSBackup And Restore.\'</string>
 
+    <string name="local_identity__regenerate_key">Regenerate Key</string>
 
     <!-- prompt_passphrase_activity -->
     <string name="prompt_passphrase_activity__textsecure_passphrase">TEXTSECURE PASSPHRASE</string>
@@ -455,6 +472,7 @@
     <string name="preferences__appearance">Appearance</string>
     <string name="preferences__theme">Theme</string>
     <string name="preferences__default">Default</string>
+    <string name="preferences__language">Language</string>
                                     
     <!-- **************************************** -->
     <!-- menus -->
@@ -521,7 +539,6 @@
 
     <!-- verify_keys -->
     <string name="verify_keys__menu_verified">Verified</string>
-    <string name="preferences__language">Language</string>
     <!-- EOF -->
 
 </resources>
diff --git a/src/org/thoughtcrime/securesms/ApplicationListener.java b/src/org/thoughtcrime/securesms/ApplicationListener.java
new file mode 100644
index 0000000000..9ce69f3020
--- /dev/null
+++ b/src/org/thoughtcrime/securesms/ApplicationListener.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2013 Open Whisper Systems
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.thoughtcrime.securesms;
+
+import android.app.Application;
+
+import org.thoughtcrime.securesms.crypto.PRNGFixes;
+
+/**
+ * Will be called once when the TextSecure process is created.
+ *
+ * We're using this as an insertion point to patch up the Android PRNG disaster.
+ *
+ * @author Moxie Marlinspike
+ */
+public class ApplicationListener extends Application {
+
+  @Override
+  public void onCreate() {
+    PRNGFixes.apply();
+  }
+
+}
diff --git a/src/org/thoughtcrime/securesms/ConversationListActivity.java b/src/org/thoughtcrime/securesms/ConversationListActivity.java
index 7f17cbe2a2..45166143f3 100644
--- a/src/org/thoughtcrime/securesms/ConversationListActivity.java
+++ b/src/org/thoughtcrime/securesms/ConversationListActivity.java
@@ -106,10 +106,8 @@ public class ConversationListActivity extends PassphraseRequiredSherlockFragment
       intent = new Intent(this, ImportExportActivity.class);
       intent.putExtra("master_secret", masterSecret);
     } else if (selected.equals("my_identity_key")) {
-      intent = new Intent(this, ViewIdentityActivity.class);
-      intent.putExtra("identity_key", IdentityKeyUtil.getIdentityKey(this));
-      intent.putExtra("title", getString(R.string.ApplicationPreferencesActivity_my) + " " +
-                               getString(R.string.ViewIdentityActivity_identity_fingerprint));
+      intent = new Intent(this, ViewLocalIdentityActivity.class);
+      intent.putExtra("master_secret", masterSecret);
     } else if (selected.equals("contact_identity_keys")) {
       intent = new Intent(this, ReviewIdentitiesActivity.class);
       intent.putExtra("master_secret", masterSecret);
diff --git a/src/org/thoughtcrime/securesms/ViewIdentityActivity.java b/src/org/thoughtcrime/securesms/ViewIdentityActivity.java
index ba650d35ca..b145b1bd7e 100644
--- a/src/org/thoughtcrime/securesms/ViewIdentityActivity.java
+++ b/src/org/thoughtcrime/securesms/ViewIdentityActivity.java
@@ -37,6 +37,10 @@ public class ViewIdentityActivity extends KeyScanningActivity {
     getSupportActionBar().setDisplayHomeAsUpEnabled(true);
     setContentView(R.layout.view_identity_activity);
 
+    initialize();
+  }
+
+  protected void initialize() {
     initializeResources();
     initializeFingerprint();
   }
diff --git a/src/org/thoughtcrime/securesms/ViewLocalIdentityActivity.java b/src/org/thoughtcrime/securesms/ViewLocalIdentityActivity.java
new file mode 100644
index 0000000000..cc87d43162
--- /dev/null
+++ b/src/org/thoughtcrime/securesms/ViewLocalIdentityActivity.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright (C) 2011 Whisper Systems
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.thoughtcrime.securesms;
+
+import android.app.AlertDialog;
+import android.app.ProgressDialog;
+import android.content.DialogInterface;
+import android.os.AsyncTask;
+import android.os.Bundle;
+import android.widget.Toast;
+
+import com.actionbarsherlock.view.Menu;
+import com.actionbarsherlock.view.MenuInflater;
+import com.actionbarsherlock.view.MenuItem;
+import org.thoughtcrime.securesms.crypto.IdentityKeyUtil;
+import org.thoughtcrime.securesms.crypto.MasterSecret;
+
+/**
+ * Activity that displays the local identity key and offers the option to regenerate it.
+ *
+ * @author Moxie Marlinspike
+ */
+public class ViewLocalIdentityActivity extends ViewIdentityActivity {
+
+  private MasterSecret masterSecret;
+
+  public void onCreate(Bundle bundle) {
+    this.masterSecret = getIntent().getParcelableExtra("master_secret");
+
+    getIntent().putExtra("identity_key", IdentityKeyUtil.getIdentityKey(this));
+    getIntent().putExtra("title", getString(R.string.ApplicationPreferencesActivity_my) + " " +
+        getString(R.string.ViewIdentityActivity_identity_fingerprint));
+    super.onCreate(bundle);
+  }
+
+  @Override
+  public boolean onPrepareOptionsMenu(Menu menu) {
+    super.onPrepareOptionsMenu(menu);
+
+    MenuInflater inflater = this.getSupportMenuInflater();
+    inflater.inflate(R.menu.local_identity, menu);
+
+    return true;
+  }
+
+  @Override
+  public boolean onOptionsItemSelected(MenuItem item) {
+    super.onOptionsItemSelected(item);
+
+    switch (item.getItemId()) {
+      case R.id.menu_regenerate_key: promptToRegenerateIdentityKey(); return true;
+      case android.R.id.home:        finish();                        return true;
+    }
+
+    return false;
+  }
+
+  private void promptToRegenerateIdentityKey() {
+    AlertDialog.Builder dialog = new AlertDialog.Builder(this);
+    dialog.setIcon(android.R.drawable.ic_dialog_alert);
+    dialog.setTitle(getString(R.string.ViewLocalIdentityActivity_reset_identity_key));
+    dialog.setMessage(getString(R.string.ViewLocalIdentityActivity_by_regenerating_your_identity_key_your_existing_contacts_will_receive_warnings));
+    dialog.setNegativeButton(getString(R.string.ViewLocalIdentityActivity_cancel), null);
+    dialog.setPositiveButton(getString(R.string.ViewLocalIdentityActivity_continue),
+                             new DialogInterface.OnClickListener() {
+      @Override
+      public void onClick(DialogInterface dialog, int which) {
+        regenerateIdentityKey();
+      }
+    });
+    dialog.show();
+  }
+
+  private void regenerateIdentityKey() {
+    new AsyncTask<Void, Void, Void>() {
+      private ProgressDialog progressDialog;
+
+      @Override
+      protected void onPreExecute() {
+        progressDialog = ProgressDialog.show(ViewLocalIdentityActivity.this,
+                                             getString(R.string.ViewLocalIdentityActivity_regenerating),
+                                             getString(R.string.ViewLocalIdentityActivity_regenerating_identity_key),
+                                             true, false);
+      }
+
+      @Override
+      public Void doInBackground(Void... params) {
+        IdentityKeyUtil.generateIdentityKeys(ViewLocalIdentityActivity.this, masterSecret);
+        return null;
+      }
+
+      @Override
+      protected void onPostExecute(Void result) {
+        if (progressDialog != null)
+          progressDialog.dismiss();
+
+        Toast.makeText(ViewLocalIdentityActivity.this,
+                       getString(R.string.ViewLocalIdentityActivity_regenerated),
+                       Toast.LENGTH_LONG).show();
+
+        getIntent().putExtra("identity_key",
+                             IdentityKeyUtil.getIdentityKey(ViewLocalIdentityActivity.this));
+        initialize();
+      }
+
+    }.execute();
+  }
+
+}
diff --git a/src/org/thoughtcrime/securesms/crypto/PRNGFixes.java b/src/org/thoughtcrime/securesms/crypto/PRNGFixes.java
new file mode 100644
index 0000000000..aad1338285
--- /dev/null
+++ b/src/org/thoughtcrime/securesms/crypto/PRNGFixes.java
@@ -0,0 +1,337 @@
+package org.thoughtcrime.securesms.crypto;
+
+import android.os.Build;
+import android.os.Process;
+
+import java.io.ByteArrayOutputStream;
+import java.io.DataInputStream;
+import java.io.DataOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.UnsupportedEncodingException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.SecureRandomSpi;
+import java.security.Security;
+
+/**
+ * This class is taken directly from the Android blog post announcing this bug:
+ * http://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html
+ *
+ * Since I still don't know exactly what the source of this bug was, I'm using
+ * this class verbatim under the assumption that the Android team knows what
+ * they're doing.  Although, at this point, that is perhaps a foolish assumption.
+ *
+ */
+
+/**
+ * Fixes for the output of the default PRNG having low entropy.
+ *
+ * The fixes need to be applied via {@link #apply()} before any use of Java
+ * Cryptography Architecture primitives. A good place to invoke them is in the
+ * application's {@code onCreate}.
+ */
+public final class PRNGFixes {
+
+  private static final int VERSION_CODE_JELLY_BEAN = 16;
+  private static final int VERSION_CODE_JELLY_BEAN_MR2 = 18;
+  private static final byte[] BUILD_FINGERPRINT_AND_DEVICE_SERIAL =
+      getBuildFingerprintAndDeviceSerial();
+
+  /** Hidden constructor to prevent instantiation. */
+  private PRNGFixes() {}
+
+  /**
+   * Applies all fixes.
+   *
+   * @throws SecurityException if a fix is needed but could not be applied.
+   */
+  public static void apply() {
+    applyOpenSSLFix();
+    installLinuxPRNGSecureRandom();
+  }
+
+  /**
+   * Applies the fix for OpenSSL PRNG having low entropy. Does nothing if the
+   * fix is not needed.
+   *
+   * @throws SecurityException if the fix is needed but could not be applied.
+   */
+  private static void applyOpenSSLFix() throws SecurityException {
+    if ((Build.VERSION.SDK_INT < VERSION_CODE_JELLY_BEAN)
+        || (Build.VERSION.SDK_INT > VERSION_CODE_JELLY_BEAN_MR2)) {
+      // No need to apply the fix
+      return;
+    }
+
+    try {
+      // Mix in the device- and invocation-specific seed.
+      Class.forName("org.apache.harmony.xnet.provider.jsse.NativeCrypto")
+           .getMethod("RAND_seed", byte[].class)
+           .invoke(null, generateSeed());
+
+      // Mix output of Linux PRNG into OpenSSL's PRNG
+      int bytesRead = (Integer) Class.forName(
+          "org.apache.harmony.xnet.provider.jsse.NativeCrypto")
+                                     .getMethod("RAND_load_file", String.class, long.class)
+                                     .invoke(null, "/dev/urandom", 1024);
+      if (bytesRead != 1024) {
+        throw new IOException(
+            "Unexpected number of bytes read from Linux PRNG: "
+                + bytesRead);
+      }
+    } catch (Exception e) {
+      throw new SecurityException("Failed to seed OpenSSL PRNG", e);
+    }
+  }
+
+  /**
+   * Installs a Linux PRNG-backed {@code SecureRandom} implementation as the
+   * default. Does nothing if the implementation is already the default or if
+   * there is not need to install the implementation.
+   *
+   * @throws SecurityException if the fix is needed but could not be applied.
+   */
+  private static void installLinuxPRNGSecureRandom()
+      throws SecurityException {
+    if (Build.VERSION.SDK_INT > VERSION_CODE_JELLY_BEAN_MR2) {
+      // No need to apply the fix
+      return;
+    }
+
+    // Install a Linux PRNG-based SecureRandom implementation as the
+    // default, if not yet installed.
+    Provider[] secureRandomProviders =
+        Security.getProviders("SecureRandom.SHA1PRNG");
+    if ((secureRandomProviders == null)
+        || (secureRandomProviders.length < 1)
+        || (!LinuxPRNGSecureRandomProvider.class.equals(
+        secureRandomProviders[0].getClass()))) {
+      Security.insertProviderAt(new LinuxPRNGSecureRandomProvider(), 1);
+    }
+
+    // Assert that new SecureRandom() and
+    // SecureRandom.getInstance("SHA1PRNG") return a SecureRandom backed
+    // by the Linux PRNG-based SecureRandom implementation.
+    SecureRandom rng1 = new SecureRandom();
+    if (!LinuxPRNGSecureRandomProvider.class.equals(
+        rng1.getProvider().getClass())) {
+      throw new SecurityException(
+          "new SecureRandom() backed by wrong Provider: "
+              + rng1.getProvider().getClass());
+    }
+
+    SecureRandom rng2;
+    try {
+      rng2 = SecureRandom.getInstance("SHA1PRNG");
+    } catch (NoSuchAlgorithmException e) {
+      throw new SecurityException("SHA1PRNG not available", e);
+    }
+    if (!LinuxPRNGSecureRandomProvider.class.equals(
+        rng2.getProvider().getClass())) {
+      throw new SecurityException(
+          "SecureRandom.getInstance(\"SHA1PRNG\") backed by wrong"
+              + " Provider: " + rng2.getProvider().getClass());
+    }
+  }
+
+  /**
+   * {@code Provider} of {@code SecureRandom} engines which pass through
+   * all requests to the Linux PRNG.
+   */
+  private static class LinuxPRNGSecureRandomProvider extends Provider {
+
+    public LinuxPRNGSecureRandomProvider() {
+      super("LinuxPRNG",
+            1.0,
+            "A Linux-specific random number provider that uses"
+                + " /dev/urandom");
+      // Although /dev/urandom is not a SHA-1 PRNG, some apps
+      // explicitly request a SHA1PRNG SecureRandom and we thus need to
+      // prevent them from getting the default implementation whose output
+      // may have low entropy.
+      put("SecureRandom.SHA1PRNG", LinuxPRNGSecureRandom.class.getName());
+      put("SecureRandom.SHA1PRNG ImplementedIn", "Software");
+    }
+  }
+
+  /**
+   * {@link SecureRandomSpi} which passes all requests to the Linux PRNG
+   * ({@code /dev/urandom}).
+   */
+  public static class LinuxPRNGSecureRandom extends SecureRandomSpi {
+
+        /*
+         * IMPLEMENTATION NOTE: Requests to generate bytes and to mix in a seed
+         * are passed through to the Linux PRNG (/dev/urandom). Instances of
+         * this class seed themselves by mixing in the current time, PID, UID,
+         * build fingerprint, and hardware serial number (where available) into
+         * Linux PRNG.
+         *
+         * Concurrency: Read requests to the underlying Linux PRNG are
+         * serialized (on sLock) to ensure that multiple threads do not get
+         * duplicated PRNG output.
+         */
+
+    private static final File URANDOM_FILE = new File("/dev/urandom");
+
+    private static final Object sLock = new Object();
+
+    /**
+     * Input stream for reading from Linux PRNG or {@code null} if not yet
+     * opened.
+     *
+     * @GuardedBy("sLock")
+     */
+    private static DataInputStream sUrandomIn;
+
+    /**
+     * Output stream for writing to Linux PRNG or {@code null} if not yet
+     * opened.
+     *
+     * @GuardedBy("sLock")
+     */
+    private static OutputStream sUrandomOut;
+
+    /**
+     * Whether this engine instance has been seeded. This is needed because
+     * each instance needs to seed itself if the client does not explicitly
+     * seed it.
+     */
+    private boolean mSeeded;
+
+    @Override
+    protected void engineSetSeed(byte[] bytes) {
+      try {
+        OutputStream out;
+        synchronized (sLock) {
+          out = getUrandomOutputStream();
+        }
+        out.write(bytes);
+        out.flush();
+        mSeeded = true;
+      } catch (IOException e) {
+        throw new SecurityException(
+            "Failed to mix seed into " + URANDOM_FILE, e);
+      }
+    }
+
+    @Override
+    protected void engineNextBytes(byte[] bytes) {
+      if (!mSeeded) {
+        // Mix in the device- and invocation-specific seed.
+        engineSetSeed(generateSeed());
+      }
+
+      try {
+        DataInputStream in;
+        synchronized (sLock) {
+          in = getUrandomInputStream();
+        }
+        synchronized (in) {
+          in.readFully(bytes);
+        }
+      } catch (IOException e) {
+        throw new SecurityException(
+            "Failed to read from " + URANDOM_FILE, e);
+      }
+    }
+
+    @Override
+    protected byte[] engineGenerateSeed(int size) {
+      byte[] seed = new byte[size];
+      engineNextBytes(seed);
+      return seed;
+    }
+
+    private DataInputStream getUrandomInputStream() {
+      synchronized (sLock) {
+        if (sUrandomIn == null) {
+          // NOTE: Consider inserting a BufferedInputStream between
+          // DataInputStream and FileInputStream if you need higher
+          // PRNG output performance and can live with future PRNG
+          // output being pulled into this process prematurely.
+          try {
+            sUrandomIn = new DataInputStream(
+                new FileInputStream(URANDOM_FILE));
+          } catch (IOException e) {
+            throw new SecurityException("Failed to open "
+                                            + URANDOM_FILE + " for reading", e);
+          }
+        }
+        return sUrandomIn;
+      }
+    }
+
+    private OutputStream getUrandomOutputStream() {
+      synchronized (sLock) {
+        if (sUrandomOut == null) {
+          try {
+            sUrandomOut = new FileOutputStream(URANDOM_FILE);
+          } catch (IOException e) {
+            throw new SecurityException("Failed to open "
+                                            + URANDOM_FILE + " for writing", e);
+          }
+        }
+        return sUrandomOut;
+      }
+    }
+  }
+
+  /**
+   * Generates a device- and invocation-specific seed to be mixed into the
+   * Linux PRNG.
+   */
+  private static byte[] generateSeed() {
+    try {
+      ByteArrayOutputStream seedBuffer = new ByteArrayOutputStream();
+      DataOutputStream seedBufferOut =
+          new DataOutputStream(seedBuffer);
+      seedBufferOut.writeLong(System.currentTimeMillis());
+      seedBufferOut.writeLong(System.nanoTime());
+      seedBufferOut.writeInt(Process.myPid());
+      seedBufferOut.writeInt(Process.myUid());
+      seedBufferOut.write(BUILD_FINGERPRINT_AND_DEVICE_SERIAL);
+      seedBufferOut.close();
+      return seedBuffer.toByteArray();
+    } catch (IOException e) {
+      throw new SecurityException("Failed to generate seed", e);
+    }
+  }
+
+  /**
+   * Gets the hardware serial number of this device.
+   *
+   * @return serial number or {@code null} if not available.
+   */
+  private static String getDeviceSerialNumber() {
+    // We're using the Reflection API because Build.SERIAL is only available
+    // since API Level 9 (Gingerbread, Android 2.3).
+    try {
+      return (String) Build.class.getField("SERIAL").get(null);
+    } catch (Exception ignored) {
+      return null;
+    }
+  }
+
+  private static byte[] getBuildFingerprintAndDeviceSerial() {
+    StringBuilder result = new StringBuilder();
+    String fingerprint = Build.FINGERPRINT;
+    if (fingerprint != null) {
+      result.append(fingerprint);
+    }
+    String serial = getDeviceSerialNumber();
+    if (serial != null) {
+      result.append(serial);
+    }
+    try {
+      return result.toString().getBytes("UTF-8");
+    } catch (UnsupportedEncodingException e) {
+      throw new RuntimeException("UTF-8 encoding not supported");
+    }
+  }
+}
\ No newline at end of file