From d6520cde04a27f5a43543f0ccee5a1e02ade69e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= Date: Tue, 8 Mar 2016 04:04:18 +0100 Subject: Fix code style and documentation in BaseSecurityTokenNfcActivity --- .../keychain/ui/SecurityTokenOperationActivity.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java index 78d82d436..d2ecce242 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java @@ -249,13 +249,13 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity } // change PINs afterwards - nfcModifyPIN(0x81, newPin); - nfcModifyPIN(0x83, newAdminPin); + nfcModifyPin(0x81, newPin); + nfcModifyPin(0x83, newAdminPin); break; } case NFC_RESET_CARD: { - nfcResetCard(); + nfcReset(); break; } -- cgit v1.2.3 From 834440199a97f3b253d85915ce83613f67e33a25 Mon Sep 17 00:00:00 2001 From: Nikita Mikhailov Date: Sun, 3 Apr 2016 22:20:33 +0600 Subject: OTG: update methods --- .../ui/SecurityTokenOperationActivity.java | 36 +++++++++++----------- 1 file changed, 18 insertions(+), 18 deletions(-) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java index d2ecce242..7e1474eb7 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java @@ -162,7 +162,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity case NFC_DECRYPT: { for (int i = 0; i < mRequiredInput.mInputData.length; i++) { byte[] encryptedSessionKey = mRequiredInput.mInputData[i]; - byte[] decryptedSessionKey = nfcDecryptSessionKey(encryptedSessionKey); + byte[] decryptedSessionKey = mJavacardDevice.decryptSessionKey(encryptedSessionKey); mInputParcel.addCryptoData(encryptedSessionKey, decryptedSessionKey); } break; @@ -173,15 +173,15 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity for (int i = 0; i < mRequiredInput.mInputData.length; i++) { byte[] hash = mRequiredInput.mInputData[i]; int algo = mRequiredInput.mSignAlgos[i]; - byte[] signedHash = nfcCalculateSignature(hash, algo); + byte[] signedHash = mJavacardDevice.calculateSignature(hash, algo); mInputParcel.addCryptoData(hash, signedHash); } break; } case NFC_MOVE_KEY_TO_CARD: { // TODO: assume PIN and Admin PIN to be default for this operation - mPin = new Passphrase("123456"); - mAdminPin = new Passphrase("12345678"); + mJavacardDevice.setPin(new Passphrase("123456")); + mJavacardDevice.setAdminPin(new Passphrase("12345678")); ProviderHelper providerHelper = new ProviderHelper(this); CanonicalizedSecretKeyRing secretKeyRing; @@ -206,7 +206,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity long keyGenerationTimestampMillis = key.getCreationTime().getTime(); long keyGenerationTimestamp = keyGenerationTimestampMillis / 1000; byte[] timestampBytes = ByteBuffer.allocate(4).putInt((int) keyGenerationTimestamp).array(); - byte[] tokenSerialNumber = Arrays.copyOf(nfcGetAid(), 16); + byte[] tokenSerialNumber = Arrays.copyOf(mJavacardDevice.getAid(), 16); Passphrase passphrase; try { @@ -218,25 +218,25 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity if (key.canSign() || key.canCertify()) { if (shouldPutKey(key.getFingerprint(), 0)) { - nfcPutKey(0xB6, key, passphrase); - nfcPutData(0xCE, timestampBytes); - nfcPutData(0xC7, key.getFingerprint()); + mJavacardDevice.putKey(0xB6, key, passphrase); + mJavacardDevice.putData(0xCE, timestampBytes); + mJavacardDevice.putData(0xC7, key.getFingerprint()); } else { throw new IOException("Key slot occupied; token must be reset to put new signature key."); } } else if (key.canEncrypt()) { if (shouldPutKey(key.getFingerprint(), 1)) { - nfcPutKey(0xB8, key, passphrase); - nfcPutData(0xCF, timestampBytes); - nfcPutData(0xC8, key.getFingerprint()); + mJavacardDevice.putKey(0xB8, key, passphrase); + mJavacardDevice.putData(0xCF, timestampBytes); + mJavacardDevice.putData(0xC8, key.getFingerprint()); } else { throw new IOException("Key slot occupied; token must be reset to put new decryption key."); } } else if (key.canAuthenticate()) { if (shouldPutKey(key.getFingerprint(), 2)) { - nfcPutKey(0xA4, key, passphrase); - nfcPutData(0xD0, timestampBytes); - nfcPutData(0xC9, key.getFingerprint()); + mJavacardDevice.putKey(0xA4, key, passphrase); + mJavacardDevice.putData(0xD0, timestampBytes); + mJavacardDevice.putData(0xC9, key.getFingerprint()); } else { throw new IOException("Key slot occupied; token must be reset to put new authentication key."); } @@ -249,13 +249,13 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity } // change PINs afterwards - nfcModifyPin(0x81, newPin); - nfcModifyPin(0x83, newAdminPin); + mJavacardDevice.modifyPin(0x81, newPin); + mJavacardDevice.modifyPin(0x83, newAdminPin); break; } case NFC_RESET_CARD: { - nfcReset(); + mJavacardDevice.resetAndWipeToken(); break; } @@ -330,7 +330,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity } private boolean shouldPutKey(byte[] fingerprint, int idx) throws IOException { - byte[] tokenFingerprint = nfcGetMasterKeyFingerprint(idx); + byte[] tokenFingerprint = mJavacardDevice.getMasterKeyFingerprint(idx); // Note: special case: This should not happen, but happens with // https://github.com/FluffyKaon/OpenPGP-Card, thus for now assume true -- cgit v1.2.3 From 5e18b15775f4c6d9c563d61a71143320620e968e Mon Sep 17 00:00:00 2001 From: Nikita Mikhailov Date: Wed, 6 Apr 2016 22:49:52 +0600 Subject: OTG: Rename 'javacard' package, methods, remove JavacardInterface --- .../ui/SecurityTokenOperationActivity.java | 36 +++++++++++----------- 1 file changed, 18 insertions(+), 18 deletions(-) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java index 7e1474eb7..c68936577 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java @@ -162,7 +162,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity case NFC_DECRYPT: { for (int i = 0; i < mRequiredInput.mInputData.length; i++) { byte[] encryptedSessionKey = mRequiredInput.mInputData[i]; - byte[] decryptedSessionKey = mJavacardDevice.decryptSessionKey(encryptedSessionKey); + byte[] decryptedSessionKey = mSmartcardDevice.decryptSessionKey(encryptedSessionKey); mInputParcel.addCryptoData(encryptedSessionKey, decryptedSessionKey); } break; @@ -173,15 +173,15 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity for (int i = 0; i < mRequiredInput.mInputData.length; i++) { byte[] hash = mRequiredInput.mInputData[i]; int algo = mRequiredInput.mSignAlgos[i]; - byte[] signedHash = mJavacardDevice.calculateSignature(hash, algo); + byte[] signedHash = mSmartcardDevice.calculateSignature(hash, algo); mInputParcel.addCryptoData(hash, signedHash); } break; } case NFC_MOVE_KEY_TO_CARD: { // TODO: assume PIN and Admin PIN to be default for this operation - mJavacardDevice.setPin(new Passphrase("123456")); - mJavacardDevice.setAdminPin(new Passphrase("12345678")); + mSmartcardDevice.setPin(new Passphrase("123456")); + mSmartcardDevice.setAdminPin(new Passphrase("12345678")); ProviderHelper providerHelper = new ProviderHelper(this); CanonicalizedSecretKeyRing secretKeyRing; @@ -206,7 +206,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity long keyGenerationTimestampMillis = key.getCreationTime().getTime(); long keyGenerationTimestamp = keyGenerationTimestampMillis / 1000; byte[] timestampBytes = ByteBuffer.allocate(4).putInt((int) keyGenerationTimestamp).array(); - byte[] tokenSerialNumber = Arrays.copyOf(mJavacardDevice.getAid(), 16); + byte[] tokenSerialNumber = Arrays.copyOf(mSmartcardDevice.getAid(), 16); Passphrase passphrase; try { @@ -218,25 +218,25 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity if (key.canSign() || key.canCertify()) { if (shouldPutKey(key.getFingerprint(), 0)) { - mJavacardDevice.putKey(0xB6, key, passphrase); - mJavacardDevice.putData(0xCE, timestampBytes); - mJavacardDevice.putData(0xC7, key.getFingerprint()); + mSmartcardDevice.putKey(0xB6, key, passphrase); + mSmartcardDevice.putData(0xCE, timestampBytes); + mSmartcardDevice.putData(0xC7, key.getFingerprint()); } else { throw new IOException("Key slot occupied; token must be reset to put new signature key."); } } else if (key.canEncrypt()) { if (shouldPutKey(key.getFingerprint(), 1)) { - mJavacardDevice.putKey(0xB8, key, passphrase); - mJavacardDevice.putData(0xCF, timestampBytes); - mJavacardDevice.putData(0xC8, key.getFingerprint()); + mSmartcardDevice.putKey(0xB8, key, passphrase); + mSmartcardDevice.putData(0xCF, timestampBytes); + mSmartcardDevice.putData(0xC8, key.getFingerprint()); } else { throw new IOException("Key slot occupied; token must be reset to put new decryption key."); } } else if (key.canAuthenticate()) { if (shouldPutKey(key.getFingerprint(), 2)) { - mJavacardDevice.putKey(0xA4, key, passphrase); - mJavacardDevice.putData(0xD0, timestampBytes); - mJavacardDevice.putData(0xC9, key.getFingerprint()); + mSmartcardDevice.putKey(0xA4, key, passphrase); + mSmartcardDevice.putData(0xD0, timestampBytes); + mSmartcardDevice.putData(0xC9, key.getFingerprint()); } else { throw new IOException("Key slot occupied; token must be reset to put new authentication key."); } @@ -249,13 +249,13 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity } // change PINs afterwards - mJavacardDevice.modifyPin(0x81, newPin); - mJavacardDevice.modifyPin(0x83, newAdminPin); + mSmartcardDevice.modifyPin(0x81, newPin); + mSmartcardDevice.modifyPin(0x83, newAdminPin); break; } case NFC_RESET_CARD: { - mJavacardDevice.resetAndWipeToken(); + mSmartcardDevice.resetAndWipeToken(); break; } @@ -330,7 +330,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity } private boolean shouldPutKey(byte[] fingerprint, int idx) throws IOException { - byte[] tokenFingerprint = mJavacardDevice.getMasterKeyFingerprint(idx); + byte[] tokenFingerprint = mSmartcardDevice.getMasterKeyFingerprint(idx); // Note: special case: This should not happen, but happens with // https://github.com/FluffyKaon/OpenPGP-Card, thus for now assume true -- cgit v1.2.3 From b5eb6468fecfc16ea041eb0f4bf48c37ec2e81f2 Mon Sep 17 00:00:00 2001 From: Nikita Mikhailov Date: Fri, 8 Apr 2016 00:41:53 +0600 Subject: OTG: Add support for persistent usb connection No need to reinsert token on each operation --- .../ui/SecurityTokenOperationActivity.java | 67 ++++++++++++++++------ 1 file changed, 49 insertions(+), 18 deletions(-) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java index c68936577..5f0093678 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java @@ -140,6 +140,32 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity if (mRequiredInput.mType != RequiredInputParcel.RequiredInputType.NFC_MOVE_KEY_TO_CARD && mRequiredInput.mType != RequiredInputParcel.RequiredInputType.NFC_RESET_CARD) { obtainSecurityTokenPin(mRequiredInput); + checkPinAvailability(); + } else { + // No need for pin, rescan USB devices + mUsbDispatcher.rescanDevices(); + } + } + + @Override + protected void onActivityResult(int requestCode, int resultCode, Intent data) { + super.onActivityResult(requestCode, resultCode, data); + if (REQUEST_CODE_PIN == requestCode) { + checkPinAvailability(); + } + } + + private void checkPinAvailability() { + try { + Passphrase passphrase = PassphraseCacheService.getCachedPassphrase(this, + mRequiredInput.getMasterKeyId(), mRequiredInput.getSubKeyId()); + if (passphrase != null) { + // Rescan USB devices + mUsbDispatcher.rescanDevices(); + } + } catch (PassphraseCacheService.KeyNotFoundException e) { + throw new AssertionError( + "tried to find passphrase for non-existing key. this is a programming error!"); } } @@ -275,28 +301,33 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity nfcGuideView.setCurrentStatus(NfcGuideView.NfcGuideViewStatus.DONE); - new AsyncTask() { - @Override - protected Void doInBackground(Void... params) { - // check all 200ms if Security Token has been taken away - while (true) { - if (isNfcConnected()) { - try { - Thread.sleep(200); - } catch (InterruptedException ignored) { + if (mSmartcardDevice.allowPersistentConnection()) { + // Just close + finish(); + } else { + new AsyncTask() { + @Override + protected Void doInBackground(Void... params) { + // check all 200ms if Security Token has been taken away + while (true) { + if (isNfcConnected()) { + try { + Thread.sleep(200); + } catch (InterruptedException ignored) { + } + } else { + return null; } - } else { - return null; } } - } - @Override - protected void onPostExecute(Void result) { - super.onPostExecute(result); - finish(); - } - }.execute(); + @Override + protected void onPostExecute(Void result) { + super.onPostExecute(result); + finish(); + } + }.execute(); + } } /** -- cgit v1.2.3 From 4d9ce8e95b4604f753aa5f49fe2c243dc73a13a9 Mon Sep 17 00:00:00 2001 From: Nikita Mikhailov Date: Sat, 9 Apr 2016 13:13:02 +0600 Subject: OTG: Refactor persistent connections, naming --- .../keychain/ui/SecurityTokenOperationActivity.java | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java index 5f0093678..884f33365 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java @@ -142,8 +142,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity obtainSecurityTokenPin(mRequiredInput); checkPinAvailability(); } else { - // No need for pin, rescan USB devices - mUsbDispatcher.rescanDevices(); + checkDeviceConnection(); } } @@ -160,8 +159,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity Passphrase passphrase = PassphraseCacheService.getCachedPassphrase(this, mRequiredInput.getMasterKeyId(), mRequiredInput.getSubKeyId()); if (passphrase != null) { - // Rescan USB devices - mUsbDispatcher.rescanDevices(); + checkDeviceConnection(); } } catch (PassphraseCacheService.KeyNotFoundException e) { throw new AssertionError( @@ -175,7 +173,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity } @Override - public void onNfcPreExecute() { + public void onSmartcardPreExecute() { // start with indeterminate progress vAnimator.setDisplayedChild(1); nfcGuideView.setCurrentStatus(NfcGuideView.NfcGuideViewStatus.TRANSFERRING); @@ -293,7 +291,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity } @Override - protected final void onNfcPostExecute() { + protected final void onSmartcardPostExecute() { handleResult(mInputParcel); // show finish @@ -301,7 +299,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity nfcGuideView.setCurrentStatus(NfcGuideView.NfcGuideViewStatus.DONE); - if (mSmartcardDevice.allowPersistentConnection()) { + if (mSmartcardDevice.isPersistentConnectionAllowed()) { // Just close finish(); } else { -- cgit v1.2.3 From 38a1c2d3ab5a9fe0fa74acbd8301d671eab35d59 Mon Sep 17 00:00:00 2001 From: Nikita Mikhailov Date: Sat, 9 Apr 2016 13:23:29 +0600 Subject: OTG: refactor, change nfc prefix to smartcard --- .../ui/SecurityTokenOperationActivity.java | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java index 884f33365..ed6e3faf3 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java @@ -137,8 +137,8 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity private void obtainPassphraseIfRequired() { // obtain passphrase for this subkey - if (mRequiredInput.mType != RequiredInputParcel.RequiredInputType.NFC_MOVE_KEY_TO_CARD - && mRequiredInput.mType != RequiredInputParcel.RequiredInputType.NFC_RESET_CARD) { + if (mRequiredInput.mType != RequiredInputParcel.RequiredInputType.SMARTCARD_MOVE_KEY_TO_CARD + && mRequiredInput.mType != RequiredInputParcel.RequiredInputType.SMARTCARD_RESET_CARD) { obtainSecurityTokenPin(mRequiredInput); checkPinAvailability(); } else { @@ -180,10 +180,10 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity } @Override - protected void doNfcInBackground() throws IOException { + protected void doSmartcardInBackground() throws IOException { switch (mRequiredInput.mType) { - case NFC_DECRYPT: { + case SMARTCARD_DECRYPT: { for (int i = 0; i < mRequiredInput.mInputData.length; i++) { byte[] encryptedSessionKey = mRequiredInput.mInputData[i]; byte[] decryptedSessionKey = mSmartcardDevice.decryptSessionKey(encryptedSessionKey); @@ -191,7 +191,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity } break; } - case NFC_SIGN: { + case SMARTCARD_SIGN: { mInputParcel.addSignatureTime(mRequiredInput.mSignatureTime); for (int i = 0; i < mRequiredInput.mInputData.length; i++) { @@ -202,7 +202,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity } break; } - case NFC_MOVE_KEY_TO_CARD: { + case SMARTCARD_MOVE_KEY_TO_CARD: { // TODO: assume PIN and Admin PIN to be default for this operation mSmartcardDevice.setPin(new Passphrase("123456")); mSmartcardDevice.setAdminPin(new Passphrase("12345678")); @@ -278,7 +278,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity break; } - case NFC_RESET_CARD: { + case SMARTCARD_RESET_CARD: { mSmartcardDevice.resetAndWipeToken(); break; @@ -308,7 +308,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity protected Void doInBackground(Void... params) { // check all 200ms if Security Token has been taken away while (true) { - if (isNfcConnected()) { + if (isSmartcardConnected()) { try { Thread.sleep(200); } catch (InterruptedException ignored) { @@ -340,7 +340,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity } @Override - protected void onNfcError(String error) { + protected void onSmartcardError(String error) { pauseTagHandling(); vErrorText.setText(error + "\n\n" + getString(R.string.security_token_nfc_try_again_text)); @@ -350,8 +350,8 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity } @Override - public void onNfcPinError(String error) { - onNfcError(error); + public void onSmartcardPinError(String error) { + onSmartcardError(error); // clear (invalid) passphrase PassphraseCacheService.clearCachedPassphrase( -- cgit v1.2.3 From 0c9ead62a0f6c7cb59811891059eeb8b5330ee79 Mon Sep 17 00:00:00 2001 From: Nikita Mikhailov Date: Sat, 9 Apr 2016 18:24:31 +0600 Subject: OTG: Remove obsolete Pin classes, reenable changeKey method --- .../ui/SecurityTokenOperationActivity.java | 54 +--------------------- 1 file changed, 1 insertion(+), 53 deletions(-) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java index ed6e3faf3..12843cbcd 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java @@ -69,8 +69,6 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity private RequiredInputParcel mRequiredInput; - private static final byte[] BLANK_FINGERPRINT = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - private CryptoInputParcel mInputParcel; @Override @@ -226,10 +224,6 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity long subkeyId = buf.getLong(); CanonicalizedSecretKey key = secretKeyRing.getSecretKey(subkeyId); - - long keyGenerationTimestampMillis = key.getCreationTime().getTime(); - long keyGenerationTimestamp = keyGenerationTimestampMillis / 1000; - byte[] timestampBytes = ByteBuffer.allocate(4).putInt((int) keyGenerationTimestamp).array(); byte[] tokenSerialNumber = Arrays.copyOf(mSmartcardDevice.getAid(), 16); Passphrase passphrase; @@ -240,33 +234,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity throw new IOException("Unable to get cached passphrase!"); } - if (key.canSign() || key.canCertify()) { - if (shouldPutKey(key.getFingerprint(), 0)) { - mSmartcardDevice.putKey(0xB6, key, passphrase); - mSmartcardDevice.putData(0xCE, timestampBytes); - mSmartcardDevice.putData(0xC7, key.getFingerprint()); - } else { - throw new IOException("Key slot occupied; token must be reset to put new signature key."); - } - } else if (key.canEncrypt()) { - if (shouldPutKey(key.getFingerprint(), 1)) { - mSmartcardDevice.putKey(0xB8, key, passphrase); - mSmartcardDevice.putData(0xCF, timestampBytes); - mSmartcardDevice.putData(0xC8, key.getFingerprint()); - } else { - throw new IOException("Key slot occupied; token must be reset to put new decryption key."); - } - } else if (key.canAuthenticate()) { - if (shouldPutKey(key.getFingerprint(), 2)) { - mSmartcardDevice.putKey(0xA4, key, passphrase); - mSmartcardDevice.putData(0xD0, timestampBytes); - mSmartcardDevice.putData(0xC9, key.getFingerprint()); - } else { - throw new IOException("Key slot occupied; token must be reset to put new authentication key."); - } - } else { - throw new IOException("Inappropriate key flags for Security Token key."); - } + mSmartcardDevice.changeKey(key, passphrase); // TODO: Is this really used anywhere? mInputParcel.addCryptoData(subkeyBytes, tokenSerialNumber); @@ -357,24 +325,4 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity PassphraseCacheService.clearCachedPassphrase( this, mRequiredInput.getMasterKeyId(), mRequiredInput.getSubKeyId()); } - - private boolean shouldPutKey(byte[] fingerprint, int idx) throws IOException { - byte[] tokenFingerprint = mSmartcardDevice.getMasterKeyFingerprint(idx); - - // Note: special case: This should not happen, but happens with - // https://github.com/FluffyKaon/OpenPGP-Card, thus for now assume true - if (tokenFingerprint == null) { - return true; - } - - // Slot is empty, or contains this key already. PUT KEY operation is safe - if (Arrays.equals(tokenFingerprint, BLANK_FINGERPRINT) || - Arrays.equals(tokenFingerprint, fingerprint)) { - return true; - } - - // Slot already contains a different key; don't overwrite it. - return false; - } - } -- cgit v1.2.3 From 0077f3a3b8a3a62578a48ec8b096cbb85c189246 Mon Sep 17 00:00:00 2001 From: Nikita Mikhailov Date: Sat, 9 Apr 2016 18:35:32 +0600 Subject: OTG: Add/Update copyrights --- .../sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java | 1 + 1 file changed, 1 insertion(+) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java index 12843cbcd..ac12c2a4a 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java @@ -3,6 +3,7 @@ * Copyright (C) 2015 Vincent Breitmoser * Copyright (C) 2013-2014 Signe RĂ¼sch * Copyright (C) 2013-2014 Philipp Jakubeit + * Copyright (C) 2016 Nikita Mikhailov * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by -- cgit v1.2.3 From df57ecde4755b6d2bf39c486cc7bb8d521d3268b Mon Sep 17 00:00:00 2001 From: Nikita Mikhailov Date: Tue, 12 Apr 2016 00:02:59 +0600 Subject: OTG: rename Smartcard -> SecurityToken --- .../ui/SecurityTokenOperationActivity.java | 32 +++++++++++----------- 1 file changed, 16 insertions(+), 16 deletions(-) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java index ac12c2a4a..ddc1a7ca0 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java @@ -172,20 +172,20 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity } @Override - public void onSmartcardPreExecute() { + public void onSecurityTokenPreExecute() { // start with indeterminate progress vAnimator.setDisplayedChild(1); nfcGuideView.setCurrentStatus(NfcGuideView.NfcGuideViewStatus.TRANSFERRING); } @Override - protected void doSmartcardInBackground() throws IOException { + protected void doSecurityTokenInBackground() throws IOException { switch (mRequiredInput.mType) { case SMARTCARD_DECRYPT: { for (int i = 0; i < mRequiredInput.mInputData.length; i++) { byte[] encryptedSessionKey = mRequiredInput.mInputData[i]; - byte[] decryptedSessionKey = mSmartcardDevice.decryptSessionKey(encryptedSessionKey); + byte[] decryptedSessionKey = mSecurityTokenHelper.decryptSessionKey(encryptedSessionKey); mInputParcel.addCryptoData(encryptedSessionKey, decryptedSessionKey); } break; @@ -196,15 +196,15 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity for (int i = 0; i < mRequiredInput.mInputData.length; i++) { byte[] hash = mRequiredInput.mInputData[i]; int algo = mRequiredInput.mSignAlgos[i]; - byte[] signedHash = mSmartcardDevice.calculateSignature(hash, algo); + byte[] signedHash = mSecurityTokenHelper.calculateSignature(hash, algo); mInputParcel.addCryptoData(hash, signedHash); } break; } case SMARTCARD_MOVE_KEY_TO_CARD: { // TODO: assume PIN and Admin PIN to be default for this operation - mSmartcardDevice.setPin(new Passphrase("123456")); - mSmartcardDevice.setAdminPin(new Passphrase("12345678")); + mSecurityTokenHelper.setPin(new Passphrase("123456")); + mSecurityTokenHelper.setAdminPin(new Passphrase("12345678")); ProviderHelper providerHelper = new ProviderHelper(this); CanonicalizedSecretKeyRing secretKeyRing; @@ -225,7 +225,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity long subkeyId = buf.getLong(); CanonicalizedSecretKey key = secretKeyRing.getSecretKey(subkeyId); - byte[] tokenSerialNumber = Arrays.copyOf(mSmartcardDevice.getAid(), 16); + byte[] tokenSerialNumber = Arrays.copyOf(mSecurityTokenHelper.getAid(), 16); Passphrase passphrase; try { @@ -235,20 +235,20 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity throw new IOException("Unable to get cached passphrase!"); } - mSmartcardDevice.changeKey(key, passphrase); + mSecurityTokenHelper.changeKey(key, passphrase); // TODO: Is this really used anywhere? mInputParcel.addCryptoData(subkeyBytes, tokenSerialNumber); } // change PINs afterwards - mSmartcardDevice.modifyPin(0x81, newPin); - mSmartcardDevice.modifyPin(0x83, newAdminPin); + mSecurityTokenHelper.modifyPin(0x81, newPin); + mSecurityTokenHelper.modifyPin(0x83, newAdminPin); break; } case SMARTCARD_RESET_CARD: { - mSmartcardDevice.resetAndWipeToken(); + mSecurityTokenHelper.resetAndWipeToken(); break; } @@ -260,7 +260,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity } @Override - protected final void onSmartcardPostExecute() { + protected final void onSecurityTokenPostExecute() { handleResult(mInputParcel); // show finish @@ -268,7 +268,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity nfcGuideView.setCurrentStatus(NfcGuideView.NfcGuideViewStatus.DONE); - if (mSmartcardDevice.isPersistentConnectionAllowed()) { + if (mSecurityTokenHelper.isPersistentConnectionAllowed()) { // Just close finish(); } else { @@ -309,7 +309,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity } @Override - protected void onSmartcardError(String error) { + protected void onSecurityTokenError(String error) { pauseTagHandling(); vErrorText.setText(error + "\n\n" + getString(R.string.security_token_nfc_try_again_text)); @@ -319,8 +319,8 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity } @Override - public void onSmartcardPinError(String error) { - onSmartcardError(error); + public void onSecurityTokenPinError(String error) { + onSecurityTokenError(error); // clear (invalid) passphrase PassphraseCacheService.clearCachedPassphrase( -- cgit v1.2.3 From 28a352a288701a6419602e4c2fff3d5da7172cc0 Mon Sep 17 00:00:00 2001 From: Nikita Mikhailov Date: Fri, 15 Apr 2016 02:02:11 +0600 Subject: OTG: Rename smartcard -> security token --- .../keychain/ui/SecurityTokenOperationActivity.java | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java index ddc1a7ca0..39cd74fd2 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java @@ -136,8 +136,8 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity private void obtainPassphraseIfRequired() { // obtain passphrase for this subkey - if (mRequiredInput.mType != RequiredInputParcel.RequiredInputType.SMARTCARD_MOVE_KEY_TO_CARD - && mRequiredInput.mType != RequiredInputParcel.RequiredInputType.SMARTCARD_RESET_CARD) { + if (mRequiredInput.mType != RequiredInputParcel.RequiredInputType.SECURITY_TOKEN_MOVE_KEY_TO_CARD + && mRequiredInput.mType != RequiredInputParcel.RequiredInputType.SECURITY_TOKEN_RESET_CARD) { obtainSecurityTokenPin(mRequiredInput); checkPinAvailability(); } else { @@ -182,7 +182,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity protected void doSecurityTokenInBackground() throws IOException { switch (mRequiredInput.mType) { - case SMARTCARD_DECRYPT: { + case SECURITY_TOKEN_DECRYPT: { for (int i = 0; i < mRequiredInput.mInputData.length; i++) { byte[] encryptedSessionKey = mRequiredInput.mInputData[i]; byte[] decryptedSessionKey = mSecurityTokenHelper.decryptSessionKey(encryptedSessionKey); @@ -190,7 +190,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity } break; } - case SMARTCARD_SIGN: { + case SECURITY_TOKEN_SIGN: { mInputParcel.addSignatureTime(mRequiredInput.mSignatureTime); for (int i = 0; i < mRequiredInput.mInputData.length; i++) { @@ -201,7 +201,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity } break; } - case SMARTCARD_MOVE_KEY_TO_CARD: { + case SECURITY_TOKEN_MOVE_KEY_TO_CARD: { // TODO: assume PIN and Admin PIN to be default for this operation mSecurityTokenHelper.setPin(new Passphrase("123456")); mSecurityTokenHelper.setAdminPin(new Passphrase("12345678")); @@ -247,7 +247,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity break; } - case SMARTCARD_RESET_CARD: { + case SECURITY_TOKEN_RESET_CARD: { mSecurityTokenHelper.resetAndWipeToken(); break; @@ -277,7 +277,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity protected Void doInBackground(Void... params) { // check all 200ms if Security Token has been taken away while (true) { - if (isSmartcardConnected()) { + if (isSecurityTokenConnected()) { try { Thread.sleep(200); } catch (InterruptedException ignored) { -- cgit v1.2.3 From a87c65c3f480ae06070607f2cd0f5227012d6cd3 Mon Sep 17 00:00:00 2001 From: Nikita Mikhailov Date: Sat, 16 Apr 2016 01:43:13 +0600 Subject: Check if security token keys match required once before signing/decryption --- .../keychain/ui/SecurityTokenOperationActivity.java | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java index 39cd74fd2..af7246abc 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java @@ -36,10 +36,12 @@ import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey; import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing; import org.sufficientlysecure.keychain.provider.KeychainContract; import org.sufficientlysecure.keychain.provider.ProviderHelper; +import org.sufficientlysecure.keychain.securitytoken.KeyType; import org.sufficientlysecure.keychain.service.PassphraseCacheService; import org.sufficientlysecure.keychain.service.input.CryptoInputParcel; import org.sufficientlysecure.keychain.service.input.RequiredInputParcel; import org.sufficientlysecure.keychain.ui.base.BaseSecurityTokenNfcActivity; +import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils; import org.sufficientlysecure.keychain.ui.util.ThemeChanger; import org.sufficientlysecure.keychain.util.Log; import org.sufficientlysecure.keychain.util.OrientationUtils; @@ -183,6 +185,13 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity switch (mRequiredInput.mType) { case SECURITY_TOKEN_DECRYPT: { + long tokenKeyId = KeyFormattingUtils.getKeyIdFromFingerprint( + mSecurityTokenHelper.getMasterKeyFingerprint(KeyType.SIGN)); + + if (tokenKeyId != mRequiredInput.getMasterKeyId()) { + throw new IOException(getString(R.string.error_wrong_security_token)); + } + for (int i = 0; i < mRequiredInput.mInputData.length; i++) { byte[] encryptedSessionKey = mRequiredInput.mInputData[i]; byte[] decryptedSessionKey = mSecurityTokenHelper.decryptSessionKey(encryptedSessionKey); @@ -191,6 +200,13 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity break; } case SECURITY_TOKEN_SIGN: { + long tokenKeyId = KeyFormattingUtils.getKeyIdFromFingerprint( + mSecurityTokenHelper.getMasterKeyFingerprint(KeyType.SIGN)); + + if (tokenKeyId != mRequiredInput.getMasterKeyId()) { + throw new IOException(getString(R.string.error_wrong_security_token)); + } + mInputParcel.addSignatureTime(mRequiredInput.mSignatureTime); for (int i = 0; i < mRequiredInput.mInputData.length; i++) { -- cgit v1.2.3 From 935f88131e47c19df5bb8bb5dd13d20d391f0794 Mon Sep 17 00:00:00 2001 From: Nikita Mikhailov Date: Sat, 16 Apr 2016 15:45:43 +0600 Subject: Check subkey id instead of masterkey id on security token operations Rename ambiguous getMasterKeyFingerprint -> getKeyFingerprint --- .../keychain/ui/SecurityTokenOperationActivity.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java index af7246abc..925ad19d4 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java @@ -186,9 +186,9 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity switch (mRequiredInput.mType) { case SECURITY_TOKEN_DECRYPT: { long tokenKeyId = KeyFormattingUtils.getKeyIdFromFingerprint( - mSecurityTokenHelper.getMasterKeyFingerprint(KeyType.SIGN)); + mSecurityTokenHelper.getKeyFingerprint(KeyType.ENCRYPT)); - if (tokenKeyId != mRequiredInput.getMasterKeyId()) { + if (tokenKeyId != mRequiredInput.getSubKeyId()) { throw new IOException(getString(R.string.error_wrong_security_token)); } @@ -201,9 +201,9 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity } case SECURITY_TOKEN_SIGN: { long tokenKeyId = KeyFormattingUtils.getKeyIdFromFingerprint( - mSecurityTokenHelper.getMasterKeyFingerprint(KeyType.SIGN)); + mSecurityTokenHelper.getKeyFingerprint(KeyType.SIGN)); - if (tokenKeyId != mRequiredInput.getMasterKeyId()) { + if (tokenKeyId != mRequiredInput.getSubKeyId()) { throw new IOException(getString(R.string.error_wrong_security_token)); } -- cgit v1.2.3 From d72001c6907ff50890673cd91b266c34c73ec84b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= Date: Sat, 30 Apr 2016 15:24:09 +0200 Subject: Fix animation in manage keys for security tokens --- .../keychain/ui/SecurityTokenOperationActivity.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java index 925ad19d4..4d07025e6 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java @@ -40,7 +40,7 @@ import org.sufficientlysecure.keychain.securitytoken.KeyType; import org.sufficientlysecure.keychain.service.PassphraseCacheService; import org.sufficientlysecure.keychain.service.input.CryptoInputParcel; import org.sufficientlysecure.keychain.service.input.RequiredInputParcel; -import org.sufficientlysecure.keychain.ui.base.BaseSecurityTokenNfcActivity; +import org.sufficientlysecure.keychain.ui.base.BaseSecurityTokenActivity; import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils; import org.sufficientlysecure.keychain.ui.util.ThemeChanger; import org.sufficientlysecure.keychain.util.Log; @@ -58,7 +58,7 @@ import nordpol.android.NfcGuideView; * NFC devices. * For the full specs, see http://g10code.com/docs/openpgp-card-2.0.pdf */ -public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity { +public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity { public static final String EXTRA_REQUIRED_INPUT = "required_input"; public static final String EXTRA_CRYPTO_INPUT = "crypto_input"; -- cgit v1.2.3