Route all class 11 USB devices to OpenKeychain, some class 3 for info

2017-10-23 22:12:07 +02:00
parent 60b970b060
commit 0ca46c46aa
3 changed files with 29 additions and 34 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/usb/UsbTransport.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/usb/UsbTransport.java
@@ -105,8 +105,7 @@ public class UsbTransport implements Transport {
    public void connect() throws IOException {
        usbInterface = getSmartCardInterface(usbDevice);
        if (usbInterface == null) {
-            // Shouldn't happen as we whitelist only class 11 devices
-            throw new UsbTransportException("USB error - device doesn't have class 11 interface");
+            throw new UsbTransportException("USB error: CCID mode must be enabled (no class 11 interface)");
        }

        final Pair<UsbEndpoint, UsbEndpoint> ioEndpoints = getIoEndpoints(usbInterface);
@@ -114,16 +113,16 @@ public class UsbTransport implements Transport {
        UsbEndpoint usbBulkOut = ioEndpoints.second;

        if (usbBulkIn == null || usbBulkOut == null) {
-            throw new UsbTransportException("USB error - invalid class 11 interface");
+            throw new UsbTransportException("USB error: invalid class 11 interface");
        }

        usbConnection = usbManager.openDevice(usbDevice);
        if (usbConnection == null) {
-            throw new UsbTransportException("USB error - failed to connect to device");
+            throw new UsbTransportException("USB error: failed to connect to device");
        }

        if (!usbConnection.claimInterface(usbInterface, true)) {
-            throw new UsbTransportException("USB error - failed to claim interface");
+            throw new UsbTransportException("USB error: failed to claim interface");
        }

        byte[] rawDescriptors = usbConnection.getRawDescriptors();
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseSecurityTokenActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseSecurityTokenActivity.java
@@ -136,8 +136,9 @@ public abstract class BaseSecurityTokenActivity extends BaseActivity

    public void securityTokenDiscovered(final Transport transport) {
        // Actual Security Token operations are executed in doInBackground to not block the UI thread
-        if (!mTagHandlingEnabled)
+        if (!mTagHandlingEnabled) {
            return;
+        }

        final SecurityTokenConnection stConnection =
                SecurityTokenConnection.getInstanceForTransport(transport, mCachedPin);
--- a/OpenKeychain/src/main/res/xml/usb_device_filter.xml
+++ b/OpenKeychain/src/main/res/xml/usb_device_filter.xml
@@ -7,36 +7,31 @@

    Note that values are decimal.
 -->
-<resources xmlns:android="http://schemas.android.com/apk/res/android">
-    <!-- Yubikey NEO OTP + CCID -->
-    <usb-device class="11" vendor-id="4176" product-id="273"/>
-    <!-- Yubikey NEO CCID -->
-    <usb-device class="11" vendor-id="4176" product-id="274"/>
-    <!-- Yubikey NEO U2F + CCID -->
-    <usb-device class="11" vendor-id="4176" product-id="277"/>
-    <!-- Yubikey NEO OTP + U2F + CCID -->
-    <usb-device class="11" vendor-id="4176" product-id="278"/>
+<resources>

-    <!-- Nitrokey Pro -->
-    <usb-device class="11" vendor-id="8352" product-id="16648"/>
+    <!--
+        Route all smart card devices (class 11) to OpenKeychain.
+        Internally, we check against a whitelist of working devices.
+    -->
+    <usb-device class="11" />

-    <!-- Yubikey 4 CCID -->
-    <usb-device class="11" vendor-id="4176" product-id="1028"/>
-    <!-- Yubikey 4 OTP + CCID -->
-    <usb-device class="11" vendor-id="4176" product-id="1029"/>
-    <!-- Yubikey 4 U2F + CCID -->
-    <usb-device class="11" vendor-id="4176" product-id="1030"/>
-    <!-- Yubikey 4 OTP + U2F + CCID -->
-    <usb-device class="11" vendor-id="4176" product-id="1031"/>
+    <!--
+        Route some HID devices (class 3) to OpenKeychain.
+        These tokens are generally supported but need to have CCID enabled.
+        Thus, we show a notification inside OpenKeychain to inform the user.
+    -->
+    <!-- Yubikey NEO - OTP only -->
+    <usb-device class="3" vendor-id="4176" product-id="272"/>
+    <!-- Yubikey NEO - U2F only -->
+    <usb-device class="3" vendor-id="4176" product-id="275"/>
+    <!-- Yubikey NEO - OTP and U2F -->
+    <usb-device class="3" vendor-id="4176" product-id="276"/>

-    <!-- Nitrokey Storage -->
-    <!--<usb-device class="11" vendor-id="8352" product-id="16649"/>-->
+    <!-- Yubikey 4 - OTP only -->
+    <usb-device class="3" vendor-id="4176" product-id="1025"/>
+    <!-- Yubikey 4 - U2F only -->
+    <usb-device class="3" vendor-id="4176" product-id="1026"/>
+    <!-- Yubikey 4 - OTP and U2F -->
+    <usb-device class="3" vendor-id="4176" product-id="1027"/>

-    <!-- Nitrokey Start -->
-    <!--<usb-device class="11" vendor-id="8352" product-id="16913"/>-->
-    <!-- Default GNUK vid/pid -->
-    <!--<usb-device class="11" vendor-id="9035" product-id="0"/>-->
-
-    <!-- Ledger Nano S -->
-    <!--<usb-device class="11" vendor-id="11415" product-id="1"/>-->
 </resources>