cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Route all class 11 USB devices to OpenKeychain, some class 3 for info

Browse Source
This commit is contained in:
Dominik Schürmann
2017-10-23 22:12:07 +02:00
parent 60b970b060
commit 0ca46c46aa
3 changed files with 29 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/usb/UsbTransport.java
View File

@@ -105,8 +105,7 @@ public class UsbTransport implements Transport {
public void connect() throws IOException { public void connect() throws IOException {
usbInterface = getSmartCardInterface(usbDevice); usbInterface = getSmartCardInterface(usbDevice);
if (usbInterface == null) { if (usbInterface == null) {
// Shouldn't happen as we whitelist only class 11 devices throw new UsbTransportException("USB error: CCID mode must be enabled (no class 11 interface)");
throw new UsbTransportException("USB error - device doesn't have class 11 interface");
} }
final Pair<UsbEndpoint, UsbEndpoint> ioEndpoints = getIoEndpoints(usbInterface); final Pair<UsbEndpoint, UsbEndpoint> ioEndpoints = getIoEndpoints(usbInterface);
@@ -114,16 +113,16 @@ public class UsbTransport implements Transport {
UsbEndpoint usbBulkOut = ioEndpoints.second; UsbEndpoint usbBulkOut = ioEndpoints.second;
if (usbBulkIn == null || usbBulkOut == null) { if (usbBulkIn == null || usbBulkOut == null) {
throw new UsbTransportException("USB error - invalid class 11 interface"); throw new UsbTransportException("USB error: invalid class 11 interface");
} }
usbConnection = usbManager.openDevice(usbDevice); usbConnection = usbManager.openDevice(usbDevice);
if (usbConnection == null) { if (usbConnection == null) {
throw new UsbTransportException("USB error - failed to connect to device"); throw new UsbTransportException("USB error: failed to connect to device");
} }
if (!usbConnection.claimInterface(usbInterface, true)) { if (!usbConnection.claimInterface(usbInterface, true)) {
throw new UsbTransportException("USB error - failed to claim interface"); throw new UsbTransportException("USB error: failed to claim interface");
} }
byte[] rawDescriptors = usbConnection.getRawDescriptors(); byte[] rawDescriptors = usbConnection.getRawDescriptors();

3
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseSecurityTokenActivity.java
View File

@@ -136,8 +136,9 @@ public abstract class BaseSecurityTokenActivity extends BaseActivity
public void securityTokenDiscovered(final Transport transport) { public void securityTokenDiscovered(final Transport transport) {
// Actual Security Token operations are executed in doInBackground to not block the UI thread // Actual Security Token operations are executed in doInBackground to not block the UI thread
if (!mTagHandlingEnabled) if (!mTagHandlingEnabled) {
return; return;
}
final SecurityTokenConnection stConnection = final SecurityTokenConnection stConnection =
SecurityTokenConnection.getInstanceForTransport(transport, mCachedPin); SecurityTokenConnection.getInstanceForTransport(transport, mCachedPin);

51
OpenKeychain/src/main/res/xml/usb_device_filter.xml
View File

@@ -7,36 +7,31 @@
Note that values are decimal. Note that values are decimal.
--> -->
<resources xmlns:android="http://schemas.android.com/apk/res/android"> <resources>
<!-- Yubikey NEO OTP + CCID -->
<usb-device class="11" vendor-id="4176" product-id="273"/>
<!-- Yubikey NEO CCID -->
<usb-device class="11" vendor-id="4176" product-id="274"/>
<!-- Yubikey NEO U2F + CCID -->
<usb-device class="11" vendor-id="4176" product-id="277"/>
<!-- Yubikey NEO OTP + U2F + CCID -->
<usb-device class="11" vendor-id="4176" product-id="278"/>
<!-- Nitrokey Pro --> <!--
<usb-device class="11" vendor-id="8352" product-id="16648"/> Route all smart card devices (class 11) to OpenKeychain.
Internally, we check against a whitelist of working devices.
-->
<usb-device class="11" />
<!-- Yubikey 4 CCID --> <!--
<usb-device class="11" vendor-id="4176" product-id="1028"/> Route some HID devices (class 3) to OpenKeychain.
<!-- Yubikey 4 OTP + CCID --> These tokens are generally supported but need to have CCID enabled.
<usb-device class="11" vendor-id="4176" product-id="1029"/> Thus, we show a notification inside OpenKeychain to inform the user.
<!-- Yubikey 4 U2F + CCID --> -->
<usb-device class="11" vendor-id="4176" product-id="1030"/> <!-- Yubikey NEO - OTP only -->
<!-- Yubikey 4 OTP + U2F + CCID --> <usb-device class="3" vendor-id="4176" product-id="272"/>
<usb-device class="11" vendor-id="4176" product-id="1031"/> <!-- Yubikey NEO - U2F only -->
<usb-device class="3" vendor-id="4176" product-id="275"/>
<!-- Yubikey NEO - OTP and U2F -->
<usb-device class="3" vendor-id="4176" product-id="276"/>
<!-- Nitrokey Storage --> <!-- Yubikey 4 - OTP only -->
<!--<usb-device class="11" vendor-id="8352" product-id="16649"/>--> <usb-device class="3" vendor-id="4176" product-id="1025"/>
<!-- Yubikey 4 - U2F only -->
<usb-device class="3" vendor-id="4176" product-id="1026"/>
<!-- Yubikey 4 - OTP and U2F -->
<usb-device class="3" vendor-id="4176" product-id="1027"/>
<!-- Nitrokey Start -->
<!--<usb-device class="11" vendor-id="8352" product-id="16913"/>-->
<!-- Default GNUK vid/pid -->
<!--<usb-device class="11" vendor-id="9035" product-id="0"/>-->
<!-- Ledger Nano S -->
<!--<usb-device class="11" vendor-id="11415" product-id="1"/>-->
</resources> </resources>