cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OTG: refactor, change nfc prefix to smartcard

Browse Source
This commit is contained in:
Nikita Mikhailov
2016-04-09 13:23:29 +06:00
parent 4d9ce8e95b
commit 38a1c2d3ab
8 changed files with 73 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPendingIntentFactory.java
View File

@@ -50,9 +50,9 @@ public class ApiPendingIntentFactory {
CryptoInputParcel cryptoInput) {
switch (requiredInput.mType) {
case NFC_MOVE_KEY_TO_CARD:
case NFC_DECRYPT:
case NFC_SIGN: {
case SMARTCARD_MOVE_KEY_TO_CARD:
case SMARTCARD_DECRYPT:
case SMARTCARD_SIGN: {
return createNfcOperationPendingIntent(data, requiredInput, cryptoInput);
}

18
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
View File

@@ -14,8 +14,8 @@ import java.util.Date;
public class RequiredInputParcel implements Parcelable {
public enum RequiredInputType {
PASSPHRASE, PASSPHRASE_SYMMETRIC, BACKUP_CODE, NFC_SIGN, NFC_DECRYPT,
NFC_MOVE_KEY_TO_CARD, NFC_RESET_CARD, ENABLE_ORBOT, UPLOAD_FAIL_RETRY,
PASSPHRASE, PASSPHRASE_SYMMETRIC, BACKUP_CODE, SMARTCARD_SIGN, SMARTCARD_DECRYPT,
SMARTCARD_MOVE_KEY_TO_CARD, SMARTCARD_RESET_CARD, ENABLE_ORBOT, UPLOAD_FAIL_RETRY,
}
public Date mSignatureTime;
@@ -92,19 +92,19 @@ public class RequiredInputParcel implements Parcelable {
public static RequiredInputParcel createNfcSignOperation(
long masterKeyId, long subKeyId,
byte[] inputHash, int signAlgo, Date signatureTime) {
return new RequiredInputParcel(RequiredInputType.NFC_SIGN,
return new RequiredInputParcel(RequiredInputType.SMARTCARD_SIGN,
new byte[][] { inputHash }, new int[] { signAlgo },
signatureTime, masterKeyId, subKeyId);
}
public static RequiredInputParcel createNfcDecryptOperation(
long masterKeyId, long subKeyId, byte[] encryptedSessionKey) {
return new RequiredInputParcel(RequiredInputType.NFC_DECRYPT,
return new RequiredInputParcel(RequiredInputType.SMARTCARD_DECRYPT,
new byte[][] { encryptedSessionKey }, null, null, masterKeyId, subKeyId);
}
public static RequiredInputParcel createNfcReset() {
return new RequiredInputParcel(RequiredInputType.NFC_RESET_CARD,
return new RequiredInputParcel(RequiredInputType.SMARTCARD_RESET_CARD,
null, null, null, null, null);
}
@@ -209,7 +209,7 @@ public class RequiredInputParcel implements Parcelable {
signAlgos[i] = mSignAlgos.get(i);
}
return new RequiredInputParcel(RequiredInputType.NFC_SIGN,
return new RequiredInputParcel(RequiredInputType.SMARTCARD_SIGN,
inputHashes, signAlgos, mSignatureTime, mMasterKeyId, mSubKeyId);
}
@@ -222,7 +222,7 @@ public class RequiredInputParcel implements Parcelable {
if (!mSignatureTime.equals(input.mSignatureTime)) {
throw new AssertionError("input times must match, this is a programming error!");
}
if (input.mType != RequiredInputType.NFC_SIGN) {
if (input.mType != RequiredInputType.SMARTCARD_SIGN) {
throw new AssertionError("operation types must match, this is a progrmming error!");
}
@@ -264,7 +264,7 @@ public class RequiredInputParcel implements Parcelable {
ByteBuffer buf = ByteBuffer.wrap(mSubkeysToExport.get(0));
// We need to pass in a subkey here...
return new RequiredInputParcel(RequiredInputType.NFC_MOVE_KEY_TO_CARD,
return new RequiredInputParcel(RequiredInputType.SMARTCARD_MOVE_KEY_TO_CARD,
inputData, null, null, mMasterKeyId, buf.getLong());
}
@@ -287,7 +287,7 @@ public class RequiredInputParcel implements Parcelable {
if (!mMasterKeyId.equals(input.mMasterKeyId)) {
throw new AssertionError("Master keys must match, this is a programming error!");
}
if (input.mType != RequiredInputType.NFC_MOVE_KEY_TO_CARD) {
if (input.mType != RequiredInputType.SMARTCARD_MOVE_KEY_TO_CARD) {
throw new AssertionError("Operation types must match, this is a programming error!");
}

2
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java
View File

@@ -143,7 +143,7 @@ public class CreateKeyActivity extends BaseSecurityTokenNfcActivity {
}
@Override
protected void doNfcInBackground() throws IOException {
protected void doSmartcardInBackground() throws IOException {
if (mCurrentFragment instanceof NfcListenerFragment) {
((NfcListenerFragment) mCurrentFragment).doNfcInBackground();
return;

22
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java
View File

@@ -137,8 +137,8 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
private void obtainPassphraseIfRequired() {
// obtain passphrase for this subkey
if (mRequiredInput.mType != RequiredInputParcel.RequiredInputType.NFC_MOVE_KEY_TO_CARD
&& mRequiredInput.mType != RequiredInputParcel.RequiredInputType.NFC_RESET_CARD) {
if (mRequiredInput.mType != RequiredInputParcel.RequiredInputType.SMARTCARD_MOVE_KEY_TO_CARD
&& mRequiredInput.mType != RequiredInputParcel.RequiredInputType.SMARTCARD_RESET_CARD) {
obtainSecurityTokenPin(mRequiredInput);
checkPinAvailability();
} else {
@@ -180,10 +180,10 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
}
@Override
protected void doNfcInBackground() throws IOException {
protected void doSmartcardInBackground() throws IOException {
switch (mRequiredInput.mType) {
case NFC_DECRYPT: {
case SMARTCARD_DECRYPT: {
for (int i = 0; i < mRequiredInput.mInputData.length; i++) {
byte[] encryptedSessionKey = mRequiredInput.mInputData[i];
byte[] decryptedSessionKey = mSmartcardDevice.decryptSessionKey(encryptedSessionKey);
@@ -191,7 +191,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
}
break;
}
case NFC_SIGN: {
case SMARTCARD_SIGN: {
mInputParcel.addSignatureTime(mRequiredInput.mSignatureTime);
for (int i = 0; i < mRequiredInput.mInputData.length; i++) {
@@ -202,7 +202,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
}
break;
}
case NFC_MOVE_KEY_TO_CARD: {
case SMARTCARD_MOVE_KEY_TO_CARD: {
// TODO: assume PIN and Admin PIN to be default for this operation
mSmartcardDevice.setPin(new Passphrase("123456"));
mSmartcardDevice.setAdminPin(new Passphrase("12345678"));
@@ -278,7 +278,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
break;
}
case NFC_RESET_CARD: {
case SMARTCARD_RESET_CARD: {
mSmartcardDevice.resetAndWipeToken();
break;
@@ -308,7 +308,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
protected Void doInBackground(Void... params) {
// check all 200ms if Security Token has been taken away
while (true) {
if (isNfcConnected()) {
if (isSmartcardConnected()) {
try {
Thread.sleep(200);
} catch (InterruptedException ignored) {
@@ -340,7 +340,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
}
@Override
protected void onNfcError(String error) {
protected void onSmartcardError(String error) {
pauseTagHandling();
vErrorText.setText(error + "\n\n" + getString(R.string.security_token_nfc_try_again_text));
@@ -350,8 +350,8 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
}
@Override
public void onNfcPinError(String error) {
onNfcError(error);
public void onSmartcardPinError(String error) {
onSmartcardError(error);
// clear (invalid) passphrase
PassphraseCacheService.clearCachedPassphrase(

2
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java
View File

@@ -647,7 +647,7 @@ public class ViewKeyActivity extends BaseSecurityTokenNfcActivity implements
}
@Override
protected void doNfcInBackground() throws IOException {
protected void doSmartcardInBackground() throws IOException {
mNfcFingerprints = mSmartcardDevice.getFingerprints();
mNfcUserId = mSmartcardDevice.getUserId();

78
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseSecurityTokenNfcActivity.java
View File

@@ -59,8 +59,6 @@ import org.sufficientlysecure.keychain.util.Passphrase;
import java.io.IOException;
import nordpol.IsoCard;
import nordpol.android.AndroidCard;
import nordpol.android.OnDiscoveredTagListener;
import nordpol.android.TagDispatcher;
@@ -77,9 +75,9 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
protected UsbConnectionManager mUsbDispatcher;
private boolean mTagHandlingEnabled;
private byte[] mNfcFingerprints;
private String mNfcUserId;
private byte[] mNfcAid;
private byte[] mSmartcardFingerprints;
private String mSmartcardUserId;
private byte[] mSmartcardAid;
/**
* Override to change UI before NFC handling (UI thread)
@@ -90,10 +88,10 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
/**
* Override to implement NFC operations (background thread)
*/
protected void doNfcInBackground() throws IOException {
mNfcFingerprints = mSmartcardDevice.getFingerprints();
mNfcUserId = mSmartcardDevice.getUserId();
mNfcAid = mSmartcardDevice.getAid();
protected void doSmartcardInBackground() throws IOException {
mSmartcardFingerprints = mSmartcardDevice.getFingerprints();
mSmartcardUserId = mSmartcardDevice.getUserId();
mSmartcardAid = mSmartcardDevice.getAid();
}
/**
@@ -101,7 +99,7 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
*/
protected void onSmartcardPostExecute() {
final long subKeyId = KeyFormattingUtils.getKeyIdFromFingerprint(mNfcFingerprints);
final long subKeyId = KeyFormattingUtils.getKeyIdFromFingerprint(mSmartcardFingerprints);
try {
CachedPublicKeyRing ring = new ProviderHelper(this).getCachedPublicKeyRing(
@@ -110,15 +108,15 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
Intent intent = new Intent(this, ViewKeyActivity.class);
intent.setData(KeyRings.buildGenericKeyRingUri(masterKeyId));
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_AID, mNfcAid);
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_USER_ID, mNfcUserId);
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_FINGERPRINTS, mNfcFingerprints);
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_AID, mSmartcardAid);
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_USER_ID, mSmartcardUserId);
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_FINGERPRINTS, mSmartcardFingerprints);
startActivity(intent);
} catch (PgpKeyNotFoundException e) {
Intent intent = new Intent(this, CreateKeyActivity.class);
intent.putExtra(CreateKeyActivity.EXTRA_NFC_AID, mNfcAid);
intent.putExtra(CreateKeyActivity.EXTRA_NFC_USER_ID, mNfcUserId);
intent.putExtra(CreateKeyActivity.EXTRA_NFC_FINGERPRINTS, mNfcFingerprints);
intent.putExtra(CreateKeyActivity.EXTRA_NFC_AID, mSmartcardAid);
intent.putExtra(CreateKeyActivity.EXTRA_NFC_USER_ID, mSmartcardUserId);
intent.putExtra(CreateKeyActivity.EXTRA_NFC_FINGERPRINTS, mSmartcardFingerprints);
startActivity(intent);
}
}
@@ -126,15 +124,15 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
/**
* Override to use something different than Notify (UI thread)
*/
protected void onNfcError(String error) {
protected void onSmartcardError(String error) {
Notify.create(this, error, Style.WARN).show();
}
/**
* Override to do something when PIN is wrong, e.g., clear passphrases (UI thread)
*/
protected void onNfcPinError(String error) {
onNfcError(error);
protected void onSmartcardPinError(String error) {
onSmartcardError(error);
}
public void tagDiscovered(final Tag tag) {
@@ -240,12 +238,12 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
private void handleSmartcardError(IOException e) {
if (e instanceof TagLostException) {
onNfcError(getString(R.string.security_token_error_tag_lost));
onSmartcardError(getString(R.string.security_token_error_tag_lost));
return;
}
if (e instanceof IsoDepNotSupportedException) {
onNfcError(getString(R.string.security_token_error_iso_dep_not_supported));
onSmartcardError(getString(R.string.security_token_error_iso_dep_not_supported));
return;
}
@@ -260,7 +258,7 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
if ((status & (short) 0xFFF0) == 0x63C0) {
int tries = status & 0x000F;
// hook to do something different when PIN is wrong
onNfcPinError(getResources().getQuantityString(R.plurals.security_token_error_pin, tries, tries));
onSmartcardPinError(getResources().getQuantityString(R.plurals.security_token_error_pin, tries, tries));
return;
}
@@ -269,56 +267,56 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
// These errors should not occur in everyday use; if they are returned, it means we
// made a mistake sending data to the token, or the token is misbehaving.
case 0x6A80: {
onNfcError(getString(R.string.security_token_error_bad_data));
onSmartcardError(getString(R.string.security_token_error_bad_data));
break;
}
case 0x6883: {
onNfcError(getString(R.string.security_token_error_chaining_error));
onSmartcardError(getString(R.string.security_token_error_chaining_error));
break;
}
case 0x6B00: {
onNfcError(getString(R.string.security_token_error_header, "P1/P2"));
onSmartcardError(getString(R.string.security_token_error_header, "P1/P2"));
break;
}
case 0x6D00: {
onNfcError(getString(R.string.security_token_error_header, "INS"));
onSmartcardError(getString(R.string.security_token_error_header, "INS"));
break;
}
case 0x6E00: {
onNfcError(getString(R.string.security_token_error_header, "CLA"));
onSmartcardError(getString(R.string.security_token_error_header, "CLA"));
break;
}
// These error conditions are more likely to be experienced by an end user.
case 0x6285: {
onNfcError(getString(R.string.security_token_error_terminated));
onSmartcardError(getString(R.string.security_token_error_terminated));
break;
}
case 0x6700: {
onNfcPinError(getString(R.string.security_token_error_wrong_length));
onSmartcardPinError(getString(R.string.security_token_error_wrong_length));
break;
}
case 0x6982: {
onNfcError(getString(R.string.security_token_error_security_not_satisfied));
onSmartcardError(getString(R.string.security_token_error_security_not_satisfied));
break;
}
case 0x6983: {
onNfcError(getString(R.string.security_token_error_authentication_blocked));
onSmartcardError(getString(R.string.security_token_error_authentication_blocked));
break;
}
case 0x6985: {
onNfcError(getString(R.string.security_token_error_conditions_not_satisfied));
onSmartcardError(getString(R.string.security_token_error_conditions_not_satisfied));
break;
}
// 6A88 is "Not Found" in the spec, but Yubikey also returns 6A83 for this in some cases.
case 0x6A88:
case 0x6A83: {
onNfcError(getString(R.string.security_token_error_data_not_found));
onSmartcardError(getString(R.string.security_token_error_data_not_found));
break;
}
// 6F00 is a JavaCard proprietary status code, SW_UNKNOWN, and usually represents an
// unhandled exception on the security token.
case 0x6F00: {
onNfcError(getString(R.string.security_token_error_unknown));
onSmartcardError(getString(R.string.security_token_error_unknown));
break;
}
// 6A82 app not installed on security token!
@@ -331,12 +329,12 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
promptFidesmoAppInstall();
}
} else { // Other (possibly) compatible hardware
onNfcError(getString(R.string.security_token_error_pgp_app_not_installed));
onSmartcardError(getString(R.string.security_token_error_pgp_app_not_installed));
}
break;
}
default: {
onNfcError(getString(R.string.security_token_error, e.getMessage()));
onSmartcardError(getString(R.string.security_token_error, e.getMessage()));
break;
}
}
@@ -410,10 +408,10 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
mSmartcardDevice.setTransport(transport);
mSmartcardDevice.connectToDevice();
}
doNfcInBackground();
doSmartcardInBackground();
}
public boolean isNfcConnected() {
public boolean isSmartcardConnected() {
return mSmartcardDevice.isConnected();
}
@@ -491,6 +489,10 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
return mSmartcardDevice;
}
/**
* Run smartcard routines if last used token is connected and supports
* persistent connections
*/
protected void checkDeviceConnection() {
if (mSmartcardDevice.isConnected() && mSmartcardDevice.isPersistentConnectionAllowed()) {
this.smartcardDiscovered(mSmartcardDevice.getTransport());

6
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/CryptoOperationHelper.java
View File

@@ -130,9 +130,9 @@ public class CryptoOperationHelper<T extends Parcelable, S extends OperationResu
switch (requiredInput.mType) {
// always use CryptoOperationHelper.startActivityForResult!
case NFC_MOVE_KEY_TO_CARD:
case NFC_DECRYPT:
case NFC_SIGN: {
case SMARTCARD_MOVE_KEY_TO_CARD:
case SMARTCARD_DECRYPT:
case SMARTCARD_SIGN: {
Intent intent = new Intent(activity, SecurityTokenOperationActivity.class);
intent.putExtra(SecurityTokenOperationActivity.EXTRA_REQUIRED_INPUT, requiredInput);
intent.putExtra(SecurityTokenOperationActivity.EXTRA_CRYPTO_INPUT, cryptoInputParcel);

11
OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java
View File

@@ -45,7 +45,6 @@ import org.sufficientlysecure.keychain.WorkaroundBuildConfig;
import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult;
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.SecretKeyType;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
@@ -877,7 +876,7 @@ public class PgpKeyOperationTest {
long keyId = KeyringTestingHelper.getSubkeyId(ringSecurityToken, 1);
{ // moveKeyToSecurityToken should return a pending NFC_MOVE_KEY_TO_CARD result when presented with the RSA-2048
{ // moveKeyToSecurityToken should return a pending SMARTCARD_MOVE_KEY_TO_CARD result when presented with the RSA-2048
// key, and then make key divert-to-card when it gets a serial in the cryptoInputParcel.
parcelSecurityToken.reset();
parcelSecurityToken.mChangeSubKeys.add(new SubkeyChange(keyId, false, true));
@@ -887,8 +886,8 @@ public class PgpKeyOperationTest {
PgpKeyOperation op = new PgpKeyOperation(null);
PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, cryptoInput, parcelSecurityToken);
Assert.assertTrue("moveKeyToSecurityToken operation should be pending", result.isPending());
Assert.assertEquals("required input should be RequiredInputType.NFC_MOVE_KEY_TO_CARD",
result.getRequiredInputParcel().mType, RequiredInputType.NFC_MOVE_KEY_TO_CARD);
Assert.assertEquals("required input should be RequiredInputType.SMARTCARD_MOVE_KEY_TO_CARD",
result.getRequiredInputParcel().mType, RequiredInputType.SMARTCARD_MOVE_KEY_TO_CARD);
// Create a cryptoInputParcel that matches what the SecurityTokenOperationActivity would return.
byte[] keyIdBytes = new byte[8];
@@ -921,8 +920,8 @@ public class PgpKeyOperationTest {
PgpKeyOperation op = new PgpKeyOperation(null);
PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, cryptoInput, parcelSecurityToken);
Assert.assertTrue("moveKeyToSecurityToken operation should be pending", result.isPending());
Assert.assertEquals("required input should be RequiredInputType.NFC_SIGN",
RequiredInputType.NFC_SIGN, result.getRequiredInputParcel().mType);
Assert.assertEquals("required input should be RequiredInputType.SMARTCARD_SIGN",
RequiredInputType.SMARTCARD_SIGN, result.getRequiredInputParcel().mType);
}
}