Disable reset for Gnuk token version < 1.2.5

2017-10-31 15:39:14 +01:00
parent a51d0555e1
commit aef66e97ea
6 changed files with 59 additions and 4 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenInfo.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenInfo.java
@@ -5,6 +5,8 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;

 import android.os.Parcelable;
 import android.support.annotation.Nullable;
@@ -18,6 +20,7 @@ import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
@AutoValue
 public abstract class SecurityTokenInfo implements Parcelable {
    private static final byte[] EMPTY_ARRAY = new byte[20];
+    private static final Pattern GNUK_VERSION_PATTERN = Pattern.compile("FSIJ-(\\d\\.\\d\\.\\d)-.+");

    public abstract TransportType getTransportType();
    public abstract TokenType getTokenType();
@@ -90,7 +93,8 @@ public abstract class SecurityTokenInfo implements Parcelable {
    }

    public enum TokenType {
-        YUBIKEY_NEO, YUBIKEY_4, FIDESMO, NITROKEY_PRO, NITROKEY_STORAGE, NITROKEY_START, GNUK, LEDGER_NANO_S, UNKNOWN
+        YUBIKEY_NEO, YUBIKEY_4, FIDESMO, NITROKEY_PRO, NITROKEY_STORAGE, NITROKEY_START,
+        GNUK_OLD, GNUK_UNKNOWN, GNUK_NEWER_1_25, LEDGER_NANO_S, UNKNOWN
    }

    private static final HashSet<TokenType> SUPPORTED_USB_TOKENS = new HashSet<>(Arrays.asList(
@@ -98,7 +102,15 @@ public abstract class SecurityTokenInfo implements Parcelable {
            TokenType.YUBIKEY_4,
            TokenType.NITROKEY_PRO,
            TokenType.NITROKEY_STORAGE,
-            TokenType.GNUK
+            TokenType.GNUK_OLD,
+            TokenType.GNUK_UNKNOWN,
+            TokenType.GNUK_NEWER_1_25
+    ));
+
+    private static final HashSet<TokenType> SUPPORTED_USB_RESET = new HashSet<>(Arrays.asList(
+            TokenType.YUBIKEY_NEO,
+            TokenType.YUBIKEY_4,
+            TokenType.GNUK_NEWER_1_25
    ));

    private static final HashSet<TokenType> SUPPORTED_USB_PUT_KEY = new HashSet<>(Arrays.asList(
@@ -120,4 +132,22 @@ public abstract class SecurityTokenInfo implements Parcelable {
        return isKnownSupported || isNfcTransport;
    }

+    public boolean isResetSupported() {
+        boolean isKnownSupported = SUPPORTED_USB_RESET.contains(getTokenType());
+        boolean isNfcTransport = getTransportType() == TransportType.NFC;
+
+        return isKnownSupported || isNfcTransport;
+    }
+
+    public static String parseGnukVersionString(String serialNo) {
+        if (serialNo == null) {
+            return null;
+        }
+
+        Matcher matcher = GNUK_VERSION_PATTERN.matcher(serialNo);
+        if (!matcher.matches()) {
+            return null;
+        }
+        return matcher.group(1);
+    }
 }
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/usb/UsbTransport.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/usb/UsbTransport.java
@@ -34,6 +34,7 @@ import org.bouncycastle.util.encoders.Hex;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.securitytoken.CommandApdu;
 import org.sufficientlysecure.keychain.securitytoken.ResponseApdu;
+import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo;
 import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo.TokenType;
 import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo.TransportType;
 import org.sufficientlysecure.keychain.securitytoken.Transport;
@@ -217,7 +218,10 @@ public class UsbTransport implements Transport {
                break;
            }
            case VENDOR_FSIJ: {
-                return TokenType.GNUK;
+                String serialNo = usbConnection.getSerial();
+                String gnukVersion = SecurityTokenInfo.parseGnukVersionString(serialNo);
+                boolean versionBigger125 = gnukVersion != null && "1.2.5".compareTo(gnukVersion) < 0;
+                return versionBigger125 ? TokenType.GNUK_NEWER_1_25 : TokenType.GNUK_OLD;
            }
            case VENDOR_LEDGER: {
                return TokenType.LEDGER_NANO_S;
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenContract.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenContract.java
@@ -98,6 +98,7 @@ class ManageSecurityTokenContract {

        void requestStoragePermission();

+        void showErrorCannotReset(boolean isGnuk);
        void showErrorCannotUnlock();
    }
 }
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenFragment.java
@@ -352,6 +352,15 @@ public class ManageSecurityTokenFragment extends Fragment implements ManageSecur
        Notify.create(getActivity(), R.string.token_error_locked_indefinitely, Style.ERROR).show();
    }

+    @Override
+    public void showErrorCannotReset(boolean isGnuk) {
+        if (isGnuk) {
+            Notify.create(getActivity(), R.string.token_error_cannot_reset_gnuk_old, Style.ERROR).show();
+        } else {
+            Notify.create(getActivity(), R.string.token_error_cannot_reset, Style.ERROR).show();
+        }
+    }
+
    @Override
    public void showDisplayLogActivity(OperationResult result) {
        Intent intent = new Intent(getActivity(), LogDisplayActivity.class);
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenPresenter.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenPresenter.java
@@ -30,6 +30,7 @@ import org.sufficientlysecure.keychain.operations.results.GenericOperationResult
 import org.sufficientlysecure.keychain.operations.results.OperationResult;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
 import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo;
+import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo.TokenType;
 import org.sufficientlysecure.keychain.ui.token.ManageSecurityTokenContract.ManageSecurityTokenMvpPresenter;
 import org.sufficientlysecure.keychain.ui.token.ManageSecurityTokenContract.ManageSecurityTokenMvpView;
 import org.sufficientlysecure.keychain.ui.token.ManageSecurityTokenFragment.StatusLine;
@@ -362,6 +363,14 @@ class ManageSecurityTokenPresenter implements ManageSecurityTokenMvpPresenter {

    @Override
    public void onClickResetToken() {
+        if (!tokenInfo.isResetSupported()) {
+            TokenType tokenType = tokenInfo.getTokenType();
+            boolean isGnuk = tokenType == TokenType.GNUK_OLD || tokenType == TokenType.GNUK_UNKNOWN;
+
+            view.showErrorCannotReset(isGnuk);
+            return;
+        }
+
        view.showConfirmResetDialog();
    }

--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -1910,7 +1910,9 @@
        <item quantity="one">"1 attempt left"</item>
        <item quantity="other">"%d attempts left"</item>
    </plurals>
-    <string name="token_error_locked_indefinitely">Too many reset attempts. Token is locked irrecoverably!</string>
+    <string name="token_error_locked_indefinitely">Too many reset attempts. Token cannot be unlocked!</string>
+    <string name="token_error_cannot_reset_gnuk_old">"The Gnuk Token does not support reset until version 1.2.5"</string>
+    <string name="token_error_cannot_reset">"This Security Token does not support reset"</string>

    <string name="token_menu_change_pin">Change PIN</string>
    <string name="token_menu_view_log">View Log</string>