Merge pull request #2206 from open-keychain/gnuk-version
More Gnuk improvements
This commit is contained in:
Dominik Schürmann
GitHub
@@ -17,27 +17,38 @@
|
||||
|
||||
package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import org.bouncycastle.util.encoders.Hex;
|
||||
import org.sufficientlysecure.keychain.Constants;
|
||||
import org.sufficientlysecure.keychain.securitytoken.usb.UsbTransportException;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
|
||||
import java.nio.ByteBuffer;
|
||||
import java.util.Arrays;
|
||||
|
||||
@SuppressWarnings("WeakerAccess")
|
||||
class CardCapabilities {
|
||||
private static final int MASK_CHAINING = 1 << 7;
|
||||
private static final int MASK_EXTENDED = 1 << 6;
|
||||
|
||||
private byte[] mCapabilityBytes;
|
||||
private static final int STATUS_INDICATOR_NO_INFORMATION = 0x00;
|
||||
private static final int STATUS_INDICATOR_INITIALISATION_STATE = 0x03;
|
||||
private static final int STATUS_INDICATOR_OPERATIONAL_STATE = 0x05;
|
||||
|
||||
private static final byte[] EXPECTED_PROCESSING_STATUS_BYTES = {(byte) 0x90, (byte) 0x00};
|
||||
|
||||
private byte[] historicalBytes;
|
||||
private byte[] capabilityBytes;
|
||||
|
||||
public CardCapabilities(byte[] historicalBytes) throws UsbTransportException {
|
||||
if ((historicalBytes == null) || (historicalBytes[0] != 0x00)) {
|
||||
throw new UsbTransportException("Invalid historical bytes category indicator byte");
|
||||
}
|
||||
|
||||
mCapabilityBytes = getCapabilitiesBytes(historicalBytes);
|
||||
this.historicalBytes = historicalBytes;
|
||||
capabilityBytes = getCapabilitiesBytes(historicalBytes);
|
||||
}
|
||||
|
||||
public CardCapabilities() {
|
||||
mCapabilityBytes = null;
|
||||
capabilityBytes = null;
|
||||
}
|
||||
|
||||
private static byte[] getCapabilitiesBytes(byte[] historicalBytes) {
|
||||
@@ -57,10 +68,34 @@ class CardCapabilities {
|
||||
}
|
||||
|
||||
public boolean hasChaining() {
|
||||
return mCapabilityBytes != null && (mCapabilityBytes[2] & MASK_CHAINING) != 0;
|
||||
return capabilityBytes != null && (capabilityBytes[2] & MASK_CHAINING) != 0;
|
||||
}
|
||||
|
||||
public boolean hasExtended() {
|
||||
return mCapabilityBytes != null && (mCapabilityBytes[2] & MASK_EXTENDED) != 0;
|
||||
return capabilityBytes != null && (capabilityBytes[2] & MASK_EXTENDED) != 0;
|
||||
}
|
||||
|
||||
public boolean hasLifeCycleManagement() throws UsbTransportException {
|
||||
byte[] lastBytes = Arrays.copyOfRange(historicalBytes, historicalBytes.length - 2, historicalBytes.length);
|
||||
boolean hasExpectedLastBytes = Arrays.equals(lastBytes, EXPECTED_PROCESSING_STATUS_BYTES);
|
||||
|
||||
// Yk neo simply ends with 0x0000
|
||||
if (!hasExpectedLastBytes) {
|
||||
return true;
|
||||
}
|
||||
|
||||
int statusIndicatorByte = historicalBytes[historicalBytes.length - 3];
|
||||
switch (statusIndicatorByte) {
|
||||
case STATUS_INDICATOR_NO_INFORMATION: {
|
||||
return false;
|
||||
}
|
||||
case STATUS_INDICATOR_INITIALISATION_STATE:
|
||||
case STATUS_INDICATOR_OPERATIONAL_STATE: {
|
||||
return true;
|
||||
}
|
||||
default: {
|
||||
throw new UsbTransportException("Status indicator byte not specified in OpenPGP specification");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -144,13 +144,13 @@ class OpenPgpCommandApduFactory {
|
||||
}
|
||||
|
||||
@NonNull
|
||||
CommandApdu createReactivate2Command() {
|
||||
return CommandApdu.create(CLA, INS_ACTIVATE_FILE, P1_EMPTY, P2_EMPTY);
|
||||
CommandApdu createReactivate1Command() {
|
||||
return CommandApdu.create(CLA, INS_TERMINATE_DF, P1_EMPTY, P2_EMPTY);
|
||||
}
|
||||
|
||||
@NonNull
|
||||
CommandApdu createReactivate1Command() {
|
||||
return CommandApdu.create(CLA, INS_TERMINATE_DF, P1_EMPTY, P2_EMPTY);
|
||||
CommandApdu createReactivate2Command() {
|
||||
return CommandApdu.create(CLA, INS_ACTIVATE_FILE, P1_EMPTY, P2_EMPTY);
|
||||
}
|
||||
|
||||
@NonNull
|
||||
|
||||
@@ -287,6 +287,8 @@ public class SecurityTokenConnection {
|
||||
CommandApdu changePin = commandFactory.createChangePw3Command(pin, newAdminPin);
|
||||
ResponseApdu response = communicate(changePin);
|
||||
|
||||
mPw3Validated = false;
|
||||
|
||||
if (!response.isSuccess()) {
|
||||
throw new CardException("Failed to change PIN", response.getSw());
|
||||
}
|
||||
@@ -516,7 +518,8 @@ public class SecurityTokenConnection {
|
||||
* 0xB8: Decipherment Key
|
||||
* 0xA4: Authentication Key
|
||||
*/
|
||||
private void putKey(KeyType slot, CanonicalizedSecretKey secretKey, Passphrase passphrase, Passphrase adminPin)
|
||||
@VisibleForTesting
|
||||
void putKey(KeyType slot, CanonicalizedSecretKey secretKey, Passphrase passphrase, Passphrase adminPin)
|
||||
throws IOException {
|
||||
RSAPrivateCrtKey crtSecretKey;
|
||||
ECPrivateKey ecSecretKey;
|
||||
@@ -990,11 +993,12 @@ public class SecurityTokenConnection {
|
||||
String userId = getUserId();
|
||||
String url = getUrl();
|
||||
byte[] pwInfo = getPwStatusBytes();
|
||||
boolean hasLifeCycleManagement = mCardCapabilities.hasLifeCycleManagement();
|
||||
|
||||
TransportType transportType = mTransport.getTransportType();
|
||||
|
||||
SecurityTokenInfo info = SecurityTokenInfo
|
||||
.create(transportType, tokenType, fingerprints, aid, userId, url, pwInfo[4], pwInfo[6]);
|
||||
.create(transportType, tokenType, fingerprints, aid, userId, url, pwInfo[4], pwInfo[6], hasLifeCycleManagement);
|
||||
|
||||
if (! info.isSecurityTokenSupported()) {
|
||||
throw new UnsupportedSecurityTokenException();
|
||||
|
||||
@@ -9,6 +9,7 @@ import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
import android.os.Parcelable;
|
||||
import android.support.annotation.NonNull;
|
||||
import android.support.annotation.Nullable;
|
||||
|
||||
import com.google.auto.value.AutoValue;
|
||||
@@ -34,6 +35,7 @@ public abstract class SecurityTokenInfo implements Parcelable {
|
||||
public abstract String getUrl();
|
||||
public abstract int getVerifyRetries();
|
||||
public abstract int getVerifyAdminRetries();
|
||||
public abstract boolean hasLifeCycleManagement();
|
||||
|
||||
public boolean isEmpty() {
|
||||
return getFingerprints().isEmpty();
|
||||
@@ -41,7 +43,8 @@ public abstract class SecurityTokenInfo implements Parcelable {
|
||||
|
||||
public static SecurityTokenInfo create(TransportType transportType, TokenType tokenType, byte[][] fingerprints,
|
||||
byte[] aid, String userId, String url,
|
||||
int verifyRetries, int verifyAdminRetries) {
|
||||
int verifyRetries, int verifyAdminRetries,
|
||||
boolean hasLifeCycleSupport) {
|
||||
ArrayList<byte[]> fingerprintList = new ArrayList<>(fingerprints.length);
|
||||
for (byte[] fingerprint : fingerprints) {
|
||||
if (!Arrays.equals(EMPTY_ARRAY, fingerprint)) {
|
||||
@@ -49,7 +52,7 @@ public abstract class SecurityTokenInfo implements Parcelable {
|
||||
}
|
||||
}
|
||||
return new AutoValue_SecurityTokenInfo(
|
||||
transportType, tokenType, fingerprintList, aid, userId, url, verifyRetries, verifyAdminRetries);
|
||||
transportType, tokenType, fingerprintList, aid, userId, url, verifyRetries, verifyAdminRetries, hasLifeCycleSupport);
|
||||
}
|
||||
|
||||
public static SecurityTokenInfo newInstanceDebugKeyserver() {
|
||||
@@ -58,7 +61,7 @@ public abstract class SecurityTokenInfo implements Parcelable {
|
||||
}
|
||||
return SecurityTokenInfo.create(TransportType.NFC, TokenType.UNKNOWN,
|
||||
new byte[][] { KeyFormattingUtils.convertFingerprintHexFingerprint("1efdb4845ca242ca6977fddb1f788094fd3b430a") },
|
||||
Hex.decode("010203040506"), "yubinu2@mugenguild.com", null, 3, 3);
|
||||
Hex.decode("010203040506"), "yubinu2@mugenguild.com", null, 3, 3, true);
|
||||
}
|
||||
|
||||
public static SecurityTokenInfo newInstanceDebugUri() {
|
||||
@@ -67,7 +70,7 @@ public abstract class SecurityTokenInfo implements Parcelable {
|
||||
}
|
||||
return SecurityTokenInfo.create(TransportType.NFC, TokenType.UNKNOWN,
|
||||
new byte[][] { KeyFormattingUtils.convertFingerprintHexFingerprint("4700BA1AC417ABEF3CC7765AD686905837779C3E") },
|
||||
Hex.decode("010203040506"), "yubinu2@mugenguild.com", "http://valodim.stratum0.net/mryubinu2.asc", 3, 3);
|
||||
Hex.decode("010203040506"), "yubinu2@mugenguild.com", "http://valodim.stratum0.net/mryubinu2.asc", 3, 3, true);
|
||||
}
|
||||
|
||||
public static SecurityTokenInfo newInstanceDebugLocked() {
|
||||
@@ -76,7 +79,7 @@ public abstract class SecurityTokenInfo implements Parcelable {
|
||||
}
|
||||
return SecurityTokenInfo.create(TransportType.NFC, TokenType.UNKNOWN,
|
||||
new byte[][] { KeyFormattingUtils.convertFingerprintHexFingerprint("4700BA1AC417ABEF3CC7765AD686905837779C3E") },
|
||||
Hex.decode("010203040506"), "yubinu2@mugenguild.com", "http://valodim.stratum0.net/mryubinu2.asc", 0, 3);
|
||||
Hex.decode("010203040506"), "yubinu2@mugenguild.com", "http://valodim.stratum0.net/mryubinu2.asc", 0, 3, true);
|
||||
}
|
||||
|
||||
public static SecurityTokenInfo newInstanceDebugLockedHard() {
|
||||
@@ -85,7 +88,7 @@ public abstract class SecurityTokenInfo implements Parcelable {
|
||||
}
|
||||
return SecurityTokenInfo.create(TransportType.NFC, TokenType.UNKNOWN,
|
||||
new byte[][] { KeyFormattingUtils.convertFingerprintHexFingerprint("4700BA1AC417ABEF3CC7765AD686905837779C3E") },
|
||||
Hex.decode("010203040506"), "yubinu2@mugenguild.com", "http://valodim.stratum0.net/mryubinu2.asc", 0, 0);
|
||||
Hex.decode("010203040506"), "yubinu2@mugenguild.com", "http://valodim.stratum0.net/mryubinu2.asc", 0, 0, true);
|
||||
}
|
||||
|
||||
public enum TransportType {
|
||||
@@ -94,7 +97,7 @@ public abstract class SecurityTokenInfo implements Parcelable {
|
||||
|
||||
public enum TokenType {
|
||||
YUBIKEY_NEO, YUBIKEY_4, FIDESMO, NITROKEY_PRO, NITROKEY_STORAGE, NITROKEY_START,
|
||||
GNUK_OLD, GNUK_UNKNOWN, GNUK_NEWER_1_25, LEDGER_NANO_S, UNKNOWN
|
||||
GNUK_OLD, GNUK_UNKNOWN, GNUK_1_25_AND_NEWER, LEDGER_NANO_S, UNKNOWN
|
||||
}
|
||||
|
||||
private static final HashSet<TokenType> SUPPORTED_USB_TOKENS = new HashSet<>(Arrays.asList(
|
||||
@@ -104,20 +107,14 @@ public abstract class SecurityTokenInfo implements Parcelable {
|
||||
TokenType.NITROKEY_STORAGE,
|
||||
TokenType.GNUK_OLD,
|
||||
TokenType.GNUK_UNKNOWN,
|
||||
TokenType.GNUK_NEWER_1_25
|
||||
TokenType.GNUK_1_25_AND_NEWER
|
||||
));
|
||||
|
||||
private static final HashSet<TokenType> SUPPORTED_USB_RESET = new HashSet<>(Arrays.asList(
|
||||
TokenType.YUBIKEY_NEO,
|
||||
TokenType.YUBIKEY_4,
|
||||
TokenType.NITROKEY_PRO,
|
||||
TokenType.GNUK_NEWER_1_25
|
||||
));
|
||||
|
||||
private static final HashSet<TokenType> SUPPORTED_USB_PUT_KEY = new HashSet<>(Arrays.asList(
|
||||
private static final HashSet<TokenType> SUPPORTED_USB_SETUP = new HashSet<>(Arrays.asList(
|
||||
TokenType.YUBIKEY_NEO,
|
||||
TokenType.YUBIKEY_4, // Not clear, will be tested: https://github.com/open-keychain/open-keychain/issues/2069
|
||||
TokenType.NITROKEY_PRO
|
||||
TokenType.NITROKEY_PRO,
|
||||
TokenType.GNUK_1_25_AND_NEWER
|
||||
));
|
||||
|
||||
public boolean isSecurityTokenSupported() {
|
||||
@@ -128,20 +125,21 @@ public abstract class SecurityTokenInfo implements Parcelable {
|
||||
}
|
||||
|
||||
public boolean isPutKeySupported() {
|
||||
boolean isKnownSupported = SUPPORTED_USB_PUT_KEY.contains(getTokenType());
|
||||
boolean isKnownSupported = SUPPORTED_USB_SETUP.contains(getTokenType());
|
||||
boolean isNfcTransport = getTransportType() == TransportType.NFC;
|
||||
|
||||
return isKnownSupported || isNfcTransport;
|
||||
}
|
||||
|
||||
public boolean isResetSupported() {
|
||||
boolean isKnownSupported = SUPPORTED_USB_RESET.contains(getTokenType());
|
||||
boolean isKnownSupported = SUPPORTED_USB_SETUP.contains(getTokenType());
|
||||
boolean isNfcTransport = getTransportType() == TransportType.NFC;
|
||||
boolean hasLifeCycleManagement = hasLifeCycleManagement();
|
||||
|
||||
return isKnownSupported || isNfcTransport;
|
||||
return (isKnownSupported || isNfcTransport) && hasLifeCycleManagement;
|
||||
}
|
||||
|
||||
public static String parseGnukVersionString(String serialNo) {
|
||||
public static Version parseGnukVersionString(String serialNo) {
|
||||
if (serialNo == null) {
|
||||
return null;
|
||||
}
|
||||
@@ -150,6 +148,40 @@ public abstract class SecurityTokenInfo implements Parcelable {
|
||||
if (!matcher.matches()) {
|
||||
return null;
|
||||
}
|
||||
return matcher.group(1);
|
||||
return Version.create(matcher.group(1));
|
||||
}
|
||||
|
||||
@AutoValue
|
||||
public static abstract class Version implements Comparable<Version> {
|
||||
|
||||
abstract String getVersion();
|
||||
|
||||
public static Version create(@NonNull String version) {
|
||||
if (!version.matches("[0-9]+(\\.[0-9]+)*")) {
|
||||
throw new IllegalArgumentException("Invalid version format");
|
||||
}
|
||||
return new AutoValue_SecurityTokenInfo_Version(version);
|
||||
}
|
||||
|
||||
@Override
|
||||
public int compareTo(@NonNull Version that) {
|
||||
String[] thisParts = this.getVersion().split("\\.");
|
||||
String[] thatParts = that.getVersion().split("\\.");
|
||||
int length = Math.max(thisParts.length, thatParts.length);
|
||||
for (int i = 0; i < length; i++) {
|
||||
int thisPart = i < thisParts.length ?
|
||||
Integer.parseInt(thisParts[i]) : 0;
|
||||
int thatPart = i < thatParts.length ?
|
||||
Integer.parseInt(thatParts[i]) : 0;
|
||||
if (thisPart < thatPart) {
|
||||
return -1;
|
||||
}
|
||||
if (thisPart > thatPart) {
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -219,9 +219,10 @@ public class UsbTransport implements Transport {
|
||||
}
|
||||
case VENDOR_FSIJ: {
|
||||
String serialNo = usbConnection.getSerial();
|
||||
String gnukVersion = SecurityTokenInfo.parseGnukVersionString(serialNo);
|
||||
boolean versionBigger125 = gnukVersion != null && "1.2.5".compareTo(gnukVersion) < 0;
|
||||
return versionBigger125 ? TokenType.GNUK_NEWER_1_25 : TokenType.GNUK_OLD;
|
||||
SecurityTokenInfo.Version gnukVersion = SecurityTokenInfo.parseGnukVersionString(serialNo);
|
||||
boolean versionGreaterEquals125 = gnukVersion != null
|
||||
&& SecurityTokenInfo.Version.create("1.2.5").compareTo(gnukVersion) <= 0;
|
||||
return versionGreaterEquals125 ? TokenType.GNUK_1_25_AND_NEWER : TokenType.GNUK_OLD;
|
||||
}
|
||||
case VENDOR_LEDGER: {
|
||||
return TokenType.LEDGER_NANO_S;
|
||||
|
||||
@@ -25,7 +25,6 @@ package org.sufficientlysecure.keychain.ui;
|
||||
import java.io.IOException;
|
||||
import java.nio.ByteBuffer;
|
||||
import java.util.Arrays;
|
||||
import java.util.Map;
|
||||
|
||||
import android.content.Intent;
|
||||
import android.os.AsyncTask;
|
||||
@@ -293,9 +292,11 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity {
|
||||
mInputParcel = mInputParcel.withCryptoData(subkeyBytes, tokenSerialNumber);
|
||||
}
|
||||
|
||||
// change PINs afterwards
|
||||
stConnection.resetPin(newPin, adminPin);
|
||||
// First set Admin PIN, then PIN.
|
||||
// Order is important for Gnuk, otherwise it will be set up in "admin less mode".
|
||||
// http://www.fsij.org/doc-gnuk/gnuk-passphrase-setting.html#set-up-pw1-pw3-and-reset-code
|
||||
stConnection.modifyPw3Pin(newAdminPin, adminPin);
|
||||
stConnection.resetPin(newPin, new Passphrase(new String(newAdminPin)));
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -2,22 +2,28 @@ package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.LinkedList;
|
||||
|
||||
import org.bouncycastle.util.encoders.Hex;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.InOrder;
|
||||
import org.mockito.internal.verification.VerificationModeFactory;
|
||||
import org.mockito.invocation.InvocationOnMock;
|
||||
import org.mockito.stubbing.Answer;
|
||||
import org.robolectric.RuntimeEnvironment;
|
||||
import org.robolectric.shadows.ShadowLog;
|
||||
import org.sufficientlysecure.keychain.KeychainTestRunner;
|
||||
import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
|
||||
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
|
||||
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
|
||||
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
|
||||
import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo.TokenType;
|
||||
import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo.TransportType;
|
||||
import org.sufficientlysecure.keychain.util.Passphrase;
|
||||
|
||||
import static org.mockito.Matchers.eq;
|
||||
import static org.mockito.Mockito.inOrder;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.mockito.Matchers.any;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
@@ -28,6 +34,9 @@ public class SecurityTokenConnectionTest {
|
||||
|
||||
private Transport transport;
|
||||
|
||||
LinkedList<CommandApdu> expectCommands;
|
||||
LinkedList<ResponseApdu> expectReplies;
|
||||
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
ShadowLog.stream = System.out;
|
||||
@@ -35,31 +44,46 @@ public class SecurityTokenConnectionTest {
|
||||
transport = mock(Transport.class);
|
||||
when(transport.getTransportType()).thenReturn(TransportType.USB);
|
||||
when(transport.getTokenTypeIfAvailable()).thenReturn(TokenType.YUBIKEY_NEO);
|
||||
|
||||
expectCommands = new LinkedList<>();
|
||||
expectReplies = new LinkedList<>();
|
||||
when(transport.transceive(any(CommandApdu.class))).thenAnswer(new Answer<ResponseApdu>() {
|
||||
@Override
|
||||
public ResponseApdu answer(InvocationOnMock invocation) throws Throwable {
|
||||
CommandApdu commandApdu = invocation.getArgumentAt(0, CommandApdu.class);
|
||||
System.out.println("<< " + commandApdu);
|
||||
System.out.println("<< " + Hex.toHexString(commandApdu.toBytes()));
|
||||
|
||||
CommandApdu expectedApdu = expectCommands.poll();
|
||||
assertEquals(expectedApdu, commandApdu);
|
||||
|
||||
ResponseApdu responseApdu = expectReplies.poll();
|
||||
System.out.println(">> " + responseApdu);
|
||||
System.out.println(">> " + Hex.toHexString(responseApdu.toBytes()));
|
||||
return responseApdu;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void test_connectToDevice() throws Exception {
|
||||
SecurityTokenConnection securityTokenConnection =
|
||||
new SecurityTokenConnection(transport, new Passphrase("123456"), new OpenPgpCommandApduFactory());
|
||||
String[] dialog = {
|
||||
"00a4040006d27600012401", // select openpgp applet
|
||||
"9000",
|
||||
"00ca006e00", // get application related data
|
||||
expect("00a4040006d27600012401", "9000"); // select openpgp applet
|
||||
expect("00ca006e00",
|
||||
"6e81de4f10d27600012401020000060364311500005f520f0073000080000000000000000000007381b7c00af" +
|
||||
"00000ff04c000ff00ffc106010800001103c206010800001103c306010800001103c407007f7f7f03030" +
|
||||
"3c53c4ec5fee25c4e89654d58cad8492510a89d3c3d8468da7b24e15bfc624c6a792794f15b7599915f7" +
|
||||
"03aab55ed25424d60b17026b7b06c6ad4b9be30a3c63c000000000000000000000000000000000000000" +
|
||||
"000000000000000000000000000000000000000000000000000000000000000000000000000000000cd0" +
|
||||
"c59cd0f2a59cd0af059cd0c959000"
|
||||
};
|
||||
expect(transport, dialog);
|
||||
"c59cd0f2a59cd0af059cd0c959000"); // get application related data
|
||||
|
||||
|
||||
securityTokenConnection.connectToDevice(RuntimeEnvironment.application);
|
||||
|
||||
|
||||
verify(transport).connect();
|
||||
verifyDialog(transport, dialog);
|
||||
verifyDialog();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -78,34 +102,105 @@ public class SecurityTokenConnectionTest {
|
||||
securityTokenConnection.setConnectionCapabilities(openPgpCapabilities);
|
||||
securityTokenConnection.determineTokenType();
|
||||
|
||||
String[] dialog = {
|
||||
"00ca006500",
|
||||
"65095b005f2d005f3501399000",
|
||||
"00ca5f5000",
|
||||
"9000",
|
||||
};
|
||||
expect(transport, dialog);
|
||||
expect("00ca006500", "65095b005f2d005f3501399000");
|
||||
expect("00ca5f5000", "9000");
|
||||
|
||||
|
||||
securityTokenConnection.getTokenInfo();
|
||||
|
||||
|
||||
verifyDialog(transport, dialog);
|
||||
verifyDialog();
|
||||
}
|
||||
|
||||
private void expect(Transport transport, String... dialog) throws IOException {
|
||||
for (int i = 0; i < dialog.length; i += 2) {
|
||||
CommandApdu command = CommandApdu.fromBytes(Hex.decode(dialog[i]));
|
||||
ResponseApdu response = ResponseApdu.fromBytes(Hex.decode(dialog[i + 1]));
|
||||
when(transport.transceive(eq(command))).thenReturn(response);
|
||||
}
|
||||
@Test
|
||||
public void testPutKey() throws Exception {
|
||||
/*
|
||||
Security.insertProviderAt(new BouncyCastleProvider(), 1);
|
||||
ShadowLog.stream = System.out;
|
||||
|
||||
SaveKeyringParcel.Builder builder = SaveKeyringParcel.buildNewKeyringParcel();
|
||||
builder.addSubkeyAdd(SubkeyAdd.createSubkeyAdd(
|
||||
Algorithm.RSA, 2048, null, KeyFlags.CERTIFY_OTHER | KeyFlags.SIGN_DATA, 0L));
|
||||
|
||||
builder.addUserId("gnuk");
|
||||
builder.setNewUnlock(ChangeUnlockParcel.createUnLockParcelForNewKey(new Passphrase()));
|
||||
|
||||
PgpKeyOperation op = new PgpKeyOperation(null);
|
||||
|
||||
PgpEditKeyResult result = op.createSecretKeyRing(builder.build());
|
||||
Assert.assertTrue("initial test key creation must succeed", result.success());
|
||||
Assert.assertNotNull("initial test key creation must succeed", result.getRing());
|
||||
*/
|
||||
|
||||
UncachedKeyRing staticRing = readRingFromResource("/test-keys/token-import-rsa.sec");
|
||||
|
||||
CanonicalizedSecretKeyRing canRing = (CanonicalizedSecretKeyRing) staticRing.canonicalize(new OperationLog(), 0);
|
||||
CanonicalizedSecretKey signKey = canRing.getSecretKey();
|
||||
signKey.unlock(null);
|
||||
|
||||
SecurityTokenConnection securityTokenConnection =
|
||||
new SecurityTokenConnection(transport, new Passphrase("123456"), new OpenPgpCommandApduFactory());
|
||||
OpenPgpCapabilities openPgpCapabilities = new OpenPgpCapabilities(
|
||||
Hex.decode(
|
||||
"6e81de4f10d27600012401020000060364311500005f520f0073000080000000000000000000007381b7c00af" +
|
||||
"00000ff04c000ff00ffc106010800001103c206010800001103c306010800001103c407007f7f7f03" +
|
||||
"0303c53c4ec5fee25c4e89654d58cad8492510a89d3c3d8468da7b24e15bfc624c6a792794f15b759" +
|
||||
"9915f703aab55ed25424d60b17026b7b06c6ad4b9be30a3c63c000000000000000000000000000000" +
|
||||
"000000000000000000000000000000000000000000000000000000000000000000000000000000000" +
|
||||
"000000000cd0c59cd0f2a59cd0af059cd0c95"
|
||||
));
|
||||
securityTokenConnection.setConnectionCapabilities(openPgpCapabilities);
|
||||
securityTokenConnection.determineTokenType();
|
||||
|
||||
expect("00200083083132333435363738", "9000");
|
||||
expect("10db3fffff4d8203a2b6007f48159103928180938180948180958180968180978201005f48820383010001be5e36a094" +
|
||||
"58313f9594f3f76a972989dfa1d4a416f7f461c8a4ccf9b9de8ee59447e44b4a4833a00c655ae5516214a72efa5c140" +
|
||||
"fd7d429d9b15805c77c881e6ad10711b4614d2183497a5a6d36ed221146301ce6ccf42581004c313d533d14c57abc32" +
|
||||
"886419665b67091d652aa6cb074da682135115657d90752fb9d2e69fffd7580adddf1d7822d9d40220401056674b933" +
|
||||
"efeb3bc51eafe2c5a5162ec2b466591b689d9af07004bb81a509c7601043a2da871f5989e4e338b901afb9ba8f2b8bc" +
|
||||
"18ac3300e750bda2a0886459363542bb5b59cab2ed93", "9000");
|
||||
expect("10db3fffff4388c486b602a3f6a63164afe55139ad9f4ed230421b4039b09f5c0b7c609ba9927f1f7c4db7c3895bbe8e" +
|
||||
"58787ddae295468d034a0c29964b80f3551d308722de7ac698e840eb68c81c75d140ac347e35d8167bd9ac175610f81" +
|
||||
"1f049061b72ebc491d89610fc6ba1344c8d03e2871181f0408f87779149a1b1835705b407baf28c30e94da82c8e15b8" +
|
||||
"45f2473deee6987f29a2d25232361818fd83283a09592345ac56d9a56408ef5b19065d6d5252aeff1469c85686c61c4" +
|
||||
"e62b541461320dbbb532d4a28e2d5a6da2c3e7c4d100204efd33b92a2ed85e2f2576eb6ee9a58415ea446ccad86dff4" +
|
||||
"97a45917080bbea1c0406647e1b16ba623b3f7913f14", "9000");
|
||||
expect("10db3fffff538db405cb9f108add09f9b3557b7d45b49c8d6cf7c69cb582ce3e3674b9a58b71ed49d2c7a2027955ba0a" +
|
||||
"be596a11add7bfb5d2a08bd6ed9cdf2e0fc5b8e4396ecc8c801715569d89912f2a4336b5f75a9a04ae8ca460c6266c7" +
|
||||
"830213f724c5957dc44054699fa1a9adc2c48472ede53a7b77ea3353ccf75394f1e65100eb49ccbdc603de36f2f11ce" +
|
||||
"ce6e36a2587d4338466917d28edf0e75a8706748ddf64af3d3b4f129f991be3ffb024c13038806fb6d32f0dc20adb28" +
|
||||
"8fc190985dc9d0a976e108dcecffdf94b97a0de2f94ff6c8996fa6aaeeb97cc9d466fa8f92e2dd179c24b46bd165a68" +
|
||||
"efbdce4e397e841e44ffa48991fa23abbd6ff4d0c387", "9000");
|
||||
expect("00db3fffa9a048a9ca323b4867c504d61af02048b4af787b0994fd71b9bc39dda6a4f3b610297c8b35affde21a53ec49" +
|
||||
"54c6b1da6403a7cb627555686acc779ca19fb14d7ec2ca3655571f36587e025bdc0ce053193a7c4be1db17e9ba5788e" +
|
||||
"db43f81f02ef07cc7c1d967e8435fba00e986ab30fa69746857fc082b5b797d5eea3c6fb1be4a1a12bba89d4ca8c204" +
|
||||
"e2702d93e9316b6176726121dd29c8a8b75ec19e1deb09e4cc3b95b054541d", "9000");
|
||||
|
||||
|
||||
securityTokenConnection.putKey(KeyType.SIGN, signKey, new Passphrase("123456"), new Passphrase("12345678"));
|
||||
|
||||
|
||||
verifyDialog();
|
||||
}
|
||||
|
||||
private void verifyDialog(Transport transport, String... dialog) throws IOException {
|
||||
InOrder inOrder = inOrder(transport);
|
||||
for (int i = 0; i < dialog.length; i += 2) {
|
||||
CommandApdu command = CommandApdu.fromBytes(Hex.decode(dialog[i]));
|
||||
inOrder.verify(transport).transceive(eq(command));
|
||||
}
|
||||
private void debugTransceive() throws IOException {
|
||||
}
|
||||
|
||||
private void expect(String commandApdu, String responseApdu) {
|
||||
expect(CommandApdu.fromBytes(Hex.decode(commandApdu)), ResponseApdu.fromBytes(Hex.decode(responseApdu)));
|
||||
}
|
||||
|
||||
private void expect(CommandApdu commandApdu, ResponseApdu responseApdu) {
|
||||
expectCommands.add(commandApdu);
|
||||
expectReplies.add(responseApdu);
|
||||
}
|
||||
|
||||
private void verifyDialog() {
|
||||
assertTrue(expectCommands.isEmpty());
|
||||
assertTrue(expectReplies.isEmpty());
|
||||
}
|
||||
|
||||
UncachedKeyRing readRingFromResource(String name) throws Exception {
|
||||
return UncachedKeyRing.fromStream(SecurityTokenConnectionTest.class.getResourceAsStream(name)).next();
|
||||
}
|
||||
}
|
||||
@@ -167,16 +167,31 @@ public class SecurityTokenUtilsTest extends Mockito {
|
||||
capabilities = new CardCapabilities(Hex.decode("007300008000000000000000000000"));
|
||||
Assert.assertEquals(capabilities.hasChaining(), true);
|
||||
Assert.assertEquals(capabilities.hasExtended(), false);
|
||||
Assert.assertEquals(capabilities.hasLifeCycleManagement(), true);
|
||||
|
||||
// Yk 4
|
||||
capabilities = new CardCapabilities(Hex.decode("0073000080059000"));
|
||||
Assert.assertEquals(capabilities.hasChaining(), true);
|
||||
Assert.assertEquals(capabilities.hasExtended(), false);
|
||||
Assert.assertEquals(capabilities.hasLifeCycleManagement(), true);
|
||||
|
||||
// Nitrokey pro
|
||||
capabilities = new CardCapabilities(Hex.decode("0031c573c00140059000"));
|
||||
Assert.assertEquals(capabilities.hasChaining(), false);
|
||||
Assert.assertEquals(capabilities.hasExtended(), true);
|
||||
Assert.assertEquals(capabilities.hasLifeCycleManagement(), true);
|
||||
|
||||
// GNUK without Life Cycle Management
|
||||
capabilities = new CardCapabilities(Hex.decode("00318473800180009000"));
|
||||
Assert.assertEquals(capabilities.hasChaining(), true);
|
||||
Assert.assertEquals(capabilities.hasExtended(), false);
|
||||
Assert.assertEquals(capabilities.hasLifeCycleManagement(), false);
|
||||
|
||||
// GNUK with Life Cycle Management: ./configure --enable-factory-reset
|
||||
capabilities = new CardCapabilities(Hex.decode("00318473800180059000"));
|
||||
Assert.assertEquals(capabilities.hasChaining(), true);
|
||||
Assert.assertEquals(capabilities.hasExtended(), false);
|
||||
Assert.assertEquals(capabilities.hasLifeCycleManagement(), true);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
BIN
OpenKeychain/src/test/resources/test-keys/token-import-rsa.sec
Normal file
BIN
OpenKeychain/src/test/resources/test-keys/token-import-rsa.sec
Normal file
Binary file not shown.
Reference in New Issue
Block a user