cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,603 Commits 1 Branch 0 Tags
c00eb7b7f32b467d25b17897d63f8eb29a566cc1
Commit Graph

3514 Commits

Author SHA1 Message Date
Vincent Breitmoser
c00eb7b7f3 Further refactor SecurityTokenConnection 2018-01-12 17:00:32 +01:00
Vincent Breitmoser
626c08bbbe extract ModifyPinUseCase 2018-01-12 16:53:18 +01:00
Vincent Breitmoser
47319d22b9 extract GenerateKeyUseCase 2018-01-12 16:00:52 +01:00
Vincent Breitmoser
4cbdad7cb8 extract ResetAndWipeUseCase 2018-01-12 15:55:47 +01:00
Vincent Breitmoser
bb2b37cff6 SecurityTokenConnection code style 2018-01-12 15:55:47 +01:00
Vincent Breitmoser
139735f0e1 refactor decryptSessionKey 2018-01-12 15:55:46 +01:00
Vincent Breitmoser
1ed2cae2b0 Extract OpenPGP card operation logic from SecurityTokenConnection class 2018-01-12 15:55:29 +01:00
Vincent Breitmoser
04037ed0b4 Minor cleanup and better logging in SecurityTokenConnection 2018-01-10 17:48:58 +01:00
Vincent Breitmoser
9031173b8a fix misleading variable name 2018-01-10 17:48:58 +01:00
Dominik Schürmann
3cc43e9f69 Adapt copyright headers according to CLA 2017-12-15 16:03:36 +01:00
Dominik Schürmann
4514e1b074 Remove experimental word confirm 2017-12-15 15:25:45 +01:00
Hans-Christoph Steiner
29127a0adc change my contributions to Apache-2.0 license 
@Valodim and @dschuermann asked me to do so, and I said yes.

#1683
 2017-12-13 11:44:00 +01:00
Dominik Schürmann
00e933b8d3 Merge pull request #2233 from open-keychain/licenses 
Include license texts in-app
 2017-12-07 12:30:25 +01:00
Dominik Schürmann
6f9d4eae01 Include license texts in-app 2017-12-04 20:26:07 +01:00
Dominik Schürmann
fd18e0215d Refactor certificate pinning for OkHttp 3.9 2017-12-04 17:58:35 +01:00
Vincent Breitmoser
ecf9249247 don't create OpenKeychain dir on startup 2017-11-29 15:05:45 +01:00
Vincent Breitmoser
86e41f8996 fix delete method in TemporaryFileProvider 2017-11-29 14:44:04 +01:00
Vincent Breitmoser
62528fc941 fix NPE in KeyLoader 2017-11-29 14:23:37 +01:00
Vincent Breitmoser
daa84ae085 Merge pull request #2224 from hagau/ssh_encode_signature 
Encode signature to SSH compatible format in SshAuthenticationService
 2017-11-28 16:47:53 +01:00
Dominik Schürmann
537de5fdcb Merge pull request #2228 from open-keychain/fix-notify 
Do not re-enable contacts sync if first time wizard is not finished
 2017-11-28 16:20:39 +01:00
Dominik Schürmann
91ad0203f2 Do not re-enable contacts sync if first time wizard is not finished 2017-11-28 16:15:08 +01:00
Vincent Breitmoser
028a7c7a3a add handling for UnsupportedUsbToken exception 2017-11-28 15:10:04 +01:00
Vincent Breitmoser
9487806c08 respect experimental setting for untested usb devices 2017-11-28 15:10:04 +01:00
Vincent Breitmoser
0d099116d5 add experimental setting to allow untested usb devices 2017-11-28 15:08:13 +01:00
Vincent Breitmoser
71d2d66ee2 Use different approach for whitelisting usb security tokens 2017-11-28 15:08:12 +01:00
Christian Hagau
de695fa2b0 Improve error handling for curve OID to SSH curve identifier translation 2017-11-28 03:58:14 +00:00
Christian Hagau
6e5f5405a2 Return encoded signature blob instead of a raw signature in 
SshAuthenticationService
 2017-11-28 03:58:07 +00:00
Christian Hagau
2dba6e3cb0 Return the raw signature instead of a PGPSignature in 
AuthenticationSignatureGenerator
 2017-11-23 12:12:50 +00:00
Christian Hagau
f70b10d548 Use a custom EdDsaAuthenticationContentSignerBuilder for signing with 
EdDSA, since EdDSA expects the raw data instead of a hash
 2017-11-22 18:03:04 +00:00
Christian Hagau
2e3649100c Rename PGPAuthenticationSignatureGenerator to 
AuthenticationSignatureGenerator & reformat
 2017-11-22 18:03:04 +00:00
Vincent Breitmoser
1f7c7f49d4 remove check for unsupported usb devices 2017-11-22 16:19:26 +01:00
Vincent Breitmoser
8c2c131be6 refresh connection capabilities after token reset 2017-11-22 15:11:54 +01:00
Vincent Breitmoser
21d533902e handle unavailable pins better for SecurityTokenConnection 2017-11-22 14:57:36 +01:00
Christian Hagau
12fdb111c9 Fix error handling in case of an unsupported algorithm parameter in 
SshAuthenticationService
 2017-11-12 15:01:51 +00:00
Dominik Schürmann
9c1915423a Support Nitrokey Start and Storage 2017-11-06 14:11:32 +01:00
Dominik Schürmann
106dbdf4a9 Simplify SecurityTokenInfo.Version using AutoValue 2017-11-05 23:13:18 +01:00
Dominik Schürmann
221eb194d9 Merge SUPPORTED_PUT_KEY and SUPPORTED_RESET 2017-11-05 22:59:11 +01:00
Dominik Schürmann
da186ca49f Reset PW3 validation directly in modifyPw3Pin 2017-11-05 19:10:59 +01:00
Dominik Schürmann
2cf3e27e51 First set Admin PIN, then PIN to prevent Gnuk from going into 'admin less mode' 2017-11-03 14:06:26 +01:00
Vincent Breitmoser
3a818e8cde improve security token connection unit tests 2017-11-02 19:25:08 +01:00
Dominik Schürmann
b56a420aed Enable Gnuk 1.2.5 for put key 2017-11-02 19:21:37 +01:00
Dominik Schürmann
8acf62a0e8 Use check for life cycle management to determine if token supports reset 2017-11-02 19:13:44 +01:00
Dominik Schürmann
90310b7036 Read life cycle management from historical bytes 2017-11-02 18:54:41 +01:00
Dominik Schürmann
bfce1cb4a9 Fix GNUK version comparison. 1.2.5 already supports reset, use class to make 1.2.10 bigger as 1.2.9 2017-11-02 14:19:38 +01:00
Christian Hagau
2619cb1db3 Add sshauthentication-api v1 support 2017-11-01 14:28:17 +00:00
Vincent Breitmoser
a42391f7e9 add Nitrokey Pro to whitelist for reset and key import after testing 2017-10-31 16:07:07 +01:00
Vincent Breitmoser
aef66e97ea Disable reset for Gnuk token version < 1.2.5 2017-10-31 15:40:14 +01:00
Vincent Breitmoser
a51d0555e1 Retain RSA public exponent length when setting key attributes in putKey operation 
Similar to the previous commit, openpgp applet implementations differ in
regards to the public exponent length. As of this writing:
- The SmartPGP applet requires an 11 bit public exponent size
- The Gnuk token requires a 32 bit public exponent size

For this reason, we simply set the public exponent size to the one
previously set in the key attribute info. With this commit, the only
variable that can actually change for an RSA key is its modulus size.
 2017-10-30 22:57:13 +01:00
Vincent Breitmoser
778fb8e94a Retain RSA key format when setting key attributes in putKey operation 
For the put secret key operation, openpgp applet implementations differ
in their handling of attributes:

- there are four formats for sending key data: standard, standard with
  modulus, with crt, and with crt and modulus.
- the key attributes (modulus length, public exponent length, key
  format) can not be changed on all cards. changing them is only
  necessary for cards that support different key lengths (that is,
  RSA 4096)
- on the cards where they *can* be changed, not all parameters might be
  changeable. in particular, modulus length may be changeable but not
  key format.

Because of this constellation, the put key operation now only sets the
modulus of the key, while retaining the key format. At the time of
writing, the Gnuk and Nitrokey use the standard format, while the
Yubikey and other applets use crt+modulus.

This fixes loading keys into the Nitrokey Pro, and partially for the
Gnuk token.
 2017-10-30 21:45:38 +01:00
Vincent Breitmoser
5f622339b1 Output usb data to debug log 2017-10-30 17:01:49 +01:00