cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,888 Commits 1 Branch 0 Tags
cdb95ee844e2fe2f4b15ccdd9eeace760cf46b8e
Commit Graph

4584 Commits

Author SHA1 Message Date
Vincent Breitmoser
0d099116d5 add experimental setting to allow untested usb devices 2017-11-28 15:08:13 +01:00
Vincent Breitmoser
71d2d66ee2 Use different approach for whitelisting usb security tokens 2017-11-28 15:08:12 +01:00
Christian Hagau
8afc43d192 Add tests for SshSignatureConverter 2017-11-28 03:58:14 +00:00
Christian Hagau
de695fa2b0 Improve error handling for curve OID to SSH curve identifier translation 2017-11-28 03:58:14 +00:00
Christian Hagau
6e5f5405a2 Return encoded signature blob instead of a raw signature in 
SshAuthenticationService
 2017-11-28 03:58:07 +00:00
Christian Hagau
8d3b5c196d Fix and clean up SshPublicKeyTest 2017-11-23 12:13:18 +00:00
Christian Hagau
028d869168 Add tests for RSA, EdDSA & DSA keys in AuthenticationOperation 2017-11-23 12:13:18 +00:00
Christian Hagau
2dba6e3cb0 Return the raw signature instead of a PGPSignature in 
AuthenticationSignatureGenerator
 2017-11-23 12:12:50 +00:00
Christian Hagau
f70b10d548 Use a custom EdDsaAuthenticationContentSignerBuilder for signing with 
EdDSA, since EdDSA expects the raw data instead of a hash
 2017-11-22 18:03:04 +00:00
Christian Hagau
2e3649100c Rename PGPAuthenticationSignatureGenerator to 
AuthenticationSignatureGenerator & reformat
 2017-11-22 18:03:04 +00:00
Vincent Breitmoser
1f7c7f49d4 remove check for unsupported usb devices 2017-11-22 16:19:26 +01:00
Vincent Breitmoser
8c2c131be6 refresh connection capabilities after token reset 2017-11-22 15:11:54 +01:00
Vincent Breitmoser
21d533902e handle unavailable pins better for SecurityTokenConnection 2017-11-22 14:57:36 +01:00
Vincent Breitmoser
bf173b1e65 use deterministic passphrase in PgpKeyOperationTest 2017-11-22 14:19:38 +01:00
Vincent Breitmoser
57609636a6 add note about where usb whitelisting happens 2017-11-19 17:01:29 +01:00
Dominik Schürmann
5474065d27 Merge pull request #2218 from hagau/fix_error_handling_algo 
Fix error handling in case of an unsupported algorithm parameter in
 2017-11-17 13:58:13 +01:00
Dominik Schürmann
7a943c65d3 Update bitcoin address 2017-11-16 11:42:07 +01:00
Christian Hagau
12fdb111c9 Fix error handling in case of an unsupported algorithm parameter in 
SshAuthenticationService
 2017-11-12 15:01:51 +00:00
Dominik Schürmann
9c1915423a Support Nitrokey Start and Storage 2017-11-06 14:11:32 +01:00
Dominik Schürmann
106dbdf4a9 Simplify SecurityTokenInfo.Version using AutoValue 2017-11-05 23:13:18 +01:00
Dominik Schürmann
221eb194d9 Merge SUPPORTED_PUT_KEY and SUPPORTED_RESET 2017-11-05 22:59:11 +01:00
Dominik Schürmann
da186ca49f Reset PW3 validation directly in modifyPw3Pin 2017-11-05 19:10:59 +01:00
Dominik Schürmann
2cf3e27e51 First set Admin PIN, then PIN to prevent Gnuk from going into 'admin less mode' 2017-11-03 14:06:26 +01:00
Vincent Breitmoser
3a818e8cde improve security token connection unit tests 2017-11-02 19:25:08 +01:00
Dominik Schürmann
b56a420aed Enable Gnuk 1.2.5 for put key 2017-11-02 19:21:37 +01:00
Dominik Schürmann
8acf62a0e8 Use check for life cycle management to determine if token supports reset 2017-11-02 19:13:44 +01:00
Dominik Schürmann
90310b7036 Read life cycle management from historical bytes 2017-11-02 18:54:41 +01:00
Dominik Schürmann
bfce1cb4a9 Fix GNUK version comparison. 1.2.5 already supports reset, use class to make 1.2.10 bigger as 1.2.9 2017-11-02 14:19:38 +01:00
Christian Hagau
2619cb1db3 Add sshauthentication-api v1 support 2017-11-01 14:28:17 +00:00
Dominik Schürmann
83ab483fc7 Merge pull request #2201 from open-keychain/gnuk-new 
Gnuk
 2017-11-01 14:45:29 +01:00
Vincent Breitmoser
a42391f7e9 add Nitrokey Pro to whitelist for reset and key import after testing 2017-10-31 16:07:07 +01:00
Vincent Breitmoser
aef66e97ea Disable reset for Gnuk token version < 1.2.5 2017-10-31 15:40:14 +01:00
Vincent Breitmoser
a51d0555e1 Retain RSA public exponent length when setting key attributes in putKey operation 
Similar to the previous commit, openpgp applet implementations differ in
regards to the public exponent length. As of this writing:
- The SmartPGP applet requires an 11 bit public exponent size
- The Gnuk token requires a 32 bit public exponent size

For this reason, we simply set the public exponent size to the one
previously set in the key attribute info. With this commit, the only
variable that can actually change for an RSA key is its modulus size.
 2017-10-30 22:57:13 +01:00
Vincent Breitmoser
778fb8e94a Retain RSA key format when setting key attributes in putKey operation 
For the put secret key operation, openpgp applet implementations differ
in their handling of attributes:

- there are four formats for sending key data: standard, standard with
  modulus, with crt, and with crt and modulus.
- the key attributes (modulus length, public exponent length, key
  format) can not be changed on all cards. changing them is only
  necessary for cards that support different key lengths (that is,
  RSA 4096)
- on the cards where they *can* be changed, not all parameters might be
  changeable. in particular, modulus length may be changeable but not
  key format.

Because of this constellation, the put key operation now only sets the
modulus of the key, while retaining the key format. At the time of
writing, the Gnuk and Nitrokey use the standard format, while the
Yubikey and other applets use crt+modulus.

This fixes loading keys into the Nitrokey Pro, and partially for the
Gnuk token.
 2017-10-30 21:45:38 +01:00
Vincent Breitmoser
5f622339b1 Output usb data to debug log 2017-10-30 17:01:49 +01:00
Dominik Schürmann
9bb152e990 singing -> signing 2017-10-30 15:07:18 +01:00
Vincent Breitmoser
83b6c0e2f0 use correct max packet size in CcidReceiver 2017-10-29 02:42:26 +02:00
Vincent Breitmoser
0021c1f15f add tests for CcidTransceiver 2017-10-29 02:42:26 +02:00
Vincent Breitmoser
8b07428ec0 document T1TpduProtocol slighly better 2017-10-28 23:32:07 +02:00
Vincent Breitmoser
19dc0db89b add gnuk to supported tokens 2017-10-28 23:32:03 +02:00
Nikita Mikhailov
06b5a878c5 SecurityToken: more robust voltage selection 2017-10-28 23:31:57 +02:00
Vincent Breitmoser
83ec3e7bf1 change "generic" to "communication" 2017-10-28 13:32:06 +02:00
Dominik Schürmann
b3a8069f6a strings: Generic -> Unknown 2017-10-28 12:44:04 +02:00
Vincent Breitmoser
95034e36b1 fix unit test 2017-10-26 17:44:13 +02:00
Vincent Breitmoser
b6236bde59 determine token type during connect 2017-10-26 17:20:13 +02:00
Vincent Breitmoser
8649332bdc don't distinguish unknown tokens by transport 2017-10-26 17:20:13 +02:00
Dominik Schürmann
ed4e21957c Better error handling for generic IOException 2017-10-26 17:20:13 +02:00
Dominik Schürmann
0920d97572 Check for security token support 2017-10-26 17:20:13 +02:00
Dominik Schürmann
e7705eaca8 Use constants for vendor and product IDs 2017-10-26 17:20:12 +02:00
Vincent Breitmoser
14b74b7590 add token transport and type to SecurityTokenInfo 2017-10-26 17:19:22 +02:00