Add reset support for Secalot.

2018-10-29 23:48:03 +01:00 · 2018-10-29 23:48:03 +01:00 · 01b2f6e95b
parent 29b59b7404
commit 01b2f6e95b
3 changed files with 22 additions and 8 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/CardCapabilities.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/CardCapabilities.java
@ -18,7 +18,7 @@
 package org.sufficientlysecure.keychain.securitytoken;

 import org.sufficientlysecure.keychain.securitytoken.usb.UsbTransportException;
-
+import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo.TokenType;
 import java.nio.ByteBuffer;
 import java.util.Arrays;

@ -36,12 +36,15 @@ class CardCapabilities {
    private byte[] historicalBytes;
    private byte[] capabilityBytes;

-    public CardCapabilities(byte[] historicalBytes) throws UsbTransportException {
+    private TokenType tokenType;
+
+    public CardCapabilities(byte[] historicalBytes, TokenType tokenType) throws UsbTransportException {
        if ((historicalBytes == null) || (historicalBytes[0] != 0x00)) {
            throw new UsbTransportException("Invalid historical bytes category indicator byte");
        }
        this.historicalBytes = historicalBytes;
        capabilityBytes = getCapabilitiesBytes(historicalBytes);
+        this.tokenType = tokenType;
    }

    public CardCapabilities() {
@ -81,6 +84,10 @@ class CardCapabilities {
            return true;
        }

+        if (tokenType == TokenType.SECALOT) {
+            return true;
+        }
+
        int statusIndicatorByte = historicalBytes[historicalBytes.length - 3];
        switch (statusIndicatorByte) {
            case STATUS_INDICATOR_NO_INFORMATION: {
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java
@ -167,7 +167,7 @@ public class SecurityTokenConnection {
    @VisibleForTesting
    void setConnectionCapabilities(OpenPgpCapabilities openPgpCapabilities) throws IOException {
        this.openPgpCapabilities = openPgpCapabilities;
-        this.cardCapabilities = new CardCapabilities(openPgpCapabilities.getHistoricalBytes());
+        this.cardCapabilities = new CardCapabilities(openPgpCapabilities.getHistoricalBytes(), tokenType);
    }

    // endregion
--- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenUtilsTest.java
+++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenUtilsTest.java
@ -28,6 +28,7 @@ import org.mockito.Mockito;
 import org.robolectric.shadows.ShadowLog;
 import org.sufficientlysecure.keychain.KeychainTestRunner;
 import org.sufficientlysecure.keychain.securitytoken.usb.UsbTransportException;
+import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo.TokenType;

 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@ -164,34 +165,40 @@ public class SecurityTokenUtilsTest extends Mockito {
        CardCapabilities capabilities;

        // Yk neo
-        capabilities = new CardCapabilities(Hex.decode("007300008000000000000000000000"));
+        capabilities = new CardCapabilities(Hex.decode("007300008000000000000000000000"), TokenType.YUBIKEY_NEO);
        Assert.assertEquals(capabilities.hasChaining(), true);
        Assert.assertEquals(capabilities.hasExtended(), false);
        Assert.assertEquals(capabilities.hasLifeCycleManagement(), true);

        // Yk 4
-        capabilities = new CardCapabilities(Hex.decode("0073000080059000"));
+        capabilities = new CardCapabilities(Hex.decode("0073000080059000"), TokenType.YUBIKEY_4);
        Assert.assertEquals(capabilities.hasChaining(), true);
        Assert.assertEquals(capabilities.hasExtended(), false);
        Assert.assertEquals(capabilities.hasLifeCycleManagement(), true);

        // Nitrokey pro
-        capabilities = new CardCapabilities(Hex.decode("0031c573c00140059000"));
+        capabilities = new CardCapabilities(Hex.decode("0031c573c00140059000"), TokenType.NITROKEY_PRO);
        Assert.assertEquals(capabilities.hasChaining(), false);
        Assert.assertEquals(capabilities.hasExtended(), true);
        Assert.assertEquals(capabilities.hasLifeCycleManagement(), true);

        // GNUK without Life Cycle Management
-        capabilities = new CardCapabilities(Hex.decode("00318473800180009000"));
+        capabilities = new CardCapabilities(Hex.decode("00318473800180009000"), TokenType.GNUK_OLD);
        Assert.assertEquals(capabilities.hasChaining(), true);
        Assert.assertEquals(capabilities.hasExtended(), false);
        Assert.assertEquals(capabilities.hasLifeCycleManagement(), false);

        // GNUK with Life Cycle Management: ./configure --enable-factory-reset
-        capabilities = new CardCapabilities(Hex.decode("00318473800180059000"));
+        capabilities = new CardCapabilities(Hex.decode("00318473800180059000"), TokenType.GNUK_OLD);
        Assert.assertEquals(capabilities.hasChaining(), true);
        Assert.assertEquals(capabilities.hasExtended(), false);
        Assert.assertEquals(capabilities.hasLifeCycleManagement(), true);
+
+        // Secalot
+        capabilities = new CardCapabilities(Hex.decode("0031C573C00140009000"), TokenType.SECALOT);
+        Assert.assertEquals(capabilities.hasChaining(), false);
+        Assert.assertEquals(capabilities.hasExtended(), true);
+        Assert.assertEquals(capabilities.hasLifeCycleManagement(), true);
    }

    @Test