From 01b2f6e95b01da290bcf997e1357f6e87bb05600 Mon Sep 17 00:00:00 2001 From: Matvey Mukha Date: Mon, 29 Oct 2018 23:48:03 +0100 Subject: [PATCH] Add reset support for Secalot. --- .../securitytoken/CardCapabilities.java | 11 +++++++++-- .../securitytoken/SecurityTokenConnection.java | 2 +- .../securitytoken/SecurityTokenUtilsTest.java | 17 ++++++++++++----- 3 files changed, 22 insertions(+), 8 deletions(-) diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/CardCapabilities.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/CardCapabilities.java index cadb167a3..40a81ea50 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/CardCapabilities.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/CardCapabilities.java @@ -18,7 +18,7 @@ package org.sufficientlysecure.keychain.securitytoken; import org.sufficientlysecure.keychain.securitytoken.usb.UsbTransportException; - +import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo.TokenType; import java.nio.ByteBuffer; import java.util.Arrays; @@ -36,12 +36,15 @@ class CardCapabilities { private byte[] historicalBytes; private byte[] capabilityBytes; - public CardCapabilities(byte[] historicalBytes) throws UsbTransportException { + private TokenType tokenType; + + public CardCapabilities(byte[] historicalBytes, TokenType tokenType) throws UsbTransportException { if ((historicalBytes == null) || (historicalBytes[0] != 0x00)) { throw new UsbTransportException("Invalid historical bytes category indicator byte"); } this.historicalBytes = historicalBytes; capabilityBytes = getCapabilitiesBytes(historicalBytes); + this.tokenType = tokenType; } public CardCapabilities() { @@ -81,6 +84,10 @@ class CardCapabilities { return true; } + if (tokenType == TokenType.SECALOT) { + return true; + } + int statusIndicatorByte = historicalBytes[historicalBytes.length - 3]; switch (statusIndicatorByte) { case STATUS_INDICATOR_NO_INFORMATION: { diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java index a34029bac..0237c12fd 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java @@ -167,7 +167,7 @@ public class SecurityTokenConnection { @VisibleForTesting void setConnectionCapabilities(OpenPgpCapabilities openPgpCapabilities) throws IOException { this.openPgpCapabilities = openPgpCapabilities; - this.cardCapabilities = new CardCapabilities(openPgpCapabilities.getHistoricalBytes()); + this.cardCapabilities = new CardCapabilities(openPgpCapabilities.getHistoricalBytes(), tokenType); } // endregion diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenUtilsTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenUtilsTest.java index 56e702f9f..a3c55a1b2 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenUtilsTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenUtilsTest.java @@ -28,6 +28,7 @@ import org.mockito.Mockito; import org.robolectric.shadows.ShadowLog; import org.sufficientlysecure.keychain.KeychainTestRunner; import org.sufficientlysecure.keychain.securitytoken.usb.UsbTransportException; +import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo.TokenType; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -164,34 +165,40 @@ public class SecurityTokenUtilsTest extends Mockito { CardCapabilities capabilities; // Yk neo - capabilities = new CardCapabilities(Hex.decode("007300008000000000000000000000")); + capabilities = new CardCapabilities(Hex.decode("007300008000000000000000000000"), TokenType.YUBIKEY_NEO); Assert.assertEquals(capabilities.hasChaining(), true); Assert.assertEquals(capabilities.hasExtended(), false); Assert.assertEquals(capabilities.hasLifeCycleManagement(), true); // Yk 4 - capabilities = new CardCapabilities(Hex.decode("0073000080059000")); + capabilities = new CardCapabilities(Hex.decode("0073000080059000"), TokenType.YUBIKEY_4); Assert.assertEquals(capabilities.hasChaining(), true); Assert.assertEquals(capabilities.hasExtended(), false); Assert.assertEquals(capabilities.hasLifeCycleManagement(), true); // Nitrokey pro - capabilities = new CardCapabilities(Hex.decode("0031c573c00140059000")); + capabilities = new CardCapabilities(Hex.decode("0031c573c00140059000"), TokenType.NITROKEY_PRO); Assert.assertEquals(capabilities.hasChaining(), false); Assert.assertEquals(capabilities.hasExtended(), true); Assert.assertEquals(capabilities.hasLifeCycleManagement(), true); // GNUK without Life Cycle Management - capabilities = new CardCapabilities(Hex.decode("00318473800180009000")); + capabilities = new CardCapabilities(Hex.decode("00318473800180009000"), TokenType.GNUK_OLD); Assert.assertEquals(capabilities.hasChaining(), true); Assert.assertEquals(capabilities.hasExtended(), false); Assert.assertEquals(capabilities.hasLifeCycleManagement(), false); // GNUK with Life Cycle Management: ./configure --enable-factory-reset - capabilities = new CardCapabilities(Hex.decode("00318473800180059000")); + capabilities = new CardCapabilities(Hex.decode("00318473800180059000"), TokenType.GNUK_OLD); Assert.assertEquals(capabilities.hasChaining(), true); Assert.assertEquals(capabilities.hasExtended(), false); Assert.assertEquals(capabilities.hasLifeCycleManagement(), true); + + // Secalot + capabilities = new CardCapabilities(Hex.decode("0031C573C00140009000"), TokenType.SECALOT); + Assert.assertEquals(capabilities.hasChaining(), false); + Assert.assertEquals(capabilities.hasExtended(), true); + Assert.assertEquals(capabilities.hasLifeCycleManagement(), true); } @Test