PeterCxy/open-keychain
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases 1 Wiki Activity

add routines to unlock security token

Browse source
This commit is contained in:
Vincent Breitmoser 2017-09-06 21:17:29 +02:00
parent 4d0a686220
commit 36bec236f4
9 changed files with 285 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
OpenKeychain/src/main/AndroidManifest.xml
View file

@ -806,6 +806,13 @@
android:taskAffinity=":Nfc"
android:theme="@style/Theme.Keychain.Light.Dialog" />
<activity
android:name=".ui.SecurityTokenChangePinOperationActivity"
android:allowTaskReparenting="true"
android:launchMode="singleTop"
android:taskAffinity=":Nfc"
android:theme="@style/Theme.Keychain.Light.Dialog" />
<activity
android:name=".ui.HelpActivity"
android:label="@string/title_help" />

22
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java
View file

@ -217,6 +217,28 @@ public class SecurityTokenHelper {
}
public void resetPin(String newPinStr) throws IOException {
if (!mPw3Validated) {
verifyPin(0x83); // (Verify PW1 with mode 82 for decryption)
}
byte[] newPin = newPinStr.getBytes();
final int MAX_PW1_LENGTH_INDEX = 1;
byte[] pwStatusBytes = getPwStatusBytes();
if (newPin.length < 6 || newPin.length > pwStatusBytes[MAX_PW1_LENGTH_INDEX]) {
throw new IOException("Invalid PIN length");
}
// Command APDU for RESET RETRY COUNTER command (page 33)
CommandAPDU changePin = new CommandAPDU(0x00, 0x2C, 0x02, 0x81, newPin);
ResponseAPDU response = communicate(changePin);
if (response.getSW() != APDU_SW_SUCCESS) {
throw new CardException("Failed to change PIN", response.getSW());
}
}
/**
* Modifies the user's PW1 or PW3. Before sending, the new PIN will be validated for
* conformance to the token's requirements for key length.

11
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
View file

@ -1,21 +1,22 @@
package org.sufficientlysecure.keychain.service.input;
import android.os.Parcel;
import android.os.Parcelable;
import org.sufficientlysecure.keychain.util.Passphrase;
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import android.os.Parcel;
import android.os.Parcelable;
import org.sufficientlysecure.keychain.util.Passphrase;
public class RequiredInputParcel implements Parcelable {
public enum RequiredInputType {
PASSPHRASE, PASSPHRASE_SYMMETRIC, BACKUP_CODE, SECURITY_TOKEN_SIGN, SECURITY_TOKEN_DECRYPT,
SECURITY_TOKEN_MOVE_KEY_TO_CARD, SECURITY_TOKEN_RESET_CARD, ENABLE_ORBOT, UPLOAD_FAIL_RETRY,
SECURITY_TOKEN_MOVE_KEY_TO_CARD, SECURITY_TOKEN_RESET_CARD, ENABLE_ORBOT, UPLOAD_FAIL_RETRY
}
public Date mSignatureTime;

18
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/SecurityTokenChangePinParcel.java Normal file
View file

@ -0,0 +1,18 @@
package org.sufficientlysecure.keychain.service.input;
import android.os.Parcelable;
import com.google.auto.value.AutoValue;
@AutoValue
public abstract class SecurityTokenChangePinParcel implements Parcelable {
public abstract String getAdminPin();
public abstract String getNewPin();
public static SecurityTokenChangePinParcel createSecurityTokenUnlock(String adminPin, String newPin) {
return new AutoValue_SecurityTokenChangePinParcel(adminPin, newPin);
}
}

210
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenChangePinOperationActivity.java Normal file
View file

@ -0,0 +1,210 @@
/*
* Copyright (C) 2017 Vincent Breitmoser <look@my.amazin.horse>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.sufficientlysecure.keychain.ui;
import java.io.IOException;
import android.content.Intent;
import android.os.AsyncTask;
import android.os.Bundle;
import android.view.View;
import android.view.WindowManager;
import android.widget.Button;
import android.widget.TextView;
import android.widget.ViewAnimator;
import nordpol.android.NfcGuideView;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo;
import org.sufficientlysecure.keychain.service.input.SecurityTokenChangePinParcel;
import org.sufficientlysecure.keychain.ui.base.BaseSecurityTokenActivity;
import org.sufficientlysecure.keychain.ui.util.ThemeChanger;
import org.sufficientlysecure.keychain.util.Log;
import org.sufficientlysecure.keychain.util.OrientationUtils;
import org.sufficientlysecure.keychain.util.Passphrase;
/**
* This class provides a communication interface to OpenPGP applications on ISO SmartCard compliant
* NFC devices.
* For the full specs, see http://g10code.com/docs/openpgp-card-2.0.pdf
*/
public class SecurityTokenChangePinOperationActivity extends BaseSecurityTokenActivity {
public static final String EXTRA_CHANGE_PIN_PARCEL = "change_pin_parcel";
public static final String RESULT_TOKEN_INFO = "token_info";
public ViewAnimator vAnimator;
public TextView vErrorText;
private TextView vErrorTextPin;
public Button vErrorTryAgainButton;
public NfcGuideView nfcGuideView;
private SecurityTokenChangePinParcel changePinInput;
private SecurityTokenInfo resultTokenInfo;
@Override
protected void initTheme() {
mThemeChanger = new ThemeChanger(this);
mThemeChanger.setThemes(R.style.Theme_Keychain_Light_Dialog,
R.style.Theme_Keychain_Dark_Dialog);
mThemeChanger.changeTheme();
}
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
Log.d(Constants.TAG, "NfcOperationActivity.onCreate");
nfcGuideView = (NfcGuideView) findViewById(R.id.nfc_guide_view);
// prevent annoying orientation changes while fumbling with the device
OrientationUtils.lockOrientation(this);
// prevent close when touching outside of the dialog (happens easily when fumbling with the device)
setFinishOnTouchOutside(false);
// keep screen on
getWindow().addFlags(WindowManager.LayoutParams.FLAG_KEEP_SCREEN_ON);
setTitle(R.string.security_token_nfc_text);
vAnimator = (ViewAnimator) findViewById(R.id.view_animator);
vAnimator.setDisplayedChild(0);
nfcGuideView.setCurrentStatus(NfcGuideView.NfcGuideViewStatus.STARTING_POSITION);
vErrorText = (TextView) findViewById(R.id.security_token_activity_3_error_text);
vErrorTextPin = (TextView) findViewById(R.id.security_token_activity_4_error_text);
vErrorTryAgainButton = (Button) findViewById(R.id.security_token_activity_3_error_try_again);
vErrorTryAgainButton.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
resumeTagHandling();
vAnimator.setDisplayedChild(0);
nfcGuideView.setVisibility(View.VISIBLE);
nfcGuideView.setCurrentStatus(NfcGuideView.NfcGuideViewStatus.STARTING_POSITION);
}
});
Button vCancel = (Button) findViewById(R.id.security_token_activity_0_cancel);
vCancel.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
setResult(RESULT_CANCELED);
finish();
}
});
findViewById(R.id.security_token_activity_4_back).setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
Intent result = new Intent();
result.putExtra(RESULT_TOKEN_INFO, resultTokenInfo);
setResult(RESULT_CANCELED, result);
finish();
}
});
changePinInput = getIntent().getParcelableExtra(EXTRA_CHANGE_PIN_PARCEL);
}
@Override
protected void initLayout() {
setContentView(R.layout.security_token_operation_activity);
}
@Override
public void onSecurityTokenPreExecute() {
// start with indeterminate progress
vAnimator.setDisplayedChild(1);
nfcGuideView.setCurrentStatus(NfcGuideView.NfcGuideViewStatus.TRANSFERRING);
}
@Override
protected void doSecurityTokenInBackground() throws IOException {
mSecurityTokenHelper.setAdminPin(new Passphrase(changePinInput.getAdminPin()));
mSecurityTokenHelper.resetPin(changePinInput.getNewPin());
resultTokenInfo = mSecurityTokenHelper.getTokenInfo();
}
@Override
protected final void onSecurityTokenPostExecute() {
Intent result = new Intent();
result.putExtra(RESULT_TOKEN_INFO, resultTokenInfo);
setResult(RESULT_OK, result);
// show finish
vAnimator.setDisplayedChild(2);
nfcGuideView.setCurrentStatus(NfcGuideView.NfcGuideViewStatus.DONE);
if (mSecurityTokenHelper.isPersistentConnectionAllowed()) {
// Just close
finish();
} else {
mSecurityTokenHelper.clearSecureMessaging();
new AsyncTask<Void, Void, Void>() {
@Override
protected Void doInBackground(Void... params) {
// check all 200ms if Security Token has been taken away
while (true) {
if (isSecurityTokenConnected()) {
try {
Thread.sleep(200);
} catch (InterruptedException ignored) {
}
} else {
return null;
}
}
}
@Override
protected void onPostExecute(Void result) {
super.onPostExecute(result);
finish();
}
}.execute();
}
}
@Override
protected void onSecurityTokenError(String error) {
pauseTagHandling();
vErrorText.setText(error + "\n\n" + getString(R.string.security_token_nfc_try_again_text));
vAnimator.setDisplayedChild(3);
nfcGuideView.setVisibility(View.GONE);
}
@Override
public void onSecurityTokenPinError(String error, SecurityTokenInfo tokeninfo) {
resultTokenInfo = tokeninfo;
pauseTagHandling();
vErrorTextPin.setText(error);
vAnimator.setDisplayedChild(4);
nfcGuideView.setVisibility(View.GONE);
}
}

9
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java
View file

@ -44,6 +44,7 @@ import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
import org.sufficientlysecure.keychain.provider.KeyRepository;
import org.sufficientlysecure.keychain.provider.KeychainContract;
import org.sufficientlysecure.keychain.securitytoken.KeyType;
import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo;
import org.sufficientlysecure.keychain.service.PassphraseCacheService;
import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
@ -65,6 +66,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity {
public static final String EXTRA_CRYPTO_INPUT = "crypto_input";
public static final String RESULT_CRYPTO_INPUT = "result_data";
public static final String RESULT_TOKEN_INFO = "token_info";
public ViewAnimator vAnimator;
public TextView vErrorText;
@ -74,6 +76,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity {
private RequiredInputParcel mRequiredInput;
private CryptoInputParcel mInputParcel;
private SecurityTokenInfo mResultTokenInfo;
@Override
protected void initTheme() {
@ -277,6 +280,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity {
}
case SECURITY_TOKEN_RESET_CARD: {
mSecurityTokenHelper.resetAndWipeToken();
mResultTokenInfo = mSecurityTokenHelper.getTokenInfo();
break;
}
@ -334,6 +338,9 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity {
Intent result = new Intent();
// send back the CryptoInputParcel we received
result.putExtra(RESULT_CRYPTO_INPUT, inputParcel);
if (mResultTokenInfo != null) {
result.putExtra(RESULT_TOKEN_INFO, mResultTokenInfo);
}
setResult(RESULT_OK, result);
}
@ -348,7 +355,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity {
}
@Override
public void onSecurityTokenPinError(String error) {
public void onSecurityTokenPinError(String error, SecurityTokenInfo tokeninfo) {
onSecurityTokenError(error);
// clear (invalid) passphrase

1
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenContract.java
View file

@ -68,6 +68,7 @@ class ManageSecurityTokenContract {
void operationImportKey(byte[] importKeyData);
void operationPromote(long masterKeyId, byte[] cardAid);
void operationResetSecurityToken();
void operationChangePinSecurityToken(String adminPin, String newPin);
void finishAndShowKey(long masterKeyId);

12
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenFragment.java
View file

@ -54,10 +54,12 @@ import org.sufficientlysecure.keychain.service.ImportKeyringParcel;
import org.sufficientlysecure.keychain.service.PromoteKeyringParcel;
import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
import org.sufficientlysecure.keychain.service.input.SecurityTokenChangePinParcel;
import org.sufficientlysecure.keychain.ui.CreateKeyActivity;
import org.sufficientlysecure.keychain.ui.LogDisplayActivity;
import org.sufficientlysecure.keychain.ui.LogDisplayFragment;
import org.sufficientlysecure.keychain.ui.SecurityTokenOperationActivity;
import org.sufficientlysecure.keychain.ui.SecurityTokenChangePinOperationActivity;
import org.sufficientlysecure.keychain.ui.base.CryptoOperationHelper;
import org.sufficientlysecure.keychain.ui.base.CryptoOperationHelper.AbstractCallback;
import org.sufficientlysecure.keychain.ui.keyview.ViewKeyActivity;
@ -76,6 +78,7 @@ public class ManageSecurityTokenFragment extends Fragment implements ManageSecur
private static final String ARG_TOKEN_INFO = "token_info";
public static final int REQUEST_CODE_OPEN_FILE = 0;
public static final int REQUEST_CODE_RESET = 1;
public static final int REQUEST_CODE_CHANGE_PIN = 2;
public static final int PERMISSION_READ_STORAGE = 0;
ManageSecurityTokenMvpPresenter presenter;
@ -303,6 +306,15 @@ public class ManageSecurityTokenFragment extends Fragment implements ManageSecur
startActivityForResult(intent, REQUEST_CODE_RESET);
}
@Override
public void operationChangePinSecurityToken(String adminPin, String newPin) {
Intent intent = new Intent(getActivity(), SecurityTokenChangePinOperationActivity.class);
SecurityTokenChangePinParcel changePinParcel =
SecurityTokenChangePinParcel.createSecurityTokenUnlock(adminPin, newPin);
intent.putExtra(SecurityTokenChangePinOperationActivity.EXTRA_CHANGE_PIN_PARCEL, changePinParcel);
startActivityForResult(intent, REQUEST_CODE_CHANGE_PIN);
}
@Override
public void showFileSelectDialog() {
FileHelper.openDocument(this, null, "*/*", false, REQUEST_CODE_OPEN_FILE);

2
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenPresenter.java
View file

@ -147,7 +147,7 @@ class ManageSecurityTokenPresenter implements ManageSecurityTokenMvpPresenter {
@Override
public void onClickUnlockToken() {
// TODO
view.showAdminPinDialog();
}
private LoaderCallbacks<KeyRetrievalResult> loaderCallbacks = new LoaderCallbacks<KeyRetrievalResult>() {