v2.2.3

Author: dschuermann

build.gradle

@@ -5,7 +5,7 @@ buildscript {
     }
 
     dependencies {
-        classpath 'com.android.tools.build:gradle:3.4.0'
+        classpath 'com.android.tools.build:gradle:3.4.1'
         classpath "org.jetbrains.dokka:dokka-android-gradle-plugin:0.9.17"
         classpath 'digital.wup:android-maven-publish:3.6.2'
     }
@@ -22,5 +22,5 @@ ext {
     compileSdkVersion = 28
     hwSdkIncludeAsSubmodule = false
     hwSdkVersionCode = 8
-    hwSdkVersionName = '2.0.0-alpha03'
+    hwSdkVersionName = '2.2.3'
 }

hwsecurity-fido/build.gradle

@@ -9,15 +9,15 @@ dependencies {
         api project(':hwsecurity')
     }
 
-    implementation 'androidx.appcompat:appcompat:1.0.2'
-    implementation 'androidx.constraintlayout:constraintlayout:1.1.3'
-
-    implementation 'com.google.android.material:material:1.0.0'
-
     implementation 'de.cotech:nfc-sweetspot:1.1'
 
     implementation 'com.jakewharton.timber:timber:4.7.0'
 
+    implementation 'com.google.android.material:material:1.0.0'
+
+    implementation 'androidx.constraintlayout:constraintlayout:1.1.3'
+    implementation 'androidx.appcompat:appcompat:1.0.2'
+
     api 'com.google.auto.value:auto-value-annotations:1.6.2'
     annotationProcessor 'com.google.auto.value:auto-value:1.6.2'
     annotationProcessor 'com.ryanharter.auto.value:auto-value-parcel:0.2.6'

hwsecurity-fido/src/main/java/de/cotech/hw/fido/FidoSecurityKey.java

@@ -50,7 +50,7 @@
 
 @SuppressWarnings({ "unused", "WeakerAccess" }) // All methods are public API
 public class FidoSecurityKey extends SecurityKey {
-    private static final int USER_PRESENCE_CHECK_DELAY_MS = 1000;
+    private static final int USER_PRESENCE_CHECK_DELAY_MS = 250;
 
     private final FidoU2fAppletConnection fidoU2fAppletConnection;
     private final FidoAsyncOperationManager fidoAsyncOperationManager;

hwsecurity-fido/src/main/java/de/cotech/hw/fido/internal/FidoU2fAppletConnection.java

@@ -35,10 +35,7 @@
 import androidx.annotation.RestrictTo;
 import androidx.annotation.RestrictTo.Scope;
 import de.cotech.hw.SecurityKeyException;
-import de.cotech.hw.exceptions.ClaNotSupportedException;
-import de.cotech.hw.exceptions.InsNotSupportedException;
-import de.cotech.hw.exceptions.SelectAppletException;
-import de.cotech.hw.exceptions.WrongRequestLengthException;
+import de.cotech.hw.exceptions.*;
 import de.cotech.hw.fido.exceptions.FidoPresenceRequiredException;
 import de.cotech.hw.fido.exceptions.FidoWrongKeyHandleException;
 import de.cotech.hw.internal.iso7816.CommandApdu;
@@ -58,6 +55,8 @@ public class FidoU2fAppletConnection {
             // see to "FIDO U2F NFC protocol", Section 5. Applet selection
             // https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-nfc-protocol-v1.2-ps-20170411.html
             Hex.decodeHexOrFail("A0000006472F0001"),
+            // Workaround for Solokey: https://github.com/solokeys/solo/issues/213
+            Hex.decodeHexOrFail("A0000006472F000100"),
             // old Yubico demo applet AID
             Hex.decodeHexOrFail("A0000005271002")
     );
@@ -129,16 +128,17 @@ private void checkVersionOrThrow(byte[] versionBytes) throws IOException {
 
     private byte[] selectFileOrFail(byte[] fileAid) throws IOException {
         CommandApdu select = commandFactory.createSelectFileCommand(fileAid);
-        ResponseApdu response = communicate(select);
 
-        if (response.isSuccess()) {
+        try {
+            ResponseApdu response = communicateOrThrow(select);
+
             // "FIDO authenticator SHALL reply with its version string in the successful response"
             // https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-nfc-protocol-v1.2-ps-20170411.html
             checkVersionOrThrow(response.getData());
             return fileAid;
+        } catch (AppletFileNotFoundException e) {
+            return null;
         }
-
-        return null;
     }
 
     // endregion
@@ -173,6 +173,8 @@ public ResponseApdu communicateOrThrow(CommandApdu commandApdu) throws IOExcepti
                 throw new FidoPresenceRequiredException();
             case FidoWrongKeyHandleException.SW_WRONG_KEY_HANDLE:
                 throw new FidoWrongKeyHandleException();
+            case AppletFileNotFoundException.SW_FILE_NOT_FOUND:
+                throw new AppletFileNotFoundException();
             case ClaNotSupportedException.SW_CLA_NOT_SUPPORTED:
                 throw new ClaNotSupportedException();
             case InsNotSupportedException.SW_INS_NOT_SUPPORTED:
@@ -200,7 +202,13 @@ private ResponseApdu transceiveWithChaining(CommandApdu commandApdu) throws IOEx
          */
         if (transport.isExtendedLengthSupported() && commandFactory.isSuitableForExtendedApdu(commandApdu)) {
             CommandApdu extendedLengthApdu = commandApdu.withNe(65536);
-            return transport.transceive(extendedLengthApdu);
+            ResponseApdu response = transport.transceive(extendedLengthApdu);
+            if (response.getSw() == WrongRequestLengthException.SW_WRONG_REQUEST_LENGTH) {
+                Timber.d("Received WRONG_REQUEST_LENGTH error. Retrying with compatibility workaround");
+                CommandApdu shortApdu = commandFactory.createShortApdu(commandApdu);
+                return transport.transceive(shortApdu);
+            }
+            return response;
         }
 
         if (commandFactory.isSuitableForShortApdu(commandApdu)) {

hwsecurity-fido/src/main/java/de/cotech/hw/fido/internal/async/FidoOperationThread.java

@@ -36,8 +36,10 @@
 import androidx.lifecycle.Lifecycle.Event;
 import androidx.lifecycle.LifecycleObserver;
 import androidx.lifecycle.OnLifecycleEvent;
+import de.cotech.hw.exceptions.TransportGoneException;
 import de.cotech.hw.fido.exceptions.FidoPresenceRequiredException;
 import de.cotech.hw.fido.internal.FidoU2fAppletConnection;
+import timber.log.Timber;
 
 
 @RestrictTo(Scope.LIBRARY_GROUP)
@@ -80,6 +82,10 @@ public void run() {
                 postToHandler(() -> deliverResponse(response));
                 break;
             } catch (InterruptedException e) {
+                Timber.e("Fido operation was interrupted");
+                break;
+            } catch (TransportGoneException e) {
+                Timber.e("Transport gone during fido operation");
                 break;
             } catch (FidoPresenceRequiredException e) {
                 try {
@@ -88,6 +94,10 @@ public void run() {
                     break;
                 }
             } catch (IOException e) {
+                if (e.getCause() instanceof InterruptedException) {
+                    Timber.e("Fido operation was interrupted");
+                    break;
+                }
                 postToHandler(() -> deliverIoException(e));
                 break;
             }
@@ -106,7 +116,7 @@ private void postToHandler(Runnable runnable) {
         });
     }
 
-    @OnLifecycleEvent(Event.ON_DESTROY)
+    @OnLifecycleEvent(Event.ON_STOP)
     public void onDestroy() {
         if (isAlive() && !isInterrupted()) {
             fidoAsyncOperationManager.clearAsyncOperation(true, this);

hwsecurity-fido/src/main/java/de/cotech/hw/fido/internal/jsapi/U2fResponse.java

@@ -25,11 +25,12 @@
 package de.cotech.hw.fido.internal.jsapi;
 
 
-import java.nio.charset.StandardCharsets;
-
 import androidx.annotation.Nullable;
+
 import com.google.auto.value.AutoValue;
 
+import java.nio.charset.Charset;
+
 
 @AutoValue
 public abstract class U2fResponse {
@@ -46,7 +47,7 @@ public abstract class U2fResponse {
 
     public static U2fResponse createRegisterResponse(Long requestId, String clientData, byte[] registrationData) {
         RegisterResponseData responseData = new AutoValue_U2fResponse_RegisterResponseData(
-                REGISTER_RESPONSE_VERSION, registrationData, clientData.getBytes(StandardCharsets.UTF_8)
+                REGISTER_RESPONSE_VERSION, registrationData, clientData.getBytes(Charset.forName("UTF-8"))
         );
 
         return new AutoValue_U2fResponse(REGISTER_RESPONSE_TYPE, responseData, requestId);
@@ -55,7 +56,7 @@ public static U2fResponse createRegisterResponse(Long requestId, String clientDa
     public static U2fResponse createAuthenticateResponse(Long requestId, String clientData,
             byte[] keyHandle, byte[] signatureData) {
         SignResponseData reseponseData = new AutoValue_U2fResponse_SignResponseData(
-                keyHandle, signatureData, clientData.getBytes(StandardCharsets.UTF_8)
+                keyHandle, signatureData, clientData.getBytes(Charset.forName("UTF-8"))
         );
 
         return new AutoValue_U2fResponse(AUTHENTICATE_RESPONSE_TYPE, reseponseData, requestId);

hwsecurity-fido/src/main/java/de/cotech/hw/fido/internal/operations/AuthenticateOp.java

@@ -81,10 +81,6 @@ public byte[] authenticate(byte[] challengeParam, byte[] applicationParam, byte[
         CommandApdu command = connection.getCommandFactory().createAuthenticationCommand(data);
         ResponseApdu response = connection.communicateOrThrow(command);
 
-        if (!response.isSuccess()) {
-            throw new AssertionError("communicateOrThrow returned unsuccessful ResponseApdu!");
-        }
-
         return response.getData();
     }
 

hwsecurity-fido/src/main/java/de/cotech/hw/fido/internal/operations/RegisterOp.java

@@ -76,10 +76,6 @@ public byte[] register(byte[] challengeParam, byte[] applicationParam)
         CommandApdu command = connection.getCommandFactory().createRegistrationCommand(data);
         ResponseApdu response = connection.communicateOrThrow(command);
 
-        if (!response.isSuccess()) {
-            throw new AssertionError("communicateOrThrow returned unsuccessful ResponseApdu!");
-        }
-
         return response.getData();
     }