v4.2.0

Author: dschuermann

hwsecurity/fido/src/main/java/de/cotech/hw/fido/ui/FidoDialogFragment.java

@@ -60,7 +60,6 @@
 import de.cotech.hw.SecurityKeyCallback;
 import de.cotech.hw.SecurityKeyException;
 import de.cotech.hw.SecurityKeyManager;
-import de.cotech.hw.exceptions.InsNotSupportedException;
 import de.cotech.hw.exceptions.SecurityKeyDisconnectedException;
 import de.cotech.hw.fido.FidoAuthenticateCallback;
 import de.cotech.hw.fido.FidoAuthenticateRequest;
@@ -79,16 +78,18 @@
 import de.cotech.hw.ui.internal.NfcFullscreenView;
 import de.cotech.hw.ui.internal.SecurityKeyFormFactor;
 import de.cotech.hw.ui.internal.SmartcardFormFactor;
+import de.cotech.hw.ui.internal.SuccessView;
 import de.cotech.hw.util.HwTimber;
 
 
 public class FidoDialogFragment extends BottomSheetDialogFragment implements SecurityKeyCallback<FidoSecurityKey>, SecurityKeyFormFactor.SelectTransportCallback {
     private static final String FRAGMENT_TAG = "hwsecurity-fido-fragment";
     private static final String ARG_FIDO_REGISTER_REQUEST = "ARG_FIDO_REGISTER_REQUEST";
     private static final String ARG_FIDO_AUTHENTICATE_REQUEST = "ARG_FIDO_AUTHENTICATE_REQUEST";
-    private static final String ARG_FIDO_OPTIONS = "de.cotech.hw.fido.ARG_FIDO_OPTIONS";
+    private static final String ARG_FIDO_OPTIONS = "de.cotech.hw.fido.ui.ARG_FIDO_OPTIONS";
 
     private static final long TIME_DELAYED_SCREEN_CHANGE = 3000;
+    private static final long TIME_DELAYED_SUCCESS_DISMISS = 1600;
 
     static {
         AppCompatDelegate.setCompatVectorFromResourcesEnabled(true);
@@ -112,6 +113,7 @@ public class FidoDialogFragment extends BottomSheetDialogFragment implements Sec
     private SmartcardFormFactor smartcardFormFactor;
 
     private ErrorView errorView;
+    private SuccessView successView;
 
     private FidoDialogOptions options;
     private FidoRegisterRequest fidoRegisterRequest;
@@ -126,6 +128,7 @@ private enum Screen {
         USB_PRESS_BUTTON,
         USB_SELECT_AND_PRESS_BUTTON,
         ERROR,
+        SUCCESS,
     }
 
     private Screen currentScreen;
@@ -348,6 +351,7 @@ public void onViewCreated(@NonNull View view, @Nullable Bundle savedInstanceStat
         securityKeyFormFactor = new SecurityKeyFormFactor(view.findViewById(R.id.includeSecurityKeyFormFactor), this, this, innerBottomSheet, options.getShowSdkLogo());
 
         errorView = new ErrorView(view.findViewById(de.cotech.hw.ui.R.id.includeError));
+        successView = new SuccessView(view.findViewById(de.cotech.hw.ui.R.id.includeSuccess));
 
         nfcFullscreenView = new NfcFullscreenView(view.findViewById(de.cotech.hw.ui.R.id.includeNfcFullscreen), innerBottomSheet);
 
@@ -402,7 +406,11 @@ private void gotoScreen(Screen newScreen) {
                 break;
             }
             case ERROR: {
-                animateError();
+                showError();
+                break;
+            }
+            case SUCCESS: {
+                showSuccess();
                 break;
             }
         }
@@ -413,6 +421,7 @@ public void screeFullscreenNfc() {
         textTitle.setVisibility(View.GONE);
         textDescription.setVisibility(View.GONE);
         errorView.setVisibility(View.GONE);
+        successView.setVisibility(View.GONE);
         smartcardFormFactor.setVisibility(View.GONE);
         securityKeyFormFactor.setVisibility(View.GONE);
 
@@ -433,19 +442,32 @@ private void animateStart() {
         textTitle.setVisibility(View.VISIBLE);
         textDescription.setVisibility(View.VISIBLE);
         errorView.setVisibility(View.GONE);
+        successView.setVisibility(View.GONE);
         securityKeyFormFactor.setVisibility(View.VISIBLE);
 
         securityKeyFormFactor.resetAnimation();
     }
 
-    private void animateError() {
+    private void showError() {
         TransitionManager.beginDelayedTransition(innerBottomSheet);
         textTitle.setVisibility(View.GONE);
         textDescription.setVisibility(View.GONE);
         securityKeyFormFactor.setVisibility(View.GONE);
         smartcardFormFactor.setVisibility(View.GONE);
         nfcFullscreenView.setVisibility(View.GONE);
         errorView.setVisibility(View.VISIBLE);
+        successView.setVisibility(View.GONE);
+    }
+
+    private void showSuccess() {
+        TransitionManager.beginDelayedTransition(innerBottomSheet);
+        textTitle.setVisibility(View.GONE);
+        textDescription.setVisibility(View.GONE);
+        securityKeyFormFactor.setVisibility(View.GONE);
+        smartcardFormFactor.setVisibility(View.GONE);
+        nfcFullscreenView.setVisibility(View.GONE);
+        errorView.setVisibility(View.GONE);
+        successView.setVisibility(View.VISIBLE);
     }
 
     @UiThread
@@ -483,7 +505,13 @@ public void onRegisterResponse(FidoRegisterResponse response) {
                             if (securityKey.isTransportNfc()) {
                                 securityKey.release();
                             }
-                            dismiss();
+                            gotoScreen(Screen.SUCCESS);
+                            bottomSheet.postDelayed(() -> {
+                                if (!isAdded()) {
+                                    return;
+                                }
+                                dismiss();
+                            }, TIME_DELAYED_SUCCESS_DISMISS);
                         }
 
                         @Override
@@ -502,7 +530,13 @@ public void onAuthenticateResponse(FidoAuthenticateResponse response) {
                             if (securityKey.isTransportNfc()) {
                                 securityKey.release();
                             }
-                            dismiss();
+                            gotoScreen(Screen.SUCCESS);
+                            bottomSheet.postDelayed(() -> {
+                                if (!isAdded()) {
+                                    return;
+                                }
+                                dismiss();
+                            }, TIME_DELAYED_SUCCESS_DISMISS);
                         }
 
                         @Override

hwsecurity/fido/src/main/java/de/cotech/hw/fido/ui/FidoDialogOptions.java

@@ -91,6 +91,7 @@ public abstract static class Builder {
          *     <item name="hwSecurityButtonColor">@color/hwSecurityDarkBlue</item>
          *     <item name="hwSecuritySurfaceColor">@color/hwSecurityBlue</item>
          *     <item name="hwSecurityErrorColor">@color/hwSecurityRed</item>
+         *     <item name="hwSecuritySuccessColor">@color/hwSecurityGreen</item>
          * </style>
          * </pre>
          */

hwsecurity/fido2/src/main/java/de/cotech/hw/fido2/internal/operations/ctap1/AuthenticatorGetAssertionCtap1Operation.java

@@ -108,7 +108,7 @@ private PublicKeyCredential ctap1ResponseApduToWebauthnResponse(
         U2fAuthenticateResponse u2fResponse = U2fAuthenticateResponse.fromBytes(responseData);
 
         AuthenticatorData authenticatorData =
-                AuthenticatorData.create(rpIdHash, (byte) 1, u2fResponse.counter(), null, null);
+                AuthenticatorData.create(rpIdHash, u2fResponse.presence(), u2fResponse.counter(), null, null);
         byte[] authenticatorDataBytes = new AuthenticatorDataParser().toBytes(authenticatorData);
         AuthenticatorAssertionResponse authenticatorResponse =
                 AuthenticatorAssertionResponse.create(

hwsecurity/fido2/src/main/java/de/cotech/hw/fido2/internal/operations/ctap1/U2fAuthenticateResponse.java

@@ -44,7 +44,7 @@ public static U2fAuthenticateResponse fromBytes(byte[] data) throws IOException
         int counter = buf.getInt();
 
         int signatureLength = buf.remaining();
-        if (signatureLength < 70 || signatureLength > 73) {
+        if (signatureLength < 71 || signatureLength > 73) {
             throw new IOException("Signature length must be 71-73 bytes!");
         }
         byte[] signature = new byte[signatureLength];

hwsecurity/fido2/src/main/java/de/cotech/hw/fido2/internal/utils/PublicSuffixDatabase.java

@@ -36,7 +36,8 @@
 
 
 class PublicSuffixDatabase {
-    private static final String PUBLIC_SUFFIX_RESOURCE = "publicsuffixes.gz";
+    // Must be an absolute path to work after Proguard optimizations!
+    private static final String PUBLIC_SUFFIX_RESOURCE = "/de/cotech/hw/fido2/internal/utils/publicsuffixes.gz";
     private static final byte[] WILDCARD_LABEL = new byte[] { '*' };
     private static final char EXCEPTION_MARKER = '!';
 

hwsecurity/fido2/src/main/java/de/cotech/hw/fido2/ui/GenericFido2SecurityKeyDialogFragment.java

@@ -39,7 +39,7 @@
 import de.cotech.hw.ui.internal.SecurityKeyDialogPresenter;
 
 public class GenericFido2SecurityKeyDialogFragment extends SecurityKeyDialogFragment<Fido2SecurityKey> {
-    public static final String ARG_FIDO2_CONFIG = "de.cotech.hw.fido2.ARG_FIDO2_CONFIG";
+    public static final String ARG_FIDO2_CONFIG = "de.cotech.hw.fido2.ui.ARG_FIDO2_CONFIG";
 
     public static SecurityKeyDialogFragment<Fido2SecurityKey> newInstance() {
         return newInstance(SecurityKeyDialogOptions.builder().build(), Fido2SecurityKeyConnectionModeConfig.getDefaultConfig());

hwsecurity/fido2/src/main/java/de/cotech/hw/fido2/ui/WebauthnDialogFragment.java

@@ -92,16 +92,18 @@
 import de.cotech.hw.ui.internal.PinInput;
 import de.cotech.hw.ui.internal.SecurityKeyFormFactor;
 import de.cotech.hw.ui.internal.SmartcardFormFactor;
+import de.cotech.hw.ui.internal.SuccessView;
 import de.cotech.hw.util.HwTimber;
 
 
 public class WebauthnDialogFragment extends BottomSheetDialogFragment
         implements SecurityKeyCallback<Fido2SecurityKey>, SecurityKeyFormFactor.SelectTransportCallback, PinInput.PinInputCallback {
     private static final String FRAGMENT_TAG = "hwsecurity-webauthn-fragment";
     private static final String ARG_WEBAUTHN_COMMAND = "ARG_WEBAUTHN_COMMAND";
-    private static final String ARG_WEBAUTHN_OPTIONS = "de.cotech.hw.fido.ARG_WEBAUTHN_OPTIONS";
+    private static final String ARG_WEBAUTHN_OPTIONS = "de.cotech.hw.fido2.ui.ARG_WEBAUTHN_OPTIONS";
 
     private static final long TIME_DELAYED_SCREEN_CHANGE = 3000;
+    private static final long TIME_DELAYED_SUCCESS_DISMISS = 1600;
 
     static {
         AppCompatDelegate.setCompatVectorFromResourcesEnabled(true);
@@ -130,6 +132,7 @@ public class WebauthnDialogFragment extends BottomSheetDialogFragment
     private TextView textDescription;
 
     private ErrorView errorView;
+    private SuccessView successView;
 
     private WebauthnDialogOptions options;
     private WebauthnCommand webauthnCommand;
@@ -147,6 +150,7 @@ private enum Screen {
         USB_PRESS_BUTTON,
         USB_SELECT_AND_PRESS_BUTTON,
         ERROR,
+        SUCCESS,
     }
 
     private Screen currentScreen;
@@ -362,6 +366,7 @@ public void onViewCreated(@NonNull View view, @Nullable Bundle savedInstanceStat
         securityKeyFormFactor = new SecurityKeyFormFactor(view.findViewById(R.id.includeSecurityKeyFormFactor), this, this, innerBottomSheet, options.getShowSdkLogo());
 
         errorView = new ErrorView(view.findViewById(de.cotech.hw.ui.R.id.includeError));
+        successView = new SuccessView(view.findViewById(de.cotech.hw.ui.R.id.includeSuccess));
 
         nfcFullscreenView = new NfcFullscreenView(view.findViewById(de.cotech.hw.ui.R.id.includeNfcFullscreen), innerBottomSheet);
 
@@ -508,6 +513,10 @@ private void gotoScreen(Screen newScreen) {
                 showError();
                 break;
             }
+            case SUCCESS: {
+                showSuccess();
+                break;
+            }
         }
     }
 
@@ -516,6 +525,7 @@ public void screeFullscreenNfc() {
         textTitle.setVisibility(View.GONE);
         textDescription.setVisibility(View.GONE);
         errorView.setVisibility(View.GONE);
+        successView.setVisibility(View.GONE);
         securityKeyFormFactor.setVisibility(View.GONE);
         smartcardFormFactor.setVisibility(View.GONE);
         buttonRight.setVisibility(View.GONE);
@@ -550,6 +560,7 @@ private void animateStart() {
         textTitle.setVisibility(View.VISIBLE);
         textDescription.setVisibility(View.VISIBLE);
         errorView.setVisibility(View.GONE);
+        successView.setVisibility(View.GONE);
         keyboardPinInput.setVisibility(View.GONE);
         keypadPinInput.setVisibility(View.GONE);
         switch (options.getFormFactor()) {
@@ -574,6 +585,7 @@ public void showPinInput(boolean allowSkip) {
         textTitle.setVisibility(View.VISIBLE);
         textDescription.setVisibility(View.VISIBLE);
         errorView.setVisibility(View.GONE);
+        successView.setVisibility(View.GONE);
         securityKeyFormFactor.setVisibility(View.GONE);
         smartcardFormFactor.setVisibility(View.GONE);
         buttonPinInputSwitch.setVisibility(options.getAllowKeyboard() ? View.VISIBLE : View.INVISIBLE);
@@ -604,6 +616,22 @@ private void showError() {
         smartcardFormFactor.setVisibility(View.GONE);
         nfcFullscreenView.setVisibility(View.GONE);
         errorView.setVisibility(View.VISIBLE);
+        successView.setVisibility(View.GONE);
+        buttonRight.setVisibility(View.GONE);
+        keyboardPinInput.setVisibility(View.GONE);
+        keypadPinInput.setVisibility(View.GONE);
+        buttonPinInputSwitch.setVisibility(View.GONE);
+    }
+
+    private void showSuccess() {
+        TransitionManager.beginDelayedTransition(innerBottomSheet);
+        textTitle.setVisibility(View.GONE);
+        textDescription.setVisibility(View.GONE);
+        securityKeyFormFactor.setVisibility(View.GONE);
+        smartcardFormFactor.setVisibility(View.GONE);
+        nfcFullscreenView.setVisibility(View.GONE);
+        errorView.setVisibility(View.GONE);
+        successView.setVisibility(View.VISIBLE);
         buttonRight.setVisibility(View.GONE);
         keyboardPinInput.setVisibility(View.GONE);
         keypadPinInput.setVisibility(View.GONE);
@@ -663,7 +691,13 @@ public void onResponse(PublicKeyCredential publicKeyCredential) {
                             if (securityKey.isTransportNfc()) {
                                 securityKey.release();
                             }
-                            dismiss();
+                            gotoScreen(Screen.SUCCESS);
+                            bottomSheet.postDelayed(() -> {
+                                if (!isAdded()) {
+                                    return;
+                                }
+                                dismiss();
+                            }, TIME_DELAYED_SUCCESS_DISMISS);
                         }
 
                         @Override
@@ -682,7 +716,13 @@ public void onResponse(PublicKeyCredential response) {
                             if (securityKey.isTransportNfc()) {
                                 securityKey.release();
                             }
-                            dismiss();
+                            gotoScreen(Screen.SUCCESS);
+                            bottomSheet.postDelayed(() -> {
+                                if (!isAdded()) {
+                                    return;
+                                }
+                                dismiss();
+                            }, TIME_DELAYED_SUCCESS_DISMISS);
                         }
 
                         @Override

hwsecurity/fido2/src/main/java/de/cotech/hw/fido2/ui/WebauthnDialogOptions.java

@@ -108,6 +108,7 @@ public abstract static class Builder {
          *     <item name="hwSecurityButtonColor">@color/hwSecurityDarkBlue</item>
          *     <item name="hwSecuritySurfaceColor">@color/hwSecurityBlue</item>
          *     <item name="hwSecurityErrorColor">@color/hwSecurityRed</item>
+         *     <item name="hwSecuritySuccessColor">@color/hwSecurityGreen</item>
          * </style>
          * </pre>
          */

hwsecurity/fido2/src/test/java/de/cotech/hw/fido2/internal/pinauth/PinProtocolV1Test.java

@@ -37,8 +37,8 @@ public class PinProtocolV1Test {
     static final byte[] PIN_TOKEN_ENC = Hex.decodeHexOrFail("554df3802226935b2bf49f30aae3096f");
     static final String CLIENT_PIN_GET_TOKEN = "801000006606a40101020503a501020326200121582099401f6ffa9446585074d1058578f4c68ab46953ccf8cb7910d8b3c9350e1040225820a3c962cddad166b1fdea8a95a377dbf8efbedd82778a8004b884f0009bd6df9506502eb756ae474f7ca032b5111b2eef6959";
     static final String CLIENT_PIN_GET_TOKEN_RESPONSE = "00a10250554df3802226935b2bf49f30aae3096f9000";
-    static final String CLIENT_PIN_GET_TOKEN_RESPONSE_INVALID = "329000";
-    static final String CLIENT_PIN_GET_TOKEN_RESPONSE_BLOCKED = "319000";
+    static final String CLIENT_PIN_GET_TOKEN_RESPONSE_INVALID = "319000";
+    static final String CLIENT_PIN_GET_TOKEN_RESPONSE_BLOCKED = "329000";
 
     static final byte[] SHARED_SECRET = new byte[1];
     static final byte[] PIN_TOKEN = new byte[1];
@@ -75,7 +75,7 @@ public void pinAuth_invalid() throws Exception {
         pinProtocolV1.clientPinAuthenticate(fakeFidoConnection.connection, "1234", false);
     }
 
-    @Test(expected = FidoClientPinInvalidException.class)
+    @Test(expected = FidoClientPinBlockedException.class)
     public void pinAuth_invalid_blocked() throws Exception {
         PinProtocolV1 pinProtocolV1 = setupPinProtocol();
 

hwsecurity/openpgp/build.gradle

@@ -9,7 +9,7 @@ dependencies {
     compileOnly project(':hwsecurity:ui')
     compileOnly 'com.google.android.material:material:1.1.0'
 
-    implementation 'org.bouncycastle:bcprov-jdk15on:1.65'
+    implementation 'org.bouncycastle:bcprov-jdk15on:1.67'
 
     compileOnly 'androidx.annotation:annotation:1.1.0'