Document Play Console warnings resulting from hmac-secret implementation

fmeum · Mar 31, 2020 · 1f41833 · 1f41833
1 parent e74639c
commit 1f41833
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/authenticator/src/main/java/me/henneke/wearauthn/fido/context/AuthenticatorContext.kt b/authenticator/src/main/java/me/henneke/wearauthn/fido/context/AuthenticatorContext.kt
@@ -4,7 +4,6 @@ import android.app.Activity
 import android.content.Context
 import android.content.Intent
 import android.content.SharedPreferences
-import android.nfc.cardemulation.HostApduService
 import android.os.Bundle
 import android.os.Handler
 import android.os.ResultReceiver

diff --git a/authenticator/src/main/java/me/henneke/wearauthn/fido/context/Keystore.kt b/authenticator/src/main/java/me/henneke/wearauthn/fido/context/Keystore.kt
@@ -147,6 +147,7 @@ fun decryptSalt(
     if (!MessageDigest.isEqual(saltAuth, saltAuthComputed))
         return null
     // hmac-secret uses an IV consisting of 0s since the plaintexts are (approximately) random
+    // NOTE: This causes a warning on insecure uses of cryptography in the Play Console.
     val iv = IvParameterSpec(ByteArray(16))
     return Cipher.getInstance(AES_CBC_NO_PADDING).run {
         init(Cipher.DECRYPT_MODE, SecretKeySpec(sharedSecret, AES_CBC_NO_PADDING), iv)
@@ -156,6 +157,7 @@ fun decryptSalt(
 
 fun encryptHmacOutput(sharedSecret: ByteArray, hmacSecret: ByteArray): ByteArray {
     // hmac-secret uses an IV consisting of 0s since the plaintexts are (approximately) random
+    // NOTE: This causes a warning on insecure uses of cryptography in the Play Console.
     val iv = IvParameterSpec(ByteArray(16))
     return Cipher.getInstance(AES_CBC_NO_PADDING).run {
         init(Cipher.ENCRYPT_MODE, SecretKeySpec(sharedSecret, AES_CBC_NO_PADDING), iv)