From 1f41833f2e4da0836e8a1420afcb838b1c794fa1 Mon Sep 17 00:00:00 2001
From: Fabian Henneke <fabian@henneke.me>
Date: Tue, 31 Mar 2020 09:20:29 +0200
Subject: [PATCH] Document Play Console warnings resulting from hmac-secret
 implementation

---
 .../me/henneke/wearauthn/fido/context/AuthenticatorContext.kt   | 1 -
 .../src/main/java/me/henneke/wearauthn/fido/context/Keystore.kt | 2 ++
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/authenticator/src/main/java/me/henneke/wearauthn/fido/context/AuthenticatorContext.kt b/authenticator/src/main/java/me/henneke/wearauthn/fido/context/AuthenticatorContext.kt
index 4efaa90..ab28555 100644
--- a/authenticator/src/main/java/me/henneke/wearauthn/fido/context/AuthenticatorContext.kt
+++ b/authenticator/src/main/java/me/henneke/wearauthn/fido/context/AuthenticatorContext.kt
@@ -4,7 +4,6 @@ import android.app.Activity
 import android.content.Context
 import android.content.Intent
 import android.content.SharedPreferences
-import android.nfc.cardemulation.HostApduService
 import android.os.Bundle
 import android.os.Handler
 import android.os.ResultReceiver
diff --git a/authenticator/src/main/java/me/henneke/wearauthn/fido/context/Keystore.kt b/authenticator/src/main/java/me/henneke/wearauthn/fido/context/Keystore.kt
index 8724340..fe45016 100644
--- a/authenticator/src/main/java/me/henneke/wearauthn/fido/context/Keystore.kt
+++ b/authenticator/src/main/java/me/henneke/wearauthn/fido/context/Keystore.kt
@@ -147,6 +147,7 @@ fun decryptSalt(
     if (!MessageDigest.isEqual(saltAuth, saltAuthComputed))
         return null
     // hmac-secret uses an IV consisting of 0s since the plaintexts are (approximately) random
+    // NOTE: This causes a warning on insecure uses of cryptography in the Play Console.
     val iv = IvParameterSpec(ByteArray(16))
     return Cipher.getInstance(AES_CBC_NO_PADDING).run {
         init(Cipher.DECRYPT_MODE, SecretKeySpec(sharedSecret, AES_CBC_NO_PADDING), iv)
@@ -156,6 +157,7 @@ fun decryptSalt(
 
 fun encryptHmacOutput(sharedSecret: ByteArray, hmacSecret: ByteArray): ByteArray {
     // hmac-secret uses an IV consisting of 0s since the plaintexts are (approximately) random
+    // NOTE: This causes a warning on insecure uses of cryptography in the Play Console.
     val iv = IvParameterSpec(ByteArray(16))
     return Cipher.getInstance(AES_CBC_NO_PADDING).run {
         init(Cipher.ENCRYPT_MODE, SecretKeySpec(sharedSecret, AES_CBC_NO_PADDING), iv)