Add DEVICE_UNIQUE_ATTESTATION tag & parse value

Make aware of the DEVICE_UNIQUE_ATTESTATION tag, parse it's value and add a test to test if the tag is parsed correctly. Bug: 159706341 Change-Id: I35975fb927fc2fb94adca18b2afe5d7a1cbf608a
author: Elis Elliott <eliselliott@google.com> 2020-07-07 10:52:55 +0000
committer: Eran Messeri <eranm@google.com> 2020-09-09 18:37:21 +0100
commit: 47172a0b2e41a2d48154fb8a62c1a86fef5ba58a (patch)
tree: a82e084762b51c65da9a534201916a5d70c8a3e6
parent: 19b996bca74d32cec7d3794180ab6ed818c69b8e (diff)
download: android-key-attestation-47172a0b2e41a2d48154fb8a62c1a86fef5ba58a.tar.gz
3 files changed, 22 insertions, 0 deletions
diff --git a/server/src/main/java/com/google/android/attestation/AuthorizationList.java b/server/src/main/java/com/google/android/attestation/AuthorizationList.java
index 81c35ec..9c6a515 100644
--- a/server/src/main/java/com/google/android/attestation/AuthorizationList.java
+++ b/server/src/main/java/com/google/android/attestation/AuthorizationList.java
@@ -36,6 +36,7 @@ import static com.google.android.attestation.Constants.KM_TAG_ATTESTATION_ID_SER
 import static com.google.android.attestation.Constants.KM_TAG_AUTH_TIMEOUT;
 import static com.google.android.attestation.Constants.KM_TAG_BOOT_PATCH_LEVEL;
 import static com.google.android.attestation.Constants.KM_TAG_CREATION_DATE_TIME;
+import static com.google.android.attestation.Constants.KM_TAG_DEVICE_UNIQUE_ATTESTATION;
 import static com.google.android.attestation.Constants.KM_TAG_DIGEST;
 import static com.google.android.attestation.Constants.KM_TAG_EC_CURVE;
 import static com.google.android.attestation.Constants.KM_TAG_KEY_SIZE;
@@ -127,6 +128,7 @@ public class AuthorizationList {
   public final Optional<byte[]> attestationIdModel;
   public final Optional<Integer> vendorPatchLevel;
   public final Optional<Integer> bootPatchLevel;
+  public final boolean individualAttestation;
 
   private AuthorizationList(ASN1Encodable[] authorizationList, int attestationVersion) {
     Map<Integer, ASN1Primitive> authorizationMap = getAuthorizationMap(authorizationList);
@@ -210,6 +212,8 @@ public class AuthorizationList {
         findOptionalIntegerAuthorizationListEntry(authorizationMap, KM_TAG_VENDOR_PATCH_LEVEL);
     this.bootPatchLevel =
         findOptionalIntegerAuthorizationListEntry(authorizationMap, KM_TAG_BOOT_PATCH_LEVEL);
+    this.individualAttestation =
+        findBooleanAuthorizationListEntry(authorizationMap, KM_TAG_DEVICE_UNIQUE_ATTESTATION);
   }
 
   static AuthorizationList createAuthorizationList(
diff --git a/server/src/main/java/com/google/android/attestation/Constants.java b/server/src/main/java/com/google/android/attestation/Constants.java
index 6f0a5f1..7db2744 100644
--- a/server/src/main/java/com/google/android/attestation/Constants.java
+++ b/server/src/main/java/com/google/android/attestation/Constants.java
@@ -102,6 +102,7 @@ public class Constants {
   static final int KM_TAG_ATTESTATION_ID_MODEL = 717;
   static final int KM_TAG_VENDOR_PATCH_LEVEL = 718;
   static final int KM_TAG_BOOT_PATCH_LEVEL = 719;
+  static final int KM_TAG_DEVICE_UNIQUE_ATTESTATION = 720;
   static final int ROOT_OF_TRUST_VERIFIED_BOOT_KEY_INDEX = 0;
   static final int ROOT_OF_TRUST_DEVICE_LOCKED_INDEX = 1;
   static final int ROOT_OF_TRUST_VERIFIED_BOOT_STATE_INDEX = 2;
diff --git a/server/src/test/java/com/google/android/attestation/AuthorizationListTest.java b/server/src/test/java/com/google/android/attestation/AuthorizationListTest.java
index 1265c46..12fa97a 100644
--- a/server/src/test/java/com/google/android/attestation/AuthorizationListTest.java
+++ b/server/src/test/java/com/google/android/attestation/AuthorizationListTest.java
@@ -109,6 +109,7 @@ public class AuthorizationListTest {
     assertThat(authorizationList.attestationApplicationId).isPresent();
     assertThat(authorizationList.attestationApplicationIdBytes)
         .hasValue(EXPECTED_SW_ATTESTATION_APPLICATION_ID_BYTES);
+    assertThat(authorizationList.individualAttestation).isFalse();
   }
 
   @Test
@@ -130,6 +131,7 @@ public class AuthorizationListTest {
     assertThat(authorizationList.osPatchLevel).hasValue(EXPECTED_TEE_OS_PATCH_LEVEL);
     assertThat(authorizationList.vendorPatchLevel).hasValue(EXPECTED_TEE_VENDOR_PATCH_LEVEL);
     assertThat(authorizationList.bootPatchLevel).hasValue(EXPECTED_TEE_BOOT_PATCH_LEVEL);
+    assertThat(authorizationList.individualAttestation).isFalse();
   }
 
   @Test
@@ -146,4 +148,19 @@ public class AuthorizationListTest {
       assertThat(expected).hasMessageThat().contains("Invalid User Auth Type.");
     }
   }
+
+  private static final String EXTENTION_DATA_WITH_INDIVIDUAL_ATTESTATION =
+      "MIH0oQgxBgIBAgIBA6IDAgEBowQCAggApQUxAwIBBKYIMQYCAQMCAQW/gUgFAgMBAAG/g3cCBQC/hT4DAgEAv4VATDBK"
+          + "BCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAAoBAgQgEvR7Lf1t9nD6P2qyUmgiQ0mG+RixYn"
+          + "glj2TaAMZmHn2/hUEFAgMBrbC/hUIFAgMDFRi/hUYIBAZnb29nbGW/hUcHBAVzYXJnb7+FSAcEBXNhcmdvv4VM"
+          + "CAQGR29vZ2xlv4VNCgQIUGl4ZWwgM2G/hU4GAgQBND1lv4VPBgIEATQ9Zb+FUAIFAA==";
+  @Test
+  public void testCanParseIndividualAttestation() throws IOException{
+    AuthorizationList authorizationList =
+        AuthorizationList.createAuthorizationList(
+            getEncodableAuthorizationList(EXTENTION_DATA_WITH_INDIVIDUAL_ATTESTATION),
+            ATTESTATION_VERSION);
+
+    assertThat(authorizationList.individualAttestation).isTrue();
+  }
 }
author	Elis Elliott <eliselliott@google.com>	2020-07-07 10:52:55 +0000
committer	Eran Messeri <eranm@google.com>	2020-09-09 18:37:21 +0100
commit	47172a0b2e41a2d48154fb8a62c1a86fef5ba58a (patch)
tree	a82e084762b51c65da9a534201916a5d70c8a3e6
parent	19b996bca74d32cec7d3794180ab6ed818c69b8e (diff)
download	android-key-attestation-47172a0b2e41a2d48154fb8a62c1a86fef5ba58a.tar.gz