diff options
author | Elis Elliott <eliselliott@google.com> | 2020-07-07 10:52:55 +0000 |
---|---|---|
committer | Eran Messeri <eranm@google.com> | 2020-09-09 18:37:21 +0100 |
commit | 47172a0b2e41a2d48154fb8a62c1a86fef5ba58a (patch) | |
tree | a82e084762b51c65da9a534201916a5d70c8a3e6 | |
parent | 19b996bca74d32cec7d3794180ab6ed818c69b8e (diff) | |
download | android-key-attestation-47172a0b2e41a2d48154fb8a62c1a86fef5ba58a.tar.gz |
Add DEVICE_UNIQUE_ATTESTATION tag & parse value
Make aware of the DEVICE_UNIQUE_ATTESTATION tag, parse it's value
and add a test to test if the tag is parsed correctly.
Bug: 159706341
Change-Id: I35975fb927fc2fb94adca18b2afe5d7a1cbf608a
3 files changed, 22 insertions, 0 deletions
diff --git a/server/src/main/java/com/google/android/attestation/AuthorizationList.java b/server/src/main/java/com/google/android/attestation/AuthorizationList.java index 81c35ec..9c6a515 100644 --- a/server/src/main/java/com/google/android/attestation/AuthorizationList.java +++ b/server/src/main/java/com/google/android/attestation/AuthorizationList.java @@ -36,6 +36,7 @@ import static com.google.android.attestation.Constants.KM_TAG_ATTESTATION_ID_SER import static com.google.android.attestation.Constants.KM_TAG_AUTH_TIMEOUT; import static com.google.android.attestation.Constants.KM_TAG_BOOT_PATCH_LEVEL; import static com.google.android.attestation.Constants.KM_TAG_CREATION_DATE_TIME; +import static com.google.android.attestation.Constants.KM_TAG_DEVICE_UNIQUE_ATTESTATION; import static com.google.android.attestation.Constants.KM_TAG_DIGEST; import static com.google.android.attestation.Constants.KM_TAG_EC_CURVE; import static com.google.android.attestation.Constants.KM_TAG_KEY_SIZE; @@ -127,6 +128,7 @@ public class AuthorizationList { public final Optional<byte[]> attestationIdModel; public final Optional<Integer> vendorPatchLevel; public final Optional<Integer> bootPatchLevel; + public final boolean individualAttestation; private AuthorizationList(ASN1Encodable[] authorizationList, int attestationVersion) { Map<Integer, ASN1Primitive> authorizationMap = getAuthorizationMap(authorizationList); @@ -210,6 +212,8 @@ public class AuthorizationList { findOptionalIntegerAuthorizationListEntry(authorizationMap, KM_TAG_VENDOR_PATCH_LEVEL); this.bootPatchLevel = findOptionalIntegerAuthorizationListEntry(authorizationMap, KM_TAG_BOOT_PATCH_LEVEL); + this.individualAttestation = + findBooleanAuthorizationListEntry(authorizationMap, KM_TAG_DEVICE_UNIQUE_ATTESTATION); } static AuthorizationList createAuthorizationList( diff --git a/server/src/main/java/com/google/android/attestation/Constants.java b/server/src/main/java/com/google/android/attestation/Constants.java index 6f0a5f1..7db2744 100644 --- a/server/src/main/java/com/google/android/attestation/Constants.java +++ b/server/src/main/java/com/google/android/attestation/Constants.java @@ -102,6 +102,7 @@ public class Constants { static final int KM_TAG_ATTESTATION_ID_MODEL = 717; static final int KM_TAG_VENDOR_PATCH_LEVEL = 718; static final int KM_TAG_BOOT_PATCH_LEVEL = 719; + static final int KM_TAG_DEVICE_UNIQUE_ATTESTATION = 720; static final int ROOT_OF_TRUST_VERIFIED_BOOT_KEY_INDEX = 0; static final int ROOT_OF_TRUST_DEVICE_LOCKED_INDEX = 1; static final int ROOT_OF_TRUST_VERIFIED_BOOT_STATE_INDEX = 2; diff --git a/server/src/test/java/com/google/android/attestation/AuthorizationListTest.java b/server/src/test/java/com/google/android/attestation/AuthorizationListTest.java index 1265c46..12fa97a 100644 --- a/server/src/test/java/com/google/android/attestation/AuthorizationListTest.java +++ b/server/src/test/java/com/google/android/attestation/AuthorizationListTest.java @@ -109,6 +109,7 @@ public class AuthorizationListTest { assertThat(authorizationList.attestationApplicationId).isPresent(); assertThat(authorizationList.attestationApplicationIdBytes) .hasValue(EXPECTED_SW_ATTESTATION_APPLICATION_ID_BYTES); + assertThat(authorizationList.individualAttestation).isFalse(); } @Test @@ -130,6 +131,7 @@ public class AuthorizationListTest { assertThat(authorizationList.osPatchLevel).hasValue(EXPECTED_TEE_OS_PATCH_LEVEL); assertThat(authorizationList.vendorPatchLevel).hasValue(EXPECTED_TEE_VENDOR_PATCH_LEVEL); assertThat(authorizationList.bootPatchLevel).hasValue(EXPECTED_TEE_BOOT_PATCH_LEVEL); + assertThat(authorizationList.individualAttestation).isFalse(); } @Test @@ -146,4 +148,19 @@ public class AuthorizationListTest { assertThat(expected).hasMessageThat().contains("Invalid User Auth Type."); } } + + private static final String EXTENTION_DATA_WITH_INDIVIDUAL_ATTESTATION = + "MIH0oQgxBgIBAgIBA6IDAgEBowQCAggApQUxAwIBBKYIMQYCAQMCAQW/gUgFAgMBAAG/g3cCBQC/hT4DAgEAv4VATDBK" + + "BCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAAoBAgQgEvR7Lf1t9nD6P2qyUmgiQ0mG+RixYn" + + "glj2TaAMZmHn2/hUEFAgMBrbC/hUIFAgMDFRi/hUYIBAZnb29nbGW/hUcHBAVzYXJnb7+FSAcEBXNhcmdvv4VM" + + "CAQGR29vZ2xlv4VNCgQIUGl4ZWwgM2G/hU4GAgQBND1lv4VPBgIEATQ9Zb+FUAIFAA=="; + @Test + public void testCanParseIndividualAttestation() throws IOException{ + AuthorizationList authorizationList = + AuthorizationList.createAuthorizationList( + getEncodableAuthorizationList(EXTENTION_DATA_WITH_INDIVIDUAL_ATTESTATION), + ATTESTATION_VERSION); + + assertThat(authorizationList.individualAttestation).isTrue(); + } } |