Skip to content

Commit

Permalink
Update AttestationProtcol#verify method with extra security state arg…
Browse files Browse the repository at this point in the history 
…ument
  • Loading branch information
@quh4gko8
quh4gko8 committed Jan 7, 2025
1 parent 97ba145 commit 21fbd9e
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions app/src/main/java/app/attestation/auditor/AttestationProtocol.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -959,7 +959,8 @@ private static VerificationResult verify(final Context context, final byte[] fin
final boolean accessibility, final boolean deviceAdmin,
final boolean deviceAdminNonSystem, final boolean adbEnabled,
final boolean addUsersWhenLocked, final boolean enrolledBiometrics,
final boolean oemUnlockAllowed, final boolean systemUser)
final boolean oemUnlockAllowed, final boolean systemUser,
SecurityStateExt securityStateExt)
throws GeneralSecurityException {
final String fingerprintHex = BaseEncoding.base16().encode(fingerprint);
final byte[] currentFingerprint = getFingerprint(attestationCertificates[0]);
Expand Down Expand Up @@ -1232,10 +1233,14 @@ static VerificationResult verifySerialized(final Context context, final byte[] a
throw new GeneralSecurityException("invalid device administrator state");
}

final SecurityStateExt securityStateExt;
if (version >= 6) {
final int autoRebootSeconds = deserializer.getInt();
final byte portSecurityMode = deserializer.get();
final byte userCount = deserializer.get();
securityStateExt = new SecurityStateExt(autoRebootSeconds, portSecurityMode, userCount);
} else {
securityStateExt = SecurityStateExt.UNKNOWN;
}

final int signatureLength = deserializer.remaining();
Expand All @@ -1248,7 +1253,8 @@ static VerificationResult verifySerialized(final Context context, final byte[] a
final byte[] challenge = Arrays.copyOfRange(challengeMessage, 1 + RANDOM_TOKEN_LENGTH, 1 + RANDOM_TOKEN_LENGTH * 2);
return verify(context, fingerprint, challenge, deserializer.asReadOnlyBuffer(), signature,
certificates, userProfileSecure, accessibility, deviceAdmin, deviceAdminNonSystem,
adbEnabled, addUsersWhenLocked, enrolledBiometrics, oemUnlockAllowed, systemUser);
adbEnabled, addUsersWhenLocked, enrolledBiometrics, oemUnlockAllowed, systemUser,
securityStateExt);
}

record AttestationResult(boolean pairing, byte[] serialized) {}
Expand Down

0 comments on commit 21fbd9e

Please sign in to comment.