Skip to content

Commit

Permalink
drop support for earlier protocol versions
Browse files Browse the repository at this point in the history 
Protocol version 5 was introduced with app version 73 so that becomes
the new minimum app version.
  • Loading branch information
@thestinger
thestinger committed Sep 8, 2024
1 parent c37e8ab commit 6cf2668
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions app/src/main/java/app/attestation/auditor/AttestationProtocol.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,7 @@ class AttestationProtocol {
// downgrade protection for the OS version/patch (bootloader/TEE enforced) and app version (OS
// enforced) by keeping them updated.
private static final byte PROTOCOL_VERSION = 5;
private static final byte PROTOCOL_VERSION_MINIMUM = 4;
private static final byte PROTOCOL_VERSION_MINIMUM = 5;
// can become longer in the future, but this is the minimum length
static final byte CHALLENGE_MESSAGE_LENGTH = 1 + CHALLENGE_LENGTH * 2;
private static final int MAX_ENCODED_CHAIN_LENGTH = 5000;
Expand Down Expand Up @@ -233,7 +233,7 @@ class AttestationProtocol {
private static final byte AUDITOR_APP_VARIANT_PLAY = 1;
private static final byte AUDITOR_APP_VARIANT_DEBUG = 2;

private static final int AUDITOR_APP_MINIMUM_VERSION = 47;
private static final int AUDITOR_APP_MINIMUM_VERSION = 73;
private static final int OS_VERSION_MINIMUM = 120000;
private static final int OS_PATCH_LEVEL_MINIMUM = 202110;
private static final int VENDOR_PATCH_LEVEL_MINIMUM = 20211005;
Expand Down Expand Up @@ -1246,7 +1246,7 @@ static VerificationResult verifySerialized(final Context context, final byte[] a
deserializer.get(compressedChain);

final Certificate[] certificates;
final int dictionary = version < 5 ? R.raw.deflate_dictionary_3 : R.raw.deflate_dictionary_4;
final int dictionary = R.raw.deflate_dictionary_4;
certificates = decodeChain(readRawResource(context, dictionary), compressedChain);

final byte[] fingerprint = new byte[FINGERPRINT_LENGTH];
Expand Down Expand Up @@ -1501,7 +1501,7 @@ static AttestationResult generateSerialized(final Context context, final byte[]
serializer.put(version);

final byte[] compressed;
final int dictionary = version < 5 ? R.raw.deflate_dictionary_3 : R.raw.deflate_dictionary_4;
final int dictionary = R.raw.deflate_dictionary_4;
compressed = encodeChain(readRawResource(context, dictionary), attestationCertificates);

if (compressed.length > Short.MAX_VALUE) {
Expand Down
Binary file removed app/src/main/res/raw/deflate_dictionary_3.bin
View file
Binary file not shown.

0 comments on commit 6cf2668

Please sign in to comment.