Skip to content

Commit

Permalink
app: add toggle for Samsung attestation
Browse files Browse the repository at this point in the history 
Signed-off-by: BlackMesa123 <[email protected]>
  • Loading branch information
@salvogiangri
salvogiangri committed Aug 17, 2024
1 parent c560787 commit 25dac9b
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 7 deletions.
13 changes: 12 additions & 1 deletion app/src/main/java/io/github/vvb2060/keyattestation/home/HomeFragment.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,13 +150,18 @@ class HomeFragment : AppFragment(), HomeAdapter.Listener, MenuProvider {
}

override fun onPrepareMenu(menu: Menu) {
menu.findItem(R.id.menu_use_sak).apply {
isVisible = viewModel.hasSAK
isChecked = viewModel.preferSAK
}
menu.findItem(R.id.menu_use_strongbox).apply {
isVisible = viewModel.hasStrongBox
isChecked = viewModel.preferStrongBox
}
menu.findItem(R.id.menu_use_attest_key).apply {
isVisible = viewModel.hasAttestKey
isChecked = viewModel.preferAttestKey
isEnabled = !viewModel.preferSAK
isChecked = !viewModel.preferSAK && viewModel.preferAttestKey
}
menu.findItem(R.id.menu_incluid_props).apply {
isVisible = viewModel.hasDeviceIds
Expand All @@ -171,6 +176,12 @@ class HomeFragment : AppFragment(), HomeAdapter.Listener, MenuProvider {

override fun onMenuItemSelected(item: MenuItem): Boolean {
when (item.itemId) {
R.id.menu_use_sak -> {
val status = !item.isChecked
item.isChecked = status
viewModel.preferSAK = status
viewModel.load()
}
R.id.menu_use_strongbox -> {
val status = !item.isChecked
item.isChecked = status
Expand Down
23 changes: 17 additions & 6 deletions app/src/main/java/io/github/vvb2060/keyattestation/home/HomeViewModel.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,14 @@ class HomeViewModel(pm: PackageManager, private val sp: SharedPreferences) : Vie
val attestationResult = MutableLiveData<Resource<AttestationResult>>()
var currentCerts: List<X509Certificate>? = null

val hasSAK = Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q &&
SamsungUtils.isSecAttestationSupported()
var preferSAK = sp.getBoolean("prefer_sak", hasSAK)
set(value) {
field = value
sp.edit { putBoolean("prefer_sak", value) }
}

val hasStrongBox = Build.VERSION.SDK_INT >= Build.VERSION_CODES.P &&
pm.hasSystemFeature(PackageManager.FEATURE_STRONGBOX_KEYSTORE)
var preferStrongBox = sp.getBoolean("prefer_strongbox", true)
Expand Down Expand Up @@ -87,6 +95,7 @@ class HomeViewModel(pm: PackageManager, private val sp: SharedPreferences) : Vie

@Throws(GeneralSecurityException::class)
private fun generateKey(alias: String,
useSAK: Boolean,
useStrongBox: Boolean,
includeProps: Boolean,
attestKeyAlias: String?) {
Expand Down Expand Up @@ -115,7 +124,7 @@ class HomeViewModel(pm: PackageManager, private val sp: SharedPreferences) : Vie
builder.setAttestKeyAlias(attestKeyAlias)
}
}
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q && SamsungUtils.isSecAttestationSupported()) {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q && useSAK) {
val spec = AttestParameterSpec.Builder(alias, now.toString().toByteArray())
.setAlgorithm(KeyProperties.KEY_ALGORITHM_EC)
.setKeyGenParameterSpec(builder.build())
Expand All @@ -137,17 +146,18 @@ class HomeViewModel(pm: PackageManager, private val sp: SharedPreferences) : Vie
}

@Throws(AttestationException::class)
private fun doAttestation(useStrongBox: Boolean,
private fun doAttestation(useSAK: Boolean,
useStrongBox: Boolean,
includeProps: Boolean,
useAttestKey: Boolean): AttestationResult {
val certs = ArrayList<Certificate>()
val alias = if (useStrongBox) "${AppApplication.TAG}_strongbox" else AppApplication.TAG
val attestKeyAlias = if (useAttestKey) "${alias}_persistent" else null
try {
if (useAttestKey && !keyStore.containsAlias(attestKeyAlias)) {
generateKey(attestKeyAlias!!, useStrongBox, includeProps, attestKeyAlias)
generateKey(attestKeyAlias!!, useSAK, useStrongBox, includeProps, attestKeyAlias)
}
generateKey(alias, useStrongBox, includeProps, attestKeyAlias)
generateKey(alias, useSAK, useStrongBox, includeProps, attestKeyAlias)

val certChain = keyStore.getCertificateChain(alias)
?: throw CertificateException("Unable to get certificate chain")
Expand Down Expand Up @@ -257,11 +267,12 @@ class HomeViewModel(pm: PackageManager, private val sp: SharedPreferences) : Vie
}
}

val useSAK = hasSAK && preferSAK
val useStrongBox = hasStrongBox && preferStrongBox
val includeProps = hasDeviceIds && preferIncludeProps
val useAttestKey = hasAttestKey && preferAttestKey
val useAttestKey = hasAttestKey && preferAttestKey && !useSAK
val result = try {
val attestationResult = doAttestation(useStrongBox, includeProps, useAttestKey)
val attestationResult = doAttestation(useSAK, useStrongBox, includeProps, useAttestKey)
Resource.success(attestationResult)
} catch (e: Throwable) {
val cause = if (e is AttestationException) e.cause else e
Expand Down
6 changes: 6 additions & 0 deletions app/src/main/res/menu/home.xml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,12 @@
<?xml version="1.0" encoding="utf-8"?>
<menu xmlns:android="http://schemas.android.com/apk/res/android">

<item
android:id="@+id/menu_use_sak"
android:showAsAction="never"
android:checkable="true"
android:title="@string/use_sak" />

<item
android:id="@+id/menu_use_strongbox"
android:showAsAction="never"
Expand Down
1 change: 1 addition & 0 deletions app/src/main/res/values/strings.xml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string name="app_name">Key Attestation</string>
<string name="use_sak">Use Samsung attestation</string>
<string name="use_strongbox">Use StrongBox</string>
<string name="use_attest_key">Use app generated attest key</string>
<string name="attest_device_props">Attest device props</string>
Expand Down

0 comments on commit 25dac9b

Please sign in to comment.