diff --git a/src/main/kotlin/provider/KeyAttestationCertPath.kt b/src/main/kotlin/provider/KeyAttestationCertPath.kt index c26d1ed..8ce5fc6 100644 --- a/src/main/kotlin/provider/KeyAttestationCertPath.kt +++ b/src/main/kotlin/provider/KeyAttestationCertPath.kt @@ -111,7 +111,7 @@ class KeyAttestationCertPath(certs: List) : CertPath("X.509") { private fun isFactoryProvisioned(): Boolean { val rdn = parseDN(this.intermediateCert().subjectX500Principal.getName(X500Principal.RFC1779)) - return rdn.containsKey(SERIAL_NUMBER_OID) && rdn[TITLE_OID] in setOf("TEE", "StrongBox") + return rdn.containsKey(SERIAL_NUMBER_OID) } // TODO(google-internal bug): Update this to use fields in the RKP root. diff --git a/src/test/kotlin/provider/KeyAttestationCertPathTest.kt b/src/test/kotlin/provider/KeyAttestationCertPathTest.kt index 09e8836..cf73b69 100644 --- a/src/test/kotlin/provider/KeyAttestationCertPathTest.kt +++ b/src/test/kotlin/provider/KeyAttestationCertPathTest.kt @@ -108,6 +108,10 @@ class KeyAttestationCertPathTest { } enum class ProvisioningMethodTestCase(val path: String, val expected: ProvisioningMethod) { + FACTORY_PROVISIONED_OLD_STYLE( + "sony-xperia10-iii/sdk33/TEE_EC", + ProvisioningMethod.FACTORY_PROVISIONED, + ), FACTORY_PROVISIONED("blueline/sdk28/TEE_EC_NONE", ProvisioningMethod.FACTORY_PROVISIONED), REMOTELY_PROVISIONED("caiman/sdk36/TEE_EC_RKP", ProvisioningMethod.REMOTELY_PROVISIONED), UNKNOWN("marlin/sdk29/TEE_EC_NONE", ProvisioningMethod.UNKNOWN), diff --git a/testdata/sony-xperia10-iii/sdk33/TEE_EC.json b/testdata/sony-xperia10-iii/sdk33/TEE_EC.json new file mode 100644 index 0000000..442a7b6 --- /dev/null +++ b/testdata/sony-xperia10-iii/sdk33/TEE_EC.json @@ -0,0 +1,41 @@ +{ + "attestationVersion": "3", + "attestationSecurityLevel": "TRUSTED_ENVIRONMENT", + "keyMintVersion": "41", + "keyMintSecurityLevel": "TRUSTED_ENVIRONMENT", + "attestationChallenge": "Pq/k1d0AkN5aQrQytCSBr1zimWNlayWExZpJLeFtAMk=", + "uniqueId": "", + "softwareEnforced": { + "creationDateTime": "1780585145000", + "attestationApplicationId": { + "packages": [{ "name": "com.android.vending", "version": "85162330" }], + "signatures": ["8P1sW0EPJcslw7UzRsiXL64w+O50Ed+RBICtay1g24M="] + }, + "areTagsOrdered": true + }, + "hardwareEnforced": { + "purposes": ["2"], + "algorithms": "3", + "keySize": "256", + "digests": ["6"], + "ecCurve": "1", + "noAuthRequired": true, + "origin": "GENERATED", + "rootOfTrust": { + "verifiedBootKey": "gdG7IUVTlNoNf2DCV7dUWYDtUt/XyKiBbM88pwdDb54=", + "deviceLocked": true, + "verifiedBootState": "VERIFIED", + "verifiedBootHash": "UNZsaZbE8OV1KFQV9dBC0iDGeN7N1Bc79PHTAhz55KE=" + }, + "osVersion": "130000", + "osPatchLevel": "202307", + "attestationIdBrand": "docomo", + "attestationIdDevice": "SO-52B", + "attestationIdProduct": "SO-52B", + "attestationIdManufacturer": "Sony", + "attestationIdModel": "SO-52B", + "vendorPatchLevel": "20230701", + "bootPatchLevel": "20230701", + "areTagsOrdered": true + } +} diff --git a/testdata/sony-xperia10-iii/sdk33/TEE_EC.pem b/testdata/sony-xperia10-iii/sdk33/TEE_EC.pem new file mode 100644 index 0000000..70e2c51 --- /dev/null +++ b/testdata/sony-xperia10-iii/sdk33/TEE_EC.pem @@ -0,0 +1,85 @@ +-----BEGIN CERTIFICATE----- +MIICvzCCAmagAwIBAgIBATAKBggqhkjOPQQDAjAbMRkwFwYDVQQFExAzZTdmYjZh +MWVlNGJkNTY4MCAXDTcwMDEwMTAwMDAwMFoYDzIxMDYwMjA3MDYyODE1WjAfMR0w +GwYDVQQDDBRBbmRyb2lkIEtleXN0b3JlIEtleTBZMBMGByqGSM49AgEGCCqGSM49 +AwEHA0IABLrQPJVjzcg/dVotjVbI3VkDyJj/HomhIkxDWA8rS9LM+ZOVEkk/9Pls +nybD1ZsWN9kyvQaK2oKLYAW7Cq53iY2jggGTMIIBjzAOBgNVHQ8BAf8EBAMCB4Aw +ggF7BgorBgEEAdZ5AgERBIIBazCCAWcCAQMKAQECASkKAQEEID6v5NXdAJDeWkK0 +MrQkga9c4pljZWslhMWaSS3hbQDJBAAwV7+FPQgCBgGekyUiqL+FRUcERTBDMR0w +GwQTY29tLmFuZHJvaWQudmVuZGluZwIEBRN5WjEiBCDw/WxbQQ8lyyXDtTNGyJcv +rjD47nQR35EEgK1rLWDbgzCB26EFMQMCAQKiAwIBA6MEAgIBAKUFMQMCAQaqAwIB +Ab+DdwIFAL+FPgMCAQC/hUBMMEoEIIHRuyFFU5TaDX9gwle3VFmA7VLf18iogWzP +PKcHQ2+eAQH/CgEABCBQ1mxplsTw5XUoVBX10ELSIMZ43s3UFzv08dMCHPnkob+F +QQUCAwH70L+FQgUCAwMWQ7+FRggEBmRvY29tb7+FRwgEBlNPLTUyQr+FSAgEBlNP +LTUyQr+FTAYEBFNvbnm/hU0IBAZTTy01MkK/hU4GAgQBNLItv4VPBgIEATSyLTAK +BggqhkjOPQQDAgNHADBEAiAc30NT6OoIUR00Vm6x3BKWPa5BNfSdZ29uFI5suUsg +NQIgdYS61mQHaR2IgajOFO+nxMLhzj3/P4D0NZSnn7CgC14= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICKzCCAbKgAwIBAgIKFlgHaDNVWQMWBTAKBggqhkjOPQQDAjAbMRkwFwYDVQQF +ExA4N2Y0NTE0NDc1YmEwYTJiMB4XDTE2MDUyNjE3MTkwMFoXDTI2MDUyNDE3MTkw +MFowGzEZMBcGA1UEBRMQM2U3ZmI2YTFlZTRiZDU2ODBZMBMGByqGSM49AgEGCCqG +SM49AwEHA0IABAb+gStr8TAHqc4ueIBBQwkvDzcbYkIRf0qhu7hev7G9XPtRL8+D +MXUMy/JzFnpiiSt1QdcwrS2jK3lpS7DoA9Ojgd0wgdowHQYDVR0OBBYEFMqTzYTD +BCXs2/vajnn3MZXDBn5YMB8GA1UdIwQYMBaAFDBEI+Wi9gbhUKt3XxYWu5HMY8ZZ +MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMCQGA1UdHgQdMBugGTAXghVp +bnZhbGlkO2VtYWlsOmludmFsaWQwVAYDVR0fBE0wSzBJoEegRYZDaHR0cHM6Ly9h +bmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8xNjU4MDc2ODMz +NTU1OTAzMTYwNTAKBggqhkjOPQQDAgNnADBkAjAMv+GZm51nvmPVl/AWjFqFsriO +oEeQQAzessWJ/cHWmZTr4VfoVkTTf8mqi/X1ytoCMGrosF800OaNbU8gFoP7R6fM +mnnwl2/5WLV3uhP5Yz6AQUWWTYLuF2EbxY3dNNaGGg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDwzCCAaugAwIBAgIKA4gmZ2BliZaFdTANBgkqhkiG9w0BAQsFADAbMRkwFwYD +VQQFExBmOTIwMDllODUzYjZiMDQ1MB4XDTE2MDUyNjE3MDE1MVoXDTI2MDUyNDE3 +MDE1MVowGzEZMBcGA1UEBRMQODdmNDUxNDQ3NWJhMGEyYjB2MBAGByqGSM49AgEG +BSuBBAAiA2IABGQ7VmgdJ/rEgs9sIE3rzvApXDUMAaqMMn8+1fRJrvQpZkJfOT2E +djtdrVaxDQRZxixqT5MlVqiSk8PRTqLx3+8OPLoicqMiOeGytH2sVQurvFynVeKq +SGKK1jx2/2fccqOBtjCBszAdBgNVHQ4EFgQUMEQj5aL2BuFQq3dfFha7kcxjxlkw +HwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAYYwUAYDVR0fBEkwRzBFoEOgQYY/aHR0cHM6Ly9hbmRy +b2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC9FOEZBMTk2MzE0RDJG +QTE4MA0GCSqGSIb3DQEBCwUAA4ICAQBAOYqLNryTmbOlnrjnIvDoXxzaLOgCXu29 +l7KpbFHacVLxgYuGRiIEQqzZBqUYSt9Pgx+P2KvoHtz99sEZr2xTe0Dw6CTHTAmx +WXUFdrlvEMm2GySfvJRfMNCuX1oIS/M5PfREY2YZHyLq/sn1sJr3FjbKMdUMBo5A +camcD3H8wl9O/6qfhX+57iXzoK6yMzJRG/Mlkm58/sFk0pjayUBchmUJL0FQ6IhK +Ygy8RKE2UDyXKOE7+ZMSMUUkAdzyn2PFv7TvQtDk0ge2mkVrNrfPSglMzBNvrSDH +PBmTktXzwseVagIRT5WI91OrUOYPFgostsfH42hs5wJtAFGPwDg/1mNa8UyH9k1b +MrRq3Srez1XG0Ju7SGN/uNX5dkcwvfAmadtmM7Pp+l2VHRYRR600jAcM2+7bl8eg +qfM/A7vyDLZqPIxDwkLXj2eN99nJZJVaGfB9dHyFOqBqBM6SdyV6MSIr3AHoo6u+ +BWIX9+q8n1qg5I6JWeEe+K58SbRDVoNQgsKP9/iPruXMU5rm2ywPxICVGysl1GgA +P+FJ3X6oP0tXFWQlYoWdSloSVHNZQqj2ev/69sMnGsTeJw1V7I0gR+eZNEfxe+vZ +D4KP88KxuiPCe94rp+Aqs5/YwuCo6rQ+HGi5OZNBsQXYIufClSBje+OpjQb7HJgi +hJdzo2/IBw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV +BAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYy +ODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdS +Sxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7 +tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggj +nar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGq +C4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQ +oVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+O +JtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/Eg +sTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRi +igHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+M +RPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9E +aDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5Um +AGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYD +VR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lk +Lmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQAD +ggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfB +Pb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00m +qC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rY +DBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPm +QUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4u +JU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyD +CdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79Iy +ZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxD +qwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23Uaic +MDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1 +wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk +-----END CERTIFICATE-----