Skip to content

Commit

Permalink
convert attestation parsing error to GeneralSecurityException
Browse files Browse the repository at this point in the history
  • Loading branch information
@thestinger
thestinger committed Oct 1, 2024
1 parent d2d8db8 commit 2f32e80
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 6 deletions.
2 changes: 1 addition & 1 deletion app/src/main/java/app/attestation/auditor/AttestationActivity.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -361,7 +361,7 @@ private void handleAttestation(final byte[] serialized) {
binding.content.textview.append(result.history());
}
});
} catch (final DataFormatException | GeneralSecurityException | IOException |
} catch (final DataFormatException | GeneralSecurityException |
BufferUnderflowException | NegativeArraySizeException e) {
Log.e(TAG, "attestation verification error", e);
runOnUiThread(() -> {
Expand Down
14 changes: 9 additions & 5 deletions app/src/main/java/app/attestation/auditor/AttestationProtocol.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -561,7 +561,7 @@ private static X509Certificate generateCertificate(final InputStream in)

private static Verified verifyStateless(final Certificate[] certificates,
final byte[] challenge, final boolean hasPersistentKey, final byte[][] validRoots)
throws GeneralSecurityException, IOException {
throws GeneralSecurityException {

verifyCertificateSignatures(certificates, hasPersistentKey);

Expand All @@ -574,7 +574,7 @@ private static Verified verifyStateless(final Certificate[] certificates,
final ParsedAttestationRecord attestation;
try {
attestation = ParsedAttestationRecord.createParsedAttestationRecord(List.of((X509Certificate) certificates[0]));
} catch (final ParsedAttestationRecord.KeyDescriptionMissingException e) {
} catch (final IOException | ParsedAttestationRecord.KeyDescriptionMissingException e) {
throw new GeneralSecurityException(e);
}

Expand Down Expand Up @@ -809,6 +809,8 @@ private static Verified verifyStateless(final Certificate[] certificates,
}

attestKey = true;
} catch (final IOException e) {
throw new GeneralSecurityException(e);
} catch (final ParsedAttestationRecord.KeyDescriptionMissingException ignored) {}

// enforce attest key for new pairings with devices supporting it
Expand All @@ -819,7 +821,9 @@ private static Verified verifyStateless(final Certificate[] certificates,
for (int i = 2; i < certificates.length; i++) {
try {
ParsedAttestationRecord.createParsedAttestationRecord(List.of((X509Certificate) certificates[i]));
} catch (final ParsedAttestationRecord.KeyDescriptionMissingException e) {
} catch (final IOException e) {
throw new GeneralSecurityException(e);
} catch (final ParsedAttestationRecord.KeyDescriptionMissingException e) {
continue;
}
throw new GeneralSecurityException("only initial key and attest key should have attestation extension");
Expand Down Expand Up @@ -947,7 +951,7 @@ private static VerificationResult verify(final Context context, final byte[] fin
final boolean deviceAdminNonSystem, final boolean adbEnabled,
final boolean addUsersWhenLocked, final boolean enrolledBiometrics,
final boolean oemUnlockAllowed, final boolean systemUser)
throws GeneralSecurityException, IOException {
throws GeneralSecurityException {
final String fingerprintHex = BaseEncoding.base16().encode(fingerprint);
final byte[] currentFingerprint = getFingerprint(attestationCertificates[0]);
final boolean hasPersistentKey = !Arrays.equals(currentFingerprint, fingerprint);
Expand Down Expand Up @@ -1181,7 +1185,7 @@ private static byte[] encodeChain(final byte[] dictionary, final Certificate[] c
}

static VerificationResult verifySerialized(final Context context, final byte[] attestationResult,
final byte[] challengeMessage) throws DataFormatException, GeneralSecurityException, IOException {
final byte[] challengeMessage) throws DataFormatException, GeneralSecurityException {
final ByteBuffer deserializer = ByteBuffer.wrap(attestationResult);
final byte version = deserializer.get();
if (version > PROTOCOL_VERSION) {
Expand Down

0 comments on commit 2f32e80

Please sign in to comment.