From 5602fc25e545a37ec0019c21b45998d3b5260b62 Mon Sep 17 00:00:00 2001 From: Brandon Weeks Date: Wed, 10 Jan 2024 10:44:57 +0100 Subject: [PATCH] No public description PiperOrigin-RevId: 597178877 --- .../policy/utils/AuthorizationList.java | 123 +++++++++++++----- 1 file changed, 92 insertions(+), 31 deletions(-) diff --git a/src/main/java/com/afwsamples/testdpc/policy/utils/AuthorizationList.java b/src/main/java/com/afwsamples/testdpc/policy/utils/AuthorizationList.java index 9d22bb12..0dfe909f 100644 --- a/src/main/java/com/afwsamples/testdpc/policy/utils/AuthorizationList.java +++ b/src/main/java/com/afwsamples/testdpc/policy/utils/AuthorizationList.java @@ -40,6 +40,8 @@ import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1SequenceParser; import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.ASN1Util; +import org.bouncycastle.asn1.BERTags; public class AuthorizationList { // Algorithm values. @@ -212,110 +214,169 @@ public AuthorizationList(ASN1Encodable sequence) throws CertificateParsingExcept ASN1TaggedObject entry = parseAsn1TaggedObject(parser); for (; entry != null; entry = parseAsn1TaggedObject(parser)) { int tag = entry.getTagNo(); - ASN1Primitive value = entry.getObject(); - Log.i("Attestation", "Parsing tag: [" + tag + "], value: [" + value + "]"); + Log.i( + "Attestation", + "Parsing tag: [" + tag + "], value: [" + entry.getBaseUniversal(true, tag) + "]"); switch (tag) { default: throw new CertificateParsingException("Unknown tag " + tag + " found"); case KM_TAG_PURPOSE & KEYMASTER_TAG_TYPE_MASK: - purposes = Asn1Utils.getIntegersFromAsn1Set(value); + purposes = + Asn1Utils.getIntegersFromAsn1Set( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.SET)); break; case KM_TAG_ALGORITHM & KEYMASTER_TAG_TYPE_MASK: - algorithm = Asn1Utils.getIntegerFromAsn1(value); + algorithm = + Asn1Utils.getIntegerFromAsn1( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.INTEGER)); break; case KM_TAG_KEY_SIZE & KEYMASTER_TAG_TYPE_MASK: - keySize = Asn1Utils.getIntegerFromAsn1(value); + keySize = + Asn1Utils.getIntegerFromAsn1( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.INTEGER)); Log.i("Attestation", "Found KEY SIZE, value: " + keySize); break; case KM_TAG_DIGEST & KEYMASTER_TAG_TYPE_MASK: - digests = Asn1Utils.getIntegersFromAsn1Set(value); + digests = + Asn1Utils.getIntegersFromAsn1Set( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.SET)); break; case KM_TAG_PADDING & KEYMASTER_TAG_TYPE_MASK: - paddingModes = Asn1Utils.getIntegersFromAsn1Set(value); + paddingModes = + Asn1Utils.getIntegersFromAsn1Set( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.SET)); break; case KM_TAG_RSA_PUBLIC_EXPONENT & KEYMASTER_TAG_TYPE_MASK: - rsaPublicExponent = Asn1Utils.getLongFromAsn1(value); + rsaPublicExponent = + Asn1Utils.getLongFromAsn1( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.INTEGER)); break; case KM_TAG_NO_AUTH_REQUIRED & KEYMASTER_TAG_TYPE_MASK: noAuthRequired = true; break; case KM_TAG_CREATION_DATETIME & KEYMASTER_TAG_TYPE_MASK: - creationDateTime = Asn1Utils.getDateFromAsn1(value); + creationDateTime = + Asn1Utils.getDateFromAsn1( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.INTEGER)); break; case KM_TAG_ORIGIN & KEYMASTER_TAG_TYPE_MASK: - origin = Asn1Utils.getIntegerFromAsn1(value); + origin = + Asn1Utils.getIntegerFromAsn1( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.INTEGER)); break; case KM_TAG_OS_VERSION & KEYMASTER_TAG_TYPE_MASK: - osVersion = Asn1Utils.getIntegerFromAsn1(value); + osVersion = + Asn1Utils.getIntegerFromAsn1( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.INTEGER)); break; case KM_TAG_OS_PATCHLEVEL & KEYMASTER_TAG_TYPE_MASK: - osPatchLevel = Asn1Utils.getIntegerFromAsn1(value); + osPatchLevel = + Asn1Utils.getIntegerFromAsn1( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.INTEGER)); break; case KM_TAG_VENDOR_PATCHLEVEL & KEYMASTER_TAG_TYPE_MASK: - vendorPatchLevel = Asn1Utils.getIntegerFromAsn1(value); + vendorPatchLevel = + Asn1Utils.getIntegerFromAsn1( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.INTEGER)); break; case KM_TAG_BOOT_PATCHLEVEL & KEYMASTER_TAG_TYPE_MASK: - bootPatchLevel = Asn1Utils.getIntegerFromAsn1(value); + bootPatchLevel = + Asn1Utils.getIntegerFromAsn1( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.INTEGER)); break; case KM_TAG_ACTIVE_DATETIME & KEYMASTER_TAG_TYPE_MASK: - activeDateTime = Asn1Utils.getDateFromAsn1(value); + activeDateTime = + Asn1Utils.getDateFromAsn1( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.INTEGER)); break; case KM_TAG_ORIGINATION_EXPIRE_DATETIME & KEYMASTER_TAG_TYPE_MASK: - originationExpireDateTime = Asn1Utils.getDateFromAsn1(value); + originationExpireDateTime = + Asn1Utils.getDateFromAsn1( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.INTEGER)); break; case KM_TAG_USAGE_EXPIRE_DATETIME & KEYMASTER_TAG_TYPE_MASK: - usageExpireDateTime = Asn1Utils.getDateFromAsn1(value); + usageExpireDateTime = + Asn1Utils.getDateFromAsn1( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.INTEGER)); break; case KM_TAG_APPLICATION_ID & KEYMASTER_TAG_TYPE_MASK: - applicationId = Asn1Utils.getByteArrayFromAsn1(value); + applicationId = + Asn1Utils.getByteArrayFromAsn1( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.OCTET_STRING)); break; case KM_TAG_ROLLBACK_RESISTANT & KEYMASTER_TAG_TYPE_MASK: rollbackResistant = true; break; case KM_TAG_AUTH_TIMEOUT & KEYMASTER_TAG_TYPE_MASK: - authTimeout = Asn1Utils.getIntegerFromAsn1(value); + authTimeout = + Asn1Utils.getIntegerFromAsn1( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.INTEGER)); break; case KM_TAG_ALLOW_WHILE_ON_BODY & KEYMASTER_TAG_TYPE_MASK: allowWhileOnBody = true; break; case KM_TAG_EC_CURVE & KEYMASTER_TAG_TYPE_MASK: - ecCurve = Asn1Utils.getIntegerFromAsn1(value); + ecCurve = + Asn1Utils.getIntegerFromAsn1( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.INTEGER)); break; case KM_TAG_USER_AUTH_TYPE & KEYMASTER_TAG_TYPE_MASK: - userAuthType = Asn1Utils.getIntegerFromAsn1(value); + userAuthType = + Asn1Utils.getIntegerFromAsn1( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.INTEGER)); break; case KM_TAG_ROOT_OF_TRUST & KEYMASTER_TAG_TYPE_MASK: - rootOfTrust = new RootOfTrust(value); + rootOfTrust = + new RootOfTrust(ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.SEQUENCE)); break; case KM_TAG_ATTESTATION_APPLICATION_ID & KEYMASTER_TAG_TYPE_MASK: attestationApplicationId = new AttestationApplicationId( - Asn1Utils.getAsn1EncodableFromBytes(Asn1Utils.getByteArrayFromAsn1(value))); + Asn1Utils.getAsn1EncodableFromBytes( + Asn1Utils.getByteArrayFromAsn1( + ASN1Util.getContextBaseUniversal( + entry, tag, true, BERTags.OCTET_STRING)))); break; case KM_TAG_ATTESTATION_ID_BRAND & KEYMASTER_TAG_TYPE_MASK: - brand = getStringFromAsn1Value(value); + brand = + getStringFromAsn1Value( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.OCTET_STRING)); break; case KM_TAG_ATTESTATION_ID_DEVICE & KEYMASTER_TAG_TYPE_MASK: - device = getStringFromAsn1Value(value); + device = + getStringFromAsn1Value( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.OCTET_STRING)); break; case KM_TAG_ATTESTATION_ID_PRODUCT & KEYMASTER_TAG_TYPE_MASK: - product = getStringFromAsn1Value(value); + product = + getStringFromAsn1Value( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.OCTET_STRING)); break; case KM_TAG_ATTESTATION_ID_SERIAL & KEYMASTER_TAG_TYPE_MASK: - serialNumber = getStringFromAsn1Value(value); + serialNumber = + getStringFromAsn1Value( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.OCTET_STRING)); break; case KM_TAG_ATTESTATION_ID_IMEI & KEYMASTER_TAG_TYPE_MASK: - imei = getStringFromAsn1Value(value); + imei = + getStringFromAsn1Value( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.OCTET_STRING)); break; case KM_TAG_ATTESTATION_ID_MEID & KEYMASTER_TAG_TYPE_MASK: - meid = getStringFromAsn1Value(value); + meid = + getStringFromAsn1Value( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.OCTET_STRING)); break; case KM_TAG_ATTESTATION_ID_MANUFACTURER & KEYMASTER_TAG_TYPE_MASK: - manufacturer = getStringFromAsn1Value(value); + manufacturer = + getStringFromAsn1Value( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.OCTET_STRING)); break; case KM_TAG_ATTESTATION_ID_MODEL & KEYMASTER_TAG_TYPE_MASK: - model = getStringFromAsn1Value(value); + model = + getStringFromAsn1Value( + ASN1Util.getContextBaseUniversal(entry, tag, true, BERTags.OCTET_STRING)); break; case KM_TAG_ALL_APPLICATIONS & KEYMASTER_TAG_TYPE_MASK: allApplications = true;