Add Samsung Knox TEE integrity status

README.md

@@ -20,6 +20,8 @@ Useful links
 
 [RKP documentation](https://cs.android.com/android/platform/superproject/+/main:hardware/interfaces/security/rkp/README.md)
 
+[Legacy keymaster tags](https://cs.android.com/android/platform/superproject/+/main:hardware/interfaces/keymaster/3.0/types.hal)
+
 License
 -------
 

app/build.gradle

@@ -24,7 +24,7 @@ android {
         targetSdk = 34
         versionCode = gitCommitCount
         versionName = '1.6.0'
-        resourceConfigurations += ['en', 'zh-rCN']
+        resourceConfigurations += ['en', 'zh-rCN', 'pt-rBR']
     }
 
     signingConfigs {
@@ -100,4 +100,6 @@ dependencies {
     def lifecycleVersion = "2.6.2"
     implementation "androidx.lifecycle:lifecycle-common-java8:$lifecycleVersion"
     implementation "androidx.lifecycle:lifecycle-livedata-ktx:$lifecycleVersion"
+
+    compileOnly(project(":stub"))
 }

app/src/main/AndroidManifest.xml

@@ -11,6 +11,9 @@
         android:name="${applicationId}.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION"
         tools:node="remove" />
 
+    <uses-permission
+        android:name="com.samsung.android.security.permission.SAMSUNG_KEYSTORE_PERMISSION" />
+
     <application
         android:name=".AppApplication"
         android:icon="@drawable/ic_launcher"
@@ -19,6 +22,11 @@
         android:supportsRtl="true"
         android:theme="@style/AppTheme"
         tools:ignore="AllowBackup">
+
+        <uses-library
+            android:name="samsungkeystoreutils"
+            android:required="false" />
+
         <activity
             android:name=".home.HomeActivity"
             android:exported="true">

app/src/main/java/io/github/vvb2060/keyattestation/attestation/Asn1Utils.java

@@ -31,7 +31,6 @@
 import org.bouncycastle.asn1.DEROctetString;
 
 import java.io.IOException;
-import java.io.UnsupportedEncodingException;
 import java.math.BigInteger;
 import java.nio.charset.StandardCharsets;
 import java.security.cert.CertificateParsingException;
@@ -64,7 +63,7 @@ public static Long getLongFromAsn1(ASN1Encodable asn1Value) throws CertificatePa
 
     public static byte[] getByteArrayFromAsn1(ASN1Encodable asn1Encodable)
             throws CertificateParsingException {
-        if (asn1Encodable == null || !(asn1Encodable instanceof DEROctetString)) {
+        if (!(asn1Encodable instanceof DEROctetString)) {
             throw new CertificateParsingException("Expected DEROctetString");
         }
         ASN1OctetString derOctectString = (ASN1OctetString) asn1Encodable;
@@ -122,13 +121,12 @@ public static Set<Integer> getIntegersFromAsn1Set(ASN1Encodable set)
     }
 
     public static String getStringFromAsn1OctetStreamAssumingUTF8(ASN1Encodable encodable)
-            throws CertificateParsingException, UnsupportedEncodingException {
-        if (!(encodable instanceof ASN1OctetString)) {
+            throws CertificateParsingException {
+        if (!(encodable instanceof ASN1OctetString octetString)) {
             throw new CertificateParsingException(
                     "Expected octet string, found " + encodable.getClass().getName());
         }
 
-        ASN1OctetString octetString = (ASN1OctetString) encodable;
         return new String(octetString.getOctets(), StandardCharsets.UTF_8);
     }
 
@@ -147,11 +145,10 @@ public static Date getDateFromAsn1(ASN1Primitive value) throws CertificateParsin
 
     public static boolean getBooleanFromAsn1(ASN1Encodable value)
             throws CertificateParsingException {
-        if (!(value instanceof ASN1Boolean)) {
+        if (!(value instanceof ASN1Boolean booleanValue)) {
             throw new CertificateParsingException(
                     "Expected boolean, found " + value.getClass().getName());
         }
-        ASN1Boolean booleanValue = (ASN1Boolean) value;
         if (booleanValue.equals(ASN1Boolean.TRUE)) {
             return true;
         } else if (booleanValue.equals((ASN1Boolean.FALSE))) {

app/src/main/java/io/github/vvb2060/keyattestation/attestation/AttestationApplicationId.java

@@ -70,13 +70,12 @@ public AttestationApplicationId(Context context)
 
     public AttestationApplicationId(ASN1Encodable asn1Encodable)
             throws CertificateParsingException {
-        if (!(asn1Encodable instanceof ASN1Sequence)) {
+        if (!(asn1Encodable instanceof ASN1Sequence sequence)) {
             throw new CertificateParsingException(
                     "Expected sequence for AttestationApplicationId, found "
                             + asn1Encodable.getClass().getName());
         }
 
-        ASN1Sequence sequence = (ASN1Sequence) asn1Encodable;
         packageInfos = parseAttestationPackageInfos(sequence.getObjectAt(PACKAGE_INFOS_INDEX));
         // The infos must be sorted, the implementation of Comparable relies on it.
         packageInfos.sort(null);
@@ -140,13 +139,12 @@ public boolean equals(Object o) {
 
     private List<AttestationPackageInfo> parseAttestationPackageInfos(ASN1Encodable asn1Encodable)
             throws CertificateParsingException {
-        if (!(asn1Encodable instanceof ASN1Set)) {
+        if (!(asn1Encodable instanceof ASN1Set set)) {
             throw new CertificateParsingException(
                     "Expected set for AttestationApplicationsInfos, found "
                             + asn1Encodable.getClass().getName());
         }
 
-        ASN1Set set = (ASN1Set) asn1Encodable;
         List<AttestationPackageInfo> result = new ArrayList<AttestationPackageInfo>();
         for (ASN1Encodable e : set) {
             result.add(new AttestationPackageInfo(e));
@@ -156,12 +154,11 @@ private List<AttestationPackageInfo> parseAttestationPackageInfos(ASN1Encodable
 
     private List<byte[]> parseSignatures(ASN1Encodable asn1Encodable)
             throws CertificateParsingException {
-        if (!(asn1Encodable instanceof ASN1Set)) {
+        if (!(asn1Encodable instanceof ASN1Set set)) {
             throw new CertificateParsingException("Expected set for Signature digests, found "
                     + asn1Encodable.getClass().getName());
         }
 
-        ASN1Set set = (ASN1Set) asn1Encodable;
         List<byte[]> result = new ArrayList<byte[]>();
 
         for (ASN1Encodable e : set) {

app/src/main/java/io/github/vvb2060/keyattestation/attestation/AttestationPackageInfo.java

@@ -17,7 +17,6 @@
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Sequence;
 
-import java.io.UnsupportedEncodingException;
 import java.security.cert.CertificateParsingException;
 
 public class AttestationPackageInfo implements java.lang.Comparable<AttestationPackageInfo> {
@@ -33,21 +32,14 @@ public AttestationPackageInfo(String packageName, long version) {
     }
 
     public AttestationPackageInfo(ASN1Encodable asn1Encodable) throws CertificateParsingException {
-        if (!(asn1Encodable instanceof ASN1Sequence)) {
+        if (!(asn1Encodable instanceof ASN1Sequence sequence)) {
             throw new CertificateParsingException(
                     "Expected sequence for AttestationPackageInfo, found "
                             + asn1Encodable.getClass().getName());
         }
 
-        ASN1Sequence sequence = (ASN1Sequence) asn1Encodable;
-        try {
-            packageName = Asn1Utils.getStringFromAsn1OctetStreamAssumingUTF8(
-                    sequence.getObjectAt(PACKAGE_NAME_INDEX));
-        } catch (UnsupportedEncodingException e) {
-            throw new CertificateParsingException(
-                    "Converting octet stream to String triggered an UnsupportedEncodingException",
-                    e);
-        }
+        packageName = Asn1Utils.getStringFromAsn1OctetStreamAssumingUTF8(
+                sequence.getObjectAt(PACKAGE_NAME_INDEX));
         version = Asn1Utils.getLongFromAsn1(sequence.getObjectAt(VERSION_INDEX));
     }