app: add toggle for Samsung attestation

Signed-off-by: BlackMesa123 <giangrecosalvo9@gmail.com>
vvb2060 · Jan 12, 2024 · 35127ec · 35127ec
1 parent b6fd50f
commit 35127ec
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 7 deletions.
diff --git a/app/src/main/java/io/github/vvb2060/keyattestation/home/HomeFragment.kt b/app/src/main/java/io/github/vvb2060/keyattestation/home/HomeFragment.kt
@@ -154,13 +154,18 @@ class HomeFragment : AppFragment(), HomeAdapter.Listener, MenuProvider {
     }
 
     override fun onPrepareMenu(menu: Menu) {
+        menu.findItem(R.id.menu_use_sak).apply {
+            isVisible = viewModel.hasSAK
+            isChecked = viewModel.preferSAK
+        }
         menu.findItem(R.id.menu_use_strongbox).apply {
             isVisible = viewModel.hasStrongBox
             isChecked = viewModel.preferStrongBox
         }
         menu.findItem(R.id.menu_use_attest_key).apply {
             isVisible = viewModel.hasAttestKey
-            isChecked = viewModel.preferAttestKey
+            isEnabled = !viewModel.preferSAK
+            isChecked = !viewModel.preferSAK && viewModel.preferAttestKey
         }
         menu.findItem(R.id.menu_incluid_props).apply {
             isVisible = viewModel.hasDeviceIds
@@ -180,6 +185,12 @@ class HomeFragment : AppFragment(), HomeAdapter.Listener, MenuProvider {
 
     override fun onMenuItemSelected(item: MenuItem): Boolean {
         when (item.itemId) {
+            R.id.menu_use_sak -> {
+                val status = !item.isChecked
+                item.isChecked = status
+                viewModel.preferSAK = status
+                viewModel.load()
+            }
             R.id.menu_use_strongbox -> {
                 val status = !item.isChecked
                 item.isChecked = status

diff --git a/app/src/main/java/io/github/vvb2060/keyattestation/home/HomeViewModel.kt b/app/src/main/java/io/github/vvb2060/keyattestation/home/HomeViewModel.kt
@@ -54,6 +54,14 @@ class HomeViewModel(pm: PackageManager, private val sp: SharedPreferences) : Vie
     val attestationResult = MutableLiveData<Resource<AttestationResult>>()
     var currentCerts: List<X509Certificate>? = null
 
+    val hasSAK = Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q &&
+            SamsungUtils.isSecAttestationSupported()
+    var preferSAK = sp.getBoolean("prefer_sak", hasSAK)
+        set(value) {
+            field = value
+            sp.edit { putBoolean("prefer_sak", value) }
+        }
+
     val hasStrongBox = Build.VERSION.SDK_INT >= Build.VERSION_CODES.P &&
             pm.hasSystemFeature(PackageManager.FEATURE_STRONGBOX_KEYSTORE)
     var preferStrongBox = sp.getBoolean("prefer_strongbox", true)
@@ -90,6 +98,7 @@ class HomeViewModel(pm: PackageManager, private val sp: SharedPreferences) : Vie
 
     @Throws(GeneralSecurityException::class)
     private fun generateKey(alias: String,
+                            useSAK: Boolean,
                             useStrongBox: Boolean,
                             includeProps: Boolean,
                             attestKeyAlias: String?) {
@@ -119,7 +128,7 @@ class HomeViewModel(pm: PackageManager, private val sp: SharedPreferences) : Vie
                 builder.setCertificateSubject(X500Principal("CN=App Attest Key"))
             }
         }
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q && SamsungUtils.isSecAttestationSupported()) {
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q && useSAK) {
             val spec = AttestParameterSpec.Builder(alias, now.toString().toByteArray())
                 .setAlgorithm(KeyProperties.KEY_ALGORITHM_EC)
                 .setKeyGenParameterSpec(builder.build())
@@ -141,7 +150,8 @@ class HomeViewModel(pm: PackageManager, private val sp: SharedPreferences) : Vie
     }
 
     @Throws(AttestationException::class)
-    private fun doAttestation(useStrongBox: Boolean,
+    private fun doAttestation(useSAK: Boolean,
+                              useStrongBox: Boolean,
                               includeProps: Boolean,
                               useAttestKey: Boolean): AttestationResult {
         val certs: List<Certificate>
@@ -151,9 +161,9 @@ class HomeViewModel(pm: PackageManager, private val sp: SharedPreferences) : Vie
             val keyStore = KeyStore.getInstance("AndroidKeyStore")
             keyStore.load(null)
             if (useAttestKey && !keyStore.containsAlias(attestKeyAlias)) {
-                generateKey(attestKeyAlias!!, useStrongBox, includeProps, attestKeyAlias)
+                generateKey(attestKeyAlias!!, useSAK, useStrongBox, includeProps, attestKeyAlias)
             }
-            generateKey(alias, useStrongBox, includeProps, attestKeyAlias)
+            generateKey(alias, useSAK, useStrongBox, includeProps, attestKeyAlias)
             val chainAlias = if (useAttestKey) attestKeyAlias else alias
             val certificates = keyStore.getCertificateChain(chainAlias)
                     ?: throw CertificateException("Unable to get certificate chain")
@@ -265,11 +275,12 @@ class HomeViewModel(pm: PackageManager, private val sp: SharedPreferences) : Vie
         currentCerts = null
         attestationResult.postValue(Resource.loading(null))
 
+        val useSAK = hasSAK && preferSAK
         val useStrongBox = hasStrongBox && preferStrongBox
         val includeProps = hasDeviceIds && preferIncludeProps
-        val useAttestKey = hasAttestKey && preferAttestKey
+        val useAttestKey = hasAttestKey && preferAttestKey && !useSAK
         val result = try {
-            val attestationResult = doAttestation(useStrongBox, includeProps, useAttestKey)
+            val attestationResult = doAttestation(useSAK, useStrongBox, includeProps, useAttestKey)
             Resource.success(attestationResult)
         } catch (e: Throwable) {
             val cause = if (e is AttestationException) e.cause else e

diff --git a/app/src/main/res/menu/home.xml b/app/src/main/res/menu/home.xml
@@ -1,6 +1,12 @@
 <?xml version="1.0" encoding="utf-8"?>
 <menu xmlns:android="http://schemas.android.com/apk/res/android">
 
+    <item
+        android:id="@+id/menu_use_sak"
+        android:showAsAction="never"
+        android:checkable="true"
+        android:title="@string/use_sak" />
+
     <item
         android:id="@+id/menu_use_strongbox"
         android:showAsAction="never"

diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <resources>
     <string name="app_name">Key Attestation</string>
+    <string name="use_sak">Use Samsung attestation</string>
     <string name="use_strongbox">Use StrongBox</string>
     <string name="use_attest_key">Use app generated attest key</string>
     <string name="attest_device_props">Attest device props</string>