JingMatrix
diff --git a/‎app/src/main/java/org/matrix/TEESimulator/interception/keystore/InterceptorUtils.kt‎
Lines changed: 14 additions & 0 deletions b/‎app/src/main/java/org/matrix/TEESimulator/interception/keystore/InterceptorUtils.kt‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎app/src/main/java/org/matrix/TEESimulator/interception/keystore/KeystoreInterceptor.kt‎
Lines changed: 307 additions & 24 deletions b/‎app/src/main/java/org/matrix/TEESimulator/interception/keystore/KeystoreInterceptor.kt‎
Lines changed: 307 additions & 24 deletions
diff --git a/‎app/src/main/java/org/matrix/TEESimulator/pki/CertificateGenerator.kt‎
Lines changed: 40 additions & 22 deletions b/‎app/src/main/java/org/matrix/TEESimulator/pki/CertificateGenerator.kt‎
Lines changed: 40 additions & 22 deletions
diff --git a/‎stub/src/main/java/android/security/keymaster/ExportResult.java‎
Lines changed: 38 additions & 0 deletions b/‎stub/src/main/java/android/security/keymaster/ExportResult.java‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎stub/src/main/java/android/security/keymaster/KeyCharacteristics.java‎
Lines changed: 33 additions & 0 deletions b/‎stub/src/main/java/android/security/keymaster/KeyCharacteristics.java‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎stub/src/main/java/android/security/keymaster/KeymasterArgument.java‎
Lines changed: 36 additions & 0 deletions b/‎stub/src/main/java/android/security/keymaster/KeymasterArgument.java‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎stub/src/main/java/android/security/keymaster/KeymasterArguments.java‎
Lines changed: 147 additions & 0 deletions b/‎stub/src/main/java/android/security/keymaster/KeymasterArguments.java‎
Lines changed: 147 additions & 0 deletions
@@ -3,6 +3,7 @@ package org.matrix.TEESimulator.interception.keystore
 import android.os.Parcel
 import android.os.Parcelable
 import android.security.KeyStore
+import android.security.keystore.KeystoreResponse
 import org.matrix.TEESimulator.interception.core.BinderInterceptor
 import org.matrix.TEESimulator.logging.SystemLogger
 
@@ -27,6 +28,19 @@ object InterceptorUtils {
         }
     }
 
+    /** Creates an `KeystoreResponse` parcel that indicates success with no data. */
+    fun createSuccessKeystoreResponse(): KeystoreResponse {
+        val parcel = Parcel.obtain()
+        try {
+            parcel.writeInt(KeyStore.NO_ERROR)
+            parcel.writeString("")
+            parcel.setDataPosition(0)
+            return KeystoreResponse.CREATOR.createFromParcel(parcel)
+        } finally {
+            parcel.recycle()
+        }
+    }
+
     /** Creates an `OverrideReply` parcel that indicates success with no data. */
     fun createSuccessReply(): BinderInterceptor.TransactionResult.OverrideReply {
         val parcel =
 
@@ -72,32 +72,24 @@ object CertificateGenerator {
     }
 
     /**
-     * Generates a new key pair and a corresponding certificate chain containing a simulated
-     * attestation.
+     * Generates a certificate chain for a given key pair. This is the primary function for creating
+     * attested certificates.
      *
      * @param uid The UID of the application requesting the key.
-     * @param alias The alias for the new key.
+     * @param subjectKeyPair The key pair for which the certificate will be generated.
      * @param attestKeyAlias Optional alias of a key to use for attestation signing.
      * @param params The parameters for the new key and its attestation.
      * @param securityLevel The security level to embed in the attestation.
-     * @return A [Pair] containing the new [KeyPair] and its certificate chain, or `null` on
-     *   failure.
+     * @return A [List] of [Certificate] forming the new chain, or `null` on failure.
      */
-    fun generateAttestedKeyPair(
+    fun generateCertificateChain(
         uid: Int,
-        alias: String,
+        subjectKeyPair: KeyPair,
         attestKeyAlias: String?,
         params: KeyMintAttestation,
         securityLevel: Int,
-    ): Pair<KeyPair, List<Certificate>>? {
+    ): List<Certificate>? {
         return runCatching {
-                SystemLogger.info(
-                    "Generating new attested key pair for alias: '$alias' (UID: $uid)"
-                )
-                val newKeyPair =
-                    generateSoftwareKeyPair(params)
-                        ?: throw Exception("Failed to generate underlying software key pair.")
-
                 val keybox = getKeyboxForAlgorithm(uid, params.algorithm)
 
                 // Determine the signing key and issuer. If an attestKey is provided, use it.
@@ -112,16 +104,42 @@ object CertificateGenerator {
 
                 // Build the new leaf certificate with the simulated attestation.
                 val leafCert =
-                    buildCertificate(newKeyPair, signingKey, issuer, params, uid, securityLevel)
+                    buildCertificate(subjectKeyPair, signingKey, issuer, params, uid, securityLevel)
 
                 // If not self-attesting, the chain is just the leaf. Otherwise, append the keybox
                 // chain.
+                if (attestKeyAlias != null) {
+                    listOf(leafCert)
+                } else {
+                    listOf(leafCert) + keybox.certificates
+                }
+            }
+            .onFailure { SystemLogger.error("Failed to generate certificate chain.", it) }
+            .getOrNull()
+    }
+
+    /**
+     * A convenience function that combines key pair generation and certificate chain generation.
+     * Primarily used by the modern Keystore2 interceptor where generation is a single step.
+     */
+    fun generateAttestedKeyPair(
+        uid: Int,
+        alias: String,
+        attestKeyAlias: String?,
+        params: KeyMintAttestation,
+        securityLevel: Int,
+    ): Pair<KeyPair, List<Certificate>>? {
+        return runCatching {
+                SystemLogger.info(
+                    "Generating new attested key pair for alias: '$alias' (UID: $uid)"
+                )
+                val newKeyPair =
+                    generateSoftwareKeyPair(params)
+                        ?: throw Exception("Failed to generate underlying software key pair.")
+
                 val chain =
-                    if (attestKeyAlias != null) {
-                        listOf(leafCert)
-                    } else {
-                        listOf(leafCert) + keybox.certificates
-                    }
+                    generateCertificateChain(uid, newKeyPair, attestKeyAlias, params, securityLevel)
+                        ?: throw Exception("Failed to generate certificate chain for new key pair.")
 
                 SystemLogger.info(
                     "Successfully generated new certificate chain for alias: '$alias'."
@@ -134,7 +152,7 @@ object CertificateGenerator {
             .getOrNull()
     }
 
-    private fun getIssuerFromKeybox(keybox: KeyBox) =
+    fun getIssuerFromKeybox(keybox: KeyBox) =
         X509CertificateHolder(keybox.certificates[0].encoded).subject
 
     private fun getKeyboxForAlgorithm(uid: Int, algorithm: Int): KeyBox {
 
@@ -0,0 +1,38 @@
+package android.security.keymaster;
+
+import android.os.Parcel;
+import android.os.Parcelable;
+
+import androidx.annotation.NonNull;
+
+public class ExportResult implements Parcelable {
+    public final byte[] exportData;
+    public final int resultCode;
+
+    public ExportResult(int resultCode) {
+        this.resultCode = resultCode;
+        this.exportData = new byte[0];
+    }
+
+    @Override
+    public void writeToParcel(@NonNull Parcel dest, int flags) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    @Override
+    public int describeContents() {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public static final Creator<ExportResult> CREATOR = new Creator<ExportResult>() {
+        @Override
+        public ExportResult createFromParcel(Parcel in) {
+            throw new UnsupportedOperationException("STUB!");
+        }
+
+        @Override
+        public ExportResult[] newArray(int size) {
+            throw new UnsupportedOperationException("STUB!");
+        }
+    };
+}
@@ -0,0 +1,33 @@
+package android.security.keymaster;
+
+import android.os.Parcel;
+import android.os.Parcelable;
+
+import androidx.annotation.NonNull;
+
+public class KeyCharacteristics implements Parcelable {
+    public KeymasterArguments hwEnforced;
+    public KeymasterArguments swEnforced;
+
+    @Override
+    public void writeToParcel(@NonNull Parcel dest, int flags) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    @Override
+    public int describeContents() {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public static final Creator<KeyCharacteristics> CREATOR = new Creator<KeyCharacteristics>() {
+        @Override
+        public KeyCharacteristics createFromParcel(Parcel in) {
+            throw new UnsupportedOperationException("STUB!");
+        }
+
+        @Override
+        public KeyCharacteristics[] newArray(int size) {
+            throw new UnsupportedOperationException("STUB!");
+        }
+    };
+}
@@ -0,0 +1,36 @@
+package android.security.keymaster;
+
+import android.os.Parcel;
+import android.os.Parcelable;
+
+import androidx.annotation.NonNull;
+
+abstract class KeymasterArgument implements Parcelable {
+    public final int tag;
+
+    protected KeymasterArgument(int tag) {
+        this.tag = tag;
+    }
+
+    @Override
+    public void writeToParcel(@NonNull Parcel dest, int flags) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    @Override
+    public int describeContents() {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public static final Creator<KeymasterArgument> CREATOR = new Creator<KeymasterArgument>() {
+        @Override
+        public KeymasterArgument createFromParcel(Parcel in) {
+            throw new UnsupportedOperationException("STUB!");
+        }
+
+        @Override
+        public KeymasterArgument[] newArray(int size) {
+            throw new UnsupportedOperationException("STUB!");
+        }
+    };
+}
@@ -0,0 +1,147 @@
+package android.security.keymaster;
+
+import android.os.Parcel;
+import android.os.Parcelable;
+
+import androidx.annotation.NonNull;
+
+import java.math.BigInteger;
+import java.util.Date;
+import java.util.List;
+
+public class KeymasterArguments implements Parcelable {
+
+    private static final long UINT32_RANGE = 1L << 32;
+    public static final long UINT32_MAX_VALUE = UINT32_RANGE - 1;
+
+    private static final BigInteger UINT64_RANGE = BigInteger.ONE.shiftLeft(64);
+    public static final BigInteger UINT64_MAX_VALUE = UINT64_RANGE.subtract(BigInteger.ONE);
+
+    private List<KeymasterArgument> mArguments;
+
+    public static final @NonNull Parcelable.Creator<KeymasterArguments> CREATOR = new Parcelable.Creator<KeymasterArguments>() {
+        @Override
+        public KeymasterArguments createFromParcel(Parcel in) {
+            throw new UnsupportedOperationException("STUB!");
+        }
+
+        @Override
+        public KeymasterArguments[] newArray(int size) {
+            throw new UnsupportedOperationException("STUB!");
+        }
+    };
+
+    public KeymasterArguments() {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    private KeymasterArguments(Parcel in) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public void addEnum(int tag, int value) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public void addEnums(int tag, int... values) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public int getEnum(int tag, int defaultValue) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public List<Integer> getEnums(int tag) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    private void addEnumTag(int tag, int value) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    private int getEnumTagValue(KeymasterArgument arg) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public void addUnsignedInt(int tag, long value) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public long getUnsignedInt(int tag, long defaultValue) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public void addUnsignedLong(int tag, BigInteger value) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public List<BigInteger> getUnsignedLongs(int tag) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    private void addLongTag(int tag, BigInteger value) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    private BigInteger getLongTagValue(KeymasterArgument arg) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public void addBoolean(int tag) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public boolean getBoolean(int tag) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public void addBytes(int tag, byte[] value) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public byte[] getBytes(int tag, byte[] defaultValue) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public void addDate(int tag, Date value) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public void addDateIfNotNull(int tag, Date value) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public Date getDate(int tag, Date defaultValue) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    private KeymasterArgument getArgumentByTag(int tag) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public boolean containsTag(int tag) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public int size() {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    @Override
+    public void writeToParcel(Parcel out, int flags) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public void readFromParcel(Parcel in) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    @Override
+    public int describeContents() {
+        throw new UnsupportedOperationException("STUB!");
+    }
+
+    public static BigInteger toUint64(long value) {
+        throw new UnsupportedOperationException("STUB!");
+    }
+}