diff --git a/src/main/kotlin/Extension.kt b/src/main/kotlin/Extension.kt index 52d1def..2839176 100644 --- a/src/main/kotlin/Extension.kt +++ b/src/main/kotlin/Extension.kt @@ -133,8 +133,8 @@ data class DeviceIdentity( data class KeyDescription( val attestationVersion: BigInteger, val attestationSecurityLevel: SecurityLevel, - val keymasterVersion: BigInteger, - val keymasterSecurityLevel: SecurityLevel, + val keyMintVersion: BigInteger, + val keyMintSecurityLevel: SecurityLevel, val attestationChallenge: ByteString, val uniqueId: ByteString, val softwareEnforced: AuthorizationList, @@ -148,8 +148,8 @@ data class KeyDescription( buildList { add(attestationVersion.toAsn1()) add(attestationSecurityLevel.toAsn1()) - add(keymasterVersion.toAsn1()) - add(keymasterSecurityLevel.toAsn1()) + add(keyMintVersion.toAsn1()) + add(keyMintSecurityLevel.toAsn1()) add(attestationChallenge.toAsn1()) add(uniqueId.toAsn1()) add(softwareEnforced.toAsn1()) @@ -185,8 +185,8 @@ data class KeyDescription( return KeyDescription( attestationVersion = seq.getObjectAt(0).toInt(), attestationSecurityLevel = seq.getObjectAt(1).toSecurityLevel(), - keymasterVersion = seq.getObjectAt(2).toInt(), - keymasterSecurityLevel = seq.getObjectAt(3).toSecurityLevel(), + keyMintVersion = seq.getObjectAt(2).toInt(), + keyMintSecurityLevel = seq.getObjectAt(3).toSecurityLevel(), attestationChallenge = seq.getObjectAt(4).toByteString(), uniqueId = seq.getObjectAt(5).toByteString(), softwareEnforced = seq.getObjectAt(6).toAuthorizationList(), diff --git a/src/main/kotlin/Verifier.kt b/src/main/kotlin/Verifier.kt index c9aed34..bebbd53 100644 --- a/src/main/kotlin/Verifier.kt +++ b/src/main/kotlin/Verifier.kt @@ -130,11 +130,11 @@ open class Verifier( } val securityLevel = - if (keyDescription.attestationSecurityLevel == keyDescription.keymasterSecurityLevel) { + if (keyDescription.attestationSecurityLevel == keyDescription.keyMintSecurityLevel) { keyDescription.attestationSecurityLevel } else { return VerificationResult.ExtensionConstraintViolation( - "attestationSecurityLevel != keymasterSecurityLevel: ${keyDescription.attestationSecurityLevel} != ${keyDescription.keymasterSecurityLevel}" + "attestationSecurityLevel != keyMintSecurityLevel: ${keyDescription.attestationSecurityLevel} != ${keyDescription.keyMintSecurityLevel}" ) } val rootOfTrust = diff --git a/src/main/kotlin/testing/KeyAttestationCertFactory.kt b/src/main/kotlin/testing/KeyAttestationCertFactory.kt index 30a291b..fdda8c8 100644 --- a/src/main/kotlin/testing/KeyAttestationCertFactory.kt +++ b/src/main/kotlin/testing/KeyAttestationCertFactory.kt @@ -125,8 +125,8 @@ internal class KeyAttestationCertFactory(val fakeCalendar: FakeCalendar = FakeCa KeyDescription( attestationVersion = 1.toBigInteger(), attestationSecurityLevel = SecurityLevel.TRUSTED_ENVIRONMENT, - keymasterVersion = 1.toBigInteger(), - keymasterSecurityLevel = SecurityLevel.TRUSTED_ENVIRONMENT, + keyMintVersion = 1.toBigInteger(), + keyMintSecurityLevel = SecurityLevel.TRUSTED_ENVIRONMENT, attestationChallenge = ByteString.copyFromUtf8("A random 40-byte challenge for no reason"), uniqueId = ByteString.empty(), softwareEnforced = AuthorizationList(), diff --git a/src/test/kotlin/ExtensionTest.kt b/src/test/kotlin/ExtensionTest.kt index 7e46c9e..13ffe64 100644 --- a/src/test/kotlin/ExtensionTest.kt +++ b/src/test/kotlin/ExtensionTest.kt @@ -85,7 +85,7 @@ class ExtensionTest { @Ignore("TODO: b/356172932 - Reenable test once enabling tag order validator is configurable.") fun parseFrom_tagsNotInAscendingOrder_Throws() { assertFailsWith { - readCertPath("invalid/tags_not_in_accending_order.pem").leafCert().keyDescription() + readCertPath("invalid/tags_not_in_ascending_order.pem").leafCert().keyDescription() } } @@ -147,8 +147,8 @@ class ExtensionTest { KeyDescription( attestationVersion = 1.toBigInteger(), attestationSecurityLevel = SecurityLevel.SOFTWARE, - keymasterVersion = 1.toBigInteger(), - keymasterSecurityLevel = SecurityLevel.SOFTWARE, + keyMintVersion = 1.toBigInteger(), + keyMintSecurityLevel = SecurityLevel.SOFTWARE, attestationChallenge = ByteString.empty(), uniqueId = ByteString.empty(), softwareEnforced = authorizationList, diff --git a/testdata/akita/sdk34/SB_RSA_NONE.json b/testdata/akita/sdk34/SB_RSA_NONE.json index ebbbcb7..7950eca 100644 --- a/testdata/akita/sdk34/SB_RSA_NONE.json +++ b/testdata/akita/sdk34/SB_RSA_NONE.json @@ -1,8 +1,8 @@ { "attestationVersion": "300", "attestationSecurityLevel": "STRONG_BOX", - "keymasterVersion": "300", - "keymasterSecurityLevel": "STRONG_BOX", + "keyMintVersion": "300", + "keyMintSecurityLevel": "STRONG_BOX", "attestationChallenge": "Y2hhbGxlbmdl", "uniqueId": "", "softwareEnforced": { diff --git a/testdata/akita/sdk34/TEE_EC_NONE.json b/testdata/akita/sdk34/TEE_EC_NONE.json index 25580ff..75c4352 100644 --- a/testdata/akita/sdk34/TEE_EC_NONE.json +++ b/testdata/akita/sdk34/TEE_EC_NONE.json @@ -1,8 +1,8 @@ { "attestationVersion": "300", "attestationSecurityLevel": "TRUSTED_ENVIRONMENT", - "keymasterVersion": "300", - "keymasterSecurityLevel": "TRUSTED_ENVIRONMENT", + "keyMintVersion": "300", + "keyMintSecurityLevel": "TRUSTED_ENVIRONMENT", "attestationChallenge": "Y2hhbGxlbmdl", "uniqueId": "", "softwareEnforced": { diff --git a/testdata/akita/sdk34/TEE_RSA_BASE+IMEI.json b/testdata/akita/sdk34/TEE_RSA_BASE+IMEI.json index 4bcd7e3..0316457 100644 --- a/testdata/akita/sdk34/TEE_RSA_BASE+IMEI.json +++ b/testdata/akita/sdk34/TEE_RSA_BASE+IMEI.json @@ -1,8 +1,8 @@ { "attestationVersion": "300", "attestationSecurityLevel": "TRUSTED_ENVIRONMENT", - "keymasterVersion": "300", - "keymasterSecurityLevel": "TRUSTED_ENVIRONMENT", + "keyMintVersion": "300", + "keyMintSecurityLevel": "TRUSTED_ENVIRONMENT", "attestationChallenge": "Y2hhbGxlbmdl", "uniqueId": "", "softwareEnforced": { diff --git a/testdata/akita/sdk34/TEE_RSA_NONE.json b/testdata/akita/sdk34/TEE_RSA_NONE.json index 8cd5117..ec4fc3b 100644 --- a/testdata/akita/sdk34/TEE_RSA_NONE.json +++ b/testdata/akita/sdk34/TEE_RSA_NONE.json @@ -1,8 +1,8 @@ { "attestationVersion": "300", "attestationSecurityLevel": "TRUSTED_ENVIRONMENT", - "keymasterVersion": "300", - "keymasterSecurityLevel": "TRUSTED_ENVIRONMENT", + "keyMintVersion": "300", + "keyMintSecurityLevel": "TRUSTED_ENVIRONMENT", "attestationChallenge": "Y2hhbGxlbmdl", "uniqueId": "", "softwareEnforced": { diff --git a/testdata/akita/sdk34/TEE_RSA_NONE_USERAUTH.json b/testdata/akita/sdk34/TEE_RSA_NONE_USERAUTH.json index d501318..b656995 100644 --- a/testdata/akita/sdk34/TEE_RSA_NONE_USERAUTH.json +++ b/testdata/akita/sdk34/TEE_RSA_NONE_USERAUTH.json @@ -1,8 +1,8 @@ { "attestationVersion": "300", "attestationSecurityLevel": "TRUSTED_ENVIRONMENT", - "keymasterVersion": "300", - "keymasterSecurityLevel": "TRUSTED_ENVIRONMENT", + "keyMintVersion": "300", + "keyMintSecurityLevel": "TRUSTED_ENVIRONMENT", "attestationChallenge": "Y2hhbGxlbmdl", "uniqueId": "", "softwareEnforced": { diff --git a/testdata/blueline/sdk28/SB_RSA_NONE.json b/testdata/blueline/sdk28/SB_RSA_NONE.json index d38e6a5..81593ea 100644 --- a/testdata/blueline/sdk28/SB_RSA_NONE.json +++ b/testdata/blueline/sdk28/SB_RSA_NONE.json @@ -1,8 +1,8 @@ { "attestationVersion": "3", "attestationSecurityLevel": "STRONG_BOX", - "keymasterVersion": "4", - "keymasterSecurityLevel": "STRONG_BOX", + "keyMintVersion": "4", + "keyMintSecurityLevel": "STRONG_BOX", "attestationChallenge": "Y2hhbGxlbmdl", "uniqueId": "", "softwareEnforced": { diff --git a/testdata/blueline/sdk28/SB_RSA_NONE_USERAUTH.json b/testdata/blueline/sdk28/SB_RSA_NONE_USERAUTH.json index 7668476..bccd26b 100644 --- a/testdata/blueline/sdk28/SB_RSA_NONE_USERAUTH.json +++ b/testdata/blueline/sdk28/SB_RSA_NONE_USERAUTH.json @@ -1,8 +1,8 @@ { "attestationVersion": "3", "attestationSecurityLevel": "STRONG_BOX", - "keymasterVersion": "4", - "keymasterSecurityLevel": "STRONG_BOX", + "keyMintVersion": "4", + "keyMintSecurityLevel": "STRONG_BOX", "attestationChallenge": "Y2hhbGxlbmdl", "uniqueId": "", "softwareEnforced": { diff --git a/testdata/blueline/sdk28/TEE_EC_NONE.json b/testdata/blueline/sdk28/TEE_EC_NONE.json index fdc6be6..e937912 100644 --- a/testdata/blueline/sdk28/TEE_EC_NONE.json +++ b/testdata/blueline/sdk28/TEE_EC_NONE.json @@ -1,8 +1,8 @@ { "attestationVersion": "3", "attestationSecurityLevel": "TRUSTED_ENVIRONMENT", - "keymasterVersion": "4", - "keymasterSecurityLevel": "TRUSTED_ENVIRONMENT", + "keyMintVersion": "4", + "keyMintSecurityLevel": "TRUSTED_ENVIRONMENT", "attestationChallenge": "Y2hhbGxlbmdl", "uniqueId": "", "softwareEnforced": { diff --git a/testdata/blueline/sdk28/TEE_RSA_BASE+IMEI.json b/testdata/blueline/sdk28/TEE_RSA_BASE+IMEI.json index afd1b8f..b6f9dd7 100644 --- a/testdata/blueline/sdk28/TEE_RSA_BASE+IMEI.json +++ b/testdata/blueline/sdk28/TEE_RSA_BASE+IMEI.json @@ -1,8 +1,8 @@ { "attestationVersion": "3", "attestationSecurityLevel": "TRUSTED_ENVIRONMENT", - "keymasterVersion": "4", - "keymasterSecurityLevel": "TRUSTED_ENVIRONMENT", + "keyMintVersion": "4", + "keyMintSecurityLevel": "TRUSTED_ENVIRONMENT", "attestationChallenge": "Y2hhbGxlbmdl", "uniqueId": "", "softwareEnforced": { diff --git a/testdata/blueline/sdk28/TEE_RSA_NONE.json b/testdata/blueline/sdk28/TEE_RSA_NONE.json index 1529c8e..3b05d3b 100644 --- a/testdata/blueline/sdk28/TEE_RSA_NONE.json +++ b/testdata/blueline/sdk28/TEE_RSA_NONE.json @@ -1,8 +1,8 @@ { "attestationVersion": "3", "attestationSecurityLevel": "TRUSTED_ENVIRONMENT", - "keymasterVersion": "4", - "keymasterSecurityLevel": "TRUSTED_ENVIRONMENT", + "keyMintVersion": "4", + "keyMintSecurityLevel": "TRUSTED_ENVIRONMENT", "attestationChallenge": "Y2hhbGxlbmdl", "uniqueId": "", "softwareEnforced": { diff --git a/testdata/invalid/tags_not_in_accending_order.pem b/testdata/invalid/tags_not_in_ascending_order.pem similarity index 100% rename from testdata/invalid/tags_not_in_accending_order.pem rename to testdata/invalid/tags_not_in_ascending_order.pem diff --git a/testdata/marlin/sdk29/TEE_EC_NONE.json b/testdata/marlin/sdk29/TEE_EC_NONE.json index 6ddb27e..ce2cac6 100644 --- a/testdata/marlin/sdk29/TEE_EC_NONE.json +++ b/testdata/marlin/sdk29/TEE_EC_NONE.json @@ -1,8 +1,8 @@ { "attestationVersion": "2", "attestationSecurityLevel": "SOFTWARE", - "keymasterVersion": "1", - "keymasterSecurityLevel": "TRUSTED_ENVIRONMENT", + "keyMintVersion": "1", + "keyMintSecurityLevel": "TRUSTED_ENVIRONMENT", "attestationChallenge": "Y2hhbGxlbmdl", "uniqueId": "", "softwareEnforced": { diff --git a/testdata/marlin/sdk29/TEE_RSA_NONE.json b/testdata/marlin/sdk29/TEE_RSA_NONE.json index 775bd5e..5d74190 100644 --- a/testdata/marlin/sdk29/TEE_RSA_NONE.json +++ b/testdata/marlin/sdk29/TEE_RSA_NONE.json @@ -1,8 +1,8 @@ { "attestationVersion": "2", "attestationSecurityLevel": "SOFTWARE", - "keymasterVersion": "1", - "keymasterSecurityLevel": "TRUSTED_ENVIRONMENT", + "keyMintVersion": "1", + "keyMintSecurityLevel": "TRUSTED_ENVIRONMENT", "attestationChallenge": "Y2hhbGxlbmdl", "uniqueId": "", "softwareEnforced": {