From d742ab06a4c18c861fbd2bb99be6a2cdc186f6f6 Mon Sep 17 00:00:00 2001 From: BlackMesa123 Date: Tue, 20 Jun 2023 22:52:14 +0200 Subject: [PATCH] app: attestation: VerifyCertificateChain: add Samsung SAK V1/mV1 root key Signed-off-by: BlackMesa123 --- .../attestation/VerifyCertificateChain.java | 28 ++++++++++++++----- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/app/src/main/java/io/github/vvb2060/keyattestation/attestation/VerifyCertificateChain.java b/app/src/main/java/io/github/vvb2060/keyattestation/attestation/VerifyCertificateChain.java index 01bbeb7..1b75dba 100644 --- a/app/src/main/java/io/github/vvb2060/keyattestation/attestation/VerifyCertificateChain.java +++ b/app/src/main/java/io/github/vvb2060/keyattestation/attestation/VerifyCertificateChain.java @@ -21,6 +21,24 @@ public class VerifyCertificateChain { public static final int GOOGLE = 2; public static final int SAMSUNG = 3; + private static final String SAMSUNG_SAKV1_ROOT_PUBLIC_KEY = "" + + "MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBs9Qjr//REhkXW7jUqjY9KNwWac4r" + + "5+kdUGk+TZjRo1YEa47Axwj6AJsbOjo4QsHiYRiWTELvFeiuBsKqyuF0xyAAKvDo" + + "fBqrEq1/Ckxo2mz7Q4NQes3g4ahSjtgUSh0k85fYwwHjCeLyZ5kEqgHG9OpOH526" + + "FFAK3slSUgC8RObbxys="; + + private static final String SAMSUNG_SAKV2_ROOT_PUBLIC_KEY = "" + + "MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBhbGuLrpql5I2WJmrE5kEVZOo+dgA" + + "46mKrVJf/sgzfzs2u7M9c1Y9ZkCEiiYkhTFE9vPbasmUfXybwgZ2EM30A1ABPd12" + + "4n3JbEDfsB/wnMH1AcgsJyJFPbETZiy42Fhwi+2BCA5bcHe7SrdkRIYSsdBRaKBo" + + "ZsapxB0gAOs0jSPRX5M="; + + private static final String SAMSUNG_SAKmV1_ROOT_PUBLIC_KEY = "" + + "MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQB9XeEN8lg6p5xvMVWG42P2Qi/aRKX" + + "2rPRNgK92UlO9O/TIFCKHC1AWCLFitPVEow5W+yEgC2wOiYxgepY85TOoH0AuEkL" + + "oiC6ldbF2uNVU3rYYSytWAJg3GFKd1l9VLDmxox58Hyw2Jmdd5VSObGiTFQ/SgKs" + + "n2fbQPtpGlNxgEfd6Y8="; + private static final String GOOGLE_ROOT_PUBLIC_KEY = "" + "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xU" + "FmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5j" + @@ -35,12 +53,6 @@ public class VerifyCertificateChain { "ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+" + "NpUFgNPN9PvQi8WEg5UmAGMCAwEAAQ=="; - private static final String SAMSUNG_ROOT_PUBLIC_KEY = "" + - "MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBhbGuLrpql5I2WJmrE5kEVZOo+dgA" + - "46mKrVJf/sgzfzs2u7M9c1Y9ZkCEiiYkhTFE9vPbasmUfXybwgZ2EM30A1ABPd12" + - "4n3JbEDfsB/wnMH1AcgsJyJFPbETZiy42Fhwi+2BCA5bcHe7SrdkRIYSsdBRaKBo" + - "ZsapxB0gAOs0jSPRX5M="; - private static final String AOSP_ROOT_PUBLIC_KEY = "" + "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7l1ex+HA220Dpn7mthvsTWpdamgu" + "D/9/SQ59dx9EIm29sa/6FsvHrcV30lacqrewLVQBXT5DKyqO107sSHVBpA=="; @@ -68,7 +80,9 @@ public static int verifyCertificateChain(List certs) } var rootPublicKey = root.getPublicKey().getEncoded(); - if (Arrays.equals(rootPublicKey, Base64.decode(SAMSUNG_ROOT_PUBLIC_KEY, 0))) { + if (Arrays.equals(rootPublicKey, Base64.decode(SAMSUNG_SAKV1_ROOT_PUBLIC_KEY, 0)) + || Arrays.equals(rootPublicKey, Base64.decode(SAMSUNG_SAKV2_ROOT_PUBLIC_KEY, 0)) + || Arrays.equals(rootPublicKey, Base64.decode(SAMSUNG_SAKmV1_ROOT_PUBLIC_KEY, 0))) { return SAMSUNG; } if (Arrays.equals(rootPublicKey, Base64.decode(GOOGLE_ROOT_PUBLIC_KEY, 0))) {