From 7078e746e102038dce69c5efe302f8621d9e584d Mon Sep 17 00:00:00 2001 From: Nicholas Bissell Date: Mon, 27 Oct 2025 20:56:14 +0000 Subject: [PATCH] Fix RSA key attestation --- .../keyattestation/home/HomeViewModel.kt | 2 +- .../keystore/AndroidKeyStore.java | 19 +++++++------------ .../repository/AttestationRepository.java | 4 ++-- 3 files changed, 10 insertions(+), 15 deletions(-) diff --git a/app/src/main/java/io/github/vvb2060/keyattestation/home/HomeViewModel.kt b/app/src/main/java/io/github/vvb2060/keyattestation/home/HomeViewModel.kt index e7eec98..1312c68 100644 --- a/app/src/main/java/io/github/vvb2060/keyattestation/home/HomeViewModel.kt +++ b/app/src/main/java/io/github/vvb2060/keyattestation/home/HomeViewModel.kt @@ -41,7 +41,7 @@ class HomeViewModel( } } - private val attestationRepository = AttestationRepository(KeyStoreKeyType.ECDSA) + private val attestationRepository = AttestationRepository() private val attestationData = MutableLiveData>() var secretMode = sp.getBoolean("secret_mode", true) diff --git a/app/src/main/java/io/github/vvb2060/keyattestation/keystore/AndroidKeyStore.java b/app/src/main/java/io/github/vvb2060/keyattestation/keystore/AndroidKeyStore.java index 46e0628..2a5bfd3 100644 --- a/app/src/main/java/io/github/vvb2060/keyattestation/keystore/AndroidKeyStore.java +++ b/app/src/main/java/io/github/vvb2060/keyattestation/keystore/AndroidKeyStore.java @@ -37,6 +37,7 @@ import java.security.spec.ECGenParameterSpec; import java.util.Arrays; import java.util.Date; +import java.util.HashMap; import java.util.Objects; import javax.security.auth.x500.X500Principal; @@ -47,10 +48,10 @@ public class AndroidKeyStore extends IAndroidKeyStore.Stub { private final KeyStore keyStore; - private final KeyPairGenerator keyPairGenerator; + private final HashMap keyPairGenerators = new HashMap<>(); private int clientUid = -1; - public AndroidKeyStore(byte keyStoreKeyType) throws Exception { + public AndroidKeyStore() throws Exception { if (Os.geteuid() < Process.FIRST_APPLICATION_UID) { fixEnv(); var pm = ActivityThread.currentApplication().getPackageManager(); @@ -58,16 +59,8 @@ public AndroidKeyStore(byte keyStoreKeyType) throws Exception { } keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); - keyPairGenerator = switch (keyStoreKeyType){ - case KeyStoreKeyType.ECDSA -> - KeyPairGenerator.getInstance( - KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore"); - case KeyStoreKeyType.RSA -> - KeyPairGenerator.getInstance( - KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore"); - default -> - throw new IllegalStateException("Unimplemented KeyStore type: " + keyStoreKeyType); - }; + keyPairGenerators.put(KeyStoreKeyType.ECDSA, KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore")); + keyPairGenerators.put(KeyStoreKeyType.RSA, KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore")); } private static void fixEnv() throws Exception { @@ -279,6 +272,8 @@ public byte[] generateKeyPair(String alias, var params = (KeyGenParameterSpec) genParameter(alias, attestKeyAlias, useStrongBox, includeProps, uniqueIdIncluded, keyStoreKeyType, flagsToArray(idFlags)); try { + var keyPairGenerator = keyPairGenerators.get(keyStoreKeyType); + assert keyPairGenerator != null; keyPairGenerator.initialize(params); keyPairGenerator.generateKeyPair(); if (useSak) { diff --git a/app/src/main/java/io/github/vvb2060/keyattestation/repository/AttestationRepository.java b/app/src/main/java/io/github/vvb2060/keyattestation/repository/AttestationRepository.java index 5e36e16..06a1f49 100644 --- a/app/src/main/java/io/github/vvb2060/keyattestation/repository/AttestationRepository.java +++ b/app/src/main/java/io/github/vvb2060/keyattestation/repository/AttestationRepository.java @@ -41,8 +41,8 @@ public class AttestationRepository { private final List currentCerts; private IAndroidKeyStore keyStore; - public AttestationRepository(byte keyStoreKeyType) throws Exception { - localKeyStore = new AndroidKeyStore(keyStoreKeyType); + public AttestationRepository() throws Exception { + localKeyStore = new AndroidKeyStore(); factory = CertificateFactory.getInstance("X.509"); currentCerts = new ArrayList<>(); keyStore = localKeyStore;