diff --git a/app/src/main/java/app/attestation/auditor/AttestationProtocol.java b/app/src/main/java/app/attestation/auditor/AttestationProtocol.java index 9b579c4a..fa0324e0 100644 --- a/app/src/main/java/app/attestation/auditor/AttestationProtocol.java +++ b/app/src/main/java/app/attestation/auditor/AttestationProtocol.java @@ -147,11 +147,18 @@ class AttestationProtocol { // byte[] compressedChain { [short encodedCertificateLength, byte[] encodedCertificate] } // byte[] fingerprint (length: FINGERPRINT_LENGTH) // int osEnforcedFlags + // short autoRebootMinutes (-1 for unknown) + // byte portSecurityMode (-1 for unknown) + // byte userCount (-1 for unknown) // } // byte[] signature (rest of message) // // Protocol version changes: // + // 6: autoRebootMinutes added + // 6: portSecurityMode added + // 6: userCount added + // // n/a // // For each audit, the Auditee generates a fresh hardware-backed key with key attestation @@ -1223,6 +1230,12 @@ static VerificationResult verifySerialized(final Context context, final byte[] a throw new GeneralSecurityException("invalid device administrator state"); } + if (version >= 6) { + short autoRebootMinutes = deserializer.getShort(); + byte portSecurityMode = deserializer.get(); + byte userCount = deserializer.get(); + } + final int signatureLength = deserializer.remaining(); final byte[] signature = new byte[signatureLength]; deserializer.get(signature); @@ -1486,6 +1499,17 @@ static AttestationResult generateSerialized(final Context context, final byte[] } serializer.putInt(osEnforcedFlags); + if (version >= 6) { + short autoRebootMinutes = 0; + serializer.putShort(autoRebootMinutes); + + byte portSecurityMode = 0; + serializer.put(portSecurityMode); + + byte userCount = 0; + serializer.put(userCount); + } + final ByteBuffer message = serializer.duplicate(); message.flip();