supreme-common/at.asitplus.attestation.android

Package-level declarations

Types

Link copied to clipboard
class AttestationKeyDescription(val attestationVersion: Int, val attestationSecurityLevel: AttestationKeyDescription.SecurityLevel, val keyMintVersion: Int, val keyMintSecurityLevel: AttestationKeyDescription.SecurityLevel, val attestationChallenge: ByteArray, val uniqueId: ByteArray, val softwareEnforced: AuthorizationList, val hardwareEnforced: AuthorizationList) : Asn1Encodable<Asn1Sequence> , Identifiable, PrettyPrintable

Attestation certificate extension used by Google. While we could use sophisticated sanity checks to ensure that only valid extensions that conform to the schema in every aspect, the reality is ugly, with device manufacturers being very creative about how and what will be encoded into softwareEnforced and hardwareEnforced. Hence, we must be able to parse extensions that are structurally valid at first glance, even when the actual values inside look like they have been through a meat grinder. As long as those values we check for during attestation validation are there and contain the values required for a successful assessment, we're golden! Hence, barely any sanity checks are enforced.

Link copied to clipboard
sealed class AttestationValue<out A : Asn1Encodable<*>> : AuthorizationList.Tagged.WithTag<Asn1Element> , PrettyPrintable

Either type containing:

Link copied to clipboard
data class AuthorizationList(val purpose: Set<AttestationValue<AuthorizationList.KeyPurpose>>? = null, val algorithm: AttestationValue<AuthorizationList.Algorithm>? = null, val keySize: AttestationValue<AuthorizationList.KeySize>? = null, val digest: Set<AttestationValue<AuthorizationList.Digest>>? = null, val padding: Set<AttestationValue<AuthorizationList.Padding>>? = null, val ecCurve: AttestationValue<AuthorizationList.ECCurve>? = null, val rsaPublicExponent: AttestationValue<AuthorizationList.RsaPublicExponent>? = null, val mgfDigest: Set<AttestationValue<AuthorizationList.MgfDigest>>? = null, val rollbackResistance: AttestationValue<AuthorizationList.RollbackResistance>? = null, val earlyBootOnly: AttestationValue<AuthorizationList.EarlyBootOnly>? = null, val activeDateTime: AttestationValue<AuthorizationList.ActiveDateTime>? = null, val originationExpireDateTime: AttestationValue<AuthorizationList.OriginationExpireDateTime>? = null, val usageExpireDateTime: AttestationValue<AuthorizationList.UsageExpireDateTime>? = null, val usageCountLimit: AttestationValue<AuthorizationList.UsageCountLimit>? = null, val noAuthRequired: AttestationValue<AuthorizationList.NoAuthRequired>? = null, val userAuthType: AttestationValue<AuthorizationList.UserAuthType>? = null, val authTimeout: AttestationValue<AuthorizationList.AuthTimeout>? = null, val allowWhileOnBody: AttestationValue<AuthorizationList.AllowWhileOnBody>? = null, val trustedUserPresenceRequired: AttestationValue<AuthorizationList.TrustedUserPresenceRequired>? = null, val trustedConfirmationRequired: AttestationValue<AuthorizationList.TrustedConfirmationRequired>? = null, val unlockedDeviceRequired: AttestationValue<AuthorizationList.UnlockedDeviceRequired>? = null, val allApplications: AttestationValue<AuthorizationList.AllApplications>? = null, val creationDateTime: AttestationValue<AuthorizationList.CreationDateTime>? = null, val origin: AttestationValue<AuthorizationList.Origin>? = null, val rollbackResistant: AttestationValue<AuthorizationList.RollbackResistent>? = null, val rootOfTrust: AttestationValue<AuthorizationList.RootOfTrust>? = null, val osVersion: AttestationValue<AuthorizationList.OsVersion>? = null, val osPatchLevel: AttestationValue<AuthorizationList.OsPatchLevel>? = null, val attestationApplicationId: AttestationValue<AuthorizationList.AttestationApplicationId>? = null, val attestationIdBrand: AttestationValue<AuthorizationList.AttestationId.Brand>? = null, val attestationIdDevice: AttestationValue<AuthorizationList.AttestationId.Device>? = null, val attestationIdProduct: AttestationValue<AuthorizationList.AttestationId.Product>? = null, val attestationIdSerial: AttestationValue<AuthorizationList.AttestationId.Serial>? = null, val attestationIdImei: AttestationValue<AuthorizationList.AttestationId.Imei>? = null, val attestationIdMeid: AttestationValue<AuthorizationList.AttestationId.Meid>? = null, val attestationIdManufacturer: AttestationValue<AuthorizationList.AttestationId.Manufacturer>? = null, val attestationIdModel: AttestationValue<AuthorizationList.AttestationId.Model>? = null, val vendorPatchLevel: AttestationValue<AuthorizationList.PatchLevel.Vendor>? = null, val bootPatchLevel: AttestationValue<AuthorizationList.PatchLevel.Boot>? = null, val deviceUniqueAttestation: AttestationValue<AuthorizationList.DeviceUniqueAttestation>? = null, val attestationIdSecondImei: AttestationValue<AuthorizationList.AttestationId.SecondImei>? = null, val moduleHash: AttestationValue<AuthorizationList.ModuleHash>? = null, val attestationVersion: Int? = null) : Asn1Encodable<Asn1Sequence> , PrettyPrintable

Authorization List ASN.1 sequence as defined by Google. Enum values as in the keymint definitions This is the meat of the AttestationKeyDescription attestation certificate extension. It is also used for secure key import.

Link copied to clipboard
interface PrettyPrintable

Properties

Link copied to clipboard
val X509Certificate.androidAttestationExtension: AttestationKeyDescription?

Tries to parse an AttestationKeyDescription certificate extension, if present. Never throws.

val X509Certificate.androidAttestationExtension: AttestationKeyDescription?

Tries to parse an AttestationKeyDescription certificate extension, if present. Never throws.

Functions

Link copied to clipboard
Generated by Dokka
© 2026 Copyright