From f23b2f0a452198a0d86806979842e2767f109b07 Mon Sep 17 00:00:00 2001
From: Davis Benny <davis.benny@intel.com>
Date: Mon, 13 Nov 2023 12:07:58 +0530
Subject: [PATCH 1/2] Enabling cross device attestation (#649)

Enabling voucher extension with different device
  attestion type and Owner key type.

Signed-off-by: Benny <davis.benny@intel.com>
---
 .../fdo/protocol/VoucherUtils.java            | 40 +++++++++++++++++--
 1 file changed, 37 insertions(+), 3 deletions(-)

diff --git a/protocol/src/main/java/org/fidoalliance/fdo/protocol/VoucherUtils.java b/protocol/src/main/java/org/fidoalliance/fdo/protocol/VoucherUtils.java
index 8b3e3c975..c78b15011 100644
--- a/protocol/src/main/java/org/fidoalliance/fdo/protocol/VoucherUtils.java
+++ b/protocol/src/main/java/org/fidoalliance/fdo/protocol/VoucherUtils.java
@@ -19,6 +19,7 @@
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
 import java.security.spec.ECParameterSpec;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.ArrayList;
@@ -49,6 +50,7 @@
 import org.fidoalliance.fdo.protocol.message.OwnershipVoucherEntries;
 import org.fidoalliance.fdo.protocol.message.OwnershipVoucherEntryPayload;
 import org.fidoalliance.fdo.protocol.message.OwnershipVoucherHeader;
+import org.fidoalliance.fdo.protocol.message.PublicKeyType;
 import org.fidoalliance.fdo.protocol.message.RendezvousDirective;
 import org.fidoalliance.fdo.protocol.message.RendezvousInfo;
 import org.fidoalliance.fdo.protocol.message.RendezvousInstruction;
@@ -112,9 +114,10 @@ public static OwnershipVoucher extend(OwnershipVoucher voucher,
     entryPayload.setHeaderHash(hdrHash);
     entryPayload.setExtra(Config.getWorker(ExtraInfoSupplier.class).get());
 
-    OwnerPublicKey nextOwnerKey = cs.encodeKey(prevOwnerPubKey.getType(),
-        prevOwnerPubKey.getEnc(),
-        nextChain);
+    OwnerPublicKey nextOwnerKey = cs.encodeKey(getCertificateKeyType(
+            nextChain[nextChain.length - 1]),
+            prevOwnerPubKey.getEnc(),
+            nextChain);
 
     //assume owner is encoded same a
     entryPayload.setOwnerPublicKey(nextOwnerKey);
@@ -341,6 +344,37 @@ public static String getPublicKeyAlias(OwnershipVoucher voucher) throws IOExcept
         new AlgorithmFinder().getKeySizeType(publicKey));
   }
 
+  private static PublicKeyType getCertificateKeyType(Certificate certificate) throws IOException {
+    PublicKey publicKey = certificate.getPublicKey();
+
+    if (publicKey instanceof RSAPublicKey) {
+      RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey;
+      int keySize = rsaPublicKey.getModulus().bitLength();
+
+      if (keySize == 2048) {
+        return PublicKeyType.RSA2048RESTR;
+      } else {
+        String algorithm = rsaPublicKey.getAlgorithm();
+        if ("RSA".equalsIgnoreCase(algorithm)) {
+          return PublicKeyType.RSAPKCS;
+        }
+      }
+    } else if (publicKey instanceof ECPublicKey) {
+      ECPublicKey ecPublicKey = (ECPublicKey) publicKey;
+      ECParameterSpec params = ecPublicKey.getParams();
+
+      if (params != null) {
+        int keySize = params.getOrder().bitLength();
+        if (keySize == 256) {
+          return PublicKeyType.SECP256R1;
+        } else if (keySize == 384) {
+          return PublicKeyType.SECP384R1;
+        }
+      }
+    }
+    throw new IOException("Invalid Certificate type");
+  }
+
   private static CertPath getCertPath(List<Certificate> chain) throws IOException {
 
     final CertificateFactory cf;

From 4ed3e24409b19f194a50919d18218afbb5ecfdb6 Mon Sep 17 00:00:00 2001
From: Davis Benny <davis.benny@intel.com>
Date: Mon, 13 Nov 2023 12:08:27 +0530
Subject: [PATCH 2/2] Changing the default reseller keystore filename (#635)

Changing the default reseller keystore filename.

Signed-off-by: Benny <davis.benny@intel.com>
---
 component-samples/demo/reseller/service.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/component-samples/demo/reseller/service.yml b/component-samples/demo/reseller/service.yml
index 72179134e..4bfd146ae 100644
--- a/component-samples/demo/reseller/service.yml
+++ b/component-samples/demo/reseller/service.yml
@@ -53,7 +53,7 @@ http-server:
 
 owner:
    keystore: 
-     path: owner.p12
+     path: reseller.p12
      store-type: PKCS12
      password: $(encrypt_password)