Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b5016428 authored by Tommy Chiu's avatar Tommy Chiu
Browse files

Correct the UDS_pub source 

The UDS_pub is supposed to be the first element of DiceCertChain
according to generateCertificateRequestV2.cddl.

Bug: 365711214
Test: rkp_factory_extraction_tool
Change-Id: I454a99058d92ce9743810a9334c7ccacccc694e0
parent 704df561

security/keymint/support/remote_prov_utils.cpp

+3 −2
Original line number Diff line number Diff line
@@ -1040,14 +1040,15 @@ ErrMsgOr<bytevec> parseAndValidateAuthenticatedRequest(const std::vector<uint8_t 
        return diceContents.message() + "\n" + prettyPrint(diceCertChain);

    }



    auto& udsPub = diceContents->back().pubKey;

    auto udsPub = diceCertChain->get(0)->asMap()->encode();

    auto& kmDiceKey = diceContents->back().pubKey;



    auto error = validateUdsCerts(*udsCerts, udsPub);

    if (!error.empty()) {

        return error;

    }



    auto signedPayload = verifyAndParseCoseSign1(signedData, udsPub, {} /* aad */);

    auto signedPayload = verifyAndParseCoseSign1(signedData, kmDiceKey, {} /* aad */);

    if (!signedPayload) {

        return signedPayload.message();

    }