Use VSR to tell libhwtrust_cxx how to validate
The DICE chain specification changes slightly between VSR versions so
the VSR is used to select the set of validation rules that should be
applied.
Test: TH
Change-Id: I3697279d9348705a0279736c61e8333720321214
diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index 7214234..0c0af45 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -619,7 +619,7 @@
}
// BCC is [ pubkey, + BccEntry]
- auto bccContents = validateBcc(bcc->asArray(), hwtrust::DiceChain::Kind::kProtectedData);
+ auto bccContents = validateBcc(bcc->asArray(), hwtrust::DiceChain::Kind::kVsr13);
if (!bccContents) {
return bccContents.message() + "\n" + prettyPrint(bcc.get());
}
@@ -910,7 +910,7 @@
}
// DICE chain is [ pubkey, + DiceChainEntry ].
- auto diceContents = validateBcc(diceCertChain, hwtrust::DiceChain::Kind::kAuthenticatedMessage);
+ auto diceContents = validateBcc(diceCertChain, hwtrust::DiceChain::Kind::kVsr14);
if (!diceContents) {
return diceContents.message() + "\n" + prettyPrint(diceCertChain);
}