Merge "Correct the UDS_pub source" into main am: 52ed6c3497 am: 75fc02e957
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/3260455
Change-Id: I05048eaf9c1f814de0cd46f1fedef8bb6abb1c5b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index 16a03dc..a679340 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -1047,14 +1047,15 @@
return diceContents.message() + "\n" + prettyPrint(diceCertChain);
}
- auto& udsPub = diceContents->back().pubKey;
+ auto udsPub = diceCertChain->get(0)->asMap()->encode();
+ auto& kmDiceKey = diceContents->back().pubKey;
auto error = validateUdsCerts(*udsCerts, udsPub);
if (!error.empty()) {
return error;
}
- auto signedPayload = verifyAndParseCoseSign1(signedData, udsPub, {} /* aad */);
+ auto signedPayload = verifyAndParseCoseSign1(signedData, kmDiceKey, {} /* aad */);
if (!signedPayload) {
return signedPayload.message();
}