commit cb9e5f6ffde8d9fcb5d9acb90d81186fa425199f
author Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Wed Sep 11 00:43:20 2024 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Wed Sep 11 00:43:20 2024 +0000
tree e39417adef8996415ae32b27fe75b61f4785b0b8
parent 33c59b726a39c683fa93ebfeec7a985b5e972fa0
parent 75fc02e957a3a4cbeeb6b7d54a473913d51a0e1d

Merge "Correct the UDS_pub source" into main am: 52ed6c3497 am: 75fc02e957

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/3260455

Change-Id: I05048eaf9c1f814de0cd46f1fedef8bb6abb1c5b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

security/keymint/support/remote_prov_utils.cpp

diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index 16a03dc..a679340 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -1047,14 +1047,15 @@
         return diceContents.message() + "\n" + prettyPrint(diceCertChain);
     }
 
-    auto& udsPub = diceContents->back().pubKey;
+    auto udsPub = diceCertChain->get(0)->asMap()->encode();
+    auto& kmDiceKey = diceContents->back().pubKey;
 
     auto error = validateUdsCerts(*udsCerts, udsPub);
     if (!error.empty()) {
         return error;
     }
 
-    auto signedPayload = verifyAndParseCoseSign1(signedData, udsPub, {} /* aad */);
+    auto signedPayload = verifyAndParseCoseSign1(signedData, kmDiceKey, {} /* aad */);
     if (!signedPayload) {
         return signedPayload.message();
     }