commit 2628d332805c96198d598cc2698f312c7ebf627e
author Alice Wang <aliceywang@google.com> Wed Sep 13 14:48:37 2023 +0000
committer Alice Wang <aliceywang@google.com> Wed Sep 13 14:48:37 2023 +0000
tree 4229a1c05f094772372128f170a3cdc2d3cbf747
parent f3482600a5764ce8c853f2d51c43767454f080ec

[rkp] Raise exception if the given challenge is too big

Bug: 299256925
Test: m com.android.virt
Change-Id: Ib420cfdf35ce6dc5cefdc67793ac0490d0aedaa1

virtualizationservice/src/remote_provisioning.rs

diff --git a/virtualizationservice/src/remote_provisioning.rs b/virtualizationservice/src/remote_provisioning.rs
index 06f8ad4..1c8d1e6 100644
--- a/virtualizationservice/src/remote_provisioning.rs
+++ b/virtualizationservice/src/remote_provisioning.rs
@@ -94,6 +94,16 @@
         keysToSign: &[MacedPublicKey],
         challenge: &[u8],
     ) -> BinderResult<Vec<u8>> {
+        const MAX_CHALLENGE_SIZE: usize = 64;
+        if challenge.len() > MAX_CHALLENGE_SIZE {
+            let message = format!(
+                "Challenge is too big. Actual: {:?}. Maximum: {:?}.",
+                challenge.len(),
+                MAX_CHALLENGE_SIZE
+            );
+            return Err(Status::new_service_specific_error_str(STATUS_FAILED, Some(message)))
+                .with_log();
+        }
         // TODO(b/299259624): Validate the MAC of the keys to certify.
         rkpvm::generate_certificate_request(keysToSign, challenge)
             .context("Failed to generate certificate request")