commit fabece8c06af245dbbab7100bc19f25e00d580d4
author Seth Moore <sethmo@google.com> Fri Jun 25 15:57:59 2021 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Fri Jun 25 15:57:59 2021 +0000
tree ee6a2273759b85c4de08f9335d105579afe00bc3
parent 8d6e82c64276cac7fac72e13495a414cc9f17998
parent 1aa82dadc004c2e570280179d4dbed80ea71f72c

Merge changes from topic "rkp-factory-tool-redux" into sc-dev

* changes:
  Generate random challenge in RKP factory tool
  Add prod GEEK to rkp_factory_extraction_tool
  Remove duplicate generateEekChain routine

keystore2/src/remote_provisioning.rs

diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs
index 1f3f8e8..40ffd0c 100644
--- a/keystore2/src/remote_provisioning.rs
+++ b/keystore2/src/remote_provisioning.rs
@@ -302,9 +302,17 @@
             (mac.len() as u8),
         ];
         cose_mac_0.append(&mut mac);
+        // If this is a test mode key, there is an extra 6 bytes added as an additional entry in
+        // the COSE_Key struct to denote that.
+        let test_mode_entry_shift = if test_mode { 0 } else { 6 };
+        let byte_dist_mac0_payload = 8;
+        let cose_key_size = 83 - test_mode_entry_shift;
         for maced_public_key in keys_to_sign {
-            if maced_public_key.macedKey.len() > 83 + 8 {
-                cose_mac_0.extend_from_slice(&maced_public_key.macedKey[8..83 + 8]);
+            if maced_public_key.macedKey.len() > cose_key_size + byte_dist_mac0_payload {
+                cose_mac_0.extend_from_slice(
+                    &maced_public_key.macedKey
+                        [byte_dist_mac0_payload..cose_key_size + byte_dist_mac0_payload],
+                );
             }
         }
         Ok(cose_mac_0)