Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-01 11:36:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use VSR to tell libhwtrust_cxx how to validate

Browse Source 
The DICE chain specification changes slightly between VSR versions so
the VSR is used to select the set of validation rules that should be
applied.

Test: TH
Change-Id: I3697279d9348705a0279736c61e8333720321214
This commit is contained in:
Andrew Scull
2023-03-29 17:39:50 +00:00
parent 85eac30662
commit 2b1e5d9fc8
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
security/keymint/support/remote_prov_utils.cpp
View File

@@ -619,7 +619,7 @@ ErrMsgOr<std::vector<BccEntryData>> verifyProtectedData(
}
// BCC is [ pubkey, + BccEntry]
auto bccContents = validateBcc(bcc->asArray(), hwtrust::DiceChain::Kind::kProtectedData);
auto bccContents = validateBcc(bcc->asArray(), hwtrust::DiceChain::Kind::kVsr13);
if (!bccContents) {
return bccContents.message() + "\n" + prettyPrint(bcc.get());
}
@@ -910,7 +910,7 @@ ErrMsgOr<bytevec> parseAndValidateAuthenticatedRequest(const std::vector<uint8_t
}
// DICE chain is [ pubkey, + DiceChainEntry ].
auto diceContents = validateBcc(diceCertChain, hwtrust::DiceChain::Kind::kAuthenticatedMessage);
auto diceContents = validateBcc(diceCertChain, hwtrust::DiceChain::Kind::kVsr14);
if (!diceContents) {
return diceContents.message() + "\n" + prettyPrint(diceCertChain);
}