From 2b1e5d9fc81d76fe25905ca9835fe48b5fb0652f Mon Sep 17 00:00:00 2001
From: Andrew Scull <ascull@google.com>
Date: Wed, 29 Mar 2023 17:39:50 +0000
Subject: [PATCH] Use VSR to tell libhwtrust_cxx how to validate

The DICE chain specification changes slightly between VSR versions so
the VSR is used to select the set of validation rules that should be
applied.

Test: TH
Change-Id: I3697279d9348705a0279736c61e8333720321214
---
 security/keymint/support/remote_prov_utils.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index 72142344b1..0c0af45423 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -619,7 +619,7 @@ ErrMsgOr<std::vector<BccEntryData>> verifyProtectedData(
     }
 
     // BCC is [ pubkey, + BccEntry]
-    auto bccContents = validateBcc(bcc->asArray(), hwtrust::DiceChain::Kind::kProtectedData);
+    auto bccContents = validateBcc(bcc->asArray(), hwtrust::DiceChain::Kind::kVsr13);
     if (!bccContents) {
         return bccContents.message() + "\n" + prettyPrint(bcc.get());
     }
@@ -910,7 +910,7 @@ ErrMsgOr<bytevec> parseAndValidateAuthenticatedRequest(const std::vector<uint8_t
     }
 
     // DICE chain is [ pubkey, + DiceChainEntry ].
-    auto diceContents = validateBcc(diceCertChain, hwtrust::DiceChain::Kind::kAuthenticatedMessage);
+    auto diceContents = validateBcc(diceCertChain, hwtrust::DiceChain::Kind::kVsr14);
     if (!diceContents) {
         return diceContents.message() + "\n" + prettyPrint(diceCertChain);
     }