From 67ccfc64356cc510b3ec60fa259b1d7b88d74ae9 Mon Sep 17 00:00:00 2001
From: Carl Lundin <clundin@google.com>
Date: Wed, 15 Jan 2025 09:26:50 -0800
Subject: [PATCH] Exported CDI handle should be 32 bits not 32 bytes.

---
 dpe/src/commands/derive_context.rs | 3 +--
 dpe/src/lib.rs                     | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/dpe/src/commands/derive_context.rs b/dpe/src/commands/derive_context.rs
index 779e6332..200bbb0a 100644
--- a/dpe/src/commands/derive_context.rs
+++ b/dpe/src/commands/derive_context.rs
@@ -206,8 +206,7 @@ impl CommandExecution for DeriveContextCmd {
             || (!dpe.support.internal_dice() && self.uses_internal_dice_input())
             || (!dpe.support.retain_parent_context() && self.retains_parent())
             || (!dpe.support.x509() && self.allows_x509())
-            || (!dpe.support.cdi_export()
-                && (self.creates_certificate() || self.exports_cdi()))
+            || (!dpe.support.cdi_export() && (self.creates_certificate() || self.exports_cdi()))
             || (!dpe.support.recursive() && self.is_recursive())
         {
             return Err(DpeErrorCode::ArgumentNotSupported);
diff --git a/dpe/src/lib.rs b/dpe/src/lib.rs
index b4da833c..1182682d 100644
--- a/dpe/src/lib.rs
+++ b/dpe/src/lib.rs
@@ -25,7 +25,7 @@ pub mod x509;
 
 use zerocopy::{FromBytes, Immutable, IntoBytes, KnownLayout};
 
-const MAX_EXPORTED_CDI_SIZE: usize = 256;
+const MAX_EXPORTED_CDI_SIZE: usize = 32;
 
 // Max cert size returned by CertifyKey
 const MAX_CERT_SIZE: usize = 6144;