Merge "[rkp] Derive CDI_Leaf_Priv with open-dice API" into main am: dcffd05f05 am: 5cd71e8a1f am: 9be8d6d726
Original change: https://android-review.googlesource.com/c/platform/packages/modules/Virtualization/+/2786207
Change-Id: I506e893f7ac1b476b8cc015fc41e2108599a9221
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/service_vm/requests/src/rkp.rs b/service_vm/requests/src/rkp.rs
index 2d80f13..933737c 100644
--- a/service_vm/requests/src/rkp.rs
+++ b/service_vm/requests/src/rkp.rs
@@ -25,7 +25,7 @@
use ciborium::{cbor, value::Value};
use core::result;
use coset::{iana, AsCborValue, CoseSign1, CoseSign1Builder, HeaderBuilder};
-use diced_open_dice::{kdf, keypair_from_seed, sign, DiceArtifacts, PrivateKey};
+use diced_open_dice::{derive_cdi_leaf_priv, kdf, sign, DiceArtifacts, PrivateKey};
use log::error;
use service_vm_comm::{EcdsaP256KeyPair, GenerateCertificateRequestParams, RequestProcessingError};
use zeroize::Zeroizing;
@@ -128,11 +128,6 @@
Ok(signed_data)
}
-fn derive_cdi_leaf_priv(dice_artifacts: &dyn DiceArtifacts) -> diced_open_dice::Result<PrivateKey> {
- let (_, private_key) = keypair_from_seed(dice_artifacts.cdi_attest())?;
- Ok(private_key)
-}
-
fn sign_message(message: &[u8], private_key: &PrivateKey) -> Result<Vec<u8>> {
Ok(sign(message, private_key.as_array())
.map_err(|e| {