[rkp] Add request/response for ECDSA P256 key pair generation
This cl adds the request and response protocol for the ECDSA P256
key pair generation needed for the IRemotelyProvisionedComponent
implementation.
Bug: 299055662
Test: atest rialto_test
Change-Id: Ib3b8519e3833a6617fc6daa878777b9e0499f751
diff --git a/rialto/src/main.rs b/rialto/src/main.rs
index b34b9de..0ecbe9d 100644
--- a/rialto/src/main.rs
+++ b/rialto/src/main.rs
@@ -135,7 +135,7 @@
debug!("Found socket device: guest cid = {:?}", socket_device.guest_cid());
let mut vsock_stream = VsockStream::new(socket_device, host_addr())?;
- let response = requests::process_request(vsock_stream.read_request()?);
+ let response = requests::process_request(vsock_stream.read_request()?)?;
vsock_stream.write_response(&response)?;
vsock_stream.flush()?;
vsock_stream.shutdown()?;
diff --git a/rialto/src/requests/api.rs b/rialto/src/requests/api.rs
index 11fdde4..05a386e 100644
--- a/rialto/src/requests/api.rs
+++ b/rialto/src/requests/api.rs
@@ -14,16 +14,23 @@
//! This module contains the main API for the request processing module.
+use super::rkp;
+use crate::error::Result;
use alloc::vec::Vec;
use service_vm_comm::{Request, Response};
/// Processes a request and returns the corresponding response.
/// This function serves as the entry point for the request processing
/// module.
-pub fn process_request(request: Request) -> Response {
- match request {
+pub fn process_request(request: Request) -> Result<Response> {
+ let response = match request {
Request::Reverse(v) => Response::Reverse(reverse(v)),
- }
+ Request::GenerateEcdsaP256KeyPair => {
+ let res = rkp::generate_ecdsa_p256_key_pair()?;
+ Response::GenerateEcdsaP256KeyPair(res)
+ }
+ };
+ Ok(response)
}
fn reverse(payload: Vec<u8>) -> Vec<u8> {
diff --git a/rialto/src/requests/mod.rs b/rialto/src/requests/mod.rs
index ca22777..2ed568c 100644
--- a/rialto/src/requests/mod.rs
+++ b/rialto/src/requests/mod.rs
@@ -15,5 +15,6 @@
//! This module contains functions for the request processing.
mod api;
+mod rkp;
pub use api::process_request;
diff --git a/rialto/src/requests/rkp.rs b/rialto/src/requests/rkp.rs
new file mode 100644
index 0000000..f1b1b17
--- /dev/null
+++ b/rialto/src/requests/rkp.rs
@@ -0,0 +1,26 @@
+// Copyright 2023, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! This module contains functions related to the attestation of the
+//! service VM via the RKP (Remote Key Provisionning) server.
+
+use crate::error::Result;
+use alloc::vec::Vec;
+use service_vm_comm::EcdsaP256KeyPair;
+
+pub(super) fn generate_ecdsa_p256_key_pair() -> Result<EcdsaP256KeyPair> {
+ // TODO(b/299055662): Generate the key pair.
+ let key_pair = EcdsaP256KeyPair { maced_public_key: Vec::new(), key_blob: Vec::new() };
+ Ok(key_pair)
+}