Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 5dddeea62cacbd1e55a7f9cabecc683710968f43^! / . / service_vm / requests / src / keyblob.rs
commit5dddeea62cacbd1e55a7f9cabecc683710968f43[log] [tgz]
authorAlice Wang <aliceywang@google.com>Fri Oct 13 12:56:22 2023 +0000
committerAlice Wang <aliceywang@google.com>Wed Oct 18 07:24:06 2023 +0000
tree3f1af3152fb0478af48a3ea945b530cf859254cc
parent0486e2508d058db404852a32fa809fa45aee5e88 [diff] [blame]
[cbor] Separate cbor conversion functions in an independent lib

This allows callers from both std and nostd environment to
convert to/from CBOR-encoded data.

Bug: 303807447
Test: atest libservice_vm_requests.test
Change-Id: Ib2052f28779290165941cb2cf7ecc9ca566472af

diff --git a/service_vm/requests/src/keyblob.rs b/service_vm/requests/src/keyblob.rs
index a714edd..456c879 100644
--- a/service_vm/requests/src/keyblob.rs
+++ b/service_vm/requests/src/keyblob.rs

@@ -14,7 +14,6 @@
 
 //! Handles the encryption and decryption of the key blob.
 
-use crate::cbor;
 use alloc::vec;
 use alloc::vec::Vec;
 use bssl_avf::{hkdf, rand_bytes, Aead, AeadContext, Digester, AES_GCM_NONCE_LENGTH};
@@ -70,16 +69,6 @@
             Self::V1(blob) => blob.decrypt_private_key(kek_secret),
         }
     }
-
-    // TODO(b/241428146): This function will be used once the retrieval mechanism is available.
-    #[cfg(test)]
-    pub(crate) fn from_cbor_slice(slice: &[u8]) -> coset::Result<Self> {
-        cbor::deserialize(slice)
-    }
-
-    pub(crate) fn to_cbor_vec(&self) -> coset::Result<Vec<u8>> {
-        cbor::serialize(&self)
-    }
 }
 
 impl EncryptedKeyBlobV1 {
@@ -136,8 +125,9 @@
 
     #[test]
     fn decrypting_keyblob_succeeds_with_the_same_kek() -> Result<()> {
-        let encrypted_key_blob = EncryptedKeyBlob::new(&TEST_KEY, &TEST_SECRET1)?.to_cbor_vec()?;
-        let encrypted_key_blob = EncryptedKeyBlob::from_cbor_slice(&encrypted_key_blob)?;
+        let encrypted_key_blob =
+            cbor_util::serialize(&EncryptedKeyBlob::new(&TEST_KEY, &TEST_SECRET1)?)?;
+        let encrypted_key_blob: EncryptedKeyBlob = cbor_util::deserialize(&encrypted_key_blob)?;
         let decrypted_key = encrypted_key_blob.decrypt_private_key(&TEST_SECRET1)?;
 
         assert_eq!(TEST_KEY, decrypted_key.as_slice());
@@ -146,8 +136,9 @@
 
     #[test]
     fn decrypting_keyblob_fails_with_a_different_kek() -> Result<()> {
-        let encrypted_key_blob = EncryptedKeyBlob::new(&TEST_KEY, &TEST_SECRET1)?.to_cbor_vec()?;
-        let encrypted_key_blob = EncryptedKeyBlob::from_cbor_slice(&encrypted_key_blob)?;
+        let encrypted_key_blob =
+            cbor_util::serialize(&EncryptedKeyBlob::new(&TEST_KEY, &TEST_SECRET1)?)?;
+        let encrypted_key_blob: EncryptedKeyBlob = cbor_util::deserialize(&encrypted_key_blob)?;
         let err = encrypted_key_blob.decrypt_private_key(&TEST_SECRET2).unwrap_err();
 
         let expected_err: RequestProcessingError =