Merge "Remove inline attribute" into main
diff --git a/libs/service_vm_comm/src/lib.rs b/libs/service_vm_comm/src/lib.rs
index 555d1f0..6f03209 100644
--- a/libs/service_vm_comm/src/lib.rs
+++ b/libs/service_vm_comm/src/lib.rs
@@ -22,5 +22,5 @@
mod message;
mod vsock;
-pub use message::{EcdsaP256KeyPair, Request, Response};
+pub use message::{EcdsaP256KeyPair, GenerateCertificateRequestParams, Request, Response};
pub use vsock::host_port;
diff --git a/libs/service_vm_comm/src/message.rs b/libs/service_vm_comm/src/message.rs
index bbb5d8c..0eddcfb 100644
--- a/libs/service_vm_comm/src/message.rs
+++ b/libs/service_vm_comm/src/message.rs
@@ -19,6 +19,8 @@
use serde::{Deserialize, Serialize};
+type MacedPublicKey = Vec<u8>;
+
/// Represents a request to be sent to the service VM.
///
/// Each request has a corresponding response item.
@@ -31,6 +33,10 @@
/// Generates a new ECDSA P-256 key pair that can be attested by the remote
/// server.
GenerateEcdsaP256KeyPair,
+
+ /// Creates a certificate signing request to be sent to the
+ /// provisioning server.
+ GenerateCertificateRequest(GenerateCertificateRequestParams),
}
/// Represents a response to a request sent to the service VM.
@@ -43,6 +49,21 @@
/// Returns the new ECDSA P-256 key pair.
GenerateEcdsaP256KeyPair(EcdsaP256KeyPair),
+
+ /// Returns a CBOR Certificate Signing Request (Csr) serialized into a byte array.
+ GenerateCertificateRequest(Vec<u8>),
+}
+
+/// Represents the params passed to GenerateCertificateRequest
+#[derive(Clone, Debug, Serialize, Deserialize)]
+pub struct GenerateCertificateRequestParams {
+ /// Contains the set of keys to certify.
+ pub keys_to_sign: Vec<MacedPublicKey>,
+
+ /// challenge contains a byte strong from the provisioning server which will be
+ /// included in the signed data of the CSR structure.
+ /// The supported sizes is between 0 and 64 bytes, inclusive.
+ pub challenge: Vec<u8>,
}
/// Represents an ECDSA P-256 key pair.
@@ -51,7 +72,7 @@
/// Contains a CBOR-encoded public key specified in:
///
/// hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/MacedPublicKey.aidl
- pub maced_public_key: Vec<u8>,
+ pub maced_public_key: MacedPublicKey,
/// Contains a handle to the private key.
pub key_blob: Vec<u8>,
diff --git a/rialto/src/requests/api.rs b/rialto/src/requests/api.rs
index 05a386e..c4b2d8e 100644
--- a/rialto/src/requests/api.rs
+++ b/rialto/src/requests/api.rs
@@ -29,6 +29,10 @@
let res = rkp::generate_ecdsa_p256_key_pair()?;
Response::GenerateEcdsaP256KeyPair(res)
}
+ Request::GenerateCertificateRequest(p) => {
+ let res = rkp::generate_certificate_request(p)?;
+ Response::GenerateCertificateRequest(res)
+ }
};
Ok(response)
}
diff --git a/rialto/src/requests/rkp.rs b/rialto/src/requests/rkp.rs
index f1b1b17..5977bfb 100644
--- a/rialto/src/requests/rkp.rs
+++ b/rialto/src/requests/rkp.rs
@@ -17,10 +17,17 @@
use crate::error::Result;
use alloc::vec::Vec;
-use service_vm_comm::EcdsaP256KeyPair;
+use service_vm_comm::{EcdsaP256KeyPair, GenerateCertificateRequestParams};
pub(super) fn generate_ecdsa_p256_key_pair() -> Result<EcdsaP256KeyPair> {
// TODO(b/299055662): Generate the key pair.
let key_pair = EcdsaP256KeyPair { maced_public_key: Vec::new(), key_blob: Vec::new() };
Ok(key_pair)
}
+
+pub(super) fn generate_certificate_request(
+ _params: GenerateCertificateRequestParams,
+) -> Result<Vec<u8>> {
+ // TODO(b/299256925): Generate the certificate request
+ Ok(Vec::new())
+}