Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / a410b648c3d047da476c5a63c743d2ded1e3f37e^! / . / vm_payload / src / api.rs
commita410b648c3d047da476c5a63c743d2ded1e3f37e[log] [tgz]
authorAlice Wang <aliceywang@google.com>Wed Oct 18 09:05:15 2023 +0000
committerAlice Wang <aliceywang@google.com>Fri Oct 27 14:07:08 2023 +0000
treeeab7bdebff95ecbd9ea3f451761b5037838d1919
parent2847d0ccfa1a1e890d16b3e7f44e980c5de470c4 [diff] [blame]
[attestation] Rename the client VM attestation API

As agreed in the doc go/pvm-remote-attestation.

Bug: 303807447
Test: m com.android.virt
Test: run ServiceVmClientApp
Change-Id: Ic954aa60d69e42773c04230af9319e660352d6a9

diff --git a/vm_payload/src/api.rs b/vm_payload/src/api.rs
index 00d7299..93dbd1c 100644
--- a/vm_payload/src/api.rs
+++ b/vm_payload/src/api.rs

@@ -253,29 +253,31 @@
     get_vm_payload_service()?.getDiceAttestationCdi().context("Cannot get attestation CDI")
 }
 
-/// Requests a certificate using the provided certificate signing request (CSR).
-/// Panics on failure.
+/// Requests the remote attestation of the client VM.
+///
+/// The challenge will be included in the certificate chain in the attestation result,
+/// serving as proof of the freshness of the result.
 ///
 /// # Safety
 ///
 /// Behavior is undefined if any of the following conditions are violated:
 ///
-/// * `csr` must be [valid] for reads of `csr_size` bytes.
+/// * `challenge` must be [valid] for reads of `challenge_size` bytes.
 /// * `buffer` must be [valid] for writes of `size` bytes. `buffer` can be null if `size` is 0.
 ///
 /// [valid]: ptr#safety
 #[no_mangle]
-pub unsafe extern "C" fn AVmPayload_requestCertificate(
-    csr: *const u8,
-    csr_size: usize,
+pub unsafe extern "C" fn AVmPayload_requestAttestation(
+    challenge: *const u8,
+    challenge_size: usize,
     buffer: *mut u8,
     size: usize,
 ) -> usize {
     initialize_logging();
 
-    // SAFETY: See the requirements on `csr` above.
-    let csr = unsafe { std::slice::from_raw_parts(csr, csr_size) };
-    let certificate = unwrap_or_abort(try_request_certificate(csr));
+    // SAFETY: See the requirements on `challenge` above.
+    let challenge = unsafe { std::slice::from_raw_parts(challenge, challenge_size) };
+    let certificate = unwrap_or_abort(try_request_attestation(challenge));
 
     if size != 0 || buffer.is_null() {
         // SAFETY: See the requirements on `buffer` above. The number of bytes copied doesn't exceed
@@ -292,10 +294,10 @@
     certificate.len()
 }
 
-fn try_request_certificate(csr: &[u8]) -> Result<Vec<u8>> {
+fn try_request_attestation(challenge: &[u8]) -> Result<Vec<u8>> {
     let certificate = get_vm_payload_service()?
-        .requestCertificate(csr)
-        .context("Failed to request certificate")?;
+        .requestAttestation(challenge)
+        .context("Failed to request attestation")?;
     Ok(certificate)
 }