[rkp] Build MACed public key from boringssl EC_KEY
The secret will be added in a subsequent after we get the DICE
chain info of the RKP VM.
Bug: 300068317
Test: atest rialto_test
Change-Id: Ia373930fc8f1c6d38349208ca62b9b71b98d126f
diff --git a/rialto/src/requests/rkp.rs b/rialto/src/requests/rkp.rs
index 66d3603..58e054f 100644
--- a/rialto/src/requests/rkp.rs
+++ b/rialto/src/requests/rkp.rs
@@ -16,6 +16,7 @@
//! service VM via the RKP (Remote Key Provisioning) server.
use super::ec_key::EcKey;
+use super::pub_key::build_maced_public_key;
use alloc::vec::Vec;
use core::result;
use diced_open_dice::DiceArtifacts;
@@ -26,14 +27,15 @@
pub(super) fn generate_ecdsa_p256_key_pair(
_dice_artifacts: &dyn DiceArtifacts,
) -> Result<EcdsaP256KeyPair> {
+ let hmac_key = [];
let ec_key = EcKey::new_p256()?;
+ let maced_public_key = build_maced_public_key(ec_key.cose_public_key()?, &hmac_key)?;
// TODO(b/279425980): Encrypt the private key in a key blob.
// Remove the printing of the private key.
log::debug!("Private key: {:?}", ec_key.private_key()?.as_slice());
- // TODO(b/300068317): Build MACed public key.
- let key_pair = EcdsaP256KeyPair { maced_public_key: Vec::new(), key_blob: Vec::new() };
+ let key_pair = EcdsaP256KeyPair { maced_public_key, key_blob: Vec::new() };
Ok(key_pair)
}