[rkp] Report request processing error from service VM to host
This cl moves the request processing error from the service VM
to the communication protocol library so that the service VM can
send the error the host.
This change is necessary to enable the service VM to send back
RKP service specific error later.
Bug: 299256925
Test: atest rialto_test
Change-Id: I2cd718d8606880188866e954ac7c4eb8bb732bb4
diff --git a/rialto/src/error.rs b/rialto/src/error.rs
index 911cb9b..d2bdbbe 100644
--- a/rialto/src/error.rs
+++ b/rialto/src/error.rs
@@ -20,6 +20,7 @@
use fdtpci::PciError;
use hyp::Error as HypervisorError;
use libfdt::FdtError;
+use service_vm_comm::RequestProcessingError;
use vmbase::{memory::MemoryTrackerError, virtio::pci};
pub type Result<T> = result::Result<T, Error>;
@@ -53,6 +54,8 @@
DeserializationFailed(CiboriumDeError),
/// Failed DICE operation.
DiceOperationFailed(DiceError),
+ /// Failed to process request.
+ RequestProcessingFailed(RequestProcessingError),
}
impl fmt::Display for Error {
@@ -76,6 +79,7 @@
Self::SerializationFailed(e) => write!(f, "Failed to serialize: {e}"),
Self::DeserializationFailed(e) => write!(f, "Failed to deserialize: {e}"),
Self::DiceOperationFailed(e) => write!(f, "Failed DICE operation: {e}"),
+ Self::RequestProcessingFailed(e) => write!(f, "Failed to process request: {e}"),
}
}
}
@@ -133,3 +137,9 @@
Self::DiceOperationFailed(e)
}
}
+
+impl From<RequestProcessingError> for Error {
+ fn from(e: RequestProcessingError) -> Self {
+ Self::RequestProcessingFailed(e)
+ }
+}
diff --git a/rialto/src/requests/api.rs b/rialto/src/requests/api.rs
index c4b2d8e..5ea0106 100644
--- a/rialto/src/requests/api.rs
+++ b/rialto/src/requests/api.rs
@@ -25,14 +25,10 @@
pub fn process_request(request: Request) -> Result<Response> {
let response = match request {
Request::Reverse(v) => Response::Reverse(reverse(v)),
- Request::GenerateEcdsaP256KeyPair => {
- let res = rkp::generate_ecdsa_p256_key_pair()?;
- Response::GenerateEcdsaP256KeyPair(res)
- }
- Request::GenerateCertificateRequest(p) => {
- let res = rkp::generate_certificate_request(p)?;
- Response::GenerateCertificateRequest(res)
- }
+ Request::GenerateEcdsaP256KeyPair => rkp::generate_ecdsa_p256_key_pair()
+ .map_or_else(Response::Err, Response::GenerateEcdsaP256KeyPair),
+ Request::GenerateCertificateRequest(p) => rkp::generate_certificate_request(p)
+ .map_or_else(Response::Err, Response::GenerateCertificateRequest),
};
Ok(response)
}
diff --git a/rialto/src/requests/rkp.rs b/rialto/src/requests/rkp.rs
index 5977bfb..d74bb43 100644
--- a/rialto/src/requests/rkp.rs
+++ b/rialto/src/requests/rkp.rs
@@ -15,9 +15,11 @@
//! This module contains functions related to the attestation of the
//! service VM via the RKP (Remote Key Provisionning) server.
-use crate::error::Result;
use alloc::vec::Vec;
-use service_vm_comm::{EcdsaP256KeyPair, GenerateCertificateRequestParams};
+use core::result;
+use service_vm_comm::{EcdsaP256KeyPair, GenerateCertificateRequestParams, RequestProcessingError};
+
+type Result<T> = result::Result<T, RequestProcessingError>;
pub(super) fn generate_ecdsa_p256_key_pair() -> Result<EcdsaP256KeyPair> {
// TODO(b/299055662): Generate the key pair.