[rkp] Set up the connection between RKP Hal and RKP VM
Make the RKP Hal call into RKP VM for the real implementation.
Test: m virtualizationservice
Bug: 299411175
Change-Id: I3217acea028e4506213b8da94af8b8d86b63d54b
diff --git a/virtualizationservice/src/rkpvm.rs b/virtualizationservice/src/rkpvm.rs
index dbadd60..80953b5 100644
--- a/virtualizationservice/src/rkpvm.rs
+++ b/virtualizationservice/src/rkpvm.rs
@@ -16,8 +16,9 @@
//! The RKP VM will be recognized and attested by the RKP server periodically and
//! serves as a trusted platform to attest a client VM.
+use android_hardware_security_rkp::aidl::android::hardware::security::keymint::MacedPublicKey::MacedPublicKey;
use anyhow::{bail, Context, Result};
-use service_vm_comm::{Request, Response};
+use service_vm_comm::{EcdsaP256KeyPair, GenerateCertificateRequestParams, Request, Response};
use service_vm_manager::ServiceVm;
pub(crate) fn request_certificate(csr: &[u8]) -> Result<Vec<u8>> {
@@ -31,3 +32,29 @@
_ => bail!("Incorrect response type"),
}
}
+
+pub(crate) fn generate_ecdsa_p256_key_pair() -> Result<EcdsaP256KeyPair> {
+ let mut vm = ServiceVm::start()?;
+ let request = Request::GenerateEcdsaP256KeyPair;
+ match vm.process_request(request).context("Failed to process request")? {
+ Response::GenerateEcdsaP256KeyPair(key_pair) => Ok(key_pair),
+ _ => bail!("Incorrect response type"),
+ }
+}
+
+pub(crate) fn generate_certificate_request(
+ keys_to_sign: &[MacedPublicKey],
+ challenge: &[u8],
+) -> Result<Vec<u8>> {
+ let params = GenerateCertificateRequestParams {
+ keys_to_sign: keys_to_sign.iter().map(|v| v.macedKey.to_vec()).collect(),
+ challenge: challenge.to_vec(),
+ };
+ let request = Request::GenerateCertificateRequest(params);
+
+ let mut vm = ServiceVm::start()?;
+ match vm.process_request(request).context("Failed to process request")? {
+ Response::GenerateCertificateRequest(csr) => Ok(csr),
+ _ => bail!("Incorrect response type"),
+ }
+}