[rkp] Restore the EC_Key from the remotely provisioned key blob

This cl builds EcKey from the decrypted remotely provisioned
key blob inside the service VM.

The restored EC_Key will be used to sign the new certificate to
be appended to the remotely provisioned cert chain using ECDSA.

An implementation of __memset_chk has been added because it is
needed by BoringSSL.

Bug: 241428146
Test: atest libbssl_avf_nostd.test rialto_test
Change-Id: I805c73efa309c01f55eb13a085dcca36f1e39f54
diff --git a/service_vm/requests/src/client_vm.rs b/service_vm/requests/src/client_vm.rs
index d53580b..74c26d3 100644
--- a/service_vm/requests/src/client_vm.rs
+++ b/service_vm/requests/src/client_vm.rs
@@ -17,6 +17,7 @@
 
 use crate::keyblob::decrypt_private_key;
 use alloc::vec::Vec;
+use bssl_avf::EcKey;
 use core::result;
 use coset::{CborSerializable, CoseSign};
 use diced_open_dice::DiceArtifacts;
@@ -36,12 +37,13 @@
     // TODO(b/278717513): Compare client VM's DICE chain in the `csr` up to pvmfw
     // cert with RKP VM's DICE chain.
 
-    let _private_key =
+    let private_key =
         decrypt_private_key(&params.remotely_provisioned_key_blob, dice_artifacts.cdi_seal())
             .map_err(|e| {
                 error!("Failed to decrypt the remotely provisioned key blob: {e}");
                 RequestProcessingError::FailedToDecryptKeyBlob
             })?;
+    let _ec_private_key = EcKey::from_ec_private_key(private_key.as_slice())?;
 
     // TODO(b/309441500): Build a new certificate signed with the remotely provisioned
     // `_private_key`.
diff --git a/service_vm/requests/src/rkp.rs b/service_vm/requests/src/rkp.rs
index 8d7d771..c2c13b3 100644
--- a/service_vm/requests/src/rkp.rs
+++ b/service_vm/requests/src/rkp.rs
@@ -48,7 +48,7 @@
 
     let maced_public_key = build_maced_public_key(ec_key.cose_public_key()?, hmac_key.as_ref())?;
     let key_blob =
-        EncryptedKeyBlob::new(ec_key.private_key()?.as_slice(), dice_artifacts.cdi_seal())?;
+        EncryptedKeyBlob::new(ec_key.ec_private_key()?.as_slice(), dice_artifacts.cdi_seal())?;
 
     let key_pair =
         EcdsaP256KeyPair { maced_public_key, key_blob: cbor_util::serialize(&key_blob)? };