[rkp] Restore the EC_Key from the remotely provisioned key blob This cl builds EcKey from the decrypted remotely provisioned key blob inside the service VM. The restored EC_Key will be used to sign the new certificate to be appended to the remotely provisioned cert chain using ECDSA. An implementation of __memset_chk has been added because it is needed by BoringSSL. Bug: 241428146 Test: atest libbssl_avf_nostd.test rialto_test Change-Id: I805c73efa309c01f55eb13a085dcca36f1e39f54

commit: 000595b74791662bf060510422ffa49948531a05 [log] [tgz]
author: Alice Wang <aliceywang@google.com> Mon Oct 02 13:46:45 2023 +0000
committer: Alice Wang <aliceywang@google.com> Tue Nov 14 14:57:05 2023 +0000
tree: 08269de4a7c291211ad7156fdb6ed2a6fb162e4f
parent: de6bee5fffdb1df91f0250a38c6f238888a4feaf [diff] [blame]
diff --git a/service_vm/requests/src/rkp.rs b/service_vm/requests/src/rkp.rs
index 8d7d771..c2c13b3 100644
--- a/service_vm/requests/src/rkp.rs
+++ b/service_vm/requests/src/rkp.rs

@@ -48,7 +48,7 @@
 
     let maced_public_key = build_maced_public_key(ec_key.cose_public_key()?, hmac_key.as_ref())?;
     let key_blob =
-        EncryptedKeyBlob::new(ec_key.private_key()?.as_slice(), dice_artifacts.cdi_seal())?;
+        EncryptedKeyBlob::new(ec_key.ec_private_key()?.as_slice(), dice_artifacts.cdi_seal())?;
 
     let key_pair =
         EcdsaP256KeyPair { maced_public_key, key_blob: cbor_util::serialize(&key_blob)? };
commit	000595b74791662bf060510422ffa49948531a05	[log] [tgz]
author	Alice Wang <aliceywang@google.com>	Mon Oct 02 13:46:45 2023 +0000
committer	Alice Wang <aliceywang@google.com>	Tue Nov 14 14:57:05 2023 +0000
tree	08269de4a7c291211ad7156fdb6ed2a6fb162e4f
parent	de6bee5fffdb1df91f0250a38c6f238888a4feaf [diff] [blame]