[client-vm] Build client VM CSR and sign the CSR with two keys

This cl builds the CSR that a client VM sends to the RKP VM for
remote attestation and adjusted the API accordingly as discussed
in the doc go/pvm-remote-attestation

The CSR payload is signed with both the CDI_Leaf_Priv of the
client VM's DICE chain and the attestation key. RKP VM should
verify the signature later with the CDI_Leaf_Pub extracted
from the same DICE chain in the CSR and the attestation public
key.

The new unit tests are added to config at cl/577763874.

Bug: 303807447
Test: run ServiceVmClientTestApp
Test: atest libservice_vm_comm.test
Test: atest microdroid_manager_test
Change-Id: Ic2c09e7339d9981edda028e2694fa551c911a274
diff --git a/microdroid_manager/aidl/Android.bp b/microdroid_manager/aidl/Android.bp
index 0aa8662..353e9cc 100644
--- a/microdroid_manager/aidl/Android.bp
+++ b/microdroid_manager/aidl/Android.bp
@@ -5,8 +5,12 @@
 aidl_interface {
     name: "android.system.virtualization.payload",
     srcs: ["android/system/virtualization/payload/*.aidl"],
+    imports: ["android.system.virtualizationcommon"],
     unstable: true,
     backend: {
+        java: {
+            enabled: false,
+        },
         rust: {
             enabled: true,
             apex_available: [
diff --git a/microdroid_manager/aidl/android/system/virtualization/payload/IVmPayloadService.aidl b/microdroid_manager/aidl/android/system/virtualization/payload/IVmPayloadService.aidl
index b9a7a64..51796f1 100644
--- a/microdroid_manager/aidl/android/system/virtualization/payload/IVmPayloadService.aidl
+++ b/microdroid_manager/aidl/android/system/virtualization/payload/IVmPayloadService.aidl
@@ -16,11 +16,17 @@
 
 package android.system.virtualization.payload;
 
+import android.system.virtualizationcommon.Certificate;
+
 /**
  * This interface regroups the tasks that payloads delegate to
  * Microdroid Manager for execution.
  */
 interface IVmPayloadService {
+    /** The constants STATUS_* are status code returned by this service. */
+    /** Failed to prepare the CSR and key pair for attestation. */
+    const int STATUS_FAILED_TO_PREPARE_CSR_AND_KEY = 1;
+
     /** Socket name of the service IVmPayloadService. */
     const String VM_PAYLOAD_SERVICE_SOCKET_NAME = "vm_payload_service";
 
@@ -33,6 +39,32 @@
      */
     const String ENCRYPTEDSTORE_MOUNTPOINT = "/mnt/encryptedstore";
 
+    /**
+     * An {@link AttestationResult} holds an attested private key and the remotely
+     * provisioned certificate chain covering its corresponding public key.
+     */
+    parcelable AttestationResult {
+        /**
+         * DER-encoded ECPrivateKey structure specified in [RFC 5915 s3] for the
+         * EC P-256 private key, which is attested.
+         *
+         * The corresponding public key is included in the leaf certificate of
+         * the certificate chain.
+         *
+         * [RFC 5915 s3]: https://datatracker.ietf.org/doc/html/rfc5915#section-3
+         */
+        byte[] privateKey;
+
+        /**
+         * Sequence of DER-encoded X.509 certificates that make up the attestation
+         * key's certificate chain.
+         *
+         * The certificate chain starts with a root certificate and ends with a leaf
+         * certificate covering the attested public key.
+         */
+        Certificate[] certificateChain;
+    }
+
     /** Notifies that the payload is ready to serve. */
     void notifyPayloadReady();
 
@@ -75,7 +107,9 @@
      * serving as proof of the freshness of the result.
      *
      * @param challenge the maximum supported challenge size is 64 bytes.
-     * @return the X.509 encoded certificate.
+     *
+     * @return An {@link AttestationResult} parcelable containing an attested key pair and its
+     *         certification chain.
      */
-    byte[] requestAttestation(in byte[] challenge);
+    AttestationResult requestAttestation(in byte[] challenge);
 }