[client-vm] Build client VM CSR and sign the CSR with two keys This cl builds the CSR that a client VM sends to the RKP VM for remote attestation and adjusted the API accordingly as discussed in the doc go/pvm-remote-attestation The CSR payload is signed with both the CDI_Leaf_Priv of the client VM's DICE chain and the attestation key. RKP VM should verify the signature later with the CDI_Leaf_Pub extracted from the same DICE chain in the CSR and the attestation public key. The new unit tests are added to config at cl/577763874. Bug: 303807447 Test: run ServiceVmClientTestApp Test: atest libservice_vm_comm.test Test: atest microdroid_manager_test Change-Id: Ic2c09e7339d9981edda028e2694fa551c911a274

commit: 4e3015daaefaac4adbc7b1b2c0d02e3a1556e79c [log] [tgz]
author: Alice Wang <aliceywang@google.com> Tue Oct 10 09:35:37 2023 +0000
committer: Alice Wang <aliceywang@google.com> Wed Nov 08 08:54:39 2023 +0000
tree: 4a0859e91c9f4c361851b1cea2484cdbb3b65bea
parent: 180a7c2907687029b85144a2b34a0860a5495815 [diff] [blame]
diff --git a/service_vm/comm/src/lib.rs b/service_vm/comm/src/lib.rs
index d8f7bd7..0818f24 100644
--- a/service_vm/comm/src/lib.rs
+++ b/service_vm/comm/src/lib.rs

@@ -19,9 +19,11 @@
 
 extern crate alloc;
 
+mod csr;
 mod message;
 mod vsock;
 
+pub use csr::{Csr, CsrPayload};
 pub use message::{
     EcdsaP256KeyPair, GenerateCertificateRequestParams, Request, RequestProcessingError, Response,
     ServiceVmRequest,
commit	4e3015daaefaac4adbc7b1b2c0d02e3a1556e79c	[log] [tgz]
author	Alice Wang <aliceywang@google.com>	Tue Oct 10 09:35:37 2023 +0000
committer	Alice Wang <aliceywang@google.com>	Wed Nov 08 08:54:39 2023 +0000
tree	4a0859e91c9f4c361851b1cea2484cdbb3b65bea
parent	180a7c2907687029b85144a2b34a0860a5495815 [diff] [blame]