[service-vm] Deserialize CBOR-encoded CSR byte array into struct
This CL deserializes the CBOR-encoded CSR provided as a param for
VM attestation into a `Csr` struct.
It also extracts the CSR/attestation key generation function from
microdroid into a standalone library so that we can reuse it in
e2e tests.
The new test target has been added to the busytown config at
cl/581170242.
Test: atest rialto_test
Bug: 309440321
Change-Id: Idbfadd0418822bdf46d6764b9db484f4865aa267
diff --git a/rialto/Android.bp b/rialto/Android.bp
index 326f6fc..28c261e 100644
--- a/rialto/Android.bp
+++ b/rialto/Android.bp
@@ -109,6 +109,8 @@
"libandroid_logger",
"libanyhow",
"libciborium",
+ "libclient_vm_csr",
+ "libdiced_sample_inputs",
"liblibc",
"liblog_rust",
"libservice_vm_comm",
diff --git a/rialto/tests/test.rs b/rialto/tests/test.rs
index 53be583..0f59350 100644
--- a/rialto/tests/test.rs
+++ b/rialto/tests/test.rs
@@ -23,6 +23,7 @@
};
use anyhow::{bail, Context, Result};
use ciborium::value::Value;
+use client_vm_csr::generate_attestation_key_and_csr;
use log::info;
use service_vm_comm::{
ClientVmAttestationParams, EcdsaP256KeyPair, GenerateCertificateRequestParams, Request,
@@ -110,8 +111,18 @@
}
fn check_attestation_request(vm: &mut ServiceVm, key_blob: &[u8]) -> Result<()> {
- let params =
- ClientVmAttestationParams { csr: vec![], remotely_provisioned_key_blob: key_blob.to_vec() };
+ /// The following data was generated randomly with urandom.
+ const CHALLENGE: [u8; 16] = [
+ 0x7d, 0x86, 0x58, 0x79, 0x3a, 0x09, 0xdf, 0x1c, 0xa5, 0x80, 0x80, 0x15, 0x2b, 0x13, 0x17,
+ 0x5c,
+ ];
+ let dice_artifacts = diced_sample_inputs::make_sample_bcc_and_cdis()?;
+ let attestation_data = generate_attestation_key_and_csr(&CHALLENGE, &dice_artifacts)?;
+
+ let params = ClientVmAttestationParams {
+ csr: attestation_data.csr.into_cbor_vec()?,
+ remotely_provisioned_key_blob: key_blob.to_vec(),
+ };
let request = Request::RequestClientVmAttestation(params);
let response = vm.process_request(request)?;