[dice] Read the COSE key algorithm from DICE library
Instead of hard-coding it.
This allows users to use different types of keys underneath as
needed.
Bug: 342333212
Test: atest VmAttestationTest
Change-Id: I2751cbda79c1f8bd7980ac3ddcae6a9a5922b682
diff --git a/service_vm/requests/src/rkp.rs b/service_vm/requests/src/rkp.rs
index 4f2262f..aa363e5 100644
--- a/service_vm/requests/src/rkp.rs
+++ b/service_vm/requests/src/rkp.rs
@@ -26,8 +26,10 @@
value::{CanonicalValue, Value},
};
use core::result;
-use coset::{iana, AsCborValue, CoseSign1, CoseSign1Builder, HeaderBuilder};
-use diced_open_dice::{derive_cdi_leaf_priv, kdf, sign, DiceArtifacts, PrivateKey};
+use coset::{AsCborValue, CoseSign1, CoseSign1Builder, HeaderBuilder};
+use diced_open_dice::{
+ derive_cdi_leaf_priv, kdf, sign, DiceArtifacts, PrivateKey, DICE_COSE_KEY_ALG_VALUE,
+};
use log::{debug, error};
use service_vm_comm::{EcdsaP256KeyPair, GenerateCertificateRequestParams, RequestProcessingError};
use zeroize::Zeroizing;
@@ -151,8 +153,8 @@
error!("Failed to derive the CDI_Leaf_Priv: {e}");
RequestProcessingError::InternalError
})?;
- let signing_algorithm = iana::Algorithm::EdDSA;
- let protected = HeaderBuilder::new().algorithm(signing_algorithm).build();
+ let dice_key_alg = cbor_util::dice_cose_key_alg(DICE_COSE_KEY_ALG_VALUE)?;
+ let protected = HeaderBuilder::new().algorithm(dice_key_alg).build();
let signed_data = CoseSign1Builder::new()
.protected(protected)
.payload(cbor_util::serialize(payload)?)