1; CDDL for the CSR sent from the client VM to the RKP VM for pVM remote attestation. 2 3Csr = [ 4 DiceCertChain, ; The DICE chain containing measurement of the client VM. See 5 ; keymint/generateCertificateRequestV2.cddl for the DiceCertChain 6 ; definition. 7 SignedData, 8] 9 10; COSE_Sign [RFC9052 s4.1] 11SignedData = [ 12 protected: {}, ; The signing algorithms are specified in each signature 13 ; separately. 14 unprotected: {}, 15 payload: bstr .cbor CsrPayload, 16 Signatures, 17] 18 19CsrPayload = [ ; CBOR Array defining the payload for CSR 20 challenge: bstr .size (0..64), ; The challenge is provided by the client server. 21 ; It will be included in the certificate chain in the 22 ; attestation result, serving as proof of the freshness 23 ; of the result. 24 PublicKey, ; COSE_Key encoded EC P-256 public key [ RFC9053 s7.1.1 ] 25 ; to be attested. See keymint/PublicKey.cddl for the 26 ; definition, the test flag `-70000` is never used. 27] 28 29Signatures = [ 30 dice_cdi_leaf_signature: COSE_Signature_Dice_Cdi_Leaf, 31 attestation_key_signature: COSE_Signature_Attestation_Key, 32] 33 34; COSE_Signature [RFC9052 s4.1] 35COSE_Signature_Dice_Cdi_Leaf = [ 36 protected: bstr .cbor { 1: AlgorithmEdDSA / AlgorithmES256 / AlgorithmES384 }, 37 unprotected: {}, 38 signature: bstr, ; PureEd25519(CDI_Leaf_Priv, SigStruct) 39 ; ECDSA(CDI_Leaf_Priv, SigStruct) 40] 41 42; COSE_Signature [RFC9052 s4.1] 43COSE_Signature_Attestation_Key = [ 44 protected: bstr .cbor { 1: AlgorithmES256 }, 45 unprotected: {}, 46 signature: bstr, ; ECDSA(PrivateKey, SigStruct) 47] 48 49; Sig_structure for SignedData [ RFC9052 s4.4 ] 50SigStruct = { 51 context: "Signature", 52 external_aad: bstr .size 0, 53 payload: bstr .cbor CsrPayload, 54} 55 56; ASN.1 DER-encoded EC P-256 ECPrivateKey [ RFC 5915 s3 ]: 57; ECPrivateKey ::= SEQUENCE { 58; version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), 59; privateKey OCTET STRING, 60; parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, 61; publicKey [1] BIT STRING OPTIONAL 62;} 63PrivateKey = bstr 64