identity: Add to support KM RKP

Add support to use KM RKP key to sign identity credential key.

Bug: 218613398
Change-Id: Ie331399737303b4302aa995bfbdbb66cf4095e9e
Reviewed-on: https://nugget-os-review.googlesource.com/c/host/generic/+/49925
Tested-by: Joseph Jang <josephjang@google.com>
Presubmit-Verified: TreeHugger Robot <android-build-prod@system.gserviceaccount.com>
Reviewed-by: Seth Moore <sethmo@google.com>
Reviewed-by: Bill Richardson <wfrichar@google.com>

1 files changed, 2 insertions, 0 deletions

diff --git a/nugget/proto/nugget/app/keymaster/keymaster.proto b/nugget/proto/nugget/app/keymaster/keymaster.proto
index 430cec2..67f464a 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster.proto
+++ b/nugget/proto/nugget/app/keymaster/keymaster.proto
@@ -557,6 +557,7 @@ message IdentityStartAttestKeyRequest {
   bytes not_after = 6;       // strftime('%y%m%d%H%M%SZ') [15 octects]
   uint64 creation_time_ms = 7;      // Rough current time (ms since epoch).
   bool use_km_attest_key = 8;
+  bytes caller_issuer_subj_name = 9;
 }
 message IdentityStartAttestKeyResponse {
   ErrorCode error_code = 1;
@@ -568,6 +569,7 @@ message IdentityStartAttestKeyResponse {
 message IdentityFinishAttestKeyRequest {
   OperationHandle handle = 1;
   bool use_km_attest_key = 2;
+  KeyBlob caller_blob = 3;
 }
 message IdentityFinishAttestKeyResponse {
   ErrorCode error_code = 1;