Rewrite key management & signing
Extend compos_helper to support signing, use it from CompOS.
Expose the public key from the VM. Rename compos_verify_key to
compos_verify and get it to verify the signature against the current
instance's public key.
Also move DICE access to compos_key_main. There's no use having it in
the library - neither the tests nor compos_verify can use it - and it
complicates the build rules.
There's a lot more that can be deleted, but I'll do that in a
follow-up; this is big enough already.
Bug: 218494522
Test: atest CompOsSigningHostTest CompOsDenialHostTest
Change-Id: I2d71f68a595d5ddadb2e7b16937fa6855f5db0ab
diff --git a/compos/src/compsvc.rs b/compos/src/compsvc.rs
index 5f3ee62..df36ed9 100644
--- a/compos/src/compsvc.rs
+++ b/compos/src/compsvc.rs
@@ -29,6 +29,7 @@
use crate::artifact_signer::ArtifactSigner;
use crate::compilation::{odrefresh, OdrefreshContext};
+use crate::compos_key;
use crate::dice::Dice;
use crate::signing_key::DiceSigningKey;
use authfs_aidl_interface::aidl::com::android::virt::fs::IAuthFsService::IAuthFsService;
@@ -108,8 +109,7 @@
let mut artifact_signer = ArtifactSigner::new(&output_dir);
add_artifacts(&output_dir, &mut artifact_signer)?;
- let signer = to_binder_result(self.signing_key.new_signer(key))?;
- artifact_signer.write_info_and_signature(signer, &output_dir.join("compos.info"))
+ artifact_signer.write_info_and_signature(&output_dir.join("compos.info"))
})
.context("odrefresh failed"),
)?;
@@ -128,6 +128,10 @@
true
})
}
+
+ fn getPublicKey(&self) -> BinderResult<Vec<u8>> {
+ to_binder_result(compos_key::get_public_key())
+ }
}
fn get_authfs_service() -> BinderResult<Strong<dyn IAuthFsService>> {