Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 16fb8555e8a8e39a7339f7a29f2e3c4aea918d7d^! / . / compos / verify / native / verify_native.cpp
commit16fb8555e8a8e39a7339f7a29f2e3c4aea918d7d[log] [tgz]
authorAlan Stokes <alanstokes@google.com>Thu Feb 10 15:07:27 2022 +0000
committerAlan Stokes <alanstokes@google.com>Thu Feb 17 16:58:32 2022 +0000
treebb85000ec0f7df1fe64b933a211c77952ae82240
parentdcff1e7e2330ec7f83ad5e620aaa8c41d0663499 [diff] [blame]
Rewrite key management & signing

Extend compos_helper to support signing, use it from CompOS.

Expose the public key from the VM. Rename compos_verify_key to
compos_verify and get it to verify the signature against the current
instance's public key.

Also move DICE access to compos_key_main. There's no use having it in
the library - neither the tests nor compos_verify can use it - and it
complicates the build rules.

There's a lot more that can be deleted, but I'll do that in a
follow-up; this is big enough already.

Bug: 218494522
Test: atest CompOsSigningHostTest CompOsDenialHostTest
Change-Id: I2d71f68a595d5ddadb2e7b16937fa6855f5db0ab

diff --git a/compos/verify/native/verify_native.cpp b/compos/verify/native/verify_native.cpp
new file mode 100644
index 0000000..2c43d95
--- /dev/null
+++ b/compos/verify/native/verify_native.cpp

@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "verify_native.h"
+
+#include <compos_key.h>
+
+using rust::Slice;
+
+bool verify(Slice<const uint8_t> public_key, Slice<const uint8_t> signature,
+            Slice<const uint8_t> data) {
+    compos_key::PublicKey public_key_array;
+    compos_key::Signature signature_array;
+
+    if (public_key.size() != public_key_array.size() ||
+        signature.size() != signature_array.size()) {
+        return false;
+    }
+
+    std::copy(public_key.begin(), public_key.end(), public_key_array.begin());
+    std::copy(signature.begin(), signature.end(), signature_array.begin());
+
+    return compos_key::verify(public_key_array, signature_array, data.data(), data.size());
+}