Add code to bulk-sign artifacts
This isn't wired up yet - we need to be able to iterate over AuthFs
directories, but that's coming soon.
Import the OdsignInfo proto, which contains the map of filenames and
digests, and provide a way to build it from a set of artifact files
and write it along with its signature.
Also remove the old Signer trait (which is unused), and a couple of
small refactorings.
Bug: 161471326
Test: Builds
Change-Id: I37fccb1f2ca4fa1ea3006185d9f805d668252e2a
diff --git a/compos/src/compos_key_service.rs b/compos/src/compos_key_service.rs
index 4a1566d..f6caac9 100644
--- a/compos/src/compos_key_service.rs
+++ b/compos/src/compos_key_service.rs
@@ -77,7 +77,7 @@
})
}
- pub fn do_generate(&self) -> Result<CompOsKeyData> {
+ pub fn generate(&self) -> Result<CompOsKeyData> {
let key_descriptor = BLOB_KEY_DESCRIPTOR;
let key_parameters =
[PURPOSE_SIGN, ALGORITHM, PADDING, DIGEST, KEY_SIZE, EXPONENT, NO_AUTH_REQUIRED];
@@ -97,11 +97,11 @@
}
}
- pub fn do_verify(&self, key_blob: &[u8], public_key: &[u8]) -> Result<()> {
+ pub fn verify(&self, key_blob: &[u8], public_key: &[u8]) -> Result<()> {
let mut data = [0u8; 32];
self.random.fill(&mut data).context("No random data")?;
- let signature = self.do_sign(key_blob, &data)?;
+ let signature = self.sign(key_blob, &data)?;
let public_key =
signature::UnparsedPublicKey::new(&signature::RSA_PKCS1_2048_8192_SHA256, public_key);
@@ -110,7 +110,7 @@
Ok(())
}
- pub fn do_sign(&self, key_blob: &[u8], data: &[u8]) -> Result<Vec<u8>> {
+ pub fn sign(&self, key_blob: &[u8], data: &[u8]) -> Result<Vec<u8>> {
let key_descriptor = KeyDescriptor { blob: Some(key_blob.to_vec()), ..BLOB_KEY_DESCRIPTOR };
let operation_parameters = [PURPOSE_SIGN, ALGORITHM, PADDING, DIGEST];
let forced = false;