Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 223a7468ccda020f125551f39c081d399073b3a2^! / . / compos / src / compsvc.rs
commit223a7468ccda020f125551f39c081d399073b3a2[log] [tgz]
authorAlan Stokes <alanstokes@google.com>Thu Jan 20 14:12:24 2022 +0000
committerAlan Stokes <alanstokes@google.com>Mon Jan 24 14:08:47 2022 +0000
treebb188fa9f8ee6afbaf236aaabfeb970dbad2856d
parentc33d2921c3e6e8afc008b9970696687c74c42041 [diff] [blame]
Migrate off keystore

Implement our own keypair generation and signing (using BoringSSL) and
our own private key blob protection (using Ring). This includes
replacing the old compos_key_service with the new signing_key.

Use DICE as the source of the VM secret used to protect the private
key instead of assuming keystore has one.

Changed compsvc to return the RSAPublicKey directly. Previously we
returned the self-signed cert from Keystore, and composd then
extracted the public key. As a result composd no longer needs any
native helper code to call BoringSSL; however now compsvc does.

Removed similarly redundant key-extraction code from compos_key_cmd.

Create SystemRandom when we need it rather than having it as a field;
it's stateless anyway.

Bug: 214233409
Test: atest ComposKeyTestCase compsvc_device_tests
Change-Id: I8b14fe2acdf43f49d45e2d32d4b6f482bd420eee

diff --git a/compos/src/compsvc.rs b/compos/src/compsvc.rs
index 60e77a7..e4cdb40 100644
--- a/compos/src/compsvc.rs
+++ b/compos/src/compsvc.rs

@@ -27,8 +27,7 @@
 use std::sync::RwLock;
 
 use crate::compilation::{odrefresh, OdrefreshContext};
-use crate::compos_key_service::{CompOsKeyService, Signer};
-use crate::dice::Dice;
+use crate::signing_key::{Signer, SigningKey};
 use authfs_aidl_interface::aidl::com::android::virt::fs::IAuthFsService::IAuthFsService;
 use compos_aidl_interface::aidl::com::android::compos::{
     CompOsKeyData::CompOsKeyData,
@@ -45,8 +44,7 @@
 pub fn new_binder() -> Result<Strong<dyn ICompOsService>> {
     let service = CompOsService {
         odrefresh_path: PathBuf::from(ODREFRESH_PATH),
-        key_service: CompOsKeyService::new()?,
-        dice: Dice::new()?,
+        signing_key: SigningKey::new()?,
         key_blob: RwLock::new(Vec::new()),
     };
     Ok(BnCompOsService::new_binder(service, BinderFeatures::default()))
@@ -54,8 +52,7 @@
 
 struct CompOsService {
     odrefresh_path: PathBuf,
-    key_service: CompOsKeyService,
-    dice: Dice,
+    signing_key: SigningKey,
     key_blob: RwLock<Vec<u8>>,
 }
 
@@ -65,13 +62,9 @@
         if key.is_empty() {
             Err(new_binder_exception(ExceptionCode::ILLEGAL_STATE, "Key is not initialized"))
         } else {
-            Ok(self.key_service.new_signer(key))
+            Ok(self.signing_key.new_signer(key))
         }
     }
-
-    fn get_boot_certificate_chain(&self) -> Result<Vec<u8>> {
-        self.dice.get_boot_certificate_chain()
-    }
 }
 
 impl Interface for CompOsService {}
@@ -114,11 +107,11 @@
     }
 
     fn generateSigningKey(&self) -> BinderResult<CompOsKeyData> {
-        to_binder_result(self.key_service.generate())
+        to_binder_result(self.signing_key.generate())
     }
 
     fn verifySigningKey(&self, key_blob: &[u8], public_key: &[u8]) -> BinderResult<bool> {
-        Ok(if let Err(e) = self.key_service.verify(key_blob, public_key) {
+        Ok(if let Err(e) = self.signing_key.verify(key_blob, public_key) {
             warn!("Signing key verification failed: {:?}", e);
             false
         } else {
@@ -127,7 +120,7 @@
     }
 
     fn getBootCertificateChain(&self) -> BinderResult<Vec<u8>> {
-        to_binder_result(self.get_boot_certificate_chain())
+        to_binder_result(self.signing_key.get_boot_certificate_chain())
     }
 }