[attestation] Validate DICE chain signatures and CSR signature With subject public keys in the DICE certificates. A wrapper has been added around ED25519_verify to support ED25519 signature verification. The existing EVP_PKEY is not used because the verification with EVP_PKEY requires converting the ED25519 public key to EVP_PKEY. This conversion with EVP_PKEY_new_raw_public_key increases the rialto image size by an extra 90KB. Bug: 314266221 Bug: 310931749 Test: atest rialto_test Change-Id: I82cc58441b4f4730e46e9de7a0efa03959d8d137

commit: 3397b360b2614bfbe6340b55365a7aa4764e95c6 [log] [tgz]
author: Alice Wang <aliceywang@google.com> Fri Dec 01 13:57:10 2023 +0000
committer: Alice Wang <aliceywang@google.com> Wed Dec 13 08:46:59 2023 +0000
tree: 1c101c6a17343eb731c02445ab27d2a0426927a3
parent: d870b20f46c81d4251a497b7699616f6719175eb [diff] [blame]
diff --git a/libs/bssl/src/lib.rs b/libs/bssl/src/lib.rs
index a420168..ad51b61 100644
--- a/libs/bssl/src/lib.rs
+++ b/libs/bssl/src/lib.rs

@@ -21,6 +21,7 @@
 mod aead;
 mod cbb;
 mod cbs;
+mod curve25519;
 mod digest;
 mod ec_key;
 mod err;
@@ -36,6 +37,7 @@
 pub use aead::{Aead, AeadContext, AES_GCM_NONCE_LENGTH};
 pub use cbb::CbbFixed;
 pub use cbs::Cbs;
+pub use curve25519::ed25519_verify;
 pub use digest::Digester;
 pub use ec_key::{EcKey, ZVec};
 pub use evp::{PKey, PKeyType};
commit	3397b360b2614bfbe6340b55365a7aa4764e95c6	[log] [tgz]
author	Alice Wang <aliceywang@google.com>	Fri Dec 01 13:57:10 2023 +0000
committer	Alice Wang <aliceywang@google.com>	Wed Dec 13 08:46:59 2023 +0000
tree	1c101c6a17343eb731c02445ab27d2a0426927a3
parent	d870b20f46c81d4251a497b7699616f6719175eb [diff] [blame]