[rkp] Encrypt/decrypt the private key with AES-256-GCM This cl implements the private key encryption and decryption with AES-256-GCM. The KEK is derived from the sealing CDI with a random salt generated with TRNG. The test is added to the busy town config at cl/570947834. Bug: 279425980 Test: atest rialto_test Test: atest libservice_vm_requests.test Change-Id: I214ee37c64cb8508083b02376c8a398ca6049e3b

commit: 8b8e6e642eb5d4e277ae9911f91dd5f842479cd7 [log] [tgz]
author: Alice Wang <aliceywang@google.com> Mon Oct 02 09:10:13 2023 +0000
committer: Alice Wang <aliceywang@google.com> Fri Oct 06 11:48:36 2023 +0000
tree: 12fa0f92ced4e61ab679ade32cefce8017519a70
parent: facc2b82cfd8935532a591a5bf09218e6f2a754f [diff] [blame]
diff --git a/libs/bssl/src/lib.rs b/libs/bssl/src/lib.rs
index 898e16c..ba4ec1f 100644
--- a/libs/bssl/src/lib.rs
+++ b/libs/bssl/src/lib.rs

@@ -25,13 +25,15 @@
 mod err;
 mod hkdf;
 mod hmac;
+mod rand;
 mod util;
 
 pub use bssl_avf_error::{ApiName, CipherError, Error, ReasonCode, Result};
 
-pub use aead::{Aead, AeadCtx};
+pub use aead::{Aead, AeadCtx, AES_GCM_NONCE_LENGTH};
 pub use cbb::CbbFixed;
 pub use digest::Digester;
 pub use ec_key::{EcKey, ZVec};
 pub use hkdf::hkdf;
 pub use hmac::hmac_sha256;
+pub use rand::rand_bytes;
commit	8b8e6e642eb5d4e277ae9911f91dd5f842479cd7	[log] [tgz]
author	Alice Wang <aliceywang@google.com>	Mon Oct 02 09:10:13 2023 +0000
committer	Alice Wang <aliceywang@google.com>	Fri Oct 06 11:48:36 2023 +0000
tree	12fa0f92ced4e61ab679ade32cefce8017519a70
parent	facc2b82cfd8935532a591a5bf09218e6f2a754f [diff] [blame]