[rkp] Encrypt/decrypt the private key with AES-256-GCM This cl implements the private key encryption and decryption with AES-256-GCM. The KEK is derived from the sealing CDI with a random salt generated with TRNG. The test is added to the busy town config at cl/570947834. Bug: 279425980 Test: atest rialto_test Test: atest libservice_vm_requests.test Change-Id: I214ee37c64cb8508083b02376c8a398ca6049e3b

commit: 8b8e6e642eb5d4e277ae9911f91dd5f842479cd7 [log] [tgz]
author: Alice Wang <aliceywang@google.com> Mon Oct 02 09:10:13 2023 +0000
committer: Alice Wang <aliceywang@google.com> Fri Oct 06 11:48:36 2023 +0000
tree: 12fa0f92ced4e61ab679ade32cefce8017519a70
parent: facc2b82cfd8935532a591a5bf09218e6f2a754f [diff]
diff --git a/rialto/tests/test.rs b/rialto/tests/test.rs
index 6a6dcf4..ee7ecb4 100644
--- a/rialto/tests/test.rs
+++ b/rialto/tests/test.rs

@@ -77,8 +77,9 @@
     info!("Received response: {response:?}.");
 
     match response {
-        Response::GenerateEcdsaP256KeyPair(EcdsaP256KeyPair { maced_public_key, .. }) => {
-            assert_array_has_nonzero(&maced_public_key[..]);
+        Response::GenerateEcdsaP256KeyPair(EcdsaP256KeyPair { maced_public_key, key_blob }) => {
+            assert_array_has_nonzero(&maced_public_key);
+            assert_array_has_nonzero(&key_blob);
             Ok(maced_public_key)
         }
         _ => bail!("Incorrect response type: {response:?}"),
commit	8b8e6e642eb5d4e277ae9911f91dd5f842479cd7	[log] [tgz]
author	Alice Wang <aliceywang@google.com>	Mon Oct 02 09:10:13 2023 +0000
committer	Alice Wang <aliceywang@google.com>	Fri Oct 06 11:48:36 2023 +0000
tree	12fa0f92ced4e61ab679ade32cefce8017519a70
parent	facc2b82cfd8935532a591a5bf09218e6f2a754f [diff]