Key blob protection using AEAD Add BlobEncryptor, which can be used to write a secret (like our private key) to an encrypted & authenticated blob and later retrieve it. Added the skeleton of code to make use of this, using the sealing CDI as the input to the key derivation. Bug: 214233409 Test: atest compsvc_device_tests Change-Id: Iea7e82405072a31ae5f7ad64a9e894a970913219

commit: c33d2921c3e6e8afc008b9970696687c74c42041 [log] [tgz]
author: Alan Stokes <alanstokes@google.com> Tue Jan 18 14:17:00 2022 +0000
committer: Alan Stokes <alanstokes@google.com> Mon Jan 24 10:58:15 2022 +0000
tree: 45162b42b8244ce349ecb04eb3d187945f0f7ec7
parent: 2eb528fddc626664649b555757de77323f68de8c [diff] [blame]
diff --git a/compos/src/compsvc_main.rs b/compos/src/compsvc_main.rs
index b4e3128..23a6ed0 100644
--- a/compos/src/compsvc_main.rs
+++ b/compos/src/compsvc_main.rs

@@ -17,11 +17,13 @@
 //! A tool to start a standalone compsvc server that serves over RPC binder.
 
 mod artifact_signer;
+mod blob_encryptor;
 mod compilation;
 mod compos_key_service;
 mod compsvc;
 mod dice;
 mod fsverity;
+mod signing_key;
 
 use android_system_virtualmachineservice::{
     aidl::android::system::virtualmachineservice::IVirtualMachineService::{
commit	c33d2921c3e6e8afc008b9970696687c74c42041	[log] [tgz]
author	Alan Stokes <alanstokes@google.com>	Tue Jan 18 14:17:00 2022 +0000
committer	Alan Stokes <alanstokes@google.com>	Mon Jan 24 10:58:15 2022 +0000
tree	45162b42b8244ce349ecb04eb3d187945f0f7ec7
parent	2eb528fddc626664649b555757de77323f68de8c [diff] [blame]