Add signing command for testing.
Extend the AIDL to allow for signing. This will need to be backed out
before shipping, but it's needed for testing right now.
Add a command to sign a set of files to compos_key_cmd & write the
signature files.
Move compos_key_cmd from virt to compos APEX. (We're definitely going
to need this code in CompOS in some form, so might as well make sure
all the dependencies are available.)
Bug: 190166662
Test: Manual: Sign artifacts, check odsign accepts them.
Change-Id: I25361ed0bee52a9ff13924c77d9378efe8bfd314
diff --git a/compos/aidl/Android.bp b/compos/aidl/Android.bp
index 07bec09..4d36d3d 100644
--- a/compos/aidl/Android.bp
+++ b/compos/aidl/Android.bp
@@ -17,7 +17,7 @@
},
ndk: {
apex_available: [
- "com.android.virt",
+ "com.android.compos",
],
},
},
diff --git a/compos/aidl/com/android/compos/ICompOsKeyService.aidl b/compos/aidl/com/android/compos/ICompOsKeyService.aidl
index 2ddae58..a2ff917 100644
--- a/compos/aidl/com/android/compos/ICompOsKeyService.aidl
+++ b/compos/aidl/com/android/compos/ICompOsKeyService.aidl
@@ -37,4 +37,15 @@
* @return whether the inputs are valid and correspond to each other.
*/
boolean verifySigningKey(in byte[] keyBlob, in byte[] publicKey);
+
+ /**
+ * Use the supplied encrypted private key to sign some data.
+ *
+ * @param keyBlob The encrypted blob containing the private key, as returned by
+ * generateSigningKey().
+ * @param data The data to be signed. (Large data sizes may cause failure.)
+ * @return the signature.
+ */
+ // STOPSHIP(b/193241041): We must not expose this from the PVM.
+ byte[] sign(in byte[] keyBlob, in byte[] data);
}