Add signing command for testing.
Extend the AIDL to allow for signing. This will need to be backed out
before shipping, but it's needed for testing right now.
Add a command to sign a set of files to compos_key_cmd & write the
signature files.
Move compos_key_cmd from virt to compos APEX. (We're definitely going
to need this code in CompOS in some form, so might as well make sure
all the dependencies are available.)
Bug: 190166662
Test: Manual: Sign artifacts, check odsign accepts them.
Change-Id: I25361ed0bee52a9ff13924c77d9378efe8bfd314
diff --git a/compos/src/compos_key_service.rs b/compos/src/compos_key_service.rs
index 0cbe8de..993ef20 100644
--- a/compos/src/compos_key_service.rs
+++ b/compos/src/compos_key_service.rs
@@ -86,6 +86,11 @@
true
})
}
+
+ fn sign(&self, key_blob: &[u8], data: &[u8]) -> binder::Result<Vec<u8>> {
+ self.do_sign(key_blob, data)
+ .map_err(|e| new_binder_exception(ExceptionCode::ILLEGAL_STATE, e.to_string()))
+ }
}
/// Constructs a new Binder error `Status` with the given `ExceptionCode` and message.
@@ -126,7 +131,7 @@
let mut data = [0u8; 32];
self.random.fill(&mut data).context("No random data")?;
- let signature = self.sign(key_blob, &data)?;
+ let signature = self.do_sign(key_blob, &data)?;
let public_key =
signature::UnparsedPublicKey::new(&signature::RSA_PKCS1_2048_8192_SHA256, public_key);
@@ -135,7 +140,7 @@
Ok(())
}
- fn sign(&self, key_blob: &[u8], data: &[u8]) -> Result<Vec<u8>> {
+ fn do_sign(&self, key_blob: &[u8], data: &[u8]) -> Result<Vec<u8>> {
let key_descriptor = KeyDescriptor { blob: Some(key_blob.to_vec()), ..KEY_DESCRIPTOR };
let operation_parameters = [PURPOSE_SIGN, ALGORITHM, PADDING, DIGEST];
let forced = false;