On-device signing binary.
This is a first version of the on-device signing binary, that will be
used to sign ART compilation artifacts on an ART mainline module update.
The following basic functionality is implemented:
1) Creating a signing key (though not an early-boot key yet, because
those are broken on cuttlefish)
2) Creating an X.509 certificate from that key
3) Adding said certificate to the fs-verity keychain
4) Verify existing artifacts are in fs-verity (and delete them if
they're not)
5) Call odrefresh --check to have ART verify the artifacts are fresh and
correct
6) Call odrefresh --compile if they're not
7) Add generated output files to fs-verity
Important things left to do (not an exhaustive list):
1) Verify the key characteristics (eg, early-boot key)
2) Add a "manifest" file that records the signed files and their root
hashes; this will prevent us from accepting any random fs-verity file
3) Add a property or other signal to tell Zygote "we think these
artifacts are safe to use"
4) Migrate to keystore2 (once available)
Bug: 165630556
Test: Run odsign as root
Change-Id: I8aa09914d76f20f30c2093961271202fe7add711
diff --git a/ondevice-signing/KeymasterSigningKey.h b/ondevice-signing/KeymasterSigningKey.h
new file mode 100644
index 0000000..7631059
--- /dev/null
+++ b/ondevice-signing/KeymasterSigningKey.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <android-base/macros.h>
+#include <android-base/result.h>
+#include <android-base/unique_fd.h>
+
+#include <utils/StrongPointer.h>
+
+#include "Keymaster.h"
+
+class KeymasterSigningKey {
+ using KmDevice = ::android::hardware::keymaster::V4_1::IKeymasterDevice;
+
+ public:
+ // Allow the key to be moved around
+ KeymasterSigningKey& operator=(KeymasterSigningKey&& other) = default;
+ KeymasterSigningKey(KeymasterSigningKey&& other) = default;
+
+ static android::base::Result<KeymasterSigningKey>
+ loadFromBlobAndVerify(const std::string& path);
+ static android::base::Result<KeymasterSigningKey> createNewKey();
+
+ /* Sign a message with an initialized signing key */
+ android::base::Result<std::string> sign(const std::string& message) const;
+ android::base::Result<void> saveKeyblob(const std::string& path) const;
+ android::base::Result<std::vector<uint8_t>> getPublicKey() const;
+ android::base::Result<void> createX509Cert(const std::string& path) const;
+
+ private:
+ KeymasterSigningKey();
+
+ android::base::Result<void> createSigningKey();
+ android::base::Result<void> initializeFromKeyblob(const std::string& path);
+
+ std::optional<Keymaster> mKeymaster;
+ std::vector<uint8_t> mVerifiedKeyBlob;
+
+ DISALLOW_COPY_AND_ASSIGN(KeymasterSigningKey);
+};