android_packages_modules_Virtualization

Commit Graph

Author	SHA1	Message	Date
Andrew Scull	7c6e4185bb	Simplify compos key handling The new interface to the VM instance secrets already provides a context-specific secret so it can be used directly as the seed for the key without requiring another derivation. Bug: 243514248 Test: atest ComposHostTestCases Test: atest compos_key_tests Change-Id: Ibbff27cc6e4e8f499bf70ff6ce171f6cd7765288	2022-10-10 21:17:11 +00:00
Alan Stokes	16fb8555e8	Rewrite key management & signing Extend compos_helper to support signing, use it from CompOS. Expose the public key from the VM. Rename compos_verify_key to compos_verify and get it to verify the signature against the current instance's public key. Also move DICE access to compos_key_main. There's no use having it in the library - neither the tests nor compos_verify can use it - and it complicates the build rules. There's a lot more that can be deleted, but I'll do that in a follow-up; this is big enough already. Bug: 218494522 Test: atest CompOsSigningHostTest CompOsDenialHostTest Change-Id: I2d71f68a595d5ddadb2e7b16937fa6855f5db0ab	2022-02-17 16:58:32 +00:00
Alan Stokes	38221fa1ac	Add compos_key_helper Create a small library to do key-related operations (derive, sign, verify). Add tests. Create a small standlone executable to expose these functions. Bug: 218494522 Test: atest compos_key_tests Change-Id: I5c984178b822510fd32784d01cf4322e592e5d2a	2022-02-10 16:42:53 +00:00

Author

SHA1

Message

Date

Andrew Scull

7c6e4185bb

Simplify compos key handling

The new interface to the VM instance secrets already provides a
context-specific secret so it can be used directly as the seed for the
key without requiring another derivation.

Bug: 243514248
Test: atest ComposHostTestCases
Test: atest compos_key_tests
Change-Id: Ibbff27cc6e4e8f499bf70ff6ce171f6cd7765288

2022-10-10 21:17:11 +00:00

Alan Stokes

16fb8555e8

Rewrite key management & signing

Extend compos_helper to support signing, use it from CompOS.

Expose the public key from the VM. Rename compos_verify_key to
compos_verify and get it to verify the signature against the current
instance's public key.

Also move DICE access to compos_key_main. There's no use having it in
the library - neither the tests nor compos_verify can use it - and it
complicates the build rules.

There's a lot more that can be deleted, but I'll do that in a
follow-up; this is big enough already.

Bug: 218494522
Test: atest CompOsSigningHostTest CompOsDenialHostTest
Change-Id: I2d71f68a595d5ddadb2e7b16937fa6855f5db0ab

2022-02-17 16:58:32 +00:00

Alan Stokes

38221fa1ac

Add compos_key_helper

Create a small library to do key-related operations (derive, sign,
verify). Add tests.

Create a small standlone executable to expose these functions.

Bug: 218494522
Test: atest compos_key_tests
Change-Id: I5c984178b822510fd32784d01cf4322e592e5d2a

2022-02-10 16:42:53 +00:00

3 Commits