Implement our own keypair generation and signing (using BoringSSL) and
our own private key blob protection (using Ring). This includes
replacing the old compos_key_service with the new signing_key.
Use DICE as the source of the VM secret used to protect the private
key instead of assuming keystore has one.
Changed compsvc to return the RSAPublicKey directly. Previously we
returned the self-signed cert from Keystore, and composd then
extracted the public key. As a result composd no longer needs any
native helper code to call BoringSSL; however now compsvc does.
Removed similarly redundant key-extraction code from compos_key_cmd.
Create SystemRandom when we need it rather than having it as a field;
it's stateless anyway.
Bug: 214233409
Test: atest ComposKeyTestCase compsvc_device_tests
Change-Id: I8b14fe2acdf43f49d45e2d32d4b6f482bd420eee
Output files are staged until they are fully generated, then move to the
final location. The staging directory has a different SELinux context to
prevent misuse, and should change when it's moved to the final
directory.
This change makes composd to follow the same setup, using libartpalette.
As a result, the output are no longer stored in CompOS's own apexdata
(which was not intentional).
This change does not use bindgen, which seems have some difficulty to
bridge `const char**` correctly. Neither cxx, since it doesn't seem to
simplify the (already simple) call.
Bug: 205750213
Test: See odrefresh produces output in the staging directory
Change-Id: Ifc97b31a98052a31209556449d1642089a8c0e2e
Compsvc returns a self-signed cert (from Keystore), but we only want
the public key. Extracting this in Rust is non-trivial, so instead we
use existing support in BoringSSL in native code. (The details are
copied from compos_key_cmd.cpp, which in turn were copied from the
now-deleted FakeCompOS in odsign.)
We could alternatively do this in compsvc itself, but I was slightly
more reluctant to introduce native code there.
Bug: 186126194
Test: Run composd_cmd twice, check it accepts the key pair it generated.
Change-Id: I3faab9a7ada149d7f2776c2fb4d2656837c95e6f