android_packages_modules_Virtualization

Commit Graph

Author	SHA1	Message	Date
Alan Stokes	223a7468cc	Migrate off keystore Implement our own keypair generation and signing (using BoringSSL) and our own private key blob protection (using Ring). This includes replacing the old compos_key_service with the new signing_key. Use DICE as the source of the VM secret used to protect the private key instead of assuming keystore has one. Changed compsvc to return the RSAPublicKey directly. Previously we returned the self-signed cert from Keystore, and composd then extracted the public key. As a result composd no longer needs any native helper code to call BoringSSL; however now compsvc does. Removed similarly redundant key-extraction code from compos_key_cmd. Create SystemRandom when we need it rather than having it as a field; it's stateless anyway. Bug: 214233409 Test: atest ComposKeyTestCase compsvc_device_tests Change-Id: I8b14fe2acdf43f49d45e2d32d4b6f482bd420eee	2022-01-24 14:08:47 +00:00
Victor Hsieh	6fb8b256c1	composd: prepare staging directory w/ libartpalette-system Output files are staged until they are fully generated, then move to the final location. The staging directory has a different SELinux context to prevent misuse, and should change when it's moved to the final directory. This change makes composd to follow the same setup, using libartpalette. As a result, the output are no longer stored in CompOS's own apexdata (which was not intentional). This change does not use bindgen, which seems have some difficulty to bridge `const char**` correctly. Neither cxx, since it doesn't seem to simplify the (already simple) call. Bug: 205750213 Test: See odrefresh produces output in the staging directory Change-Id: Ifc97b31a98052a31209556449d1642089a8c0e2e	2021-12-06 12:15:34 -08:00
Alan Stokes	14f0739a88	Add native code for cert munging. Compsvc returns a self-signed cert (from Keystore), but we only want the public key. Extracting this in Rust is non-trivial, so instead we use existing support in BoringSSL in native code. (The details are copied from compos_key_cmd.cpp, which in turn were copied from the now-deleted FakeCompOS in odsign.) We could alternatively do this in compsvc itself, but I was slightly more reluctant to introduce native code there. Bug: 186126194 Test: Run composd_cmd twice, check it accepts the key pair it generated. Change-Id: I3faab9a7ada149d7f2776c2fb4d2656837c95e6f	2021-09-29 15:31:36 +01:00

Author

SHA1

Message

Date

Alan Stokes

223a7468cc

Migrate off keystore

Implement our own keypair generation and signing (using BoringSSL) and
our own private key blob protection (using Ring). This includes
replacing the old compos_key_service with the new signing_key.

Use DICE as the source of the VM secret used to protect the private
key instead of assuming keystore has one.

Changed compsvc to return the RSAPublicKey directly. Previously we
returned the self-signed cert from Keystore, and composd then
extracted the public key. As a result composd no longer needs any
native helper code to call BoringSSL; however now compsvc does.

Removed similarly redundant key-extraction code from compos_key_cmd.

Create SystemRandom when we need it rather than having it as a field;
it's stateless anyway.

Bug: 214233409
Test: atest ComposKeyTestCase compsvc_device_tests
Change-Id: I8b14fe2acdf43f49d45e2d32d4b6f482bd420eee

2022-01-24 14:08:47 +00:00

Victor Hsieh

6fb8b256c1

composd: prepare staging directory w/ libartpalette-system

Output files are staged until they are fully generated, then move to the
final location. The staging directory has a different SELinux context to
prevent misuse, and should change when it's moved to the final
directory.

This change makes composd to follow the same setup, using libartpalette.
As a result, the output are no longer stored in CompOS's own apexdata
(which was not intentional).

This change does not use bindgen, which seems have some difficulty to
bridge `const char**` correctly. Neither cxx, since it doesn't seem to
simplify the (already simple) call.

Bug: 205750213
Test: See odrefresh produces output in the staging directory

Change-Id: Ifc97b31a98052a31209556449d1642089a8c0e2e

2021-12-06 12:15:34 -08:00

Alan Stokes

14f0739a88

Add native code for cert munging.

Compsvc returns a self-signed cert (from Keystore), but we only want
the public key. Extracting this in Rust is non-trivial, so instead we
use existing support in BoringSSL in native code. (The details are
copied from compos_key_cmd.cpp, which in turn were copied from the
now-deleted FakeCompOS in odsign.)

We could alternatively do this in compsvc itself, but I was slightly
more reluctant to introduce native code there.

Bug: 186126194
Test: Run composd_cmd twice, check it accepts the key pair it generated.
Change-Id: I3faab9a7ada149d7f2776c2fb4d2656837c95e6f

2021-09-29 15:31:36 +01:00

3 Commits