223a7468cc
Implement our own keypair generation and signing (using BoringSSL) and our own private key blob protection (using Ring). This includes replacing the old compos_key_service with the new signing_key. Use DICE as the source of the VM secret used to protect the private key instead of assuming keystore has one. Changed compsvc to return the RSAPublicKey directly. Previously we returned the self-signed cert from Keystore, and composd then extracted the public key. As a result composd no longer needs any native helper code to call BoringSSL; however now compsvc does. Removed similarly redundant key-extraction code from compos_key_cmd. Create SystemRandom when we need it rather than having it as a field; it's stateless anyway. Bug: 214233409 Test: atest ComposKeyTestCase compsvc_device_tests Change-Id: I8b14fe2acdf43f49d45e2d32d4b6f482bd420eee |
||
|---|---|---|
| .. | ||
| Android.bp | ||
| lib.rs | ||