Implement signature check. Currently, we just have debug keys, and always fail verification on user builds. Production keys will be added later. This CL also includes some helper scripts: - Used to generate debug keys, for the record - To sign data using the debug keys - To verify base64 encoded data, used for debugging Test: atest CtsSignedConfigHostTestCases Note: The test also relies on some other changes going in too; it has been verified with all relevant change in place, but will not pass at HEAD quite yet. Bug: 110509075 Change-Id: I8bd420c44a0a523cbefb21f90c49550c25beb0a6

commit: 96c419f90686ea7f16cde37cf1a137ae6cddf4c6 [log] [tgz]
author: Mathew Inwood <mathewi@google.com> Tue Dec 04 11:52:42 2018 +0000
committer: Mathew Inwood <mathewi@google.com> Tue Dec 11 17:06:27 2018 +0000
tree: 621d63aa561fb72a4ca02d5fb2c8e6adf06686c0
parent: 9a7fdeb32beab2863f234941773c2bc77cd9bd4c [diff] [blame]
diff --git a/tools/signedconfig/gen_priv_key.sh b/tools/signedconfig/gen_priv_key.sh
new file mode 100755
index 0000000..834c86b
--- /dev/null
+++ b/tools/signedconfig/gen_priv_key.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# This script acts as a record of how the debug key was generated. There should
+# be no need to run it again.
+
+openssl ecparam -name prime256v1 -genkey -noout -out debug_key.pem
+openssl ec -in debug_key.pem -pubout -out debug_public.pem
commit	96c419f90686ea7f16cde37cf1a137ae6cddf4c6	[log] [tgz]
author	Mathew Inwood <mathewi@google.com>	Tue Dec 04 11:52:42 2018 +0000
committer	Mathew Inwood <mathewi@google.com>	Tue Dec 11 17:06:27 2018 +0000
tree	621d63aa561fb72a4ca02d5fb2c8e6adf06686c0
parent	9a7fdeb32beab2863f234941773c2bc77cd9bd4c [diff] [blame]