rk3588-game
/
android13
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
android13/packages/modules/Virtualization/compos/compos_key_helper/compos_key.cpp

64 lines
2.3 KiB
C++
Raw Blame History

/*
* Copyright 2022 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "compos_key.h"
#include <openssl/digest.h>
#include <openssl/hkdf.h>
#include <openssl/mem.h>
using android::base::ErrnoError;
using android::base::Error;
using android::base::Result;
using compos_key::Ed25519KeyPair;
using compos_key::Signature;
// Used to ensure the key we derive is distinct from any other.
constexpr const char* kSigningKeyInfo = "CompOS signing key";
namespace compos_key {
Result<Ed25519KeyPair> deriveKeyFromSecret(const uint8_t* secret, size_t secret_size) {
// Ed25519 private keys are derived from a 32 byte seed:
// https://datatracker.ietf.org/doc/html/rfc8032#section-5.1.5
std::array<uint8_t, 32> seed;
// We derive the seed from the secret using HKDF - see
// https://datatracker.ietf.org/doc/html/rfc5869#section-2.
if (!HKDF(seed.data(), seed.size(), EVP_sha256(), secret, secret_size, /*salt=*/nullptr,
/*salt_len=*/0, reinterpret_cast<const uint8_t*>(kSigningKeyInfo),
strlen(kSigningKeyInfo))) {
return Error() << "HKDF failed";
}
Ed25519KeyPair result;
ED25519_keypair_from_seed(result.public_key.data(), result.private_key.data(), seed.data());
return result;
}
Result<Signature> sign(const PrivateKey& private_key, const uint8_t* data, size_t data_size) {
Signature result;
if (!ED25519_sign(result.data(), data, data_size, private_key.data())) {
return Error() << "Failed to sign";
}
return result;
}
bool verify(const PublicKey& public_key, const Signature& signature, const uint8_t* data,
size_t data_size) {
return ED25519_verify(data, data_size, signature.data(), public_key.data()) == 1;
}
} // namespace compos_key
Reference in New Issue View Git Blame Copy Permalink