Provide a method to verify a PKCS#7 signature
There is existing PKCS#7 signature used in the kernel for verifying
fs-verity digest. The purpose of this change is to pave the way to
migrate the existing signature check to userspace (and longer term,
migrate away from PKCS#7).
To mitigate the complexity of PKCS#7, only the configuration we're
currently using is supported.
Bug: 253668864
Test: atest FrameworksCoreTests:com.android.internal.security.VerityUtilsTest
Test: Manually added some code to use the API with correct and incorrect
signatures. Saw the API behave expectedly.
Change-Id: I80bbbd88881303c0b9a261b1fe59e9682e43bcad
Merged-In: I80bbbd88881303c0b9a261b1fe59e9682e43bcad
4 files changed