Implement signature check. Currently, we just have debug keys, and always fail verification on user builds. Production keys will be added later. This CL also includes some helper scripts: - Used to generate debug keys, for the record - To sign data using the debug keys - To verify base64 encoded data, used for debugging Test: atest CtsSignedConfigHostTestCases Note: The test also relies on some other changes going in too; it has been verified with all relevant change in place, but will not pass at HEAD quite yet. Bug: 110509075 Change-Id: I8bd420c44a0a523cbefb21f90c49550c25beb0a6

commit: 96c419f90686ea7f16cde37cf1a137ae6cddf4c6 [log] [tgz]
author: Mathew Inwood <mathewi@google.com> Tue Dec 04 11:52:42 2018 +0000
committer: Mathew Inwood <mathewi@google.com> Tue Dec 11 17:06:27 2018 +0000
tree: 621d63aa561fb72a4ca02d5fb2c8e6adf06686c0
parent: 9a7fdeb32beab2863f234941773c2bc77cd9bd4c [diff] [blame]
diff --git a/tools/signedconfig/debug_sign.sh b/tools/signedconfig/debug_sign.sh
new file mode 100755
index 0000000..28e5428
--- /dev/null
+++ b/tools/signedconfig/debug_sign.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+# Script to sign data with the debug keys. Outputs base64 for embedding into
+# APK metadata.
+
+openssl dgst -sha256 -sign $(dirname $0)/debug_key.pem  $1 | base64 -w 0
+echo
commit	96c419f90686ea7f16cde37cf1a137ae6cddf4c6	[log] [tgz]
author	Mathew Inwood <mathewi@google.com>	Tue Dec 04 11:52:42 2018 +0000
committer	Mathew Inwood <mathewi@google.com>	Tue Dec 11 17:06:27 2018 +0000
tree	621d63aa561fb72a4ca02d5fb2c8e6adf06686c0
parent	9a7fdeb32beab2863f234941773c2bc77cd9bd4c [diff] [blame]