Make wrapped_key functions availabile

Make import key wrapping functions available so VTS tests can use them. Also fix a small bug in authorization list ASN1 format. Bug: 77588764 Test: VtsHalKeymasterV4_0TargetTest Change-Id: I8c77f61c239ddb7ad1c103e610514d05ec4c5c91
author: Shawn Willden <swillden@google.com> 2018-04-02 10:55:34 -0600
committer: Shawn Willden <swillden@google.com> 2018-04-10 21:37:51 +0000
commit: 25814f05240e324c8a10fe94f4dba0d408641bf0 (patch)
tree: 646ef6b9ebfb479c797a027a768acc4126dda9ad
parent: f051c127c63d1713822f0e18a4bc2e8508fe66d9 (diff)
download: android_system_keymaster-25814f05240e324c8a10fe94f4dba0d408641bf0.tar.gz
android_system_keymaster-25814f05240e324c8a10fe94f4dba0d408641bf0.tar.bz2
android_system_keymaster-25814f05240e324c8a10fe94f4dba0d408641bf0.zip
4 files changed, 40 insertions, 36 deletions
diff --git a/Android.bp b/Android.bp
index aaef82d..fe0b8e7 100644
--- a/Android.bp
+++ b/Android.bp
@@ -52,7 +52,7 @@ cc_library_shared {
 // implementation, lacking only a subclass of the (abstract) KeymasterContext
 // class to provide environment-specific services and a wrapper to translate from
 // the function-based keymaster HAL API to the message-based AndroidKeymaster API.
-cc_library_shared {
+cc_library {
     name: "libkeymaster_portable",
     vendor_available: true,
     vndk: {
@@ -190,7 +190,7 @@ cc_library {
     export_include_dirs: ["include"],
 }
 
-cc_library_shared {
+cc_library {
     name: "libpuresoftkeymasterdevice",
     vendor_available: true,
     vndk: {
diff --git a/include/keymaster/attestation_record.h b/include/keymaster/attestation_record.h
index c7facd3..2b47356 100644
--- a/include/keymaster/attestation_record.h
+++ b/include/keymaster/attestation_record.h
@@ -99,8 +99,7 @@ ASN1_SEQUENCE(KM_AUTH_LIST) = {
     ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, digest, ASN1_INTEGER, TAG_DIGEST.masked_tag()),
     ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, padding, ASN1_INTEGER, TAG_PADDING.masked_tag()),
     ASN1_EXP_OPT(KM_AUTH_LIST, caller_nonce, ASN1_NULL, TAG_CALLER_NONCE.masked_tag()),
-    ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, min_mac_length, ASN1_INTEGER,
-                        TAG_MIN_MAC_LENGTH.masked_tag()),
+    ASN1_EXP_OPT(KM_AUTH_LIST, min_mac_length, ASN1_INTEGER, TAG_MIN_MAC_LENGTH.masked_tag()),
     ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, kdf, ASN1_INTEGER, TAG_KDF.masked_tag()),
     ASN1_EXP_OPT(KM_AUTH_LIST, ec_curve, ASN1_INTEGER, TAG_EC_CURVE.masked_tag()),
     ASN1_EXP_OPT(KM_AUTH_LIST, rsa_public_exponent, ASN1_INTEGER,
@@ -169,9 +168,10 @@ ASN1_SEQUENCE(KM_KEY_DESCRIPTION) = {
 DECLARE_ASN1_FUNCTIONS(KM_KEY_DESCRIPTION);
 
 class AttestationRecordContext {
-protected:
+  protected:
     virtual ~AttestationRecordContext() {}
-public:
+
+  public:
     /**
      * Returns the security level (SW or TEE) of this keymaster implementation.
      */
@@ -188,9 +188,9 @@ public:
      * If you do not support device ID attestation, ignore all arguments and return
      * KM_ERROR_UNIMPLEMENTED.
      */
-    virtual keymaster_error_t VerifyAndCopyDeviceIds(
-        const AuthorizationSet& /* attestation_params */,
-        AuthorizationSet* /* attestation */) const {
+    virtual keymaster_error_t
+    VerifyAndCopyDeviceIds(const AuthorizationSet& /* attestation_params */,
+                           AuthorizationSet* /* attestation */) const {
         return KM_ERROR_UNIMPLEMENTED;
     }
     /**
diff --git a/include/keymaster/wrapped_key.h b/include/keymaster/wrapped_key.h
index b914402..fe50e86 100644
--- a/include/keymaster/wrapped_key.h
+++ b/include/keymaster/wrapped_key.h
@@ -19,10 +19,41 @@
 
 #include <hardware/keymaster_defs.h>
 
+#include <keymaster/attestation_record.h>
 #include <keymaster/authorization_set.h>
 
 namespace keymaster {
 
+typedef struct km_wrapped_key_description {
+    ASN1_INTEGER* key_format;
+    KM_AUTH_LIST* auth_list;
+} KM_WRAPPED_KEY_DESCRIPTION;
+
+ASN1_SEQUENCE(KM_WRAPPED_KEY_DESCRIPTION) = {
+    ASN1_SIMPLE(KM_WRAPPED_KEY_DESCRIPTION, key_format, ASN1_INTEGER),
+    ASN1_SIMPLE(KM_WRAPPED_KEY_DESCRIPTION, auth_list, KM_AUTH_LIST),
+} ASN1_SEQUENCE_END(KM_WRAPPED_KEY_DESCRIPTION);
+DECLARE_ASN1_FUNCTIONS(KM_WRAPPED_KEY_DESCRIPTION);
+
+typedef struct km_wrapped_key {
+    ASN1_INTEGER* version;
+    ASN1_OCTET_STRING* transit_key;
+    ASN1_OCTET_STRING* iv;
+    KM_WRAPPED_KEY_DESCRIPTION* wrapped_key_description;
+    ASN1_OCTET_STRING* secure_key;
+    ASN1_OCTET_STRING* tag;
+} KM_WRAPPED_KEY;
+
+ASN1_SEQUENCE(KM_WRAPPED_KEY) = {
+    ASN1_SIMPLE(KM_WRAPPED_KEY, version, ASN1_INTEGER),
+    ASN1_SIMPLE(KM_WRAPPED_KEY, transit_key, ASN1_OCTET_STRING),
+    ASN1_SIMPLE(KM_WRAPPED_KEY, iv, ASN1_OCTET_STRING),
+    ASN1_SIMPLE(KM_WRAPPED_KEY, wrapped_key_description, KM_WRAPPED_KEY_DESCRIPTION),
+    ASN1_SIMPLE(KM_WRAPPED_KEY, secure_key, ASN1_OCTET_STRING),
+    ASN1_SIMPLE(KM_WRAPPED_KEY, tag, ASN1_OCTET_STRING),
+} ASN1_SEQUENCE_END(KM_WRAPPED_KEY);
+DECLARE_ASN1_FUNCTIONS(KM_WRAPPED_KEY);
+
 keymaster_error_t build_wrapped_key(const KeymasterKeyBlob& encrypted_ephemeral_key,
                                     const KeymasterBlob& iv, keymaster_key_format_t key_format,
                                     const KeymasterKeyBlob& secure_key, const KeymasterBlob& tag,
diff --git a/km_openssl/wrapped_key.cpp b/km_openssl/wrapped_key.cpp
index d0d1a02..e619f2a 100644
--- a/km_openssl/wrapped_key.cpp
+++ b/km_openssl/wrapped_key.cpp
@@ -26,34 +26,7 @@
 
 namespace keymaster {
 
-typedef struct km_wrapped_key_description {
-    ASN1_INTEGER* key_format;
-    KM_AUTH_LIST* auth_list;
-} KM_WRAPPED_KEY_DESCRIPTION;
-
-ASN1_SEQUENCE(KM_WRAPPED_KEY_DESCRIPTION) = {
-    ASN1_SIMPLE(KM_WRAPPED_KEY_DESCRIPTION, key_format, ASN1_INTEGER),
-    ASN1_SIMPLE(KM_WRAPPED_KEY_DESCRIPTION, auth_list, KM_AUTH_LIST),
-} ASN1_SEQUENCE_END(KM_WRAPPED_KEY_DESCRIPTION);
 IMPLEMENT_ASN1_FUNCTIONS(KM_WRAPPED_KEY_DESCRIPTION);
-
-typedef struct km_wrapped_key {
-    ASN1_INTEGER* version;
-    ASN1_OCTET_STRING* transit_key;
-    ASN1_OCTET_STRING* iv;
-    KM_WRAPPED_KEY_DESCRIPTION* wrapped_key_description;
-    ASN1_OCTET_STRING* secure_key;
-    ASN1_OCTET_STRING* tag;
-} KM_WRAPPED_KEY;
-
-ASN1_SEQUENCE(KM_WRAPPED_KEY) = {
-    ASN1_SIMPLE(KM_WRAPPED_KEY, version, ASN1_INTEGER),
-    ASN1_SIMPLE(KM_WRAPPED_KEY, transit_key, ASN1_OCTET_STRING),
-    ASN1_SIMPLE(KM_WRAPPED_KEY, iv, ASN1_OCTET_STRING),
-    ASN1_SIMPLE(KM_WRAPPED_KEY, wrapped_key_description, KM_WRAPPED_KEY_DESCRIPTION),
-    ASN1_SIMPLE(KM_WRAPPED_KEY, secure_key, ASN1_OCTET_STRING),
-    ASN1_SIMPLE(KM_WRAPPED_KEY, tag, ASN1_OCTET_STRING),
-} ASN1_SEQUENCE_END(KM_WRAPPED_KEY);
 IMPLEMENT_ASN1_FUNCTIONS(KM_WRAPPED_KEY);
 
 struct KM_WRAPPED_KEY_Delete {
author	Shawn Willden <swillden@google.com>	2018-04-02 10:55:34 -0600
committer	Shawn Willden <swillden@google.com>	2018-04-10 21:37:51 +0000
commit	25814f05240e324c8a10fe94f4dba0d408641bf0 (patch)
tree	646ef6b9ebfb479c797a027a768acc4126dda9ad
parent	f051c127c63d1713822f0e18a4bc2e8508fe66d9 (diff)
download	android_system_keymaster-25814f05240e324c8a10fe94f4dba0d408641bf0.tar.gz android_system_keymaster-25814f05240e324c8a10fe94f4dba0d408641bf0.tar.bz2 android_system_keymaster-25814f05240e324c8a10fe94f4dba0d408641bf0.zip