1// Copyright (C) 2014 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15// libkeymaster_messages contains just the code necessary to communicate with a
16// AndroidKeymaster implementation, e.g. one running in TrustZone.
17package {
18    default_applicable_licenses: ["system_keymaster_license"],
19}
20
21// Added automatically by a large-scale-change that took the approach of
22// 'apply every license found to every target'. While this makes sure we respect
23// every license restriction, it may not be entirely correct.
24//
25// e.g. GPL in an MIT project might only apply to the contrib/ directory.
26//
27// Please consider splitting the single license below into multiple licenses,
28// taking care not to lose any license_kind information, and overriding the
29// default license using the 'licenses: [...]' property on targets as needed.
30//
31// For unused files, consider creating a 'fileGroup' with "//visibility:private"
32// to attach the license to, and including a comment whether the files may be
33// used in the current project.
34// See: http://go/android-license-faq
35license {
36    name: "system_keymaster_license",
37    visibility: [":__subpackages__"],
38    license_kinds: [
39        "SPDX-license-identifier-Apache-2.0",
40        "SPDX-license-identifier-ISC",
41        "legacy_unencumbered",
42    ],
43    license_text: [
44        "NOTICE",
45    ],
46}
47
48cc_defaults {
49    name: "keymaster_defaults",
50    vendor_available: true,
51    cflags: [
52        "-Wall",
53        "-Werror",
54        "-Wunused",
55    ],
56    clang: true,
57    clang_cflags: [
58        "-Wno-error=unused-const-variable",
59        "-Wno-error=unused-private-field",
60        "-Wimplicit-fallthrough",
61        // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released.
62        // Currently, if enabled, these flags will cause an internal error in Clang.
63        "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp"
64    ],
65    tidy: true,
66    tidy_checks: [
67        "-performance-noexcept-move-constructor",
68    ],
69    sanitize: {
70        integer_overflow: false,
71    },
72}
73
74cc_library_shared {
75    name: "libkeymaster_messages",
76    srcs: [
77        "android_keymaster/android_keymaster_messages.cpp",
78        "android_keymaster/android_keymaster_utils.cpp",
79        "android_keymaster/authorization_set.cpp",
80        "android_keymaster/keymaster_tags.cpp",
81        "android_keymaster/logger.cpp",
82        "android_keymaster/serializable.cpp",
83    ],
84    header_libs: ["libhardware_headers"],
85    defaults: ["keymaster_defaults" ],
86    clang_cflags: [
87        "-DKEYMASTER_NAME_TAGS",
88    ],
89    export_include_dirs: ["include"],
90    host_supported: true,
91    target: {
92        host: {
93            clang_cflags: [
94                "-fno-rtti", // TODO(b/156427382): Remove workaround when possible.
95            ],
96        },
97    },
98}
99
100// libkeymaster_portable contains almost everything needed for a keymaster
101// implementation, lacking only a subclass of the (abstract) KeymasterContext
102// class to provide environment-specific services and a wrapper to translate from
103// the function-based keymaster HAL API to the message-based AndroidKeymaster API.
104cc_library {
105    name: "libkeymaster_portable",
106    srcs: [
107        "android_keymaster/android_keymaster.cpp",
108        "android_keymaster/android_keymaster_messages.cpp",
109        "android_keymaster/android_keymaster_utils.cpp",
110        "android_keymaster/authorization_set.cpp",
111        "android_keymaster/keymaster_enforcement.cpp",
112        "android_keymaster/keymaster_tags.cpp",
113        "android_keymaster/logger.cpp",
114        "android_keymaster/operation.cpp",
115        "android_keymaster/operation_table.cpp",
116        "android_keymaster/pure_soft_secure_key_storage.cpp",
117        "android_keymaster/remote_provisioning_utils.cpp",
118        "android_keymaster/serializable.cpp",
119        "key_blob_utils/auth_encrypted_key_blob.cpp",
120        "key_blob_utils/integrity_assured_key_blob.cpp",
121        "key_blob_utils/ocb.c",
122        "key_blob_utils/ocb_utils.cpp",
123        "key_blob_utils/software_keyblobs.cpp",
124        "km_openssl/aes_key.cpp",
125        "km_openssl/aes_operation.cpp",
126        "km_openssl/asymmetric_key.cpp",
127        "km_openssl/asymmetric_key_factory.cpp",
128        "km_openssl/attestation_record.cpp",
129        "km_openssl/attestation_utils.cpp",
130        "km_openssl/block_cipher_operation.cpp",
131        "km_openssl/certificate_utils.cpp",
132        "km_openssl/ckdf.cpp",
133        "km_openssl/ec_key.cpp",
134        "km_openssl/ec_key_factory.cpp",
135        "km_openssl/ecdh_operation.cpp",
136        "km_openssl/ecdsa_operation.cpp",
137        "km_openssl/ecies_kem.cpp",
138        "km_openssl/hkdf.cpp",
139        "km_openssl/hmac.cpp",
140        "km_openssl/hmac_key.cpp",
141        "km_openssl/hmac_operation.cpp",
142        "km_openssl/iso18033kdf.cpp",
143        "km_openssl/kdf.cpp",
144        "km_openssl/nist_curve_key_exchange.cpp",
145        "km_openssl/openssl_err.cpp",
146        "km_openssl/openssl_utils.cpp",
147        "km_openssl/rsa_key.cpp",
148        "km_openssl/rsa_key_factory.cpp",
149        "km_openssl/rsa_operation.cpp",
150        "km_openssl/software_random_source.cpp",
151        "km_openssl/symmetric_key.cpp",
152        "km_openssl/triple_des_key.cpp",
153        "km_openssl/triple_des_operation.cpp",
154        "km_openssl/wrapped_key.cpp",
155    ],
156
157    shared_libs: [
158        "libcrypto",
159        "libcppbor_external",
160        "libcppcose_rkp",
161    ],
162    export_shared_lib_headers: ["libcppbor_external"],
163    header_libs: ["libhardware_headers"],
164    export_header_lib_headers: ["libhardware_headers"],
165    defaults: ["keymaster_defaults" ],
166    host_supported: true,
167    export_include_dirs: ["include"],
168    target: {
169        host: {
170            clang_cflags: [
171                "-fno-rtti", // TODO(b/156427382): Remove workaround when possible.
172            ],
173        },
174    },
175}
176
177// libsoftkeymaster provides a software-based keymaster HAL implementation.
178// This is used by keystore as a fallback for when the hardware keymaster does
179// not support the request.
180cc_library {
181    name: "libsoftkeymasterdevice",
182    srcs: [
183        "android_keymaster/keymaster_configuration.cpp",
184        "contexts/pure_soft_keymaster_context.cpp",
185        "contexts/pure_soft_remote_provisioning_context.cpp",
186        "contexts/soft_attestation_context.cpp",
187        "contexts/soft_keymaster_context.cpp",
188        "contexts/soft_keymaster_device.cpp",
189        "contexts/soft_keymaster_logger.cpp",
190        "km_openssl/soft_keymaster_enforcement.cpp",
191        "legacy_support/ec_keymaster1_key.cpp",
192        "legacy_support/ecdsa_keymaster1_operation.cpp",
193        "legacy_support/keymaster1_engine.cpp",
194        "legacy_support/keymaster1_legacy_support.cpp",
195        "legacy_support/rsa_keymaster1_key.cpp",
196        "legacy_support/rsa_keymaster1_operation.cpp",
197    ],
198    defaults: ["keymaster_defaults"],
199    shared_libs: [
200        "libkeymaster_messages",
201        "libkeymaster_portable",
202        "libsoft_attestation_cert",
203        "liblog",
204        "libbase",
205        "libcppbor_external",
206        "libcppcose_rkp",
207        "libcrypto",
208        "libcutils",
209    ],
210    export_include_dirs: ["include"],
211}
212
213cc_library {
214    name: "libsoft_attestation_cert",
215    srcs: [
216        "contexts/soft_attestation_cert.cpp",
217    ],
218    defaults: ["keymaster_defaults"],
219    shared_libs: [
220        "libkeymaster_portable",
221    ],
222
223    host_supported: true,
224    export_include_dirs: ["include"],
225}
226
227cc_library {
228    name: "libpuresoftkeymasterdevice",
229    srcs: [
230        "android_keymaster/keymaster_configuration.cpp",
231        "contexts/soft_attestation_context.cpp",
232        "contexts/pure_soft_keymaster_context.cpp",
233        "contexts/pure_soft_remote_provisioning_context.cpp",
234        "contexts/soft_keymaster_logger.cpp",
235        "km_openssl/soft_keymaster_enforcement.cpp",
236    ],
237    defaults: ["keymaster_defaults"],
238    shared_libs: [
239        "libkeymaster_messages",
240        "libkeymaster_portable",
241        "libsoft_attestation_cert",
242        "liblog",
243        "libcppbor_external",
244        "libcppcose_rkp",
245        "libcrypto",
246        "libcutils",
247        "libbase",
248    ],
249    export_include_dirs: ["include"],
250}
251
252cc_library {
253    name: "libpuresoftkeymasterdevice_host",
254    srcs: [
255        "contexts/pure_soft_keymaster_context.cpp",
256        "contexts/pure_soft_remote_provisioning_context.cpp",
257        "contexts/soft_attestation_context.cpp",
258        "contexts/soft_keymaster_logger.cpp",
259        "km_openssl/soft_keymaster_enforcement.cpp",
260    ],
261    defaults: ["keymaster_defaults"],
262    host_supported: true,
263    device_supported: false,
264    shared_libs: [
265        "libkeymaster_messages",
266        "libkeymaster_portable",
267        "libsoft_attestation_cert",
268        "liblog",
269        "libcppbor_external",
270        "libcppcose_rkp",
271        "libcrypto",
272        "libcutils",
273        "libbase",
274    ],
275    clang_cflags: [
276        "-DKEYMASTER_NAME_TAGS",
277        "-fno-rtti", // TODO(b/156427382): Remove workaround when possible.
278    ],
279    export_include_dirs: ["include"],
280}
281
282cc_library_shared {
283    name: "libkeymaster3device",
284    srcs: [
285        "legacy_support/keymaster_passthrough_key.cpp",
286        "legacy_support/keymaster_passthrough_engine.cpp",
287        "legacy_support/keymaster_passthrough_operation.cpp",
288        "contexts/keymaster1_passthrough_context.cpp",
289        "contexts/keymaster2_passthrough_context.cpp",
290        "ng/AndroidKeymaster3Device.cpp",
291        "android_keymaster/keymaster_configuration.cpp",
292        "legacy_support/ec_keymaster1_key.cpp",
293        "legacy_support/ecdsa_keymaster1_operation.cpp",
294        "legacy_support/keymaster1_engine.cpp",
295        "legacy_support/keymaster1_legacy_support.cpp",
296        "legacy_support/rsa_keymaster1_key.cpp",
297        "legacy_support/rsa_keymaster1_operation.cpp",
298    ],
299    defaults: ["keymaster_defaults"],
300    shared_libs: [
301        "libkeymaster_messages",
302        "android.hardware.keymaster@3.0",
303        "libcrypto",
304        "libcutils",
305        "libbase",
306        "libhidlbase",
307        "libkeymaster_portable",
308        "liblog",
309        "libpuresoftkeymasterdevice",
310        "libsoft_attestation_cert",
311        "libutils",
312    ],
313    export_include_dirs: ["include", "ng/include"],
314}
315
316cc_library_shared {
317    name: "libkeymaster4",
318    srcs: [
319        "legacy_support/keymaster_passthrough_key.cpp",
320        "legacy_support/keymaster_passthrough_engine.cpp",
321        "legacy_support/keymaster_passthrough_operation.cpp",
322        "ng/AndroidKeymaster4Device.cpp",
323        "android_keymaster/keymaster_configuration.cpp",
324    ],
325    defaults: ["keymaster_defaults"],
326    shared_libs: [
327        "libkeymaster_messages",
328        "android.hardware.keymaster@4.0",
329        "libcrypto",
330        "libcutils",
331        "libbase",
332        "libhidlbase",
333        "libkeymaster_portable",
334        "libpuresoftkeymasterdevice",
335        "liblog",
336        "libutils",
337        "libkeymaster4support",
338    ],
339    export_include_dirs: [
340        "ng/include",
341        "include"
342    ],
343}
344
345cc_library_shared {
346    name: "libkeymaster41",
347    vendor_available: true,
348    srcs: [
349        "ng/AndroidKeymaster41Device.cpp",
350    ],
351    defaults: ["keymaster_defaults"],
352    shared_libs: [
353        "android.hardware.keymaster@4.0",
354        "android.hardware.keymaster@4.1",
355        "libbase",
356        "libcrypto",
357        "libcutils",
358        "libhidlbase",
359        "libkeymaster4",
360        "libkeymaster4_1support",
361        "libkeymaster4support",
362        "libkeymaster_messages",
363        "libkeymaster_portable",
364        "liblog",
365        "libpuresoftkeymasterdevice",
366        "libutils",
367    ],
368    export_include_dirs: ["ng/include"],
369}
370
371cc_library {
372    name: "lib_android_keymaster_keymint_utils",
373    vendor_available: true,
374    srcs: [
375        "ng/KeyMintUtils.cpp",
376    ],
377    defaults: ["keymaster_defaults"],
378    shared_libs: [
379        "android.hardware.security.keymint-V1-ndk_platform",
380        "libbase",
381        "libhardware",
382    ],
383    export_include_dirs: [
384        "ng/include",
385        "include",
386    ],
387}
388
389cc_library {
390    name: "libkeymint",
391    vendor_available: true,
392    srcs: [
393        "android_keymaster/keymaster_configuration.cpp",
394        "legacy_support/keymaster_passthrough_engine.cpp",
395        "legacy_support/keymaster_passthrough_key.cpp",
396        "legacy_support/keymaster_passthrough_operation.cpp",
397        "ng/AndroidKeyMintDevice.cpp",
398        "ng/AndroidKeyMintOperation.cpp",
399        "ng/AndroidRemotelyProvisionedComponentDevice.cpp",
400        "ng/AndroidSharedSecret.cpp",
401        "ng/AndroidSecureClock.cpp",
402    ],
403    defaults: ["keymaster_defaults"],
404    shared_libs: [
405	"libhidlbase",
406        "android.hardware.security.keymint-V1-ndk_platform",
407        "android.hardware.security.secureclock-V1-ndk_platform",
408        "android.hardware.security.sharedsecret-V1-ndk_platform",
409        "lib_android_keymaster_keymint_utils",
410        "libbase",
411        "libbinder_ndk",
412        "libcppbor_external",
413        "libcrypto",
414        "libcutils",
415        "libkeymaster_messages",
416        "libkeymaster_portable",
417        "liblog",
418        "libpuresoftkeymasterdevice",
419        "libutils",
420    ],
421    export_include_dirs: ["include", "ng/include"],
422}
423
424cc_library {
425    name: "libcppcose_rkp",
426    vendor_available: true,
427    host_supported: true,
428    srcs: [
429        "cppcose/cppcose.cpp",
430    ],
431    export_include_dirs: [
432        "include",
433    ],
434    shared_libs: [
435        "libcppbor_external",
436        "libcrypto",
437        "liblog",
438    ],
439}
440
441cc_defaults {
442    name: "keymaster_fuzz_defaults",
443    header_libs: ["libhardware_headers"],
444    shared_libs: [
445        "libkeymaster_messages",
446    ],
447    // Not using defaults because the fuzzer relies on sanitizers that are explicitly disabled there.
448    cflags: [
449        "-Wall",
450        "-Werror",
451        "-Wunused",
452        "-Wno-error=unused-const-variable",
453        "-Wno-error=unused-private-field",
454        "-Wimplicit-fallthrough",
455        "-DKEYMASTER_NAME_TAGS",
456    ],
457    host_supported: true,
458    target: {
459        host: {
460            clang_cflags: [
461                "-fno-rtti", // TODO(b/156427382): Remove when default library removes this
462            ],
463        },
464    },
465}
466
467cc_fuzz {
468    name: "libkeymaster_fuzz_buffer",
469    defaults: ["keymaster_fuzz_defaults"],
470    srcs: [
471        "tests/fuzzers/buffer_fuzz.cpp",
472    ],
473}
474
475cc_fuzz {
476    name: "libkeymaster_fuzz_serializable",
477    defaults: ["keymaster_fuzz_defaults"],
478    srcs: [
479        "tests/fuzzers/message_serializable_fuzz.cpp",
480    ],
481}
482