1// Copyright (C) 2014 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15// libkeymaster_messages contains just the code necessary to communicate with a
16// AndroidKeymaster implementation, e.g. one running in TrustZone.
17cc_library_shared {
18    name: "libkeymaster_messages",
19    vendor_available: true,
20    vndk: {
21        enabled: true,
22    },
23    srcs: [
24        "android_keymaster/android_keymaster_messages.cpp",
25        "android_keymaster/android_keymaster_utils.cpp",
26        "android_keymaster/authorization_set.cpp",
27        "android_keymaster/keymaster_tags.cpp",
28        "android_keymaster/logger.cpp",
29        "android_keymaster/serializable.cpp",
30        "android_keymaster/keymaster_stl.cpp",
31    ],
32    header_libs: ["libhardware_headers"],
33    cflags: [
34        "-Wall",
35        "-Werror",
36        "-Wunused",
37        "-DKEYMASTER_NAME_TAGS",
38    ],
39    stl: "none",
40    clang: true,
41    // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released.
42    // Currently, if enabled, these flags will cause an internal error in Clang.
43    clang_cflags: ["-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp"],
44
45    export_include_dirs: ["include"],
46    sanitize: {
47        integer_overflow: false,
48    },
49}
50
51// libkeymaster_portable contains almost everything needed for a keymaster
52// implementation, lacking only a subclass of the (abstract) KeymasterContext
53// class to provide environment-specific services and a wrapper to translate from
54// the function-based keymaster HAL API to the message-based AndroidKeymaster API.
55cc_library {
56    name: "libkeymaster_portable",
57    vendor_available: true,
58    vndk: {
59        enabled: true,
60    },
61    srcs: [
62        "android_keymaster/android_keymaster.cpp",
63        "android_keymaster/android_keymaster_messages.cpp",
64        "android_keymaster/android_keymaster_utils.cpp",
65        "android_keymaster/authorization_set.cpp",
66        "android_keymaster/keymaster_enforcement.cpp",
67        "android_keymaster/keymaster_stl.cpp",
68        "android_keymaster/keymaster_tags.cpp",
69        "android_keymaster/logger.cpp",
70        "android_keymaster/operation.cpp",
71        "android_keymaster/operation_table.cpp",
72        "android_keymaster/serializable.cpp",
73        "key_blob_utils/auth_encrypted_key_blob.cpp",
74        "key_blob_utils/integrity_assured_key_blob.cpp",
75        "key_blob_utils/ocb.c",
76        "key_blob_utils/ocb_utils.cpp",
77        "key_blob_utils/software_keyblobs.cpp",
78        "km_openssl/aes_key.cpp",
79        "km_openssl/aes_operation.cpp",
80        "km_openssl/asymmetric_key.cpp",
81        "km_openssl/asymmetric_key_factory.cpp",
82        "km_openssl/attestation_record.cpp",
83        "km_openssl/block_cipher_operation.cpp",
84        "km_openssl/ckdf.cpp",
85        "km_openssl/ec_key.cpp",
86        "km_openssl/ec_key_factory.cpp",
87        "km_openssl/ecdsa_operation.cpp",
88        "km_openssl/ecies_kem.cpp",
89        "km_openssl/hkdf.cpp",
90        "km_openssl/hmac.cpp",
91        "km_openssl/hmac_key.cpp",
92        "km_openssl/hmac_operation.cpp",
93        "km_openssl/iso18033kdf.cpp",
94        "km_openssl/kdf.cpp",
95        "km_openssl/nist_curve_key_exchange.cpp",
96        "km_openssl/openssl_err.cpp",
97        "km_openssl/openssl_utils.cpp",
98        "km_openssl/rsa_key.cpp",
99        "km_openssl/rsa_key_factory.cpp",
100        "km_openssl/rsa_operation.cpp",
101        "km_openssl/software_random_source.cpp",
102        "km_openssl/symmetric_key.cpp",
103        "km_openssl/triple_des_key.cpp",
104        "km_openssl/triple_des_operation.cpp",
105        "km_openssl/wrapped_key.cpp",
106    ],
107
108    shared_libs: [
109        "libcrypto",
110    ],
111    header_libs: ["libhardware_headers"],
112    export_header_lib_headers: ["libhardware_headers"],
113    cflags: [
114        "-Wall",
115        "-Werror",
116        "-Wunused",
117        "-DBORINGSSL_NO_CXX",
118    ],
119    // NOTE: libkeymaster_portable must run unchanged in the trusty runtime environment.
120    // Therefore, it must not link against any c++ stl library. keymaster_stl.cpp
121    // weakly defines the subset of stl symbols required for this library to work
122    // and which are also available in the trusty context.
123    stl: "none",
124    clang: true,
125    clang_cflags: [
126        "-Wno-error=unused-const-variable",
127        "-Wno-error=unused-private-field",
128        // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released.
129        // Currently, if enabled, these flags will cause an internal error in Clang.
130        "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp"
131    ],
132
133    export_include_dirs: ["include"],
134    sanitize: {
135        integer_overflow: false,
136    },
137}
138
139// libsoftkeymaster provides a software-based keymaster HAL implementation.
140// This is used by keystore as a fallback for when the hardware keymaster does
141// not support the request.
142cc_library {
143    name: "libsoftkeymasterdevice",
144    vendor_available: true,
145    vndk: {
146        enabled: true,
147    },
148    srcs: [
149        "android_keymaster/keymaster_configuration.cpp",
150        "km_openssl/attestation_utils.cpp",
151        "legacy_support/ec_keymaster0_key.cpp",
152        "legacy_support/ec_keymaster1_key.cpp",
153        "legacy_support/ecdsa_keymaster1_operation.cpp",
154        "legacy_support/keymaster0_engine.cpp",
155        "legacy_support/keymaster1_engine.cpp",
156        "legacy_support/rsa_keymaster0_key.cpp",
157        "legacy_support/rsa_keymaster1_key.cpp",
158        "legacy_support/rsa_keymaster1_operation.cpp",
159        "legacy_support/keymaster1_legacy_support.cpp",
160        "contexts/soft_attestation_cert.cpp",
161        "contexts/soft_keymaster_context.cpp",
162        "contexts/pure_soft_keymaster_context.cpp",
163        "contexts/soft_keymaster_device.cpp",
164        "km_openssl/soft_keymaster_enforcement.cpp",
165        "contexts/soft_keymaster_logger.cpp",
166    ],
167    cflags: [
168        "-Wall",
169        "-Werror",
170        "-Wunused",
171    ],
172    clang: true,
173    clang_cflags: [
174        "-Wno-error=unused-const-variable",
175        "-Wno-error=unused-private-field",
176        // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released.
177        // Currently, if enabled, these flags will cause an internal error in Clang.
178        "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp"
179    ],
180
181    shared_libs: [
182        "libkeymaster_messages",
183        "libkeymaster_portable",
184        "liblog",
185        "libbase",
186        "libcrypto",
187        "libcutils",
188    ],
189
190    export_include_dirs: ["include"],
191}
192
193cc_library {
194    name: "libpuresoftkeymasterdevice",
195    vendor_available: true,
196    vndk: {
197        enabled: true,
198    },
199    srcs: [
200        "km_openssl/attestation_utils.cpp",
201        "android_keymaster/keymaster_configuration.cpp",
202        "contexts/soft_attestation_cert.cpp",
203        "contexts/pure_soft_keymaster_context.cpp",
204        "contexts/soft_keymaster_logger.cpp",
205        "km_openssl/soft_keymaster_enforcement.cpp",
206    ],
207    cflags: [
208        "-Wall",
209        "-Werror",
210        "-Wunused",
211    ],
212    clang: true,
213    clang_cflags: [
214        "-Wno-error=unused-const-variable",
215        "-Wno-error=unused-private-field",
216        // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released.
217        // Currently, if enabled, these flags will cause an internal error in Clang.
218        "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp"
219    ],
220
221    shared_libs: [
222        "libkeymaster_messages",
223        "libkeymaster_portable",
224        "liblog",
225        "libcrypto",
226        "libcutils",
227    ],
228
229    export_include_dirs: ["include"],
230}
231
232cc_library_shared {
233    name: "libkeymaster3device",
234    vendor: true,
235    srcs: [
236        "legacy_support/keymaster_passthrough_key.cpp",
237        "legacy_support/keymaster_passthrough_engine.cpp",
238        "legacy_support/keymaster_passthrough_operation.cpp",
239        "contexts/keymaster1_passthrough_context.cpp",
240        "contexts/keymaster2_passthrough_context.cpp",
241        "ng/AndroidKeymaster3Device.cpp",
242        "android_keymaster/keymaster_configuration.cpp",
243        "km_openssl/attestation_utils.cpp",
244        "legacy_support/ec_keymaster0_key.cpp",
245        "legacy_support/ec_keymaster1_key.cpp",
246        "legacy_support/ecdsa_keymaster1_operation.cpp",
247        "legacy_support/keymaster0_engine.cpp",
248        "legacy_support/keymaster1_engine.cpp",
249        "legacy_support/keymaster1_legacy_support.cpp",
250        "legacy_support/rsa_keymaster0_key.cpp",
251        "legacy_support/rsa_keymaster1_key.cpp",
252        "legacy_support/rsa_keymaster1_operation.cpp",
253    ],
254    cflags: [
255        "-Wall",
256        "-Werror",
257        "-Wunused",
258    ],
259    clang: true,
260    clang_cflags: [
261        "-Wno-error=unused-const-variable",
262        "-Wno-error=unused-private-field",
263        // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released.
264        // Currently, if enabled, these flags will cause an internal error in Clang.
265        "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp"
266    ],
267
268    shared_libs: [
269        "libkeymaster_messages",
270        "android.hardware.keymaster@3.0",
271        "libcrypto",
272        "libcutils",
273        "libbase",
274        "libhidlbase",
275        "libhidltransport",
276        "libkeymaster_portable",
277        "libpuresoftkeymasterdevice",
278        "liblog",
279        "libutils",
280    ],
281
282    export_include_dirs: ["include", "ng/include"],
283}
284
285cc_library_shared {
286    name: "libkeymaster4",
287    vendor_available: true,
288    srcs: [
289        "legacy_support/keymaster_passthrough_key.cpp",
290        "legacy_support/keymaster_passthrough_engine.cpp",
291        "legacy_support/keymaster_passthrough_operation.cpp",
292        "ng/AndroidKeymaster4Device.cpp",
293        "android_keymaster/keymaster_configuration.cpp",
294        "km_openssl/attestation_utils.cpp",
295    ],
296    cflags: [
297        "-Wall",
298        "-Werror",
299        "-Wunused",
300    ],
301    clang: true,
302    clang_cflags: [
303        "-Wno-error=unused-const-variable",
304        "-Wno-error=unused-private-field",
305        // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released.
306        // Currently, if enabled, these flags will cause an internal error in Clang.
307        "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp"
308    ],
309
310    shared_libs: [
311        "libkeymaster_messages",
312        "android.hardware.keymaster@4.0",
313        "libcrypto",
314        "libcutils",
315        "libbase",
316        "libhidlbase",
317        "libhidltransport",
318        "libkeymaster_portable",
319        "libpuresoftkeymasterdevice",
320        "liblog",
321        "libutils",
322        "libkeymaster4support",
323    ],
324
325    export_include_dirs: ["ng/include"],
326}
327
328// libkeymasterfiles is an empty library that exports all of the files in keymaster as includes.
329cc_library_static {
330    name: "libkeymasterfiles",
331    export_include_dirs: [
332        ".",
333        "include",
334    ],
335}
336