1// Copyright (C) 2014 The Android Open Source Project 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15// libkeymaster_messages contains just the code necessary to communicate with a 16// AndroidKeymaster implementation, e.g. one running in TrustZone. 17cc_library_shared { 18 name: "libkeymaster_messages", 19 vendor_available: true, 20 vndk: { 21 enabled: true, 22 }, 23 srcs: [ 24 "android_keymaster/android_keymaster_messages.cpp", 25 "android_keymaster/android_keymaster_utils.cpp", 26 "android_keymaster/authorization_set.cpp", 27 "android_keymaster/keymaster_tags.cpp", 28 "android_keymaster/logger.cpp", 29 "android_keymaster/serializable.cpp", 30 "android_keymaster/keymaster_stl.cpp", 31 ], 32 header_libs: ["libhardware_headers"], 33 cflags: [ 34 "-Wall", 35 "-Werror", 36 "-Wunused", 37 "-DKEYMASTER_NAME_TAGS", 38 ], 39 stl: "none", 40 clang: true, 41 // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released. 42 // Currently, if enabled, these flags will cause an internal error in Clang. 43 clang_cflags: ["-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp"], 44 45 export_include_dirs: ["include"], 46 sanitize: { 47 integer_overflow: false, 48 }, 49} 50 51// libkeymaster_portable contains almost everything needed for a keymaster 52// implementation, lacking only a subclass of the (abstract) KeymasterContext 53// class to provide environment-specific services and a wrapper to translate from 54// the function-based keymaster HAL API to the message-based AndroidKeymaster API. 55cc_library { 56 name: "libkeymaster_portable", 57 vendor_available: true, 58 vndk: { 59 enabled: true, 60 }, 61 srcs: [ 62 "android_keymaster/android_keymaster.cpp", 63 "android_keymaster/android_keymaster_messages.cpp", 64 "android_keymaster/android_keymaster_utils.cpp", 65 "android_keymaster/authorization_set.cpp", 66 "android_keymaster/keymaster_enforcement.cpp", 67 "android_keymaster/keymaster_stl.cpp", 68 "android_keymaster/keymaster_tags.cpp", 69 "android_keymaster/logger.cpp", 70 "android_keymaster/operation.cpp", 71 "android_keymaster/operation_table.cpp", 72 "android_keymaster/serializable.cpp", 73 "key_blob_utils/auth_encrypted_key_blob.cpp", 74 "key_blob_utils/integrity_assured_key_blob.cpp", 75 "key_blob_utils/ocb.c", 76 "key_blob_utils/ocb_utils.cpp", 77 "key_blob_utils/software_keyblobs.cpp", 78 "km_openssl/aes_key.cpp", 79 "km_openssl/aes_operation.cpp", 80 "km_openssl/asymmetric_key.cpp", 81 "km_openssl/asymmetric_key_factory.cpp", 82 "km_openssl/attestation_record.cpp", 83 "km_openssl/block_cipher_operation.cpp", 84 "km_openssl/ckdf.cpp", 85 "km_openssl/ec_key.cpp", 86 "km_openssl/ec_key_factory.cpp", 87 "km_openssl/ecdsa_operation.cpp", 88 "km_openssl/ecies_kem.cpp", 89 "km_openssl/hkdf.cpp", 90 "km_openssl/hmac.cpp", 91 "km_openssl/hmac_key.cpp", 92 "km_openssl/hmac_operation.cpp", 93 "km_openssl/iso18033kdf.cpp", 94 "km_openssl/kdf.cpp", 95 "km_openssl/nist_curve_key_exchange.cpp", 96 "km_openssl/openssl_err.cpp", 97 "km_openssl/openssl_utils.cpp", 98 "km_openssl/rsa_key.cpp", 99 "km_openssl/rsa_key_factory.cpp", 100 "km_openssl/rsa_operation.cpp", 101 "km_openssl/software_random_source.cpp", 102 "km_openssl/symmetric_key.cpp", 103 "km_openssl/triple_des_key.cpp", 104 "km_openssl/triple_des_operation.cpp", 105 "km_openssl/wrapped_key.cpp", 106 ], 107 108 shared_libs: [ 109 "libcrypto", 110 ], 111 header_libs: ["libhardware_headers"], 112 export_header_lib_headers: ["libhardware_headers"], 113 cflags: [ 114 "-Wall", 115 "-Werror", 116 "-Wunused", 117 "-DBORINGSSL_NO_CXX", 118 ], 119 // NOTE: libkeymaster_portable must run unchanged in the trusty runtime environment. 120 // Therefore, it must not link against any c++ stl library. keymaster_stl.cpp 121 // weakly defines the subset of stl symbols required for this library to work 122 // and which are also available in the trusty context. 123 stl: "none", 124 clang: true, 125 clang_cflags: [ 126 "-Wno-error=unused-const-variable", 127 "-Wno-error=unused-private-field", 128 // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released. 129 // Currently, if enabled, these flags will cause an internal error in Clang. 130 "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp" 131 ], 132 133 export_include_dirs: ["include"], 134 sanitize: { 135 integer_overflow: false, 136 }, 137} 138 139// libsoftkeymaster provides a software-based keymaster HAL implementation. 140// This is used by keystore as a fallback for when the hardware keymaster does 141// not support the request. 142cc_library { 143 name: "libsoftkeymasterdevice", 144 vendor_available: true, 145 vndk: { 146 enabled: true, 147 }, 148 srcs: [ 149 "android_keymaster/keymaster_configuration.cpp", 150 "km_openssl/attestation_utils.cpp", 151 "legacy_support/ec_keymaster0_key.cpp", 152 "legacy_support/ec_keymaster1_key.cpp", 153 "legacy_support/ecdsa_keymaster1_operation.cpp", 154 "legacy_support/keymaster0_engine.cpp", 155 "legacy_support/keymaster1_engine.cpp", 156 "legacy_support/rsa_keymaster0_key.cpp", 157 "legacy_support/rsa_keymaster1_key.cpp", 158 "legacy_support/rsa_keymaster1_operation.cpp", 159 "legacy_support/keymaster1_legacy_support.cpp", 160 "contexts/soft_attestation_cert.cpp", 161 "contexts/soft_keymaster_context.cpp", 162 "contexts/pure_soft_keymaster_context.cpp", 163 "contexts/soft_keymaster_device.cpp", 164 "km_openssl/soft_keymaster_enforcement.cpp", 165 "contexts/soft_keymaster_logger.cpp", 166 ], 167 cflags: [ 168 "-Wall", 169 "-Werror", 170 "-Wunused", 171 ], 172 clang: true, 173 clang_cflags: [ 174 "-Wno-error=unused-const-variable", 175 "-Wno-error=unused-private-field", 176 // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released. 177 // Currently, if enabled, these flags will cause an internal error in Clang. 178 "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp" 179 ], 180 181 shared_libs: [ 182 "libkeymaster_messages", 183 "libkeymaster_portable", 184 "liblog", 185 "libbase", 186 "libcrypto", 187 "libcutils", 188 ], 189 190 export_include_dirs: ["include"], 191} 192 193cc_library { 194 name: "libpuresoftkeymasterdevice", 195 vendor_available: true, 196 vndk: { 197 enabled: true, 198 }, 199 srcs: [ 200 "km_openssl/attestation_utils.cpp", 201 "android_keymaster/keymaster_configuration.cpp", 202 "contexts/soft_attestation_cert.cpp", 203 "contexts/pure_soft_keymaster_context.cpp", 204 "contexts/soft_keymaster_logger.cpp", 205 "km_openssl/soft_keymaster_enforcement.cpp", 206 ], 207 cflags: [ 208 "-Wall", 209 "-Werror", 210 "-Wunused", 211 ], 212 clang: true, 213 clang_cflags: [ 214 "-Wno-error=unused-const-variable", 215 "-Wno-error=unused-private-field", 216 // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released. 217 // Currently, if enabled, these flags will cause an internal error in Clang. 218 "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp" 219 ], 220 221 shared_libs: [ 222 "libkeymaster_messages", 223 "libkeymaster_portable", 224 "liblog", 225 "libcrypto", 226 "libcutils", 227 ], 228 229 export_include_dirs: ["include"], 230} 231 232cc_library_shared { 233 name: "libkeymaster3device", 234 vendor: true, 235 srcs: [ 236 "legacy_support/keymaster_passthrough_key.cpp", 237 "legacy_support/keymaster_passthrough_engine.cpp", 238 "legacy_support/keymaster_passthrough_operation.cpp", 239 "contexts/keymaster1_passthrough_context.cpp", 240 "contexts/keymaster2_passthrough_context.cpp", 241 "ng/AndroidKeymaster3Device.cpp", 242 "android_keymaster/keymaster_configuration.cpp", 243 "km_openssl/attestation_utils.cpp", 244 "legacy_support/ec_keymaster0_key.cpp", 245 "legacy_support/ec_keymaster1_key.cpp", 246 "legacy_support/ecdsa_keymaster1_operation.cpp", 247 "legacy_support/keymaster0_engine.cpp", 248 "legacy_support/keymaster1_engine.cpp", 249 "legacy_support/keymaster1_legacy_support.cpp", 250 "legacy_support/rsa_keymaster0_key.cpp", 251 "legacy_support/rsa_keymaster1_key.cpp", 252 "legacy_support/rsa_keymaster1_operation.cpp", 253 ], 254 cflags: [ 255 "-Wall", 256 "-Werror", 257 "-Wunused", 258 ], 259 clang: true, 260 clang_cflags: [ 261 "-Wno-error=unused-const-variable", 262 "-Wno-error=unused-private-field", 263 // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released. 264 // Currently, if enabled, these flags will cause an internal error in Clang. 265 "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp" 266 ], 267 268 shared_libs: [ 269 "libkeymaster_messages", 270 "android.hardware.keymaster@3.0", 271 "libcrypto", 272 "libcutils", 273 "libbase", 274 "libhidlbase", 275 "libhidltransport", 276 "libkeymaster_portable", 277 "libpuresoftkeymasterdevice", 278 "liblog", 279 "libutils", 280 ], 281 282 export_include_dirs: ["include", "ng/include"], 283} 284 285cc_library_shared { 286 name: "libkeymaster4", 287 vendor_available: true, 288 srcs: [ 289 "legacy_support/keymaster_passthrough_key.cpp", 290 "legacy_support/keymaster_passthrough_engine.cpp", 291 "legacy_support/keymaster_passthrough_operation.cpp", 292 "ng/AndroidKeymaster4Device.cpp", 293 "android_keymaster/keymaster_configuration.cpp", 294 "km_openssl/attestation_utils.cpp", 295 ], 296 cflags: [ 297 "-Wall", 298 "-Werror", 299 "-Wunused", 300 ], 301 clang: true, 302 clang_cflags: [ 303 "-Wno-error=unused-const-variable", 304 "-Wno-error=unused-private-field", 305 // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released. 306 // Currently, if enabled, these flags will cause an internal error in Clang. 307 "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp" 308 ], 309 310 shared_libs: [ 311 "libkeymaster_messages", 312 "android.hardware.keymaster@4.0", 313 "libcrypto", 314 "libcutils", 315 "libbase", 316 "libhidlbase", 317 "libhidltransport", 318 "libkeymaster_portable", 319 "libpuresoftkeymasterdevice", 320 "liblog", 321 "libutils", 322 "libkeymaster4support", 323 ], 324 325 export_include_dirs: ["ng/include"], 326} 327 328// libkeymasterfiles is an empty library that exports all of the files in keymaster as includes. 329cc_library_static { 330 name: "libkeymasterfiles", 331 export_include_dirs: [ 332 ".", 333 "include", 334 ], 335} 336