// Copyright (C) 2014 The Android Open Source Project // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // libkeymaster_messages contains just the code necessary to communicate with a // AndroidKeymaster implementation, e.g. one running in TrustZone. cc_defaults { name: "keymaster_defaults", vendor_available: true, cflags: [ "-Wall", "-Werror", "-Wunused", ], clang: true, clang_cflags: [ "-Wno-error=unused-const-variable", "-Wno-error=unused-private-field", "-Wimplicit-fallthrough", // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released. // Currently, if enabled, these flags will cause an internal error in Clang. "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp" ], sanitize: { integer_overflow: false, }, } cc_library_shared { name: "libkeymaster_messages", srcs: [ "android_keymaster/android_keymaster_messages.cpp", "android_keymaster/android_keymaster_utils.cpp", "android_keymaster/authorization_set.cpp", "android_keymaster/keymaster_tags.cpp", "android_keymaster/logger.cpp", "android_keymaster/serializable.cpp", "android_keymaster/keymaster_stl.cpp", ], header_libs: ["libhardware_headers"], defaults: ["keymaster_defaults" ], clang_cflags: [ "-DKEYMASTER_NAME_TAGS", ], stl: "none", export_include_dirs: ["include"], host_supported: true, target: { host: { clang_cflags: [ "-fno-rtti", // TODO(b/156427382): Remove workaround when possible. ], }, }, } // libkeymaster_portable contains almost everything needed for a keymaster // implementation, lacking only a subclass of the (abstract) KeymasterContext // class to provide environment-specific services and a wrapper to translate from // the function-based keymaster HAL API to the message-based AndroidKeymaster API. cc_library { name: "libkeymaster_portable", srcs: [ "android_keymaster/android_keymaster.cpp", "android_keymaster/android_keymaster_messages.cpp", "android_keymaster/android_keymaster_utils.cpp", "android_keymaster/authorization_set.cpp", "android_keymaster/keymaster_enforcement.cpp", "android_keymaster/keymaster_stl.cpp", "android_keymaster/keymaster_tags.cpp", "android_keymaster/logger.cpp", "android_keymaster/operation.cpp", "android_keymaster/operation_table.cpp", "android_keymaster/serializable.cpp", "key_blob_utils/auth_encrypted_key_blob.cpp", "key_blob_utils/integrity_assured_key_blob.cpp", "key_blob_utils/ocb.c", "key_blob_utils/ocb_utils.cpp", "key_blob_utils/software_keyblobs.cpp", "km_openssl/aes_key.cpp", "km_openssl/aes_operation.cpp", "km_openssl/asymmetric_key.cpp", "km_openssl/asymmetric_key_factory.cpp", "km_openssl/attestation_record.cpp", "km_openssl/attestation_utils.cpp", "km_openssl/block_cipher_operation.cpp", "km_openssl/certificate_utils.cpp", "km_openssl/ckdf.cpp", "km_openssl/ec_key.cpp", "km_openssl/ec_key_factory.cpp", "km_openssl/ecdsa_operation.cpp", "km_openssl/ecies_kem.cpp", "km_openssl/hkdf.cpp", "km_openssl/hmac.cpp", "km_openssl/hmac_key.cpp", "km_openssl/hmac_operation.cpp", "km_openssl/iso18033kdf.cpp", "km_openssl/kdf.cpp", "km_openssl/nist_curve_key_exchange.cpp", "km_openssl/openssl_err.cpp", "km_openssl/openssl_utils.cpp", "km_openssl/rsa_key.cpp", "km_openssl/rsa_key_factory.cpp", "km_openssl/rsa_operation.cpp", "km_openssl/software_random_source.cpp", "km_openssl/symmetric_key.cpp", "km_openssl/triple_des_key.cpp", "km_openssl/triple_des_operation.cpp", "km_openssl/wrapped_key.cpp", ], shared_libs: [ "libcrypto", ], header_libs: ["libhardware_headers"], export_header_lib_headers: ["libhardware_headers"], defaults: ["keymaster_defaults" ], cflags: [ "-DBORINGSSL_NO_CXX", ], // NOTE: libkeymaster_portable must run unchanged in the trusty runtime environment. // Therefore, it must not link against any c++ stl library. keymaster_stl.cpp // weakly defines the subset of stl symbols required for this library to work // and which are also available in the trusty context. stl: "none", host_supported: true, export_include_dirs: ["include"], target: { host: { clang_cflags: [ "-fno-rtti", // TODO(b/156427382): Remove workaround when possible. ], }, }, } // libsoftkeymaster provides a software-based keymaster HAL implementation. // This is used by keystore as a fallback for when the hardware keymaster does // not support the request. cc_library { name: "libsoftkeymasterdevice", srcs: [ "android_keymaster/keymaster_configuration.cpp", "legacy_support/ec_keymaster0_key.cpp", "legacy_support/ec_keymaster1_key.cpp", "legacy_support/ecdsa_keymaster1_operation.cpp", "legacy_support/keymaster0_engine.cpp", "legacy_support/keymaster1_engine.cpp", "legacy_support/rsa_keymaster0_key.cpp", "legacy_support/rsa_keymaster1_key.cpp", "legacy_support/rsa_keymaster1_operation.cpp", "legacy_support/keymaster1_legacy_support.cpp", "contexts/soft_keymaster_context.cpp", "contexts/pure_soft_keymaster_context.cpp", "contexts/soft_keymaster_device.cpp", "km_openssl/soft_keymaster_enforcement.cpp", "contexts/soft_keymaster_logger.cpp", ], defaults: ["keymaster_defaults"], shared_libs: [ "libkeymaster_messages", "libkeymaster_portable", "libsoft_attestation_cert", "liblog", "libbase", "libcrypto", "libcutils", ], export_include_dirs: ["include"], } cc_library { name: "libsoft_attestation_cert", srcs: [ "contexts/soft_attestation_cert.cpp", ], defaults: ["keymaster_defaults"], shared_libs: [ "libkeymaster_portable", ], host_supported: true, export_include_dirs: ["include"], } cc_library { name: "libpuresoftkeymasterdevice", srcs: [ "android_keymaster/keymaster_configuration.cpp", "contexts/pure_soft_keymaster_context.cpp", "contexts/soft_keymaster_logger.cpp", "km_openssl/soft_keymaster_enforcement.cpp", ], defaults: ["keymaster_defaults"], shared_libs: [ "libkeymaster_messages", "libkeymaster_portable", "libsoft_attestation_cert", "liblog", "libcrypto", "libcutils", "libbase", ], export_include_dirs: ["include"], } cc_library { name: "libpuresoftkeymasterdevice_host", srcs: [ "contexts/pure_soft_keymaster_context.cpp", "contexts/soft_keymaster_logger.cpp", "km_openssl/soft_keymaster_enforcement.cpp", ], defaults: ["keymaster_defaults"], host_supported: true, device_supported: false, shared_libs: [ "libkeymaster_messages", "libkeymaster_portable", "libsoft_attestation_cert", "liblog", "libcrypto", "libcutils", "libbase", ], clang_cflags: [ "-DKEYMASTER_NAME_TAGS", "-fno-rtti", // TODO(b/156427382): Remove workaround when possible. ], export_include_dirs: ["include"], } cc_library_shared { name: "libkeymaster3device", srcs: [ "legacy_support/keymaster_passthrough_key.cpp", "legacy_support/keymaster_passthrough_engine.cpp", "legacy_support/keymaster_passthrough_operation.cpp", "contexts/keymaster1_passthrough_context.cpp", "contexts/keymaster2_passthrough_context.cpp", "ng/AndroidKeymaster3Device.cpp", "android_keymaster/keymaster_configuration.cpp", "legacy_support/ec_keymaster0_key.cpp", "legacy_support/ec_keymaster1_key.cpp", "legacy_support/ecdsa_keymaster1_operation.cpp", "legacy_support/keymaster0_engine.cpp", "legacy_support/keymaster1_engine.cpp", "legacy_support/keymaster1_legacy_support.cpp", "legacy_support/rsa_keymaster0_key.cpp", "legacy_support/rsa_keymaster1_key.cpp", "legacy_support/rsa_keymaster1_operation.cpp", ], defaults: ["keymaster_defaults"], shared_libs: [ "libkeymaster_messages", "android.hardware.keymaster@3.0", "libcrypto", "libcutils", "libbase", "libhidlbase", "libkeymaster_portable", "liblog", "libpuresoftkeymasterdevice", "libsoft_attestation_cert", "libutils", ], export_include_dirs: ["include", "ng/include"], } cc_library_shared { name: "libkeymaster4", srcs: [ "legacy_support/keymaster_passthrough_key.cpp", "legacy_support/keymaster_passthrough_engine.cpp", "legacy_support/keymaster_passthrough_operation.cpp", "ng/AndroidKeymaster4Device.cpp", "android_keymaster/keymaster_configuration.cpp", ], defaults: ["keymaster_defaults"], shared_libs: [ "libkeymaster_messages", "android.hardware.keymaster@4.0", "libcrypto", "libcutils", "libbase", "libhidlbase", "libkeymaster_portable", "libpuresoftkeymasterdevice", "liblog", "libutils", "libkeymaster4support", ], export_include_dirs: ["ng/include"], } cc_library_shared { name: "libkeymaster41", vendor_available: true, srcs: [ "ng/AndroidKeymaster41Device.cpp", ], defaults: ["keymaster_defaults"], shared_libs: [ "android.hardware.keymaster@4.0", "android.hardware.keymaster@4.1", "libbase", "libcrypto", "libcutils", "libhidlbase", "libkeymaster4", "libkeymaster4_1support", "libkeymaster4support", "libkeymaster_messages", "libkeymaster_portable", "liblog", "libpuresoftkeymasterdevice", "libutils", ], export_include_dirs: ["ng/include"], } // libkeymasterfiles is an empty library that exports all of the files in keymaster as includes. cc_library_static { name: "libkeymasterfiles", export_include_dirs: [ ".", "include", ], } cc_defaults { name: "keymaster_fuzz_defaults", header_libs: ["libhardware_headers"], shared_libs: [ "libkeymaster_messages", ], // Not using defaults because the fuzzer relies on sanitizers that are explicitly disabled there. cflags: [ "-Wall", "-Werror", "-Wunused", "-Wno-error=unused-const-variable", "-Wno-error=unused-private-field", "-Wimplicit-fallthrough", "-DKEYMASTER_NAME_TAGS", ], host_supported: true, target: { host: { clang_cflags: [ "-fno-rtti", // TODO(b/156427382): Remove when default library removes this ], }, }, } cc_fuzz { name: "libkeymaster_fuzz_buffer", defaults: ["keymaster_fuzz_defaults"], srcs: [ "tests/fuzzers/buffer_fuzz.cpp", ], } cc_fuzz { name: "libkeymaster_fuzz_serializable", defaults: ["keymaster_fuzz_defaults"], srcs: [ "tests/fuzzers/message_serializable_fuzz.cpp", ], }