| // Copyright (C) 2014 The Android Open Source Project |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| // libkeymaster_messages contains just the code necessary to communicate with a |
| // AndroidKeymaster implementation, e.g. one running in TrustZone. |
| package { |
| default_applicable_licenses: ["system_keymaster_license"], |
| } |
| |
| // Added automatically by a large-scale-change that took the approach of |
| // 'apply every license found to every target'. While this makes sure we respect |
| // every license restriction, it may not be entirely correct. |
| // |
| // e.g. GPL in an MIT project might only apply to the contrib/ directory. |
| // |
| // Please consider splitting the single license below into multiple licenses, |
| // taking care not to lose any license_kind information, and overriding the |
| // default license using the 'licenses: [...]' property on targets as needed. |
| // |
| // For unused files, consider creating a 'fileGroup' with "//visibility:private" |
| // to attach the license to, and including a comment whether the files may be |
| // used in the current project. |
| // See: http://go/android-license-faq |
| license { |
| name: "system_keymaster_license", |
| visibility: [":__subpackages__"], |
| license_kinds: [ |
| "SPDX-license-identifier-Apache-2.0", |
| "SPDX-license-identifier-ISC", |
| "legacy_unencumbered", |
| ], |
| license_text: [ |
| "NOTICE", |
| ], |
| } |
| |
| cc_defaults { |
| name: "keymaster_defaults", |
| vendor_available: true, |
| cflags: [ |
| "-Wall", |
| "-Werror", |
| "-Wunused", |
| "-Wno-error=unused-const-variable", |
| "-Wno-error=unused-private-field", |
| "-Wimplicit-fallthrough", |
| // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released. |
| // Currently, if enabled, these flags will cause an internal error in Clang. |
| "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp", |
| ], |
| tidy: true, |
| tidy_checks: [ |
| "-performance-noexcept-move-constructor", |
| ], |
| sanitize: { |
| integer_overflow: false, |
| }, |
| } |
| |
| cc_library_shared { |
| name: "libkeymaster_messages", |
| srcs: [ |
| "android_keymaster/android_keymaster_messages.cpp", |
| "android_keymaster/android_keymaster_utils.cpp", |
| "android_keymaster/authorization_set.cpp", |
| "android_keymaster/keymaster_tags.cpp", |
| "android_keymaster/logger.cpp", |
| "android_keymaster/serializable.cpp", |
| ], |
| header_libs: ["libhardware_headers"], |
| defaults: ["keymaster_defaults"], |
| cflags: [ |
| "-DKEYMASTER_NAME_TAGS", |
| ], |
| export_include_dirs: ["include"], |
| host_supported: true, |
| target: { |
| host: { |
| cflags: [ |
| "-fno-rtti", // TODO(b/156427382): Remove workaround when possible. |
| ], |
| }, |
| }, |
| } |
| |
| // libkeymaster_portable contains almost everything needed for a keymaster |
| // implementation, lacking only a subclass of the (abstract) KeymasterContext |
| // class to provide environment-specific services and a wrapper to translate from |
| // the function-based keymaster HAL API to the message-based AndroidKeymaster API. |
| cc_library { |
| name: "libkeymaster_portable", |
| srcs: [ |
| "android_keymaster/android_keymaster.cpp", |
| "android_keymaster/android_keymaster_messages.cpp", |
| "android_keymaster/android_keymaster_utils.cpp", |
| "android_keymaster/authorization_set.cpp", |
| "android_keymaster/keymaster_enforcement.cpp", |
| "android_keymaster/keymaster_tags.cpp", |
| "android_keymaster/logger.cpp", |
| "android_keymaster/operation.cpp", |
| "android_keymaster/operation_table.cpp", |
| "android_keymaster/pure_soft_secure_key_storage.cpp", |
| "android_keymaster/remote_provisioning_utils.cpp", |
| "android_keymaster/serializable.cpp", |
| "key_blob_utils/auth_encrypted_key_blob.cpp", |
| "key_blob_utils/integrity_assured_key_blob.cpp", |
| "key_blob_utils/ocb.c", |
| "key_blob_utils/ocb_utils.cpp", |
| "key_blob_utils/software_keyblobs.cpp", |
| "km_openssl/aes_key.cpp", |
| "km_openssl/aes_operation.cpp", |
| "km_openssl/asymmetric_key.cpp", |
| "km_openssl/asymmetric_key_factory.cpp", |
| "km_openssl/attestation_record.cpp", |
| "km_openssl/attestation_utils.cpp", |
| "km_openssl/block_cipher_operation.cpp", |
| "km_openssl/certificate_utils.cpp", |
| "km_openssl/ckdf.cpp", |
| "km_openssl/curve25519_key.cpp", |
| "km_openssl/ec_key.cpp", |
| "km_openssl/ec_key_factory.cpp", |
| "km_openssl/ecdh_operation.cpp", |
| "km_openssl/ecdsa_operation.cpp", |
| "km_openssl/ecies_kem.cpp", |
| "km_openssl/hkdf.cpp", |
| "km_openssl/hmac.cpp", |
| "km_openssl/hmac_key.cpp", |
| "km_openssl/hmac_operation.cpp", |
| "km_openssl/iso18033kdf.cpp", |
| "km_openssl/kdf.cpp", |
| "km_openssl/nist_curve_key_exchange.cpp", |
| "km_openssl/openssl_err.cpp", |
| "km_openssl/openssl_utils.cpp", |
| "km_openssl/rsa_key.cpp", |
| "km_openssl/rsa_key_factory.cpp", |
| "km_openssl/rsa_operation.cpp", |
| "km_openssl/software_random_source.cpp", |
| "km_openssl/symmetric_key.cpp", |
| "km_openssl/triple_des_key.cpp", |
| "km_openssl/triple_des_operation.cpp", |
| "km_openssl/wrapped_key.cpp", |
| ], |
| |
| shared_libs: [ |
| "libcrypto", |
| "libcppbor_external", |
| "libcppcose_rkp", |
| ], |
| export_shared_lib_headers: ["libcppbor_external"], |
| header_libs: ["libhardware_headers"], |
| export_header_lib_headers: ["libhardware_headers"], |
| defaults: ["keymaster_defaults"], |
| host_supported: true, |
| export_include_dirs: ["include"], |
| target: { |
| host: { |
| cflags: [ |
| "-fno-rtti", // TODO(b/156427382): Remove workaround when possible. |
| ], |
| }, |
| }, |
| } |
| |
| // libsoftkeymaster provides a software-based keymaster HAL implementation. |
| // This is used by keystore as a fallback for when the hardware keymaster does |
| // not support the request. |
| cc_library { |
| name: "libsoftkeymasterdevice", |
| srcs: [ |
| "android_keymaster/keymaster_configuration.cpp", |
| "contexts/pure_soft_keymaster_context.cpp", |
| "contexts/pure_soft_remote_provisioning_context.cpp", |
| "contexts/soft_attestation_context.cpp", |
| "contexts/soft_keymaster_context.cpp", |
| "contexts/soft_keymaster_device.cpp", |
| "contexts/soft_keymaster_logger.cpp", |
| "km_openssl/soft_keymaster_enforcement.cpp", |
| "legacy_support/ec_keymaster1_key.cpp", |
| "legacy_support/ecdsa_keymaster1_operation.cpp", |
| "legacy_support/keymaster1_engine.cpp", |
| "legacy_support/keymaster1_legacy_support.cpp", |
| "legacy_support/rsa_keymaster1_key.cpp", |
| "legacy_support/rsa_keymaster1_operation.cpp", |
| ], |
| defaults: ["keymaster_defaults"], |
| shared_libs: [ |
| "libkeymaster_messages", |
| "libkeymaster_portable", |
| "libsoft_attestation_cert", |
| "liblog", |
| "libbase", |
| "libcppbor_external", |
| "libcppcose_rkp", |
| "libcrypto", |
| "libcutils", |
| ], |
| export_include_dirs: ["include"], |
| } |
| |
| cc_library { |
| name: "libsoft_attestation_cert", |
| srcs: [ |
| "contexts/soft_attestation_cert.cpp", |
| ], |
| defaults: ["keymaster_defaults"], |
| shared_libs: [ |
| "libkeymaster_portable", |
| ], |
| |
| host_supported: true, |
| export_include_dirs: ["include"], |
| } |
| |
| cc_library { |
| name: "libpuresoftkeymasterdevice", |
| srcs: [ |
| "android_keymaster/keymaster_configuration.cpp", |
| "contexts/soft_attestation_context.cpp", |
| "contexts/pure_soft_keymaster_context.cpp", |
| "contexts/pure_soft_remote_provisioning_context.cpp", |
| "contexts/soft_keymaster_logger.cpp", |
| "km_openssl/soft_keymaster_enforcement.cpp", |
| ], |
| defaults: ["keymaster_defaults"], |
| shared_libs: [ |
| "libkeymaster_messages", |
| "libkeymaster_portable", |
| "libsoft_attestation_cert", |
| "liblog", |
| "libcppbor_external", |
| "libcppcose_rkp", |
| "libcrypto", |
| "libcutils", |
| "libbase", |
| ], |
| export_include_dirs: ["include"], |
| } |
| |
| cc_library { |
| name: "libpuresoftkeymasterdevice_host", |
| srcs: [ |
| "contexts/pure_soft_keymaster_context.cpp", |
| "contexts/pure_soft_remote_provisioning_context.cpp", |
| "contexts/soft_attestation_context.cpp", |
| "contexts/soft_keymaster_logger.cpp", |
| "km_openssl/soft_keymaster_enforcement.cpp", |
| ], |
| defaults: ["keymaster_defaults"], |
| host_supported: true, |
| device_supported: false, |
| shared_libs: [ |
| "libkeymaster_messages", |
| "libkeymaster_portable", |
| "libsoft_attestation_cert", |
| "liblog", |
| "libcppbor_external", |
| "libcppcose_rkp", |
| "libcrypto", |
| "libcutils", |
| "libbase", |
| ], |
| cflags: [ |
| "-DKEYMASTER_NAME_TAGS", |
| "-fno-rtti", // TODO(b/156427382): Remove workaround when possible. |
| ], |
| export_include_dirs: ["include"], |
| } |
| |
| cc_library_shared { |
| name: "libkeymaster3device", |
| srcs: [ |
| "legacy_support/keymaster_passthrough_key.cpp", |
| "legacy_support/keymaster_passthrough_engine.cpp", |
| "legacy_support/keymaster_passthrough_operation.cpp", |
| "contexts/keymaster1_passthrough_context.cpp", |
| "contexts/keymaster2_passthrough_context.cpp", |
| "ng/AndroidKeymaster3Device.cpp", |
| "android_keymaster/keymaster_configuration.cpp", |
| "legacy_support/ec_keymaster1_key.cpp", |
| "legacy_support/ecdsa_keymaster1_operation.cpp", |
| "legacy_support/keymaster1_engine.cpp", |
| "legacy_support/keymaster1_legacy_support.cpp", |
| "legacy_support/rsa_keymaster1_key.cpp", |
| "legacy_support/rsa_keymaster1_operation.cpp", |
| ], |
| defaults: ["keymaster_defaults"], |
| shared_libs: [ |
| "libkeymaster_messages", |
| "android.hardware.keymaster@3.0", |
| "libcrypto", |
| "libcutils", |
| "libbase", |
| "libhidlbase", |
| "libkeymaster_portable", |
| "liblog", |
| "libpuresoftkeymasterdevice", |
| "libsoft_attestation_cert", |
| "libutils", |
| ], |
| export_include_dirs: [ |
| "include", |
| "ng/include", |
| ], |
| } |
| |
| cc_library { |
| name: "libkeymaster4", |
| srcs: [ |
| "legacy_support/keymaster_passthrough_key.cpp", |
| "legacy_support/keymaster_passthrough_engine.cpp", |
| "legacy_support/keymaster_passthrough_operation.cpp", |
| "ng/AndroidKeymaster4Device.cpp", |
| "android_keymaster/keymaster_configuration.cpp", |
| ], |
| defaults: ["keymaster_defaults"], |
| shared_libs: [ |
| "libkeymaster_messages", |
| "android.hardware.keymaster@4.0", |
| "libcrypto", |
| "libcutils", |
| "libbase", |
| "libhidlbase", |
| "libkeymaster_portable", |
| "libpuresoftkeymasterdevice", |
| "liblog", |
| "libutils", |
| "libkeymaster4support", |
| ], |
| export_include_dirs: [ |
| "ng/include", |
| "include", |
| ], |
| } |
| |
| cc_library_shared { |
| name: "libkeymaster41", |
| vendor_available: true, |
| srcs: [ |
| "ng/AndroidKeymaster41Device.cpp", |
| ], |
| defaults: ["keymaster_defaults"], |
| shared_libs: [ |
| "android.hardware.keymaster@4.0", |
| "android.hardware.keymaster@4.1", |
| "libbase", |
| "libcrypto", |
| "libcutils", |
| "libhidlbase", |
| "libkeymaster4", |
| "libkeymaster4_1support", |
| "libkeymaster4support", |
| "libkeymaster_messages", |
| "libkeymaster_portable", |
| "liblog", |
| "libpuresoftkeymasterdevice", |
| "libutils", |
| ], |
| export_include_dirs: ["ng/include"], |
| } |
| |
| cc_library { |
| name: "lib_android_keymaster_keymint_utils", |
| vendor_available: true, |
| srcs: [ |
| "ng/KeyMintUtils.cpp", |
| ], |
| defaults: [ |
| "keymaster_defaults", |
| "keymint_use_latest_hal_aidl_ndk_shared", |
| ], |
| shared_libs: [ |
| "libbase", |
| "libhardware", |
| ], |
| export_include_dirs: [ |
| "ng/include", |
| "include", |
| ], |
| } |
| |
| cc_library { |
| name: "libkeymint", |
| vendor_available: true, |
| srcs: [ |
| "android_keymaster/keymaster_configuration.cpp", |
| "legacy_support/keymaster_passthrough_engine.cpp", |
| "legacy_support/keymaster_passthrough_key.cpp", |
| "legacy_support/keymaster_passthrough_operation.cpp", |
| "ng/AndroidKeyMintDevice.cpp", |
| "ng/AndroidKeyMintOperation.cpp", |
| "ng/AndroidRemotelyProvisionedComponentDevice.cpp", |
| "ng/AndroidSharedSecret.cpp", |
| "ng/AndroidSecureClock.cpp", |
| ], |
| defaults: [ |
| "keymaster_defaults", |
| "keymint_use_latest_hal_aidl_ndk_shared", |
| ], |
| shared_libs: [ |
| "libhidlbase", |
| "android.hardware.security.rkp-V3-ndk", |
| "android.hardware.security.secureclock-V1-ndk", |
| "android.hardware.security.sharedsecret-V1-ndk", |
| "lib_android_keymaster_keymint_utils", |
| "libbase", |
| "libbinder_ndk", |
| "libcppbor_external", |
| "libcrypto", |
| "libcutils", |
| "libkeymaster_messages", |
| "libkeymaster_portable", |
| "liblog", |
| "libpuresoftkeymasterdevice", |
| "libutils", |
| ], |
| export_include_dirs: [ |
| "include", |
| "ng/include", |
| ], |
| } |
| |
| cc_library { |
| name: "libcppcose_rkp", |
| vendor_available: true, |
| host_supported: true, |
| srcs: [ |
| "cppcose/cppcose.cpp", |
| ], |
| export_include_dirs: [ |
| "include", |
| ], |
| shared_libs: [ |
| "libcppbor_external", |
| "libcrypto", |
| "liblog", |
| ], |
| } |
| |
| cc_defaults { |
| name: "keymaster_fuzz_defaults", |
| header_libs: ["libhardware_headers"], |
| shared_libs: [ |
| "libkeymaster_messages", |
| ], |
| // Not using defaults because the fuzzer relies on sanitizers that are explicitly disabled there. |
| cflags: [ |
| "-Wall", |
| "-Werror", |
| "-Wunused", |
| "-Wno-error=unused-const-variable", |
| "-Wno-error=unused-private-field", |
| "-Wimplicit-fallthrough", |
| "-DKEYMASTER_NAME_TAGS", |
| ], |
| host_supported: true, |
| target: { |
| host: { |
| cflags: [ |
| "-fno-rtti", // TODO(b/156427382): Remove when default library removes this |
| ], |
| }, |
| }, |
| } |
| |
| cc_fuzz { |
| name: "libkeymaster_fuzz_buffer", |
| defaults: ["keymaster_fuzz_defaults"], |
| srcs: [ |
| "tests/fuzzers/buffer_fuzz.cpp", |
| ], |
| } |
| |
| cc_fuzz { |
| name: "libkeymaster_fuzz_serializable", |
| defaults: ["keymaster_fuzz_defaults"], |
| srcs: [ |
| "tests/fuzzers/message_serializable_fuzz.cpp", |
| ], |
| } |
