1// Copyright (C) 2014 The Android Open Source Project 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15// libkeymaster_messages contains just the code necessary to communicate with a 16// AndroidKeymaster implementation, e.g. one running in TrustZone. 17package { 18 default_applicable_licenses: ["system_keymaster_license"], 19} 20 21// Added automatically by a large-scale-change that took the approach of 22// 'apply every license found to every target'. While this makes sure we respect 23// every license restriction, it may not be entirely correct. 24// 25// e.g. GPL in an MIT project might only apply to the contrib/ directory. 26// 27// Please consider splitting the single license below into multiple licenses, 28// taking care not to lose any license_kind information, and overriding the 29// default license using the 'licenses: [...]' property on targets as needed. 30// 31// For unused files, consider creating a 'fileGroup' with "//visibility:private" 32// to attach the license to, and including a comment whether the files may be 33// used in the current project. 34// See: http://go/android-license-faq 35license { 36 name: "system_keymaster_license", 37 visibility: [":__subpackages__"], 38 license_kinds: [ 39 "SPDX-license-identifier-Apache-2.0", 40 "SPDX-license-identifier-ISC", 41 "legacy_unencumbered", 42 ], 43 license_text: [ 44 "NOTICE", 45 ], 46} 47 48cc_defaults { 49 name: "keymaster_defaults", 50 vendor_available: true, 51 cflags: [ 52 "-Wall", 53 "-Werror", 54 "-Wunused", 55 ], 56 clang: true, 57 clang_cflags: [ 58 "-Wno-error=unused-const-variable", 59 "-Wno-error=unused-private-field", 60 "-Wimplicit-fallthrough", 61 // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released. 62 // Currently, if enabled, these flags will cause an internal error in Clang. 63 "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp" 64 ], 65 tidy: true, 66 tidy_checks: [ 67 "-performance-noexcept-move-constructor", 68 ], 69 sanitize: { 70 integer_overflow: false, 71 }, 72} 73 74cc_library_shared { 75 name: "libkeymaster_messages", 76 srcs: [ 77 "android_keymaster/android_keymaster_messages.cpp", 78 "android_keymaster/android_keymaster_utils.cpp", 79 "android_keymaster/authorization_set.cpp", 80 "android_keymaster/keymaster_tags.cpp", 81 "android_keymaster/logger.cpp", 82 "android_keymaster/serializable.cpp", 83 ], 84 header_libs: ["libhardware_headers"], 85 defaults: ["keymaster_defaults" ], 86 clang_cflags: [ 87 "-DKEYMASTER_NAME_TAGS", 88 ], 89 export_include_dirs: ["include"], 90 host_supported: true, 91 target: { 92 host: { 93 clang_cflags: [ 94 "-fno-rtti", // TODO(b/156427382): Remove workaround when possible. 95 ], 96 }, 97 }, 98} 99 100// libkeymaster_portable contains almost everything needed for a keymaster 101// implementation, lacking only a subclass of the (abstract) KeymasterContext 102// class to provide environment-specific services and a wrapper to translate from 103// the function-based keymaster HAL API to the message-based AndroidKeymaster API. 104cc_library { 105 name: "libkeymaster_portable", 106 srcs: [ 107 "android_keymaster/android_keymaster.cpp", 108 "android_keymaster/android_keymaster_messages.cpp", 109 "android_keymaster/android_keymaster_utils.cpp", 110 "android_keymaster/authorization_set.cpp", 111 "android_keymaster/keymaster_enforcement.cpp", 112 "android_keymaster/keymaster_tags.cpp", 113 "android_keymaster/logger.cpp", 114 "android_keymaster/operation.cpp", 115 "android_keymaster/operation_table.cpp", 116 "android_keymaster/pure_soft_secure_key_storage.cpp", 117 "android_keymaster/remote_provisioning_utils.cpp", 118 "android_keymaster/serializable.cpp", 119 "key_blob_utils/auth_encrypted_key_blob.cpp", 120 "key_blob_utils/integrity_assured_key_blob.cpp", 121 "key_blob_utils/ocb.c", 122 "key_blob_utils/ocb_utils.cpp", 123 "key_blob_utils/software_keyblobs.cpp", 124 "km_openssl/aes_key.cpp", 125 "km_openssl/aes_operation.cpp", 126 "km_openssl/asymmetric_key.cpp", 127 "km_openssl/asymmetric_key_factory.cpp", 128 "km_openssl/attestation_record.cpp", 129 "km_openssl/attestation_utils.cpp", 130 "km_openssl/block_cipher_operation.cpp", 131 "km_openssl/certificate_utils.cpp", 132 "km_openssl/ckdf.cpp", 133 "km_openssl/curve25519_key.cpp", 134 "km_openssl/ec_key.cpp", 135 "km_openssl/ec_key_factory.cpp", 136 "km_openssl/ecdh_operation.cpp", 137 "km_openssl/ecdsa_operation.cpp", 138 "km_openssl/ecies_kem.cpp", 139 "km_openssl/hkdf.cpp", 140 "km_openssl/hmac.cpp", 141 "km_openssl/hmac_key.cpp", 142 "km_openssl/hmac_operation.cpp", 143 "km_openssl/iso18033kdf.cpp", 144 "km_openssl/kdf.cpp", 145 "km_openssl/nist_curve_key_exchange.cpp", 146 "km_openssl/openssl_err.cpp", 147 "km_openssl/openssl_utils.cpp", 148 "km_openssl/rsa_key.cpp", 149 "km_openssl/rsa_key_factory.cpp", 150 "km_openssl/rsa_operation.cpp", 151 "km_openssl/software_random_source.cpp", 152 "km_openssl/symmetric_key.cpp", 153 "km_openssl/triple_des_key.cpp", 154 "km_openssl/triple_des_operation.cpp", 155 "km_openssl/wrapped_key.cpp", 156 ], 157 158 shared_libs: [ 159 "libcrypto", 160 "libcppbor_external", 161 "libcppcose_rkp", 162 ], 163 export_shared_lib_headers: ["libcppbor_external"], 164 header_libs: ["libhardware_headers"], 165 export_header_lib_headers: ["libhardware_headers"], 166 defaults: ["keymaster_defaults" ], 167 host_supported: true, 168 export_include_dirs: ["include"], 169 target: { 170 host: { 171 clang_cflags: [ 172 "-fno-rtti", // TODO(b/156427382): Remove workaround when possible. 173 ], 174 }, 175 }, 176} 177 178// libsoftkeymaster provides a software-based keymaster HAL implementation. 179// This is used by keystore as a fallback for when the hardware keymaster does 180// not support the request. 181cc_library { 182 name: "libsoftkeymasterdevice", 183 srcs: [ 184 "android_keymaster/keymaster_configuration.cpp", 185 "contexts/pure_soft_keymaster_context.cpp", 186 "contexts/pure_soft_remote_provisioning_context.cpp", 187 "contexts/soft_attestation_context.cpp", 188 "contexts/soft_keymaster_context.cpp", 189 "contexts/soft_keymaster_device.cpp", 190 "contexts/soft_keymaster_logger.cpp", 191 "km_openssl/soft_keymaster_enforcement.cpp", 192 "legacy_support/ec_keymaster1_key.cpp", 193 "legacy_support/ecdsa_keymaster1_operation.cpp", 194 "legacy_support/keymaster1_engine.cpp", 195 "legacy_support/keymaster1_legacy_support.cpp", 196 "legacy_support/rsa_keymaster1_key.cpp", 197 "legacy_support/rsa_keymaster1_operation.cpp", 198 ], 199 defaults: ["keymaster_defaults"], 200 shared_libs: [ 201 "libkeymaster_messages", 202 "libkeymaster_portable", 203 "libsoft_attestation_cert", 204 "liblog", 205 "libbase", 206 "libcppbor_external", 207 "libcppcose_rkp", 208 "libcrypto", 209 "libcutils", 210 ], 211 export_include_dirs: ["include"], 212} 213 214cc_library { 215 name: "libsoft_attestation_cert", 216 srcs: [ 217 "contexts/soft_attestation_cert.cpp", 218 ], 219 defaults: ["keymaster_defaults"], 220 shared_libs: [ 221 "libkeymaster_portable", 222 ], 223 224 host_supported: true, 225 export_include_dirs: ["include"], 226} 227 228cc_library { 229 name: "libpuresoftkeymasterdevice", 230 srcs: [ 231 "android_keymaster/keymaster_configuration.cpp", 232 "contexts/soft_attestation_context.cpp", 233 "contexts/pure_soft_keymaster_context.cpp", 234 "contexts/pure_soft_remote_provisioning_context.cpp", 235 "contexts/soft_keymaster_logger.cpp", 236 "km_openssl/soft_keymaster_enforcement.cpp", 237 ], 238 defaults: ["keymaster_defaults"], 239 shared_libs: [ 240 "libkeymaster_messages", 241 "libkeymaster_portable", 242 "libsoft_attestation_cert", 243 "liblog", 244 "libcppbor_external", 245 "libcppcose_rkp", 246 "libcrypto", 247 "libcutils", 248 "libbase", 249 ], 250 export_include_dirs: ["include"], 251} 252 253cc_library { 254 name: "libpuresoftkeymasterdevice_host", 255 srcs: [ 256 "contexts/pure_soft_keymaster_context.cpp", 257 "contexts/pure_soft_remote_provisioning_context.cpp", 258 "contexts/soft_attestation_context.cpp", 259 "contexts/soft_keymaster_logger.cpp", 260 "km_openssl/soft_keymaster_enforcement.cpp", 261 ], 262 defaults: ["keymaster_defaults"], 263 host_supported: true, 264 device_supported: false, 265 shared_libs: [ 266 "libkeymaster_messages", 267 "libkeymaster_portable", 268 "libsoft_attestation_cert", 269 "liblog", 270 "libcppbor_external", 271 "libcppcose_rkp", 272 "libcrypto", 273 "libcutils", 274 "libbase", 275 ], 276 clang_cflags: [ 277 "-DKEYMASTER_NAME_TAGS", 278 "-fno-rtti", // TODO(b/156427382): Remove workaround when possible. 279 ], 280 export_include_dirs: ["include"], 281} 282 283cc_library_shared { 284 name: "libkeymaster3device", 285 srcs: [ 286 "legacy_support/keymaster_passthrough_key.cpp", 287 "legacy_support/keymaster_passthrough_engine.cpp", 288 "legacy_support/keymaster_passthrough_operation.cpp", 289 "contexts/keymaster1_passthrough_context.cpp", 290 "contexts/keymaster2_passthrough_context.cpp", 291 "ng/AndroidKeymaster3Device.cpp", 292 "android_keymaster/keymaster_configuration.cpp", 293 "legacy_support/ec_keymaster1_key.cpp", 294 "legacy_support/ecdsa_keymaster1_operation.cpp", 295 "legacy_support/keymaster1_engine.cpp", 296 "legacy_support/keymaster1_legacy_support.cpp", 297 "legacy_support/rsa_keymaster1_key.cpp", 298 "legacy_support/rsa_keymaster1_operation.cpp", 299 ], 300 defaults: ["keymaster_defaults"], 301 shared_libs: [ 302 "libkeymaster_messages", 303 "android.hardware.keymaster@3.0", 304 "libcrypto", 305 "libcutils", 306 "libbase", 307 "libhidlbase", 308 "libkeymaster_portable", 309 "liblog", 310 "libpuresoftkeymasterdevice", 311 "libsoft_attestation_cert", 312 "libutils", 313 ], 314 export_include_dirs: ["include", "ng/include"], 315} 316 317cc_library_shared { 318 name: "libkeymaster4", 319 srcs: [ 320 "legacy_support/keymaster_passthrough_key.cpp", 321 "legacy_support/keymaster_passthrough_engine.cpp", 322 "legacy_support/keymaster_passthrough_operation.cpp", 323 "ng/AndroidKeymaster4Device.cpp", 324 "android_keymaster/keymaster_configuration.cpp", 325 ], 326 defaults: ["keymaster_defaults"], 327 shared_libs: [ 328 "libkeymaster_messages", 329 "android.hardware.keymaster@4.0", 330 "libcrypto", 331 "libcutils", 332 "libbase", 333 "libhidlbase", 334 "libkeymaster_portable", 335 "libpuresoftkeymasterdevice", 336 "liblog", 337 "libutils", 338 "libkeymaster4support", 339 ], 340 export_include_dirs: [ 341 "ng/include", 342 "include" 343 ], 344} 345 346cc_library_shared { 347 name: "libkeymaster41", 348 vendor_available: true, 349 srcs: [ 350 "ng/AndroidKeymaster41Device.cpp", 351 ], 352 defaults: ["keymaster_defaults"], 353 shared_libs: [ 354 "android.hardware.keymaster@4.0", 355 "android.hardware.keymaster@4.1", 356 "libbase", 357 "libcrypto", 358 "libcutils", 359 "libhidlbase", 360 "libkeymaster4", 361 "libkeymaster4_1support", 362 "libkeymaster4support", 363 "libkeymaster_messages", 364 "libkeymaster_portable", 365 "liblog", 366 "libpuresoftkeymasterdevice", 367 "libutils", 368 ], 369 export_include_dirs: ["ng/include"], 370} 371 372cc_library { 373 name: "lib_android_keymaster_keymint_utils", 374 vendor_available: true, 375 srcs: [ 376 "ng/KeyMintUtils.cpp", 377 ], 378 defaults: [ 379 "keymaster_defaults", 380 "keymint_use_latest_hal_aidl_ndk_shared", 381 ], 382 shared_libs: [ 383 "libbase", 384 "libhardware", 385 ], 386 export_include_dirs: [ 387 "ng/include", 388 "include", 389 ], 390} 391 392cc_library { 393 name: "libkeymint", 394 vendor_available: true, 395 srcs: [ 396 "android_keymaster/keymaster_configuration.cpp", 397 "legacy_support/keymaster_passthrough_engine.cpp", 398 "legacy_support/keymaster_passthrough_key.cpp", 399 "legacy_support/keymaster_passthrough_operation.cpp", 400 "ng/AndroidKeyMintDevice.cpp", 401 "ng/AndroidKeyMintOperation.cpp", 402 "ng/AndroidRemotelyProvisionedComponentDevice.cpp", 403 "ng/AndroidSharedSecret.cpp", 404 "ng/AndroidSecureClock.cpp", 405 ], 406 defaults: [ 407 "keymaster_defaults", 408 "keymint_use_latest_hal_aidl_ndk_shared", 409 ], 410 shared_libs: [ 411 "libhidlbase", 412 "android.hardware.security.secureclock-V1-ndk", 413 "android.hardware.security.sharedsecret-V1-ndk", 414 "lib_android_keymaster_keymint_utils", 415 "libbase", 416 "libbinder_ndk", 417 "libcppbor_external", 418 "libcrypto", 419 "libcutils", 420 "libkeymaster_messages", 421 "libkeymaster_portable", 422 "liblog", 423 "libpuresoftkeymasterdevice", 424 "libutils", 425 ], 426 export_include_dirs: ["include", "ng/include"], 427} 428 429cc_library { 430 name: "libcppcose_rkp", 431 vendor_available: true, 432 host_supported: true, 433 srcs: [ 434 "cppcose/cppcose.cpp", 435 ], 436 export_include_dirs: [ 437 "include", 438 ], 439 shared_libs: [ 440 "libcppbor_external", 441 "libcrypto", 442 "liblog", 443 ], 444} 445 446cc_defaults { 447 name: "keymaster_fuzz_defaults", 448 header_libs: ["libhardware_headers"], 449 shared_libs: [ 450 "libkeymaster_messages", 451 ], 452 // Not using defaults because the fuzzer relies on sanitizers that are explicitly disabled there. 453 cflags: [ 454 "-Wall", 455 "-Werror", 456 "-Wunused", 457 "-Wno-error=unused-const-variable", 458 "-Wno-error=unused-private-field", 459 "-Wimplicit-fallthrough", 460 "-DKEYMASTER_NAME_TAGS", 461 ], 462 host_supported: true, 463 target: { 464 host: { 465 clang_cflags: [ 466 "-fno-rtti", // TODO(b/156427382): Remove when default library removes this 467 ], 468 }, 469 }, 470} 471 472cc_fuzz { 473 name: "libkeymaster_fuzz_buffer", 474 defaults: ["keymaster_fuzz_defaults"], 475 srcs: [ 476 "tests/fuzzers/buffer_fuzz.cpp", 477 ], 478} 479 480cc_fuzz { 481 name: "libkeymaster_fuzz_serializable", 482 defaults: ["keymaster_fuzz_defaults"], 483 srcs: [ 484 "tests/fuzzers/message_serializable_fuzz.cpp", 485 ], 486} 487