1// Copyright (C) 2014 The Android Open Source Project 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15// libkeymaster_messages contains just the code necessary to communicate with a 16// AndroidKeymaster implementation, e.g. one running in TrustZone. 17package { 18 default_team: "trendy_team_android_hardware_backed_security", 19 default_applicable_licenses: ["system_keymaster_license"], 20} 21 22// Added automatically by a large-scale-change that took the approach of 23// 'apply every license found to every target'. While this makes sure we respect 24// every license restriction, it may not be entirely correct. 25// 26// e.g. GPL in an MIT project might only apply to the contrib/ directory. 27// 28// Please consider splitting the single license below into multiple licenses, 29// taking care not to lose any license_kind information, and overriding the 30// default license using the 'licenses: [...]' property on targets as needed. 31// 32// For unused files, consider creating a 'fileGroup' with "//visibility:private" 33// to attach the license to, and including a comment whether the files may be 34// used in the current project. 35// See: http://go/android-license-faq 36license { 37 name: "system_keymaster_license", 38 visibility: [":__subpackages__"], 39 license_kinds: [ 40 "SPDX-license-identifier-Apache-2.0", 41 "SPDX-license-identifier-ISC", 42 "legacy_unencumbered", 43 ], 44 license_text: [ 45 "NOTICE", 46 ], 47} 48 49cc_defaults { 50 name: "keymaster_defaults", 51 vendor_available: true, 52 cflags: [ 53 "-Wall", 54 "-Werror", 55 "-Wunused", 56 "-Wno-error=unused-const-variable", 57 "-Wno-error=unused-private-field", 58 "-Wimplicit-fallthrough", 59 // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released. 60 // Currently, if enabled, these flags will cause an internal error in Clang. 61 "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp", 62 ], 63 tidy: true, 64 tidy_checks: [ 65 "-performance-noexcept-move-constructor", 66 ], 67 sanitize: { 68 integer_overflow: false, 69 }, 70 target: { 71 windows: { 72 enabled: true, 73 }, 74 }, 75} 76 77cc_library_shared { 78 name: "libkeymaster_messages", 79 srcs: [ 80 "android_keymaster/android_keymaster_messages.cpp", 81 "android_keymaster/android_keymaster_utils.cpp", 82 "android_keymaster/authorization_set.cpp", 83 "android_keymaster/keymaster_tags.cpp", 84 "android_keymaster/logger.cpp", 85 "android_keymaster/serializable.cpp", 86 ], 87 header_libs: ["libhardware_headers"], 88 defaults: ["keymaster_defaults"], 89 cflags: [ 90 "-DKEYMASTER_NAME_TAGS", 91 ], 92 export_include_dirs: ["include"], 93 host_supported: true, 94 target: { 95 host: { 96 cflags: [ 97 "-fno-rtti", // TODO(b/156427382): Remove workaround when possible. 98 ], 99 }, 100 }, 101} 102 103// libkeymaster_portable contains almost everything needed for a keymaster 104// implementation, lacking only a subclass of the (abstract) KeymasterContext 105// class to provide environment-specific services and a wrapper to translate from 106// the function-based keymaster HAL API to the message-based AndroidKeymaster API. 107cc_library { 108 name: "libkeymaster_portable", 109 srcs: [ 110 "android_keymaster/android_keymaster.cpp", 111 "android_keymaster/android_keymaster_messages.cpp", 112 "android_keymaster/android_keymaster_utils.cpp", 113 "android_keymaster/authorization_set.cpp", 114 "android_keymaster/keymaster_enforcement.cpp", 115 "android_keymaster/keymaster_tags.cpp", 116 "android_keymaster/logger.cpp", 117 "android_keymaster/operation.cpp", 118 "android_keymaster/operation_table.cpp", 119 "android_keymaster/pure_soft_secure_key_storage.cpp", 120 "android_keymaster/remote_provisioning_utils.cpp", 121 "android_keymaster/serializable.cpp", 122 "key_blob_utils/auth_encrypted_key_blob.cpp", 123 "key_blob_utils/integrity_assured_key_blob.cpp", 124 "key_blob_utils/ocb.c", 125 "key_blob_utils/ocb_utils.cpp", 126 "key_blob_utils/software_keyblobs.cpp", 127 "km_openssl/aes_key.cpp", 128 "km_openssl/aes_operation.cpp", 129 "km_openssl/asymmetric_key.cpp", 130 "km_openssl/asymmetric_key_factory.cpp", 131 "km_openssl/attestation_record.cpp", 132 "km_openssl/attestation_utils.cpp", 133 "km_openssl/block_cipher_operation.cpp", 134 "km_openssl/certificate_utils.cpp", 135 "km_openssl/ckdf.cpp", 136 "km_openssl/curve25519_key.cpp", 137 "km_openssl/ec_key.cpp", 138 "km_openssl/ec_key_factory.cpp", 139 "km_openssl/ecdh_operation.cpp", 140 "km_openssl/ecdsa_operation.cpp", 141 "km_openssl/ecies_kem.cpp", 142 "km_openssl/hkdf.cpp", 143 "km_openssl/hmac.cpp", 144 "km_openssl/hmac_key.cpp", 145 "km_openssl/hmac_operation.cpp", 146 "km_openssl/iso18033kdf.cpp", 147 "km_openssl/kdf.cpp", 148 "km_openssl/nist_curve_key_exchange.cpp", 149 "km_openssl/openssl_err.cpp", 150 "km_openssl/openssl_utils.cpp", 151 "km_openssl/rsa_key.cpp", 152 "km_openssl/rsa_key_factory.cpp", 153 "km_openssl/rsa_operation.cpp", 154 "km_openssl/software_random_source.cpp", 155 "km_openssl/symmetric_key.cpp", 156 "km_openssl/triple_des_key.cpp", 157 "km_openssl/triple_des_operation.cpp", 158 "km_openssl/wrapped_key.cpp", 159 ], 160 161 shared_libs: [ 162 "libcrypto", 163 "libcppbor", 164 "libcppcose_rkp", 165 ], 166 export_shared_lib_headers: ["libcppbor"], 167 header_libs: ["libhardware_headers"], 168 export_header_lib_headers: ["libhardware_headers"], 169 defaults: ["keymaster_defaults"], 170 host_supported: true, 171 export_include_dirs: ["include"], 172 target: { 173 host: { 174 cflags: [ 175 "-fno-rtti", // TODO(b/156427382): Remove workaround when possible. 176 ], 177 }, 178 }, 179} 180 181// libsoftkeymaster provides a software-based keymaster HAL implementation. 182// This is used by keystore as a fallback for when the hardware keymaster does 183// not support the request. 184cc_library { 185 name: "libsoftkeymasterdevice", 186 srcs: [ 187 "android_keymaster/keymaster_configuration.cpp", 188 "contexts/pure_soft_keymaster_context.cpp", 189 "contexts/pure_soft_remote_provisioning_context.cpp", 190 "contexts/soft_attestation_context.cpp", 191 "contexts/soft_keymaster_context.cpp", 192 "contexts/soft_keymaster_device.cpp", 193 "contexts/soft_keymaster_logger.cpp", 194 "km_openssl/soft_keymaster_enforcement.cpp", 195 "legacy_support/ec_keymaster1_key.cpp", 196 "legacy_support/ecdsa_keymaster1_operation.cpp", 197 "legacy_support/keymaster1_engine.cpp", 198 "legacy_support/keymaster1_legacy_support.cpp", 199 "legacy_support/rsa_keymaster1_key.cpp", 200 "legacy_support/rsa_keymaster1_operation.cpp", 201 ], 202 defaults: ["keymaster_defaults"], 203 shared_libs: [ 204 "libkeymaster_messages", 205 "libkeymaster_portable", 206 "libsoft_attestation_cert", 207 "liblog", 208 "libbase", 209 "libcppbor", 210 "libcppcose_rkp", 211 "libcrypto", 212 "libcutils", 213 ], 214 export_include_dirs: ["include"], 215} 216 217cc_library { 218 name: "libsoft_attestation_cert", 219 srcs: [ 220 "contexts/soft_attestation_cert.cpp", 221 ], 222 defaults: ["keymaster_defaults"], 223 shared_libs: [ 224 "libkeymaster_portable", 225 ], 226 227 host_supported: true, 228 export_include_dirs: ["include"], 229} 230 231cc_library { 232 name: "libpuresoftkeymasterdevice", 233 srcs: [ 234 "android_keymaster/keymaster_configuration.cpp", 235 "contexts/soft_attestation_context.cpp", 236 "contexts/pure_soft_keymaster_context.cpp", 237 "contexts/pure_soft_remote_provisioning_context.cpp", 238 "contexts/soft_keymaster_logger.cpp", 239 "km_openssl/soft_keymaster_enforcement.cpp", 240 ], 241 defaults: ["keymaster_defaults"], 242 shared_libs: [ 243 "libkeymaster_messages", 244 "libkeymaster_portable", 245 "libsoft_attestation_cert", 246 "liblog", 247 "libcppbor", 248 "libcppcose_rkp", 249 "libcrypto", 250 "libcutils", 251 "libbase", 252 ], 253 export_include_dirs: ["include"], 254} 255 256cc_library { 257 name: "libpuresoftkeymasterdevice_host", 258 srcs: [ 259 "contexts/pure_soft_keymaster_context.cpp", 260 "contexts/pure_soft_remote_provisioning_context.cpp", 261 "contexts/soft_attestation_context.cpp", 262 "contexts/soft_keymaster_logger.cpp", 263 "km_openssl/soft_keymaster_enforcement.cpp", 264 ], 265 defaults: ["keymaster_defaults"], 266 host_supported: true, 267 device_supported: false, 268 shared_libs: [ 269 "libkeymaster_messages", 270 "libkeymaster_portable", 271 "libsoft_attestation_cert", 272 "liblog", 273 "libcppbor", 274 "libcppcose_rkp", 275 "libcrypto", 276 "libcutils", 277 "libbase", 278 ], 279 cflags: [ 280 "-DKEYMASTER_NAME_TAGS", 281 "-fno-rtti", // TODO(b/156427382): Remove workaround when possible. 282 ], 283 export_include_dirs: ["include"], 284} 285 286cc_library_shared { 287 name: "libkeymaster3device", 288 srcs: [ 289 "legacy_support/keymaster_passthrough_key.cpp", 290 "legacy_support/keymaster_passthrough_engine.cpp", 291 "legacy_support/keymaster_passthrough_operation.cpp", 292 "contexts/keymaster1_passthrough_context.cpp", 293 "contexts/keymaster2_passthrough_context.cpp", 294 "ng/AndroidKeymaster3Device.cpp", 295 "android_keymaster/keymaster_configuration.cpp", 296 "legacy_support/ec_keymaster1_key.cpp", 297 "legacy_support/ecdsa_keymaster1_operation.cpp", 298 "legacy_support/keymaster1_engine.cpp", 299 "legacy_support/keymaster1_legacy_support.cpp", 300 "legacy_support/rsa_keymaster1_key.cpp", 301 "legacy_support/rsa_keymaster1_operation.cpp", 302 ], 303 defaults: ["keymaster_defaults"], 304 shared_libs: [ 305 "libkeymaster_messages", 306 "[email protected]", 307 "libcrypto", 308 "libcutils", 309 "libbase", 310 "libhidlbase", 311 "libkeymaster_portable", 312 "liblog", 313 "libpuresoftkeymasterdevice", 314 "libsoft_attestation_cert", 315 "libutils", 316 ], 317 export_include_dirs: [ 318 "include", 319 "ng/include", 320 ], 321} 322 323cc_library { 324 name: "libkeymaster4", 325 srcs: [ 326 "legacy_support/keymaster_passthrough_key.cpp", 327 "legacy_support/keymaster_passthrough_engine.cpp", 328 "legacy_support/keymaster_passthrough_operation.cpp", 329 "ng/AndroidKeymaster4Device.cpp", 330 "android_keymaster/keymaster_configuration.cpp", 331 ], 332 defaults: ["keymaster_defaults"], 333 shared_libs: [ 334 "libkeymaster_messages", 335 "[email protected]", 336 "libcrypto", 337 "libcutils", 338 "libbase", 339 "libhidlbase", 340 "libkeymaster_portable", 341 "libpuresoftkeymasterdevice", 342 "liblog", 343 "libutils", 344 "libkeymaster4support", 345 ], 346 export_include_dirs: [ 347 "ng/include", 348 "include", 349 ], 350} 351 352cc_library_shared { 353 name: "libkeymaster41", 354 vendor_available: true, 355 srcs: [ 356 "ng/AndroidKeymaster41Device.cpp", 357 ], 358 defaults: ["keymaster_defaults"], 359 shared_libs: [ 360 "[email protected]", 361 "[email protected]", 362 "libbase", 363 "libcrypto", 364 "libcutils", 365 "libhidlbase", 366 "libkeymaster4", 367 "libkeymaster4_1support", 368 "libkeymaster4support", 369 "libkeymaster_messages", 370 "libkeymaster_portable", 371 "liblog", 372 "libpuresoftkeymasterdevice", 373 "libutils", 374 ], 375 export_include_dirs: ["ng/include"], 376} 377 378cc_library { 379 name: "lib_android_keymaster_keymint_utils", 380 vendor_available: true, 381 srcs: [ 382 "ng/KeyMintUtils.cpp", 383 ], 384 defaults: [ 385 "keymaster_defaults", 386 "keymint_use_latest_hal_aidl_ndk_shared", 387 ], 388 shared_libs: [ 389 "libbase", 390 "libhardware", 391 ], 392 export_include_dirs: [ 393 "ng/include", 394 "include", 395 ], 396} 397 398cc_library { 399 name: "libkeymasterconfig", 400 vendor_available: true, 401 srcs: [ 402 "android_keymaster/keymaster_configuration.cpp", 403 ], 404 defaults: [ 405 "keymaster_defaults", 406 ], 407 shared_libs: [ 408 "lib_android_keymaster_keymint_utils", 409 "libbase", 410 "libcutils", 411 "libhardware", 412 "libkeymaster_messages", 413 "liblog", 414 ], 415 export_include_dirs: [ 416 "include", 417 ], 418} 419 420cc_library { 421 name: "libkeymasterconfig_V3", 422 vendor_available: true, 423 srcs: [ 424 "android_keymaster/keymaster_configuration.cpp", 425 ], 426 defaults: [ 427 "keymaster_defaults", 428 ], 429 shared_libs: [ 430 "lib_android_keymaster_keymint_utils_V3", 431 "libbase", 432 "libcutils", 433 "libhardware", 434 "libkeymaster_messages", 435 "liblog", 436 ], 437 export_include_dirs: [ 438 "include", 439 ], 440} 441 442cc_library { 443 name: "libkeymint", 444 vendor_available: true, 445 srcs: [ 446 "android_keymaster/keymaster_configuration.cpp", 447 "legacy_support/keymaster_passthrough_engine.cpp", 448 "legacy_support/keymaster_passthrough_key.cpp", 449 "legacy_support/keymaster_passthrough_operation.cpp", 450 "ng/AndroidKeyMintDevice.cpp", 451 "ng/AndroidKeyMintOperation.cpp", 452 "ng/AndroidRemotelyProvisionedComponentDevice.cpp", 453 "ng/AndroidSharedSecret.cpp", 454 "ng/AndroidSecureClock.cpp", 455 ], 456 defaults: [ 457 "keymaster_defaults", 458 "keymint_use_latest_hal_aidl_ndk_shared", 459 ], 460 shared_libs: [ 461 "libhidlbase", 462 "android.hardware.security.rkp-V3-ndk", 463 "android.hardware.security.secureclock-V1-ndk", 464 "android.hardware.security.sharedsecret-V1-ndk", 465 "lib_android_keymaster_keymint_utils", 466 "libbase", 467 "libbinder_ndk", 468 "libcppbor", 469 "libcrypto", 470 "libcutils", 471 "libkeymaster_messages", 472 "libkeymaster_portable", 473 "liblog", 474 "libpuresoftkeymasterdevice", 475 "libutils", 476 ], 477 export_include_dirs: [ 478 "include", 479 "ng/include", 480 ], 481} 482 483cc_library { 484 name: "lib_android_keymaster_keymint_utils_V3", 485 vendor_available: true, 486 srcs: [ 487 "ng/KeyMintUtils.cpp", 488 ], 489 defaults: [ 490 "keymaster_defaults", 491 ], 492 shared_libs: [ 493 "android.hardware.security.keymint-V3-ndk", 494 "libbase", 495 "libhardware", 496 ], 497 export_include_dirs: [ 498 "ng/include", 499 "include", 500 ], 501} 502 503cc_library { 504 name: "lib_android_keymaster_keymint_utils_V2", 505 vendor_available: true, 506 srcs: [ 507 "ng/KeyMintUtils.cpp", 508 ], 509 defaults: [ 510 "keymaster_defaults", 511 ], 512 shared_libs: [ 513 "android.hardware.security.keymint-V2-ndk", 514 "libbase", 515 "libhardware", 516 ], 517 export_include_dirs: [ 518 "ng/include", 519 "include", 520 ], 521} 522 523cc_library { 524 name: "libcppcose_rkp", 525 vendor_available: true, 526 host_supported: true, 527 srcs: [ 528 "cppcose/cppcose.cpp", 529 ], 530 export_include_dirs: [ 531 "include", 532 ], 533 shared_libs: [ 534 "libcppbor", 535 "libcrypto", 536 "liblog", 537 ], 538 target: { 539 windows: { 540 enabled: true, 541 }, 542 }, 543} 544 545cc_defaults { 546 name: "keymaster_fuzz_defaults", 547 header_libs: ["libhardware_headers"], 548 shared_libs: [ 549 "libkeymaster_messages", 550 ], 551 // Not using defaults because the fuzzer relies on sanitizers that are explicitly disabled there. 552 cflags: [ 553 "-Wall", 554 "-Werror", 555 "-Wunused", 556 "-Wno-error=unused-const-variable", 557 "-Wno-error=unused-private-field", 558 "-Wimplicit-fallthrough", 559 "-DKEYMASTER_NAME_TAGS", 560 ], 561 host_supported: true, 562 target: { 563 host: { 564 cflags: [ 565 "-fno-rtti", // TODO(b/156427382): Remove when default library removes this 566 ], 567 }, 568 }, 569} 570 571cc_fuzz { 572 name: "libkeymaster_fuzz_buffer", 573 defaults: ["keymaster_fuzz_defaults"], 574 srcs: [ 575 "tests/fuzzers/buffer_fuzz.cpp", 576 ], 577} 578 579cc_fuzz { 580 name: "libkeymaster_fuzz_deserialize", 581 defaults: ["keymaster_fuzz_defaults"], 582 srcs: [ 583 "tests/fuzzers/message_serializable_fuzz.cpp", 584 ], 585} 586 587dirgroup { 588 name: "trusty_dirgroup_system_keymaster", 589 dirs: ["."], 590 visibility: ["//trusty/vendor/google/aosp/scripts"], 591} 592