1// Copyright (C) 2014 The Android Open Source Project 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15// libkeymaster_messages contains just the code necessary to communicate with a 16// AndroidKeymaster implementation, e.g. one running in TrustZone. 17package { 18 default_team: "trendy_team_android_hardware_backed_security", 19 default_applicable_licenses: ["system_keymaster_license"], 20} 21 22// Added automatically by a large-scale-change that took the approach of 23// 'apply every license found to every target'. While this makes sure we respect 24// every license restriction, it may not be entirely correct. 25// 26// e.g. GPL in an MIT project might only apply to the contrib/ directory. 27// 28// Please consider splitting the single license below into multiple licenses, 29// taking care not to lose any license_kind information, and overriding the 30// default license using the 'licenses: [...]' property on targets as needed. 31// 32// For unused files, consider creating a 'fileGroup' with "//visibility:private" 33// to attach the license to, and including a comment whether the files may be 34// used in the current project. 35// See: http://go/android-license-faq 36license { 37 name: "system_keymaster_license", 38 visibility: [":__subpackages__"], 39 license_kinds: [ 40 "SPDX-license-identifier-Apache-2.0", 41 "SPDX-license-identifier-ISC", 42 "legacy_unencumbered", 43 ], 44 license_text: [ 45 "NOTICE", 46 ], 47} 48 49cc_defaults { 50 name: "keymaster_defaults", 51 vendor_available: true, 52 cflags: [ 53 "-Wall", 54 "-Werror", 55 "-Wunused", 56 "-Wno-error=unused-const-variable", 57 "-Wno-error=unused-private-field", 58 "-Wimplicit-fallthrough", 59 // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released. 60 // Currently, if enabled, these flags will cause an internal error in Clang. 61 "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp", 62 ], 63 tidy: true, 64 tidy_checks: [ 65 "-performance-noexcept-move-constructor", 66 ], 67 sanitize: { 68 integer_overflow: false, 69 }, 70 target: { 71 windows: { 72 enabled: true, 73 }, 74 }, 75} 76 77cc_library_shared { 78 name: "libkeymaster_messages", 79 srcs: [ 80 "android_keymaster/android_keymaster_messages.cpp", 81 "android_keymaster/android_keymaster_utils.cpp", 82 "android_keymaster/authorization_set.cpp", 83 "android_keymaster/keymaster_tags.cpp", 84 "android_keymaster/logger.cpp", 85 "android_keymaster/serializable.cpp", 86 ], 87 header_libs: ["libhardware_headers"], 88 defaults: ["keymaster_defaults"], 89 cflags: [ 90 "-DKEYMASTER_NAME_TAGS", 91 ], 92 export_include_dirs: ["include"], 93 host_supported: true, 94 target: { 95 host: { 96 cflags: [ 97 "-fno-rtti", // TODO(b/156427382): Remove workaround when possible. 98 ], 99 }, 100 }, 101} 102 103// libkeymaster_portable contains almost everything needed for a keymaster 104// implementation, lacking only a subclass of the (abstract) KeymasterContext 105// class to provide environment-specific services and a wrapper to translate from 106// the function-based keymaster HAL API to the message-based AndroidKeymaster API. 107cc_library { 108 name: "libkeymaster_portable", 109 srcs: [ 110 "android_keymaster/android_keymaster.cpp", 111 "android_keymaster/android_keymaster_messages.cpp", 112 "android_keymaster/android_keymaster_utils.cpp", 113 "android_keymaster/authorization_set.cpp", 114 "android_keymaster/keymaster_enforcement.cpp", 115 "android_keymaster/keymaster_tags.cpp", 116 "android_keymaster/logger.cpp", 117 "android_keymaster/operation.cpp", 118 "android_keymaster/operation_table.cpp", 119 "android_keymaster/pure_soft_secure_key_storage.cpp", 120 "android_keymaster/remote_provisioning_utils.cpp", 121 "android_keymaster/serializable.cpp", 122 "key_blob_utils/auth_encrypted_key_blob.cpp", 123 "key_blob_utils/integrity_assured_key_blob.cpp", 124 "key_blob_utils/ocb.c", 125 "key_blob_utils/ocb_utils.cpp", 126 "key_blob_utils/software_keyblobs.cpp", 127 "km_openssl/aes_key.cpp", 128 "km_openssl/aes_operation.cpp", 129 "km_openssl/asymmetric_key.cpp", 130 "km_openssl/asymmetric_key_factory.cpp", 131 "km_openssl/attestation_record.cpp", 132 "km_openssl/attestation_utils.cpp", 133 "km_openssl/block_cipher_operation.cpp", 134 "km_openssl/certificate_utils.cpp", 135 "km_openssl/ckdf.cpp", 136 "km_openssl/curve25519_key.cpp", 137 "km_openssl/ec_key.cpp", 138 "km_openssl/ec_key_factory.cpp", 139 "km_openssl/ecdh_operation.cpp", 140 "km_openssl/ecdsa_operation.cpp", 141 "km_openssl/ecies_kem.cpp", 142 "km_openssl/hkdf.cpp", 143 "km_openssl/hmac.cpp", 144 "km_openssl/hmac_key.cpp", 145 "km_openssl/hmac_operation.cpp", 146 "km_openssl/iso18033kdf.cpp", 147 "km_openssl/kdf.cpp", 148 "km_openssl/nist_curve_key_exchange.cpp", 149 "km_openssl/openssl_err.cpp", 150 "km_openssl/openssl_utils.cpp", 151 "km_openssl/rsa_key.cpp", 152 "km_openssl/rsa_key_factory.cpp", 153 "km_openssl/rsa_operation.cpp", 154 "km_openssl/software_random_source.cpp", 155 "km_openssl/symmetric_key.cpp", 156 "km_openssl/triple_des_key.cpp", 157 "km_openssl/triple_des_operation.cpp", 158 "km_openssl/wrapped_key.cpp", 159 ], 160 161 shared_libs: [ 162 "libcrypto", 163 "libcppbor", 164 "libcppcose_rkp", 165 ], 166 export_shared_lib_headers: ["libcppbor"], 167 header_libs: ["libhardware_headers"], 168 export_header_lib_headers: ["libhardware_headers"], 169 defaults: ["keymaster_defaults"], 170 host_supported: true, 171 export_include_dirs: ["include"], 172 target: { 173 host: { 174 cflags: [ 175 "-fno-rtti", // TODO(b/156427382): Remove workaround when possible. 176 ], 177 }, 178 }, 179} 180 181// libsoftkeymaster provides a software-based keymaster HAL implementation. 182// This is used by keystore as a fallback for when the hardware keymaster does 183// not support the request. 184cc_library { 185 name: "libsoftkeymasterdevice", 186 srcs: [ 187 "android_keymaster/keymaster_configuration.cpp", 188 "contexts/pure_soft_keymaster_context.cpp", 189 "contexts/pure_soft_remote_provisioning_context.cpp", 190 "contexts/soft_attestation_context.cpp", 191 "contexts/soft_keymaster_context.cpp", 192 "contexts/soft_keymaster_device.cpp", 193 "contexts/soft_keymaster_logger.cpp", 194 "km_openssl/soft_keymaster_enforcement.cpp", 195 "legacy_support/ec_keymaster1_key.cpp", 196 "legacy_support/ecdsa_keymaster1_operation.cpp", 197 "legacy_support/keymaster1_engine.cpp", 198 "legacy_support/keymaster1_legacy_support.cpp", 199 "legacy_support/rsa_keymaster1_key.cpp", 200 "legacy_support/rsa_keymaster1_operation.cpp", 201 ], 202 defaults: ["keymaster_defaults"], 203 shared_libs: [ 204 "libkeymaster_messages", 205 "libkeymaster_portable", 206 "libsoft_attestation_cert", 207 "liblog", 208 "libbase", 209 "libcppbor", 210 "libcppcose_rkp", 211 "libcrypto", 212 "libcutils", 213 ], 214 export_include_dirs: ["include"], 215} 216 217cc_library { 218 name: "libsoft_attestation_cert", 219 srcs: [ 220 "contexts/soft_attestation_cert.cpp", 221 ], 222 defaults: ["keymaster_defaults"], 223 shared_libs: [ 224 "libkeymaster_portable", 225 ], 226 227 host_supported: true, 228 export_include_dirs: ["include"], 229} 230 231cc_library { 232 name: "libpuresoftkeymasterdevice", 233 srcs: [ 234 "android_keymaster/keymaster_configuration.cpp", 235 "contexts/soft_attestation_context.cpp", 236 "contexts/pure_soft_keymaster_context.cpp", 237 "contexts/pure_soft_remote_provisioning_context.cpp", 238 "contexts/soft_keymaster_logger.cpp", 239 "km_openssl/soft_keymaster_enforcement.cpp", 240 ], 241 defaults: ["keymaster_defaults"], 242 shared_libs: [ 243 "libkeymaster_messages", 244 "libkeymaster_portable", 245 "libsoft_attestation_cert", 246 "liblog", 247 "libcppbor", 248 "libcppcose_rkp", 249 "libcrypto", 250 "libcutils", 251 "libbase", 252 ], 253 export_include_dirs: ["include"], 254} 255 256cc_library { 257 name: "libpuresoftkeymasterdevice_host", 258 srcs: [ 259 "contexts/pure_soft_keymaster_context.cpp", 260 "contexts/pure_soft_remote_provisioning_context.cpp", 261 "contexts/soft_attestation_context.cpp", 262 "contexts/soft_keymaster_logger.cpp", 263 "km_openssl/soft_keymaster_enforcement.cpp", 264 ], 265 defaults: ["keymaster_defaults"], 266 host_supported: true, 267 device_supported: false, 268 shared_libs: [ 269 "libkeymaster_messages", 270 "libkeymaster_portable", 271 "libsoft_attestation_cert", 272 "liblog", 273 "libcppbor", 274 "libcppcose_rkp", 275 "libcrypto", 276 "libcutils", 277 "libbase", 278 ], 279 cflags: [ 280 "-DKEYMASTER_NAME_TAGS", 281 "-fno-rtti", // TODO(b/156427382): Remove workaround when possible. 282 ], 283 export_include_dirs: ["include"], 284} 285 286cc_library_shared { 287 name: "libkeymaster3device", 288 srcs: [ 289 "legacy_support/keymaster_passthrough_key.cpp", 290 "legacy_support/keymaster_passthrough_engine.cpp", 291 "legacy_support/keymaster_passthrough_operation.cpp", 292 "contexts/keymaster1_passthrough_context.cpp", 293 "contexts/keymaster2_passthrough_context.cpp", 294 "ng/AndroidKeymaster3Device.cpp", 295 "android_keymaster/keymaster_configuration.cpp", 296 "legacy_support/ec_keymaster1_key.cpp", 297 "legacy_support/ecdsa_keymaster1_operation.cpp", 298 "legacy_support/keymaster1_engine.cpp", 299 "legacy_support/keymaster1_legacy_support.cpp", 300 "legacy_support/rsa_keymaster1_key.cpp", 301 "legacy_support/rsa_keymaster1_operation.cpp", 302 ], 303 defaults: ["keymaster_defaults"], 304 shared_libs: [ 305 "libkeymaster_messages", 306 "android.hardware.keymaster@3.0", 307 "libcrypto", 308 "libcutils", 309 "libbase", 310 "libhidlbase", 311 "libkeymaster_portable", 312 "liblog", 313 "libpuresoftkeymasterdevice", 314 "libsoft_attestation_cert", 315 "libutils", 316 ], 317 export_include_dirs: [ 318 "include", 319 "ng/include", 320 ], 321} 322 323cc_library { 324 name: "libkeymaster4", 325 srcs: [ 326 "legacy_support/keymaster_passthrough_key.cpp", 327 "legacy_support/keymaster_passthrough_engine.cpp", 328 "legacy_support/keymaster_passthrough_operation.cpp", 329 "ng/AndroidKeymaster4Device.cpp", 330 "android_keymaster/keymaster_configuration.cpp", 331 ], 332 defaults: ["keymaster_defaults"], 333 shared_libs: [ 334 "libkeymaster_messages", 335 "android.hardware.keymaster@4.0", 336 "libcrypto", 337 "libcutils", 338 "libbase", 339 "libhidlbase", 340 "libkeymaster_portable", 341 "libpuresoftkeymasterdevice", 342 "liblog", 343 "libutils", 344 "libkeymaster4support", 345 ], 346 export_include_dirs: [ 347 "ng/include", 348 "include", 349 ], 350} 351 352cc_library_shared { 353 name: "libkeymaster41", 354 vendor_available: true, 355 srcs: [ 356 "ng/AndroidKeymaster41Device.cpp", 357 ], 358 defaults: ["keymaster_defaults"], 359 shared_libs: [ 360 "android.hardware.keymaster@4.0", 361 "android.hardware.keymaster@4.1", 362 "libbase", 363 "libcrypto", 364 "libcutils", 365 "libhidlbase", 366 "libkeymaster4", 367 "libkeymaster4_1support", 368 "libkeymaster4support", 369 "libkeymaster_messages", 370 "libkeymaster_portable", 371 "liblog", 372 "libpuresoftkeymasterdevice", 373 "libutils", 374 ], 375 export_include_dirs: ["ng/include"], 376} 377 378cc_library { 379 name: "lib_android_keymaster_keymint_utils", 380 vendor_available: true, 381 srcs: [ 382 "ng/KeyMintUtils.cpp", 383 ], 384 defaults: [ 385 "keymaster_defaults", 386 "keymint_use_latest_hal_aidl_ndk_shared", 387 ], 388 shared_libs: [ 389 "libbase", 390 "libhardware", 391 ], 392 export_include_dirs: [ 393 "ng/include", 394 "include", 395 ], 396} 397 398cc_library { 399 name: "libkeymint", 400 vendor_available: true, 401 srcs: [ 402 "android_keymaster/keymaster_configuration.cpp", 403 "legacy_support/keymaster_passthrough_engine.cpp", 404 "legacy_support/keymaster_passthrough_key.cpp", 405 "legacy_support/keymaster_passthrough_operation.cpp", 406 "ng/AndroidKeyMintDevice.cpp", 407 "ng/AndroidKeyMintOperation.cpp", 408 "ng/AndroidRemotelyProvisionedComponentDevice.cpp", 409 "ng/AndroidSharedSecret.cpp", 410 "ng/AndroidSecureClock.cpp", 411 ], 412 defaults: [ 413 "keymaster_defaults", 414 "keymint_use_latest_hal_aidl_ndk_shared", 415 ], 416 shared_libs: [ 417 "libhidlbase", 418 "android.hardware.security.rkp-V3-ndk", 419 "android.hardware.security.secureclock-V1-ndk", 420 "android.hardware.security.sharedsecret-V1-ndk", 421 "lib_android_keymaster_keymint_utils", 422 "libbase", 423 "libbinder_ndk", 424 "libcppbor", 425 "libcrypto", 426 "libcutils", 427 "libkeymaster_messages", 428 "libkeymaster_portable", 429 "liblog", 430 "libpuresoftkeymasterdevice", 431 "libutils", 432 ], 433 export_include_dirs: [ 434 "include", 435 "ng/include", 436 ], 437} 438 439cc_library { 440 name: "libcppcose_rkp", 441 vendor_available: true, 442 host_supported: true, 443 srcs: [ 444 "cppcose/cppcose.cpp", 445 ], 446 export_include_dirs: [ 447 "include", 448 ], 449 shared_libs: [ 450 "libcppbor", 451 "libcrypto", 452 "liblog", 453 ], 454 target: { 455 windows: { 456 enabled: true, 457 }, 458 }, 459} 460 461cc_defaults { 462 name: "keymaster_fuzz_defaults", 463 header_libs: ["libhardware_headers"], 464 shared_libs: [ 465 "libkeymaster_messages", 466 ], 467 // Not using defaults because the fuzzer relies on sanitizers that are explicitly disabled there. 468 cflags: [ 469 "-Wall", 470 "-Werror", 471 "-Wunused", 472 "-Wno-error=unused-const-variable", 473 "-Wno-error=unused-private-field", 474 "-Wimplicit-fallthrough", 475 "-DKEYMASTER_NAME_TAGS", 476 ], 477 host_supported: true, 478 target: { 479 host: { 480 cflags: [ 481 "-fno-rtti", // TODO(b/156427382): Remove when default library removes this 482 ], 483 }, 484 }, 485} 486 487cc_fuzz { 488 name: "libkeymaster_fuzz_buffer", 489 defaults: ["keymaster_fuzz_defaults"], 490 srcs: [ 491 "tests/fuzzers/buffer_fuzz.cpp", 492 ], 493} 494 495cc_fuzz { 496 name: "libkeymaster_fuzz_deserialize", 497 defaults: ["keymaster_fuzz_defaults"], 498 srcs: [ 499 "tests/fuzzers/message_serializable_fuzz.cpp", 500 ], 501} 502