Android.bp

// Copyright (C) 2014 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// libkeymaster_messages contains just the code necessary to communicate with a
// AndroidKeymaster implementation, e.g. one running in TrustZone.
package {
    default_applicable_licenses: ["system_keymaster_license"],
}

// Added automatically by a large-scale-change that took the approach of
// 'apply every license found to every target'. While this makes sure we respect
// every license restriction, it may not be entirely correct.
//
// e.g. GPL in an MIT project might only apply to the contrib/ directory.
//
// Please consider splitting the single license below into multiple licenses,
// taking care not to lose any license_kind information, and overriding the
// default license using the 'licenses: [...]' property on targets as needed.
//
// For unused files, consider creating a 'fileGroup' with "//visibility:private"
// to attach the license to, and including a comment whether the files may be
// used in the current project.
// See: http://go/android-license-faq
license {
    name: "system_keymaster_license",
    visibility: [":__subpackages__"],
    license_kinds: [
        "SPDX-license-identifier-Apache-2.0",
        "SPDX-license-identifier-ISC",
        "legacy_unencumbered",
    ],
    license_text: [
        "NOTICE",
    ],
}

cc_defaults {
    name: "keymaster_defaults",
    vendor_available: true,
    cflags: [
        "-Wall",
        "-Werror",
        "-Wunused",
        "-Wno-error=unused-const-variable",
        "-Wno-error=unused-private-field",
        "-Wimplicit-fallthrough",
        // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released.
        // Currently, if enabled, these flags will cause an internal error in Clang.
        "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp",
    ],
    tidy: true,
    tidy_checks: [
        "-performance-noexcept-move-constructor",
    ],
    sanitize: {
        integer_overflow: false,
    },
    target: {
        windows: {
            enabled: true,
        },
    },
}

cc_library_shared {
    name: "libkeymaster_messages",
    srcs: [
        "android_keymaster/android_keymaster_messages.cpp",
        "android_keymaster/android_keymaster_utils.cpp",
        "android_keymaster/authorization_set.cpp",
        "android_keymaster/keymaster_tags.cpp",
        "android_keymaster/logger.cpp",
        "android_keymaster/serializable.cpp",
    ],
    header_libs: ["libhardware_headers"],
    defaults: ["keymaster_defaults"],
    cflags: [
        "-DKEYMASTER_NAME_TAGS",
    ],
    export_include_dirs: ["include"],
    host_supported: true,
    target: {
        host: {
            cflags: [
                "-fno-rtti", // TODO(b/156427382): Remove workaround when possible.
            ],
        },
    },
}

// libkeymaster_portable contains almost everything needed for a keymaster
// implementation, lacking only a subclass of the (abstract) KeymasterContext
// class to provide environment-specific services and a wrapper to translate from
// the function-based keymaster HAL API to the message-based AndroidKeymaster API.
cc_library {
    name: "libkeymaster_portable",
    srcs: [
        "android_keymaster/android_keymaster.cpp",
        "android_keymaster/android_keymaster_messages.cpp",
        "android_keymaster/android_keymaster_utils.cpp",
        "android_keymaster/authorization_set.cpp",
        "android_keymaster/keymaster_enforcement.cpp",
        "android_keymaster/keymaster_tags.cpp",
        "android_keymaster/logger.cpp",
        "android_keymaster/operation.cpp",
        "android_keymaster/operation_table.cpp",
        "android_keymaster/pure_soft_secure_key_storage.cpp",
        "android_keymaster/remote_provisioning_utils.cpp",
        "android_keymaster/serializable.cpp",
        "key_blob_utils/auth_encrypted_key_blob.cpp",
        "key_blob_utils/integrity_assured_key_blob.cpp",
        "key_blob_utils/ocb.c",
        "key_blob_utils/ocb_utils.cpp",
        "key_blob_utils/software_keyblobs.cpp",
        "km_openssl/aes_key.cpp",
        "km_openssl/aes_operation.cpp",
        "km_openssl/asymmetric_key.cpp",
        "km_openssl/asymmetric_key_factory.cpp",
        "km_openssl/attestation_record.cpp",
        "km_openssl/attestation_utils.cpp",
        "km_openssl/block_cipher_operation.cpp",
        "km_openssl/certificate_utils.cpp",
        "km_openssl/ckdf.cpp",
        "km_openssl/curve25519_key.cpp",
        "km_openssl/ec_key.cpp",
        "km_openssl/ec_key_factory.cpp",
        "km_openssl/ecdh_operation.cpp",
        "km_openssl/ecdsa_operation.cpp",
        "km_openssl/ecies_kem.cpp",
        "km_openssl/hkdf.cpp",
        "km_openssl/hmac.cpp",
        "km_openssl/hmac_key.cpp",
        "km_openssl/hmac_operation.cpp",
        "km_openssl/iso18033kdf.cpp",
        "km_openssl/kdf.cpp",
        "km_openssl/nist_curve_key_exchange.cpp",
        "km_openssl/openssl_err.cpp",
        "km_openssl/openssl_utils.cpp",
        "km_openssl/rsa_key.cpp",
        "km_openssl/rsa_key_factory.cpp",
        "km_openssl/rsa_operation.cpp",
        "km_openssl/software_random_source.cpp",
        "km_openssl/symmetric_key.cpp",
        "km_openssl/triple_des_key.cpp",
        "km_openssl/triple_des_operation.cpp",
        "km_openssl/wrapped_key.cpp",
    ],

    shared_libs: [
        "libcrypto",
        "libcppbor_external",
        "libcppcose_rkp",
    ],
    export_shared_lib_headers: ["libcppbor_external"],
    header_libs: ["libhardware_headers"],
    export_header_lib_headers: ["libhardware_headers"],
    defaults: ["keymaster_defaults"],
    host_supported: true,
    export_include_dirs: ["include"],
    target: {
        host: {
            cflags: [
                "-fno-rtti", // TODO(b/156427382): Remove workaround when possible.
            ],
        },
    },
}

// libsoftkeymaster provides a software-based keymaster HAL implementation.
// This is used by keystore as a fallback for when the hardware keymaster does
// not support the request.
cc_library {
    name: "libsoftkeymasterdevice",
    srcs: [
        "android_keymaster/keymaster_configuration.cpp",
        "contexts/pure_soft_keymaster_context.cpp",
        "contexts/pure_soft_remote_provisioning_context.cpp",
        "contexts/soft_attestation_context.cpp",
        "contexts/soft_keymaster_context.cpp",
        "contexts/soft_keymaster_device.cpp",
        "contexts/soft_keymaster_logger.cpp",
        "km_openssl/soft_keymaster_enforcement.cpp",
        "legacy_support/ec_keymaster1_key.cpp",
        "legacy_support/ecdsa_keymaster1_operation.cpp",
        "legacy_support/keymaster1_engine.cpp",
        "legacy_support/keymaster1_legacy_support.cpp",
        "legacy_support/rsa_keymaster1_key.cpp",
        "legacy_support/rsa_keymaster1_operation.cpp",
    ],
    defaults: ["keymaster_defaults"],
    shared_libs: [
        "libkeymaster_messages",
        "libkeymaster_portable",
        "libsoft_attestation_cert",
        "liblog",
        "libbase",
        "libcppbor_external",
        "libcppcose_rkp",
        "libcrypto",
        "libcutils",
    ],
    export_include_dirs: ["include"],
}

cc_library {
    name: "libsoft_attestation_cert",
    srcs: [
        "contexts/soft_attestation_cert.cpp",
    ],
    defaults: ["keymaster_defaults"],
    shared_libs: [
        "libkeymaster_portable",
    ],

    host_supported: true,
    export_include_dirs: ["include"],
}

cc_library {
    name: "libpuresoftkeymasterdevice",
    srcs: [
        "android_keymaster/keymaster_configuration.cpp",
        "contexts/soft_attestation_context.cpp",
        "contexts/pure_soft_keymaster_context.cpp",
        "contexts/pure_soft_remote_provisioning_context.cpp",
        "contexts/soft_keymaster_logger.cpp",
        "km_openssl/soft_keymaster_enforcement.cpp",
    ],
    defaults: ["keymaster_defaults"],
    shared_libs: [
        "libkeymaster_messages",
        "libkeymaster_portable",
        "libsoft_attestation_cert",
        "liblog",
        "libcppbor_external",
        "libcppcose_rkp",
        "libcrypto",
        "libcutils",
        "libbase",
    ],
    export_include_dirs: ["include"],
}

cc_library {
    name: "libpuresoftkeymasterdevice_host",
    srcs: [
        "contexts/pure_soft_keymaster_context.cpp",
        "contexts/pure_soft_remote_provisioning_context.cpp",
        "contexts/soft_attestation_context.cpp",
        "contexts/soft_keymaster_logger.cpp",
        "km_openssl/soft_keymaster_enforcement.cpp",
    ],
    defaults: ["keymaster_defaults"],
    host_supported: true,
    device_supported: false,
    shared_libs: [
        "libkeymaster_messages",
        "libkeymaster_portable",
        "libsoft_attestation_cert",
        "liblog",
        "libcppbor_external",
        "libcppcose_rkp",
        "libcrypto",
        "libcutils",
        "libbase",
    ],
    cflags: [
        "-DKEYMASTER_NAME_TAGS",
        "-fno-rtti", // TODO(b/156427382): Remove workaround when possible.
    ],
    export_include_dirs: ["include"],
}

cc_library_shared {
    name: "libkeymaster3device",
    srcs: [
        "legacy_support/keymaster_passthrough_key.cpp",
        "legacy_support/keymaster_passthrough_engine.cpp",
        "legacy_support/keymaster_passthrough_operation.cpp",
        "contexts/keymaster1_passthrough_context.cpp",
        "contexts/keymaster2_passthrough_context.cpp",
        "ng/AndroidKeymaster3Device.cpp",
        "android_keymaster/keymaster_configuration.cpp",
        "legacy_support/ec_keymaster1_key.cpp",
        "legacy_support/ecdsa_keymaster1_operation.cpp",
        "legacy_support/keymaster1_engine.cpp",
        "legacy_support/keymaster1_legacy_support.cpp",
        "legacy_support/rsa_keymaster1_key.cpp",
        "legacy_support/rsa_keymaster1_operation.cpp",
    ],
    defaults: ["keymaster_defaults"],
    shared_libs: [
        "libkeymaster_messages",
        "android.hardware.keymaster@3.0",
        "libcrypto",
        "libcutils",
        "libbase",
        "libhidlbase",
        "libkeymaster_portable",
        "liblog",
        "libpuresoftkeymasterdevice",
        "libsoft_attestation_cert",
        "libutils",
    ],
    export_include_dirs: [
        "include",
        "ng/include",
    ],
}

cc_library {
    name: "libkeymaster4",
    srcs: [
        "legacy_support/keymaster_passthrough_key.cpp",
        "legacy_support/keymaster_passthrough_engine.cpp",
        "legacy_support/keymaster_passthrough_operation.cpp",
        "ng/AndroidKeymaster4Device.cpp",
        "android_keymaster/keymaster_configuration.cpp",
    ],
    defaults: ["keymaster_defaults"],
    shared_libs: [
        "libkeymaster_messages",
        "android.hardware.keymaster@4.0",
        "libcrypto",
        "libcutils",
        "libbase",
        "libhidlbase",
        "libkeymaster_portable",
        "libpuresoftkeymasterdevice",
        "liblog",
        "libutils",
        "libkeymaster4support",
    ],
    export_include_dirs: [
        "ng/include",
        "include",
    ],
}

cc_library_shared {
    name: "libkeymaster41",
    vendor_available: true,
    srcs: [
        "ng/AndroidKeymaster41Device.cpp",
    ],
    defaults: ["keymaster_defaults"],
    shared_libs: [
        "android.hardware.keymaster@4.0",
        "android.hardware.keymaster@4.1",
        "libbase",
        "libcrypto",
        "libcutils",
        "libhidlbase",
        "libkeymaster4",
        "libkeymaster4_1support",
        "libkeymaster4support",
        "libkeymaster_messages",
        "libkeymaster_portable",
        "liblog",
        "libpuresoftkeymasterdevice",
        "libutils",
    ],
    export_include_dirs: ["ng/include"],
}

cc_library {
    name: "lib_android_keymaster_keymint_utils",
    vendor_available: true,
    srcs: [
        "ng/KeyMintUtils.cpp",
    ],
    defaults: [
        "keymaster_defaults",
        "keymint_use_latest_hal_aidl_ndk_shared",
    ],
    shared_libs: [
        "libbase",
        "libhardware",
    ],
    export_include_dirs: [
        "ng/include",
        "include",
    ],
}

cc_library {
    name: "libkeymint",
    vendor_available: true,
    srcs: [
        "android_keymaster/keymaster_configuration.cpp",
        "legacy_support/keymaster_passthrough_engine.cpp",
        "legacy_support/keymaster_passthrough_key.cpp",
        "legacy_support/keymaster_passthrough_operation.cpp",
        "ng/AndroidKeyMintDevice.cpp",
        "ng/AndroidKeyMintOperation.cpp",
        "ng/AndroidRemotelyProvisionedComponentDevice.cpp",
        "ng/AndroidSharedSecret.cpp",
        "ng/AndroidSecureClock.cpp",
    ],
    defaults: [
        "keymaster_defaults",
        "keymint_use_latest_hal_aidl_ndk_shared",
    ],
    shared_libs: [
        "libhidlbase",
        "android.hardware.security.rkp-V3-ndk",
        "android.hardware.security.secureclock-V1-ndk",
        "android.hardware.security.sharedsecret-V1-ndk",
        "lib_android_keymaster_keymint_utils",
        "libbase",
        "libbinder_ndk",
        "libcppbor_external",
        "libcrypto",
        "libcutils",
        "libkeymaster_messages",
        "libkeymaster_portable",
        "liblog",
        "libpuresoftkeymasterdevice",
        "libutils",
    ],
    export_include_dirs: [
        "include",
        "ng/include",
    ],
}

cc_library {
    name: "libcppcose_rkp",
    vendor_available: true,
    host_supported: true,
    srcs: [
        "cppcose/cppcose.cpp",
    ],
    export_include_dirs: [
        "include",
    ],
    shared_libs: [
        "libcppbor_external",
        "libcrypto",
        "liblog",
    ],
    target: {
        windows: {
            enabled: true,
        },
    },
}

cc_defaults {
    name: "keymaster_fuzz_defaults",
    header_libs: ["libhardware_headers"],
    shared_libs: [
        "libkeymaster_messages",
    ],
    // Not using defaults because the fuzzer relies on sanitizers that are explicitly disabled there.
    cflags: [
        "-Wall",
        "-Werror",
        "-Wunused",
        "-Wno-error=unused-const-variable",
        "-Wno-error=unused-private-field",
        "-Wimplicit-fallthrough",
        "-DKEYMASTER_NAME_TAGS",
    ],
    host_supported: true,
    target: {
        host: {
            cflags: [
                "-fno-rtti", // TODO(b/156427382): Remove when default library removes this
            ],
        },
    },
}

cc_fuzz {
    name: "libkeymaster_fuzz_buffer",
    defaults: ["keymaster_fuzz_defaults"],
    srcs: [
        "tests/fuzzers/buffer_fuzz.cpp",
    ],
}

cc_fuzz {
    name: "libkeymaster_fuzz_serializable",
    defaults: ["keymaster_fuzz_defaults"],
    srcs: [
        "tests/fuzzers/message_serializable_fuzz.cpp",
    ],
}