223 lines
6.9 KiB
Text
223 lines
6.9 KiB
Text
// Copyright (C) 2014 The Android Open Source Project
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
// libkeymaster_messages contains just the code necessary to communicate with a
|
|
// AndroidKeymaster implementation, e.g. one running in TrustZone.
|
|
cc_library_shared {
|
|
name: "libkeymaster_messages",
|
|
vendor_available: true,
|
|
vndk: {
|
|
enabled: true,
|
|
},
|
|
srcs: [
|
|
"android_keymaster_messages.cpp",
|
|
"android_keymaster_utils.cpp",
|
|
"authorization_set.cpp",
|
|
"keymaster_tags.cpp",
|
|
"logger.cpp",
|
|
"serializable.cpp",
|
|
"keymaster_stl.cpp",
|
|
],
|
|
header_libs: ["libhardware_headers"],
|
|
cflags: [
|
|
"-Wall",
|
|
"-Werror",
|
|
"-Wunused",
|
|
"-DKEYMASTER_NAME_TAGS",
|
|
],
|
|
stl: "none",
|
|
clang: true,
|
|
// TODO(krasin): reenable coverage flags, when the new Clang toolchain is released.
|
|
// Currently, if enabled, these flags will cause an internal error in Clang.
|
|
clang_cflags: ["-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp"],
|
|
|
|
export_include_dirs: ["include"],
|
|
|
|
}
|
|
|
|
// libkeymaster_portable contains almost everything needed for a keymaster
|
|
// implementation, lacking only a subclass of the (abstract) KeymasterContext
|
|
// class to provide environment-specific services and a wrapper to translate from
|
|
// the function-based keymaster HAL API to the message-based AndroidKeymaster API.
|
|
cc_library_shared {
|
|
name: "libkeymaster_portable",
|
|
vendor_available: true,
|
|
vndk: {
|
|
enabled: true,
|
|
},
|
|
srcs: [
|
|
"aes_key.cpp",
|
|
"aes_operation.cpp",
|
|
"android_keymaster.cpp",
|
|
"android_keymaster_messages.cpp",
|
|
"android_keymaster_utils.cpp",
|
|
"asymmetric_key.cpp",
|
|
"asymmetric_key_factory.cpp",
|
|
"attestation_record.cpp",
|
|
"auth_encrypted_key_blob.cpp",
|
|
"authorization_set.cpp",
|
|
"ecdsa_operation.cpp",
|
|
"ec_key.cpp",
|
|
"ec_key_factory.cpp",
|
|
"hmac_key.cpp",
|
|
"hmac_operation.cpp",
|
|
"key.cpp",
|
|
"keymaster_enforcement.cpp",
|
|
"keymaster_tags.cpp",
|
|
"logger.cpp",
|
|
"ocb.c",
|
|
"ocb_utils.cpp",
|
|
"openssl_err.cpp",
|
|
"openssl_utils.cpp",
|
|
"operation.cpp",
|
|
"operation_table.cpp",
|
|
"rsa_key.cpp",
|
|
"rsa_key_factory.cpp",
|
|
"rsa_operation.cpp",
|
|
"serializable.cpp",
|
|
"symmetric_key.cpp",
|
|
"keymaster_stl.cpp",
|
|
],
|
|
|
|
shared_libs: [
|
|
"libcrypto",
|
|
"libkeymaster_messages",
|
|
],
|
|
header_libs: ["libhardware_headers"],
|
|
export_header_lib_headers: ["libhardware_headers"],
|
|
cflags: [
|
|
"-Wall",
|
|
"-Werror",
|
|
"-Wunused",
|
|
"-DBORINGSSL_NO_CXX",
|
|
],
|
|
// NOTE: libkeymaster_portable must run unchanged in the trusty runtime environment.
|
|
// Therefore, it must not link against any c++ stl library. keymaster_stl.cpp
|
|
// weakly defines the subset of stl symbols required for this library to work
|
|
// and which are also available in the trusty context.
|
|
stl: "none",
|
|
clang: true,
|
|
clang_cflags: [
|
|
"-Wno-error=unused-const-variable",
|
|
"-Wno-error=unused-private-field",
|
|
// TODO(krasin): reenable coverage flags, when the new Clang toolchain is released.
|
|
// Currently, if enabled, these flags will cause an internal error in Clang.
|
|
"-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp"
|
|
],
|
|
|
|
export_include_dirs: ["include"],
|
|
|
|
}
|
|
|
|
// libkeymaster_staging adds to libkeymaster_portable code that is needed by the softkeymaster device
|
|
// to implement keymaster. This is sort of a staging area for functionality that may move
|
|
// to libkeymaster_portalbe eventually. Unlike libkeymaster_portable, this library can use c++ stl
|
|
// headers, but modules should avoid it if they are to be moved to libkeymaster_portable.
|
|
cc_library_shared {
|
|
name: "libkeymaster_staging",
|
|
vendor_available: true,
|
|
vndk: {
|
|
enabled: true,
|
|
},
|
|
srcs: [
|
|
"ecies_kem.cpp",
|
|
"hkdf.cpp",
|
|
"hmac.cpp",
|
|
"integrity_assured_key_blob.cpp",
|
|
"iso18033kdf.cpp",
|
|
"kdf.cpp",
|
|
"nist_curve_key_exchange.cpp",
|
|
],
|
|
|
|
shared_libs: [
|
|
"libcrypto",
|
|
"libkeymaster_portable",
|
|
"libkeymaster_messages",
|
|
],
|
|
cflags: [
|
|
"-Wall",
|
|
"-Werror",
|
|
"-Wunused",
|
|
],
|
|
clang: true,
|
|
clang_cflags: [
|
|
"-Wno-error=unused-const-variable",
|
|
"-Wno-error=unused-private-field",
|
|
// TODO(krasin): reenable coverage flags, when the new Clang toolchain is released.
|
|
// Currently, if enabled, these flags will cause an internal error in Clang.
|
|
"-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp"
|
|
],
|
|
|
|
export_include_dirs: ["include"],
|
|
|
|
}
|
|
|
|
// libsoftkeymaster provides a software-based keymaster HAL implementation.
|
|
// This is used by keystore as a fallback for when the hardware keymaster does
|
|
// not support the request.
|
|
cc_library {
|
|
name: "libsoftkeymasterdevice",
|
|
vendor_available: true,
|
|
vndk: {
|
|
enabled: true,
|
|
},
|
|
srcs: [
|
|
"ec_keymaster0_key.cpp",
|
|
"ec_keymaster1_key.cpp",
|
|
"ecdsa_keymaster1_operation.cpp",
|
|
"keymaster0_engine.cpp",
|
|
"keymaster1_engine.cpp",
|
|
"keymaster_configuration.cpp",
|
|
"rsa_keymaster0_key.cpp",
|
|
"rsa_keymaster1_key.cpp",
|
|
"rsa_keymaster1_operation.cpp",
|
|
"soft_keymaster_context.cpp",
|
|
"soft_keymaster_device.cpp",
|
|
"soft_keymaster_logger.cpp",
|
|
],
|
|
include_dirs: ["system/security/keystore"],
|
|
cflags: [
|
|
"-Wall",
|
|
"-Werror",
|
|
"-Wunused",
|
|
],
|
|
clang: true,
|
|
clang_cflags: [
|
|
"-Wno-error=unused-const-variable",
|
|
"-Wno-error=unused-private-field",
|
|
// TODO(krasin): reenable coverage flags, when the new Clang toolchain is released.
|
|
// Currently, if enabled, these flags will cause an internal error in Clang.
|
|
"-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp"
|
|
],
|
|
|
|
shared_libs: [
|
|
"libkeymaster_messages",
|
|
"libkeymaster_portable",
|
|
"libkeymaster_staging",
|
|
"liblog",
|
|
"libcrypto",
|
|
"libcutils",
|
|
],
|
|
|
|
export_include_dirs: ["include"],
|
|
}
|
|
|
|
// libkeymasterfiles is an empty library that exports all of the files in keymaster as includes.
|
|
cc_library_static {
|
|
name: "libkeymasterfiles",
|
|
export_include_dirs: [
|
|
".",
|
|
"include",
|
|
],
|
|
}
|