Android.bp

// Copyright (C) 2014 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// libkeymaster_messages contains just the code necessary to communicate with a
// AndroidKeymaster implementation, e.g. one running in TrustZone.
cc_library_shared {
    name: "libkeymaster_messages",
    vendor_available: true,
    srcs: [
        "android_keymaster_messages.cpp",
        "android_keymaster_utils.cpp",
        "authorization_set.cpp",
        "keymaster_tags.cpp",
        "logger.cpp",
        "serializable.cpp",
        "keymaster_stl.cpp",
    ],
    cflags: [
        "-Wall",
        "-Werror",
        "-Wunused",
        "-DKEYMASTER_NAME_TAGS",
    ],
    stl: "none",
    clang: true,
    // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released.
    // Currently, if enabled, these flags will cause an internal error in Clang.
    clang_cflags: ["-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp"],

    export_include_dirs: ["include"],

}

// libkeymaster_portable contains almost everything needed for a keymaster
// implementation, lacking only a subclass of the (abstract) KeymasterContext
// class to provide environment-specific services and a wrapper to translate from
// the function-based keymaster HAL API to the message-based AndroidKeymaster API.
cc_library_shared {
    name: "libkeymaster_portable",
    srcs: [
        "aes_key.cpp",
        "aes_operation.cpp",
        "android_keymaster.cpp",
        "android_keymaster_messages.cpp",
        "android_keymaster_utils.cpp",
        "asymmetric_key.cpp",
        "asymmetric_key_factory.cpp",
        "attestation_record.cpp",
        "auth_encrypted_key_blob.cpp",
        "authorization_set.cpp",
        "ecdsa_operation.cpp",
        "ec_key.cpp",
        "ec_key_factory.cpp",
        "hmac_key.cpp",
        "hmac_operation.cpp",
        "key.cpp",
        "keymaster_enforcement.cpp",
        "keymaster_tags.cpp",
        "logger.cpp",
        "ocb.c",
        "ocb_utils.cpp",
        "openssl_err.cpp",
        "openssl_utils.cpp",
        "operation.cpp",
        "operation_table.cpp",
        "rsa_key.cpp",
        "rsa_key_factory.cpp",
        "rsa_operation.cpp",
        "serializable.cpp",
        "symmetric_key.cpp",
        "keymaster_stl.cpp",
    ],

    shared_libs: [
        "libcrypto",
        "libkeymaster_messages",
    ],
    cflags: [
        "-Wall",
        "-Werror",
        "-Wunused",
        "-DBORINGSSL_NO_CXX",
    ],
    // NOTE: libkeymaster_portable must run unchanged in the trusty runtime environment.
    // Therefore, it must not link against any c++ stl library. keymaster_stl.cpp
    // weakly defines the subset of stl symbols required for this library to work
    // and which are also available in the trusty context.
    stl: "none",
    clang: true,
    clang_cflags: [
        "-Wno-error=unused-const-variable",
        "-Wno-error=unused-private-field",
        // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released.
        // Currently, if enabled, these flags will cause an internal error in Clang.
        "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp"
    ],

    export_include_dirs: ["include"],

}

// libkeymaster adds to libkeymaster_portable code that is needed by the softkeymaster device
// to implement keymaster. This is sort of a staging area for functionality that may move
// to libkeymaster_portalbe eventually. Unlike libkeymaster_portable, this library can use c++ stl
// headers, but modules should avoid it if they are to be moved to libkeymaster_portable.
cc_library_shared {
    name: "libkeymaster",
    vendor_available: true,
    srcs: [
        "ecies_kem.cpp",
        "hkdf.cpp",
        "hmac.cpp",
        "integrity_assured_key_blob.cpp",
        "iso18033kdf.cpp",
        "kdf.cpp",
        "nist_curve_key_exchange.cpp",
    ],

    shared_libs: [
        "libcrypto",
        "libkeymaster_portable",
        "libkeymaster_messages",
    ],
    cflags: [
        "-Wall",
        "-Werror",
        "-Wunused",
    ],
    clang: true,
    clang_cflags: [
        "-Wno-error=unused-const-variable",
        "-Wno-error=unused-private-field",
        // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released.
        // Currently, if enabled, these flags will cause an internal error in Clang.
        "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp"
    ],

    export_include_dirs: ["include"],

}

// libsoftkeymaster provides a software-based keymaster HAL implementation.
// This is used by keystore as a fallback for when the hardware keymaster does
// not support the request.
cc_library_shared {
    name: "libsoftkeymasterdevice",
    vendor_available: true,
    srcs: [
        "ec_keymaster0_key.cpp",
        "ec_keymaster1_key.cpp",
        "ecdsa_keymaster1_operation.cpp",
        "keymaster0_engine.cpp",
        "keymaster1_engine.cpp",
        "keymaster_configuration.cpp",
        "rsa_keymaster0_key.cpp",
        "rsa_keymaster1_key.cpp",
        "rsa_keymaster1_operation.cpp",
        "soft_keymaster_context.cpp",
        "soft_keymaster_device.cpp",
        "soft_keymaster_logger.cpp",
    ],
    include_dirs: ["system/security/keystore"],
    cflags: [
        "-Wall",
        "-Werror",
        "-Wunused",
    ],
    clang: true,
    clang_cflags: [
        "-Wno-error=unused-const-variable",
        "-Wno-error=unused-private-field",
        // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released.
        // Currently, if enabled, these flags will cause an internal error in Clang.
        "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp"
    ],

    shared_libs: [
        "libkeymaster_messages",
        "libkeymaster_portable",
        "libkeymaster",
        "liblog",
        "libcrypto",
        "libcutils",
    ],

    export_include_dirs: ["include"],
}

// libkeymasterfiles is an empty library that exports all of the files in keymaster as includes.
cc_library_static {
    name: "libkeymasterfiles",
    export_include_dirs: [
        ".",
        "include",
    ],
}