//
// Copyright (C) 2020 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package {
    default_applicable_licenses: ["Android-Apache-2.0"],
}

cc_defaults {
    name: "secure_env_defaults",
    shared_libs: [
        "libbase",
        "libcppbor",
        "libcppcose_rkp",
        "libcrypto",
        "libcutils",
        "libcuttlefish_security",
        "libcuttlefish_transport",
        "libgatekeeper",
        "libjsoncpp",
        "libkeymaster_messages",
        "libkeymaster_portable",
        "liblog",
        "libpuresoftkeymasterdevice_host",
        "libsoft_attestation_cert",
        "tpm2-tss2-esys",
        "tpm2-tss2-mu",
        "tpm2-tss2-rc",
        "tpm2-tss2-tcti",
    ],
    static_libs: [
        "libscrypt_static",
        "ms-tpm-20-ref-lib",
    ],
    cflags: [
        "-fno-rtti", // Required for libkeymaster_portable
    ],
    target: {
        not_windows: {
            static_libs: [
                "libcuttlefish_host_config",
            ],
            shared_libs: [
                "libcuttlefish_fs",
                "libcuttlefish_kernel_log_monitor_utils",
                "libcuttlefish_utils",
                "libfruit",
            ],
        },
        linux: {
            static_libs: [
                "libc++_static",
            ],
        },
        darwin: {
            enabled: true,
        },
        windows: {
            cflags: [
                "-DNOGDI",
            ],
            static_libs: ["libcuttlefish_utils_result"],
        },
    },
}

common_libsecure_srcs = [
    "composite_serialization.cpp",
    "encrypted_serializable.cpp",
    "gatekeeper_responder.cpp",
    "hmac_serializable.cpp",
    "in_process_tpm.cpp",
    "json_serializable.cpp",
    "keymaster_responder.cpp",
    "primary_key_builder.cpp",
    "storage/storage.cpp",
    "storage/tpm_storage.cpp",
    "tpm_attestation_record.cpp",
    "tpm_auth.cpp",
    "tpm_commands.cpp",
    "tpm_encrypt_decrypt.cpp",
    "tpm_ffi.cpp",
    "tpm_gatekeeper.cpp",
    "tpm_hmac.cpp",
    "tpm_key_blob_maker.cpp",
    "tpm_keymaster_context.cpp",
    "tpm_keymaster_enforcement.cpp",
    "tpm_random_source.cpp",
    "tpm_remote_provisioning_context.cpp",
    "tpm_resource_manager.cpp",
    "tpm_serialize.cpp",
]

// Things blocking us to use oemlock on windows:
// 1. Missing transport implementation
// 2. Missing file utils
// 3. Base64 isn't supported (need for software oemlock implementation)
cc_library {
    name: "libsecure_env_not_windows",
    shared_libs: [
        "libcuttlefish_command_util",
        "libcuttlefish_run_cvd_proto",
        "libprotobuf-cpp-full",
    ],
    srcs: common_libsecure_srcs + [
        "confui_sign_server.cpp",
        "device_tpm.cpp",
        "oemlock/oemlock.cpp",
        "oemlock/oemlock_responder.cpp",
        "storage/insecure_json_storage.cpp",
        "suspend_resume_handler.cpp",
        "worker_thread_loop_body.cpp",
    ],
    target: {
        darwin: {
            enabled: true,
        },
    },
    defaults: [
        "cuttlefish_buildhost_only",
        "secure_env_defaults",
    ],
}

// Rust FFI bindings to access TPM-specific functionality in C/C++.
rust_bindgen_host {
    name: "libsecure_env_tpm",
    source_stem: "libsecure_env_tpm",
    crate_name: "secure_env_tpm",
    wrapper_src: "tpm_ffi.h",
    vendor_available: true,
    static_libs: [
        "libsecure_env_not_windows",
    ],
    defaults: [
        "cuttlefish_buildhost_only",
        "secure_env_defaults",
    ],
}

cc_binary_host {
    name: "secure_env",
    static_libs: [
        "libgflags_cuttlefish",
    ],
    target: {
        windows: {
            enabled: true,
            srcs: [
                "secure_env_windows_main.cpp",
            ],
            shared_libs: [
                "libsecure_env_win",
            ],
        },
        not_windows: {
            srcs: [
                "secure_env_not_windows_main.cpp",
            ],
            shared_libs: [
                "libcuttlefish_command_util",
                "libcuttlefish_run_cvd_proto",
            ],
            static_libs: [
                "libsecure_env_not_windows",
            ],
        },
        darwin: {
            enabled: true,
        },
        linux: {
            shared_libs: [
                "libkmr_cf_ffi",
            ],
        },
    },
    defaults: [
        "cuttlefish_buildhost_only",
        "secure_env_defaults",
    ],
}

cc_library {
    name: "libsecure_env_win",
    srcs: common_libsecure_srcs + [
        "secure_env_windows_lib.cpp",
    ],
    header_libs: [
        "cuttlefish_common_headers",
    ],
    target: {
        windows: {
            enabled: true,
        },
        not_windows: {
            enabled: false,
        },
        host: {
            compile_multilib: "64",
        },
    },
    device_supported: false,
    host_supported: true,
    defaults: ["secure_env_defaults"],
}

cc_test_host {
    name: "libsecure_env_test",
    srcs: [
        "encrypted_serializable_test.cpp",
        "test_tpm.cpp",
    ],
    static_libs: [
        "libsecure_env_not_windows",
    ],
    defaults: [
        "cuttlefish_buildhost_only",
        "secure_env_defaults",
    ],
    test_options: {
        unit_test: true,
    },
}