| blob | 27e786ce85aef51f83c4e0f71feeaf6150f4a130 |
1 # Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style license that can be
3 # found in the LICENSE file.
5 import("//build/config/crypto.gni")
6 import("//testing/test.gni")
8 component("crypto") {
9 output_name = "crcrypto" # Avoid colliding with OpenSSL's libcrypto.
10 sources = [
11 "apple_keychain.h",
12 "apple_keychain_ios.mm",
13 "apple_keychain_mac.mm",
14 "capi_util.cc",
15 "capi_util.h",
16 "crypto_export.h",
17 "cssm_init.cc",
18 "cssm_init.h",
19 "curve25519-donna.c",
20 "curve25519.cc",
21 "curve25519.h",
22 "ec_private_key.h",
23 "ec_private_key_nss.cc",
24 "ec_private_key_openssl.cc",
25 "ec_signature_creator.cc",
26 "ec_signature_creator.h",
27 "ec_signature_creator_impl.h",
28 "ec_signature_creator_nss.cc",
29 "ec_signature_creator_openssl.cc",
30 "encryptor.cc",
31 "encryptor.h",
32 "encryptor_nss.cc",
33 "encryptor_openssl.cc",
34 "ghash.cc",
35 "ghash.h",
36 "hkdf.cc",
37 "hkdf.h",
38 "hmac.cc",
39 "hmac.h",
40 "hmac_nss.cc",
41 "hmac_openssl.cc",
42 "mac_security_services_lock.cc",
43 "mac_security_services_lock.h",
45 # TODO(brettw) these mocks should be moved to a test_support_crypto target
46 # if possible.
47 "mock_apple_keychain.cc",
48 "mock_apple_keychain.h",
49 "mock_apple_keychain_ios.cc",
50 "mock_apple_keychain_mac.cc",
51 "nss_util.cc",
52 "nss_util.h",
53 "nss_util_internal.h",
54 "openssl_bio_string.cc",
55 "openssl_bio_string.h",
56 "openssl_util.cc",
57 "openssl_util.h",
58 "p224.cc",
59 "p224.h",
60 "p224_spake.cc",
61 "p224_spake.h",
62 "random.cc",
63 "random.h",
64 "rsa_private_key.cc",
65 "rsa_private_key.h",
66 "rsa_private_key_nss.cc",
67 "rsa_private_key_openssl.cc",
68 "scoped_capi_types.h",
69 "scoped_nss_types.h",
70 "secure_hash.h",
71 "secure_hash_default.cc",
72 "secure_hash_openssl.cc",
73 "secure_util.cc",
74 "secure_util.h",
75 "sha2.cc",
76 "sha2.h",
77 "signature_creator.h",
78 "signature_creator_nss.cc",
79 "signature_creator_openssl.cc",
80 "signature_verifier.h",
81 "signature_verifier_nss.cc",
82 "signature_verifier_openssl.cc",
83 "symmetric_key.h",
84 "symmetric_key_nss.cc",
85 "symmetric_key_openssl.cc",
86 "third_party/nss/chromium-blapi.h",
87 "third_party/nss/chromium-blapit.h",
88 "third_party/nss/chromium-nss.h",
89 "third_party/nss/chromium-sha256.h",
90 "third_party/nss/pk11akey.cc",
91 "third_party/nss/rsawrapr.c",
92 "third_party/nss/secsign.cc",
93 "third_party/nss/sha512.cc",
94 ]
96 # TODO(jschuh): crbug.com/167187 fix size_t to int truncations.
97 configs += [ "//build/config/compiler:no_size_t_to_int_warning" ]
99 deps = [
100 ":platform",
101 "//base",
102 "//base/third_party/dynamic_annotations",
103 ]
105 if (!is_mac && !is_ios) {
106 sources -= [
107 "apple_keychain.h",
108 "mock_apple_keychain.cc",
109 "mock_apple_keychain.h",
110 ]
111 }
113 if (!is_mac) {
114 sources -= [
115 "cssm_init.cc",
116 "cssm_init.h",
117 "mac_security_services_lock.cc",
118 "mac_security_services_lock.h",
119 ]
120 }
121 if (!is_win) {
122 sources -= [
123 "capi_util.cc",
124 "capi_util.h",
125 ]
126 }
128 if (is_android) {
129 deps += [ "//third_party/android_tools:cpu_features" ]
130 }
132 if (use_openssl) {
133 # Remove NSS files when using OpenSSL
134 sources -= [
135 "ec_private_key_nss.cc",
136 "ec_signature_creator_nss.cc",
137 "encryptor_nss.cc",
138 "hmac_nss.cc",
139 "rsa_private_key_nss.cc",
140 "secure_hash_default.cc",
141 "signature_creator_nss.cc",
142 "signature_verifier_nss.cc",
143 "symmetric_key_nss.cc",
144 "third_party/nss/chromium-blapi.h",
145 "third_party/nss/chromium-blapit.h",
146 "third_party/nss/chromium-nss.h",
147 "third_party/nss/pk11akey.cc",
148 "third_party/nss/rsawrapr.c",
149 "third_party/nss/secsign.cc",
150 ]
151 } else {
152 # Remove OpenSSL when using NSS.
153 sources -= [
154 "ec_private_key_openssl.cc",
155 "ec_signature_creator_openssl.cc",
156 "encryptor_openssl.cc",
157 "hmac_openssl.cc",
158 "openssl_bio_string.cc",
159 "openssl_bio_string.h",
160 "openssl_util.cc",
161 "openssl_util.h",
162 "rsa_private_key_openssl.cc",
163 "secure_hash_openssl.cc",
164 "signature_creator_openssl.cc",
165 "signature_verifier_openssl.cc",
166 "symmetric_key_openssl.cc",
167 ]
168 }
170 # Remove nss_util when NSS is used for neither the internal crypto library
171 # nor the platform certificate library.
172 if (use_openssl && !use_nss_certs) {
173 sources -= [
174 "nss_util.cc",
175 "nss_util.h",
176 "nss_util_internal.h",
177 ]
178 }
180 defines = [ "CRYPTO_IMPLEMENTATION" ]
181 }
183 # TODO(GYP): TODO(dpranke), fix the compile errors for this stuff
184 # and make it work.
185 if (false && is_win) {
186 # A minimal crypto subset for hmac-related stuff that small standalone
187 # targets can use to reduce code size on Windows. This does not depend on
188 # OpenSSL/NSS but will use Windows APIs for that functionality.
189 source_set("crypto_minimal_win") {
190 sources = [
191 "crypto_export.h",
192 "hmac.cc",
193 "hmac.h",
194 "hmac_win.cc",
195 "scoped_capi_types.h",
196 "scoped_nss_types.h",
197 "secure_util.cc",
198 "secure_util.h",
199 "symmetric_key.h",
200 "symmetric_key_win.cc",
201 "third_party/nss/chromium-blapi.h",
202 "third_party/nss/chromium-sha256.h",
203 "third_party/nss/sha512.cc",
204 ]
206 deps = [
207 "//base",
208 "//base/third_party/dynamic_annotations",
209 ]
211 defines = [ "CRYPTO_IMPLEMENTATION" ]
212 }
213 }
215 test("crypto_unittests") {
216 sources = [
217 # Tests.
218 "curve25519_unittest.cc",
219 "ec_private_key_unittest.cc",
220 "ec_signature_creator_unittest.cc",
221 "encryptor_unittest.cc",
222 "ghash_unittest.cc",
223 "hkdf_unittest.cc",
224 "hmac_unittest.cc",
225 "nss_util_unittest.cc",
226 "openssl_bio_string_unittest.cc",
227 "p224_spake_unittest.cc",
228 "p224_unittest.cc",
229 "random_unittest.cc",
230 "rsa_private_key_nss_unittest.cc",
231 "rsa_private_key_unittest.cc",
232 "secure_hash_unittest.cc",
233 "sha2_unittest.cc",
234 "signature_creator_unittest.cc",
235 "signature_verifier_unittest.cc",
236 "symmetric_key_unittest.cc",
237 ]
239 # Remove nss_util when NSS is used for neither the internal crypto library
240 # nor the platform certificate library.
241 if (use_openssl && !use_nss_certs) {
242 sources -= [ "nss_util_unittest.cc" ]
243 }
245 if (use_openssl) {
246 sources -= [ "rsa_private_key_nss_unittest.cc" ]
247 } else {
248 sources -= [ "openssl_bio_string_unittest.cc" ]
249 }
251 configs += [ "//build/config/compiler:no_size_t_to_int_warning" ]
253 deps = [
254 ":crypto",
255 ":platform",
256 ":test_support",
257 "//base",
258 "//base/test:run_all_unittests",
259 "//base/test:test_support",
260 "//testing/gmock",
261 "//testing/gtest",
262 ]
263 }
265 source_set("test_support") {
266 sources = [
267 "scoped_test_nss_chromeos_user.cc",
268 "scoped_test_nss_chromeos_user.h",
269 "scoped_test_nss_db.cc",
270 "scoped_test_nss_db.h",
271 "scoped_test_system_nss_key_slot.cc",
272 "scoped_test_system_nss_key_slot.h",
273 ]
274 deps = [
275 ":crypto",
276 ":platform",
277 "//base",
278 ]
280 if (!use_nss_certs) {
281 sources -= [
282 "scoped_test_nss_db.cc",
283 "scoped_test_nss_db.h",
284 ]
285 }
287 if (!is_chromeos) {
288 sources -= [
289 "scoped_test_nss_chromeos_user.cc",
290 "scoped_test_nss_chromeos_user.h",
291 "scoped_test_system_nss_key_slot.cc",
292 "scoped_test_system_nss_key_slot.h",
293 ]
294 }
295 }
297 config("platform_config") {
298 if ((!use_openssl || use_nss_certs) && is_clang) {
299 # There is a broken header guard in /usr/include/nss/secmod.h:
300 # https://bugzilla.mozilla.org/show_bug.cgi?id=884072
301 cflags = [ "-Wno-header-guard" ]
302 }
303 }
305 # This is a meta-target that forwards to NSS's SSL library or OpenSSL,
306 # according to the state of the crypto flags. A target just wanting to depend
307 # on the current SSL library should just depend on this.
308 group("platform") {
309 if (use_openssl) {
310 deps = [
311 "//third_party/boringssl",
312 ]
313 } else {
314 deps = [
315 "//net/third_party/nss/ssl:libssl",
316 ]
317 }
319 # Link in NSS if it is used for either the internal crypto library
320 # (!use_openssl) or platform certificate library (use_nss_certs).
321 if (!use_openssl || use_nss_certs) {
322 if (is_linux) {
323 # On Linux, we use the system NSS (excepting SSL where we always use our
324 # own).
325 public_configs = [ ":platform_config" ]
326 if (!use_openssl) {
327 # If using a bundled copy of NSS's SSL library, ensure the bundled SSL
328 # header search path comes before the system one so our versions are
329 # used. The libssl target will add the search path we want, but
330 # according to GN's ordering rules, public_configs' search path will get
331 # applied before ones inherited from our dependencies. Therefore, we
332 # need to explicitly list our custom libssl's config here before the
333 # system one.
334 public_configs += [ "//net/third_party/nss/ssl:ssl_config" ]
335 }
336 public_configs += [ "//third_party/nss:system_nss_no_ssl_config" ]
337 } else {
338 # Non-Linux platforms use the hermetic NSS from the tree.
339 deps += [
340 "//third_party/nss:nspr",
341 "//third_party/nss:nss",
342 ]
343 }
344 }
345 }