crypto/BUILD.gn

   1 # Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 # Use of this source code is governed by a BSD-style license that can be
   3 # found in the LICENSE file.
   4
   5 import("//build/config/crypto.gni")
   6 import("//testing/test.gni")
   7
   8 component("crypto") {
   9   output_name = "crcrypto"  # Avoid colliding with OpenSSL's libcrypto.
  10   sources = [
  11     "aead_openssl.cc",
  12     "aead_openssl.h",
  13     "apple_keychain.h",
  14     "apple_keychain_ios.mm",
  15     "apple_keychain_mac.mm",
  16     "capi_util.cc",
  17     "capi_util.h",
  18     "crypto_export.h",
  19     "cssm_init.cc",
  20     "cssm_init.h",
  21     "curve25519-donna.c",
  22     "curve25519.cc",
  23     "curve25519.h",
  24     "ec_private_key.h",
  25     "ec_private_key_nss.cc",
  26     "ec_private_key_openssl.cc",
  27     "ec_signature_creator.cc",
  28     "ec_signature_creator.h",
  29     "ec_signature_creator_impl.h",
  30     "ec_signature_creator_nss.cc",
  31     "ec_signature_creator_openssl.cc",
  32     "encryptor.cc",
  33     "encryptor.h",
  34     "encryptor_nss.cc",
  35     "encryptor_openssl.cc",
  36     "ghash.cc",
  37     "ghash.h",
  38     "hkdf.cc",
  39     "hkdf.h",
  40     "hmac.cc",
  41     "hmac.h",
  42     "hmac_nss.cc",
  43     "hmac_openssl.cc",
  44     "mac_security_services_lock.cc",
  45     "mac_security_services_lock.h",
  46
  47     # TODO(brettw) these mocks should be moved to a test_support_crypto target
  48     # if possible.
  49     "mock_apple_keychain.cc",
  50     "mock_apple_keychain.h",
  51     "mock_apple_keychain_ios.cc",
  52     "mock_apple_keychain_mac.cc",
  53     "nss_util.cc",
  54     "nss_util.h",
  55     "nss_util_internal.h",
  56     "openssl_bio_string.cc",
  57     "openssl_bio_string.h",
  58     "openssl_util.cc",
  59     "openssl_util.h",
  60     "p224.cc",
  61     "p224.h",
  62     "p224_spake.cc",
  63     "p224_spake.h",
  64     "random.cc",
  65     "random.h",
  66     "rsa_private_key.cc",
  67     "rsa_private_key.h",
  68     "rsa_private_key_nss.cc",
  69     "rsa_private_key_openssl.cc",
  70     "scoped_capi_types.h",
  71     "scoped_nss_types.h",
  72     "secure_hash.h",
  73     "secure_hash_default.cc",
  74     "secure_hash_openssl.cc",
  75     "secure_util.cc",
  76     "secure_util.h",
  77     "sha2.cc",
  78     "sha2.h",
  79     "signature_creator.h",
  80     "signature_creator_nss.cc",
  81     "signature_creator_openssl.cc",
  82     "signature_verifier.h",
  83     "signature_verifier_nss.cc",
  84     "signature_verifier_openssl.cc",
  85     "symmetric_key.h",
  86     "symmetric_key_nss.cc",
  87     "symmetric_key_openssl.cc",
  88     "third_party/nss/chromium-blapi.h",
  89     "third_party/nss/chromium-blapit.h",
  90     "third_party/nss/chromium-nss.h",
  91     "third_party/nss/chromium-sha256.h",
  92     "third_party/nss/pk11akey.cc",
  93     "third_party/nss/rsawrapr.c",
  94     "third_party/nss/secsign.cc",
  95     "third_party/nss/sha512.cc",
  96   ]
  97
  98   # TODO(jschuh): crbug.com/167187 fix size_t to int truncations.
  99   configs += [ "//build/config/compiler:no_size_t_to_int_warning" ]
 100
 101   deps = [
 102     ":platform",
 103     "//base",
 104     "//base/third_party/dynamic_annotations",
 105   ]
 106
 107   if (!is_mac && !is_ios) {
 108     sources -= [
 109       "apple_keychain.h",
 110       "mock_apple_keychain.cc",
 111       "mock_apple_keychain.h",
 112     ]
 113   }
 114
 115   if (!is_mac) {
 116     sources -= [
 117       "cssm_init.cc",
 118       "cssm_init.h",
 119       "mac_security_services_lock.cc",
 120       "mac_security_services_lock.h",
 121     ]
 122   }
 123   if (!is_win) {
 124     sources -= [
 125       "capi_util.cc",
 126       "capi_util.h",
 127     ]
 128   }
 129
 130   if (is_android) {
 131     deps += [ "//third_party/android_tools:cpu_features" ]
 132   }
 133
 134   if (use_openssl) {
 135     # Remove NSS files when using OpenSSL
 136     sources -= [
 137       "ec_private_key_nss.cc",
 138       "ec_signature_creator_nss.cc",
 139       "encryptor_nss.cc",
 140       "hmac_nss.cc",
 141       "rsa_private_key_nss.cc",
 142       "secure_hash_default.cc",
 143       "signature_creator_nss.cc",
 144       "signature_verifier_nss.cc",
 145       "symmetric_key_nss.cc",
 146       "third_party/nss/chromium-blapi.h",
 147       "third_party/nss/chromium-blapit.h",
 148       "third_party/nss/chromium-nss.h",
 149       "third_party/nss/pk11akey.cc",
 150       "third_party/nss/rsawrapr.c",
 151       "third_party/nss/secsign.cc",
 152     ]
 153   } else {
 154     # Remove OpenSSL when using NSS.
 155     sources -= [
 156       "aead_openssl.cc",
 157       "aead_openssl.h",
 158       "ec_private_key_openssl.cc",
 159       "ec_signature_creator_openssl.cc",
 160       "encryptor_openssl.cc",
 161       "hmac_openssl.cc",
 162       "openssl_bio_string.cc",
 163       "openssl_bio_string.h",
 164       "openssl_util.cc",
 165       "openssl_util.h",
 166       "rsa_private_key_openssl.cc",
 167       "secure_hash_openssl.cc",
 168       "signature_creator_openssl.cc",
 169       "signature_verifier_openssl.cc",
 170       "symmetric_key_openssl.cc",
 171     ]
 172   }
 173
 174   # Remove nss_util when NSS is used for neither the internal crypto library
 175   # nor the platform certificate library.
 176   if (use_openssl && !use_nss_certs) {
 177     sources -= [
 178       "nss_util.cc",
 179       "nss_util.h",
 180       "nss_util_internal.h",
 181     ]
 182   }
 183
 184   defines = [ "CRYPTO_IMPLEMENTATION" ]
 185 }
 186
 187 # TODO(GYP): TODO(dpranke), fix the compile errors for this stuff
 188 # and make it work.
 189 if (false && is_win) {
 190   # A minimal crypto subset for hmac-related stuff that small standalone
 191   # targets can use to reduce code size on Windows. This does not depend on
 192   # OpenSSL/NSS but will use Windows APIs for that functionality.
 193   source_set("crypto_minimal_win") {
 194     sources = [
 195       "crypto_export.h",
 196       "hmac.cc",
 197       "hmac.h",
 198       "hmac_win.cc",
 199       "scoped_capi_types.h",
 200       "scoped_nss_types.h",
 201       "secure_util.cc",
 202       "secure_util.h",
 203       "symmetric_key.h",
 204       "symmetric_key_win.cc",
 205       "third_party/nss/chromium-blapi.h",
 206       "third_party/nss/chromium-sha256.h",
 207       "third_party/nss/sha512.cc",
 208     ]
 209
 210     deps = [
 211       "//base",
 212       "//base/third_party/dynamic_annotations",
 213     ]
 214
 215     defines = [ "CRYPTO_IMPLEMENTATION" ]
 216   }
 217 }
 218
 219 test("crypto_unittests") {
 220   sources = [
 221     # Tests.
 222     "curve25519_unittest.cc",
 223     "ec_private_key_unittest.cc",
 224     "ec_signature_creator_unittest.cc",
 225     "encryptor_unittest.cc",
 226     "ghash_unittest.cc",
 227     "hkdf_unittest.cc",
 228     "hmac_unittest.cc",
 229     "nss_util_unittest.cc",
 230     "openssl_bio_string_unittest.cc",
 231     "p224_spake_unittest.cc",
 232     "p224_unittest.cc",
 233     "random_unittest.cc",
 234     "rsa_private_key_nss_unittest.cc",
 235     "rsa_private_key_unittest.cc",
 236     "secure_hash_unittest.cc",
 237     "sha2_unittest.cc",
 238     "signature_creator_unittest.cc",
 239     "signature_verifier_unittest.cc",
 240     "symmetric_key_unittest.cc",
 241   ]
 242
 243   # Remove nss_util when NSS is used for neither the internal crypto library
 244   # nor the platform certificate library.
 245   if (use_openssl && !use_nss_certs) {
 246     sources -= [ "nss_util_unittest.cc" ]
 247   }
 248
 249   if (use_openssl) {
 250     sources -= [ "rsa_private_key_nss_unittest.cc" ]
 251   } else {
 252     sources -= [ "openssl_bio_string_unittest.cc" ]
 253   }
 254
 255   configs += [ "//build/config/compiler:no_size_t_to_int_warning" ]
 256
 257   deps = [
 258     ":crypto",
 259     ":platform",
 260     ":test_support",
 261     "//base",
 262     "//base/test:run_all_unittests",
 263     "//base/test:test_support",
 264     "//testing/gmock",
 265     "//testing/gtest",
 266   ]
 267 }
 268
 269 source_set("test_support") {
 270   sources = [
 271     "scoped_test_nss_chromeos_user.cc",
 272     "scoped_test_nss_chromeos_user.h",
 273     "scoped_test_nss_db.cc",
 274     "scoped_test_nss_db.h",
 275     "scoped_test_system_nss_key_slot.cc",
 276     "scoped_test_system_nss_key_slot.h",
 277   ]
 278   deps = [
 279     ":crypto",
 280     ":platform",
 281     "//base",
 282   ]
 283
 284   if (!use_nss_certs) {
 285     sources -= [
 286       "scoped_test_nss_db.cc",
 287       "scoped_test_nss_db.h",
 288     ]
 289   }
 290
 291   if (!is_chromeos) {
 292     sources -= [
 293       "scoped_test_nss_chromeos_user.cc",
 294       "scoped_test_nss_chromeos_user.h",
 295       "scoped_test_system_nss_key_slot.cc",
 296       "scoped_test_system_nss_key_slot.h",
 297     ]
 298   }
 299 }
 300
 301 config("platform_config") {
 302   if ((!use_openssl || use_nss_certs) && is_clang) {
 303     # There is a broken header guard in /usr/include/nss/secmod.h:
 304     # https://bugzilla.mozilla.org/show_bug.cgi?id=884072
 305     cflags = [ "-Wno-header-guard" ]
 306   }
 307 }
 308
 309 # This is a meta-target that forwards to NSS's SSL library or OpenSSL,
 310 # according to the state of the crypto flags. A target just wanting to depend
 311 # on the current SSL library should just depend on this.
 312 group("platform") {
 313   if (use_openssl) {
 314     deps = [
 315       "//third_party/boringssl",
 316     ]
 317   } else {
 318     deps = [
 319       "//net/third_party/nss/ssl:libssl",
 320     ]
 321   }
 322
 323   # Link in NSS if it is used for either the internal crypto library
 324   # (!use_openssl) or platform certificate library (use_nss_certs).
 325   if (!use_openssl || use_nss_certs) {
 326     if (is_linux) {
 327       # On Linux, we use the system NSS (excepting SSL where we always use our
 328       # own).
 329       public_configs = [ ":platform_config" ]
 330       if (!use_openssl) {
 331         # If using a bundled copy of NSS's SSL library, ensure the bundled SSL
 332         # header search path comes before the system one so our versions are
 333         # used. The libssl target will add the search path we want, but
 334         # according to GN's ordering rules, public_configs' search path will get
 335         # applied before ones inherited from our dependencies.  Therefore, we
 336         # need to explicitly list our custom libssl's config here before the
 337         # system one.
 338         public_configs += [ "//net/third_party/nss/ssl:ssl_config" ]
 339       }
 340       public_configs += [ "//third_party/nss:system_nss_no_ssl_config" ]
 341     } else {
 342       # Non-Linux platforms use the hermetic NSS from the tree.
 343       deps += [
 344         "//third_party/nss:nspr",
 345         "//third_party/nss:nss",
 346       ]
 347     }
 348   }
 349 }