| blob | af78cbf81022efd2c86ed6ae3a020b0e142f6bc5 |
1 # Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style license that can be
3 # found in the LICENSE file.
5 import("//build/config/crypto.gni")
6 import("//testing/test.gni")
8 component("crypto") {
9 output_name = "crcrypto" # Avoid colliding with OpenSSL's libcrypto.
10 sources = [
11 "aead_openssl.cc",
12 "aead_openssl.h",
13 "aes_128_gcm_helpers_nss.cc",
14 "aes_128_gcm_helpers_nss.h",
15 "apple_keychain.h",
16 "apple_keychain_ios.mm",
17 "apple_keychain_mac.mm",
18 "capi_util.cc",
19 "capi_util.h",
20 "crypto_export.h",
21 "cssm_init.cc",
22 "cssm_init.h",
23 "curve25519-donna.c",
24 "curve25519.cc",
25 "curve25519.h",
26 "ec_private_key.h",
27 "ec_private_key_nss.cc",
28 "ec_private_key_openssl.cc",
29 "ec_signature_creator.cc",
30 "ec_signature_creator.h",
31 "ec_signature_creator_impl.h",
32 "ec_signature_creator_nss.cc",
33 "ec_signature_creator_openssl.cc",
34 "encryptor.cc",
35 "encryptor.h",
36 "encryptor_nss.cc",
37 "encryptor_openssl.cc",
38 "ghash.cc",
39 "ghash.h",
40 "hkdf.cc",
41 "hkdf.h",
42 "hmac.cc",
43 "hmac.h",
44 "hmac_nss.cc",
45 "hmac_openssl.cc",
46 "mac_security_services_lock.cc",
47 "mac_security_services_lock.h",
49 # TODO(brettw) these mocks should be moved to a test_support_crypto target
50 # if possible.
51 "mock_apple_keychain.cc",
52 "mock_apple_keychain.h",
53 "mock_apple_keychain_ios.cc",
54 "mock_apple_keychain_mac.cc",
55 "nss_key_util.cc",
56 "nss_key_util.h",
57 "nss_util.cc",
58 "nss_util.h",
59 "nss_util_internal.h",
60 "openssl_bio_string.cc",
61 "openssl_bio_string.h",
62 "openssl_util.cc",
63 "openssl_util.h",
64 "p224.cc",
65 "p224.h",
66 "p224_spake.cc",
67 "p224_spake.h",
68 "random.cc",
69 "random.h",
70 "rsa_private_key.cc",
71 "rsa_private_key.h",
72 "rsa_private_key_nss.cc",
73 "rsa_private_key_openssl.cc",
74 "scoped_capi_types.h",
75 "scoped_nss_types.h",
76 "secure_hash.h",
77 "secure_hash_default.cc",
78 "secure_hash_openssl.cc",
79 "secure_util.cc",
80 "secure_util.h",
81 "sha2.cc",
82 "sha2.h",
83 "signature_creator.h",
84 "signature_creator_nss.cc",
85 "signature_creator_openssl.cc",
86 "signature_verifier.h",
87 "signature_verifier_nss.cc",
88 "signature_verifier_openssl.cc",
89 "symmetric_key.h",
90 "symmetric_key_nss.cc",
91 "symmetric_key_openssl.cc",
92 "third_party/nss/chromium-blapi.h",
93 "third_party/nss/chromium-blapit.h",
94 "third_party/nss/chromium-nss.h",
95 "third_party/nss/chromium-sha256.h",
96 "third_party/nss/pk11akey.cc",
97 "third_party/nss/rsawrapr.c",
98 "third_party/nss/secsign.cc",
99 "third_party/nss/sha512.cc",
100 ]
102 # TODO(jschuh): crbug.com/167187 fix size_t to int truncations.
103 configs += [ "//build/config/compiler:no_size_t_to_int_warning" ]
105 deps = [
106 ":platform",
107 "//base",
108 "//base/third_party/dynamic_annotations",
109 ]
111 if (!is_mac && !is_ios) {
112 sources -= [
113 "apple_keychain.h",
114 "mock_apple_keychain.cc",
115 "mock_apple_keychain.h",
116 ]
117 }
119 if (!is_mac) {
120 sources -= [
121 "cssm_init.cc",
122 "cssm_init.h",
123 "mac_security_services_lock.cc",
124 "mac_security_services_lock.h",
125 ]
126 }
127 if (!is_win) {
128 sources -= [
129 "capi_util.cc",
130 "capi_util.h",
131 ]
132 }
134 if (is_android) {
135 deps += [ "//third_party/android_tools:cpu_features" ]
136 }
138 if (use_openssl) {
139 # Remove NSS files when using OpenSSL
140 sources -= [
141 "aes_128_gcm_helpers_nss.cc",
142 "aes_128_gcm_helpers_nss.h",
143 "ec_private_key_nss.cc",
144 "ec_signature_creator_nss.cc",
145 "encryptor_nss.cc",
146 "hmac_nss.cc",
147 "rsa_private_key_nss.cc",
148 "secure_hash_default.cc",
149 "signature_creator_nss.cc",
150 "signature_verifier_nss.cc",
151 "symmetric_key_nss.cc",
152 "third_party/nss/chromium-blapi.h",
153 "third_party/nss/chromium-blapit.h",
154 "third_party/nss/chromium-nss.h",
155 "third_party/nss/pk11akey.cc",
156 "third_party/nss/rsawrapr.c",
157 "third_party/nss/secsign.cc",
158 ]
159 } else {
160 # Remove OpenSSL when using NSS.
161 sources -= [
162 "aead_openssl.cc",
163 "aead_openssl.h",
164 "ec_private_key_openssl.cc",
165 "ec_signature_creator_openssl.cc",
166 "encryptor_openssl.cc",
167 "hmac_openssl.cc",
168 "openssl_bio_string.cc",
169 "openssl_bio_string.h",
170 "openssl_util.cc",
171 "openssl_util.h",
172 "rsa_private_key_openssl.cc",
173 "secure_hash_openssl.cc",
174 "signature_creator_openssl.cc",
175 "signature_verifier_openssl.cc",
176 "symmetric_key_openssl.cc",
177 ]
178 }
180 # Some files are built when NSS is used at all, either for the internal crypto
181 # library or the platform certificate library.
182 if (use_openssl && !use_nss_certs) {
183 sources -= [
184 "nss_key_util.cc",
185 "nss_key_util.h",
186 "nss_util.cc",
187 "nss_util.h",
188 "nss_util_internal.h",
189 ]
190 }
192 defines = [ "CRYPTO_IMPLEMENTATION" ]
194 if (is_nacl) {
195 deps += [ "//native_client_sdk/src/libraries/nacl_io" ]
196 }
197 }
199 # TODO(GYP): TODO(dpranke), fix the compile errors for this stuff
200 # and make it work.
201 if (false && is_win) {
202 # A minimal crypto subset for hmac-related stuff that small standalone
203 # targets can use to reduce code size on Windows. This does not depend on
204 # OpenSSL/NSS but will use Windows APIs for that functionality.
205 source_set("crypto_minimal_win") {
206 sources = [
207 "crypto_export.h",
208 "hmac.cc",
209 "hmac.h",
210 "hmac_win.cc",
211 "scoped_capi_types.h",
212 "scoped_nss_types.h",
213 "secure_util.cc",
214 "secure_util.h",
215 "symmetric_key.h",
216 "symmetric_key_win.cc",
217 "third_party/nss/chromium-blapi.h",
218 "third_party/nss/chromium-sha256.h",
219 "third_party/nss/sha512.cc",
220 ]
222 deps = [
223 "//base",
224 "//base/third_party/dynamic_annotations",
225 ]
227 defines = [ "CRYPTO_IMPLEMENTATION" ]
228 }
229 }
231 # TODO(GYP): Delete this after we've converted everything to GN.
232 # The _run targets exist only for compatibility w/ GYP.
233 group("crypto_unittests_run") {
234 testonly = true
235 deps = [
236 ":crypto_unittests",
237 ]
238 }
240 test("crypto_unittests") {
241 sources = [
242 "aead_openssl_unittest.cc",
243 "aes_128_gcm_helpers_nss_unittest.cc",
244 "curve25519_unittest.cc",
245 "ec_private_key_unittest.cc",
246 "ec_signature_creator_unittest.cc",
247 "encryptor_unittest.cc",
248 "ghash_unittest.cc",
249 "hkdf_unittest.cc",
250 "hmac_unittest.cc",
251 "nss_key_util_unittest.cc",
252 "nss_util_unittest.cc",
253 "openssl_bio_string_unittest.cc",
254 "p224_spake_unittest.cc",
255 "p224_unittest.cc",
256 "random_unittest.cc",
257 "rsa_private_key_unittest.cc",
258 "secure_hash_unittest.cc",
259 "sha2_unittest.cc",
260 "signature_creator_unittest.cc",
261 "signature_verifier_unittest.cc",
262 "symmetric_key_unittest.cc",
263 ]
265 # Some files are built when NSS is used at all, either for the internal crypto
266 # library or the platform certificate library.
267 if (use_openssl && !use_nss_certs) {
268 sources -= [
269 "nss_key_util_unittest.cc",
270 "nss_util_unittest.cc",
271 ]
272 }
274 if (use_openssl) {
275 sources -= [ "aes_128_gcm_helpers_nss_unittest.cc" ]
276 } else {
277 sources -= [ "openssl_bio_string_unittest.cc" ]
278 }
280 configs += [ "//build/config/compiler:no_size_t_to_int_warning" ]
282 deps = [
283 ":crypto",
284 ":platform",
285 ":test_support",
286 "//base",
287 "//base/test:run_all_unittests",
288 "//base/test:test_support",
289 "//testing/gmock",
290 "//testing/gtest",
291 ]
292 }
294 source_set("test_support") {
295 sources = [
296 "scoped_test_nss_chromeos_user.cc",
297 "scoped_test_nss_chromeos_user.h",
298 "scoped_test_nss_db.cc",
299 "scoped_test_nss_db.h",
300 "scoped_test_system_nss_key_slot.cc",
301 "scoped_test_system_nss_key_slot.h",
302 ]
303 deps = [
304 ":crypto",
305 ":platform",
306 "//base",
307 ]
309 if (!use_nss_certs) {
310 sources -= [
311 "scoped_test_nss_db.cc",
312 "scoped_test_nss_db.h",
313 ]
314 }
316 if (!is_chromeos) {
317 sources -= [
318 "scoped_test_nss_chromeos_user.cc",
319 "scoped_test_nss_chromeos_user.h",
320 "scoped_test_system_nss_key_slot.cc",
321 "scoped_test_system_nss_key_slot.h",
322 ]
323 }
324 }
326 config("platform_config") {
327 if ((!use_openssl || use_nss_certs) && is_clang) {
328 # There is a broken header guard in /usr/include/nss/secmod.h:
329 # https://bugzilla.mozilla.org/show_bug.cgi?id=884072
330 cflags = [ "-Wno-header-guard" ]
331 }
332 }
334 # This is a meta-target that forwards to NSS's SSL library or OpenSSL,
335 # according to the state of the crypto flags. A target just wanting to depend
336 # on the current SSL library should just depend on this.
337 group("platform") {
338 if (use_openssl) {
339 deps = [
340 "//third_party/boringssl",
341 ]
342 } else {
343 deps = [
344 "//net/third_party/nss/ssl:libssl",
345 ]
346 }
348 # Link in NSS if it is used for either the internal crypto library
349 # (!use_openssl) or platform certificate library (use_nss_certs).
350 if (!use_openssl || use_nss_certs) {
351 if (is_linux) {
352 # On Linux, we use the system NSS (excepting SSL where we always use our
353 # own).
354 public_configs = [ ":platform_config" ]
355 if (!use_openssl) {
356 # If using a bundled copy of NSS's SSL library, ensure the bundled SSL
357 # header search path comes before the system one so our versions are
358 # used. The libssl target will add the search path we want, but
359 # according to GN's ordering rules, public_configs' search path will get
360 # applied before ones inherited from our dependencies. Therefore, we
361 # need to explicitly list our custom libssl's config here before the
362 # system one.
363 public_configs += [ "//net/third_party/nss/ssl:ssl_config" ]
364 }
365 public_configs += [ "//third_party/nss:system_nss_no_ssl_config" ]
366 } else {
367 # Non-Linux platforms use the hermetic NSS from the tree.
368 public_deps = [
369 "//third_party/nss:nspr",
370 "//third_party/nss:nss",
371 ]
372 }
373 }
374 }