Also pass X-scope for Instance ID's token requests
[chromium-blink-merge.git] / crypto / BUILD.gn
blobf84c4d455d6123b90f566c0fd53a5db531480849
1 # Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style license that can be
3 # found in the LICENSE file.
5 import("//build/config/crypto.gni")
6 import("//testing/test.gni")
8 component("crypto") {
9   output_name = "crcrypto"  # Avoid colliding with OpenSSL's libcrypto.
10   sources = [
11     "aead_openssl.cc",
12     "aead_openssl.h",
13     "apple_keychain.h",
14     "apple_keychain_ios.mm",
15     "apple_keychain_mac.mm",
16     "capi_util.cc",
17     "capi_util.h",
18     "crypto_export.h",
19     "cssm_init.cc",
20     "cssm_init.h",
21     "curve25519-donna.c",
22     "curve25519.cc",
23     "curve25519.h",
24     "ec_private_key.h",
25     "ec_private_key_nss.cc",
26     "ec_private_key_openssl.cc",
27     "ec_signature_creator.cc",
28     "ec_signature_creator.h",
29     "ec_signature_creator_impl.h",
30     "ec_signature_creator_nss.cc",
31     "ec_signature_creator_openssl.cc",
32     "encryptor.cc",
33     "encryptor.h",
34     "encryptor_nss.cc",
35     "encryptor_openssl.cc",
36     "ghash.cc",
37     "ghash.h",
38     "hkdf.cc",
39     "hkdf.h",
40     "hmac.cc",
41     "hmac.h",
42     "hmac_nss.cc",
43     "hmac_openssl.cc",
44     "mac_security_services_lock.cc",
45     "mac_security_services_lock.h",
47     # TODO(brettw) these mocks should be moved to a test_support_crypto target
48     # if possible.
49     "mock_apple_keychain.cc",
50     "mock_apple_keychain.h",
51     "mock_apple_keychain_ios.cc",
52     "mock_apple_keychain_mac.cc",
53     "nss_key_util.cc",
54     "nss_key_util.h",
55     "nss_util.cc",
56     "nss_util.h",
57     "nss_util_internal.h",
58     "openssl_bio_string.cc",
59     "openssl_bio_string.h",
60     "openssl_util.cc",
61     "openssl_util.h",
62     "p224.cc",
63     "p224.h",
64     "p224_spake.cc",
65     "p224_spake.h",
66     "random.cc",
67     "random.h",
68     "rsa_private_key.cc",
69     "rsa_private_key.h",
70     "rsa_private_key_nss.cc",
71     "rsa_private_key_openssl.cc",
72     "scoped_capi_types.h",
73     "scoped_nss_types.h",
74     "secure_hash.h",
75     "secure_hash_default.cc",
76     "secure_hash_openssl.cc",
77     "secure_util.cc",
78     "secure_util.h",
79     "sha2.cc",
80     "sha2.h",
81     "signature_creator.h",
82     "signature_creator_nss.cc",
83     "signature_creator_openssl.cc",
84     "signature_verifier.h",
85     "signature_verifier_nss.cc",
86     "signature_verifier_openssl.cc",
87     "symmetric_key.h",
88     "symmetric_key_nss.cc",
89     "symmetric_key_openssl.cc",
90     "third_party/nss/chromium-blapi.h",
91     "third_party/nss/chromium-blapit.h",
92     "third_party/nss/chromium-nss.h",
93     "third_party/nss/chromium-sha256.h",
94     "third_party/nss/pk11akey.cc",
95     "third_party/nss/rsawrapr.c",
96     "third_party/nss/secsign.cc",
97     "third_party/nss/sha512.cc",
98   ]
100   # TODO(jschuh): crbug.com/167187 fix size_t to int truncations.
101   configs += [ "//build/config/compiler:no_size_t_to_int_warning" ]
103   deps = [
104     ":platform",
105     "//base",
106     "//base/third_party/dynamic_annotations",
107   ]
109   if (!is_mac && !is_ios) {
110     sources -= [
111       "apple_keychain.h",
112       "mock_apple_keychain.cc",
113       "mock_apple_keychain.h",
114     ]
115   }
117   if (!is_mac) {
118     sources -= [
119       "cssm_init.cc",
120       "cssm_init.h",
121       "mac_security_services_lock.cc",
122       "mac_security_services_lock.h",
123     ]
124   }
125   if (!is_win) {
126     sources -= [
127       "capi_util.cc",
128       "capi_util.h",
129     ]
130   }
132   if (is_android) {
133     deps += [ "//third_party/android_tools:cpu_features" ]
134   }
136   if (use_openssl) {
137     # Remove NSS files when using OpenSSL
138     sources -= [
139       "ec_private_key_nss.cc",
140       "ec_signature_creator_nss.cc",
141       "encryptor_nss.cc",
142       "hmac_nss.cc",
143       "rsa_private_key_nss.cc",
144       "secure_hash_default.cc",
145       "signature_creator_nss.cc",
146       "signature_verifier_nss.cc",
147       "symmetric_key_nss.cc",
148       "third_party/nss/chromium-blapi.h",
149       "third_party/nss/chromium-blapit.h",
150       "third_party/nss/chromium-nss.h",
151       "third_party/nss/pk11akey.cc",
152       "third_party/nss/rsawrapr.c",
153       "third_party/nss/secsign.cc",
154     ]
155   } else {
156     # Remove OpenSSL when using NSS.
157     sources -= [
158       "aead_openssl.cc",
159       "aead_openssl.h",
160       "ec_private_key_openssl.cc",
161       "ec_signature_creator_openssl.cc",
162       "encryptor_openssl.cc",
163       "hmac_openssl.cc",
164       "openssl_bio_string.cc",
165       "openssl_bio_string.h",
166       "openssl_util.cc",
167       "openssl_util.h",
168       "rsa_private_key_openssl.cc",
169       "secure_hash_openssl.cc",
170       "signature_creator_openssl.cc",
171       "signature_verifier_openssl.cc",
172       "symmetric_key_openssl.cc",
173     ]
174   }
176   # Some files are built when NSS is used at all, either for the internal crypto
177   # library or the platform certificate library.
178   if (use_openssl && !use_nss_certs) {
179     sources -= [
180       "nss_key_util.cc",
181       "nss_key_util.h",
182       "nss_util.cc",
183       "nss_util.h",
184       "nss_util_internal.h",
185     ]
186   }
188   defines = [ "CRYPTO_IMPLEMENTATION" ]
191 # TODO(GYP): TODO(dpranke), fix the compile errors for this stuff
192 # and make it work.
193 if (false && is_win) {
194   # A minimal crypto subset for hmac-related stuff that small standalone
195   # targets can use to reduce code size on Windows. This does not depend on
196   # OpenSSL/NSS but will use Windows APIs for that functionality.
197   source_set("crypto_minimal_win") {
198     sources = [
199       "crypto_export.h",
200       "hmac.cc",
201       "hmac.h",
202       "hmac_win.cc",
203       "scoped_capi_types.h",
204       "scoped_nss_types.h",
205       "secure_util.cc",
206       "secure_util.h",
207       "symmetric_key.h",
208       "symmetric_key_win.cc",
209       "third_party/nss/chromium-blapi.h",
210       "third_party/nss/chromium-sha256.h",
211       "third_party/nss/sha512.cc",
212     ]
214     deps = [
215       "//base",
216       "//base/third_party/dynamic_annotations",
217     ]
219     defines = [ "CRYPTO_IMPLEMENTATION" ]
220   }
223 test("crypto_unittests") {
224   sources = [
225     # Tests.
226     "curve25519_unittest.cc",
227     "ec_private_key_unittest.cc",
228     "ec_signature_creator_unittest.cc",
229     "encryptor_unittest.cc",
230     "ghash_unittest.cc",
231     "hkdf_unittest.cc",
232     "hmac_unittest.cc",
233     "nss_key_util_unittest.cc",
234     "nss_util_unittest.cc",
235     "openssl_bio_string_unittest.cc",
236     "p224_spake_unittest.cc",
237     "p224_unittest.cc",
238     "random_unittest.cc",
239     "rsa_private_key_unittest.cc",
240     "secure_hash_unittest.cc",
241     "sha2_unittest.cc",
242     "signature_creator_unittest.cc",
243     "signature_verifier_unittest.cc",
244     "symmetric_key_unittest.cc",
245   ]
247   # Some files are built when NSS is used at all, either for the internal crypto
248   # library or the platform certificate library.
249   if (use_openssl && !use_nss_certs) {
250     sources -= [
251       "nss_key_util_unittest.cc",
252       "nss_util_unittest.cc",
253     ]
254   }
256   if (!use_openssl) {
257     sources -= [ "openssl_bio_string_unittest.cc" ]
258   }
260   configs += [ "//build/config/compiler:no_size_t_to_int_warning" ]
262   deps = [
263     ":crypto",
264     ":platform",
265     ":test_support",
266     "//base",
267     "//base/test:run_all_unittests",
268     "//base/test:test_support",
269     "//testing/gmock",
270     "//testing/gtest",
271   ]
274 source_set("test_support") {
275   sources = [
276     "scoped_test_nss_chromeos_user.cc",
277     "scoped_test_nss_chromeos_user.h",
278     "scoped_test_nss_db.cc",
279     "scoped_test_nss_db.h",
280     "scoped_test_system_nss_key_slot.cc",
281     "scoped_test_system_nss_key_slot.h",
282   ]
283   deps = [
284     ":crypto",
285     ":platform",
286     "//base",
287   ]
289   if (!use_nss_certs) {
290     sources -= [
291       "scoped_test_nss_db.cc",
292       "scoped_test_nss_db.h",
293     ]
294   }
296   if (!is_chromeos) {
297     sources -= [
298       "scoped_test_nss_chromeos_user.cc",
299       "scoped_test_nss_chromeos_user.h",
300       "scoped_test_system_nss_key_slot.cc",
301       "scoped_test_system_nss_key_slot.h",
302     ]
303   }
306 config("platform_config") {
307   if ((!use_openssl || use_nss_certs) && is_clang) {
308     # There is a broken header guard in /usr/include/nss/secmod.h:
309     # https://bugzilla.mozilla.org/show_bug.cgi?id=884072
310     cflags = [ "-Wno-header-guard" ]
311   }
314 # This is a meta-target that forwards to NSS's SSL library or OpenSSL,
315 # according to the state of the crypto flags. A target just wanting to depend
316 # on the current SSL library should just depend on this.
317 group("platform") {
318   if (use_openssl) {
319     deps = [
320       "//third_party/boringssl",
321     ]
322   } else {
323     deps = [
324       "//net/third_party/nss/ssl:libssl",
325     ]
326   }
328   # Link in NSS if it is used for either the internal crypto library
329   # (!use_openssl) or platform certificate library (use_nss_certs).
330   if (!use_openssl || use_nss_certs) {
331     if (is_linux) {
332       # On Linux, we use the system NSS (excepting SSL where we always use our
333       # own).
334       public_configs = [ ":platform_config" ]
335       if (!use_openssl) {
336         # If using a bundled copy of NSS's SSL library, ensure the bundled SSL
337         # header search path comes before the system one so our versions are
338         # used. The libssl target will add the search path we want, but
339         # according to GN's ordering rules, public_configs' search path will get
340         # applied before ones inherited from our dependencies.  Therefore, we
341         # need to explicitly list our custom libssl's config here before the
342         # system one.
343         public_configs += [ "//net/third_party/nss/ssl:ssl_config" ]
344       }
345       public_configs += [ "//third_party/nss:system_nss_no_ssl_config" ]
346     } else {
347       # Non-Linux platforms use the hermetic NSS from the tree.
348       deps += [
349         "//third_party/nss:nspr",
350         "//third_party/nss:nss",
351       ]
352     }
353   }