1# Copyright (c) 2013 The Chromium Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5import("//build/config/crypto.gni") 6import("//testing/test.gni") 7 8component("crypto") { 9 output_name = "crcrypto" # Avoid colliding with OpenSSL's libcrypto. 10 sources = [ 11 "aead_openssl.cc", 12 "aead_openssl.h", 13 "apple_keychain.h", 14 "apple_keychain_ios.mm", 15 "apple_keychain_mac.mm", 16 "capi_util.cc", 17 "capi_util.h", 18 "crypto_export.h", 19 "cssm_init.cc", 20 "cssm_init.h", 21 "curve25519-donna.c", 22 "curve25519.h", 23 "curve25519_nss.cc", 24 "curve25519_openssl.cc", 25 "ec_private_key.h", 26 "ec_private_key_nss.cc", 27 "ec_private_key_openssl.cc", 28 "ec_signature_creator.cc", 29 "ec_signature_creator.h", 30 "ec_signature_creator_impl.h", 31 "ec_signature_creator_nss.cc", 32 "ec_signature_creator_openssl.cc", 33 "encryptor.cc", 34 "encryptor.h", 35 "encryptor_nss.cc", 36 "encryptor_openssl.cc", 37 "ghash.cc", 38 "ghash.h", 39 "hkdf.cc", 40 "hkdf.h", 41 "hmac.cc", 42 "hmac.h", 43 "hmac_nss.cc", 44 "hmac_openssl.cc", 45 "mac_security_services_lock.cc", 46 "mac_security_services_lock.h", 47 48 # TODO(brettw) these mocks should be moved to a test_support_crypto target 49 # if possible. 50 "mock_apple_keychain.cc", 51 "mock_apple_keychain.h", 52 "mock_apple_keychain_ios.cc", 53 "mock_apple_keychain_mac.cc", 54 "nss_key_util.cc", 55 "nss_key_util.h", 56 "nss_util.cc", 57 "nss_util.h", 58 "nss_util_internal.h", 59 "openssl_bio_string.cc", 60 "openssl_bio_string.h", 61 "openssl_util.cc", 62 "openssl_util.h", 63 "p224.cc", 64 "p224.h", 65 "p224_spake.cc", 66 "p224_spake.h", 67 "random.cc", 68 "random.h", 69 "rsa_private_key.cc", 70 "rsa_private_key.h", 71 "rsa_private_key_nss.cc", 72 "rsa_private_key_openssl.cc", 73 "scoped_capi_types.h", 74 "scoped_nss_types.h", 75 "secure_hash.h", 76 "secure_hash_default.cc", 77 "secure_hash_openssl.cc", 78 "secure_util.cc", 79 "secure_util.h", 80 "sha2.cc", 81 "sha2.h", 82 "signature_creator.h", 83 "signature_creator_nss.cc", 84 "signature_creator_openssl.cc", 85 "signature_verifier.h", 86 "signature_verifier_nss.cc", 87 "signature_verifier_openssl.cc", 88 "symmetric_key.h", 89 "symmetric_key_nss.cc", 90 "symmetric_key_openssl.cc", 91 "third_party/nss/chromium-blapi.h", 92 "third_party/nss/chromium-blapit.h", 93 "third_party/nss/chromium-nss.h", 94 "third_party/nss/chromium-sha256.h", 95 "third_party/nss/pk11akey.cc", 96 "third_party/nss/rsawrapr.c", 97 "third_party/nss/secsign.cc", 98 "third_party/nss/sha512.cc", 99 ] 100 101 # TODO(jschuh): crbug.com/167187 fix size_t to int truncations. 102 configs += [ "//build/config/compiler:no_size_t_to_int_warning" ] 103 104 deps = [ 105 ":platform", 106 "//base", 107 "//base/third_party/dynamic_annotations", 108 ] 109 110 if (!is_mac && !is_ios) { 111 sources -= [ 112 "apple_keychain.h", 113 "mock_apple_keychain.cc", 114 "mock_apple_keychain.h", 115 ] 116 } 117 118 if (!is_mac) { 119 sources -= [ 120 "cssm_init.cc", 121 "cssm_init.h", 122 "mac_security_services_lock.cc", 123 "mac_security_services_lock.h", 124 ] 125 } 126 if (!is_win) { 127 sources -= [ 128 "capi_util.cc", 129 "capi_util.h", 130 ] 131 } 132 133 if (is_android) { 134 deps += [ "//third_party/android_tools:cpu_features" ] 135 } 136 137 if (use_openssl) { 138 # Remove NSS files when using OpenSSL 139 sources -= [ 140 "curve25519-donna.c", 141 "curve25519_nss.cc", 142 "ec_private_key_nss.cc", 143 "ec_signature_creator_nss.cc", 144 "encryptor_nss.cc", 145 "hmac_nss.cc", 146 "rsa_private_key_nss.cc", 147 "secure_hash_default.cc", 148 "signature_creator_nss.cc", 149 "signature_verifier_nss.cc", 150 "symmetric_key_nss.cc", 151 "third_party/nss/chromium-blapi.h", 152 "third_party/nss/chromium-blapit.h", 153 "third_party/nss/chromium-nss.h", 154 "third_party/nss/pk11akey.cc", 155 "third_party/nss/rsawrapr.c", 156 "third_party/nss/secsign.cc", 157 ] 158 } else { 159 # Remove OpenSSL when using NSS. 160 sources -= [ 161 "aead_openssl.cc", 162 "aead_openssl.h", 163 "curve25519_openssl.cc", 164 "ec_private_key_openssl.cc", 165 "ec_signature_creator_openssl.cc", 166 "encryptor_openssl.cc", 167 "hmac_openssl.cc", 168 "openssl_bio_string.cc", 169 "openssl_bio_string.h", 170 "openssl_util.cc", 171 "openssl_util.h", 172 "rsa_private_key_openssl.cc", 173 "secure_hash_openssl.cc", 174 "signature_creator_openssl.cc", 175 "signature_verifier_openssl.cc", 176 "symmetric_key_openssl.cc", 177 ] 178 } 179 180 # Some files are built when NSS is used at all, either for the internal crypto 181 # library or the platform certificate library. 182 if (use_openssl && !use_nss_certs) { 183 sources -= [ 184 "nss_key_util.cc", 185 "nss_key_util.h", 186 "nss_util.cc", 187 "nss_util.h", 188 "nss_util_internal.h", 189 ] 190 } 191 192 defines = [ "CRYPTO_IMPLEMENTATION" ] 193 194 if (is_nacl) { 195 deps += [ "//native_client_sdk/src/libraries/nacl_io" ] 196 } 197} 198 199# TODO(GYP): TODO(dpranke), fix the compile errors for this stuff 200# and make it work. 201if (false && is_win) { 202 # A minimal crypto subset for hmac-related stuff that small standalone 203 # targets can use to reduce code size on Windows. This does not depend on 204 # OpenSSL/NSS but will use Windows APIs for that functionality. 205 source_set("crypto_minimal_win") { 206 sources = [ 207 "crypto_export.h", 208 "hmac.cc", 209 "hmac.h", 210 "hmac_win.cc", 211 "scoped_capi_types.h", 212 "scoped_nss_types.h", 213 "secure_util.cc", 214 "secure_util.h", 215 "symmetric_key.h", 216 "symmetric_key_win.cc", 217 "third_party/nss/chromium-blapi.h", 218 "third_party/nss/chromium-sha256.h", 219 "third_party/nss/sha512.cc", 220 ] 221 222 deps = [ 223 "//base", 224 "//base/third_party/dynamic_annotations", 225 ] 226 227 defines = [ "CRYPTO_IMPLEMENTATION" ] 228 } 229} 230 231# TODO(GYP): Delete this after we've converted everything to GN. 232# The _run targets exist only for compatibility w/ GYP. 233group("crypto_unittests_run") { 234 testonly = true 235 deps = [ 236 ":crypto_unittests", 237 ] 238} 239 240test("crypto_unittests") { 241 sources = [ 242 "aead_openssl_unittest.cc", 243 "curve25519_unittest.cc", 244 "ec_private_key_unittest.cc", 245 "ec_signature_creator_unittest.cc", 246 "encryptor_unittest.cc", 247 "ghash_unittest.cc", 248 "hkdf_unittest.cc", 249 "hmac_unittest.cc", 250 "nss_key_util_unittest.cc", 251 "nss_util_unittest.cc", 252 "openssl_bio_string_unittest.cc", 253 "p224_spake_unittest.cc", 254 "p224_unittest.cc", 255 "random_unittest.cc", 256 "rsa_private_key_unittest.cc", 257 "secure_hash_unittest.cc", 258 "sha2_unittest.cc", 259 "signature_creator_unittest.cc", 260 "signature_verifier_unittest.cc", 261 "symmetric_key_unittest.cc", 262 ] 263 264 # Some files are built when NSS is used at all, either for the internal crypto 265 # library or the platform certificate library. 266 if (use_openssl && !use_nss_certs) { 267 sources -= [ 268 "nss_key_util_unittest.cc", 269 "nss_util_unittest.cc", 270 ] 271 } 272 273 if (!use_openssl) { 274 sources -= [ "openssl_bio_string_unittest.cc" ] 275 } 276 277 configs += [ "//build/config/compiler:no_size_t_to_int_warning" ] 278 279 deps = [ 280 ":crypto", 281 ":platform", 282 ":test_support", 283 "//base", 284 "//base/test:run_all_unittests", 285 "//base/test:test_support", 286 "//testing/gmock", 287 "//testing/gtest", 288 ] 289} 290 291source_set("test_support") { 292 sources = [ 293 "scoped_test_nss_chromeos_user.cc", 294 "scoped_test_nss_chromeos_user.h", 295 "scoped_test_nss_db.cc", 296 "scoped_test_nss_db.h", 297 "scoped_test_system_nss_key_slot.cc", 298 "scoped_test_system_nss_key_slot.h", 299 ] 300 deps = [ 301 ":crypto", 302 ":platform", 303 "//base", 304 ] 305 306 if (!use_nss_certs) { 307 sources -= [ 308 "scoped_test_nss_db.cc", 309 "scoped_test_nss_db.h", 310 ] 311 } 312 313 if (!is_chromeos) { 314 sources -= [ 315 "scoped_test_nss_chromeos_user.cc", 316 "scoped_test_nss_chromeos_user.h", 317 "scoped_test_system_nss_key_slot.cc", 318 "scoped_test_system_nss_key_slot.h", 319 ] 320 } 321} 322 323config("platform_config") { 324 if ((!use_openssl || use_nss_certs) && is_clang) { 325 # There is a broken header guard in /usr/include/nss/secmod.h: 326 # https://bugzilla.mozilla.org/show_bug.cgi?id=884072 327 cflags = [ "-Wno-header-guard" ] 328 } 329} 330 331# This is a meta-target that forwards to NSS's SSL library or OpenSSL, 332# according to the state of the crypto flags. A target just wanting to depend 333# on the current SSL library should just depend on this. 334group("platform") { 335 if (use_openssl) { 336 public_deps = [ 337 "//third_party/boringssl", 338 ] 339 } else { 340 public_deps = [ 341 "//net/third_party/nss/ssl:libssl", 342 ] 343 } 344 345 # Link in NSS if it is used for either the internal crypto library 346 # (!use_openssl) or platform certificate library (use_nss_certs). 347 if (!use_openssl || use_nss_certs) { 348 if (is_linux) { 349 # On Linux, we use the system NSS (excepting SSL where we always use our 350 # own). 351 public_configs = [ ":platform_config" ] 352 if (!use_openssl) { 353 # If using a bundled copy of NSS's SSL library, ensure the bundled SSL 354 # header search path comes before the system one so our versions are 355 # used. The libssl target will add the search path we want, but 356 # according to GN's ordering rules, public_configs' search path will get 357 # applied before ones inherited from our dependencies. Therefore, we 358 # need to explicitly list our custom libssl's config here before the 359 # system one. 360 public_configs += [ "//net/third_party/nss/ssl:ssl_config" ] 361 } 362 public_configs += [ "//third_party/nss:system_nss_no_ssl_config" ] 363 } else { 364 # Non-Linux platforms use the hermetic NSS from the tree. 365 public_deps += [ 366 "//third_party/nss:nspr", 367 "//third_party/nss:nss", 368 ] 369 } 370 } 371} 372