| blob | a0cd1ca7aff1bc9155d401988f9632d618d71e9a |
1 # Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style license that can be
3 # found in the LICENSE file.
5 import("//build/config/crypto.gni")
6 import("//testing/test.gni")
8 if (is_nacl) {
9 component("crypto") {
10 output_name = "crcrypto" # Avoid colliding with OpenSSL's libcrypto.
11 sources = [
12 "random.cc",
13 "random.h",
14 ]
15 deps = [
16 "//base",
17 ]
18 }
19 } else {
20 component("crypto") {
21 output_name = "crcrypto" # Avoid colliding with OpenSSL's libcrypto.
22 sources = [
23 "aead_openssl.cc",
24 "aead_openssl.h",
25 "aes_128_gcm_helpers_nss.cc",
26 "aes_128_gcm_helpers_nss.h",
27 "apple_keychain.h",
28 "apple_keychain_ios.mm",
29 "apple_keychain_mac.mm",
30 "capi_util.cc",
31 "capi_util.h",
32 "crypto_export.h",
33 "cssm_init.cc",
34 "cssm_init.h",
35 "curve25519-donna.c",
36 "curve25519.cc",
37 "curve25519.h",
38 "ec_private_key.h",
39 "ec_private_key_nss.cc",
40 "ec_private_key_openssl.cc",
41 "ec_signature_creator.cc",
42 "ec_signature_creator.h",
43 "ec_signature_creator_impl.h",
44 "ec_signature_creator_nss.cc",
45 "ec_signature_creator_openssl.cc",
46 "encryptor.cc",
47 "encryptor.h",
48 "encryptor_nss.cc",
49 "encryptor_openssl.cc",
50 "ghash.cc",
51 "ghash.h",
52 "hkdf.cc",
53 "hkdf.h",
54 "hmac.cc",
55 "hmac.h",
56 "hmac_nss.cc",
57 "hmac_openssl.cc",
58 "mac_security_services_lock.cc",
59 "mac_security_services_lock.h",
61 # TODO(brettw) these mocks should be moved to a test_support_crypto target
62 # if possible.
63 "mock_apple_keychain.cc",
64 "mock_apple_keychain.h",
65 "mock_apple_keychain_ios.cc",
66 "mock_apple_keychain_mac.cc",
67 "nss_key_util.cc",
68 "nss_key_util.h",
69 "nss_util.cc",
70 "nss_util.h",
71 "nss_util_internal.h",
72 "openssl_bio_string.cc",
73 "openssl_bio_string.h",
74 "openssl_util.cc",
75 "openssl_util.h",
76 "p224.cc",
77 "p224.h",
78 "p224_spake.cc",
79 "p224_spake.h",
80 "random.cc",
81 "random.h",
82 "rsa_private_key.cc",
83 "rsa_private_key.h",
84 "rsa_private_key_nss.cc",
85 "rsa_private_key_openssl.cc",
86 "scoped_capi_types.h",
87 "scoped_nss_types.h",
88 "secure_hash.h",
89 "secure_hash_default.cc",
90 "secure_hash_openssl.cc",
91 "secure_util.cc",
92 "secure_util.h",
93 "sha2.cc",
94 "sha2.h",
95 "signature_creator.h",
96 "signature_creator_nss.cc",
97 "signature_creator_openssl.cc",
98 "signature_verifier.h",
99 "signature_verifier_nss.cc",
100 "signature_verifier_openssl.cc",
101 "symmetric_key.h",
102 "symmetric_key_nss.cc",
103 "symmetric_key_openssl.cc",
104 "third_party/nss/chromium-blapi.h",
105 "third_party/nss/chromium-blapit.h",
106 "third_party/nss/chromium-nss.h",
107 "third_party/nss/chromium-sha256.h",
108 "third_party/nss/pk11akey.cc",
109 "third_party/nss/rsawrapr.c",
110 "third_party/nss/secsign.cc",
111 "third_party/nss/sha512.cc",
112 ]
114 # TODO(jschuh): crbug.com/167187 fix size_t to int truncations.
115 configs += [ "//build/config/compiler:no_size_t_to_int_warning" ]
117 deps = [
118 ":platform",
119 "//base",
120 "//base/third_party/dynamic_annotations",
121 ]
123 if (!is_mac && !is_ios) {
124 sources -= [
125 "apple_keychain.h",
126 "mock_apple_keychain.cc",
127 "mock_apple_keychain.h",
128 ]
129 }
131 if (!is_mac) {
132 sources -= [
133 "cssm_init.cc",
134 "cssm_init.h",
135 "mac_security_services_lock.cc",
136 "mac_security_services_lock.h",
137 ]
138 }
139 if (!is_win) {
140 sources -= [
141 "capi_util.cc",
142 "capi_util.h",
143 ]
144 }
146 if (is_android) {
147 deps += [ "//third_party/android_tools:cpu_features" ]
148 }
150 if (use_openssl) {
151 # Remove NSS files when using OpenSSL
152 sources -= [
153 "aes_128_gcm_helpers_nss.cc",
154 "aes_128_gcm_helpers_nss.h",
155 "ec_private_key_nss.cc",
156 "ec_signature_creator_nss.cc",
157 "encryptor_nss.cc",
158 "hmac_nss.cc",
159 "rsa_private_key_nss.cc",
160 "secure_hash_default.cc",
161 "signature_creator_nss.cc",
162 "signature_verifier_nss.cc",
163 "symmetric_key_nss.cc",
164 "third_party/nss/chromium-blapi.h",
165 "third_party/nss/chromium-blapit.h",
166 "third_party/nss/chromium-nss.h",
167 "third_party/nss/pk11akey.cc",
168 "third_party/nss/rsawrapr.c",
169 "third_party/nss/secsign.cc",
170 ]
171 } else {
172 # Remove OpenSSL when using NSS.
173 sources -= [
174 "aead_openssl.cc",
175 "aead_openssl.h",
176 "ec_private_key_openssl.cc",
177 "ec_signature_creator_openssl.cc",
178 "encryptor_openssl.cc",
179 "hmac_openssl.cc",
180 "openssl_bio_string.cc",
181 "openssl_bio_string.h",
182 "openssl_util.cc",
183 "openssl_util.h",
184 "rsa_private_key_openssl.cc",
185 "secure_hash_openssl.cc",
186 "signature_creator_openssl.cc",
187 "signature_verifier_openssl.cc",
188 "symmetric_key_openssl.cc",
189 ]
190 }
192 # Some files are built when NSS is used at all, either for the internal crypto
193 # library or the platform certificate library.
194 if (use_openssl && !use_nss_certs) {
195 sources -= [
196 "nss_key_util.cc",
197 "nss_key_util.h",
198 "nss_util.cc",
199 "nss_util.h",
200 "nss_util_internal.h",
201 ]
202 }
204 defines = [ "CRYPTO_IMPLEMENTATION" ]
205 }
206 }
208 # TODO(GYP): TODO(dpranke), fix the compile errors for this stuff
209 # and make it work.
210 if (false && is_win) {
211 # A minimal crypto subset for hmac-related stuff that small standalone
212 # targets can use to reduce code size on Windows. This does not depend on
213 # OpenSSL/NSS but will use Windows APIs for that functionality.
214 source_set("crypto_minimal_win") {
215 sources = [
216 "crypto_export.h",
217 "hmac.cc",
218 "hmac.h",
219 "hmac_win.cc",
220 "scoped_capi_types.h",
221 "scoped_nss_types.h",
222 "secure_util.cc",
223 "secure_util.h",
224 "symmetric_key.h",
225 "symmetric_key_win.cc",
226 "third_party/nss/chromium-blapi.h",
227 "third_party/nss/chromium-sha256.h",
228 "third_party/nss/sha512.cc",
229 ]
231 deps = [
232 "//base",
233 "//base/third_party/dynamic_annotations",
234 ]
236 defines = [ "CRYPTO_IMPLEMENTATION" ]
237 }
238 }
240 # TODO(GYP): Delete this after we've converted everything to GN.
241 # The _run targets exist only for compatibility w/ GYP.
242 group("crypto_unittests_run") {
243 testonly = true
244 deps = [
245 ":crypto_unittests",
246 ]
247 }
249 test("crypto_unittests") {
250 sources = [
251 "aead_openssl_unittest.cc",
252 "aes_128_gcm_helpers_nss_unittest.cc",
253 "curve25519_unittest.cc",
254 "ec_private_key_unittest.cc",
255 "ec_signature_creator_unittest.cc",
256 "encryptor_unittest.cc",
257 "ghash_unittest.cc",
258 "hkdf_unittest.cc",
259 "hmac_unittest.cc",
260 "nss_key_util_unittest.cc",
261 "nss_util_unittest.cc",
262 "openssl_bio_string_unittest.cc",
263 "p224_spake_unittest.cc",
264 "p224_unittest.cc",
265 "random_unittest.cc",
266 "rsa_private_key_unittest.cc",
267 "secure_hash_unittest.cc",
268 "sha2_unittest.cc",
269 "signature_creator_unittest.cc",
270 "signature_verifier_unittest.cc",
271 "symmetric_key_unittest.cc",
272 ]
274 # Some files are built when NSS is used at all, either for the internal crypto
275 # library or the platform certificate library.
276 if (use_openssl && !use_nss_certs) {
277 sources -= [
278 "nss_key_util_unittest.cc",
279 "nss_util_unittest.cc",
280 ]
281 }
283 if (use_openssl) {
284 sources -= [ "aes_128_gcm_helpers_nss_unittest.cc" ]
285 } else {
286 sources -= [ "openssl_bio_string_unittest.cc" ]
287 }
289 configs += [ "//build/config/compiler:no_size_t_to_int_warning" ]
291 deps = [
292 ":crypto",
293 ":platform",
294 ":test_support",
295 "//base",
296 "//base/test:run_all_unittests",
297 "//base/test:test_support",
298 "//testing/gmock",
299 "//testing/gtest",
300 ]
301 }
303 source_set("test_support") {
304 sources = [
305 "scoped_test_nss_chromeos_user.cc",
306 "scoped_test_nss_chromeos_user.h",
307 "scoped_test_nss_db.cc",
308 "scoped_test_nss_db.h",
309 "scoped_test_system_nss_key_slot.cc",
310 "scoped_test_system_nss_key_slot.h",
311 ]
312 deps = [
313 ":crypto",
314 ":platform",
315 "//base",
316 ]
318 if (!use_nss_certs) {
319 sources -= [
320 "scoped_test_nss_db.cc",
321 "scoped_test_nss_db.h",
322 ]
323 }
325 if (!is_chromeos) {
326 sources -= [
327 "scoped_test_nss_chromeos_user.cc",
328 "scoped_test_nss_chromeos_user.h",
329 "scoped_test_system_nss_key_slot.cc",
330 "scoped_test_system_nss_key_slot.h",
331 ]
332 }
333 }
335 config("platform_config") {
336 if ((!use_openssl || use_nss_certs) && is_clang) {
337 # There is a broken header guard in /usr/include/nss/secmod.h:
338 # https://bugzilla.mozilla.org/show_bug.cgi?id=884072
339 cflags = [ "-Wno-header-guard" ]
340 }
341 }
343 # This is a meta-target that forwards to NSS's SSL library or OpenSSL,
344 # according to the state of the crypto flags. A target just wanting to depend
345 # on the current SSL library should just depend on this.
346 group("platform") {
347 if (use_openssl) {
348 deps = [
349 "//third_party/boringssl",
350 ]
351 } else {
352 deps = [
353 "//net/third_party/nss/ssl:libssl",
354 ]
355 }
357 # Link in NSS if it is used for either the internal crypto library
358 # (!use_openssl) or platform certificate library (use_nss_certs).
359 if (!use_openssl || use_nss_certs) {
360 if (is_linux) {
361 # On Linux, we use the system NSS (excepting SSL where we always use our
362 # own).
363 public_configs = [ ":platform_config" ]
364 if (!use_openssl) {
365 # If using a bundled copy of NSS's SSL library, ensure the bundled SSL
366 # header search path comes before the system one so our versions are
367 # used. The libssl target will add the search path we want, but
368 # according to GN's ordering rules, public_configs' search path will get
369 # applied before ones inherited from our dependencies. Therefore, we
370 # need to explicitly list our custom libssl's config here before the
371 # system one.
372 public_configs += [ "//net/third_party/nss/ssl:ssl_config" ]
373 }
374 public_configs += [ "//third_party/nss:system_nss_no_ssl_config" ]
375 } else {
376 # Non-Linux platforms use the hermetic NSS from the tree.
377 public_deps = [
378 "//third_party/nss:nspr",
379 "//third_party/nss:nss",
380 ]
381 }
382 }
383 }