crypto/BUILD.gn

   1 # Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 # Use of this source code is governed by a BSD-style license that can be
   3 # found in the LICENSE file.
   4
   5 import("//build/config/crypto.gni")
   6 import("//testing/test.gni")
   7
   8 component("crypto") {
   9   output_name = "crcrypto"  # Avoid colliding with OpenSSL's libcrypto.
  10   sources = [
  11     "apple_keychain.h",
  12     "apple_keychain_ios.mm",
  13     "apple_keychain_mac.mm",
  14     "capi_util.cc",
  15     "capi_util.h",
  16     "crypto_export.h",
  17     "cssm_init.cc",
  18     "cssm_init.h",
  19     "curve25519-donna.c",
  20     "curve25519.cc",
  21     "curve25519.h",
  22     "ec_private_key.h",
  23     "ec_private_key_nss.cc",
  24     "ec_private_key_openssl.cc",
  25     "ec_signature_creator.cc",
  26     "ec_signature_creator.h",
  27     "ec_signature_creator_impl.h",
  28     "ec_signature_creator_nss.cc",
  29     "ec_signature_creator_openssl.cc",
  30     "encryptor.cc",
  31     "encryptor.h",
  32     "encryptor_nss.cc",
  33     "encryptor_openssl.cc",
  34     "ghash.cc",
  35     "ghash.h",
  36     "hkdf.cc",
  37     "hkdf.h",
  38     "hmac.cc",
  39     "hmac.h",
  40     "hmac_nss.cc",
  41     "hmac_openssl.cc",
  42     "mac_security_services_lock.cc",
  43     "mac_security_services_lock.h",
  44
  45     # TODO(brettw) these mocks should be moved to a test_support_crypto target
  46     # if possible.
  47     "mock_apple_keychain.cc",
  48     "mock_apple_keychain.h",
  49     "mock_apple_keychain_ios.cc",
  50     "mock_apple_keychain_mac.cc",
  51     "nss_util.cc",
  52     "nss_util.h",
  53     "nss_util_internal.h",
  54     "openssl_bio_string.cc",
  55     "openssl_bio_string.h",
  56     "openssl_util.cc",
  57     "openssl_util.h",
  58     "p224.cc",
  59     "p224.h",
  60     "p224_spake.cc",
  61     "p224_spake.h",
  62     "random.cc",
  63     "random.h",
  64     "rsa_private_key.cc",
  65     "rsa_private_key.h",
  66     "rsa_private_key_nss.cc",
  67     "rsa_private_key_openssl.cc",
  68     "scoped_capi_types.h",
  69     "scoped_nss_types.h",
  70     "secure_hash.h",
  71     "secure_hash_default.cc",
  72     "secure_hash_openssl.cc",
  73     "secure_util.cc",
  74     "secure_util.h",
  75     "sha2.cc",
  76     "sha2.h",
  77     "signature_creator.h",
  78     "signature_creator_nss.cc",
  79     "signature_creator_openssl.cc",
  80     "signature_verifier.h",
  81     "signature_verifier_nss.cc",
  82     "signature_verifier_openssl.cc",
  83     "symmetric_key.h",
  84     "symmetric_key_nss.cc",
  85     "symmetric_key_openssl.cc",
  86     "third_party/nss/chromium-blapi.h",
  87     "third_party/nss/chromium-blapit.h",
  88     "third_party/nss/chromium-nss.h",
  89     "third_party/nss/chromium-sha256.h",
  90     "third_party/nss/pk11akey.cc",
  91     "third_party/nss/rsawrapr.c",
  92     "third_party/nss/secsign.cc",
  93     "third_party/nss/sha512.cc",
  94   ]
  95
  96   # TODO(jschuh): crbug.com/167187 fix size_t to int truncations.
  97   configs += [ "//build/config/compiler:no_size_t_to_int_warning" ]
  98
  99   deps = [
 100     ":platform",
 101     "//base",
 102     "//base/third_party/dynamic_annotations",
 103   ]
 104
 105   if (!is_mac && !is_ios) {
 106     sources -= [
 107       "apple_keychain.h",
 108       "mock_apple_keychain.cc",
 109       "mock_apple_keychain.h",
 110     ]
 111   }
 112
 113   if (!is_mac) {
 114     sources -= [
 115       "cssm_init.cc",
 116       "cssm_init.h",
 117       "mac_security_services_lock.cc",
 118       "mac_security_services_lock.h",
 119     ]
 120   }
 121   if (!is_win) {
 122     sources -= [
 123       "capi_util.cc",
 124       "capi_util.h",
 125     ]
 126   }
 127
 128   if (is_android) {
 129     deps += [ "//third_party/android_tools:cpu_features" ]
 130   }
 131
 132   if (use_openssl) {
 133     # Remove NSS files when using OpenSSL
 134     sources -= [
 135       "ec_private_key_nss.cc",
 136       "ec_signature_creator_nss.cc",
 137       "encryptor_nss.cc",
 138       "hmac_nss.cc",
 139       "rsa_private_key_nss.cc",
 140       "secure_hash_default.cc",
 141       "signature_creator_nss.cc",
 142       "signature_verifier_nss.cc",
 143       "symmetric_key_nss.cc",
 144       "third_party/nss/chromium-blapi.h",
 145       "third_party/nss/chromium-blapit.h",
 146       "third_party/nss/chromium-nss.h",
 147       "third_party/nss/pk11akey.cc",
 148       "third_party/nss/rsawrapr.c",
 149       "third_party/nss/secsign.cc",
 150     ]
 151   } else {
 152     # Remove OpenSSL when using NSS.
 153     sources -= [
 154       "ec_private_key_openssl.cc",
 155       "ec_signature_creator_openssl.cc",
 156       "encryptor_openssl.cc",
 157       "hmac_openssl.cc",
 158       "openssl_bio_string.cc",
 159       "openssl_bio_string.h",
 160       "openssl_util.cc",
 161       "openssl_util.h",
 162       "rsa_private_key_openssl.cc",
 163       "secure_hash_openssl.cc",
 164       "signature_creator_openssl.cc",
 165       "signature_verifier_openssl.cc",
 166       "symmetric_key_openssl.cc",
 167     ]
 168   }
 169
 170   # Remove nss_util when NSS is used for neither the internal crypto library
 171   # nor the platform certificate library.
 172   if (use_openssl && !use_nss_certs) {
 173     sources -= [
 174       "nss_util.cc",
 175       "nss_util.h",
 176       "nss_util_internal.h",
 177     ]
 178   }
 179
 180   defines = [ "CRYPTO_IMPLEMENTATION" ]
 181 }
 182
 183 # TODO(GYP): TODO(dpranke), fix the compile errors for this stuff
 184 # and make it work.
 185 if (false && is_win) {
 186   # A minimal crypto subset for hmac-related stuff that small standalone
 187   # targets can use to reduce code size on Windows. This does not depend on
 188   # OpenSSL/NSS but will use Windows APIs for that functionality.
 189   source_set("crypto_minimal_win") {
 190     sources = [
 191       "crypto_export.h",
 192       "hmac.cc",
 193       "hmac.h",
 194       "hmac_win.cc",
 195       "scoped_capi_types.h",
 196       "scoped_nss_types.h",
 197       "secure_util.cc",
 198       "secure_util.h",
 199       "symmetric_key.h",
 200       "symmetric_key_win.cc",
 201       "third_party/nss/chromium-blapi.h",
 202       "third_party/nss/chromium-sha256.h",
 203       "third_party/nss/sha512.cc",
 204     ]
 205
 206     deps = [
 207       "//base",
 208       "//base/third_party/dynamic_annotations",
 209     ]
 210
 211     defines = [ "CRYPTO_IMPLEMENTATION" ]
 212   }
 213 }
 214
 215 test("crypto_unittests") {
 216   sources = [
 217     # Tests.
 218     "curve25519_unittest.cc",
 219     "ec_private_key_unittest.cc",
 220     "ec_signature_creator_unittest.cc",
 221     "encryptor_unittest.cc",
 222     "ghash_unittest.cc",
 223     "hkdf_unittest.cc",
 224     "hmac_unittest.cc",
 225     "nss_util_unittest.cc",
 226     "openssl_bio_string_unittest.cc",
 227     "p224_spake_unittest.cc",
 228     "p224_unittest.cc",
 229     "random_unittest.cc",
 230     "rsa_private_key_nss_unittest.cc",
 231     "rsa_private_key_unittest.cc",
 232     "secure_hash_unittest.cc",
 233     "sha2_unittest.cc",
 234     "signature_creator_unittest.cc",
 235     "signature_verifier_unittest.cc",
 236     "symmetric_key_unittest.cc",
 237   ]
 238
 239   # Remove nss_util when NSS is used for neither the internal crypto library
 240   # nor the platform certificate library.
 241   if (use_openssl && !use_nss_certs) {
 242     sources -= [ "nss_util_unittest.cc" ]
 243   }
 244
 245   if (use_openssl) {
 246     sources -= [ "rsa_private_key_nss_unittest.cc" ]
 247   } else {
 248     sources -= [ "openssl_bio_string_unittest.cc" ]
 249   }
 250
 251   configs += [ "//build/config/compiler:no_size_t_to_int_warning" ]
 252
 253   deps = [
 254     ":crypto",
 255     ":platform",
 256     ":test_support",
 257     "//base",
 258     "//base/test:run_all_unittests",
 259     "//base/test:test_support",
 260     "//testing/gmock",
 261     "//testing/gtest",
 262   ]
 263 }
 264
 265 source_set("test_support") {
 266   sources = [
 267     "scoped_test_nss_chromeos_user.cc",
 268     "scoped_test_nss_chromeos_user.h",
 269     "scoped_test_nss_db.cc",
 270     "scoped_test_nss_db.h",
 271     "scoped_test_system_nss_key_slot.cc",
 272     "scoped_test_system_nss_key_slot.h",
 273   ]
 274   deps = [
 275     ":crypto",
 276     ":platform",
 277     "//base",
 278   ]
 279
 280   if (!use_nss_certs) {
 281     sources -= [
 282       "scoped_test_nss_db.cc",
 283       "scoped_test_nss_db.h",
 284     ]
 285   }
 286
 287   if (!is_chromeos) {
 288     sources -= [
 289       "scoped_test_nss_chromeos_user.cc",
 290       "scoped_test_nss_chromeos_user.h",
 291       "scoped_test_system_nss_key_slot.cc",
 292       "scoped_test_system_nss_key_slot.h",
 293     ]
 294   }
 295 }
 296
 297 config("platform_config") {
 298   if ((!use_openssl || use_nss_certs) && is_clang) {
 299     # There is a broken header guard in /usr/include/nss/secmod.h:
 300     # https://bugzilla.mozilla.org/show_bug.cgi?id=884072
 301     cflags = [ "-Wno-header-guard" ]
 302   }
 303 }
 304
 305 # This is a meta-target that forwards to NSS's SSL library or OpenSSL,
 306 # according to the state of the crypto flags. A target just wanting to depend
 307 # on the current SSL library should just depend on this.
 308 group("platform") {
 309   if (use_openssl) {
 310     deps = [
 311       "//third_party/boringssl",
 312     ]
 313   } else {
 314     deps = [
 315       "//net/third_party/nss/ssl:libssl",
 316     ]
 317   }
 318
 319   # Link in NSS if it is used for either the internal crypto library
 320   # (!use_openssl) or platform certificate library (use_nss_certs).
 321   if (!use_openssl || use_nss_certs) {
 322     if (is_linux) {
 323       # On Linux, we use the system NSS (excepting SSL where we always use our
 324       # own).
 325       public_configs = [ ":platform_config" ]
 326       if (!use_openssl) {
 327         # If using a bundled copy of NSS's SSL library, ensure the bundled SSL
 328         # header search path comes before the system one so our versions are
 329         # used. The libssl target will add the search path we want, but
 330         # according to GN's ordering rules, public_configs' search path will get
 331         # applied before ones inherited from our dependencies.  Therefore, we
 332         # need to explicitly list our custom libssl's config here before the
 333         # system one.
 334         public_configs += [ "//net/third_party/nss/ssl:ssl_config" ]
 335       }
 336       public_configs += [ "//third_party/nss:system_nss_no_ssl_config" ]
 337     } else {
 338       # Non-Linux platforms use the hermetic NSS from the tree.
 339       deps += [
 340         "//third_party/nss:nspr",
 341         "//third_party/nss:nss",
 342       ]
 343     }
 344   }
 345 }