| blob | f84c4d455d6123b90f566c0fd53a5db531480849 |
1 # Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style license that can be
3 # found in the LICENSE file.
5 import("//build/config/crypto.gni")
6 import("//testing/test.gni")
8 component("crypto") {
9 output_name = "crcrypto" # Avoid colliding with OpenSSL's libcrypto.
10 sources = [
11 "aead_openssl.cc",
12 "aead_openssl.h",
13 "apple_keychain.h",
14 "apple_keychain_ios.mm",
15 "apple_keychain_mac.mm",
16 "capi_util.cc",
17 "capi_util.h",
18 "crypto_export.h",
19 "cssm_init.cc",
20 "cssm_init.h",
21 "curve25519-donna.c",
22 "curve25519.cc",
23 "curve25519.h",
24 "ec_private_key.h",
25 "ec_private_key_nss.cc",
26 "ec_private_key_openssl.cc",
27 "ec_signature_creator.cc",
28 "ec_signature_creator.h",
29 "ec_signature_creator_impl.h",
30 "ec_signature_creator_nss.cc",
31 "ec_signature_creator_openssl.cc",
32 "encryptor.cc",
33 "encryptor.h",
34 "encryptor_nss.cc",
35 "encryptor_openssl.cc",
36 "ghash.cc",
37 "ghash.h",
38 "hkdf.cc",
39 "hkdf.h",
40 "hmac.cc",
41 "hmac.h",
42 "hmac_nss.cc",
43 "hmac_openssl.cc",
44 "mac_security_services_lock.cc",
45 "mac_security_services_lock.h",
47 # TODO(brettw) these mocks should be moved to a test_support_crypto target
48 # if possible.
49 "mock_apple_keychain.cc",
50 "mock_apple_keychain.h",
51 "mock_apple_keychain_ios.cc",
52 "mock_apple_keychain_mac.cc",
53 "nss_key_util.cc",
54 "nss_key_util.h",
55 "nss_util.cc",
56 "nss_util.h",
57 "nss_util_internal.h",
58 "openssl_bio_string.cc",
59 "openssl_bio_string.h",
60 "openssl_util.cc",
61 "openssl_util.h",
62 "p224.cc",
63 "p224.h",
64 "p224_spake.cc",
65 "p224_spake.h",
66 "random.cc",
67 "random.h",
68 "rsa_private_key.cc",
69 "rsa_private_key.h",
70 "rsa_private_key_nss.cc",
71 "rsa_private_key_openssl.cc",
72 "scoped_capi_types.h",
73 "scoped_nss_types.h",
74 "secure_hash.h",
75 "secure_hash_default.cc",
76 "secure_hash_openssl.cc",
77 "secure_util.cc",
78 "secure_util.h",
79 "sha2.cc",
80 "sha2.h",
81 "signature_creator.h",
82 "signature_creator_nss.cc",
83 "signature_creator_openssl.cc",
84 "signature_verifier.h",
85 "signature_verifier_nss.cc",
86 "signature_verifier_openssl.cc",
87 "symmetric_key.h",
88 "symmetric_key_nss.cc",
89 "symmetric_key_openssl.cc",
90 "third_party/nss/chromium-blapi.h",
91 "third_party/nss/chromium-blapit.h",
92 "third_party/nss/chromium-nss.h",
93 "third_party/nss/chromium-sha256.h",
94 "third_party/nss/pk11akey.cc",
95 "third_party/nss/rsawrapr.c",
96 "third_party/nss/secsign.cc",
97 "third_party/nss/sha512.cc",
98 ]
100 # TODO(jschuh): crbug.com/167187 fix size_t to int truncations.
101 configs += [ "//build/config/compiler:no_size_t_to_int_warning" ]
103 deps = [
104 ":platform",
105 "//base",
106 "//base/third_party/dynamic_annotations",
107 ]
109 if (!is_mac && !is_ios) {
110 sources -= [
111 "apple_keychain.h",
112 "mock_apple_keychain.cc",
113 "mock_apple_keychain.h",
114 ]
115 }
117 if (!is_mac) {
118 sources -= [
119 "cssm_init.cc",
120 "cssm_init.h",
121 "mac_security_services_lock.cc",
122 "mac_security_services_lock.h",
123 ]
124 }
125 if (!is_win) {
126 sources -= [
127 "capi_util.cc",
128 "capi_util.h",
129 ]
130 }
132 if (is_android) {
133 deps += [ "//third_party/android_tools:cpu_features" ]
134 }
136 if (use_openssl) {
137 # Remove NSS files when using OpenSSL
138 sources -= [
139 "ec_private_key_nss.cc",
140 "ec_signature_creator_nss.cc",
141 "encryptor_nss.cc",
142 "hmac_nss.cc",
143 "rsa_private_key_nss.cc",
144 "secure_hash_default.cc",
145 "signature_creator_nss.cc",
146 "signature_verifier_nss.cc",
147 "symmetric_key_nss.cc",
148 "third_party/nss/chromium-blapi.h",
149 "third_party/nss/chromium-blapit.h",
150 "third_party/nss/chromium-nss.h",
151 "third_party/nss/pk11akey.cc",
152 "third_party/nss/rsawrapr.c",
153 "third_party/nss/secsign.cc",
154 ]
155 } else {
156 # Remove OpenSSL when using NSS.
157 sources -= [
158 "aead_openssl.cc",
159 "aead_openssl.h",
160 "ec_private_key_openssl.cc",
161 "ec_signature_creator_openssl.cc",
162 "encryptor_openssl.cc",
163 "hmac_openssl.cc",
164 "openssl_bio_string.cc",
165 "openssl_bio_string.h",
166 "openssl_util.cc",
167 "openssl_util.h",
168 "rsa_private_key_openssl.cc",
169 "secure_hash_openssl.cc",
170 "signature_creator_openssl.cc",
171 "signature_verifier_openssl.cc",
172 "symmetric_key_openssl.cc",
173 ]
174 }
176 # Some files are built when NSS is used at all, either for the internal crypto
177 # library or the platform certificate library.
178 if (use_openssl && !use_nss_certs) {
179 sources -= [
180 "nss_key_util.cc",
181 "nss_key_util.h",
182 "nss_util.cc",
183 "nss_util.h",
184 "nss_util_internal.h",
185 ]
186 }
188 defines = [ "CRYPTO_IMPLEMENTATION" ]
189 }
191 # TODO(GYP): TODO(dpranke), fix the compile errors for this stuff
192 # and make it work.
193 if (false && is_win) {
194 # A minimal crypto subset for hmac-related stuff that small standalone
195 # targets can use to reduce code size on Windows. This does not depend on
196 # OpenSSL/NSS but will use Windows APIs for that functionality.
197 source_set("crypto_minimal_win") {
198 sources = [
199 "crypto_export.h",
200 "hmac.cc",
201 "hmac.h",
202 "hmac_win.cc",
203 "scoped_capi_types.h",
204 "scoped_nss_types.h",
205 "secure_util.cc",
206 "secure_util.h",
207 "symmetric_key.h",
208 "symmetric_key_win.cc",
209 "third_party/nss/chromium-blapi.h",
210 "third_party/nss/chromium-sha256.h",
211 "third_party/nss/sha512.cc",
212 ]
214 deps = [
215 "//base",
216 "//base/third_party/dynamic_annotations",
217 ]
219 defines = [ "CRYPTO_IMPLEMENTATION" ]
220 }
221 }
223 test("crypto_unittests") {
224 sources = [
225 # Tests.
226 "curve25519_unittest.cc",
227 "ec_private_key_unittest.cc",
228 "ec_signature_creator_unittest.cc",
229 "encryptor_unittest.cc",
230 "ghash_unittest.cc",
231 "hkdf_unittest.cc",
232 "hmac_unittest.cc",
233 "nss_key_util_unittest.cc",
234 "nss_util_unittest.cc",
235 "openssl_bio_string_unittest.cc",
236 "p224_spake_unittest.cc",
237 "p224_unittest.cc",
238 "random_unittest.cc",
239 "rsa_private_key_unittest.cc",
240 "secure_hash_unittest.cc",
241 "sha2_unittest.cc",
242 "signature_creator_unittest.cc",
243 "signature_verifier_unittest.cc",
244 "symmetric_key_unittest.cc",
245 ]
247 # Some files are built when NSS is used at all, either for the internal crypto
248 # library or the platform certificate library.
249 if (use_openssl && !use_nss_certs) {
250 sources -= [
251 "nss_key_util_unittest.cc",
252 "nss_util_unittest.cc",
253 ]
254 }
256 if (!use_openssl) {
257 sources -= [ "openssl_bio_string_unittest.cc" ]
258 }
260 configs += [ "//build/config/compiler:no_size_t_to_int_warning" ]
262 deps = [
263 ":crypto",
264 ":platform",
265 ":test_support",
266 "//base",
267 "//base/test:run_all_unittests",
268 "//base/test:test_support",
269 "//testing/gmock",
270 "//testing/gtest",
271 ]
272 }
274 source_set("test_support") {
275 sources = [
276 "scoped_test_nss_chromeos_user.cc",
277 "scoped_test_nss_chromeos_user.h",
278 "scoped_test_nss_db.cc",
279 "scoped_test_nss_db.h",
280 "scoped_test_system_nss_key_slot.cc",
281 "scoped_test_system_nss_key_slot.h",
282 ]
283 deps = [
284 ":crypto",
285 ":platform",
286 "//base",
287 ]
289 if (!use_nss_certs) {
290 sources -= [
291 "scoped_test_nss_db.cc",
292 "scoped_test_nss_db.h",
293 ]
294 }
296 if (!is_chromeos) {
297 sources -= [
298 "scoped_test_nss_chromeos_user.cc",
299 "scoped_test_nss_chromeos_user.h",
300 "scoped_test_system_nss_key_slot.cc",
301 "scoped_test_system_nss_key_slot.h",
302 ]
303 }
304 }
306 config("platform_config") {
307 if ((!use_openssl || use_nss_certs) && is_clang) {
308 # There is a broken header guard in /usr/include/nss/secmod.h:
309 # https://bugzilla.mozilla.org/show_bug.cgi?id=884072
310 cflags = [ "-Wno-header-guard" ]
311 }
312 }
314 # This is a meta-target that forwards to NSS's SSL library or OpenSSL,
315 # according to the state of the crypto flags. A target just wanting to depend
316 # on the current SSL library should just depend on this.
317 group("platform") {
318 if (use_openssl) {
319 deps = [
320 "//third_party/boringssl",
321 ]
322 } else {
323 deps = [
324 "//net/third_party/nss/ssl:libssl",
325 ]
326 }
328 # Link in NSS if it is used for either the internal crypto library
329 # (!use_openssl) or platform certificate library (use_nss_certs).
330 if (!use_openssl || use_nss_certs) {
331 if (is_linux) {
332 # On Linux, we use the system NSS (excepting SSL where we always use our
333 # own).
334 public_configs = [ ":platform_config" ]
335 if (!use_openssl) {
336 # If using a bundled copy of NSS's SSL library, ensure the bundled SSL
337 # header search path comes before the system one so our versions are
338 # used. The libssl target will add the search path we want, but
339 # according to GN's ordering rules, public_configs' search path will get
340 # applied before ones inherited from our dependencies. Therefore, we
341 # need to explicitly list our custom libssl's config here before the
342 # system one.
343 public_configs += [ "//net/third_party/nss/ssl:ssl_config" ]
344 }
345 public_configs += [ "//third_party/nss:system_nss_no_ssl_config" ]
346 } else {
347 # Non-Linux platforms use the hermetic NSS from the tree.
348 deps += [
349 "//third_party/nss:nspr",
350 "//third_party/nss:nss",
351 ]
352 }
353 }
354 }