371 lines
9.7 KiB
Text
371 lines
9.7 KiB
Text
# Copyright (c) 2013 The Chromium Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
import("//build/config/crypto.gni")
|
|
import("//testing/test.gni")
|
|
|
|
component("crypto") {
|
|
output_name = "crcrypto" # Avoid colliding with OpenSSL's libcrypto.
|
|
sources = [
|
|
"aead_openssl.cc",
|
|
"aead_openssl.h",
|
|
"apple_keychain.h",
|
|
"apple_keychain_ios.mm",
|
|
"apple_keychain_mac.mm",
|
|
"capi_util.cc",
|
|
"capi_util.h",
|
|
"crypto_export.h",
|
|
"cssm_init.cc",
|
|
"cssm_init.h",
|
|
"curve25519-donna.c",
|
|
"curve25519.h",
|
|
"curve25519_nss.cc",
|
|
"curve25519_openssl.cc",
|
|
"ec_private_key.h",
|
|
"ec_private_key_nss.cc",
|
|
"ec_private_key_openssl.cc",
|
|
"ec_signature_creator.cc",
|
|
"ec_signature_creator.h",
|
|
"ec_signature_creator_impl.h",
|
|
"ec_signature_creator_nss.cc",
|
|
"ec_signature_creator_openssl.cc",
|
|
"encryptor.cc",
|
|
"encryptor.h",
|
|
"encryptor_nss.cc",
|
|
"encryptor_openssl.cc",
|
|
"ghash.cc",
|
|
"ghash.h",
|
|
"hkdf.cc",
|
|
"hkdf.h",
|
|
"hmac.cc",
|
|
"hmac.h",
|
|
"hmac_nss.cc",
|
|
"hmac_openssl.cc",
|
|
"mac_security_services_lock.cc",
|
|
"mac_security_services_lock.h",
|
|
|
|
# TODO(brettw) these mocks should be moved to a test_support_crypto target
|
|
# if possible.
|
|
"mock_apple_keychain.cc",
|
|
"mock_apple_keychain.h",
|
|
"mock_apple_keychain_ios.cc",
|
|
"mock_apple_keychain_mac.cc",
|
|
"nss_key_util.cc",
|
|
"nss_key_util.h",
|
|
"nss_util.cc",
|
|
"nss_util.h",
|
|
"nss_util_internal.h",
|
|
"openssl_bio_string.cc",
|
|
"openssl_bio_string.h",
|
|
"openssl_util.cc",
|
|
"openssl_util.h",
|
|
"p224.cc",
|
|
"p224.h",
|
|
"p224_spake.cc",
|
|
"p224_spake.h",
|
|
"random.cc",
|
|
"random.h",
|
|
"rsa_private_key.cc",
|
|
"rsa_private_key.h",
|
|
"rsa_private_key_nss.cc",
|
|
"rsa_private_key_openssl.cc",
|
|
"scoped_capi_types.h",
|
|
"scoped_nss_types.h",
|
|
"secure_hash.h",
|
|
"secure_hash_default.cc",
|
|
"secure_hash_openssl.cc",
|
|
"secure_util.cc",
|
|
"secure_util.h",
|
|
"sha2.cc",
|
|
"sha2.h",
|
|
"signature_creator.h",
|
|
"signature_creator_nss.cc",
|
|
"signature_creator_openssl.cc",
|
|
"signature_verifier.h",
|
|
"signature_verifier_nss.cc",
|
|
"signature_verifier_openssl.cc",
|
|
"symmetric_key.h",
|
|
"symmetric_key_nss.cc",
|
|
"symmetric_key_openssl.cc",
|
|
"third_party/nss/chromium-blapi.h",
|
|
"third_party/nss/chromium-blapit.h",
|
|
"third_party/nss/chromium-nss.h",
|
|
"third_party/nss/chromium-sha256.h",
|
|
"third_party/nss/pk11akey.cc",
|
|
"third_party/nss/rsawrapr.c",
|
|
"third_party/nss/secsign.cc",
|
|
"third_party/nss/sha512.cc",
|
|
]
|
|
|
|
# TODO(jschuh): crbug.com/167187 fix size_t to int truncations.
|
|
configs += [ "//build/config/compiler:no_size_t_to_int_warning" ]
|
|
|
|
deps = [
|
|
":platform",
|
|
"//base",
|
|
"//base/third_party/dynamic_annotations",
|
|
]
|
|
|
|
if (!is_mac && !is_ios) {
|
|
sources -= [
|
|
"apple_keychain.h",
|
|
"mock_apple_keychain.cc",
|
|
"mock_apple_keychain.h",
|
|
]
|
|
}
|
|
|
|
if (!is_mac) {
|
|
sources -= [
|
|
"cssm_init.cc",
|
|
"cssm_init.h",
|
|
"mac_security_services_lock.cc",
|
|
"mac_security_services_lock.h",
|
|
]
|
|
}
|
|
if (!is_win) {
|
|
sources -= [
|
|
"capi_util.cc",
|
|
"capi_util.h",
|
|
]
|
|
}
|
|
|
|
if (is_android) {
|
|
deps += [ "//third_party/android_tools:cpu_features" ]
|
|
}
|
|
|
|
if (use_openssl) {
|
|
# Remove NSS files when using OpenSSL
|
|
sources -= [
|
|
"curve25519-donna.c",
|
|
"curve25519_nss.cc",
|
|
"ec_private_key_nss.cc",
|
|
"ec_signature_creator_nss.cc",
|
|
"encryptor_nss.cc",
|
|
"hmac_nss.cc",
|
|
"rsa_private_key_nss.cc",
|
|
"secure_hash_default.cc",
|
|
"signature_creator_nss.cc",
|
|
"signature_verifier_nss.cc",
|
|
"symmetric_key_nss.cc",
|
|
"third_party/nss/chromium-blapi.h",
|
|
"third_party/nss/chromium-blapit.h",
|
|
"third_party/nss/chromium-nss.h",
|
|
"third_party/nss/pk11akey.cc",
|
|
"third_party/nss/rsawrapr.c",
|
|
"third_party/nss/secsign.cc",
|
|
]
|
|
} else {
|
|
# Remove OpenSSL when using NSS.
|
|
sources -= [
|
|
"aead_openssl.cc",
|
|
"aead_openssl.h",
|
|
"curve25519_openssl.cc",
|
|
"ec_private_key_openssl.cc",
|
|
"ec_signature_creator_openssl.cc",
|
|
"encryptor_openssl.cc",
|
|
"hmac_openssl.cc",
|
|
"openssl_bio_string.cc",
|
|
"openssl_bio_string.h",
|
|
"openssl_util.cc",
|
|
"openssl_util.h",
|
|
"rsa_private_key_openssl.cc",
|
|
"secure_hash_openssl.cc",
|
|
"signature_creator_openssl.cc",
|
|
"signature_verifier_openssl.cc",
|
|
"symmetric_key_openssl.cc",
|
|
]
|
|
}
|
|
|
|
# Some files are built when NSS is used at all, either for the internal crypto
|
|
# library or the platform certificate library.
|
|
if (use_openssl && !use_nss_certs) {
|
|
sources -= [
|
|
"nss_key_util.cc",
|
|
"nss_key_util.h",
|
|
"nss_util.cc",
|
|
"nss_util.h",
|
|
"nss_util_internal.h",
|
|
]
|
|
}
|
|
|
|
defines = [ "CRYPTO_IMPLEMENTATION" ]
|
|
|
|
if (is_nacl) {
|
|
deps += [ "//native_client_sdk/src/libraries/nacl_io" ]
|
|
}
|
|
}
|
|
|
|
# TODO(GYP): TODO(dpranke), fix the compile errors for this stuff
|
|
# and make it work.
|
|
if (false && is_win) {
|
|
# A minimal crypto subset for hmac-related stuff that small standalone
|
|
# targets can use to reduce code size on Windows. This does not depend on
|
|
# OpenSSL/NSS but will use Windows APIs for that functionality.
|
|
source_set("crypto_minimal_win") {
|
|
sources = [
|
|
"crypto_export.h",
|
|
"hmac.cc",
|
|
"hmac.h",
|
|
"hmac_win.cc",
|
|
"scoped_capi_types.h",
|
|
"scoped_nss_types.h",
|
|
"secure_util.cc",
|
|
"secure_util.h",
|
|
"symmetric_key.h",
|
|
"symmetric_key_win.cc",
|
|
"third_party/nss/chromium-blapi.h",
|
|
"third_party/nss/chromium-sha256.h",
|
|
"third_party/nss/sha512.cc",
|
|
]
|
|
|
|
deps = [
|
|
"//base",
|
|
"//base/third_party/dynamic_annotations",
|
|
]
|
|
|
|
defines = [ "CRYPTO_IMPLEMENTATION" ]
|
|
}
|
|
}
|
|
|
|
# TODO(GYP): Delete this after we've converted everything to GN.
|
|
# The _run targets exist only for compatibility w/ GYP.
|
|
group("crypto_unittests_run") {
|
|
testonly = true
|
|
deps = [
|
|
":crypto_unittests",
|
|
]
|
|
}
|
|
|
|
test("crypto_unittests") {
|
|
sources = [
|
|
"aead_openssl_unittest.cc",
|
|
"curve25519_unittest.cc",
|
|
"ec_private_key_unittest.cc",
|
|
"ec_signature_creator_unittest.cc",
|
|
"encryptor_unittest.cc",
|
|
"ghash_unittest.cc",
|
|
"hkdf_unittest.cc",
|
|
"hmac_unittest.cc",
|
|
"nss_key_util_unittest.cc",
|
|
"nss_util_unittest.cc",
|
|
"openssl_bio_string_unittest.cc",
|
|
"p224_spake_unittest.cc",
|
|
"p224_unittest.cc",
|
|
"random_unittest.cc",
|
|
"rsa_private_key_unittest.cc",
|
|
"secure_hash_unittest.cc",
|
|
"sha2_unittest.cc",
|
|
"signature_creator_unittest.cc",
|
|
"signature_verifier_unittest.cc",
|
|
"symmetric_key_unittest.cc",
|
|
]
|
|
|
|
# Some files are built when NSS is used at all, either for the internal crypto
|
|
# library or the platform certificate library.
|
|
if (use_openssl && !use_nss_certs) {
|
|
sources -= [
|
|
"nss_key_util_unittest.cc",
|
|
"nss_util_unittest.cc",
|
|
]
|
|
}
|
|
|
|
if (!use_openssl) {
|
|
sources -= [ "openssl_bio_string_unittest.cc" ]
|
|
}
|
|
|
|
configs += [ "//build/config/compiler:no_size_t_to_int_warning" ]
|
|
|
|
deps = [
|
|
":crypto",
|
|
":platform",
|
|
":test_support",
|
|
"//base",
|
|
"//base/test:run_all_unittests",
|
|
"//base/test:test_support",
|
|
"//testing/gmock",
|
|
"//testing/gtest",
|
|
]
|
|
}
|
|
|
|
source_set("test_support") {
|
|
sources = [
|
|
"scoped_test_nss_chromeos_user.cc",
|
|
"scoped_test_nss_chromeos_user.h",
|
|
"scoped_test_nss_db.cc",
|
|
"scoped_test_nss_db.h",
|
|
"scoped_test_system_nss_key_slot.cc",
|
|
"scoped_test_system_nss_key_slot.h",
|
|
]
|
|
deps = [
|
|
":crypto",
|
|
":platform",
|
|
"//base",
|
|
]
|
|
|
|
if (!use_nss_certs) {
|
|
sources -= [
|
|
"scoped_test_nss_db.cc",
|
|
"scoped_test_nss_db.h",
|
|
]
|
|
}
|
|
|
|
if (!is_chromeos) {
|
|
sources -= [
|
|
"scoped_test_nss_chromeos_user.cc",
|
|
"scoped_test_nss_chromeos_user.h",
|
|
"scoped_test_system_nss_key_slot.cc",
|
|
"scoped_test_system_nss_key_slot.h",
|
|
]
|
|
}
|
|
}
|
|
|
|
config("platform_config") {
|
|
if ((!use_openssl || use_nss_certs) && is_clang) {
|
|
# There is a broken header guard in /usr/include/nss/secmod.h:
|
|
# https://bugzilla.mozilla.org/show_bug.cgi?id=884072
|
|
cflags = [ "-Wno-header-guard" ]
|
|
}
|
|
}
|
|
|
|
# This is a meta-target that forwards to NSS's SSL library or OpenSSL,
|
|
# according to the state of the crypto flags. A target just wanting to depend
|
|
# on the current SSL library should just depend on this.
|
|
group("platform") {
|
|
if (use_openssl) {
|
|
public_deps = [
|
|
"//third_party/boringssl",
|
|
]
|
|
} else {
|
|
public_deps = [
|
|
"//net/third_party/nss/ssl:libssl",
|
|
]
|
|
}
|
|
|
|
# Link in NSS if it is used for either the internal crypto library
|
|
# (!use_openssl) or platform certificate library (use_nss_certs).
|
|
if (!use_openssl || use_nss_certs) {
|
|
if (is_linux) {
|
|
# On Linux, we use the system NSS (excepting SSL where we always use our
|
|
# own).
|
|
public_configs = [ ":platform_config" ]
|
|
if (!use_openssl) {
|
|
# If using a bundled copy of NSS's SSL library, ensure the bundled SSL
|
|
# header search path comes before the system one so our versions are
|
|
# used. The libssl target will add the search path we want, but
|
|
# according to GN's ordering rules, public_configs' search path will get
|
|
# applied before ones inherited from our dependencies. Therefore, we
|
|
# need to explicitly list our custom libssl's config here before the
|
|
# system one.
|
|
public_configs += [ "//net/third_party/nss/ssl:ssl_config" ]
|
|
}
|
|
public_configs += [ "//third_party/nss:system_nss_no_ssl_config" ]
|
|
} else {
|
|
# Non-Linux platforms use the hermetic NSS from the tree.
|
|
public_deps += [
|
|
"//third_party/nss:nspr",
|
|
"//third_party/nss:nss",
|
|
]
|
|
}
|
|
}
|
|
}
|