# Copyright (c) 2013 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import("//build/config/crypto.gni")
component("crypto") {
output_name = "crcrypto" # Avoid colliding with OpenSSL's libcrypto.
sources = [
"apple_keychain.h",
"apple_keychain_ios.mm",
"apple_keychain_mac.mm",
"capi_util.cc",
"capi_util.h",
"crypto_export.h",
"cssm_init.cc",
"cssm_init.h",
"curve25519.cc",
"curve25519-donna.c",
"curve25519.h",
"ec_private_key.h",
"ec_private_key_nss.cc",
"ec_private_key_openssl.cc",
"ec_signature_creator.cc",
"ec_signature_creator.h",
"ec_signature_creator_impl.h",
"ec_signature_creator_nss.cc",
"ec_signature_creator_openssl.cc",
"encryptor.cc",
"encryptor.h",
"encryptor_nss.cc",
"encryptor_openssl.cc",
"ghash.cc",
"ghash.h",
"hkdf.cc",
"hkdf.h",
"hmac.cc",
"hmac.h",
"hmac_nss.cc",
"hmac_openssl.cc",
"mac_security_services_lock.cc",
"mac_security_services_lock.h",
# TODO(brettw) these mocks should be moved to a test_support_crypto target
# if possible.
"mock_apple_keychain.cc",
"mock_apple_keychain.h",
"mock_apple_keychain_ios.cc",
"mock_apple_keychain_mac.cc",
"nss_util.cc",
"nss_util.h",
"nss_util_internal.h",
"openssl_util.cc",
"openssl_util.h",
"p224.cc",
"p224.h",
"p224_spake.cc",
"p224_spake.h",
"random.cc",
"random.h",
"rsa_private_key.cc",
"rsa_private_key.h",
"rsa_private_key_nss.cc",
"rsa_private_key_openssl.cc",
"scoped_capi_types.h",
"scoped_nss_types.h",
"secure_hash_default.cc",
"secure_hash.h",
"secure_hash_openssl.cc",
"secure_util.cc",
"secure_util.h",
"sha2.cc",
"sha2.h",
"signature_creator.h",
"signature_creator_nss.cc",
"signature_creator_openssl.cc",
"signature_verifier.h",
"signature_verifier_nss.cc",
"signature_verifier_openssl.cc",
"symmetric_key.h",
"symmetric_key_nss.cc",
"symmetric_key_openssl.cc",
"third_party/nss/chromium-blapi.h",
"third_party/nss/chromium-blapit.h",
"third_party/nss/chromium-nss.h",
"third_party/nss/chromium-sha256.h",
"third_party/nss/pk11akey.cc",
"third_party/nss/rsawrapr.c",
"third_party/nss/secsign.cc",
"third_party/nss/sha512.cc",
]
deps = [
":platform",
"//base",
"//base/third_party/dynamic_annotations",
]
if (!is_mac && !is_ios) {
sources -= [
"apple_keychain.h",
"mock_apple_keychain.cc",
"mock_apple_keychain.h",
]
}
if (!is_mac) {
sources -= [
"cssm_init.cc",
"cssm_init.h",
"mac_security_services_lock.cc",
"mac_security_services_lock.h",
]
}
if (!is_win) {
sources -= [
"capi_util.cc",
"capi_util.h",
]
}
if (is_android) {
deps += [ "//third_party/android_tools:cpu_features" ]
}
if (use_openssl) {
# Remove NSS files when using OpenSSL
sources -= [
"ec_private_key_nss.cc",
"ec_signature_creator_nss.cc",
"encryptor_nss.cc",
"hmac_nss.cc",
"nss_util.cc",
"nss_util.h",
"nss_util_internal.h",
"rsa_private_key_nss.cc",
"secure_hash_default.cc",
"signature_creator_nss.cc",
"signature_verifier_nss.cc",
"symmetric_key_nss.cc",
"third_party/nss/chromium-blapi.h",
"third_party/nss/chromium-blapit.h",
"third_party/nss/chromium-nss.h",
"third_party/nss/pk11akey.cc",
"third_party/nss/rsawrapr.c",
"third_party/nss/secsign.cc",
]
} else {
# Remove OpenSSL when using NSS.
sources -= [
"ec_private_key_openssl.cc",
"ec_signature_creator_openssl.cc",
"encryptor_openssl.cc",
"hmac_openssl.cc",
"openssl_util.cc",
"openssl_util.h",
"rsa_private_key_openssl.cc",
"secure_hash_openssl.cc",
"signature_creator_openssl.cc",
"signature_verifier_openssl.cc",
"symmetric_key_openssl.cc",
]
}
defines = [ "CRYPTO_IMPLEMENTATION" ]
}
if (is_win) {
# A minimal crypto subset for hmac-related stuff that small standalone
# targets can use to reduce code size on Windows. This does not depend on
# OpenSSL/NSS but will use Windows APIs for that functionality.
source_set("crypto_minimal_win") {
sources = [
"crypto_export.h",
"hmac.cc",
"hmac.h",
"hmac_win.cc",
"scoped_capi_types.h",
"scoped_nss_types.h",
"secure_util.cc",
"secure_util.h",
"symmetric_key.h",
"symmetric_key_win.cc",
"third_party/nss/chromium-blapi.h",
"third_party/nss/chromium-sha256.h",
"third_party/nss/sha512.cc",
]
deps = [
"//base",
"//base/third_party/dynamic_annotations",
]
defines = [ "CRYPTO_IMPLEMENTATION" ]
}
}
test("crypto_unittests") {
sources = [
# Tests.
"curve25519_unittest.cc",
"ec_private_key_unittest.cc",
"ec_signature_creator_unittest.cc",
"encryptor_unittest.cc",
"ghash_unittest.cc",
"hkdf_unittest.cc",
"hmac_unittest.cc",
"nss_util_unittest.cc",
"p224_unittest.cc",
"p224_spake_unittest.cc",
"random_unittest.cc",
"rsa_private_key_unittest.cc",
"rsa_private_key_nss_unittest.cc",
"secure_hash_unittest.cc",
"sha2_unittest.cc",
"signature_creator_unittest.cc",
"signature_verifier_unittest.cc",
"symmetric_key_unittest.cc",
]
if (use_openssl || !is_linux) {
sources -= [
"rsa_private_key_nss_unittest.cc",
]
}
if (use_openssl) {
sources -= [ "nss_util_unittest.cc" ]
}
deps = [
":crypto",
":platform",
":test_support",
"//base",
"//base/test:run_all_unittests",
"//base/test:test_support",
"//testing/gmock",
"//testing/gtest",
]
}
source_set("test_support") {
sources = [
"scoped_test_nss_db.cc",
"scoped_test_nss_db.h",
"scoped_test_nss_chromeos_user.cc",
"scoped_test_nss_chromeos_user.h",
"scoped_test_system_nss_key_slot.cc",
"scoped_test_system_nss_key_slot.h",
]
deps = [
":crypto",
":platform",
"//base",
]
if (!use_nss_certs) {
sources -= [
"scoped_test_nss_db.cc",
"scoped_test_nss_db.h",
]
}
if (!is_chromeos) {
sources -= [
"scoped_test_nss_chromeos_user.cc",
"scoped_test_nss_chromeos_user.h",
"scoped_test_system_nss_key_slot.cc",
"scoped_test_system_nss_key_slot.h",
]
}
}
# This is a meta-target that forwards to NSS's SSL library or OpenSSL,
# according to the state of the crypto flags. A target just wanting to depend
# on the current SSL library should just depend on this.
group("platform") {
if (use_openssl) {
deps = [ "//third_party/boringssl" ]
} else {
deps = [ "//net/third_party/nss/ssl:libssl" ]
if (is_linux) {
# On Linux, we use the system NSS (excepting SSL where we always use our
# own).
#
# We always need our SSL header search path to come before the system one
# so our versions are used. The libssl target will add the search path we
# want, but according to GN's ordering rules, public_configs' search path
# will get applied before ones inherited from our dependencies.
# Therefore, we need to explicitly list our custom libssl's config here
# before the system one.
public_configs = [
"//net/third_party/nss/ssl:ssl_config",
"//third_party/nss:system_nss_no_ssl_config",
]
} else {
# Non-Linux platforms use the hermetic NSS from the tree.
deps += [
"//third_party/nss:nspr",
"//third_party/nss:nss",
]
}
}
}