| # Copyright 2018 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| # Stop linter from complaining XXX_unittest.cc naming. |
| # TODO(cylai): rename all the unittest files and enable this linting option. |
| # gnlint: disable=GnLintSourceFileNames |
| |
| import("//common-mk/pkg_config.gni") |
| import("//common-mk/proto_library.gni") |
| |
| group("all") { |
| deps = [ |
| ":bootlockboxd", |
| ":bootlockboxtool", |
| ":cryptohome", |
| ":cryptohome-namespace-mounter", |
| ":cryptohome-path", |
| ":cryptohomed", |
| ":encrypted-reboot-vault", |
| ":homedirs_initializer", |
| ":lockbox-cache", |
| ":mount-encrypted", |
| ":mount_encrypted_lib", |
| ":tpm-manager", |
| ] |
| if (use.cert_provision) { |
| deps += [ |
| ":cert_provision", |
| ":cert_provision-proto", |
| ":cert_provision-static", |
| ":cert_provision_client", |
| ] |
| } |
| if (use.test) { |
| deps += [ |
| ":boot_lockbox_unittests", |
| ":cryptohome_testrunner", |
| ":error_location_check", |
| ":fake_platform_unittest", |
| ":mount_encrypted_unittests", |
| ] |
| } |
| if (use.fuzzer) { |
| deps += [ |
| ":cryptohome_cryptolib_blob_to_hex_fuzzer", |
| ":cryptohome_cryptolib_rsa_oaep_decrypt_fuzzer", |
| ":cryptohome_tpm1_cmk_migration_parser_fuzzer", |
| ":cryptohome_user_secret_stash_parser_fuzzer", |
| ] |
| } |
| } |
| |
| config("target_defaults") { |
| configs = [ "libs:target_defaults" ] |
| } |
| |
| config("local_print_proto_include") { |
| # This config is used when any build target used the print_proto. |
| include_dirs = [ "${target_gen_dir}/.." ] |
| } |
| |
| action("print_proto_library") { |
| dbus_proto_path = "${sysroot}/usr/include/chromeos/dbus/cryptohome" |
| script = "../libhwsec-foundation/utility/proto_print.py" |
| inputs = [ |
| "${dbus_proto_path}/auth_factor.proto", |
| "${dbus_proto_path}/fido.proto", |
| "${dbus_proto_path}/key.proto", |
| "${dbus_proto_path}/rpc.proto", |
| "${dbus_proto_path}/UserDataAuth.proto", |
| ] |
| outputs = [ |
| "${target_gen_dir}/common/print_auth_factor_proto.cc", |
| "${target_gen_dir}/common/print_fido_proto.cc", |
| "${target_gen_dir}/common/print_key_proto.cc", |
| "${target_gen_dir}/common/print_rpc_proto.cc", |
| "${target_gen_dir}/common/print_UserDataAuth_proto.cc", |
| ] |
| args = [ |
| "--package-dir", |
| "cryptohome", |
| "--subdir", |
| "common", |
| "--proto-include", |
| "cryptohome/proto_bindings", |
| "--output-dir", |
| "${target_gen_dir}/common", |
| ] + inputs |
| } |
| |
| # Main programs. |
| executable("cryptohome") { |
| sources = [ "cryptohome.cc" ] |
| sources += get_target_outputs(":print_proto_library") |
| configs += [ |
| ":local_print_proto_include", |
| ":target_defaults", |
| ] |
| libs = [ |
| "chaps", |
| "keyutils", |
| "policy", |
| "pthread", |
| ] |
| deps = [ |
| ":print_proto_library", |
| "libs:cryptohome-proto", |
| "libs:libcrostpm", |
| "libs:libcryptohome", |
| ] |
| |
| pkg_deps = [ |
| "dbus-1", |
| "libecryptfs", |
| "libmetrics", |
| "libuser_data_auth-client", |
| "vboot_host", |
| ] |
| } |
| |
| executable("cryptohome-path") { |
| sources = [ "cryptohome-path.cc" ] |
| deps = [ |
| "libs:libcrostpm", |
| "libs:libcryptohome", |
| ] |
| } |
| |
| executable("cryptohomed") { |
| sources = [ "cryptohomed.cc" ] |
| configs += [ ":target_defaults" ] |
| libs = [ |
| "chaps", |
| "keyutils", |
| "policy", |
| "pthread", |
| ] |
| deps = [ |
| "libs:libcrostpm", |
| "libs:libcryptohome", |
| ] |
| |
| pkg_deps = [ |
| "dbus-1", |
| "libbootlockbox-client", |
| "libecryptfs", |
| "libmetrics", |
| "vboot_host", |
| ] |
| } |
| |
| # This executable is used to mount cryptohomes. |
| executable("cryptohome-namespace-mounter") { |
| sources = [ "cryptohome_namespace_mounter/cryptohome_namespace_mounter.cc" ] |
| configs += [ ":target_defaults" ] |
| deps = [ |
| "libs:libcryptohome", |
| "libs:namespace-mounter-ipc-proto", |
| ] |
| } |
| |
| executable("lockbox-cache") { |
| sources = [ |
| "dircrypto_util.cc", |
| "lockbox-cache-main.cc", |
| "lockbox-cache.cc", |
| "lockbox.cc", |
| "platform.cc", |
| ] |
| configs += [ ":target_defaults" ] |
| libs = [ |
| "keyutils", |
| "secure_erase_file", |
| ] |
| deps = [ |
| "libs:cryptohome-proto", |
| "libs:libcrostpm", |
| ] |
| pkg_deps = [ |
| "libecryptfs", |
| "libmetrics", |
| "vboot_host", |
| ] |
| } |
| |
| static_library("mount_encrypted_lib") { |
| sources = [ |
| "mount_encrypted/encrypted_fs.cc", |
| "mount_encrypted/encryption_key.cc", |
| "mount_encrypted/mount_encrypted_metrics.cc", |
| "mount_encrypted/tpm.cc", |
| ] |
| configs += [ ":target_defaults" ] |
| defines = [ "CHROMEOS_ENVIRONMENT=1" ] |
| deps = [ "libs:cryptohome-proto" ] |
| pkg_deps = [ "vboot_host" ] |
| |
| if (use.tpm2) { |
| sources += [ "mount_encrypted/tpm2.cc" ] |
| |
| # This selects TPM2 code in vboot_host headers. |
| defines += [ "TPM2_MODE=1" ] |
| } else { |
| sources += [ "mount_encrypted/tpm1.cc" ] |
| } |
| } |
| |
| executable("encrypted-reboot-vault") { |
| sources = [ |
| "encrypted_reboot_vault/encrypted_reboot_vault.cc", |
| "encrypted_reboot_vault/encrypted_reboot_vault_main.cc", |
| ] |
| deps = [ "libs:libcrostpm" ] |
| } |
| |
| executable("mount-encrypted") { |
| sources = [ "mount_encrypted/mount_encrypted.cc" ] |
| configs += [ ":target_defaults" ] |
| deps = [ |
| ":mount_encrypted_lib", |
| "libs:libcrostpm", |
| ] |
| pkg_deps = [ "vboot_host" ] |
| } |
| |
| executable("tpm-manager") { |
| sources = [ "tpm_manager.cc" ] |
| configs += [ ":target_defaults" ] |
| libs = [ |
| "tpm_manager", |
| "attestation", |
| ] |
| |
| pkg_deps = [ |
| "libecryptfs", |
| "libmetrics", |
| ] |
| deps = [ "libs:libcrostpm" ] |
| |
| if (use.tpm2) { |
| libs += [ "trunks" ] |
| } |
| if (use.tpm) { |
| libs += [ "chaps" ] |
| pkg_deps += [ "vboot_host" ] |
| } |
| } |
| |
| executable("homedirs_initializer") { |
| sources = [ "homedirs_initializer.cc" ] |
| configs += [ ":target_defaults" ] |
| deps = [ |
| "libs:libcrostpm", |
| "libs:libcryptohome", |
| ] |
| } |
| |
| if (use.cert_provision) { |
| proto_library("cert_provision-proto") { |
| proto_in_dir = "./cert" |
| proto_out_dir = "include/cert" |
| use_pic = true |
| sources = [ "cert/cert_provision.proto" ] |
| } |
| |
| shared_library("cert_provision") { |
| deps = [ ":cert_provision-static" ] |
| } |
| |
| pkg_config("cert_provision_deps") { |
| pkg_deps = [ |
| "libattestation-client", |
| "libbrillo", |
| "libchrome", |
| "system_api", |
| ] |
| if (use.fuzzer) { |
| pkg_deps += [ "protobuf" ] |
| } else { |
| pkg_deps += [ "protobuf-lite" ] |
| } |
| } |
| |
| static_library("cert_provision-static") { |
| sources = [ |
| "cert/cert_provision.cc", |
| "cert/cert_provision_keystore.cc", |
| "cert/cert_provision_util.cc", |
| ] |
| |
| # libcert_provision-static.a is used by a shared_libary |
| # object, so we need to build it with '-fPIC' instead of '-fPIE'. |
| configs -= [ "//common-mk:pie" ] |
| configs += [ "//common-mk:pic" ] |
| libs = [ |
| "chaps", |
| "pthread", |
| ] |
| |
| all_dependent_configs = [ ":cert_provision_deps" ] |
| |
| deps = [ |
| ":cert_provision-proto", |
| "libs:cryptohome-proto", |
| ] |
| } |
| |
| executable("cert_provision_client") { |
| sources = [ "cert/cert_provision_client.cc" ] |
| deps = [ ":cert_provision" ] |
| } |
| } |
| |
| if (use.test) { |
| static_library("fake_platform-static") { |
| sources = [ |
| "fake_platform.cc", |
| "fake_platform/fake_fake_mount_mapping_redirect_factory.cc", |
| "fake_platform/fake_mount_mapper.cc", |
| "fake_platform/real_fake_mount_mapping_redirect_factory.cc", |
| "fake_platform/test_file_path.cc", |
| "mock_platform.cc", |
| ] |
| deps = [ "libs:libcrosplatform" ] |
| pkg_deps = [ |
| "libbrillo", |
| "libchrome", |
| ] |
| } |
| |
| executable("cryptohome_testrunner") { |
| sources = [ |
| "auth_blocks/async_challenge_credential_auth_block_test.cc", |
| "auth_blocks/auth_block_state_unittest.cc", |
| "auth_blocks/auth_block_unittest.cc", |
| "auth_blocks/auth_block_utility_impl_unittest.cc", |
| "auth_blocks/revocation_unittest.cc", |
| "auth_blocks/sync_to_async_auth_block_adapter_test.cc", |
| "auth_factor/auth_factor_label_unittest.cc", |
| "auth_factor/auth_factor_manager_unittest.cc", |
| "auth_factor/auth_factor_metadata_unittest.cc", |
| "auth_factor/auth_factor_unittest.cc", |
| "auth_factor/auth_factor_utils_unittest.cc", |
| "auth_factor_vault_keyset_converter_unittest.cc", |
| "auth_input_utils_unittest.cc", |
| "auth_session_manager_unittest.cc", |
| "auth_session_unittest.cc", |
| "challenge_credentials/challenge_credentials_helper_impl_unittest.cc", |
| "challenge_credentials/challenge_credentials_test_utils.cc", |
| "challenge_credentials/fido_utils_unittest.cc", |
| "cleanup/disk_cleanup_routines_unittest.cc", |
| "cleanup/disk_cleanup_unittest.cc", |
| "cleanup/low_disk_space_handler_unittest.cc", |
| "cleanup/mock_disk_cleanup.cc", |
| "cleanup/mock_disk_cleanup_routines.cc", |
| "cleanup/user_oldest_activity_timestamp_manager_unittest.cc", |
| "crc32_unittest.cc", |
| "credential_verifier_unittest.cc", |
| "credentials_unittest.cc", |
| "crypto_unittest.cc", |
| "cryptohome_ecc_key_loader_unittest.cc", |
| "cryptohome_keys_manager_unittest.cc", |
| "cryptohome_rsa_key_loader_unittest.cc", |
| "cryptorecovery/fake_recovery_mediator_crypto.cc", |
| "cryptorecovery/recovery_crypto_hsm_cbor_serialization_unittest.cc", |
| "cryptorecovery/recovery_crypto_unittest.cc", |
| "dircrypto_data_migrator/migration_helper_unittest.cc", |
| "error/converter_test.cc", |
| "error/cryptohome_crypto_error_test.cc", |
| "error/cryptohome_error_test.cc", |
| "error/cryptohome_le_cred_error_test.cc", |
| "error/cryptohome_mount_error_test.cc", |
| "error/cryptohome_tpm_error_test.cc", |
| "error/reporting_test.cc", |
| "fake_le_credential_backend.cc", |
| "fido/make_credential_response_test.cc", |
| "fingerprint_manager_unittest.cc", |
| "firmware_management_parameters_unittest.cc", |
| "fwmp_checker_platform_index_test.cc", |
| "install_attributes_unittest.cc", |
| "key_objects_unittest.cc", |
| "keyset_management_unittest.cc", |
| "le_credential_manager_impl_unittest.cc", |
| "lockbox-cache-unittest.cc", |
| "lockbox_unittest.cc", |
| "mock_cryptohome_key_loader.cc", |
| "mock_cryptohome_keys_manager.cc", |
| "mock_firmware_management_parameters.cc", |
| "mock_install_attributes.cc", |
| "mock_key_challenge_service.cc", |
| "mock_lockbox.cc", |
| "mock_pkcs11_init.cc", |
| "mock_signature_sealing_backend.cc", |
| "mock_tpm.cc", |
| "persistent_lookup_table_unittest.cc", |
| "platform_unittest.cc", |
| "sign_in_hash_tree_unittest.cc", |
| "signature_sealing/structures_proto_test.cc", |
| "signature_sealing_backend_test_utils.cc", |
| "stateful_recovery_unittest.cc", |
| "storage/arc_disk_quota_unittest.cc", |
| "storage/cryptohome_vault_test.cc", |
| "storage/encrypted_container/dmcrypt_container_test.cc", |
| "storage/encrypted_container/ecryptfs_container_test.cc", |
| "storage/encrypted_container/ephemeral_container_test.cc", |
| "storage/encrypted_container/fscrypt_container_test.cc", |
| "storage/encrypted_container/loopback_device_test.cc", |
| "storage/encrypted_container/ramdisk_device_test.cc", |
| "storage/homedirs_unittest.cc", |
| "storage/mount_stack_unittest.cc", |
| "storage/mount_unittest.cc", |
| "storage/out_of_process_mount_helper_test.cc", |
| "user_secret_stash_storage_unittest.cc", |
| "user_secret_stash_unittest.cc", |
| "user_session/real_user_session_unittest.cc", |
| "userdataauth_auth_session_unittest.cc", |
| "userdataauth_unittest.cc", |
| "uss_experiment_config_fetcher_unittest.cc", |
| "vault_keyset_unittest.cc", |
| ] |
| configs += [ |
| "//common-mk:test", |
| ":target_defaults", |
| ] |
| libs = [ |
| "chaps", |
| "keyutils", |
| "policy", |
| "pthread", |
| ] |
| |
| deps = [ |
| ":fake_platform-static", |
| "libs:cryptohome-proto", |
| "libs:libcrostpm", |
| "libs:libcryptohome", |
| "libs:libfido", |
| "//common-mk/testrunner", |
| ] |
| |
| pkg_deps = [ |
| "dbus-1", |
| "libattestation-client", |
| "libattestation-client-test", |
| "libbrillo-test", |
| "libchrome-test", |
| "libecryptfs", |
| "libmetrics", |
| "libshill-client", |
| "libshill-client-test", |
| "libtpm_manager-client", |
| "libtpm_manager-client-test", |
| "libuser_data_auth-client", |
| "libuser_data_auth-client-test", |
| "vboot_host", |
| ] |
| |
| if (use.tpm2) { |
| sources += [ |
| "cryptorecovery/recovery_crypto_tpm2_backend_impl_unittest.cc", |
| "error/cryptohome_tpm2_error_test.cc", |
| "error/reporting_tpm2_test.cc", |
| "pinweaver_le_credential_backend_unittest.cc", |
| "tpm2_test.cc", |
| ] |
| libs += [ "trunks_test" ] |
| } |
| if (use.tpm) { |
| sources += [ |
| "cryptorecovery/recovery_crypto_tpm1_backend_impl_unittest.cc", |
| "error/cryptohome_tpm1_error_test.cc", |
| "error/reporting_tpm1_test.cc", |
| "tpm1_static_utils_unittest.cc", |
| "tpm1_test.cc", |
| ] |
| libs += [ "hwsec_test" ] |
| } |
| |
| if (use.cert_provision) { |
| sources += [ |
| "cert/cert_provision_keystore_unittest.cc", |
| "cert/cert_provision_unittest.cc", |
| ] |
| deps += [ ":cert_provision-static" ] |
| } |
| |
| if (use.lvm_stateful_partition) { |
| sources += [ |
| "storage/encrypted_container/logical_volume_backing_device_test.cc", |
| ] |
| } |
| } |
| |
| executable("fake_platform_unittest") { |
| sources = [ |
| "fake_platform/fake_mount_mapper_unittest.cc", |
| "fake_platform/real_fake_mount_mapping_redirect_factory_unittest.cc", |
| "fake_platform/test_file_path_unittest.cc", |
| ] |
| configs += [ |
| "//common-mk:test", |
| ":target_defaults", |
| ] |
| deps = [ |
| ":fake_platform-static", |
| "//common-mk/testrunner", |
| ] |
| pkg_deps = [ |
| "libbrillo-test", |
| "libchrome-test", |
| ] |
| } |
| |
| executable("mount_encrypted_unittests") { |
| sources = [ |
| "mount_encrypted/encrypted_fs_unittest.cc", |
| "mount_encrypted/encryption_key_unittest.cc", |
| "mount_encrypted/tlcl_stub.cc", |
| ] |
| configs += [ |
| "//common-mk:test", |
| ":target_defaults", |
| ] |
| deps = [ |
| ":fake_platform-static", |
| ":mount_encrypted_lib", |
| "libs:libcrostpm", |
| "//common-mk/testrunner", |
| ] |
| pkg_deps = [ |
| "libbrillo-test", |
| "libchrome-test", |
| ] |
| |
| if (use.tpm2) { |
| defines = [ "TPM2_MODE=1" ] |
| } |
| } |
| |
| executable("boot_lockbox_unittests") { |
| sources = [ |
| "bootlockbox/boot_lockbox_dbus_adaptor.cc", |
| "bootlockbox/boot_lockbox_service_unittest.cc", |
| "bootlockbox/fake_tpm_nvspace.cc", |
| "bootlockbox/nvram_boot_lockbox_unittest.cc", |
| "bootlockbox/tpm_nvspace_impl_unittest.cc", |
| ] |
| libs = [ "tpm_manager" ] |
| configs += [ |
| "//common-mk:test", |
| ":target_defaults", |
| ] |
| |
| pkg_deps = [ |
| "libbrillo-test", |
| "libchrome-test", |
| "libtpm_manager-client", |
| "libtpm_manager-client-test", |
| ] |
| deps = [ |
| ":tpm-manager", |
| "libs:libcrostpm", |
| "libs:libnvram-boot-lockbox", |
| "//common-mk/testrunner", |
| ] |
| } |
| } |
| |
| executable("bootlockboxtool") { |
| sources = [ "bootlockbox/boot_lockbox_tool.cc" ] |
| |
| configs += [ ":target_defaults" ] |
| pkg_deps = [ "libbootlockbox-client" ] |
| deps = [ "libs:libnvram-boot-lockbox" ] |
| } |
| |
| executable("bootlockboxd") { |
| sources = [ |
| "bootlockbox/boot_lockbox_dbus_adaptor.cc", |
| "bootlockbox/boot_lockbox_service.cc", |
| "bootlockbox/boot_lockboxd.cc", |
| ] |
| |
| configs += [ ":target_defaults" ] |
| pkg_deps = [ |
| "libecryptfs", |
| "libmetrics", |
| "vboot_host", |
| ] |
| libs = [ |
| "keyutils", |
| "tpm_manager", |
| ] |
| deps = [ |
| "libs:bootlockbox-adaptors", |
| "libs:libcrostpm", |
| "libs:libnvram-boot-lockbox", |
| ] |
| } |
| |
| if (use.fuzzer) { |
| executable("cryptohome_cryptolib_rsa_oaep_decrypt_fuzzer") { |
| sources = [ |
| "fuzzers/blob_mutator.cc", |
| "fuzzers/cryptolib_rsa_oaep_decrypt_fuzzer.cc", |
| ] |
| libs = [ "hwsec-foundation" ] |
| configs += [ "//common-mk/common_fuzzer" ] |
| deps = [ "libs:libcrosplatform" ] |
| pkg_deps = [ "libchrome-test" ] |
| } |
| |
| executable("cryptohome_tpm1_cmk_migration_parser_fuzzer") { |
| sources = [ |
| "fuzzers/blob_mutator.cc", |
| "fuzzers/tpm1_cmk_migration_parser_fuzzer.cc", |
| ] |
| libs = [ |
| "hwsec", |
| "hwsec-foundation", |
| ] |
| configs += [ "//common-mk/common_fuzzer" ] |
| deps = [ |
| "libs:libcrosplatform", |
| "libs:libcrostpm", |
| ] |
| pkg_deps = [ "libchrome-test" ] |
| |
| # TODO(crbug/1144974): This is a workaround to let the fuzzer can build on TPM2 devices. |
| if (!use.tpm) { |
| sources += [ |
| "cryptorecovery/recovery_crypto_tpm1_backend_impl.cc", |
| "signature_sealing_backend_tpm1_impl.cc", |
| "tpm1_static_utils.cc", |
| "tpm_impl.cc", |
| "tpm_metrics.cc", |
| ] |
| libs += [ "tspi" ] |
| deps += [ "//libhwsec:overalls_library" ] |
| } |
| } |
| |
| executable("cryptohome_cryptolib_blob_to_hex_fuzzer") { |
| sources = [ "fuzzers/cryptolib_blob_to_hex_fuzzer.cc" ] |
| libs = [ "hwsec-foundation" ] |
| configs += [ "//common-mk/common_fuzzer" ] |
| deps = [ "libs:libcrosplatform" ] |
| } |
| |
| executable("cryptohome_user_secret_stash_parser_fuzzer") { |
| sources = [ |
| "fuzzers/blob_mutator.cc", |
| "fuzzers/user_secret_stash_parser_fuzzer.cc", |
| ] |
| libs = [ "hwsec-foundation" ] |
| configs += [ "//common-mk/common_fuzzer" ] |
| deps = [ |
| "libs:libcrosplatform", |
| "libs:libcryptohome", |
| ] |
| } |
| } |
| |
| action("error_location_check") { |
| outputs = [ "${target_gen_dir}/error_checked" ] |
| |
| # gn requires an output to determine if we need to run the script. |
| deps = [ ":cryptohomed" ] |
| |
| # If any source that contributes to cryptohomed changed, we might need to |
| # check again. |
| |
| script = "error/tool/location_db.py" |
| args = [ "--check" ] |
| } |
