# Copyright 2018 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

# Stop linter from complaining XXX_unittest.cc naming.
# TODO(cylai): rename all the unittest files and enable this linting option.
# gnlint: disable=GnLintSourceFileNames

import("//common-mk/pkg_config.gni")
import("//common-mk/proto_library.gni")

group("all") {
  deps = [
    ":cryptohome",
    ":cryptohome-namespace-mounter",
    ":cryptohome-path",
    ":cryptohome-proxy",
    ":cryptohomed",
    ":encrypted-reboot-vault",
    ":homedirs_initializer",
    ":lockbox-cache",
    ":mount-encrypted",
    ":mount_encrypted_lib",
    ":tpm-manager",
  ]
  if (use.cert_provision) {
    deps += [
      ":cert_provision",
      ":cert_provision-proto",
      ":cert_provision-static",
      ":cert_provision_client",
    ]
  }
  if (use.test) {
    deps += [
      ":boot_lockbox_unittests",
      ":cryptohome_testrunner",
      ":fake_platform_unittest",
      ":mount_encrypted_unittests",
    ]
  }
  if (use.fuzzer) {
    deps += [
      ":cryptohome_cryptolib_blob_to_hex_fuzzer",
      ":cryptohome_cryptolib_rsa_oaep_decrypt_fuzzer",
      ":cryptohome_tpm1_cmk_migration_parser_fuzzer",
      ":cryptohome_user_secret_stash_parser_fuzzer",
    ]
  }
  if (use.tpm2) {
    deps += [
      ":bootlockboxd",
      ":bootlockboxtool",
    ]
  }
}

# Main programs.
executable("cryptohome") {
  sources = [ "cryptohome.cc" ]
  configs += [ "libs:target_defaults" ]
  libs = [
    "chaps",
    "keyutils",
    "policy",
    "pthread",
  ]
  deps = [
    "libs:cryptohome-proto",
    "libs:cryptohome-proto-external",
    "libs:libcrostpm",
    "libs:libcryptohome",
  ]

  # NOSORT
  pkg_deps = [
    "dbus-1",
    "libbrillo",
    "libchrome",
    "libecryptfs",
    "libmetrics",
    "libuser_data_auth-client",
    "openssl",

    # system_api depends on protobuf (or protobuf-lite). It must appear
    # before protobuf here or the linker flags won't be in the right
    # order.
    "system_api",
    "protobuf",
    "vboot_host",
  ]
}

executable("cryptohome-path") {
  sources = [ "cryptohome-path.cc" ]
  deps = [
    "libs:libcrostpm",
    "libs:libcryptohome",
  ]

  # NOSORT
  pkg_deps = [
    "libbrillo",
    "libchrome",

    # system_api depends on protobuf (or protobuf-lite). It must appear
    # before protobuf here or the linker flags won't be in the right
    # order.
    "system_api",
    "protobuf",
  ]
}

executable("cryptohomed") {
  sources = [ "cryptohomed.cc" ]
  configs += [ "libs:target_defaults" ]
  libs = [
    "chaps",
    "keyutils",
    "policy",
    "pthread",
  ]
  deps = [
    "libs:libcrostpm",
    "libs:libcryptohome",
  ]

  # NOSORT
  pkg_deps = [
    "dbus-1",
    "libbootlockbox-client",
    "libbrillo",
    "libchrome",
    "libecryptfs",
    "libmetrics",
    "openssl",

    # system_api depends on protobuf (or protobuf-lite). It must appear
    # before protobuf here or the linker flags won't be in the right
    # order.
    "system_api",
    "protobuf",
    "vboot_host",
  ]
}

# This executable is used to mount cryptohomes.
executable("cryptohome-namespace-mounter") {
  sources = [ "cryptohome_namespace_mounter/cryptohome_namespace_mounter.cc" ]
  configs += [ "libs:target_defaults" ]
  deps = [
    "libs:libcryptohome",
    "libs:namespace-mounter-ipc-proto",
  ]

  # NOSORT
  pkg_deps = [
    "libbrillo",
    "libchrome",

    # system_api depends on protobuf (or protobuf-lite). It must appear
    # before protobuf here or the linker flags won't be in the right
    # order.
    "system_api",
    "protobuf",
  ]
}

# This executable is used for the transition between old DBus interface
# and the new DBus interface.
executable("cryptohome-proxy") {
  sources = [
    "platform.cc",
    "proxy/cryptohome_proxy.cc",
    "proxy/dbus_proxy_service.cc",
    "proxy/legacy_cryptohome_interface_adaptor.cc",
  ]
  configs += [ "libs:target_defaults" ]
  deps = [
    "libs:cryptohome-proto-external",
    "libs:cryptohome_adaptors",
    "libs:libcryptohome",
  ]

  # NOSORT
  pkg_deps = [
    "dbus-1",
    "libattestation-client",
    "libbrillo",
    "libchrome",
    "libmetrics",
    "libtpm_manager-client",
    "libuser_data_auth-client",

    # system_api depends on protobuf (or protobuf-lite). It must appear
    # before protobuf here or the linker flags won't be in the right
    # order.
    "system_api",
    "protobuf",
  ]
}

executable("lockbox-cache") {
  sources = [
    "dircrypto_util.cc",
    "lockbox-cache-main.cc",
    "lockbox-cache.cc",
    "lockbox.cc",
    "platform.cc",
  ]
  configs += [ "libs:target_defaults" ]
  libs = [
    "keyutils",
    "secure_erase_file",
  ]
  deps = [
    "libs:cryptohome-proto",
    "libs:libcrostpm",
  ]
  pkg_deps = [
    "libbrillo",
    "libchrome",
    "libecryptfs",
    "libmetrics",
    "openssl",
    "vboot_host",
  ]
}

static_library("mount_encrypted_lib") {
  sources = [
    "mount_encrypted/encrypted_fs.cc",
    "mount_encrypted/encryption_key.cc",
    "mount_encrypted/mount_encrypted_metrics.cc",
    "mount_encrypted/tpm.cc",
  ]
  configs += [
    # for USE_TPM2
    "libs:target_defaults",
  ]
  defines = [ "CHROMEOS_ENVIRONMENT=1" ]
  deps = [ "libs:cryptohome-proto" ]
  pkg_deps = [
    "libbrillo",
    "libchrome",
    "openssl",
    "vboot_host",
  ]

  if (use.tpm2) {
    sources += [ "mount_encrypted/tpm2.cc" ]

    # This selects TPM2 code in vboot_host headers.
    defines += [ "TPM2_MODE=1" ]
  } else {
    sources += [ "mount_encrypted/tpm1.cc" ]
  }
}

executable("encrypted-reboot-vault") {
  sources = [
    "encrypted_reboot_vault/encrypted_reboot_vault.cc",
    "encrypted_reboot_vault/encrypted_reboot_vault_main.cc",
  ]
  deps = [ "libs:libcrostpm" ]
  pkg_deps = [
    "libbrillo",
    "libchrome",
  ]
}

executable("mount-encrypted") {
  sources = [ "mount_encrypted/mount_encrypted.cc" ]
  defines = [
    "USE_TPM_DYNAMIC=${use.tpm_dynamic}",
    "USE_TPM2_SIMULATOR=${use.tpm2_simulator}",
    "USE_VTPM_PROXY=${use.vtpm_proxy}",
  ]
  deps = [
    ":mount_encrypted_lib",
    "libs:libcrostpm",
  ]
  pkg_deps = [
    "libbrillo",
    "libchrome",
    "openssl",
    "vboot_host",
  ]
}

executable("tpm-manager") {
  sources = [ "tpm_manager.cc" ]
  configs += [ "libs:target_defaults" ]
  libs = [
    "tpm_manager",
    "attestation",
  ]

  # NOSORT
  pkg_deps = [
    "libbrillo",
    "libchrome",
    "libecryptfs",
    "libmetrics",
    "openssl",

    # system_api depends on protobuf (or protobuf-lite). It must appear
    # before protobuf here or the linker flags won't be in the right
    # order.
    "system_api",
    "protobuf",
  ]
  deps = [ "libs:libcrostpm" ]

  if (use.tpm2) {
    libs += [ "trunks" ]
  }
  if (use.tpm) {
    libs += [ "chaps" ]
    pkg_deps += [ "vboot_host" ]
  }
}

executable("homedirs_initializer") {
  sources = [ "homedirs_initializer.cc" ]
  configs += [ "libs:target_defaults" ]
  deps = [
    "libs:libcrostpm",
    "libs:libcryptohome",
  ]

  # NOSORT
  pkg_deps = [
    "libbrillo",
    "libchrome",
    "openssl",

    # system_api depends on protobuf (or protobuf-lite). It must appear
    # before protobuf here or the linker flags won't be in the right
    # order.
    "system_api",
    "protobuf",
  ]
}

if (use.cert_provision) {
  # TODO(hidehiko): Support pkg_deps in proto_library.
  pkg_config("cert_provision-proto_config") {
    pkg_deps = [ "protobuf" ]
  }

  proto_library("cert_provision-proto") {
    proto_in_dir = "./cert"
    proto_out_dir = "include/cert"
    use_pic = true
    sources = [ "cert/cert_provision.proto" ]

    # libcert_provision-proto.a is used by a shared_libary
    all_dependent_configs = [ ":cert_provision-proto_config" ]
  }

  shared_library("cert_provision") {
    deps = [ ":cert_provision-static" ]
  }

  static_library("cert_provision-static") {
    sources = [
      "cert/cert_provision.cc",
      "cert/cert_provision_keystore.cc",
      "cert/cert_provision_util.cc",
    ]
    configs += [ ":cert_provision-proto_config" ]

    # libcert_provision-static.a is used by a shared_libary
    # object, so we need to build it with '-fPIC' instead of '-fPIE'.
    configs -= [ "//common-mk:pie" ]
    configs += [ "//common-mk:pic" ]
    libs = [
      "chaps",
      "pthread",
    ]

    # NOSORT
    public_pkg_deps = [
      "libattestation-client",
      "libbrillo",
      "libchrome",
      "openssl",
      "protobuf",
    ]

    deps = [
      ":cert_provision-proto",
      "libs:cryptohome-proto",
    ]
  }

  executable("cert_provision_client") {
    sources = [ "cert/cert_provision_client.cc" ]
    deps = [ ":cert_provision" ]
    public_pkg_deps = [ "system_api" ]
    pkg_deps = [
      "libbrillo",
      "libchrome",
    ]
  }
}

if (use.test) {
  static_library("fake_platform-static") {
    sources = [
      "fake_platform.cc",
      "fake_platform/fake_fake_mount_mapping_redirect_factory.cc",
      "fake_platform/fake_mount_mapper.cc",
      "fake_platform/real_fake_mount_mapping_redirect_factory.cc",
      "fake_platform/test_file_path.cc",
      "mock_platform.cc",
      "util/get_random_suffix.cc",
    ]
    pkg_deps = [
      "libbrillo",
      "libchrome",
      "openssl",
    ]
  }

  executable("cryptohome_testrunner") {
    sources = [
      "auth_block_state_unittest.cc",
      "auth_block_unittest.cc",
      "auth_session_unittest.cc",
      "challenge_credentials/challenge_credentials_helper_impl_unittest.cc",
      "challenge_credentials/challenge_credentials_test_utils.cc",
      "challenge_credentials/fido_utils_unittest.cc",
      "cleanup/disk_cleanup_routines_unittest.cc",
      "cleanup/disk_cleanup_unittest.cc",
      "cleanup/low_disk_space_handler_unittest.cc",
      "cleanup/mock_disk_cleanup.cc",
      "cleanup/mock_disk_cleanup_routines.cc",
      "cleanup/user_oldest_activity_timestamp_cache_unittest.cc",
      "crc32_unittest.cc",
      "credential_verifier_unittest.cc",
      "credentials_unittest.cc",
      "crypto/aes_unittest.cc",
      "crypto/big_num_util_unittest.cc",
      "crypto/ecdh_hkdf_unittest.cc",
      "crypto/elliptic_curve_unittest.cc",
      "crypto/error_util_unittest.cc",
      "crypto/hkdf_unittest.cc",
      "crypto/rsa_unittest.cc",
      "crypto/scrypt_unittest.cc",
      "crypto_unittest.cc",
      "cryptohome_ecc_key_loader_unittest.cc",
      "cryptohome_keys_manager_unittest.cc",
      "cryptohome_rsa_key_loader_unittest.cc",
      "cryptorecovery/fake_recovery_mediator_crypto.cc",
      "cryptorecovery/recovery_crypto_hsm_cbor_serialization_unittest.cc",
      "cryptorecovery/recovery_crypto_unittest.cc",
      "dircrypto_data_migrator/migration_helper_unittest.cc",
      "fake_le_credential_backend.cc",
      "fido/make_credential_response_test.cc",
      "fingerprint_manager_unittest.cc",
      "firmware_management_parameters_unittest.cc",
      "fwmp_checker_platform_index_test.cc",
      "install_attributes_unittest.cc",
      "keyset_management_unittest.cc",
      "le_credential_manager_impl_unittest.cc",
      "lockbox-cache-unittest.cc",
      "lockbox_unittest.cc",
      "make_tests.cc",
      "mock_chaps_client_factory.cc",
      "mock_cryptohome_key_loader.cc",
      "mock_cryptohome_keys_manager.cc",
      "mock_firmware_management_parameters.cc",
      "mock_install_attributes.cc",
      "mock_key_challenge_service.cc",
      "mock_keystore.cc",
      "mock_lockbox.cc",
      "mock_pkcs11_init.cc",
      "mock_signature_sealing_backend.cc",
      "mock_tpm.cc",
      "password_auth_factor_unittest.cc",
      "persistent_lookup_table_unittest.cc",
      "platform_unittest.cc",
      "proxy/legacy_cryptohome_interface_adaptor.cc",
      "proxy/legacy_cryptohome_interface_adaptor_test.cc",
      "sign_in_hash_tree_unittest.cc",
      "signature_sealing_backend_test_utils.cc",
      "stateful_recovery_unittest.cc",
      "storage/arc_disk_quota_unittest.cc",
      "storage/cryptohome_vault_test.cc",
      "storage/encrypted_container/dmcrypt_container_test.cc",
      "storage/encrypted_container/ecryptfs_container_test.cc",
      "storage/encrypted_container/fscrypt_container_test.cc",
      "storage/encrypted_container/loopback_device_test.cc",
      "storage/homedirs_unittest.cc",
      "storage/mount_stack_unittest.cc",
      "storage/mount_unittest.cc",
      "storage/out_of_process_mount_helper_test.cc",
      "user_secret_stash_storage_unittest.cc",
      "user_secret_stash_unittest.cc",
      "user_session_unittest.cc",
      "userdataauth_unittest.cc",
      "util/get_random_suffix.cc",
      "vault_keyset_unittest.cc",
    ]
    configs += [
      "//common-mk:test",
      "libs:target_defaults",
    ]
    libs = [
      "chaps",
      "keyutils",
      "policy",
      "pthread",
    ]

    # TODO(crbug.com/1082873): Remove after fixing usage of deprecated
    # declarations.
    cflags_cc = [ "-Wno-error=deprecated-declarations" ]
    deps = [
      ":fake_platform-static",
      "libs:cryptohome-proto",
      "libs:libcrostpm",
      "libs:libcryptohome",
      "libs:libfido",
      "//common-mk/testrunner",
    ]

    # NOSORT
    pkg_deps = [
      "dbus-1",
      "libattestation-client",
      "libattestation-client-test",
      "libbrillo",
      "libbrillo-test",
      "libchrome",
      "libchrome-test",
      "libecryptfs",
      "libmetrics",
      "libtpm_manager-client",
      "libtpm_manager-client-test",
      "libuser_data_auth-client",
      "libuser_data_auth-client-test",
      "openssl",

      # system_api depends on protobuf (or protobuf-lite). It must appear
      # before protobuf here or the linker flags won't be in the right
      # order.
      "system_api",
      "protobuf",
      "vboot_host",
    ]

    if (use.tpm2) {
      sources += [
        "pinweaver_le_credential_backend_unittest.cc",
        "tpm2_test.cc",
      ]
      libs += [ "trunks_test" ]
    }
    if (use.tpm) {
      sources += [
        "tpm1_static_utils_unittest.cc",
        "tpm1_test.cc",
      ]
      libs += [ "hwsec_test" ]
    }

    if (use.cert_provision) {
      sources += [
        "cert/cert_provision_keystore_unittest.cc",
        "cert/cert_provision_unittest.cc",
      ]
      deps += [ ":cert_provision-static" ]
    }

    if (use.lvm_stateful_partition) {
      sources += [
        "storage/encrypted_container/logical_volume_backing_device_test.cc",
      ]
    }
  }

  executable("fake_platform_unittest") {
    sources = [
      "fake_platform/fake_mount_mapper_unittest.cc",
      "fake_platform/real_fake_mount_mapping_redirect_factory_unittest.cc",
      "fake_platform/test_file_path_unittest.cc",
    ]
    configs += [
      "//common-mk:test",
      "libs:target_defaults",
    ]
    deps = [
      ":fake_platform-static",
      "//common-mk/testrunner",
    ]
    pkg_deps = [
      "libbrillo",
      "libbrillo-test",
      "libchrome",
      "libchrome-test",
    ]
  }

  executable("mount_encrypted_unittests") {
    sources = [
      "mount_encrypted/encrypted_fs_unittest.cc",
      "mount_encrypted/encryption_key_unittest.cc",
      "mount_encrypted/tlcl_stub.cc",
    ]
    configs += [
      "//common-mk:test",
      "libs:target_defaults",
    ]
    deps = [
      ":fake_platform-static",
      ":mount_encrypted_lib",
      "libs:libcrostpm",
      "//common-mk/testrunner",
    ]
    pkg_deps = [
      "libbrillo",
      "libbrillo-test",
      "libchrome",
      "libchrome-test",
    ]

    if (use.tpm2) {
      defines = [ "TPM2_MODE=1" ]
    }
  }

  executable("boot_lockbox_unittests") {
    configs += [
      "//common-mk:test",
      "libs:target_defaults",
    ]
    deps = [ "//common-mk/testrunner" ]

    # NOSORT
    pkg_deps = [
      "libbrillo",
      "libbrillo-test",
      "libchrome",
      "libchrome-test",
      "libtpm_manager-client",
      "libtpm_manager-client-test",
      "openssl",

      # system_api depends on protobuf (or protobuf-lite). It must appear
      # before protobuf here or the linker flags won't be in the right
      # order.
      "system_api",
      "protobuf",
    ]

    if (use.tpm2) {
      sources = [
        "bootlockbox/boot_lockbox_dbus_adaptor.cc",
        "bootlockbox/boot_lockbox_service_unittest.cc",
        "bootlockbox/fake_tpm_nvspace_utility.cc",
        "bootlockbox/nvram_boot_lockbox_unittest.cc",
        "bootlockbox/tpm2_nvspace_utility_unittest.cc",
      ]
      defines = [ "TPM2_MODE=1" ]
      libs = [
        "tpm_manager",
        "trunks",
        "trunks_test",
      ]
      deps += [
        ":tpm-manager",
        "libs:libcrostpm",
        "libs:libnvram-boot-lockbox",
      ]
    }
  }
}

if (use.tpm2) {
  executable("bootlockboxtool") {
    sources = [ "bootlockbox/boot_lockbox_tool.cc" ]

    # NOSORT
    pkg_deps = [
      "libbootlockbox-client",
      "libbrillo",
      "libchrome",

      # system_api depends on protobuf (or protobuf-lite). It must appear
      # before protobuf here or the linker flags won't be in the right
      # order.
      "system_api",
      "protobuf",
    ]
    defines = [
      "USE_TPM1=${use.tpm}",
      "USE_TPM2=${use.tpm2}",
      "USE_TPM_DYNAMIC=${use.tpm_dynamic}",
    ]
    deps = [ "libs:libnvram-boot-lockbox" ]
  }

  executable("bootlockboxd") {
    sources = [
      "bootlockbox/boot_lockbox_dbus_adaptor.cc",
      "bootlockbox/boot_lockbox_service.cc",
      "bootlockbox/boot_lockboxd.cc",
    ]

    # NOSORT
    pkg_deps = [
      "libbrillo",
      "libchrome",
      "libmetrics",
      "libecryptfs",
      "openssl",

      # system_api depends on protobuf (or protobuf-lite). It must appear
      # before protobuf here or the linker flags won't be in the right
      # order.
      "system_api",
      "protobuf",
      "vboot_host",
    ]
    defines = [
      "USE_TPM1=${use.tpm}",
      "USE_TPM2=${use.tpm2}",
      "USE_TPM_DYNAMIC=${use.tpm_dynamic}",
    ]
    libs = [
      "chaps",
      "keyutils",
      "tpm_manager",
      "trunks",
    ]
    deps = [
      "libs:bootlockbox-adaptors",
      "libs:libcrostpm",
      "libs:libnvram-boot-lockbox",
    ]
  }
}

if (use.fuzzer) {
  executable("cryptohome_cryptolib_rsa_oaep_decrypt_fuzzer") {
    sources = [
      "fuzzers/blob_mutator.cc",
      "fuzzers/cryptolib_rsa_oaep_decrypt_fuzzer.cc",
    ]
    configs += [ "//common-mk/common_fuzzer" ]
    deps = [ "libs:libcrosplatform" ]
    pkg_deps = [
      "libbrillo",
      "libchrome",
      "libchrome-test",
      "openssl",
    ]
  }

  executable("cryptohome_tpm1_cmk_migration_parser_fuzzer") {
    sources = [
      "fuzzers/blob_mutator.cc",
      "fuzzers/tpm1_cmk_migration_parser_fuzzer.cc",
    ]
    libs = [ "hwsec" ]
    configs += [ "//common-mk/common_fuzzer" ]
    deps = [
      "libs:libcrosplatform",
      "libs:libcrostpm",
    ]
    pkg_deps = [
      "libbrillo",
      "libchrome",
      "libchrome-test",
      "openssl",
      "system_api",
    ]

    # TODO(crbug/1144974): This is a workaround to let the fuzzer can build on TPM2 devices.
    if (!use.tpm) {
      sources += [
        "signature_sealing_backend_tpm1_impl.cc",
        "tpm1_static_utils.cc",
        "tpm_impl.cc",
        "tpm_metrics.cc",
      ]
      libs += [ "tspi" ]
      deps += [ "//libhwsec:overalls_library" ]
    }
  }

  executable("cryptohome_cryptolib_blob_to_hex_fuzzer") {
    sources = [ "fuzzers/cryptolib_blob_to_hex_fuzzer.cc" ]
    configs += [ "//common-mk/common_fuzzer" ]
    deps = [ "libs:libcrosplatform" ]
  }

  executable("cryptohome_user_secret_stash_parser_fuzzer") {
    sources = [
      "fuzzers/blob_mutator.cc",
      "fuzzers/user_secret_stash_parser_fuzzer.cc",
    ]
    configs += [ "//common-mk/common_fuzzer" ]
    deps = [ "libs:libcrosplatform" ]
  }
}