| # Copyright 2018 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| # This file defines library targets and other auxillary definitions that |
| # are used for the resulting executable targets. |
| |
| import("//common-mk/flatbuffer.gni") |
| import("//common-mk/generate-dbus-adaptors.gni") |
| import("//common-mk/generate-dbus-proxies.gni") |
| import("//common-mk/pkg_config.gni") |
| import("//common-mk/proto_library.gni") |
| |
| config("target_defaults") { |
| defines = [ |
| "USE_LVM_STATEFUL_PARTITION=${use.lvm_stateful_partition}", |
| "USE_PINWEAVER=${use.pinweaver}", |
| "USE_SELINUX=${use.selinux}", |
| "USE_TPM_DYNAMIC=${use.tpm_dynamic}", |
| "USE_TPM1=${use.tpm}", |
| "USE_TPM2=${use.tpm2}", |
| "USE_DOUBLE_EXTEND_PCR_ISSUE=${use.double_extend_pcr_issue}", |
| "USE_MOUNT_OOP=${use.mount_oop}", |
| "USE_USER_SESSION_ISOLATION=${use.user_session_isolation}", |
| "USE_SLOW_MOUNT=${use.slow_mount}", |
| ] |
| } |
| |
| # Protobufs. |
| action("cryptohome-proto-external") { |
| proto_out_dir = target_gen_dir |
| dbus_proto_path = "${sysroot}/usr/include/chromeos/dbus/cryptohome" |
| policy_proto_path = "${sysroot}/usr/include/proto" |
| script = "external_proto_generator.py" |
| inputs = [ |
| "${dbus_proto_path}/fido.proto", |
| "${dbus_proto_path}/key.proto", |
| "${dbus_proto_path}/rpc.proto", |
| "${dbus_proto_path}/signed_secret.proto", |
| "${dbus_proto_path}/UserDataAuth.proto", |
| "${policy_proto_path}/install_attributes.proto", |
| ] |
| outputs = |
| process_file_template(inputs, [ "${proto_out_dir}/{{source_file_part}}" ]) |
| args = [ |
| "-o", |
| "${target_gen_dir}", |
| ] + inputs |
| } |
| |
| pkg_config("cryptohome-proto_config") { |
| pkg_deps = [ "protobuf" ] |
| } |
| |
| flatbuffer("cryptohome-flatbuffers") { |
| flatc_out_dir = "include/cryptohome" |
| flatc_args = [ |
| # Default flatbuffer flags used in Chrome OS. |
| "--cpp", |
| "--keep-prefix", |
| |
| # Generate code for enums using C++11 scoped enums. |
| "--scoped-enums", |
| ] |
| if (use.test) { |
| # Tests use Flatbuffers Object based API (which is more convenient but |
| # doesn't allow to use a secure allocator). |
| flatc_args += [ "--gen-object-api" ] |
| } |
| sources = [ |
| "../flatbuffer_schemas/user_secret_stash_container.fbs", |
| "../flatbuffer_schemas/user_secret_stash_payload.fbs", |
| ] |
| } |
| |
| proto_library("cryptohome-proto") { |
| proto_in_dir = ".." |
| proto_out_dir = "include/cryptohome" |
| proto_lib_dirs = [ target_gen_dir ] |
| |
| # libcryptohome-proto.a is used by a shared_libary |
| # object, so we need to build it with '-fPIC' instead of '-fPIE'. |
| use_pic = true |
| |
| sources = [ |
| "${proto_in_dir}/attestation.proto", |
| "${proto_in_dir}/boot_lockbox_key.proto", |
| "${proto_in_dir}/fake_le_credential_metadata.proto", |
| "${proto_in_dir}/hash_tree_leaf_data.proto", |
| "${proto_in_dir}/signature_sealed_data.proto", |
| "${proto_in_dir}/timestamp.proto", |
| "${proto_in_dir}/tpm_status.proto", |
| "${proto_in_dir}/vault_keyset.proto", |
| ] |
| all_dependent_configs = [ ":cryptohome-proto_config" ] |
| public_deps = [ ":cryptohome-generated-proto" ] |
| } |
| |
| # Files generated by cryptohome-proto-external. |
| # TODO(oka): merge this with cryptohome-proto allowing proto_library to take |
| # sources in different directories. |
| proto_library("cryptohome-generated-proto") { |
| proto_in_dir = target_gen_dir |
| proto_out_dir = "include/cryptohome" |
| |
| # libcryptohome-proto.a is used by a shared_libary |
| # object, so we need to build it with '-fPIC' instead of '-fPIE'. |
| use_pic = true |
| sources = get_target_outputs(":cryptohome-proto-external") |
| public_deps = [ ":cryptohome-proto-external" ] |
| } |
| |
| generate_dbus_proxies("cryptohome-key-delegate-proxies") { |
| proxy_output_file = "include/cryptohome_key_delegate/dbus-proxies.h" |
| sources = |
| [ "../dbus_bindings/org.chromium.CryptohomeKeyDelegateInterface.xml" ] |
| } |
| |
| pkg_config("libcrosplatform_dependent_config") { |
| pkg_deps = [ |
| "libbrillo", |
| "libchrome", |
| "libecryptfs", |
| "libmetrics", |
| "openssl", |
| "vboot_host", |
| ] |
| } |
| |
| # Common objects. |
| static_library("libcrosplatform") { |
| sources = [ |
| "../crypto/aes.cc", |
| "../crypto/big_num_util.cc", |
| "../crypto/ecdh_hkdf.cc", |
| "../crypto/elliptic_curve.cc", |
| "../crypto/error_util.cc", |
| "../crypto/hkdf.cc", |
| "../crypto/hmac.cc", |
| "../crypto/rsa.cc", |
| "../crypto/scrypt.cc", |
| "../crypto/secure_blob_util.cc", |
| "../crypto/sha.cc", |
| "../cryptohome_metrics.cc", |
| "../cryptorecovery/recovery_crypto.cc", |
| "../cryptorecovery/recovery_crypto_hsm_cbor_serialization.cc", |
| "../cryptorecovery/recovery_crypto_util.h", |
| "../dircrypto_util.cc", |
| "../libscrypt_compat.cc", |
| "../platform.cc", |
| "../storage/encrypted_container/backing_device_factory.cc", |
| "../storage/encrypted_container/dmcrypt_container.cc", |
| "../storage/encrypted_container/ecryptfs_container.cc", |
| "../storage/encrypted_container/encrypted_container_factory.cc", |
| "../storage/encrypted_container/fscrypt_container.cc", |
| "../storage/encrypted_container/loopback_device.cc", |
| "../user_secret_stash.cc", |
| ] |
| configs += [ ":target_defaults" ] |
| libs = [ |
| "keyutils", |
| "rootdev", |
| "secure_erase_file", |
| ] |
| if (use.selinux) { |
| libs += [ "selinux" ] |
| } |
| defines = [ "USE_LVM_STATEFUL_PARTIITON=${use.lvm_stateful_partition}" ] |
| if (use.lvm_stateful_partition) { |
| sources += |
| [ "../storage/encrypted_container/logical_volume_backing_device.cc" ] |
| } |
| all_dependent_configs = [ ":libcrosplatform_dependent_config" ] |
| deps = [ ":cryptohome-proto" ] |
| } |
| |
| pkg_config("libcrostpm_dependent_config") { |
| pkg_deps = [ |
| "libbrillo", |
| "libchrome", |
| "openssl", |
| ] |
| } |
| |
| static_library("libcrostpm") { |
| sources = [ |
| "../auth_session.cc", |
| "../challenge_credential_auth_block.cc", |
| "../crc8.c", |
| "../crypto.cc", |
| "../crypto_error.cc", |
| "../cryptohome_key_loader.cc", |
| "../cryptohome_keys_manager.cc", |
| "../cryptohome_recovery_auth_block.cc", |
| "../cryptohome_rsa_key_loader.cc", |
| "../double_wrapped_compat_auth_block.cc", |
| "../firmware_management_parameters.cc", |
| "../fwmp_checker_owner_index.cc", |
| "../fwmp_checker_platform_index.cc", |
| "../install_attributes.cc", |
| "../key_objects.cc", |
| "../le_credential_manager_impl.cc", |
| "../libscrypt_compat_auth_block.cc", |
| "../lockbox.cc", |
| "../password_auth_factor.cc", |
| "../persistent_lookup_table.cc", |
| "../pin_weaver_auth_block.cc", |
| "../pkcs11_init.cc", |
| "../pkcs11_keystore.cc", |
| "../sign_in_hash_tree.cc", |
| "../tpm.cc", |
| "../tpm_auth_block_utils.cc", |
| "../tpm_bound_to_pcr_auth_block.cc", |
| "../tpm_not_bound_to_pcr_auth_block.cc", |
| "../vault_keyset.cc", |
| ] |
| defines = [ "PLATFORM_FWMP_INDEX=${use.generic_tpm2}" ] |
| configs += [ ":target_defaults" ] |
| libs = [ |
| "chaps", |
| "hwsec", |
| "hwsec-foundation", |
| "tpm_manager", |
| ] |
| all_dependent_configs = [ ":libcrostpm_dependent_config" ] |
| |
| # TODO(crbug.com/1082873): Remove after fixing usage of protobuf |
| # deprecated declarations. |
| cflags_cc = [ "-Wno-error=deprecated-declarations" ] |
| public_deps = [ ":cryptohome-proto" ] |
| if (use.tpm2) { |
| sources += [ |
| "../pinweaver_le_credential_backend.cc", |
| "../signature_sealing_backend_tpm2_impl.cc", |
| "../tpm2_impl.cc", |
| ] |
| libs += [ "trunks" ] |
| } |
| if (use.tpm) { |
| sources += [ |
| "../signature_sealing_backend_tpm1_impl.cc", |
| "../tpm1_static_utils.cc", |
| "../tpm_impl.cc", |
| "../tpm_metrics.cc", |
| ] |
| libs += [ "tspi" ] |
| } |
| deps = [ |
| ":cryptohome-flatbuffers", |
| ":libcrosplatform", |
| ] |
| } |
| |
| generate_dbus_adaptors("userdataauth_adaptors") { |
| dbus_adaptors_out_dir = "include/dbus_adaptors" |
| dbus_service_config = "../dbus_bindings/dbus-service-config-UserDataAuth.json" |
| sources = [ "../dbus_bindings/org.chromium.UserDataAuth.xml" ] |
| } |
| |
| generate_dbus_adaptors("cryptohome_adaptors") { |
| dbus_adaptors_out_dir = "include/dbus_adaptors" |
| dbus_service_config = "../dbus_bindings/dbus-service-config.json" |
| sources = [ "../dbus_bindings/org.chromium.CryptohomeInterface.xml" ] |
| } |
| |
| pkg_config("libcryptohome_dependent_config") { |
| pkg_deps = [ |
| "libbrillo", |
| "libchrome", |
| ] |
| if (use.tpm2) { |
| pkg_deps += [ "libbootlockbox-client" ] |
| } |
| } |
| |
| static_library("libcryptohome") { |
| sources = [ |
| "../challenge_credentials/challenge_credentials_constants.cc", |
| "../challenge_credentials/challenge_credentials_decrypt_operation.cc", |
| "../challenge_credentials/challenge_credentials_generate_new_operation.cc", |
| "../challenge_credentials/challenge_credentials_helper_impl.cc", |
| "../challenge_credentials/challenge_credentials_operation.cc", |
| "../challenge_credentials/challenge_credentials_verify_key_operation.cc", |
| "../challenge_credentials/fido_utils.cc", |
| "../chaps_client_factory.cc", |
| "../cleanup/disk_cleanup.cc", |
| "../cleanup/disk_cleanup_routines.cc", |
| "../cleanup/low_disk_space_handler.cc", |
| "../cleanup/user_oldest_activity_timestamp_cache.cc", |
| "../credentials.cc", |
| "../dircrypto_data_migrator/atomic_flag.cc", |
| "../dircrypto_data_migrator/migration_helper.cc", |
| "../filesystem_layout.cc", |
| "../fingerprint_manager.cc", |
| "../key_challenge_service_factory_impl.cc", |
| "../key_challenge_service_impl.cc", |
| "../keyset_management.cc", |
| "../lockbox-cache.cc", |
| "../scrypt_verifier.cc", |
| "../service_userdataauth.cc", |
| "../stateful_recovery.cc", |
| "../storage/arc_disk_quota.cc", |
| "../storage/cryptohome_vault.cc", |
| "../storage/cryptohome_vault_factory.cc", |
| "../storage/file_system_keyset.cc", |
| "../storage/homedirs.cc", |
| "../storage/mount.cc", |
| "../storage/mount_constants.cc", |
| "../storage/mount_factory.cc", |
| "../storage/mount_helper.cc", |
| "../storage/mount_namespace.cc", |
| "../storage/mount_stack.cc", |
| "../storage/mount_utils.cc", |
| "../storage/out_of_process_mount_helper.cc", |
| "../user_session.cc", |
| "../userdataauth.cc", |
| "../vault_keyset_factory.cc", |
| ] |
| configs += [ |
| ":cryptohome-proto_config", |
| ":target_defaults", |
| ] |
| |
| # The generated dbus headers use "register". |
| cflags = [ "-Wno-deprecated-register" ] |
| libs = [ |
| "attestation", |
| "biod_proxy", |
| "chaps", |
| "hwsec", |
| "policy", |
| "tpm_manager", |
| ] |
| all_dependent_configs = [ ":libcryptohome_dependent_config" ] |
| deps = [ |
| ":cryptohome-key-delegate-proxies", |
| ":cryptohome-proto", |
| ":libcrosplatform", |
| ":libcrostpm", |
| ":namespace-mounter-ipc-proto", |
| ":userdataauth_adaptors", |
| ] |
| } |
| |
| generate_dbus_adaptors("bootlockbox-adaptors") { |
| dbus_service_config = "../dbus_adaptors/dbus-service-config.json" |
| dbus_adaptors_out_dir = "include/dbus_adaptors" |
| sources = [ "../dbus_adaptors/org.chromium.BootLockboxInterface.xml" ] |
| } |
| |
| if (use.tpm2) { |
| pkg_config("libnvram-boot-lockbox_dependent_config") { |
| pkg_deps = [ |
| "libbootlockbox-client", |
| "libbrillo", |
| "libchrome", |
| ] |
| } |
| |
| static_library("libnvram-boot-lockbox") { |
| sources = [ |
| "../bootlockbox/nvram_boot_lockbox.cc", |
| "../bootlockbox/tpm2_nvspace_utility.cc", |
| ] |
| configs += [ ":target_defaults" ] |
| all_dependent_configs = [ ":libnvram-boot-lockbox_dependent_config" ] |
| deps = [ |
| ":cryptohome-proto", |
| ":libcrosplatform", |
| ] |
| } |
| } |
| |
| # cryptohome <-> cryptohome-namespace-mounter IPC proto. |
| proto_library("namespace-mounter-ipc-proto") { |
| proto_in_dir = "../cryptohome_namespace_mounter" |
| proto_out_dir = "include/cryptohome" |
| |
| sources = [ "${proto_in_dir}/namespace_mounter_ipc.proto" ] |
| configs = [ ":cryptohome-proto_config" ] |
| } |
| |
| pkg_config("libfido_config") { |
| pkg_deps = [ |
| "libbrillo", |
| "libchrome", |
| "openssl", |
| ] |
| } |
| |
| static_library("libfido") { |
| sources = [ |
| "../fido/attested_credential_data.cc", |
| "../fido/authenticator_data.cc", |
| "../fido/ec_public_key.cc", |
| "../fido/fido_constants.cc", |
| "../fido/fido_parsing_utils.cc", |
| "../fido/public_key.cc", |
| ] |
| configs += [ ":target_defaults" ] |
| libs = [ "cbor" ] |
| all_dependent_configs = [ ":libfido_config" ] |
| } |
