| # Copyright 2018 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| # This file defines library targets and other auxillary definitions that |
| # are used for the resulting executable targets. |
| |
| import("//common-mk/flatbuffer.gni") |
| import("//common-mk/generate-dbus-adaptors.gni") |
| import("//common-mk/generate-dbus-proxies.gni") |
| import("//common-mk/pkg_config.gni") |
| import("//common-mk/proto_library.gni") |
| |
| pkg_config("target_default_deps") { |
| # This is a list of pkg-config dependencies |
| pkg_deps = [ |
| "absl", |
| "libbrillo", |
| "libchrome", |
| "libshill-client", |
| "openssl", |
| "system_api", |
| ] |
| if (use.fuzzer) { |
| pkg_deps += [ "protobuf" ] |
| } else { |
| pkg_deps += [ "protobuf-lite" ] |
| } |
| } |
| |
| config("target_defaults") { |
| configs = [ ":target_default_deps" ] |
| defines = [ |
| "PLATFORM_FWMP_INDEX=${use.generic_tpm2}", |
| "USE_PINWEAVER=${use.pinweaver}", |
| "USE_SELINUX=${use.selinux}", |
| "USE_TPM_DYNAMIC=${use.tpm_dynamic}", |
| "USE_TPM_INSECURE_FALLBACK=${use.tpm_insecure_fallback}", |
| "USE_TPM1=${use.tpm}", |
| "USE_TPM2=${use.tpm2}", |
| "USE_TPM2_SIMULATOR=${use.tpm2_simulator}", |
| "USE_VTPM_PROXY=${use.vtpm_proxy}", |
| "USE_DOUBLE_EXTEND_PCR_ISSUE=${use.double_extend_pcr_issue}", |
| "USE_MOUNT_OOP=${use.mount_oop}", |
| "USE_USER_SESSION_ISOLATION=${use.user_session_isolation}", |
| "USE_SLOW_MOUNT=${use.slow_mount}", |
| ] |
| } |
| |
| config("cryptohome-proto_config") { |
| # The local protobuf used some other protos in system_api, so we'll need |
| # to fix the include path so that it builds correctly. |
| include_dirs = [ "${sysroot}/usr/include/cryptohome/proto_bindings/" ] |
| } |
| |
| flatbuffer("python-flatbuffers-reflection") { |
| flatc_out_dir = "python" |
| flatc_args = [ "--python" ] |
| sources = [ "${sysroot}/usr/include/flatbuffers/reflection.fbs" ] |
| } |
| |
| flatbuffer("cryptohome-flatbuffers-binding-binary") { |
| flatc_out_dir = "bfbs" |
| flatc_args = [ |
| "--binary", |
| "--schema", |
| ] |
| sources = [ "../flatbuffer_schemas/auth_block_state.fbs" ] |
| } |
| |
| flatbuffer("user-secret-stash-flatbuffers-binding-binary") { |
| flatc_out_dir = "bfbs" |
| flatc_args = [ |
| "--binary", |
| "--schema", |
| ] |
| sources = [ |
| "../flatbuffer_schemas/user_secret_stash_container.fbs", |
| "../flatbuffer_schemas/user_secret_stash_payload.fbs", |
| ] |
| } |
| |
| # Put the generator in the same folder that the generated flatbuffers |
| # reflection python library exist. |
| copy("cryptohome-flatbuffers-binding-generator") { |
| sources = [ "../flatbuffer_schemas/flatbuffer_cpp_binding_generator.py" ] |
| outputs = [ "${root_gen_dir}/python/flatbuffer_cpp_binding_generator.py" ] |
| deps = [ ":python-flatbuffers-reflection" ] |
| } |
| |
| action("cryptohome-flatbuffers-binding-generate") { |
| script = "${root_gen_dir}/python/flatbuffer_cpp_binding_generator.py" |
| inputs = [ "../flatbuffer_schemas/auth_block_state.fbs" ] |
| outputs = [ |
| "${root_gen_dir}/include/cryptohome/flatbuffer_schemas/auth_block_state.h", |
| "${root_gen_dir}/include/cryptohome/flatbuffer_schemas/auth_block_state_flatbuffer.h", |
| "${root_gen_dir}/include/cryptohome/flatbuffer_schemas/auth_block_state.cc", |
| "${root_gen_dir}/include/cryptohome/flatbuffer_schemas/auth_block_state_test_utils.h", |
| ] |
| args = [ |
| "--output_dir=${root_gen_dir}/include/cryptohome/flatbuffer_schemas", |
| "--guard_prefix=CRYPTOHOME_FLATBUFFER_SCHEMAS", |
| "--flatbuffer_header_include_paths", |
| "cryptohome/auth_block_state_generated.h", |
| "--flatbuffer_header_include_paths", |
| "cryptohome/flatbuffer_schemas/auth_block_state.h", |
| "--flatbuffer_header_include_paths", |
| "cryptohome/flatbuffer_schemas/basic_objects.h", |
| "--flatbuffer_header_include_paths", |
| "cryptohome/structures_generated.h", |
| "--impl_include_paths", |
| "cryptohome/flatbuffer_schemas/auth_block_state.h", |
| "--impl_include_paths", |
| "cryptohome/flatbuffer_schemas/auth_block_state_flatbuffer.h", |
| "--impl_include_paths", |
| "cryptohome/flatbuffer_secure_allocator_bridge.h", |
| "--test_utils_header_include_path", |
| "cryptohome/flatbuffer_schemas/auth_block_state.h", |
| "${root_gen_dir}/bfbs/auth_block_state.bfbs", |
| ] |
| deps = [ |
| ":cryptohome-flatbuffers-binding-binary", |
| ":cryptohome-flatbuffers-binding-generator", |
| ] |
| } |
| |
| action("user-secret-stash-flatbuffers-binding-generate") { |
| script = "${root_gen_dir}/python/flatbuffer_cpp_binding_generator.py" |
| inputs = [ |
| "../flatbuffer_schemas/user_secret_stash_container.fbs", |
| "../flatbuffer_schemas/user_secret_stash_payload.fbs", |
| ] |
| outputs = [ |
| "${root_gen_dir}/include/cryptohome/flatbuffer_schemas/user_secret_stash.h", |
| "${root_gen_dir}/include/cryptohome/flatbuffer_schemas/user_secret_stash_flatbuffer.h", |
| "${root_gen_dir}/include/cryptohome/flatbuffer_schemas/user_secret_stash_container.cc", |
| "${root_gen_dir}/include/cryptohome/flatbuffer_schemas/user_secret_stash_payload.cc", |
| "${root_gen_dir}/include/cryptohome/flatbuffer_schemas/user_secret_stash_test_utils.h", |
| ] |
| args = [ |
| "--output_dir=${root_gen_dir}/include/cryptohome/flatbuffer_schemas", |
| "--guard_prefix=CRYPTOHOME_FLATBUFFER_SCHEMAS", |
| "--flatbuffer_header_include_paths", |
| "cryptohome/user_secret_stash_container_generated.h", |
| "--flatbuffer_header_include_paths", |
| "cryptohome/user_secret_stash_payload_generated.h", |
| "--flatbuffer_header_include_paths", |
| "cryptohome/flatbuffer_schemas/basic_objects.h", |
| "--impl_include_paths", |
| "cryptohome/flatbuffer_schemas/user_secret_stash_container.h", |
| "--impl_include_paths", |
| "cryptohome/flatbuffer_schemas/user_secret_stash_container_flatbuffer.h", |
| "--impl_include_paths", |
| "cryptohome/flatbuffer_schemas/user_secret_stash_payload.h", |
| "--impl_include_paths", |
| "cryptohome/flatbuffer_schemas/user_secret_stash_payload_flatbuffer.h", |
| "--impl_include_paths", |
| "cryptohome/flatbuffer_secure_allocator_bridge.h", |
| "--test_utils_header_include_path", |
| "cryptohome/flatbuffer_schemas/user_secret_stash.h", |
| "${root_gen_dir}/bfbs/user_secret_stash_container.bfbs", |
| "${root_gen_dir}/bfbs/user_secret_stash_payload.bfbs", |
| ] |
| deps = [ |
| ":cryptohome-flatbuffers-binding-generator", |
| ":user-secret-stash-flatbuffers-binding-binary", |
| ] |
| } |
| |
| source_set("cryptohome-flatbuffers-binding") { |
| sources = [ |
| "${root_gen_dir}/include/cryptohome/flatbuffer_schemas/auth_block_state.cc", |
| "${root_gen_dir}/include/cryptohome/flatbuffer_schemas/user_secret_stash_container.cc", |
| "${root_gen_dir}/include/cryptohome/flatbuffer_schemas/user_secret_stash_payload.cc", |
| ] |
| configs += [ ":target_defaults" ] |
| deps = [ |
| ":cryptohome-flatbuffers-binding-generate", |
| ":user-secret-stash-flatbuffers-binding-generate", |
| ] |
| } |
| |
| flatbuffer("cryptohome-flatbuffers") { |
| flatc_out_dir = "include/cryptohome" |
| flatc_args = [ |
| # Default flatbuffer flags used in Chrome OS. |
| "--cpp", |
| "--keep-prefix", |
| |
| # Generate code for enums using C++11 scoped enums. |
| "--scoped-enums", |
| ] |
| if (use.test || use.fuzzer) { |
| # Tests and fuzzers use Flatbuffers Object based API (which is more |
| # convenient but doesn't allow to use a secure allocator). |
| flatc_args += [ "--gen-object-api" ] |
| } |
| sources = [ |
| "../flatbuffer_schemas/auth_block_state.fbs", |
| "../flatbuffer_schemas/auth_factor.fbs", |
| "../flatbuffer_schemas/structures.fbs", |
| "../flatbuffer_schemas/user_secret_stash_container.fbs", |
| "../flatbuffer_schemas/user_secret_stash_payload.fbs", |
| ] |
| } |
| |
| proto_library("cryptohome-proto") { |
| proto_in_dir = ".." |
| proto_out_dir = "include/cryptohome" |
| proto_lib_dirs = [ "${sysroot}/usr/include/chromeos/dbus/cryptohome/" ] |
| |
| sources = [ |
| "${proto_in_dir}/attestation.proto", |
| "${proto_in_dir}/boot_lockbox_key.proto", |
| "${proto_in_dir}/cryptorecovery/cryptorecovery.proto", |
| "${proto_in_dir}/fake_le_credential_metadata.proto", |
| "${proto_in_dir}/hash_tree_leaf_data.proto", |
| "${proto_in_dir}/signature_sealed_data.proto", |
| "${proto_in_dir}/timestamp.proto", |
| "${proto_in_dir}/tpm_status.proto", |
| "${proto_in_dir}/vault_keyset.proto", |
| ] |
| all_dependent_configs = [ ":cryptohome-proto_config" ] |
| } |
| |
| generate_dbus_proxies("cryptohome-key-delegate-proxies") { |
| proxy_output_file = "include/cryptohome_key_delegate/dbus-proxies.h" |
| sources = |
| [ "../dbus_bindings/org.chromium.CryptohomeKeyDelegateInterface.xml" ] |
| } |
| |
| pkg_config("libcrosplatform_dependent_config") { |
| pkg_deps = [ |
| "libecryptfs", |
| "libmetrics", |
| "vboot_host", |
| ] |
| } |
| |
| # Common objects. |
| static_library("libcrosplatform") { |
| sources = [ |
| "../auth_factor/auth_factor_label.cc", |
| "../auth_factor/auth_factor_manager.cc", |
| "../cryptohome_metrics.cc", |
| "../cryptorecovery/recovery_crypto.cc", |
| "../cryptorecovery/recovery_crypto_fake_tpm_backend_impl.cc", |
| "../cryptorecovery/recovery_crypto_hsm_cbor_serialization.cc", |
| "../cryptorecovery/recovery_crypto_impl.cc", |
| "../cryptorecovery/recovery_crypto_util.h", |
| "../dircrypto_util.cc", |
| "../filesystem_layout.cc", |
| "../platform.cc", |
| "../storage/encrypted_container/backing_device_factory.cc", |
| "../storage/encrypted_container/dmcrypt_container.cc", |
| "../storage/encrypted_container/ecryptfs_container.cc", |
| "../storage/encrypted_container/encrypted_container_factory.cc", |
| "../storage/encrypted_container/ephemeral_container.cc", |
| "../storage/encrypted_container/fscrypt_container.cc", |
| "../storage/encrypted_container/logical_volume_backing_device.cc", |
| "../storage/encrypted_container/loopback_device.cc", |
| "../storage/encrypted_container/ramdisk_device.cc", |
| "../storage/keyring/real_keyring.cc", |
| "../storage/keyring/utils.cc", |
| "../storage/mount_constants.cc", |
| "../user_secret_stash.cc", |
| "../user_secret_stash_storage.cc", |
| "../util/get_random_suffix.cc", |
| ] |
| all_dependent_configs = [ |
| ":libcrosplatform_dependent_config", |
| ":target_defaults", |
| ] |
| libs = [ |
| "cbor", |
| "keyutils", |
| "rootdev", |
| "secure_erase_file", |
| ] |
| if (use.selinux) { |
| libs += [ "selinux" ] |
| } |
| deps = [ |
| ":cryptohome-flatbuffers-binding", |
| ":cryptohome-proto", |
| ] |
| } |
| |
| static_library("libcrostpm") { |
| sources = [ |
| "../auth_blocks/async_challenge_credential_auth_block.cc", |
| "../auth_blocks/auth_block_utility_impl.cc", |
| "../auth_blocks/auth_block_utils.cc", |
| "../auth_blocks/challenge_credential_auth_block.cc", |
| "../auth_blocks/cryptohome_recovery_auth_block.cc", |
| "../auth_blocks/double_wrapped_compat_auth_block.cc", |
| "../auth_blocks/libscrypt_compat_auth_block.cc", |
| "../auth_blocks/pin_weaver_auth_block.cc", |
| "../auth_blocks/revocation.cc", |
| "../auth_blocks/scrypt_auth_block.cc", |
| "../auth_blocks/sync_to_async_auth_block_adapter.cc", |
| "../auth_blocks/tpm_auth_block_utils.cc", |
| "../auth_blocks/tpm_bound_to_pcr_auth_block.cc", |
| "../auth_blocks/tpm_ecc_auth_block.cc", |
| "../auth_blocks/tpm_not_bound_to_pcr_auth_block.cc", |
| "../auth_factor/auth_factor.cc", |
| "../auth_factor_vault_keyset_converter.cc", |
| "../auth_session.cc", |
| "../auth_session_manager.cc", |
| "../crc8.c", |
| "../crypto.cc", |
| "../crypto_error.cc", |
| "../cryptohome_key_loader.cc", |
| "../cryptohome_keys_manager.cc", |
| "../firmware_management_parameters.cc", |
| "../fwmp_checker_owner_index.cc", |
| "../fwmp_checker_platform_index.cc", |
| "../install_attributes.cc", |
| "../key_objects.cc", |
| "../le_credential_manager_impl.cc", |
| "../lockbox.cc", |
| "../persistent_lookup_table.cc", |
| "../pkcs11_init.cc", |
| "../sign_in_hash_tree.cc", |
| "../signature_sealing/structures_proto.cc", |
| "../tpm.cc", |
| "../vault_keyset.cc", |
| ] |
| all_dependent_configs = [ ":target_defaults" ] |
| libs = [ |
| "chaps", |
| "hwsec", |
| "hwsec-foundation", |
| "tpm_manager", |
| "system_api", |
| ] |
| |
| if (use.tpm2) { |
| sources += [ |
| "../cryptorecovery/recovery_crypto_tpm2_backend_impl.cc", |
| "../pinweaver_le_credential_backend.cc", |
| "../signature_sealing_backend_tpm2_impl.cc", |
| "../tpm2_impl.cc", |
| ] |
| libs += [ "trunks" ] |
| } |
| if (use.tpm) { |
| sources += [ |
| "../cryptorecovery/recovery_crypto_tpm1_backend_impl.cc", |
| "../signature_sealing_backend_tpm1_impl.cc", |
| "../tpm1_static_utils.cc", |
| "../tpm_impl.cc", |
| "../tpm_metrics.cc", |
| ] |
| libs += [ "tspi" ] |
| } |
| deps = [ |
| ":cryptohome-flatbuffers", |
| ":cryptohome-flatbuffers-binding", |
| ":cryptohome-proto", |
| ":libcrosplatform", |
| "//common-mk/external_dependencies:install_attributes-proto", |
| ] |
| } |
| |
| generate_dbus_adaptors("userdataauth_adaptors") { |
| dbus_adaptors_out_dir = "include/dbus_adaptors" |
| dbus_service_config = "../dbus_bindings/dbus-service-config-UserDataAuth.json" |
| sources = [ "../dbus_bindings/org.chromium.UserDataAuth.xml" ] |
| } |
| |
| pkg_config("libcryptohome_dependent_config") { |
| pkg_deps = [ "libbootlockbox-client" ] |
| } |
| |
| static_library("libcryptohome") { |
| sources = [ |
| "../auth_factor/auth_factor_utils.cc", |
| "../auth_input_utils.cc", |
| "../challenge_credentials/challenge_credentials_constants.cc", |
| "../challenge_credentials/challenge_credentials_decrypt_operation.cc", |
| "../challenge_credentials/challenge_credentials_generate_new_operation.cc", |
| "../challenge_credentials/challenge_credentials_helper_impl.cc", |
| "../challenge_credentials/challenge_credentials_operation.cc", |
| "../challenge_credentials/challenge_credentials_verify_key_operation.cc", |
| "../challenge_credentials/fido_utils.cc", |
| "../chaps_client_factory.cc", |
| "../cleanup/disk_cleanup.cc", |
| "../cleanup/disk_cleanup_routines.cc", |
| "../cleanup/low_disk_space_handler.cc", |
| "../cleanup/user_oldest_activity_timestamp_manager.cc", |
| "../credentials.cc", |
| "../dircrypto_data_migrator/atomic_flag.cc", |
| "../dircrypto_data_migrator/migration_helper.cc", |
| "../error/converter.cc", |
| "../error/cryptohome_crypto_error.cc", |
| "../error/cryptohome_error.cc", |
| "../error/cryptohome_le_cred_error.cc", |
| "../error/cryptohome_mount_error.cc", |
| "../error/cryptohome_tpm_error.cc", |
| "../error/reporting.cc", |
| "../error/utilities.cc", |
| "../filesystem_layout.cc", |
| "../fingerprint_manager.cc", |
| "../key_challenge_service_factory_impl.cc", |
| "../key_challenge_service_impl.cc", |
| "../keyset_management.cc", |
| "../lockbox-cache.cc", |
| "../pkcs11/real_pkcs11_token.cc", |
| "../scrypt_verifier.cc", |
| "../service_userdataauth.cc", |
| "../storage/arc_disk_quota.cc", |
| "../storage/cryptohome_vault.cc", |
| "../storage/cryptohome_vault_factory.cc", |
| "../storage/file_system_keyset.cc", |
| "../storage/homedirs.cc", |
| "../storage/mount.cc", |
| "../storage/mount_constants.cc", |
| "../storage/mount_factory.cc", |
| "../storage/mount_helper.cc", |
| "../storage/mount_stack.cc", |
| "../storage/mount_utils.cc", |
| "../storage/out_of_process_mount_helper.cc", |
| "../user_session/real_user_session.cc", |
| "../userdataauth.cc", |
| "../uss_experiment_config_fetcher.cc", |
| "../vault_keyset_factory.cc", |
| ] |
| |
| all_dependent_configs = [ |
| ":cryptohome-proto_config", |
| ":libcryptohome_dependent_config", |
| ":target_defaults", |
| ] |
| |
| libs = [ |
| "attestation", |
| "biod_proxy", |
| "chaps", |
| "hwsec", |
| "policy", |
| "tpm_manager", |
| ] |
| deps = [ |
| ":cryptohome-key-delegate-proxies", |
| ":cryptohome-proto", |
| ":libcrosplatform", |
| ":libcrostpm", |
| ":namespace-mounter-ipc-proto", |
| ":userdataauth_adaptors", |
| ] |
| } |
| |
| generate_dbus_adaptors("bootlockbox-adaptors") { |
| dbus_service_config = "../dbus_adaptors/dbus-service-config.json" |
| dbus_adaptors_out_dir = "include/dbus_adaptors" |
| sources = [ "../dbus_adaptors/org.chromium.BootLockboxInterface.xml" ] |
| } |
| |
| static_library("libnvram-boot-lockbox") { |
| sources = [ |
| "../bootlockbox/nvram_boot_lockbox.cc", |
| "../bootlockbox/tpm_nvspace_impl.cc", |
| ] |
| all_dependent_configs = [ ":target_defaults" ] |
| deps = [ |
| ":cryptohome-proto", |
| ":libcrosplatform", |
| ] |
| pkg_deps = [ "libbootlockbox-client" ] |
| } |
| |
| # cryptohome <-> cryptohome-namespace-mounter IPC proto. |
| proto_library("namespace-mounter-ipc-proto") { |
| proto_in_dir = "../cryptohome_namespace_mounter" |
| proto_out_dir = "include/cryptohome" |
| |
| sources = [ "${proto_in_dir}/namespace_mounter_ipc.proto" ] |
| configs = [ ":cryptohome-proto_config" ] |
| } |
| |
| static_library("libfido") { |
| sources = [ |
| "../fido/attested_credential_data.cc", |
| "../fido/authenticator_data.cc", |
| "../fido/ec_public_key.cc", |
| "../fido/fido_constants.cc", |
| "../fido/fido_parsing_utils.cc", |
| "../fido/public_key.cc", |
| ] |
| all_dependent_configs = [ ":target_defaults" ] |
| libs = [ "cbor" ] |
| } |