src/crypto/BUILD.gn

# Copyright (c) 2020 Project CHIP Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import("//build_overrides/build.gni")
import("//build_overrides/chip.gni")
import("//build_overrides/nlassert.gni")

import("${chip_root}/build/chip/buildconfig_header.gni")

import("crypto.gni")

if (chip_crypto == "") {
  if (current_os == "android" || current_os == "freertos" ||
      current_os == "zephyr" || current_os == "mbed" || current_os == "webos") {
    chip_crypto = "mbedtls"
  } else {
    chip_crypto = "openssl"
  }
}

assert(
    chip_crypto == "mbedtls" || chip_crypto == "openssl" ||
        chip_crypto == "tinycrypt" || chip_crypto == "boringssl" ||
        chip_crypto == "platform",
    "Please select a valid crypto implementation: mbedtls, openssl, tinycrypt, boringssl, platform")

buildconfig_header("crypto_buildconfig") {
  header = "CryptoBuildConfig.h"
  header_dir = "crypto"

  chip_crypto_mbedtls = chip_crypto == "mbedtls"
  chip_crypto_openssl = chip_crypto == "openssl"
  chip_crypto_boringssl = chip_crypto == "boringssl"
  chip_crypto_platform = chip_crypto == "platform"

  defines = [
    "CHIP_CRYPTO_MBEDTLS=${chip_crypto_mbedtls}",
    "CHIP_CRYPTO_OPENSSL=${chip_crypto_openssl}",
    "CHIP_CRYPTO_BORINGSSL=${chip_crypto_boringssl}",
    "CHIP_CRYPTO_PLATFORM=${chip_crypto_platform}",
  ]

  if (chip_with_se05x == 1) {
    defines += [ "CHIP_CRYPTO_HSM=1" ]
    defines += [ "CHIP_CRYPTO_HSM_NXP=1" ]
  } else {
    defines += [ "CHIP_CRYPTO_HSM=0" ]
    defines += [ "CHIP_CRYPTO_HSM_NXP=0" ]
  }

  if (chip_with_se05x_da == 1) {
    defines += [ "ENABLE_HSM_DEVICE_ATTESTATION=1" ]
  }
}

source_set("public_headers") {
  sources = [
    "CHIPCryptoPAL.h",
    "OperationalKeystore.h",
  ]

  public_deps = [
    ":crypto_buildconfig",
    "${chip_root}/src/lib/asn1",
    "${chip_root}/src/lib/core",
    "${chip_root}/src/lib/support",
    "${nlassert_root}:nlassert",
  ]
}

if (chip_crypto == "openssl") {
  import("${build_root}/config/linux/pkg_config.gni")

  pkg_config("openssl_config") {
    packages = [ "openssl" ]
  }

  source_set("cryptopal_openssl") {
    sources = [ "CHIPCryptoPALOpenSSL.cpp" ]
    public_configs = [ ":openssl_config" ]
    public_deps = [ ":public_headers" ]
  }
} else if (chip_crypto == "boringssl") {
  import("//build_overrides/boringssl.gni")

  source_set("cryptopal_boringssl") {
    # BoringSSL is close enough to OpenSSL that it uses same PAL, with minor #ifdef differences
    sources = [ "CHIPCryptoPALOpenSSL.cpp" ]
    public_deps = [
      ":public_headers",
      "${boringssl_root}:boringssl",
    ]
  }
} else if (chip_crypto == "mbedtls") {
  import("//build_overrides/mbedtls.gni")

  source_set("cryptopal_mbedtls") {
    sources = [ "CHIPCryptoPALmbedTLS.cpp" ]
    public_deps = [ ":public_headers" ]

    external_mbedtls = current_os == "zephyr"

    if (!external_mbedtls) {
      public_deps += [ "${mbedtls_root}:mbedtls" ]
    }
  }
} else if (chip_crypto == "tinycrypt") {
  import("//build_overrides/mbedtls.gni")

  source_set("cryptopal_tinycrypt") {
    sources = [ "CHIPCryptoPALTinyCrypt.cpp" ]
    public_deps = [
      ":public_headers",
      "${mbedtls_root}:mbedtls",
    ]
  }
}

static_library("crypto") {
  output_name = "libChipCrypto"

  sources = [
    "CHIPCryptoPAL.cpp",
    "PersistentStorageOperationalKeystore.cpp",
    "PersistentStorageOperationalKeystore.h",
    "RandUtils.cpp",
    "RandUtils.h",
  ]

  public_configs = []

  cflags = [ "-Wconversion" ]

  public_deps = [ ":public_headers" ]

  if (chip_crypto == "mbedtls") {
    public_deps += [ ":cryptopal_mbedtls" ]
  } else if (chip_crypto == "openssl") {
    public_deps += [ ":cryptopal_openssl" ]
  } else if (chip_crypto == "boringssl") {
    public_deps += [ ":cryptopal_boringssl" ]
  } else if (chip_crypto == "tinycrypt") {
    public_deps += [ ":cryptopal_tinycrypt" ]
  } else if (chip_crypto == "platform") {
    # Platform implementation is responsible for bringing their
    # own implementation and dependencies
  } else {
    assert(false, "Invalid CHIP crypto")
  }

  if (chip_with_se05x == 1) {
    sources += [
      "hsm/nxp/CHIPCryptoPALHsm_SE05X_HKDF.cpp",
      "hsm/nxp/CHIPCryptoPALHsm_SE05X_HMAC.cpp",
      "hsm/nxp/CHIPCryptoPALHsm_SE05X_P256.cpp",
      "hsm/nxp/CHIPCryptoPALHsm_SE05X_PBKDF.cpp",
      "hsm/nxp/CHIPCryptoPALHsm_SE05X_Spake2p.cpp",
      "hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.cpp",
      "hsm/nxp/PersistentStorageOperationalKeystoreHSM.cpp",
      "hsm/nxp/PersistentStorageOperationalKeystoreHSM.h",
    ]
    public_deps += [ "${chip_root}/third_party/simw-top-mini:se05x" ]
    public_configs += [ "${chip_root}/third_party/simw-top-mini:se05x_config" ]
  }
}