# Copyright 2016 The Chromium Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import("//build/config/chromeos/ui_mode.gni")
import("//build/config/features.gni")
import("//testing/libfuzzer/fuzzer_test.gni")
component("fido") {
# These source files represent the minimal subset of files used for passkey
# related authentication functions, with a limited amount of dependencies,
# making it possible to build these on any platform, including iOS.
sources = [
"attested_credential_data.cc",
"attested_credential_data.h",
"authenticator_data.cc",
"authenticator_data.h",
"cbor_extract.cc",
"cbor_extract.h",
"ed25519_public_key.cc",
"ed25519_public_key.h",
"fido_constants.cc",
"fido_constants.h",
"fido_parsing_utils.cc",
"fido_parsing_utils.h",
"fido_types.h",
"p256_public_key.cc",
"p256_public_key.h",
"public_key.cc",
"public_key.h",
"rsa_public_key.cc",
"rsa_public_key.h",
]
defines = [ "IS_DEVICE_FIDO_IMPL" ]
deps = [
"//base",
"//components/cbor",
"//components/device_event_log",
"//crypto",
"//third_party/boringssl",
]
configs += [ "//build/config/compiler:wexit_time_destructors" ]
if (use_blink) {
sources += [
"attestation_object.cc",
"attestation_object.h",
"attestation_statement.cc",
"attestation_statement.h",
"authenticator_selection_criteria.cc",
"authenticator_selection_criteria.h",
"cable/cable_discovery_data.cc",
"cable/cable_discovery_data.h",
"cable/noise.cc",
"cable/noise.h",
"cable/v2_constants.h",
"cable/v2_handshake.cc",
"cable/v2_handshake.h",
"cable/websocket_adapter.cc",
"cable/websocket_adapter.h",
"discoverable_credential_metadata.cc",
"discoverable_credential_metadata.h",
"features.cc",
"features.h",
"fido_transport_protocol.cc",
"fido_transport_protocol.h",
"json_request.cc",
"json_request.h",
"network_context_factory.h",
"opaque_attestation_statement.cc",
"opaque_attestation_statement.h",
"prf_input.cc",
"prf_input.h",
"public_key_credential_descriptor.cc",
"public_key_credential_descriptor.h",
"public_key_credential_params.cc",
"public_key_credential_params.h",
"public_key_credential_rp_entity.cc",
"public_key_credential_rp_entity.h",
"public_key_credential_user_entity.cc",
"public_key_credential_user_entity.h",
]
deps += [
"//build:chromeos_buildflags",
"//components/apdu",
"//components/trusted_vault",
"//device/base",
"//device/fido/strings",
"//services/data_decoder/public/cpp",
"//third_party/microsoft_webauthn",
"//ui/base",
]
public_deps = [
"//base",
"//device/bluetooth",
"//device/bluetooth/public/cpp",
"//services/device/public/mojom",
]
# Android implementation of FIDO is delegated to GMSCore.
if (!is_android) {
sources += [
"aoa/android_accessory_device.cc",
"aoa/android_accessory_device.h",
"aoa/android_accessory_discovery.cc",
"aoa/android_accessory_discovery.h",
"appid_exclude_probe_task.cc",
"appid_exclude_probe_task.h",
"attestation_statement_formats.cc",
"attestation_statement_formats.h",
"auth_token_requester.cc",
"auth_token_requester.h",
"authenticator_get_assertion_response.cc",
"authenticator_get_assertion_response.h",
"authenticator_get_info_response.cc",
"authenticator_get_info_response.h",
"authenticator_make_credential_response.cc",
"authenticator_make_credential_response.h",
"authenticator_supported_options.cc",
"authenticator_supported_options.h",
"bio/enroller.cc",
"bio/enroller.h",
"bio/enrollment.cc",
"bio/enrollment.h",
"bio/enrollment_handler.cc",
"bio/enrollment_handler.h",
"ble_adapter_manager.cc",
"ble_adapter_manager.h",
"cable/fido_ble_connection.cc",
"cable/fido_ble_connection.h",
"cable/fido_ble_frames.cc",
"cable/fido_ble_frames.h",
"cable/fido_ble_transaction.cc",
"cable/fido_ble_transaction.h",
"cable/fido_ble_uuids.cc",
"cable/fido_ble_uuids.h",
"cable/fido_cable_device.cc",
"cable/fido_cable_device.h",
"cable/fido_cable_discovery.cc",
"cable/fido_cable_discovery.h",
"cable/fido_cable_handshake_handler.cc",
"cable/fido_cable_handshake_handler.h",
"cable/fido_tunnel_device.cc",
"cable/fido_tunnel_device.h",
"cable/v2_discovery.cc",
"cable/v2_discovery.h",
"credential_management.cc",
"credential_management.h",
"credential_management_handler.cc",
"credential_management_handler.h",
"ctap2_device_operation.h",
"ctap_authenticator_selection_request.cc",
"ctap_authenticator_selection_request.h",
"ctap_get_assertion_request.cc",
"ctap_get_assertion_request.h",
"ctap_make_credential_request.cc",
"ctap_make_credential_request.h",
"device_operation.h",
"device_response_converter.cc",
"device_response_converter.h",
"enclave/constants.cc",
"enclave/constants.h",
"enclave/enclave_authenticator.cc",
"enclave/enclave_authenticator.h",
"enclave/enclave_discovery.cc",
"enclave/enclave_discovery.h",
"enclave/enclave_protocol_utils.cc",
"enclave/enclave_protocol_utils.h",
"enclave/enclave_websocket_client.cc",
"enclave/enclave_websocket_client.h",
"enclave/metrics.cc",
"enclave/metrics.h",
"enclave/transact.cc",
"enclave/transact.h",
"enclave/types.cc",
"enclave/types.h",
"enclave/verify/amd.cc",
"enclave/verify/amd.h",
"enclave/verify/attestation_report.cc",
"enclave/verify/attestation_report.h",
"enclave/verify/claim.cc",
"enclave/verify/claim.h",
"enclave/verify/endorsement.cc",
"enclave/verify/endorsement.h",
"enclave/verify/rekor.cc",
"enclave/verify/rekor.h",
"enclave/verify/utils.cc",
"enclave/verify/utils.h",
"enclave/verify/verifier.cc",
"enclave/verify/verifier.h",
"fido_authenticator.cc",
"fido_authenticator.h",
"fido_device.cc",
"fido_device.h",
"fido_device_authenticator.cc",
"fido_device_authenticator.h",
"fido_device_discovery.cc",
"fido_device_discovery.h",
"fido_discovery_base.cc",
"fido_discovery_base.h",
"fido_discovery_factory.cc",
"fido_discovery_factory.h",
"fido_request_handler_base.cc",
"fido_request_handler_base.h",
"fido_task.cc",
"fido_task.h",
"filter.cc",
"filter.h",
"get_assertion_request_handler.cc",
"get_assertion_request_handler.h",
"get_assertion_task.cc",
"get_assertion_task.h",
"hid/fido_hid_device.cc",
"hid/fido_hid_device.h",
"hid/fido_hid_discovery.cc",
"hid/fido_hid_discovery.h",
"hid/fido_hid_message.cc",
"hid/fido_hid_message.h",
"hid/fido_hid_packet.cc",
"hid/fido_hid_packet.h",
"large_blob.cc",
"large_blob.h",
"mac/icloud_keychain.h",
"mac/icloud_keychain_sys.h",
"make_credential_request_handler.cc",
"make_credential_request_handler.h",
"make_credential_task.cc",
"make_credential_task.h",
"pin.cc",
"pin.h",
"pin_internal.cc",
"pin_internal.h",
"platform_credential_store.h",
"reset_request_handler.cc",
"reset_request_handler.h",
"set_pin_request_handler.cc",
"set_pin_request_handler.h",
"u2f_command_constructor.cc",
"u2f_command_constructor.h",
"u2f_register_operation.cc",
"u2f_register_operation.h",
"u2f_sign_operation.cc",
"u2f_sign_operation.h",
"virtual_ctap2_device.cc",
"virtual_ctap2_device.h",
"virtual_fido_device.cc",
"virtual_fido_device.h",
"virtual_fido_device_authenticator.cc",
"virtual_fido_device_authenticator.h",
"virtual_u2f_device.cc",
"virtual_u2f_device.h",
]
deps += [
"//components/sync/protocol:protocol",
"//device/fido/enclave/verify/proto:proto",
"//services/device/public/cpp/hid",
"//services/device/public/cpp/usb",
"//services/device/public/mojom",
"//services/device/public/mojom:usb",
"//services/network/public/mojom",
]
}
if (is_mac) {
sources += [
"enclave/icloud_recovery_key_mac.h",
"enclave/icloud_recovery_key_mac.mm",
"mac/authenticator.h",
"mac/authenticator.mm",
"mac/authenticator_config.h",
"mac/credential_metadata.cc",
"mac/credential_metadata.h",
"mac/credential_store.h",
"mac/credential_store.mm",
"mac/discovery.cc",
"mac/discovery.h",
"mac/get_assertion_operation.h",
"mac/get_assertion_operation.mm",
"mac/icloud_keychain.mm",
"mac/icloud_keychain_sys.mm",
"mac/make_credential_operation.h",
"mac/make_credential_operation.mm",
"mac/operation.h",
"mac/touch_id_context.h",
"mac/touch_id_context.mm",
"mac/util.h",
"mac/util.mm",
]
frameworks = [
"Foundation.framework",
"LocalAuthentication.framework",
"Security.framework",
"AuthenticationServices.framework",
]
deps += [ "//build:branding_buildflags" ]
}
if (is_win) {
sources += [
"win/authenticator.cc",
"win/authenticator.h",
"win/discovery.cc",
"win/discovery.h",
"win/fake_webauthn_api.cc",
"win/fake_webauthn_api.h",
"win/logging.cc",
"win/logging.h",
"win/type_conversions.cc",
"win/type_conversions.h",
"win/util.cc",
"win/util.h",
"win/webauthn_api.cc",
"win/webauthn_api.h",
]
}
if (is_chromeos) {
sources += [
"cros/authenticator.cc",
"cros/authenticator.h",
"cros/credential_store.cc",
"cros/credential_store.h",
"cros/discovery.cc",
"cros/discovery.h",
]
deps += [
"//chromeos/dbus/tpm_manager",
"//chromeos/dbus/tpm_manager:tpm_manager_proto",
"//chromeos/dbus/u2f",
"//chromeos/dbus/u2f:u2f_proto",
"//dbus",
]
}
}
}
if (use_blink) {
static_library("cablev2_registration") {
sources = [
"cable/v2_registration.cc",
"cable/v2_registration.h",
]
deps = [
":fido",
"//base",
"//components/cbor",
"//components/device_event_log",
"//components/gcm_driver",
"//components/gcm_driver/instance_id",
"//third_party/boringssl",
]
configs += [ "//build/config/compiler:wexit_time_destructors" ]
}
static_library("cablev2_authenticator") {
sources = [
"cable/v2_authenticator.cc",
"cable/v2_authenticator.h",
]
deps = [
":fido",
"//components/cbor",
"//components/device_event_log",
"//content/public/common", # for authenticator.mojom
"//services/network/public/mojom",
]
configs += [ "//build/config/compiler:wexit_time_destructors" ]
}
static_library("cablev2_test_util") {
testonly = true
sources = [
"cable/v2_test_util.cc",
"cable/v2_test_util.h",
]
deps = [
":cablev2_authenticator",
":fido",
"//components/cbor",
"//content/public/common", # for authenticator.mojom
"//crypto",
"//net/traffic_annotation:test_support",
"//services/network:test_support",
"//services/network/public/mojom",
]
}
source_set("mocks") {
testonly = true
sources = [
"cable/mock_fido_ble_connection.cc",
"cable/mock_fido_ble_connection.h",
"mock_fido_device.cc",
"mock_fido_device.h",
"mock_fido_discovery_observer.cc",
"mock_fido_discovery_observer.h",
]
deps = [
":fido",
"//base",
"//components/apdu",
"//components/cbor",
"//testing/gmock",
]
}
fuzzer_test("fido_hid_message_fuzzer") {
sources = [ "hid/fido_hid_message_fuzzer.cc" ]
deps = [
":fido",
"//base",
]
libfuzzer_options = [ "max_len=2048" ]
}
fuzzer_test("fido_ble_frames_fuzzer") {
sources = [ "cable/fido_ble_frames_fuzzer.cc" ]
deps = [ ":fido" ]
libfuzzer_options = [ "max_len=65535" ]
}
fuzzer_test("ctap_response_fuzzer") {
sources = [ "ctap_response_fuzzer.cc" ]
deps = [
":fido",
"//base",
"//base:i18n",
"//components/cbor",
"//components/device_event_log",
]
seed_corpus = "response_data_fuzzer_corpus/"
libfuzzer_options = [ "max_len=65537" ]
}
fuzzer_test("fido_cable_handshake_handler_fuzzer") {
sources = [ "cable/fido_cable_handshake_handler_fuzzer.cc" ]
deps = [
":fido",
"//base",
"//base/test:test_support",
"//device/bluetooth:mocks",
"//testing/gmock",
"//testing/gtest",
]
libfuzzer_options = [ "max_len=2048" ]
}
fuzzer_test("v2_handshake_fuzzer") {
sources = [ "cable/v2_handshake_fuzzer.cc" ]
deps = [
":fido",
"//base",
"//base/test:test_support",
"//device/bluetooth:mocks",
"//testing/gmock",
"//testing/gtest",
]
libfuzzer_options = [ "max_len=2048" ]
}
is_linux_without_udev = (is_linux || is_chromeos) && !use_udev
source_set("test_support") {
testonly = true
sources = []
deps = [
"//base",
"//components/apdu",
"//device/fido",
"//mojo/public/cpp/bindings",
"//services/device/public/mojom",
"//testing/gmock",
"//testing/gtest",
]
# Android doesn't compile. Linux requires udev.
if (!is_linux_without_udev && !is_android) {
sources += [
"fake_fido_discovery.cc",
"fake_fido_discovery.h",
"hid/fake_hid_impl_for_testing.cc",
"hid/fake_hid_impl_for_testing.h",
]
deps += [ "//services/device/public/cpp/hid" ]
}
if (!is_android) {
sources += [
"enclave/verify/test_utils.cc",
"enclave/verify/test_utils.h",
"multiple_virtual_fido_device_factory.cc",
"multiple_virtual_fido_device_factory.h",
"virtual_fido_device_discovery.cc",
"virtual_fido_device_discovery.h",
"virtual_fido_device_factory.cc",
"virtual_fido_device_factory.h",
]
}
if (is_mac) {
sources += [
"mac/fake_touch_id_context.h",
"mac/fake_touch_id_context.mm",
"mac/scoped_touch_id_test_environment.h",
"mac/scoped_touch_id_test_environment.mm",
]
deps += [ "//crypto:test_support" ]
}
}
}
# This is split from `test_support` because it requires the
# AuthenticationServices framework to be linked in, and that can't just be done
# as a dep/framework here.
if (is_mac) {
static_library("icloud_keychain_test_support") {
testonly = true
sources = [
"mac/fake_icloud_keychain.h",
"mac/fake_icloud_keychain.mm",
"mac/fake_icloud_keychain_sys.h",
"mac/fake_icloud_keychain_sys.mm",
"mac/scoped_icloud_keychain_test_environment.h",
"mac/scoped_icloud_keychain_test_environment.mm",
]
deps = [
"//base",
"//device/fido",
]
}
}
Codebase Browser
chromium