diff options
author | Rob Austein <sra@hactrn.net> | 2016-11-22 00:22:48 -0500 |
---|---|---|
committer | Rob Austein <sra@hactrn.net> | 2016-11-22 00:22:48 -0500 |
commit | 543fc948aaf35f31ef5100a3897bf15cf5fa0d0d (patch) | |
tree | 524bc75a3eede1ce640f24300914d1a10a4d3e38 | |
parent | eff8f1875aae79760009b8b60d2a94af2d4da779 (diff) |
Remove SQLite3 from build, no longer needed.
-rw-r--r-- | .gitignore | 4 | ||||
-rw-r--r-- | Makefile | 34 | ||||
-rw-r--r-- | README.md | 40 | ||||
-rw-r--r-- | schema.sql | 119 | ||||
-rw-r--r-- | scripts/convert-schema.sed | 62 | ||||
-rw-r--r-- | sqlite3/Makefile | 8 | ||||
-rw-r--r-- | unit_tests.py | 24 |
7 files changed, 3 insertions, 288 deletions
@@ -29,7 +29,3 @@ libhal/utils/cores libhal/utils/eim_peek_poke libtfm/tfm.h p11util -schema.h -sqlite3/build -sqlite3/sqlite3 -sqlite3/sqlite3.h @@ -44,10 +44,6 @@ LIBHAL_BLD ?= ${PKCS11_DIR}/libhal LIBTFM_SRC ?= ${CRYPTECH_ROOT}/sw/thirdparty/libtfm LIBTFM_BLD ?= ${PKCS11_DIR}/libtfm -SQLITE3_SRC ?= ${CRYPTECH_ROOT}/sw/thirdparty/sqlite3 -SQLITE3_BLD ?= ${PKCS11_DIR}/sqlite3 - - # Whether to enable threading. Main reason for being able to turn it # off is that gdb on the Novena (sometimes) goes bananas when # threading is enabled. @@ -65,10 +61,6 @@ ENABLE_DEBUGGING ?= no ENABLE_FOOTNOTE_WARNINGS ?= yes -# Whether to build and use our own copy of the sqlite3 library. - -ENABLE_OWN_SQLITE_LIBRARY ?= $(if $(wildcard ${CRYPTECH_ROOT}/sw/thirdparty/sqlite3),yes,no) - # Target platform for shared library. Every platform has its own # kinks, as does GNU libtool, so we just suck it up and do the # necessary kinks for the platforms we support. Yuck. @@ -118,13 +110,6 @@ ifeq "${ENABLE_DEBUGGING}" "yes" CFLAGS += -DDEBUG_HAL=1 -DDEBUG_PKCS11=1 endif -ifeq "${ENABLE_OWN_SQLITE_LIBRARY}" "yes" - CFLAGS += -I${SQLITE3_BLD} - SOFLAGS += ${SQLITE3_BLD}/libsqlite3.a -else - SOFLAGS += -lsqlite3 -endif - ifndef OBJCOPY OBJCOPY := objcopy endif @@ -132,12 +117,9 @@ endif all: ${SONAME} p11util py11/attribute_map.py clean: - rm -rf *.o ${SONAME}* p11util schema.h attributes.h py11/*.pyc + rm -rf *.o ${SONAME}* p11util attributes.h py11/*.pyc ${MAKE} -C libtfm $@ ${MAKE} -C libhal $@ -ifeq "${ENABLE_OWN_SQLITE_LIBRARY}" "yes" - ${MAKE} -C sqlite3 $@ -endif distclean: clean rm -f TAGS @@ -150,25 +132,15 @@ ${LIBTFM_BLD}/libtfm.a: .FORCE ${LIBHAL_BLD}/libhal.a: .FORCE ${LIBTFM_BLD}/libtfm.a ${MAKE} -C libhal ${LIBHAL_TARGET} -${SQLITE3_BLD}/libsqlite3.a: .FORCE - ${MAKE} -C sqlite3 - -schema.h: schema.sql scripts/convert-schema.sed Makefile - sed -f scripts/convert-schema.sed <schema.sql >schema.h - attributes.h: attributes.yaml scripts/build-attributes Makefile python scripts/build-attributes attributes.yaml attributes.h py11/attribute_map.py: attributes.yaml scripts/build-py11-attributes Makefile python scripts/build-py11-attributes attributes.yaml py11/attribute_map.py -pkcs11.o: pkcs11.c schema.h attributes.h ${LIBS} +pkcs11.o: pkcs11.c attributes.h ${LIBS} ${CC} ${CFLAGS} -c $< -ifeq "${ENABLE_OWN_SQLITE_LIBRARY}" "yes" - pkcs11.o: ${SQLITE3_BLD}/libsqlite3.a -endif - ifeq "${UNAME}" "Darwin" ${SONAME}: pkcs11.o ${LIBS} @@ -183,7 +155,7 @@ else endif -p11util.o: p11util.c schema.h +p11util.o: p11util.c ${CC} ${CFLAGS} -c $< p11util: p11util.o ${LIBS} @@ -38,9 +38,6 @@ extensible. The underlying cryptographic support comes from the [Cryptech][] `libhal` package. -The object store is currently implemented using [SQLite3][], which may -also need to change (more on this below). - Testing to date has been done using the `bin/pkcs11/` tools from the BIND9 distribution, the `hsmcheck` and `ods-hsmutil` tools from the OpenDNSSEC distribution, the `hsmbully` diagnostic tool, and a @@ -56,42 +53,6 @@ signatures, and passes some fairly basic tests. More testing would be a really good idea. -## Open issue: SQLite3 ## - -The choice to use use of [SQLite3][] as the PKCS #11 object store was -made with full knowledge that we might need to change it later. That -said, we made the initial choice with several factors in mind: - -* Relative ease of development (it's all just SQL schemas and queries); - -* Relative ease of data normalization (foreign key constraints, - etcetera) and debugging (command line tool available for arbitrary - direct queries against stored data); - -* Licensing (SQLite3 is explictly public domain); - -* Support for embedded systems; and - -* Surprisingly small object code size (everything I found that was - significantly smaller had license issues, eg, gdbm). - -Overall, this has worked relatively well, but it's not necessarily -what we want in the long run, if only because it fails the minimum -complexity test. - -The current implementation keeps much of the SQL data in an in-memory -database: only "token objects" are stored in on disk. This matches -the required PKCS #11 semantics, and using the same mechanism to -handle both session objects and token objects simplifies the code -considerably, but it does mean that much of the SQL code is really -just dealing with a weird encoding of in-memory data structures. - -At this point the schema may be stable enough that it would make sense -to consider reimplementing without SQL. It's not urgent as long as -we're just doing proof-of-concept work, but is something we should -consider seriously before deciding that this is ready for "production" -status. - ## Copyright status ## The [PKCS11][] header files are "derived from the RSA Security Inc. @@ -102,6 +63,5 @@ Code written for the [Cryptech][] project is under the usual Cryptech BSD-style license. [PKCS11]: http://www.cryptsoft.com/pkcs11doc/STANDARD/ "PKCS #11" -[SQLite3]: https://www.sqlite.org/ "SQLite3" [DNSPython]: http://www.dnspython.org/ "DNSPython" [Cryptech]: https://cryptech.is/ "Cryptech" diff --git a/schema.sql b/schema.sql deleted file mode 100644 index c79b3c0..0000000 --- a/schema.sql +++ /dev/null @@ -1,119 +0,0 @@ --- SQLite3 schema for Cryptech PKCS #11 implementation. --- --- Author: Rob Austein --- Copyright (c) 2015-2016, NORDUnet A/S --- All rights reserved. --- --- Redistribution and use in source and binary forms, with or without --- modification, are permitted provided that the following conditions are --- met: --- - Redistributions of source code must retain the above copyright notice, --- this list of conditions and the following disclaimer. --- --- - Redistributions in binary form must reproduce the above copyright --- notice, this list of conditions and the following disclaimer in the --- documentation and/or other materials provided with the distribution. --- --- - Neither the name of the NORDUnet nor the names of its contributors may --- be used to endorse or promote products derived from this software --- without specific prior written permission. --- --- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS --- IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED --- TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A --- PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT --- HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, --- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED --- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR --- PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF --- LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING --- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS --- SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - --- Notes: --- --- The CHECK constraints in the attribute tables are checking --- CKA_TOKEN, to make sure we don't accidently file token objects in --- the session table or vice versa. --- --- temp.object.token_object_id is a foreign-key reference to --- main.token_object.id, but we can't use a real foreign key reference --- because they're in different databases. If we're careful about how --- we do our joins, this is harmless, but may lead to some clutter if --- a long running session has handles on token objects which some --- other process deletes from the database. If this happens and we --- care for some reason, we can clean up such clutter with something --- like: --- --- WITH --- known AS (SELECT token_object_id FROM token_object) --- DELETE FROM object --- WHERE token_object_id IS NOT NULL --- AND token_object_id NOT IN known; - -PRAGMA foreign_keys = ON; - -CREATE TEMPORARY TABLE IF NOT EXISTS session ( - session_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, - session_handle INTEGER NOT NULL UNIQUE - CHECK (session_handle > 0 AND session_handle <= 0xFFFFFFFF) -); - -CREATE TEMPORARY TABLE IF NOT EXISTS object ( - object_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, - object_handle INTEGER NOT NULL UNIQUE - CHECK (object_handle > 0 AND object_handle <= 0xFFFFFFFF), - session_id INTEGER REFERENCES session - ON DELETE CASCADE ON UPDATE CASCADE - DEFERRABLE INITIALLY DEFERRED, - token_object_id INTEGER, - session_object_id INTEGER REFERENCES session_object - ON DELETE CASCADE ON UPDATE CASCADE - DEFERRABLE INITIALLY DEFERRED, - CHECK (token_object_id IS NULL OR (session_id IS NULL AND session_object_id IS NULL)), - UNIQUE (token_object_id), - UNIQUE (session_id, session_object_id) -); - -CREATE TEMPORARY TABLE IF NOT EXISTS session_object ( - session_object_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, - hal_pkey_uuid BLOB, - object_id INTEGER NOT NULL UNIQUE - REFERENCES object - ON DELETE CASCADE ON UPDATE CASCADE -); - -CREATE TEMPORARY TABLE IF NOT EXISTS session_attribute ( - type INTEGER NOT NULL, - session_object_id INTEGER NOT NULL REFERENCES session_object - ON DELETE CASCADE ON UPDATE CASCADE, - value BLOB NOT NULL, - UNIQUE (type, session_object_id), - CHECK (type <> 1 OR value = X'00') -); - -CREATE TABLE IF NOT EXISTS token_object ( - token_object_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, - hal_pkey_uuid BLOB -); - -CREATE TABLE IF NOT EXISTS token_attribute ( - type INTEGER NOT NULL, - token_object_id INTEGER NOT NULL REFERENCES token_object - ON DELETE CASCADE ON UPDATE CASCADE, - value BLOB NOT NULL, - UNIQUE (type, token_object_id), - CHECK (type <> 1 OR value <> X'00') -); - --- http://sqlite.org/foreignkeys.html says we might want these. - -CREATE INDEX IF NOT EXISTS temp.object__session ON object(session_id); -CREATE INDEX IF NOT EXISTS temp.object__session_object ON object(session_object_id); -CREATE INDEX IF NOT EXISTS temp.session_object__object ON session_object(object_id); -CREATE INDEX IF NOT EXISTS temp.session_attribute__session_object ON session_attribute(session_object_id); -CREATE INDEX IF NOT EXISTS token_attribute__token_object ON token_attribute(token_object_id); - --- Local variables: --- indent-tabs-mode: nil --- End: diff --git a/scripts/convert-schema.sed b/scripts/convert-schema.sed deleted file mode 100644 index 3362ce5..0000000 --- a/scripts/convert-schema.sed +++ /dev/null @@ -1,62 +0,0 @@ -# Generate schema.h from schema.sql. -# -# If this script gets any more complicated, it should probably be -# recoded in Python and have done. -# -# Author: Rob Austein -# Copyright (c) 2015, NORDUnet A/S -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are -# met: -# - Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# -# - Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# - Neither the name of the NORDUnet nor the names of its contributors may -# be used to endorse or promote products derived from this software -# without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS -# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A -# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -# Add header. Note that both newlines and leading spaces need to be -# quoted with backslashes, be careful.... -1i\ - /*\ -\ * Automatically generated from schema.sql, edit that file instead of this one.\ -\ */\ -\ - -# Debugging hack: ordinarily we keep all the per-session stuff in the -# "temp" database, but debugging is easier when we let it all go to -# disk. Uncomment these lines to remove all the "TEMPORARY" and -# "temp." qualifiers. -#s/ TEMPORARY / /g -#s/ temp[.]/ /g - -# Delete comment lines, trailing whitespace, and blank lines. -/^[ ]*--/d -s/[ ]*$// -/^$/d - -# Quote backslashes and doublequotes, if any. -s/\\/\\\\/g -s/"/\\"/g - -# Quote each line of text. -s/^.*$/" &" "\\n"/ diff --git a/sqlite3/Makefile b/sqlite3/Makefile deleted file mode 100644 index ed0d982..0000000 --- a/sqlite3/Makefile +++ /dev/null @@ -1,8 +0,0 @@ -ifndef CRYPTECH_ROOT - CRYPTECH_ROOT := $(abspath ../../..) -endif - -REPO = ${CRYPTECH_ROOT}/sw/thirdparty/sqlite3 -TARBALL = ${REPO}/$(notdir ${URL}) - -include ${REPO}/Makefile diff --git a/unit_tests.py b/unit_tests.py index 02863c8..f9bff67 100644 --- a/unit_tests.py +++ b/unit_tests.py @@ -50,8 +50,6 @@ def parse_arguments(argv = ()): parser.add_argument("--slot", default = 0, type = int, help = "slot number") parser.add_argument("--libpkcs11", default = libpkcs11_default, help = "PKCS #11 library") parser.add_argument("--all-tests", action = "store_true", help = "enable tests usually skipped") - parser.add_argument("--sql-file", default = "unit_tests.db", help = "SQLite3 database") - parser.add_argument("--ks-client", default = "unit_tests.ks-client", help = "client keystore (ks_mmap only)") parser.add_argument("--only-test", default = [], nargs = "+", help = "only run tests named here") return parser.parse_args(argv) @@ -59,36 +57,14 @@ args = parse_arguments() p11 = None def setUpModule(): - from os import unlink, environ - from os.path import abspath, isfile global p11 - def new_file(fn): - fn = abspath(fn) - if isfile(fn): - unlink(fn) - return fn - - environ["PKCS11_DATABASE"] = new_file(args.sql_file) - environ["CRYPTECH_KEYSTORE"] = new_file(args.ks_client) - log("Loading PKCS #11 library {}".format(args.libpkcs11)) p11 = PKCS11(args.libpkcs11) log("Setup complete") -def tearDownModule(): - from os import unlink - from os.path import isfile - - if isfile(args.sql_file): - unlink(args.sql_file) - - if isfile(args.ks_client): - unlink(args.ks_client) - - # Subclass a few bits of unittest to add timing reports for individual tests. class TestCase(unittest.TestCase): |