aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore4
-rw-r--r--Makefile34
-rw-r--r--README.md40
-rw-r--r--schema.sql119
-rw-r--r--scripts/convert-schema.sed62
-rw-r--r--sqlite3/Makefile8
-rw-r--r--unit_tests.py24
7 files changed, 3 insertions, 288 deletions
diff --git a/.gitignore b/.gitignore
index f901fb1..a258b72 100644
--- a/.gitignore
+++ b/.gitignore
@@ -29,7 +29,3 @@ libhal/utils/cores
libhal/utils/eim_peek_poke
libtfm/tfm.h
p11util
-schema.h
-sqlite3/build
-sqlite3/sqlite3
-sqlite3/sqlite3.h
diff --git a/Makefile b/Makefile
index 9d72087..86a8c57 100644
--- a/Makefile
+++ b/Makefile
@@ -44,10 +44,6 @@ LIBHAL_BLD ?= ${PKCS11_DIR}/libhal
LIBTFM_SRC ?= ${CRYPTECH_ROOT}/sw/thirdparty/libtfm
LIBTFM_BLD ?= ${PKCS11_DIR}/libtfm
-SQLITE3_SRC ?= ${CRYPTECH_ROOT}/sw/thirdparty/sqlite3
-SQLITE3_BLD ?= ${PKCS11_DIR}/sqlite3
-
-
# Whether to enable threading. Main reason for being able to turn it
# off is that gdb on the Novena (sometimes) goes bananas when
# threading is enabled.
@@ -65,10 +61,6 @@ ENABLE_DEBUGGING ?= no
ENABLE_FOOTNOTE_WARNINGS ?= yes
-# Whether to build and use our own copy of the sqlite3 library.
-
-ENABLE_OWN_SQLITE_LIBRARY ?= $(if $(wildcard ${CRYPTECH_ROOT}/sw/thirdparty/sqlite3),yes,no)
-
# Target platform for shared library. Every platform has its own
# kinks, as does GNU libtool, so we just suck it up and do the
# necessary kinks for the platforms we support. Yuck.
@@ -118,13 +110,6 @@ ifeq "${ENABLE_DEBUGGING}" "yes"
CFLAGS += -DDEBUG_HAL=1 -DDEBUG_PKCS11=1
endif
-ifeq "${ENABLE_OWN_SQLITE_LIBRARY}" "yes"
- CFLAGS += -I${SQLITE3_BLD}
- SOFLAGS += ${SQLITE3_BLD}/libsqlite3.a
-else
- SOFLAGS += -lsqlite3
-endif
-
ifndef OBJCOPY
OBJCOPY := objcopy
endif
@@ -132,12 +117,9 @@ endif
all: ${SONAME} p11util py11/attribute_map.py
clean:
- rm -rf *.o ${SONAME}* p11util schema.h attributes.h py11/*.pyc
+ rm -rf *.o ${SONAME}* p11util attributes.h py11/*.pyc
${MAKE} -C libtfm $@
${MAKE} -C libhal $@
-ifeq "${ENABLE_OWN_SQLITE_LIBRARY}" "yes"
- ${MAKE} -C sqlite3 $@
-endif
distclean: clean
rm -f TAGS
@@ -150,25 +132,15 @@ ${LIBTFM_BLD}/libtfm.a: .FORCE
${LIBHAL_BLD}/libhal.a: .FORCE ${LIBTFM_BLD}/libtfm.a
${MAKE} -C libhal ${LIBHAL_TARGET}
-${SQLITE3_BLD}/libsqlite3.a: .FORCE
- ${MAKE} -C sqlite3
-
-schema.h: schema.sql scripts/convert-schema.sed Makefile
- sed -f scripts/convert-schema.sed <schema.sql >schema.h
-
attributes.h: attributes.yaml scripts/build-attributes Makefile
python scripts/build-attributes attributes.yaml attributes.h
py11/attribute_map.py: attributes.yaml scripts/build-py11-attributes Makefile
python scripts/build-py11-attributes attributes.yaml py11/attribute_map.py
-pkcs11.o: pkcs11.c schema.h attributes.h ${LIBS}
+pkcs11.o: pkcs11.c attributes.h ${LIBS}
${CC} ${CFLAGS} -c $<
-ifeq "${ENABLE_OWN_SQLITE_LIBRARY}" "yes"
- pkcs11.o: ${SQLITE3_BLD}/libsqlite3.a
-endif
-
ifeq "${UNAME}" "Darwin"
${SONAME}: pkcs11.o ${LIBS}
@@ -183,7 +155,7 @@ else
endif
-p11util.o: p11util.c schema.h
+p11util.o: p11util.c
${CC} ${CFLAGS} -c $<
p11util: p11util.o ${LIBS}
diff --git a/README.md b/README.md
index 7f7972c..7cee87d 100644
--- a/README.md
+++ b/README.md
@@ -38,9 +38,6 @@ extensible.
The underlying cryptographic support comes from the [Cryptech][]
`libhal` package.
-The object store is currently implemented using [SQLite3][], which may
-also need to change (more on this below).
-
Testing to date has been done using the `bin/pkcs11/` tools from the
BIND9 distribution, the `hsmcheck` and `ods-hsmutil` tools from the
OpenDNSSEC distribution, the `hsmbully` diagnostic tool, and a
@@ -56,42 +53,6 @@ signatures, and passes some fairly basic tests. More testing would be
a really good idea.
-## Open issue: SQLite3 ##
-
-The choice to use use of [SQLite3][] as the PKCS #11 object store was
-made with full knowledge that we might need to change it later. That
-said, we made the initial choice with several factors in mind:
-
-* Relative ease of development (it's all just SQL schemas and queries);
-
-* Relative ease of data normalization (foreign key constraints,
- etcetera) and debugging (command line tool available for arbitrary
- direct queries against stored data);
-
-* Licensing (SQLite3 is explictly public domain);
-
-* Support for embedded systems; and
-
-* Surprisingly small object code size (everything I found that was
- significantly smaller had license issues, eg, gdbm).
-
-Overall, this has worked relatively well, but it's not necessarily
-what we want in the long run, if only because it fails the minimum
-complexity test.
-
-The current implementation keeps much of the SQL data in an in-memory
-database: only "token objects" are stored in on disk. This matches
-the required PKCS #11 semantics, and using the same mechanism to
-handle both session objects and token objects simplifies the code
-considerably, but it does mean that much of the SQL code is really
-just dealing with a weird encoding of in-memory data structures.
-
-At this point the schema may be stable enough that it would make sense
-to consider reimplementing without SQL. It's not urgent as long as
-we're just doing proof-of-concept work, but is something we should
-consider seriously before deciding that this is ready for "production"
-status.
-
## Copyright status ##
The [PKCS11][] header files are "derived from the RSA Security Inc.
@@ -102,6 +63,5 @@ Code written for the [Cryptech][] project is under the usual Cryptech
BSD-style license.
[PKCS11]: http://www.cryptsoft.com/pkcs11doc/STANDARD/ "PKCS #11"
-[SQLite3]: https://www.sqlite.org/ "SQLite3"
[DNSPython]: http://www.dnspython.org/ "DNSPython"
[Cryptech]: https://cryptech.is/ "Cryptech"
diff --git a/schema.sql b/schema.sql
deleted file mode 100644
index c79b3c0..0000000
--- a/schema.sql
+++ /dev/null
@@ -1,119 +0,0 @@
--- SQLite3 schema for Cryptech PKCS #11 implementation.
---
--- Author: Rob Austein
--- Copyright (c) 2015-2016, NORDUnet A/S
--- All rights reserved.
---
--- Redistribution and use in source and binary forms, with or without
--- modification, are permitted provided that the following conditions are
--- met:
--- - Redistributions of source code must retain the above copyright notice,
--- this list of conditions and the following disclaimer.
---
--- - Redistributions in binary form must reproduce the above copyright
--- notice, this list of conditions and the following disclaimer in the
--- documentation and/or other materials provided with the distribution.
---
--- - Neither the name of the NORDUnet nor the names of its contributors may
--- be used to endorse or promote products derived from this software
--- without specific prior written permission.
---
--- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
--- IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
--- TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
--- PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
--- HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
--- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
--- PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
--- LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
--- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
--- SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
--- Notes:
---
--- The CHECK constraints in the attribute tables are checking
--- CKA_TOKEN, to make sure we don't accidently file token objects in
--- the session table or vice versa.
---
--- temp.object.token_object_id is a foreign-key reference to
--- main.token_object.id, but we can't use a real foreign key reference
--- because they're in different databases. If we're careful about how
--- we do our joins, this is harmless, but may lead to some clutter if
--- a long running session has handles on token objects which some
--- other process deletes from the database. If this happens and we
--- care for some reason, we can clean up such clutter with something
--- like:
---
--- WITH
--- known AS (SELECT token_object_id FROM token_object)
--- DELETE FROM object
--- WHERE token_object_id IS NOT NULL
--- AND token_object_id NOT IN known;
-
-PRAGMA foreign_keys = ON;
-
-CREATE TEMPORARY TABLE IF NOT EXISTS session (
- session_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
- session_handle INTEGER NOT NULL UNIQUE
- CHECK (session_handle > 0 AND session_handle <= 0xFFFFFFFF)
-);
-
-CREATE TEMPORARY TABLE IF NOT EXISTS object (
- object_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
- object_handle INTEGER NOT NULL UNIQUE
- CHECK (object_handle > 0 AND object_handle <= 0xFFFFFFFF),
- session_id INTEGER REFERENCES session
- ON DELETE CASCADE ON UPDATE CASCADE
- DEFERRABLE INITIALLY DEFERRED,
- token_object_id INTEGER,
- session_object_id INTEGER REFERENCES session_object
- ON DELETE CASCADE ON UPDATE CASCADE
- DEFERRABLE INITIALLY DEFERRED,
- CHECK (token_object_id IS NULL OR (session_id IS NULL AND session_object_id IS NULL)),
- UNIQUE (token_object_id),
- UNIQUE (session_id, session_object_id)
-);
-
-CREATE TEMPORARY TABLE IF NOT EXISTS session_object (
- session_object_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
- hal_pkey_uuid BLOB,
- object_id INTEGER NOT NULL UNIQUE
- REFERENCES object
- ON DELETE CASCADE ON UPDATE CASCADE
-);
-
-CREATE TEMPORARY TABLE IF NOT EXISTS session_attribute (
- type INTEGER NOT NULL,
- session_object_id INTEGER NOT NULL REFERENCES session_object
- ON DELETE CASCADE ON UPDATE CASCADE,
- value BLOB NOT NULL,
- UNIQUE (type, session_object_id),
- CHECK (type <> 1 OR value = X'00')
-);
-
-CREATE TABLE IF NOT EXISTS token_object (
- token_object_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
- hal_pkey_uuid BLOB
-);
-
-CREATE TABLE IF NOT EXISTS token_attribute (
- type INTEGER NOT NULL,
- token_object_id INTEGER NOT NULL REFERENCES token_object
- ON DELETE CASCADE ON UPDATE CASCADE,
- value BLOB NOT NULL,
- UNIQUE (type, token_object_id),
- CHECK (type <> 1 OR value <> X'00')
-);
-
--- http://sqlite.org/foreignkeys.html says we might want these.
-
-CREATE INDEX IF NOT EXISTS temp.object__session ON object(session_id);
-CREATE INDEX IF NOT EXISTS temp.object__session_object ON object(session_object_id);
-CREATE INDEX IF NOT EXISTS temp.session_object__object ON session_object(object_id);
-CREATE INDEX IF NOT EXISTS temp.session_attribute__session_object ON session_attribute(session_object_id);
-CREATE INDEX IF NOT EXISTS token_attribute__token_object ON token_attribute(token_object_id);
-
--- Local variables:
--- indent-tabs-mode: nil
--- End:
diff --git a/scripts/convert-schema.sed b/scripts/convert-schema.sed
deleted file mode 100644
index 3362ce5..0000000
--- a/scripts/convert-schema.sed
+++ /dev/null
@@ -1,62 +0,0 @@
-# Generate schema.h from schema.sql.
-#
-# If this script gets any more complicated, it should probably be
-# recoded in Python and have done.
-#
-# Author: Rob Austein
-# Copyright (c) 2015, NORDUnet A/S
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-# - Redistributions of source code must retain the above copyright notice,
-# this list of conditions and the following disclaimer.
-#
-# - Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# - Neither the name of the NORDUnet nor the names of its contributors may
-# be used to endorse or promote products derived from this software
-# without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
-# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-# Add header. Note that both newlines and leading spaces need to be
-# quoted with backslashes, be careful....
-1i\
- /*\
-\ * Automatically generated from schema.sql, edit that file instead of this one.\
-\ */\
-\
-
-# Debugging hack: ordinarily we keep all the per-session stuff in the
-# "temp" database, but debugging is easier when we let it all go to
-# disk. Uncomment these lines to remove all the "TEMPORARY" and
-# "temp." qualifiers.
-#s/ TEMPORARY / /g
-#s/ temp[.]/ /g
-
-# Delete comment lines, trailing whitespace, and blank lines.
-/^[ ]*--/d
-s/[ ]*$//
-/^$/d
-
-# Quote backslashes and doublequotes, if any.
-s/\\/\\\\/g
-s/"/\\"/g
-
-# Quote each line of text.
-s/^.*$/" &" "\\n"/
diff --git a/sqlite3/Makefile b/sqlite3/Makefile
deleted file mode 100644
index ed0d982..0000000
--- a/sqlite3/Makefile
+++ /dev/null
@@ -1,8 +0,0 @@
-ifndef CRYPTECH_ROOT
- CRYPTECH_ROOT := $(abspath ../../..)
-endif
-
-REPO = ${CRYPTECH_ROOT}/sw/thirdparty/sqlite3
-TARBALL = ${REPO}/$(notdir ${URL})
-
-include ${REPO}/Makefile
diff --git a/unit_tests.py b/unit_tests.py
index 02863c8..f9bff67 100644
--- a/unit_tests.py
+++ b/unit_tests.py
@@ -50,8 +50,6 @@ def parse_arguments(argv = ()):
parser.add_argument("--slot", default = 0, type = int, help = "slot number")
parser.add_argument("--libpkcs11", default = libpkcs11_default, help = "PKCS #11 library")
parser.add_argument("--all-tests", action = "store_true", help = "enable tests usually skipped")
- parser.add_argument("--sql-file", default = "unit_tests.db", help = "SQLite3 database")
- parser.add_argument("--ks-client", default = "unit_tests.ks-client", help = "client keystore (ks_mmap only)")
parser.add_argument("--only-test", default = [], nargs = "+", help = "only run tests named here")
return parser.parse_args(argv)
@@ -59,36 +57,14 @@ args = parse_arguments()
p11 = None
def setUpModule():
- from os import unlink, environ
- from os.path import abspath, isfile
global p11
- def new_file(fn):
- fn = abspath(fn)
- if isfile(fn):
- unlink(fn)
- return fn
-
- environ["PKCS11_DATABASE"] = new_file(args.sql_file)
- environ["CRYPTECH_KEYSTORE"] = new_file(args.ks_client)
-
log("Loading PKCS #11 library {}".format(args.libpkcs11))
p11 = PKCS11(args.libpkcs11)
log("Setup complete")
-def tearDownModule():
- from os import unlink
- from os.path import isfile
-
- if isfile(args.sql_file):
- unlink(args.sql_file)
-
- if isfile(args.ks_client):
- unlink(args.ks_client)
-
-
# Subclass a few bits of unittest to add timing reports for individual tests.
class TestCase(unittest.TestCase):