From 129e802fd4e0ca73f9dbae7968331d055c3a97d1 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Fri, 24 Jun 2016 17:08:20 -0400 Subject: VPATH build for libpkcs11.so, and first cut at libpkcs11.dylib for Mac OS X. The Mac OS X build compiles, but is otherwise completely untested, and won't even be testable until cryptech_rpcd support configuring high-speed UARTs on Mac OS X (OS-specific voodoo). --- .gitignore | 26 ++++++++++- GNUmakefile | 99 +++++++++++++++++++++++++++++------------ libhal/GNUmakefile | 15 +++++++ libhal/tests/GNUmakefile | 10 +++++ libhal/utils/GNUmakefile | 10 +++++ libtfm/GNUmakefile | 46 +++++++++++++++++++ libtfm/tomsfastmath/GNUmakefile | 8 ++++ sqlite3/GNUmakefile | 8 ++++ 8 files changed, 191 insertions(+), 31 deletions(-) create mode 100644 libhal/GNUmakefile create mode 100644 libhal/tests/GNUmakefile create mode 100644 libhal/utils/GNUmakefile create mode 100644 libtfm/GNUmakefile create mode 100644 libtfm/tomsfastmath/GNUmakefile create mode 100644 sqlite3/GNUmakefile diff --git a/.gitignore b/.gitignore index 9426d0c..90ecb31 100644 --- a/.gitignore +++ b/.gitignore @@ -1,11 +1,33 @@ *.[oa] -*.l[oa] +*.dylib +*.dylib.* *.pyc *.so *.so.* *~ -.libs TAGS attributes.h +libhal/cryptech_rpcd +libhal/tests/test-aes-key-wrap +libhal/tests/test-bus +libhal/tests/test-ecdsa +libhal/tests/test-ecdsa-*.der +libhal/tests/test-hash +libhal/tests/test-mkmif +libhal/tests/test-pbkdf2 +libhal/tests/test-rpc_get_random +libhal/tests/test-rpc_get_version +libhal/tests/test-rpc_hash +libhal/tests/test-rpc_pkey +libhal/tests/test-rpc_server +libhal/tests/test-rsa +libhal/tests/test-rsa-*.der +libhal/tests/test-trng +libhal/utils/cores +libhal/utils/eim_peek_poke +libtfm/tfm.h p11util schema.h +sqlite3/build +sqlite3/sqlite3 +sqlite3/sqlite3.h diff --git a/GNUmakefile b/GNUmakefile index c936c4a..62f1cba 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -31,53 +31,64 @@ # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # Locations of libraries on which this code depends. -# This will probably need to change if we go to VPATHs. -LIBHAL_DIR = ../libhal -LIBTFM_DIR = ../thirdparty/libtfm -SQLITE3_DIR = ../thirdparty/sqlite3 +ifndef CRYPTECH_ROOT + CRYPTECH_ROOT := $(abspath ../..) +endif + +PKCS11_DIR ?= ${CRYPTECH_ROOT}/sw/pkcs11 +LIBHAL_DIR ?= ${PKCS11_DIR}/libhal +LIBTFM_DIR ?= ${PKCS11_DIR}/libtfm +SQLITE3_DIR ?= ${PKCS11_DIR}/sqlite3 # Whether to enable threading. Main reason for being able to turn it # off is that gdb on the Novena (sometimes) goes bananas when # threading is enabled. -ifndef ENABLE_THREADS - ENABLE_THREADS := yes -endif +ENABLE_THREADS ?= yes # Whether to enable debugging code that prints diagnostic information # to stderr on various conditions (mostly failures). -ifndef ENABLE_DEBUGGING - ENABLE_DEBUGGING := no -endif +ENABLE_DEBUGGING ?= no # Whether to disable #warning statements; generally these are present for # a reason, but they can get distracting when one is attempting to debug # something else. -ifndef ENABLE_FOOTNOTE_WARNINGS - ENABLE_FOOTNOTE_WARNINGS := yes -endif +ENABLE_FOOTNOTE_WARNINGS ?= yes # Whether to build and use our own copy of the sqlite3 library. -ifndef ENABLE_OWN_SQLITE_LIBRARY - ENABLE_OWN_SQLITE_LIBRARY := $(if $(wildcard ${SQLITE3_DIR}),yes,no) -endif +ENABLE_OWN_SQLITE_LIBRARY ?= $(if $(wildcard ${CRYPTECH_ROOT}/sw/thirdparty/sqlite3),yes,no) + +# Target platform for shared library. Every platform has its own +# kinks, as does GNU libtool, so we just suck it up and do the +# necessary kinks for the platforms we support. Yuck. + +UNAME := $(shell uname) -CFLAGS := -g3 -fPIC -Wall -std=c99 -I${LIBHAL_DIR} -SOFLAGS := -Wl,-Bsymbolic-functions -Wl,-Bsymbolic -Wl,-z,noexecstack -Wl,-soname,libpkcs11.so.0 +# Compilation flags, etc. + +CFLAGS := -g3 -fPIC -Wall -std=c99 -I${CRYPTECH_ROOT}/sw/libhal LIBS := ${LIBHAL_DIR}/libhal.a ${LIBTFM_DIR}/libtfm.a +ifeq "${UNAME}" "Darwin" + SONAME := libpkcs11.dylib + SOFLAGS := -dynamiclib +else + SONAME := libpkcs11.so + SOFLAGS := -Wl,-Bsymbolic-functions -Wl,-Bsymbolic -Wl,-z,noexecstack -Wl,-soname,${SONAME}.0 +endif + ifeq "${ENABLE_FOOTNOTE_WARNINGS}" "no" CFLAGS += -Wno-\#warnings -Wno-cpp endif -ifeq "${ENABLE_THREADS}" "yes" - CFLAGS += -pthread -else +ifneq "${ENABLE_THREADS}" "yes" CFLAGS += -DUSE_PTHREADS=0 +else ifneq "${UNAME}" "Darwin" + CFLAGS += -pthread endif ifeq "${ENABLE_DEBUGGING}" "yes" @@ -95,14 +106,30 @@ ifndef OBJCOPY OBJCOPY := objcopy endif -all: libpkcs11.so p11util py11/attribute_map.py +all: ${SONAME} p11util py11/attribute_map.py clean: - rm -rf pkcs11.o pkcs11.so libpkcs11.so* p11util p11util.o schema.h attributes.h + rm -rf *.o ${SONAME}* p11util schema.h attributes.h + cd libtfm; ${MAKE} $@ + cd libhal; ${MAKE} $@ +ifeq "${ENABLE_OWN_SQLITE_LIBRARY}" "yes" + cd sqlite3; ${MAKE} $@ +endif distclean: clean rm -f TAGS +.FORCE: + +${LIBTFM_DIR}/libtfm.a: .FORCE + cd libtfm; ${MAKE} + +${LIBHAL_DIR}/libhal.a: .FORCE ${LIBTFM_DIR}/libtfm.a + cd libhal; ${MAKE} daemon + +${SQLITE3_DIR}/libsqlite3.a: .FORCE + cd sqlite3; ${MAKE} + schema.h: schema.sql scripts/convert-schema.sed GNUmakefile sed -f scripts/convert-schema.sed schema.h @@ -112,14 +139,28 @@ attributes.h: attributes.yaml scripts/build-attributes GNUmakefile py11/attribute_map.py: attributes.yaml scripts/build-py11-attributes GNUmakefile python scripts/build-py11-attributes attributes.yaml py11/attribute_map.py -pkcs11.o: pkcs11.c schema.h attributes.h +pkcs11.o: pkcs11.c schema.h attributes.h ${LIBS} ${CC} ${CFLAGS} -c $< -pkcs11.so: pkcs11.o ${LIBS} - ${CC} ${CFLAGS} -shared -o $@ $^ ${SOFLAGS} ${LDFLAGS} +ifeq "${ENABLE_OWN_SQLITE_LIBRARY}" "yes" + pkcs11.o: ${SQLITE3_DIR}/libsqlite3.a +endif + +ifeq "${UNAME}" "Darwin" -libpkcs11.so: pkcs11.so - ${OBJCOPY} -w -G 'C_*' $< $@ + ${SONAME}: pkcs11.o ${LIBS} + nm $< | awk 'NF == 3 && $$2 == "T" && $$3 ~ /^_C_/ {print $$3}' >$@.tmp + ${CC} -Wl,-exported_symbols_list,$@.tmp -o $@ $^ ${SOFLAGS} ${LDFLAGS} + rm -f $@.tmp + +else + + ${SONAME}: pkcs11.o ${LIBS} + ${CC} ${CFLAGS} -shared -o $@.tmp $^ ${SOFLAGS} ${LDFLAGS} + ${OBJCOPY} -w -G 'C_*' $@.tmp $@ + rm -f $@.tmp + +endif p11util.o: p11util.c schema.h ${CC} ${CFLAGS} -c $< @@ -144,7 +185,7 @@ HSMBULLY := $(firstword $(wildcard $(addsuffix /hsmbully,$(subst :, ,.:${PATH})) ifneq "${HSMBULLY}" "" HSMBULLY_OPTIONS := \ - --pin fnord --so-pin fnord --pkcs11lib $(abspath libpkcs11.so) \ + --pin fnord --so-pin fnord --pkcs11lib $(abspath ${SONAME}) \ --verbose=9 --fast-and-frivolous --skip-fragmentation --skip-keysizing HSMBULLY_DATABASE=$(abspath hsmbully.pkcs11.db) diff --git a/libhal/GNUmakefile b/libhal/GNUmakefile new file mode 100644 index 0000000..13c39ec --- /dev/null +++ b/libhal/GNUmakefile @@ -0,0 +1,15 @@ +ifndef CRYPTECH_ROOT + CRYPTECH_ROOT := $(abspath ../../..) +endif + +TFMDIR := $(abspath ../libtfm) + +INC = ${CRYPTECH_ROOT}/sw/libhal/hal.h +LIB = ../libhal.a + +CFLAGS += -I${CRYPTECH_ROOT}/sw/libhal + +vpath %.c ${CRYPTECH_ROOT}/sw/libhal +vpath %.h ${CRYPTECH_ROOT}/sw/libhal:${LIBTFM_DIR} + +include ${CRYPTECH_ROOT}/sw/libhal/GNUmakefile diff --git a/libhal/tests/GNUmakefile b/libhal/tests/GNUmakefile new file mode 100644 index 0000000..e158ecf --- /dev/null +++ b/libhal/tests/GNUmakefile @@ -0,0 +1,10 @@ +ifndef CRYPTECH_ROOT + CRYPTECH_ROOT := $(abspath ../../../..) +endif + +TFMDIR := $(abspath ../../libtfm) + +vpath %.c ${CRYPTECH_ROOT}/sw/libhal/tests +vpath %.h ${CRYPTECH_ROOT}/sw/libhal/tests:${LIBTFM_DIR} + +include ${CRYPTECH_ROOT}/sw/libhal/tests/GNUmakefile diff --git a/libhal/utils/GNUmakefile b/libhal/utils/GNUmakefile new file mode 100644 index 0000000..cc428ae --- /dev/null +++ b/libhal/utils/GNUmakefile @@ -0,0 +1,10 @@ +ifndef CRYPTECH_ROOT + CRYPTECH_ROOT := $(abspath ../../../..) +endif + +TFMDIR := $(abspath ../../libtfm) + +vpath %.c ${CRYPTECH_ROOT}/sw/libhal/utils +vpath %.h ${CRYPTECH_ROOT}/sw/libhal/utils:${LIBTFM_DIR} + +include ${CRYPTECH_ROOT}/sw/libhal/utils/GNUmakefile diff --git a/libtfm/GNUmakefile b/libtfm/GNUmakefile new file mode 100644 index 0000000..df90ddf --- /dev/null +++ b/libtfm/GNUmakefile @@ -0,0 +1,46 @@ + +# This duplicates more of sw/thirdparty/libtfm/GNUmakefile than I +# would like, but it does the job. Prettier makefiles can wait for another day. + +ifndef CRYPTECH_ROOT + CRYPTECH_ROOT := $(abspath ../../..) +endif + +REPO := ${CRYPTECH_ROOT}/sw/thirdparty/libtfm + +# vpath %.c ${REPO} +# vpath %.h ${REPO} + +BITS := 8192 + +HDR := ${REPO}/tomsfastmath/src/headers/tfm.h +LIB := tomsfastmath/libtfm.a + +#CFLAGS += -DTFM_X86 +#CFLAGS += -DTFM_NO_ASM + +CFLAGS += -fPIC -Wall -W -Wshadow -I${REPO}/tomsfastmath/src/headers -g3 -DFP_MAX_SIZE="(${BITS}*2+(8*DIGIT_BIT))" + +TARGETS := $(notdir ${HDR} ${LIB}) + +all: ${TARGETS} + +clean: + rm -rf ${TARGETS} $(notdir ${HDR}.tmp) ${LIB} tomsfastmath/src + +distclean: clean + rm -f TAGS + +$(notdir ${HDR}): ${HDR} + echo >$@.tmp '/* Configure size of largest bignum we want to handle -- see notes in tfm.pdf */' + echo >>$@.tmp '#define FP_MAX_SIZE (${BITS}*2+(8*DIGIT_BIT))' + echo >>$@.tmp '' + cat >>$@.tmp $^ + mv -f $@.tmp $@ + +$(notdir ${LIB}): ${LIB} + ln -f $^ $@ + +${LIB}: ${HDR} + (cd ${REPO} && find tomsfastmath/src -type d) | xargs mkdir -p + cd tomsfastmath; ${MAKE} CFLAGS='${CFLAGS}' diff --git a/libtfm/tomsfastmath/GNUmakefile b/libtfm/tomsfastmath/GNUmakefile new file mode 100644 index 0000000..ea0a524 --- /dev/null +++ b/libtfm/tomsfastmath/GNUmakefile @@ -0,0 +1,8 @@ +ifndef CRYPTECH_ROOT + CRYPTECH_ROOT := $(abspath ../../../..) +endif + +vpath %.c ${CRYPTECH_ROOT}/sw/thirdparty/libtfm/tomsfastmath +vpath %.h ${CRYPTECH_ROOT}/sw/thirdparty/libtfm/tomsfastmath + +include ${CRYPTECH_ROOT}/sw/thirdparty/libtfm/tomsfastmath/makefile diff --git a/sqlite3/GNUmakefile b/sqlite3/GNUmakefile new file mode 100644 index 0000000..fb98ca5 --- /dev/null +++ b/sqlite3/GNUmakefile @@ -0,0 +1,8 @@ +ifndef CRYPTECH_ROOT + CRYPTECH_ROOT := $(abspath ../../..) +endif + +REPO = ${CRYPTECH_ROOT}/sw/thirdparty/sqlite3 +TARBALL = ${REPO}/$(notdir ${URL}) + +include ${REPO}/GNUmakefile -- cgit v1.2.3