From b996343a3b07228ca34e6b0df4cc7c1033e48af5 Mon Sep 17 00:00:00 2001 From: Paul Selkirk Date: Sat, 25 Jun 2016 14:20:42 -0400 Subject: Rename GNUmakefile to Makefile for consistency. --- Makefile | 216 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 216 insertions(+) create mode 100644 Makefile diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..62f1cba --- /dev/null +++ b/Makefile @@ -0,0 +1,216 @@ +# (GNU) Makefile for Cryptech PKCS #11 implementation. +# +# Author: Rob Austein +# Copyright (c) 2015-2016, NORDUnet A/S +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# - Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# - Neither the name of the NORDUnet nor the names of its contributors may +# be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# Locations of libraries on which this code depends. + +ifndef CRYPTECH_ROOT + CRYPTECH_ROOT := $(abspath ../..) +endif + +PKCS11_DIR ?= ${CRYPTECH_ROOT}/sw/pkcs11 +LIBHAL_DIR ?= ${PKCS11_DIR}/libhal +LIBTFM_DIR ?= ${PKCS11_DIR}/libtfm +SQLITE3_DIR ?= ${PKCS11_DIR}/sqlite3 + +# Whether to enable threading. Main reason for being able to turn it +# off is that gdb on the Novena (sometimes) goes bananas when +# threading is enabled. + +ENABLE_THREADS ?= yes + +# Whether to enable debugging code that prints diagnostic information +# to stderr on various conditions (mostly failures). + +ENABLE_DEBUGGING ?= no + +# Whether to disable #warning statements; generally these are present for +# a reason, but they can get distracting when one is attempting to debug +# something else. + +ENABLE_FOOTNOTE_WARNINGS ?= yes + +# Whether to build and use our own copy of the sqlite3 library. + +ENABLE_OWN_SQLITE_LIBRARY ?= $(if $(wildcard ${CRYPTECH_ROOT}/sw/thirdparty/sqlite3),yes,no) + +# Target platform for shared library. Every platform has its own +# kinks, as does GNU libtool, so we just suck it up and do the +# necessary kinks for the platforms we support. Yuck. + +UNAME := $(shell uname) + +# Compilation flags, etc. + +CFLAGS := -g3 -fPIC -Wall -std=c99 -I${CRYPTECH_ROOT}/sw/libhal +LIBS := ${LIBHAL_DIR}/libhal.a ${LIBTFM_DIR}/libtfm.a + +ifeq "${UNAME}" "Darwin" + SONAME := libpkcs11.dylib + SOFLAGS := -dynamiclib +else + SONAME := libpkcs11.so + SOFLAGS := -Wl,-Bsymbolic-functions -Wl,-Bsymbolic -Wl,-z,noexecstack -Wl,-soname,${SONAME}.0 +endif + +ifeq "${ENABLE_FOOTNOTE_WARNINGS}" "no" + CFLAGS += -Wno-\#warnings -Wno-cpp +endif + +ifneq "${ENABLE_THREADS}" "yes" + CFLAGS += -DUSE_PTHREADS=0 +else ifneq "${UNAME}" "Darwin" + CFLAGS += -pthread +endif + +ifeq "${ENABLE_DEBUGGING}" "yes" + CFLAGS += -DDEBUG_HAL=1 -DDEBUG_PKCS11=1 +endif + +ifeq "${ENABLE_OWN_SQLITE_LIBRARY}" "yes" + CFLAGS += -I${SQLITE3_DIR} + SOFLAGS += ${SQLITE3_DIR}/libsqlite3.a +else + SOFLAGS += -lsqlite3 +endif + +ifndef OBJCOPY + OBJCOPY := objcopy +endif + +all: ${SONAME} p11util py11/attribute_map.py + +clean: + rm -rf *.o ${SONAME}* p11util schema.h attributes.h + cd libtfm; ${MAKE} $@ + cd libhal; ${MAKE} $@ +ifeq "${ENABLE_OWN_SQLITE_LIBRARY}" "yes" + cd sqlite3; ${MAKE} $@ +endif + +distclean: clean + rm -f TAGS + +.FORCE: + +${LIBTFM_DIR}/libtfm.a: .FORCE + cd libtfm; ${MAKE} + +${LIBHAL_DIR}/libhal.a: .FORCE ${LIBTFM_DIR}/libtfm.a + cd libhal; ${MAKE} daemon + +${SQLITE3_DIR}/libsqlite3.a: .FORCE + cd sqlite3; ${MAKE} + +schema.h: schema.sql scripts/convert-schema.sed GNUmakefile + sed -f scripts/convert-schema.sed schema.h + +attributes.h: attributes.yaml scripts/build-attributes GNUmakefile + python scripts/build-attributes attributes.yaml attributes.h + +py11/attribute_map.py: attributes.yaml scripts/build-py11-attributes GNUmakefile + python scripts/build-py11-attributes attributes.yaml py11/attribute_map.py + +pkcs11.o: pkcs11.c schema.h attributes.h ${LIBS} + ${CC} ${CFLAGS} -c $< + +ifeq "${ENABLE_OWN_SQLITE_LIBRARY}" "yes" + pkcs11.o: ${SQLITE3_DIR}/libsqlite3.a +endif + +ifeq "${UNAME}" "Darwin" + + ${SONAME}: pkcs11.o ${LIBS} + nm $< | awk 'NF == 3 && $$2 == "T" && $$3 ~ /^_C_/ {print $$3}' >$@.tmp + ${CC} -Wl,-exported_symbols_list,$@.tmp -o $@ $^ ${SOFLAGS} ${LDFLAGS} + rm -f $@.tmp + +else + + ${SONAME}: pkcs11.o ${LIBS} + ${CC} ${CFLAGS} -shared -o $@.tmp $^ ${SOFLAGS} ${LDFLAGS} + ${OBJCOPY} -w -G 'C_*' $@.tmp $@ + rm -f $@.tmp + +endif + +p11util.o: p11util.c schema.h + ${CC} ${CFLAGS} -c $< + +p11util: p11util.o ${LIBS} + ${CC} ${CFLAGS} -o $@ $^ ${LDFLAGS} + +tags: TAGS + +TAGS: *.[ch] + etags $^ + +# Basic testing, via the Python unittest library and our py11 interface code + +test: all + sudo python unit_tests.py + +# Further testing using hsmbully, if we can find a copy of it. + +HSMBULLY := $(firstword $(wildcard $(addsuffix /hsmbully,$(subst :, ,.:${PATH})))) + +ifneq "${HSMBULLY}" "" + + HSMBULLY_OPTIONS := \ + --pin fnord --so-pin fnord --pkcs11lib $(abspath ${SONAME}) \ + --verbose=9 --fast-and-frivolous --skip-fragmentation --skip-keysizing + + HSMBULLY_DATABASE=$(abspath hsmbully.pkcs11.db) + HSMBULLY_KS_CLIENT=$(abspath hsmbully.client-keystore) + HSMBULLY_KS_SERVER=$(abspath hsmbully.server-keystore) + + HSMBULLY_SERVER_BIN=$(wildcard $(abspath ../libhal/tests/test-rpc_server)) + + bully: all + set -x; \ + sudo rm -f ${HSMBULLY_DATABASE} ${HSMBULLY_DATABASE}-journal ${HSMBULLY_KS_CLIENT} ${HSMBULLY_KS_SERVER}; \ + if test -x '${HSMBULLY_SERVER_BIN}'; \ + then \ + sudo CRYPTECH_KEYSTORE=${HSMBULLY_KS_SERVER} ${HSMBULLY_SERVER_BIN} & \ + pid=$$!; \ + sleep 5; \ + (echo YouReallyNeedToChangeThisPINRightNowWeAreNotKidding; echo fnord; echo fnord) | \ + CRYPTECH_KEYSTORE=${HSMBULLY_KS_CLIENT} ./p11util --set-so-pin --set-user-pin --pin-from-stdin; \ + PKCS11_DATABASE=${HSMBULLY_DATABASE} CRYPTECH_KEYSTORE=${HSMBULLY_KS_CLIENT} ${HSMBULLY} ${HSMBULLY_OPTIONS}; \ + sudo kill $$pid; \ + else \ + (echo YouReallyNeedToChangeThisPINRightNowWeAreNotKidding; echo fnord; echo fnord) | \ + sudo CRYPTECH_KEYSTORE=${HSMBULLY_KS_CLIENT} ./p11util --set-so-pin --set-user-pin --pin-from-stdin; \ + sudo PKCS11_DATABASE=${HSMBULLY_DATABASE} CRYPTECH_KEYSTORE=${HSMBULLY_KS_CLIENT} ${HSMBULLY} ${HSMBULLY_OPTIONS}; \ + fi; \ + sudo rm -f ${HSMBULLY_DATABASE} ${HSMBULLY_DATABASE}-journal ${HSMBULLY_KS_CLIENT} ${HSMBULLY_KS_SERVER} + +endif -- cgit v1.2.3