aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitmodules48
-rw-r--r--Makefile70
-rw-r--r--README.md10
-rw-r--r--rtl/Makefile16
m---------rtl/core/cipher/aes0
m---------rtl/core/cipher/chacha0
m---------rtl/core/comm/eim0
m---------rtl/core/hash/sha10
m---------rtl/core/hash/sha2560
m---------rtl/core/hash/sha5120
m---------rtl/core/math/modexp0
m---------rtl/core/platform/common0
m---------rtl/core/platform/novena0
m---------rtl/core/rng/avalanche_entropy0
m---------rtl/core/rng/rosc_entropy0
m---------rtl/core/rng/trng0
-rw-r--r--rtl/debian/compat1
-rw-r--r--rtl/debian/control14
-rw-r--r--rtl/debian/copyright27
-rwxr-xr-xrtl/debian/rules4
-rw-r--r--rtl/debian/source/format1
-rw-r--r--rtl/patches/01-config-cores.patch27
-rw-r--r--sw/Makefile21
-rw-r--r--sw/debian/compat1
-rw-r--r--sw/debian/control14
-rw-r--r--sw/debian/copyright27
-rwxr-xr-xsw/debian/rules4
-rw-r--r--sw/debian/source/format1
m---------sw/sw/libhal0
m---------sw/sw/libtfm0
m---------sw/sw/pkcs110
m---------sw/sw/sqlite30
32 files changed, 286 insertions, 0 deletions
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..8e21521
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,48 @@
+[submodule "sw/sw/libhal"]
+ path = sw/sw/libhal
+ url = git@git.cryptech.is:user/sra/libhal
+[submodule "sw/sw/libtfm"]
+ path = sw/sw/libtfm
+ url = git@git.cryptech.is:user/sra/libtfm
+[submodule "sw/sw/pkcs11"]
+ path = sw/sw/pkcs11
+ url = git@git.cryptech.is:user/sra/pkcs11
+[submodule "sw/sw/sqlite3"]
+ path = sw/sw/sqlite3
+ url = git@git.cryptech.is:user/sra/sqlite3
+[submodule "rtl/core/cipher/aes"]
+ path = rtl/core/cipher/aes
+ url = git@git.cryptech.is:core/cipher/aes.git
+[submodule "rtl/core/cipher/chacha"]
+ path = rtl/core/cipher/chacha
+ url = git@git.cryptech.is:core/cipher/chacha.git
+[submodule "rtl/core/comm/eim"]
+ path = rtl/core/comm/eim
+ url = git@git.cryptech.is:core/comm/eim.git
+[submodule "rtl/core/hash/sha1"]
+ path = rtl/core/hash/sha1
+ url = git@git.cryptech.is:core/hash/sha1.git
+[submodule "rtl/core/hash/sha256"]
+ path = rtl/core/hash/sha256
+ url = git@git.cryptech.is:core/hash/sha256.git
+[submodule "rtl/core/hash/sha512"]
+ path = rtl/core/hash/sha512
+ url = git@git.cryptech.is:core/hash/sha512.git
+[submodule "rtl/core/math/modexp"]
+ path = rtl/core/math/modexp
+ url = git@git.cryptech.is:core/math/modexp.git
+[submodule "rtl/core/platform/common"]
+ path = rtl/core/platform/common
+ url = git@git.cryptech.is:core/platform/common.git
+[submodule "rtl/core/platform/novena"]
+ path = rtl/core/platform/novena
+ url = git@git.cryptech.is:core/platform/novena.git
+[submodule "rtl/core/rng/avalanche_entropy"]
+ path = rtl/core/rng/avalanche_entropy
+ url = git@git.cryptech.is:core/rng/avalanche_entropy.git
+[submodule "rtl/core/rng/rosc_entropy"]
+ path = rtl/core/rng/rosc_entropy
+ url = git@git.cryptech.is:core/rng/rosc_entropy.git
+[submodule "rtl/core/rng/trng"]
+ path = rtl/core/rng/trng
+ url = git@git.cryptech.is:core/rng/trng.git
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..b1c7467
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,70 @@
+# Top-level build of packages for Novena PVT-1.
+#
+# Building source and binary packages separately isn't strictly
+# necessary, but simplifies fault isolation.
+#
+# We generate the changes file on the fly to keep all the version
+# information in one place. Nothing actually uses the changes file
+# once we've generated the source package, so this is harmless. If
+# somebody really wants to be the human maintainer for a changes
+# file, be my guest.
+#
+# We don't sign anything yet. This will need fixing.
+
+# Version of the software in human terms (major.minor)
+
+export CRYPTECH_VERSION := 1.0
+
+# Version suffix to add to package names. The extra fields come from
+# HEAD of the git superrepository. The date field is primarily to
+# make sure that versions sort into the correct order when fed to
+# reprepro; the commit hash uniquely identifies the (base) version of
+# the superrepository that generated the packages. This won't help if
+# somebody publishes packages generated with a modified version of the
+# superrepository, so don't do that (add check for uncommitted # changes?)
+
+ifdef NOTYET
+
+HEAD_TIME := $(shell git show -s --format=%ct HEAD)
+HEAD_HASH := $(shell git rev-parse HEAD)
+
+CRYPTECH_PACKAGE_VERSION := ${CRYPTECH_VERSION}~${HEAD_TIME}~${HEAD_HASH}
+
+else
+
+CRYPTECH_PACKAGE_VERSION := ${CRYPTECH_VERSION}~something
+
+endif
+
+# Make sure git can find certificatess. We might want to change this
+# to use GIT_SSL_CAINFO so we can specify a particular file, perhaps
+# even a file in this repository, but skip that for the moment.
+
+export GIT_SSL_CAPATH=/etc/ssl/certs
+
+# Command to generate a new changelog containing one entry.
+# Does nothing if the changelog already exists.
+
+DCH = test -f debian/changelog || \
+ EDITOR=true VISUAL=true TZ=UTC DEBEMAIL='APT Builder Robot <aptbot@cryptech.is>' \
+ dch --create --package cryptech-novena-$(1) --newversion '${CRYPTECH_PACKAGE_VERSION}' \
+ 'Version ${CRYPTECH_VERSION} of Cryptech $(2) for the Novena PVT-1 development board.'
+
+
+all: init sw rtl
+
+init:
+ git submodule update --init --recursive
+
+sw:
+ cd sw; $(call DCH,sw,software tools)
+ cd sw; debuild -S -uc -us
+ cd sw; debuild -b -uc -us -aarmhf
+
+rtl:
+ cd rtl; $(call DCH,rtl,RTL bitstream)
+ cd rtl; debuild -S -uc -us
+ cd rtl; debuild -b -uc -us
+
+
+.PHONY: sw rtl
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..b7a8b7c
--- /dev/null
+++ b/README.md
@@ -0,0 +1,10 @@
+novena-releng
+=============
+
+Release engineering tree for the Cryptech code for the Novena PVT-1,
+initially targetted at what we need to package for IETF 93 in Praha.
+
+General idea is to build two binary packages, one with the bitstream
+for the FPGA, one for software cross-compiled for the Novena. Might
+want a third package just as a meta package to pull the first two in
+via dependencies.
diff --git a/rtl/Makefile b/rtl/Makefile
new file mode 100644
index 0000000..79ebf76
--- /dev/null
+++ b/rtl/Makefile
@@ -0,0 +1,16 @@
+BUILD_DIR := core/platform/novena/eim/build
+
+# This business of patching files that are under revision control
+# because we can't be bothered to generate a proper configuration file
+# is kind of nasty.
+
+all:
+ patch -p1 --forward <patches/01-config-cores.patch
+ cd ${BUILD_DIR}; $(MAKE)
+ patch -p1 --reverse <patches/01-config-cores.patch
+
+clean:
+ cd ${BUILD_DIR}; $(MAKE) clean
+
+install:
+ install -D ${BUILD_DIR}/novena_eim.bit ${DESTDIR}/usr/share/cryptech/novena_eim.bit
diff --git a/rtl/core/cipher/aes b/rtl/core/cipher/aes
new file mode 160000
+Subproject fc8c9324320af3fc258df33f176583506ea5de3
diff --git a/rtl/core/cipher/chacha b/rtl/core/cipher/chacha
new file mode 160000
+Subproject 549b75a635817ce263c368c9b8b5b0b07f90ec2
diff --git a/rtl/core/comm/eim b/rtl/core/comm/eim
new file mode 160000
+Subproject 9ed8ee7596023a6f4e43d8468bbdd0473c6570e
diff --git a/rtl/core/hash/sha1 b/rtl/core/hash/sha1
new file mode 160000
+Subproject febb27562431216a080cb980fdcda09454e72c3
diff --git a/rtl/core/hash/sha256 b/rtl/core/hash/sha256
new file mode 160000
+Subproject ce56b11187b92572193fa9327841ad2ef2e792f
diff --git a/rtl/core/hash/sha512 b/rtl/core/hash/sha512
new file mode 160000
+Subproject 51ad57c37bb4a0f59e4af4ee069ac18f8fb9284
diff --git a/rtl/core/math/modexp b/rtl/core/math/modexp
new file mode 160000
+Subproject e61c65059054df407206e58b88a1b203f5ad3c3
diff --git a/rtl/core/platform/common b/rtl/core/platform/common
new file mode 160000
+Subproject f05a3c65ec65004b097cb63d5ac6d463a7a9dc2
diff --git a/rtl/core/platform/novena b/rtl/core/platform/novena
new file mode 160000
+Subproject 33cc55adaf9ff31473802414f9c0d6e4a553cdd
diff --git a/rtl/core/rng/avalanche_entropy b/rtl/core/rng/avalanche_entropy
new file mode 160000
+Subproject 4a0c59617c582ef3f0e558067f913309db772f7
diff --git a/rtl/core/rng/rosc_entropy b/rtl/core/rng/rosc_entropy
new file mode 160000
+Subproject 4c3b76c5b8d2809b236d2396ed6a8b36be4587e
diff --git a/rtl/core/rng/trng b/rtl/core/rng/trng
new file mode 160000
+Subproject d5974ed0d389f8953b23d98bb69b1576adad27b
diff --git a/rtl/debian/compat b/rtl/debian/compat
new file mode 100644
index 0000000..ec63514
--- /dev/null
+++ b/rtl/debian/compat
@@ -0,0 +1 @@
+9
diff --git a/rtl/debian/control b/rtl/debian/control
new file mode 100644
index 0000000..84a4e91
--- /dev/null
+++ b/rtl/debian/control
@@ -0,0 +1,14 @@
+Source: cryptech-novena-rtl
+Maintainer: Paul Selkirk <paul@psgd.org>
+Section: misc
+Priority: optional
+Standards-Version: 3.9.6
+Build-Depends: debhelper (>= 9)
+Homepage: http://trac.cryptech.is/wiki
+
+Package: cryptech-novena-rtl
+Architecture: all
+Depends: libc6 (>= 2.13), ${misc:Depends}
+Description: Cryptech open-source crypto hardware
+ "cryptech-novena-rtl" contains FGPA configuration (RTL bitstream) for the Cryptech project on
+ the Novena PVT-1 development board.
diff --git a/rtl/debian/copyright b/rtl/debian/copyright
new file mode 100644
index 0000000..fd7518e
--- /dev/null
+++ b/rtl/debian/copyright
@@ -0,0 +1,27 @@
+Copyright (c) 2015, NORDUnet A/S All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+- Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+- Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+- Neither the name of the NORDUnet nor the names of its contributors may
+ be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/rtl/debian/rules b/rtl/debian/rules
new file mode 100755
index 0000000..2d33f6a
--- /dev/null
+++ b/rtl/debian/rules
@@ -0,0 +1,4 @@
+#!/usr/bin/make -f
+
+%:
+ dh $@
diff --git a/rtl/debian/source/format b/rtl/debian/source/format
new file mode 100644
index 0000000..89ae9db
--- /dev/null
+++ b/rtl/debian/source/format
@@ -0,0 +1 @@
+3.0 (native)
diff --git a/rtl/patches/01-config-cores.patch b/rtl/patches/01-config-cores.patch
new file mode 100644
index 0000000..245e8a3
--- /dev/null
+++ b/rtl/patches/01-config-cores.patch
@@ -0,0 +1,27 @@
+Description: configure core selectors for cryptech dnssec signer
+
+--- core/platform/common/core_selector/src/rtl/cipher_selector.v~
++++ core/platform/common/core_selector/src/rtl/cipher_selector.v
+@@ -67,7 +67,7 @@ module cipher_selector
+ //----------------------------------------------------------------
+ // Comment following lines to exclude cores from implementation.
+ `define USE_CORE_AES
+- `define USE_CORE_CHACHA
++// `define USE_CORE_CHACHA
+
+
+ //----------------------------------------------------------------
+--- core/platform/common/core_selector/src/rtl/hash_selector.v~
++++ core/platform/common/core_selector/src/rtl/hash_selector.v
+@@ -125,9 +125,9 @@ XXX move to `define in wrapper core??
+ // List of Available Cores
+ //----------------------------------------------------------------
+ // Comment following lines to exclude cores from implementation.
+- `define USE_CORE_SHA1
++// `define USE_CORE_SHA1
+ `define USE_CORE_SHA256
+- `define USE_CORE_SHA512
++// `define USE_CORE_SHA512
+
+
+ //----------------------------------------------------------------
diff --git a/sw/Makefile b/sw/Makefile
new file mode 100644
index 0000000..962d448
--- /dev/null
+++ b/sw/Makefile
@@ -0,0 +1,21 @@
+export CC := arm-linux-gnueabihf-gcc
+export AR := arm-linux-gnueabihf-ar
+export OBJCOPY := arm-linux-gnueabihf-objcopy
+
+# Something is messing up the CFLAGS and LDFLAGS settings to libhal.
+# Using autoconf was probably a mistake, but hack around it for now.
+
+all:
+ cd sw/libtfm; ${MAKE}
+ cd sw/libhal; ./configure CFLAGS='-g3 -Wall -fPIC -std=c99 -I$${TFMDIR}' LDFLAGS='-g3 -L$${TFMDIR} -ltfm'
+ cd sw/libhal; ${MAKE}
+ cd sw/sqlite3; ${MAKE} CROSS_COMPILE=arm-unknown-linux-gnueabi
+ cd sw/pkcs11; ${MAKE}
+
+clean distclean:
+ for d in libtfm libhal sqlite3 pkcs11; do (cd sw/$$d && ${MAKE} $@); done
+
+install: all
+ install -D sw/pkcs11/libpkcs11.so ${DESTDIR}/usr/lib/libpkcs11.so
+ install -D sw/pkcs11/p11util ${DESTDIR}/usr/sbin/p11util
+
diff --git a/sw/debian/compat b/sw/debian/compat
new file mode 100644
index 0000000..ec63514
--- /dev/null
+++ b/sw/debian/compat
@@ -0,0 +1 @@
+9
diff --git a/sw/debian/control b/sw/debian/control
new file mode 100644
index 0000000..4d83526
--- /dev/null
+++ b/sw/debian/control
@@ -0,0 +1,14 @@
+Source: cryptech-novena-sw
+Maintainer: Paul Selkirk <paul@psgd.org>
+Section: misc
+Priority: optional
+Standards-Version: 3.9.6
+Build-Depends: debhelper (>= 9)
+Homepage: http://trac.cryptech.is/wiki
+
+Package: cryptech-novena-sw
+Architecture: armhf
+Depends: libc6 (>= 2.13), ${misc:Depends}
+Description: Cryptech open-source crypto software
+ "cryptech-novena-sw" contains software for use with the Cryptech Project RTL images on
+ the Novena PVT-1 development board.
diff --git a/sw/debian/copyright b/sw/debian/copyright
new file mode 100644
index 0000000..fd7518e
--- /dev/null
+++ b/sw/debian/copyright
@@ -0,0 +1,27 @@
+Copyright (c) 2015, NORDUnet A/S All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+- Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+- Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+- Neither the name of the NORDUnet nor the names of its contributors may
+ be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/sw/debian/rules b/sw/debian/rules
new file mode 100755
index 0000000..2d33f6a
--- /dev/null
+++ b/sw/debian/rules
@@ -0,0 +1,4 @@
+#!/usr/bin/make -f
+
+%:
+ dh $@
diff --git a/sw/debian/source/format b/sw/debian/source/format
new file mode 100644
index 0000000..89ae9db
--- /dev/null
+++ b/sw/debian/source/format
@@ -0,0 +1 @@
+3.0 (native)
diff --git a/sw/sw/libhal b/sw/sw/libhal
new file mode 160000
+Subproject e80f25d31235628f2d9cfb410d48bcc83b4487d
diff --git a/sw/sw/libtfm b/sw/sw/libtfm
new file mode 160000
+Subproject 108e78987bc39f11d0abbba7dbfe80704cbf028
diff --git a/sw/sw/pkcs11 b/sw/sw/pkcs11
new file mode 160000
+Subproject 5f0d1c2ecfde778a164dd4cfc362f7bd29ebe24
diff --git a/sw/sw/sqlite3 b/sw/sw/sqlite3
new file mode 160000
+Subproject 7bdeab315c5fdaf6d1b087423b98e80e80fefec