diff options
-rw-r--r-- | .gitmodules | 48 | ||||
-rw-r--r-- | Makefile | 70 | ||||
-rw-r--r-- | README.md | 10 | ||||
-rw-r--r-- | rtl/Makefile | 16 | ||||
m--------- | rtl/core/cipher/aes | 0 | ||||
m--------- | rtl/core/cipher/chacha | 0 | ||||
m--------- | rtl/core/comm/eim | 0 | ||||
m--------- | rtl/core/hash/sha1 | 0 | ||||
m--------- | rtl/core/hash/sha256 | 0 | ||||
m--------- | rtl/core/hash/sha512 | 0 | ||||
m--------- | rtl/core/math/modexp | 0 | ||||
m--------- | rtl/core/platform/common | 0 | ||||
m--------- | rtl/core/platform/novena | 0 | ||||
m--------- | rtl/core/rng/avalanche_entropy | 0 | ||||
m--------- | rtl/core/rng/rosc_entropy | 0 | ||||
m--------- | rtl/core/rng/trng | 0 | ||||
-rw-r--r-- | rtl/debian/compat | 1 | ||||
-rw-r--r-- | rtl/debian/control | 14 | ||||
-rw-r--r-- | rtl/debian/copyright | 27 | ||||
-rwxr-xr-x | rtl/debian/rules | 4 | ||||
-rw-r--r-- | rtl/debian/source/format | 1 | ||||
-rw-r--r-- | rtl/patches/01-config-cores.patch | 27 | ||||
-rw-r--r-- | sw/Makefile | 21 | ||||
-rw-r--r-- | sw/debian/compat | 1 | ||||
-rw-r--r-- | sw/debian/control | 14 | ||||
-rw-r--r-- | sw/debian/copyright | 27 | ||||
-rwxr-xr-x | sw/debian/rules | 4 | ||||
-rw-r--r-- | sw/debian/source/format | 1 | ||||
m--------- | sw/sw/libhal | 0 | ||||
m--------- | sw/sw/libtfm | 0 | ||||
m--------- | sw/sw/pkcs11 | 0 | ||||
m--------- | sw/sw/sqlite3 | 0 |
32 files changed, 286 insertions, 0 deletions
diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..8e21521 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,48 @@ +[submodule "sw/sw/libhal"] + path = sw/sw/libhal + url = git@git.cryptech.is:user/sra/libhal +[submodule "sw/sw/libtfm"] + path = sw/sw/libtfm + url = git@git.cryptech.is:user/sra/libtfm +[submodule "sw/sw/pkcs11"] + path = sw/sw/pkcs11 + url = git@git.cryptech.is:user/sra/pkcs11 +[submodule "sw/sw/sqlite3"] + path = sw/sw/sqlite3 + url = git@git.cryptech.is:user/sra/sqlite3 +[submodule "rtl/core/cipher/aes"] + path = rtl/core/cipher/aes + url = git@git.cryptech.is:core/cipher/aes.git +[submodule "rtl/core/cipher/chacha"] + path = rtl/core/cipher/chacha + url = git@git.cryptech.is:core/cipher/chacha.git +[submodule "rtl/core/comm/eim"] + path = rtl/core/comm/eim + url = git@git.cryptech.is:core/comm/eim.git +[submodule "rtl/core/hash/sha1"] + path = rtl/core/hash/sha1 + url = git@git.cryptech.is:core/hash/sha1.git +[submodule "rtl/core/hash/sha256"] + path = rtl/core/hash/sha256 + url = git@git.cryptech.is:core/hash/sha256.git +[submodule "rtl/core/hash/sha512"] + path = rtl/core/hash/sha512 + url = git@git.cryptech.is:core/hash/sha512.git +[submodule "rtl/core/math/modexp"] + path = rtl/core/math/modexp + url = git@git.cryptech.is:core/math/modexp.git +[submodule "rtl/core/platform/common"] + path = rtl/core/platform/common + url = git@git.cryptech.is:core/platform/common.git +[submodule "rtl/core/platform/novena"] + path = rtl/core/platform/novena + url = git@git.cryptech.is:core/platform/novena.git +[submodule "rtl/core/rng/avalanche_entropy"] + path = rtl/core/rng/avalanche_entropy + url = git@git.cryptech.is:core/rng/avalanche_entropy.git +[submodule "rtl/core/rng/rosc_entropy"] + path = rtl/core/rng/rosc_entropy + url = git@git.cryptech.is:core/rng/rosc_entropy.git +[submodule "rtl/core/rng/trng"] + path = rtl/core/rng/trng + url = git@git.cryptech.is:core/rng/trng.git diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..b1c7467 --- /dev/null +++ b/Makefile @@ -0,0 +1,70 @@ +# Top-level build of packages for Novena PVT-1. +# +# Building source and binary packages separately isn't strictly +# necessary, but simplifies fault isolation. +# +# We generate the changes file on the fly to keep all the version +# information in one place. Nothing actually uses the changes file +# once we've generated the source package, so this is harmless. If +# somebody really wants to be the human maintainer for a changes +# file, be my guest. +# +# We don't sign anything yet. This will need fixing. + +# Version of the software in human terms (major.minor) + +export CRYPTECH_VERSION := 1.0 + +# Version suffix to add to package names. The extra fields come from +# HEAD of the git superrepository. The date field is primarily to +# make sure that versions sort into the correct order when fed to +# reprepro; the commit hash uniquely identifies the (base) version of +# the superrepository that generated the packages. This won't help if +# somebody publishes packages generated with a modified version of the +# superrepository, so don't do that (add check for uncommitted # changes?) + +ifdef NOTYET + +HEAD_TIME := $(shell git show -s --format=%ct HEAD) +HEAD_HASH := $(shell git rev-parse HEAD) + +CRYPTECH_PACKAGE_VERSION := ${CRYPTECH_VERSION}~${HEAD_TIME}~${HEAD_HASH} + +else + +CRYPTECH_PACKAGE_VERSION := ${CRYPTECH_VERSION}~something + +endif + +# Make sure git can find certificatess. We might want to change this +# to use GIT_SSL_CAINFO so we can specify a particular file, perhaps +# even a file in this repository, but skip that for the moment. + +export GIT_SSL_CAPATH=/etc/ssl/certs + +# Command to generate a new changelog containing one entry. +# Does nothing if the changelog already exists. + +DCH = test -f debian/changelog || \ + EDITOR=true VISUAL=true TZ=UTC DEBEMAIL='APT Builder Robot <aptbot@cryptech.is>' \ + dch --create --package cryptech-novena-$(1) --newversion '${CRYPTECH_PACKAGE_VERSION}' \ + 'Version ${CRYPTECH_VERSION} of Cryptech $(2) for the Novena PVT-1 development board.' + + +all: init sw rtl + +init: + git submodule update --init --recursive + +sw: + cd sw; $(call DCH,sw,software tools) + cd sw; debuild -S -uc -us + cd sw; debuild -b -uc -us -aarmhf + +rtl: + cd rtl; $(call DCH,rtl,RTL bitstream) + cd rtl; debuild -S -uc -us + cd rtl; debuild -b -uc -us + + +.PHONY: sw rtl diff --git a/README.md b/README.md new file mode 100644 index 0000000..b7a8b7c --- /dev/null +++ b/README.md @@ -0,0 +1,10 @@ +novena-releng +============= + +Release engineering tree for the Cryptech code for the Novena PVT-1, +initially targetted at what we need to package for IETF 93 in Praha. + +General idea is to build two binary packages, one with the bitstream +for the FPGA, one for software cross-compiled for the Novena. Might +want a third package just as a meta package to pull the first two in +via dependencies. diff --git a/rtl/Makefile b/rtl/Makefile new file mode 100644 index 0000000..79ebf76 --- /dev/null +++ b/rtl/Makefile @@ -0,0 +1,16 @@ +BUILD_DIR := core/platform/novena/eim/build + +# This business of patching files that are under revision control +# because we can't be bothered to generate a proper configuration file +# is kind of nasty. + +all: + patch -p1 --forward <patches/01-config-cores.patch + cd ${BUILD_DIR}; $(MAKE) + patch -p1 --reverse <patches/01-config-cores.patch + +clean: + cd ${BUILD_DIR}; $(MAKE) clean + +install: + install -D ${BUILD_DIR}/novena_eim.bit ${DESTDIR}/usr/share/cryptech/novena_eim.bit diff --git a/rtl/core/cipher/aes b/rtl/core/cipher/aes new file mode 160000 +Subproject fc8c9324320af3fc258df33f176583506ea5de3 diff --git a/rtl/core/cipher/chacha b/rtl/core/cipher/chacha new file mode 160000 +Subproject 549b75a635817ce263c368c9b8b5b0b07f90ec2 diff --git a/rtl/core/comm/eim b/rtl/core/comm/eim new file mode 160000 +Subproject 9ed8ee7596023a6f4e43d8468bbdd0473c6570e diff --git a/rtl/core/hash/sha1 b/rtl/core/hash/sha1 new file mode 160000 +Subproject febb27562431216a080cb980fdcda09454e72c3 diff --git a/rtl/core/hash/sha256 b/rtl/core/hash/sha256 new file mode 160000 +Subproject ce56b11187b92572193fa9327841ad2ef2e792f diff --git a/rtl/core/hash/sha512 b/rtl/core/hash/sha512 new file mode 160000 +Subproject 51ad57c37bb4a0f59e4af4ee069ac18f8fb9284 diff --git a/rtl/core/math/modexp b/rtl/core/math/modexp new file mode 160000 +Subproject e61c65059054df407206e58b88a1b203f5ad3c3 diff --git a/rtl/core/platform/common b/rtl/core/platform/common new file mode 160000 +Subproject f05a3c65ec65004b097cb63d5ac6d463a7a9dc2 diff --git a/rtl/core/platform/novena b/rtl/core/platform/novena new file mode 160000 +Subproject 33cc55adaf9ff31473802414f9c0d6e4a553cdd diff --git a/rtl/core/rng/avalanche_entropy b/rtl/core/rng/avalanche_entropy new file mode 160000 +Subproject 4a0c59617c582ef3f0e558067f913309db772f7 diff --git a/rtl/core/rng/rosc_entropy b/rtl/core/rng/rosc_entropy new file mode 160000 +Subproject 4c3b76c5b8d2809b236d2396ed6a8b36be4587e diff --git a/rtl/core/rng/trng b/rtl/core/rng/trng new file mode 160000 +Subproject d5974ed0d389f8953b23d98bb69b1576adad27b diff --git a/rtl/debian/compat b/rtl/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/rtl/debian/compat @@ -0,0 +1 @@ +9 diff --git a/rtl/debian/control b/rtl/debian/control new file mode 100644 index 0000000..84a4e91 --- /dev/null +++ b/rtl/debian/control @@ -0,0 +1,14 @@ +Source: cryptech-novena-rtl +Maintainer: Paul Selkirk <paul@psgd.org> +Section: misc +Priority: optional +Standards-Version: 3.9.6 +Build-Depends: debhelper (>= 9) +Homepage: http://trac.cryptech.is/wiki + +Package: cryptech-novena-rtl +Architecture: all +Depends: libc6 (>= 2.13), ${misc:Depends} +Description: Cryptech open-source crypto hardware + "cryptech-novena-rtl" contains FGPA configuration (RTL bitstream) for the Cryptech project on + the Novena PVT-1 development board. diff --git a/rtl/debian/copyright b/rtl/debian/copyright new file mode 100644 index 0000000..fd7518e --- /dev/null +++ b/rtl/debian/copyright @@ -0,0 +1,27 @@ +Copyright (c) 2015, NORDUnet A/S All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: +- Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +- Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +- Neither the name of the NORDUnet nor the names of its contributors may + be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/rtl/debian/rules b/rtl/debian/rules new file mode 100755 index 0000000..2d33f6a --- /dev/null +++ b/rtl/debian/rules @@ -0,0 +1,4 @@ +#!/usr/bin/make -f + +%: + dh $@ diff --git a/rtl/debian/source/format b/rtl/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/rtl/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/rtl/patches/01-config-cores.patch b/rtl/patches/01-config-cores.patch new file mode 100644 index 0000000..245e8a3 --- /dev/null +++ b/rtl/patches/01-config-cores.patch @@ -0,0 +1,27 @@ +Description: configure core selectors for cryptech dnssec signer + +--- core/platform/common/core_selector/src/rtl/cipher_selector.v~ ++++ core/platform/common/core_selector/src/rtl/cipher_selector.v +@@ -67,7 +67,7 @@ module cipher_selector + //---------------------------------------------------------------- + // Comment following lines to exclude cores from implementation. + `define USE_CORE_AES +- `define USE_CORE_CHACHA ++// `define USE_CORE_CHACHA + + + //---------------------------------------------------------------- +--- core/platform/common/core_selector/src/rtl/hash_selector.v~ ++++ core/platform/common/core_selector/src/rtl/hash_selector.v +@@ -125,9 +125,9 @@ XXX move to `define in wrapper core?? + // List of Available Cores + //---------------------------------------------------------------- + // Comment following lines to exclude cores from implementation. +- `define USE_CORE_SHA1 ++// `define USE_CORE_SHA1 + `define USE_CORE_SHA256 +- `define USE_CORE_SHA512 ++// `define USE_CORE_SHA512 + + + //---------------------------------------------------------------- diff --git a/sw/Makefile b/sw/Makefile new file mode 100644 index 0000000..962d448 --- /dev/null +++ b/sw/Makefile @@ -0,0 +1,21 @@ +export CC := arm-linux-gnueabihf-gcc +export AR := arm-linux-gnueabihf-ar +export OBJCOPY := arm-linux-gnueabihf-objcopy + +# Something is messing up the CFLAGS and LDFLAGS settings to libhal. +# Using autoconf was probably a mistake, but hack around it for now. + +all: + cd sw/libtfm; ${MAKE} + cd sw/libhal; ./configure CFLAGS='-g3 -Wall -fPIC -std=c99 -I$${TFMDIR}' LDFLAGS='-g3 -L$${TFMDIR} -ltfm' + cd sw/libhal; ${MAKE} + cd sw/sqlite3; ${MAKE} CROSS_COMPILE=arm-unknown-linux-gnueabi + cd sw/pkcs11; ${MAKE} + +clean distclean: + for d in libtfm libhal sqlite3 pkcs11; do (cd sw/$$d && ${MAKE} $@); done + +install: all + install -D sw/pkcs11/libpkcs11.so ${DESTDIR}/usr/lib/libpkcs11.so + install -D sw/pkcs11/p11util ${DESTDIR}/usr/sbin/p11util + diff --git a/sw/debian/compat b/sw/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/sw/debian/compat @@ -0,0 +1 @@ +9 diff --git a/sw/debian/control b/sw/debian/control new file mode 100644 index 0000000..4d83526 --- /dev/null +++ b/sw/debian/control @@ -0,0 +1,14 @@ +Source: cryptech-novena-sw +Maintainer: Paul Selkirk <paul@psgd.org> +Section: misc +Priority: optional +Standards-Version: 3.9.6 +Build-Depends: debhelper (>= 9) +Homepage: http://trac.cryptech.is/wiki + +Package: cryptech-novena-sw +Architecture: armhf +Depends: libc6 (>= 2.13), ${misc:Depends} +Description: Cryptech open-source crypto software + "cryptech-novena-sw" contains software for use with the Cryptech Project RTL images on + the Novena PVT-1 development board. diff --git a/sw/debian/copyright b/sw/debian/copyright new file mode 100644 index 0000000..fd7518e --- /dev/null +++ b/sw/debian/copyright @@ -0,0 +1,27 @@ +Copyright (c) 2015, NORDUnet A/S All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: +- Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +- Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +- Neither the name of the NORDUnet nor the names of its contributors may + be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/sw/debian/rules b/sw/debian/rules new file mode 100755 index 0000000..2d33f6a --- /dev/null +++ b/sw/debian/rules @@ -0,0 +1,4 @@ +#!/usr/bin/make -f + +%: + dh $@ diff --git a/sw/debian/source/format b/sw/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/sw/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/sw/sw/libhal b/sw/sw/libhal new file mode 160000 +Subproject e80f25d31235628f2d9cfb410d48bcc83b4487d diff --git a/sw/sw/libtfm b/sw/sw/libtfm new file mode 160000 +Subproject 108e78987bc39f11d0abbba7dbfe80704cbf028 diff --git a/sw/sw/pkcs11 b/sw/sw/pkcs11 new file mode 160000 +Subproject 5f0d1c2ecfde778a164dd4cfc362f7bd29ebe24 diff --git a/sw/sw/sqlite3 b/sw/sw/sqlite3 new file mode 160000 +Subproject 7bdeab315c5fdaf6d1b087423b98e80e80fefec |