From ea04b71ff14523ffcfc02eb43cf509e238807bef Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sat, 4 Jul 2015 00:18:36 -0400 Subject: Initial version of Novean release engineering superrepository. Not yet fully tested. --- .gitmodules | 48 +++++++++++++++++++++++++++ Makefile | 70 +++++++++++++++++++++++++++++++++++++++ README.md | 10 ++++++ rtl/Makefile | 16 +++++++++ rtl/core/cipher/aes | 1 + rtl/core/cipher/chacha | 1 + rtl/core/comm/eim | 1 + rtl/core/hash/sha1 | 1 + rtl/core/hash/sha256 | 1 + rtl/core/hash/sha512 | 1 + rtl/core/math/modexp | 1 + rtl/core/platform/common | 1 + rtl/core/platform/novena | 1 + rtl/core/rng/avalanche_entropy | 1 + rtl/core/rng/rosc_entropy | 1 + rtl/core/rng/trng | 1 + rtl/debian/compat | 1 + rtl/debian/control | 14 ++++++++ rtl/debian/copyright | 27 +++++++++++++++ rtl/debian/rules | 4 +++ rtl/debian/source/format | 1 + rtl/patches/01-config-cores.patch | 27 +++++++++++++++ sw/Makefile | 21 ++++++++++++ sw/debian/compat | 1 + sw/debian/control | 14 ++++++++ sw/debian/copyright | 27 +++++++++++++++ sw/debian/rules | 4 +++ sw/debian/source/format | 1 + sw/sw/libhal | 1 + sw/sw/libtfm | 1 + sw/sw/pkcs11 | 1 + sw/sw/sqlite3 | 1 + 32 files changed, 302 insertions(+) create mode 100644 .gitmodules create mode 100644 Makefile create mode 100644 README.md create mode 100644 rtl/Makefile create mode 160000 rtl/core/cipher/aes create mode 160000 rtl/core/cipher/chacha create mode 160000 rtl/core/comm/eim create mode 160000 rtl/core/hash/sha1 create mode 160000 rtl/core/hash/sha256 create mode 160000 rtl/core/hash/sha512 create mode 160000 rtl/core/math/modexp create mode 160000 rtl/core/platform/common create mode 160000 rtl/core/platform/novena create mode 160000 rtl/core/rng/avalanche_entropy create mode 160000 rtl/core/rng/rosc_entropy create mode 160000 rtl/core/rng/trng create mode 100644 rtl/debian/compat create mode 100644 rtl/debian/control create mode 100644 rtl/debian/copyright create mode 100755 rtl/debian/rules create mode 100644 rtl/debian/source/format create mode 100644 rtl/patches/01-config-cores.patch create mode 100644 sw/Makefile create mode 100644 sw/debian/compat create mode 100644 sw/debian/control create mode 100644 sw/debian/copyright create mode 100755 sw/debian/rules create mode 100644 sw/debian/source/format create mode 160000 sw/sw/libhal create mode 160000 sw/sw/libtfm create mode 160000 sw/sw/pkcs11 create mode 160000 sw/sw/sqlite3 diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..8e21521 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,48 @@ +[submodule "sw/sw/libhal"] + path = sw/sw/libhal + url = git@git.cryptech.is:user/sra/libhal +[submodule "sw/sw/libtfm"] + path = sw/sw/libtfm + url = git@git.cryptech.is:user/sra/libtfm +[submodule "sw/sw/pkcs11"] + path = sw/sw/pkcs11 + url = git@git.cryptech.is:user/sra/pkcs11 +[submodule "sw/sw/sqlite3"] + path = sw/sw/sqlite3 + url = git@git.cryptech.is:user/sra/sqlite3 +[submodule "rtl/core/cipher/aes"] + path = rtl/core/cipher/aes + url = git@git.cryptech.is:core/cipher/aes.git +[submodule "rtl/core/cipher/chacha"] + path = rtl/core/cipher/chacha + url = git@git.cryptech.is:core/cipher/chacha.git +[submodule "rtl/core/comm/eim"] + path = rtl/core/comm/eim + url = git@git.cryptech.is:core/comm/eim.git +[submodule "rtl/core/hash/sha1"] + path = rtl/core/hash/sha1 + url = git@git.cryptech.is:core/hash/sha1.git +[submodule "rtl/core/hash/sha256"] + path = rtl/core/hash/sha256 + url = git@git.cryptech.is:core/hash/sha256.git +[submodule "rtl/core/hash/sha512"] + path = rtl/core/hash/sha512 + url = git@git.cryptech.is:core/hash/sha512.git +[submodule "rtl/core/math/modexp"] + path = rtl/core/math/modexp + url = git@git.cryptech.is:core/math/modexp.git +[submodule "rtl/core/platform/common"] + path = rtl/core/platform/common + url = git@git.cryptech.is:core/platform/common.git +[submodule "rtl/core/platform/novena"] + path = rtl/core/platform/novena + url = git@git.cryptech.is:core/platform/novena.git +[submodule "rtl/core/rng/avalanche_entropy"] + path = rtl/core/rng/avalanche_entropy + url = git@git.cryptech.is:core/rng/avalanche_entropy.git +[submodule "rtl/core/rng/rosc_entropy"] + path = rtl/core/rng/rosc_entropy + url = git@git.cryptech.is:core/rng/rosc_entropy.git +[submodule "rtl/core/rng/trng"] + path = rtl/core/rng/trng + url = git@git.cryptech.is:core/rng/trng.git diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..b1c7467 --- /dev/null +++ b/Makefile @@ -0,0 +1,70 @@ +# Top-level build of packages for Novena PVT-1. +# +# Building source and binary packages separately isn't strictly +# necessary, but simplifies fault isolation. +# +# We generate the changes file on the fly to keep all the version +# information in one place. Nothing actually uses the changes file +# once we've generated the source package, so this is harmless. If +# somebody really wants to be the human maintainer for a changes +# file, be my guest. +# +# We don't sign anything yet. This will need fixing. + +# Version of the software in human terms (major.minor) + +export CRYPTECH_VERSION := 1.0 + +# Version suffix to add to package names. The extra fields come from +# HEAD of the git superrepository. The date field is primarily to +# make sure that versions sort into the correct order when fed to +# reprepro; the commit hash uniquely identifies the (base) version of +# the superrepository that generated the packages. This won't help if +# somebody publishes packages generated with a modified version of the +# superrepository, so don't do that (add check for uncommitted # changes?) + +ifdef NOTYET + +HEAD_TIME := $(shell git show -s --format=%ct HEAD) +HEAD_HASH := $(shell git rev-parse HEAD) + +CRYPTECH_PACKAGE_VERSION := ${CRYPTECH_VERSION}~${HEAD_TIME}~${HEAD_HASH} + +else + +CRYPTECH_PACKAGE_VERSION := ${CRYPTECH_VERSION}~something + +endif + +# Make sure git can find certificatess. We might want to change this +# to use GIT_SSL_CAINFO so we can specify a particular file, perhaps +# even a file in this repository, but skip that for the moment. + +export GIT_SSL_CAPATH=/etc/ssl/certs + +# Command to generate a new changelog containing one entry. +# Does nothing if the changelog already exists. + +DCH = test -f debian/changelog || \ + EDITOR=true VISUAL=true TZ=UTC DEBEMAIL='APT Builder Robot ' \ + dch --create --package cryptech-novena-$(1) --newversion '${CRYPTECH_PACKAGE_VERSION}' \ + 'Version ${CRYPTECH_VERSION} of Cryptech $(2) for the Novena PVT-1 development board.' + + +all: init sw rtl + +init: + git submodule update --init --recursive + +sw: + cd sw; $(call DCH,sw,software tools) + cd sw; debuild -S -uc -us + cd sw; debuild -b -uc -us -aarmhf + +rtl: + cd rtl; $(call DCH,rtl,RTL bitstream) + cd rtl; debuild -S -uc -us + cd rtl; debuild -b -uc -us + + +.PHONY: sw rtl diff --git a/README.md b/README.md new file mode 100644 index 0000000..b7a8b7c --- /dev/null +++ b/README.md @@ -0,0 +1,10 @@ +novena-releng +============= + +Release engineering tree for the Cryptech code for the Novena PVT-1, +initially targetted at what we need to package for IETF 93 in Praha. + +General idea is to build two binary packages, one with the bitstream +for the FPGA, one for software cross-compiled for the Novena. Might +want a third package just as a meta package to pull the first two in +via dependencies. diff --git a/rtl/Makefile b/rtl/Makefile new file mode 100644 index 0000000..79ebf76 --- /dev/null +++ b/rtl/Makefile @@ -0,0 +1,16 @@ +BUILD_DIR := core/platform/novena/eim/build + +# This business of patching files that are under revision control +# because we can't be bothered to generate a proper configuration file +# is kind of nasty. + +all: + patch -p1 --forward +Section: misc +Priority: optional +Standards-Version: 3.9.6 +Build-Depends: debhelper (>= 9) +Homepage: http://trac.cryptech.is/wiki + +Package: cryptech-novena-rtl +Architecture: all +Depends: libc6 (>= 2.13), ${misc:Depends} +Description: Cryptech open-source crypto hardware + "cryptech-novena-rtl" contains FGPA configuration (RTL bitstream) for the Cryptech project on + the Novena PVT-1 development board. diff --git a/rtl/debian/copyright b/rtl/debian/copyright new file mode 100644 index 0000000..fd7518e --- /dev/null +++ b/rtl/debian/copyright @@ -0,0 +1,27 @@ +Copyright (c) 2015, NORDUnet A/S All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: +- Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +- Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +- Neither the name of the NORDUnet nor the names of its contributors may + be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/rtl/debian/rules b/rtl/debian/rules new file mode 100755 index 0000000..2d33f6a --- /dev/null +++ b/rtl/debian/rules @@ -0,0 +1,4 @@ +#!/usr/bin/make -f + +%: + dh $@ diff --git a/rtl/debian/source/format b/rtl/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/rtl/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/rtl/patches/01-config-cores.patch b/rtl/patches/01-config-cores.patch new file mode 100644 index 0000000..245e8a3 --- /dev/null +++ b/rtl/patches/01-config-cores.patch @@ -0,0 +1,27 @@ +Description: configure core selectors for cryptech dnssec signer + +--- core/platform/common/core_selector/src/rtl/cipher_selector.v~ ++++ core/platform/common/core_selector/src/rtl/cipher_selector.v +@@ -67,7 +67,7 @@ module cipher_selector + //---------------------------------------------------------------- + // Comment following lines to exclude cores from implementation. + `define USE_CORE_AES +- `define USE_CORE_CHACHA ++// `define USE_CORE_CHACHA + + + //---------------------------------------------------------------- +--- core/platform/common/core_selector/src/rtl/hash_selector.v~ ++++ core/platform/common/core_selector/src/rtl/hash_selector.v +@@ -125,9 +125,9 @@ XXX move to `define in wrapper core?? + // List of Available Cores + //---------------------------------------------------------------- + // Comment following lines to exclude cores from implementation. +- `define USE_CORE_SHA1 ++// `define USE_CORE_SHA1 + `define USE_CORE_SHA256 +- `define USE_CORE_SHA512 ++// `define USE_CORE_SHA512 + + + //---------------------------------------------------------------- diff --git a/sw/Makefile b/sw/Makefile new file mode 100644 index 0000000..962d448 --- /dev/null +++ b/sw/Makefile @@ -0,0 +1,21 @@ +export CC := arm-linux-gnueabihf-gcc +export AR := arm-linux-gnueabihf-ar +export OBJCOPY := arm-linux-gnueabihf-objcopy + +# Something is messing up the CFLAGS and LDFLAGS settings to libhal. +# Using autoconf was probably a mistake, but hack around it for now. + +all: + cd sw/libtfm; ${MAKE} + cd sw/libhal; ./configure CFLAGS='-g3 -Wall -fPIC -std=c99 -I$${TFMDIR}' LDFLAGS='-g3 -L$${TFMDIR} -ltfm' + cd sw/libhal; ${MAKE} + cd sw/sqlite3; ${MAKE} CROSS_COMPILE=arm-unknown-linux-gnueabi + cd sw/pkcs11; ${MAKE} + +clean distclean: + for d in libtfm libhal sqlite3 pkcs11; do (cd sw/$$d && ${MAKE} $@); done + +install: all + install -D sw/pkcs11/libpkcs11.so ${DESTDIR}/usr/lib/libpkcs11.so + install -D sw/pkcs11/p11util ${DESTDIR}/usr/sbin/p11util + diff --git a/sw/debian/compat b/sw/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/sw/debian/compat @@ -0,0 +1 @@ +9 diff --git a/sw/debian/control b/sw/debian/control new file mode 100644 index 0000000..4d83526 --- /dev/null +++ b/sw/debian/control @@ -0,0 +1,14 @@ +Source: cryptech-novena-sw +Maintainer: Paul Selkirk +Section: misc +Priority: optional +Standards-Version: 3.9.6 +Build-Depends: debhelper (>= 9) +Homepage: http://trac.cryptech.is/wiki + +Package: cryptech-novena-sw +Architecture: armhf +Depends: libc6 (>= 2.13), ${misc:Depends} +Description: Cryptech open-source crypto software + "cryptech-novena-sw" contains software for use with the Cryptech Project RTL images on + the Novena PVT-1 development board. diff --git a/sw/debian/copyright b/sw/debian/copyright new file mode 100644 index 0000000..fd7518e --- /dev/null +++ b/sw/debian/copyright @@ -0,0 +1,27 @@ +Copyright (c) 2015, NORDUnet A/S All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: +- Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +- Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +- Neither the name of the NORDUnet nor the names of its contributors may + be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/sw/debian/rules b/sw/debian/rules new file mode 100755 index 0000000..2d33f6a --- /dev/null +++ b/sw/debian/rules @@ -0,0 +1,4 @@ +#!/usr/bin/make -f + +%: + dh $@ diff --git a/sw/debian/source/format b/sw/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/sw/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/sw/sw/libhal b/sw/sw/libhal new file mode 160000 index 0000000..e80f25d --- /dev/null +++ b/sw/sw/libhal @@ -0,0 +1 @@ +Subproject commit e80f25d31235628f2d9cfb410d48bcc83b4487d5 diff --git a/sw/sw/libtfm b/sw/sw/libtfm new file mode 160000 index 0000000..108e789 --- /dev/null +++ b/sw/sw/libtfm @@ -0,0 +1 @@ +Subproject commit 108e78987bc39f11d0abbba7dbfe80704cbf0282 diff --git a/sw/sw/pkcs11 b/sw/sw/pkcs11 new file mode 160000 index 0000000..5f0d1c2 --- /dev/null +++ b/sw/sw/pkcs11 @@ -0,0 +1 @@ +Subproject commit 5f0d1c2ecfde778a164dd4cfc362f7bd29ebe241 diff --git a/sw/sw/sqlite3 b/sw/sw/sqlite3 new file mode 160000 index 0000000..7bdeab3 --- /dev/null +++ b/sw/sw/sqlite3 @@ -0,0 +1 @@ +Subproject commit 7bdeab315c5fdaf6d1b087423b98e80e80fefec8 -- cgit v1.2.3