From a627a489e48cde75f80446e75d057fc1f12a0b98 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Thu, 9 Jun 2016 00:30:17 -0400
Subject: hash.c triggers gcc's strict-aliasing warnings.
---
GNUmakefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/GNUmakefile b/GNUmakefile
index 0b3647b..c37d142 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -164,7 +164,7 @@ CFLAGS += -DRPC_CLIENT=${RPC_CLIENT_FLAG}
endif
TFMDIR := $(abspath ../thirdparty/libtfm)
-CFLAGS += -g3 -Wall -std=c99 -I${TFMDIR}
+CFLAGS += -g3 -Wall -std=c99 -Wno-strict-aliasing -I${TFMDIR}
LDFLAGS := -g3 -L${TFMDIR} -ltfm
CFLAGS += -DHAL_STATIC_HASH_STATE_BLOCKS=${STATIC_HASH_STATE_BLOCKS}
--
cgit v1.2.3
From c4705484505ed29d17becd57117ea47cb8ab249d Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Thu, 9 Jun 2016 12:54:50 -0400
Subject: Typo in SHA-224/SHA-256 software core.
---
hash.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hash.c b/hash.c
index 225a99d..5fface0 100644
--- a/hash.c
+++ b/hash.c
@@ -1031,7 +1031,7 @@ static hal_error_t sw_hash_core_sha256(hal_hash_state_t *state)
uint32_t *H = (uint32_t *) state->core_state, S[8], W[64];
if (state->block_count == 0) {
- switch (state->driver_ctrl_mode & SHA256_MODE_MASK) {
+ switch (state->driver->ctrl_mode & SHA256_MODE_MASK) {
case SHA256_MODE_SHA_224: memcpy(H, sha224_iv, sizeof(sha224_iv)); break;
case SHA256_MODE_SHA_256: memcpy(H, sha256_iv, sizeof(sha256_iv)); break;
default: return HAL_ERROR_IMPOSSIBLE;
--
cgit v1.2.3
From 67cb831eae0224bd80786305cf73fe05c692b29c Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Thu, 9 Jun 2016 15:31:01 -0400
Subject: Fix duplicate dispatch vectors when building for RPC_CLIENT_LOCAL.
---
rpc_client.c | 11 +++++------
rpc_server.c | 2 ++
2 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/rpc_client.c b/rpc_client.c
index 3ac6d6e..c92571b 100644
--- a/rpc_client.c
+++ b/rpc_client.c
@@ -971,15 +971,14 @@ const hal_rpc_pkey_dispatch_t hal_rpc_mixed_pkey_dispatch = {
#endif /* RPC_CLIENT != RPC_CLIENT_LOCAL */
-#if RPC_CLIENT == RPC_CLIENT_LOCAL
-const hal_rpc_misc_dispatch_t * hal_rpc_misc_dispatch = &hal_rpc_local_misc_dispatch;
-const hal_rpc_hash_dispatch_t * hal_rpc_hash_dispatch = &hal_rpc_local_hash_dispatch;
-const hal_rpc_pkey_dispatch_t * hal_rpc_pkey_dispatch = &hal_rpc_local_pkey_dispatch;
-#elif RPC_CLIENT == RPC_CLIENT_REMOTE
+
+#if RPC_CLIENT == RPC_CLIENT_REMOTE
const hal_rpc_misc_dispatch_t * hal_rpc_misc_dispatch = &hal_rpc_remote_misc_dispatch;
const hal_rpc_hash_dispatch_t * hal_rpc_hash_dispatch = &hal_rpc_remote_hash_dispatch;
const hal_rpc_pkey_dispatch_t * hal_rpc_pkey_dispatch = &hal_rpc_remote_pkey_dispatch;
-#elif RPC_CLIENT == RPC_CLIENT_MIXED
+#endif
+
+#if RPC_CLIENT == RPC_CLIENT_MIXED
const hal_rpc_misc_dispatch_t * hal_rpc_misc_dispatch = &hal_rpc_remote_misc_dispatch;
const hal_rpc_hash_dispatch_t * hal_rpc_hash_dispatch = &hal_rpc_local_hash_dispatch;
const hal_rpc_pkey_dispatch_t * hal_rpc_pkey_dispatch = &hal_rpc_mixed_pkey_dispatch;
diff --git a/rpc_server.c b/rpc_server.c
index a1bca26..65ba6bb 100644
--- a/rpc_server.c
+++ b/rpc_server.c
@@ -738,9 +738,11 @@ void hal_rpc_server_main(void)
* Dispatch vectors.
*/
+#if RPC_CLIENT == RPC_CLIENT_LOCAL
const hal_rpc_misc_dispatch_t *hal_rpc_misc_dispatch = &hal_rpc_local_misc_dispatch;
const hal_rpc_hash_dispatch_t *hal_rpc_hash_dispatch = &hal_rpc_local_hash_dispatch;
const hal_rpc_pkey_dispatch_t *hal_rpc_pkey_dispatch = &hal_rpc_local_pkey_dispatch;
+#endif
hal_error_t hal_rpc_server_init(void)
{
--
cgit v1.2.3
From b3744cda1a0fab9ded7a406594b94375e311ca19 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Fri, 10 Jun 2016 02:32:54 -0400
Subject: Another attempt to clean up the libhal makefile hairball.
---
GNUmakefile | 113 ++++++++++++++++++++++++++++--------------------------
hal_internal.h | 23 ++++++-----
tests/GNUmakefile | 24 ++++++------
3 files changed, 83 insertions(+), 77 deletions(-)
diff --git a/GNUmakefile b/GNUmakefile
index c37d142..dbf71f9 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -37,24 +37,42 @@ STATIC_PKEY_STATE_BLOCKS = 6
INC = hal.h hal_internal.h
LIB = libhal.a
-USAGE = "usage: make [IO_BUS=eim|i2c|fmc] [RPC_CLIENT=local|remote|mixed] [RPC_SERVER=yes] [KS=mmap|volatile|flash]"
+# Error checking on known control options, some of which allow the user entirely too much rope.
+
+USAGE := "usage: make [IO_BUS=eim|i2c|fmc] [RPC_CLIENT=none|local|remote|mixed] [RPC_SERVER=no|yes] [KS=volatile|mmap|flash] [RPC_TRANSPORT=none|loopback|serial|daemon]"
+
+IO_BUS ?= eim
+KS ?= mmap
+RPC_CLIENT ?= none
+RPC_SERVER ?= $(if $(filter local,${RPC_CLIENT}),yes,no)
+RPC_TRANSPORT ?= daemon
+
+ifeq (,$(and \
+ $(filter none eim i2c fmc ,${IO_BUS}),\
+ $(filter none local remote mixed ,${RPC_CLIENT}),\
+ $(filter no yes ,${RPC_SERVER}),\
+ $(filter volatile mmap flash ,${KS}),\
+ $(filter none loopback serial daemon ,${RPC_TRANSPORT})))
+ $(error ${USAGE})
+endif
+
+ifneq (${RPC_SERVER},$(if $(filter local,${RPC_CLIENT}),yes,no))
+ $(error RPC_SERVER=yes is probably only useful with RPC_CLIENT=local)
+endif
+
+WANT_RTL_CODE := $(if $(filter none local,${RPC_CLIENT}),yes,no)
-OBJ = errorstrings.o
-CORE_OBJ = core.o ${HASH_OBJ} ${MISC_OBJ} ${PKEY_OBJ} ${PKEY2_OBJ} ${KS_OBJ} ${IO_OBJ} ${MKMIF_OBJ}
-HASH_OBJ = hash.o
-MISC_OBJ = csprng.o pbkdf2.o
-PKEY_OBJ = asn1.o ecdsa.o rsa.o
-PKEY2_OBJ = aes_keywrap.o modexp.o
-MKMIF_OBJ = mkmif.o
+OBJ = errorstrings.o hash.o asn1.o ecdsa.o rsa.o ${KS_OBJ}
+CORE_OBJ = core.o csprng.o pbkdf2.o aes_keywrap.o modexp.o mkmif.o ${IO_OBJ}
# I/O bus to the FPGA
#
-# IO_BUS = eim | i2c | fmc
+# IO_BUS = none | eim | i2c | fmc
+# none: no FPGA I/O bus
# eim: EIM bus from Novena
# i2c: older I2C bus from Novena
# fmc: FMC bus from dev-bridge and alpha boards
-IO_BUS ?= eim
ifeq (${IO_BUS},eim)
IO_OBJ = hal_io_eim.o novena-eim.o
else ifeq (${IO_BUS},i2c)
@@ -80,7 +98,7 @@ endif
# and we haven't yet written the flash code for the bridge board.
KS_OBJ = ks.o
-KS ?= mmap
+
ifeq (${KS},mmap)
KS_OBJ += ks_mmap.o
else ifeq (${KS},volatile)
@@ -89,80 +107,67 @@ else ifeq (${KS},flash)
KS_OBJ += ks_flash.o
endif
-# RPC_CLIENT = local | remote | mixed
+# RPC_CLIENT = none | local | remote | mixed
+# none: Build without RPC client
# local: Build for Novena or dev-bridge, access FPGA cores directly.
# remote: Build for other host, communicate with RPC server.
# mixed: Do hashing locally in software, other functions remotely.
#
-# RPC_SERVER = yes
+# RPC_SERVER = no | yes
#
# RPC_TRANSPORT = loopback | serial | daemon
# loopback: communicate over loopback socket on Novena
# serial: communicate over USB in serial pass-through mode
# daemon: communicate over USB via a daemon, to arbitrate multiple clients
-RPC_TRANSPORT ?= daemon
+ifneq (${RPC_CLIENT},none)
+ OBJ += rpc_api.o xdr.o
+endif
+
+ifeq (${RPC_TRANSPORT},serial)
+ OBJ += slip.o
+endif
-RPC_CLIENT_OBJ = rpc_api.o rpc_client.o xdr.o
+RPC_CLIENT_OBJ = rpc_client.o
ifeq (${RPC_TRANSPORT},loopback)
RPC_CLIENT_OBJ += rpc_client_loopback.o
else ifeq (${RPC_TRANSPORT},serial)
- RPC_CLIENT_OBJ += rpc_client_serial.o slip.o
+ RPC_CLIENT_OBJ += rpc_client_serial.o
else ifeq (${RPC_TRANSPORT},daemon)
RPC_CLIENT_OBJ += rpc_client_daemon.o
endif
RPC_DISPATCH_OBJ = rpc_hash.o rpc_misc.o rpc_pkey.o
-RPC_SERVER_OBJ = rpc_api.o rpc_server.o xdr.o ${RPC_DISPATCH_OBJ}
+RPC_SERVER_OBJ = rpc_server.o
ifeq (${RPC_TRANSPORT},loopback)
RPC_SERVER_OBJ += rpc_server_loopback.o
else ifeq (${RPC_TRANSPORT},serial)
- RPC_SERVER_OBJ += rpc_server_serial.o slip.o
+ RPC_SERVER_OBJ += rpc_server_serial.o
endif
-# Not building any of the RPC stuff, access FPGA cores directly.
-ifndef RPC_CLIENT
- ifndef RPC_SERVER
- OBJ += ${CORE_OBJ}
- endif
+ifeq (${RPC_SERVER},yes)
+ OBJ += ${RPC_SERVER_OBJ}
endif
-# Building the RPC server.
-ifdef RPC_SERVER
- OBJ += ${CORE_OBJ} ${RPC_SERVER_OBJ}
-endif
-
-# Building the RPC client, in all its variations.
-ifdef RPC_CLIENT
- OBJ += ${RPC_CLIENT_OBJ}
- ifeq (${RPC_CLIENT},local)
- OBJ += ${CORE_OBJ} ${RPC_DISPATCH_OBJ}
- else
- CFLAGS += -DHAL_RSA_USE_MODEXP=0
- OBJ += ${PKEY_OBJ}
- ifeq (${RPC_CLIENT},mixed)
- KS = volatile
- OBJ += ${HASH_OBJ} ${PKEY2_OBJ} ${RPC_DISPATCH_OBJ} ${KS_OBJ}
- endif
- endif
-endif
-
-# RPC client locality, for rpc_client.c. This has to be kept in sync with
-# hal_internal.h. Yeah, it's ugly, but the C preprocessor can only
-# compare integers, not strings.
-
-ifeq (${RPC_CLIENT},local)
- RPC_CLIENT_FLAG = 0
+ifeq (${RPC_CLIENT},none)
+ OBJ += ${CORE_OBJ}
+else ifeq (${RPC_CLIENT},local)
+ OBJ += ${CORE_OBJ} ${RPC_CLIENT_OBJS} ${RPC_DISPATCH_OBJS}
+ CFLAGS += -DRPC_CLIENT=RPC_CLIENT_LOCAL
else ifeq (${RPC_CLIENT},remote)
- RPC_CLIENT_FLAG = 1
+ OBJ += ${RPC_CLIENT_OBJS}
+ CFLAGS += -DRPC_CLIENT=RPC_CLIENT_REMOTE -DHAL_RSA_USE_MODEXP=0
else ifeq (${RPC_CLIENT},mixed)
- RPC_CLIENT_FLAG = 2
-endif
-ifdef RPC_CLIENT_FLAG
-CFLAGS += -DRPC_CLIENT=${RPC_CLIENT_FLAG}
+ OBJ += ${RPC_CLIENT_OBJS} ${RPC_DISPATCH_OBJS}
+ CFLAGS += -DRPC_CLIENT=RPC_CLIENT_MIXED -DHAL_RSA_USE_MODEXP=0
+ KS = volatile
endif
+# RPC client locality, for rpc_client.c. Value passed here is tested
+# as an integer in the C preprocessor, so the symbols used here need
+# to be defined as macros in the C code, not enum tokens.
+
TFMDIR := $(abspath ../thirdparty/libtfm)
CFLAGS += -g3 -Wall -std=c99 -Wno-strict-aliasing -I${TFMDIR}
LDFLAGS := -g3 -L${TFMDIR} -ltfm
diff --git a/hal_internal.h b/hal_internal.h
index 60aed3b..9896ac0 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -241,7 +241,7 @@ extern const hal_rpc_pkey_dispatch_t hal_rpc_local_pkey_dispatch, hal_rpc_remote
* See code in rpc_pkey.c for how this flag fits into the pkey handle.
*/
-#define HAL_PKEY_HANDLE_PROXIMATE_FLAG (1 << 31)
+#define HAL_PKEY_HANDLE_PROXIMATE_FLAG (1 << 31)
/*
* Keystore API.
@@ -257,9 +257,9 @@ extern const hal_rpc_pkey_dispatch_t hal_rpc_local_pkey_dispatch, hal_rpc_remote
*
* 2048-bit RSA: 1194 bytes
* 4096-bit RSA: 2351 bytes
- * 8192-bit RSA: 4655 bytes
- * EC P-256: 121 bytes
- * EC P-384: 167 bytes
+ * 8192-bit RSA: 4655 bytes
+ * EC P-256: 121 bytes
+ * EC P-384: 167 bytes
* EC P-521: 223 bytes
*
* Plus we need a bit of AES-keywrap overhead, since we're storing the
@@ -271,7 +271,7 @@ extern const hal_rpc_pkey_dispatch_t hal_rpc_local_pkey_dispatch, hal_rpc_remote
* to keep them private, they don't require tamper-protected RAM.
*/
-#define HAL_KS_WRAPPED_KEYSIZE ((4655 + 15) & ~7)
+#define HAL_KS_WRAPPED_KEYSIZE ((4655 + 15) & ~7)
#ifndef HAL_STATIC_PKEY_STATE_BLOCKS
#define HAL_STATIC_PKEY_STATE_BLOCKS 0
@@ -429,14 +429,17 @@ typedef enum {
RPC_FUNC_PKEY_RENAME,
} rpc_func_num_t;
-#define RPC_VERSION 0x00010000 /* 0.1.0.0 */
+#define RPC_VERSION 0x00010000 /* 0.1.0.0 */
-/* RPC client locality. These have to be defines rather than an enum,
+/*
+ * RPC client locality. These have to be defines rather than an enum,
* because they're handled by the preprocessor.
*/
-#define RPC_CLIENT_LOCAL 0
-#define RPC_CLIENT_REMOTE 1
-#define RPC_CLIENT_MIXED 2
+
+#define RPC_CLIENT_LOCAL 0
+#define RPC_CLIENT_REMOTE 1
+#define RPC_CLIENT_MIXED 2
+#define RPC_CLIENT_NONE 3
#endif /* _HAL_INTERNAL_H_ */
diff --git a/tests/GNUmakefile b/tests/GNUmakefile
index 65c7a25..5e2b3ea 100644
--- a/tests/GNUmakefile
+++ b/tests/GNUmakefile
@@ -29,21 +29,19 @@
INC = ../hal.h
LIB = ../libhal.a
-BIN := test-aes-key-wrap test-hash test-pbkdf2 test-ecdsa test-bus test-trng test-rsa
-ifndef RPC_SERVER
- ifdef RPC_CLIENT
- ifneq (${RPC_CLIENT},local)
- # If we're only building a remote RPC client lib, don't include
- # tests that access the FPGA cores.
- BIN :=
- endif
- endif
+
+# Which tests to build depends on how the library was compiled.
+
+ifeq (${RPC_SERVER},yes)
+ BIN += test-rpc_server
endif
-ifdef RPC_CLIENT
- BIN += test-rpc_hash test-rpc_pkey test-rpc_get_version test-rpc_get_random
+
+ifeq (${RPC_CLIENT},none)
+ BIN += test-aes-key-wrap test-hash test-pbkdf2 test-ecdsa test-bus test-trng test-rsa
endif
-ifdef RPC_SERVER
- BIN += test-rpc_server
+
+ifeq (${RPC_CLIENT},local)
+ BIN += test-rpc_hash test-rpc_pkey test-rpc_get_version test-rpc_get_random
endif
CFLAGS = -g3 -Wall -fPIC -std=c99 -I..
--
cgit v1.2.3
From d3c389455f3e4084968da796d33e12d3fb32f85b Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Fri, 10 Jun 2016 02:47:16 -0400
Subject: Helps to get the makefile variable names right.
---
GNUmakefile | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/GNUmakefile b/GNUmakefile
index dbf71f9..1862cb8 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -119,6 +119,10 @@ endif
# loopback: communicate over loopback socket on Novena
# serial: communicate over USB in serial pass-through mode
# daemon: communicate over USB via a daemon, to arbitrate multiple clients
+#
+# RPC client locality flags passed here via CFLAGS are tested as
+# integers in the C preprocessor, so the symbols we pass must be
+# defined as macros in the C code, not enum tokens.
ifneq (${RPC_CLIENT},none)
OBJ += rpc_api.o xdr.o
@@ -153,21 +157,17 @@ endif
ifeq (${RPC_CLIENT},none)
OBJ += ${CORE_OBJ}
else ifeq (${RPC_CLIENT},local)
- OBJ += ${CORE_OBJ} ${RPC_CLIENT_OBJS} ${RPC_DISPATCH_OBJS}
+ OBJ += ${CORE_OBJ} ${RPC_CLIENT_OBJ} ${RPC_DISPATCH_OBJ}
CFLAGS += -DRPC_CLIENT=RPC_CLIENT_LOCAL
else ifeq (${RPC_CLIENT},remote)
- OBJ += ${RPC_CLIENT_OBJS}
+ OBJ += ${RPC_CLIENT_OBJ}
CFLAGS += -DRPC_CLIENT=RPC_CLIENT_REMOTE -DHAL_RSA_USE_MODEXP=0
else ifeq (${RPC_CLIENT},mixed)
- OBJ += ${RPC_CLIENT_OBJS} ${RPC_DISPATCH_OBJS}
+ OBJ += ${RPC_CLIENT_OBJ} ${RPC_DISPATCH_OBJ}
CFLAGS += -DRPC_CLIENT=RPC_CLIENT_MIXED -DHAL_RSA_USE_MODEXP=0
KS = volatile
endif
-# RPC client locality, for rpc_client.c. Value passed here is tested
-# as an integer in the C preprocessor, so the symbols used here need
-# to be defined as macros in the C code, not enum tokens.
-
TFMDIR := $(abspath ../thirdparty/libtfm)
CFLAGS += -g3 -Wall -std=c99 -Wno-strict-aliasing -I${TFMDIR}
LDFLAGS := -g3 -L${TFMDIR} -ltfm
--
cgit v1.2.3
From 01e87b5d974c1ad761448732b78e7b33a43c6b61 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Fri, 10 Jun 2016 11:29:38 -0400
Subject: Allow host-side libhal build without access to secure hardware to
store unencrypted public keys (we don't allow this for private keys). Yet
another screwball feature to support PKCS #11, sigh. Anyway, with this
change, mixed-mode builds should work again.
---
ks.c | 45 ++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 44 insertions(+), 1 deletion(-)
diff --git a/ks.c b/ks.c
index b6cb32f..d252620 100644
--- a/ks.c
+++ b/ks.c
@@ -42,12 +42,28 @@
#define KEK_LENGTH (bitsToBytes(256))
+/*
+ * In "remote" and "mixed" RPC modes we're a software only RPC client
+ * without (direct) access to secure hardware, thus there is no real
+ * point in encrypting keys. As precautions, we (a) warn about this
+ * when configured in one of these modes, and (b) refuse to store any
+ * sort of private keys.
+ */
+
+#define USE_KEK (RPC_CLIENT != RPC_CLIENT_REMOTE && RPC_CLIENT != RPC_CLIENT_MIXED)
+
+#if !USE_KEK
+#warning ks.c compiled without KEK support and will only accept public keys -- this is normal for the host-side build of libhsm
+#endif
+
static inline int acceptable_key_type(const hal_key_type_t type)
{
switch (type) {
+#if USE_KEK
case HAL_KEY_TYPE_RSA_PRIVATE:
- case HAL_KEY_TYPE_RSA_PUBLIC:
case HAL_KEY_TYPE_EC_PRIVATE:
+#endif
+ case HAL_KEY_TYPE_RSA_PUBLIC:
case HAL_KEY_TYPE_EC_PUBLIC:
return 1;
default:
@@ -96,6 +112,8 @@ hal_error_t hal_ks_store(const hal_key_type_t type,
memset(&k, 0, sizeof(k));
k.der_len = sizeof(k.der);
+#if USE_KEK
+
uint8_t kek[KEK_LENGTH];
size_t kek_len;
@@ -107,6 +125,16 @@ hal_error_t hal_ks_store(const hal_key_type_t type,
if (err != HAL_OK)
return err;
+#else /* USE_KEK */
+
+ if (der_len > k.der_len)
+ return HAL_ERROR_RESULT_TOO_LONG;
+
+ k.der_len = der_len;
+ memcpy(k.der, der, der_len);
+
+#endif /* USE_KEK */
+
assert(name_len <= sizeof(k.name));
memcpy(k.name, name, name_len);
k.name_len = name_len;
@@ -199,6 +227,9 @@ hal_error_t hal_ks_fetch(const hal_key_type_t type,
*der_len = k->der_len;
if (der != NULL) {
+
+#if USE_KEK
+
uint8_t kek[KEK_LENGTH];
size_t kek_len, der_len_;
hal_error_t err;
@@ -215,6 +246,18 @@ hal_error_t hal_ks_fetch(const hal_key_type_t type,
if (err != HAL_OK)
return err;
+
+#else /* USE_KEK */
+
+ if (k->der_len > der_max)
+ return HAL_ERROR_RESULT_TOO_LONG;
+
+ if (der_len != NULL)
+ *der_len = k->der_len;
+
+ memcpy(der, k->der, k->der_len);
+
+#endif /* USE_KEK */
}
return HAL_OK;
--
cgit v1.2.3
From 290d6ff054e2b68717eacc15ddaecae080d1ad3d Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Sun, 12 Jun 2016 18:31:55 -0400
Subject: Turn hardware modexp off again, as it has problems with some of the
key sizes hsmbully tries.
---
GNUmakefile | 30 ++++++++++++++++++++++++++----
1 file changed, 26 insertions(+), 4 deletions(-)
diff --git a/GNUmakefile b/GNUmakefile
index 1862cb8..04efc1f 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -39,20 +39,22 @@ LIB = libhal.a
# Error checking on known control options, some of which allow the user entirely too much rope.
-USAGE := "usage: make [IO_BUS=eim|i2c|fmc] [RPC_CLIENT=none|local|remote|mixed] [RPC_SERVER=no|yes] [KS=volatile|mmap|flash] [RPC_TRANSPORT=none|loopback|serial|daemon]"
+USAGE := "usage: ${MAKE} [IO_BUS=eim|i2c|fmc] [RPC_CLIENT=none|local|remote|mixed] [RPC_SERVER=no|yes] [KS=volatile|mmap|flash] [RPC_TRANSPORT=none|loopback|serial|daemon] [MODEXP_CORE=no|yes]"
IO_BUS ?= eim
KS ?= mmap
RPC_CLIENT ?= none
RPC_SERVER ?= $(if $(filter local,${RPC_CLIENT}),yes,no)
RPC_TRANSPORT ?= daemon
+MODEXP_CORE ?= no
ifeq (,$(and \
$(filter none eim i2c fmc ,${IO_BUS}),\
$(filter none local remote mixed ,${RPC_CLIENT}),\
$(filter no yes ,${RPC_SERVER}),\
$(filter volatile mmap flash ,${KS}),\
- $(filter none loopback serial daemon ,${RPC_TRANSPORT})))
+ $(filter none loopback serial daemon ,${RPC_TRANSPORT}),\
+ $(filter no yes ,${MODEXP_CORE})))
$(error ${USAGE})
endif
@@ -60,9 +62,25 @@ ifneq (${RPC_SERVER},$(if $(filter local,${RPC_CLIENT}),yes,no))
$(error RPC_SERVER=yes is probably only useful with RPC_CLIENT=local)
endif
-WANT_RTL_CODE := $(if $(filter none local,${RPC_CLIENT}),yes,no)
+# Whether the RSA code should use the ModExp | ModExpS6 | ModExpA7 core.
+
+ifeq (${MODEXP_CORE},yes)
+ RSA_USE_MODEXP_CORE := 1
+else
+ RSA_USE_MODEXP_CORE := 0
+endif
+
+# Object files to build, initialized with ones we always want.
+# There's a balance here between skipping files we don't strictly
+# need and reducing the number of unnecessary conditionals in this
+# makefile, so the working definition of "always want" is sometimes
+# just "building this is harmless even if we don't use it."
OBJ = errorstrings.o hash.o asn1.o ecdsa.o rsa.o ${KS_OBJ}
+
+# Object files to build when we're on a platform with direct access
+# to our hardware (Verilog) cores.
+
CORE_OBJ = core.o csprng.o pbkdf2.o aes_keywrap.o modexp.o mkmif.o ${IO_OBJ}
# I/O bus to the FPGA
@@ -156,9 +174,10 @@ endif
ifeq (${RPC_CLIENT},none)
OBJ += ${CORE_OBJ}
+ CFLAGS += -DHAL_RSA_USE_MODEXP=${RSA_USE_MODEXP_CORE}
else ifeq (${RPC_CLIENT},local)
OBJ += ${CORE_OBJ} ${RPC_CLIENT_OBJ} ${RPC_DISPATCH_OBJ}
- CFLAGS += -DRPC_CLIENT=RPC_CLIENT_LOCAL
+ CFLAGS += -DRPC_CLIENT=RPC_CLIENT_LOCAL -DHAL_RSA_USE_MODEXP=${RSA_USE_MODEXP_CORE}
else ifeq (${RPC_CLIENT},remote)
OBJ += ${RPC_CLIENT_OBJ}
CFLAGS += -DRPC_CLIENT=RPC_CLIENT_REMOTE -DHAL_RSA_USE_MODEXP=0
@@ -232,3 +251,6 @@ tags: TAGS
TAGS: *.[ch] tests/*.[ch] utils/*.[ch]
etags $^
+
+help usage:
+ @echo ${USAGE}
--
cgit v1.2.3
From a20af9980516d516f0403bb80551db8d283aa383 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Mon, 13 Jun 2016 12:49:53 -0400
Subject: Allow NULL der_len parameter in hal-rsa_private_key_to_der().
---
rsa.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/rsa.c b/rsa.c
index 7269aa9..8438bea 100644
--- a/rsa.c
+++ b/rsa.c
@@ -697,7 +697,7 @@ hal_error_t hal_rsa_private_key_to_der(const hal_rsa_key_t * const key,
{
hal_error_t err = HAL_OK;
- if (key == NULL || der_len == NULL || key->type != HAL_KEY_TYPE_RSA_PRIVATE)
+ if (key == NULL || key->type != HAL_KEY_TYPE_RSA_PRIVATE)
return HAL_ERROR_BAD_ARGUMENTS;
fp_int version[1] = INIT_FP_INT;
@@ -706,9 +706,9 @@ hal_error_t hal_rsa_private_key_to_der(const hal_rsa_key_t * const key,
* Calculate data length.
*/
- size_t vlen = 0;
+ size_t hlen = 0, vlen = 0;
-#define _(x) { size_t i; if ((err = hal_asn1_encode_integer(x, NULL, &i, der_max - vlen)) != HAL_OK) return err; vlen += i; }
+#define _(x) { size_t n; if ((err = hal_asn1_encode_integer(x, NULL, &n, der_max - vlen)) != HAL_OK) return err; vlen += n; }
RSAPrivateKey_fields;
#undef _
@@ -716,11 +716,11 @@ hal_error_t hal_rsa_private_key_to_der(const hal_rsa_key_t * const key,
* Encode header.
*/
- if ((err = hal_asn1_encode_header(ASN1_SEQUENCE, vlen, der, der_len, der_max)) != HAL_OK)
+ if ((err = hal_asn1_encode_header(ASN1_SEQUENCE, vlen, der, &hlen, der_max)) != HAL_OK)
return err;
- const size_t hlen = *der_len;
- *der_len += vlen;
+ if (der_len != NULL)
+ *der_len = hlen + vlen;
if (der == NULL)
return HAL_OK;
@@ -731,7 +731,7 @@ hal_error_t hal_rsa_private_key_to_der(const hal_rsa_key_t * const key,
der += hlen;
-#define _(x) { size_t i; if ((err = hal_asn1_encode_integer(x, der, &i, vlen)) != HAL_OK) return err; der += i; vlen -= i; }
+#define _(x) { size_t n; if ((err = hal_asn1_encode_integer(x, der, &n, vlen)) != HAL_OK) return err; der += n; vlen -= n; }
RSAPrivateKey_fields;
#undef _
--
cgit v1.2.3
From 97c3a85d32893ec5f17ecd807a45bac935e42dd5 Mon Sep 17 00:00:00 2001
From: Paul Selkirk <paul@psgd.org>
Date: Tue, 14 Jun 2016 17:25:29 -0400
Subject: Add support for ModExpA7
---
core.c | 1 +
hal.h | 10 ++++++++--
rsa.c | 3 ++-
tests/test-rsa.c | 2 ++
verilog_constants.h | 17 +++++++++++++++++
5 files changed, 30 insertions(+), 3 deletions(-)
diff --git a/core.c b/core.c
index b7bf3b0..ffe61e6 100644
--- a/core.c
+++ b/core.c
@@ -108,6 +108,7 @@ static int name_matches(const hal_core_t *const core, const char * const name)
static const struct { const char *name; hal_addr_t extra; } gaps[] = {
{ "csprng", 11 * CORE_SIZE }, /* empty slots after csprng */
{ "modexps6", 3 * CORE_SIZE }, /* ModexpS6 uses four slots */
+ { "modexpa7", 3 * CORE_SIZE }, /* ModexpA7 uses four slots */
};
static hal_core_t *probe_cores(void)
diff --git a/hal.h b/hal.h
index 12ed579..776acac 100644
--- a/hal.h
+++ b/hal.h
@@ -90,8 +90,14 @@
#define CHACHA_NAME "chacha "
#define CHACHA_VERSION "0.80"
-#define MODEXPS6_NAME "modexps6"
-#define MODEXPS6_VERSION "0.10"
+#define MODEXP_NAME "modexp"
+#define MODEXP_VERSION "0.10"
+
+#define MODEXPS6_NAME "modexps6"
+#define MODEXPS6_VERSION "0.10"
+
+#define MODEXPA7_NAME "modexpa7"
+#define MODEXPA7_VERSION "0.10"
#define MKMIF_NAME "mkmif "
#define MKMIF_VERSION "0.10"
diff --git a/rsa.c b/rsa.c
index 8438bea..c8a1479 100644
--- a/rsa.c
+++ b/rsa.c
@@ -197,7 +197,8 @@ static hal_error_t modexp(const hal_core_t *core,
{
hal_error_t err = HAL_OK;
- if ((err = hal_core_check_name(&core, MODEXPS6_NAME)) != HAL_OK)
+ if (((err = hal_core_check_name(&core, MODEXPS6_NAME)) != HAL_OK) &&
+ ((err = hal_core_check_name(&core, MODEXPA7_NAME)) != HAL_OK))
return err;
assert(msg != NULL && exp != NULL && mod != NULL && res != NULL);
diff --git a/tests/test-rsa.c b/tests/test-rsa.c
index 1fc516b..60fe2a5 100644
--- a/tests/test-rsa.c
+++ b/tests/test-rsa.c
@@ -299,6 +299,8 @@ static int test_rsa(const hal_core_t *core, const rsa_tc_t * const tc)
int main(int argc, char *argv[])
{
const hal_core_t *core = hal_core_find(MODEXPS6_NAME, NULL);
+ if (core == NULL)
+ core = hal_core_find(MODEXPA7_NAME, NULL);
const hal_core_info_t *core_info = hal_core_info(core);
if (core_info != NULL)
diff --git a/verilog_constants.h b/verilog_constants.h
index 085b973..f0ae070 100644
--- a/verilog_constants.h
+++ b/verilog_constants.h
@@ -223,6 +223,23 @@
#define MODEXPS6_ADDR_EXPONENT (MODEXPS6_ADDR_OPERANDS + 2 * MODEXPS6_OPERAND_WORDS)
#define MODEXPS6_ADDR_RESULT (MODEXPS6_ADDR_OPERANDS + 3 * MODEXPS6_OPERAND_WORDS)
+/*
+ * ModExpA7 core. MODEXPA7_OPERAND_BITS is size in bits of largest
+ * supported modulus.
+ */
+
+#define MODEXPA7_OPERAND_BITS (4096)
+#define MODEXPA7_OPERAND_WORDS (MODEXPA7_OPERAND_BITS / 32)
+#define MODEXPA7_ADDR_REGISTERS (0 * MODEXPA7_OPERAND_WORDS)
+#define MODEXPA7_ADDR_OPERANDS (4 * MODEXPA7_OPERAND_WORDS)
+#define MODEXPA7_ADDR_MODE (MODEXPA7_ADDR_REGISTERS + 0x10)
+#define MODEXPA7_ADDR_MODULUS_WIDTH (MODEXPA7_ADDR_REGISTERS + 0x11)
+#define MODEXPA7_ADDR_EXPONENT_WIDTH (MODEXPA7_ADDR_REGISTERS + 0x12)
+#define MODEXPA7_ADDR_MODULUS (MODEXPA7_ADDR_OPERANDS + 0 * MODEXPA7_OPERAND_WORDS)
+#define MODEXPA7_ADDR_MESSAGE (MODEXPA7_ADDR_OPERANDS + 1 * MODEXPA7_OPERAND_WORDS)
+#define MODEXPA7_ADDR_EXPONENT (MODEXPA7_ADDR_OPERANDS + 2 * MODEXPA7_OPERAND_WORDS)
+#define MODEXPA7_ADDR_RESULT (MODEXPA7_ADDR_OPERANDS + 3 * MODEXPA7_OPERAND_WORDS)
+
/*
* Utility cores.
*/
--
cgit v1.2.3
From 282617c06a8b5eff135d1cf6f1d6fe148f632c5a Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Tue, 14 Jun 2016 18:57:06 -0400
Subject: Collapse RPC_CLIENT and RPC_SERVER makefile settings into a single
RPC_MODE setting.
---
GNUmakefile | 117 ++++++++++++++++++++++++------------------------------
tests/GNUmakefile | 28 ++++++++-----
2 files changed, 69 insertions(+), 76 deletions(-)
diff --git a/GNUmakefile b/GNUmakefile
index 04efc1f..b5f1f2b 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -39,32 +39,28 @@ LIB = libhal.a
# Error checking on known control options, some of which allow the user entirely too much rope.
-USAGE := "usage: ${MAKE} [IO_BUS=eim|i2c|fmc] [RPC_CLIENT=none|local|remote|mixed] [RPC_SERVER=no|yes] [KS=volatile|mmap|flash] [RPC_TRANSPORT=none|loopback|serial|daemon] [MODEXP_CORE=no|yes]"
+USAGE := "usage: ${MAKE} [IO_BUS=eim|i2c|fmc] [RPC_MODE=none|server|client-simple|client-mixed] [KS=volatile|mmap|flash] [RPC_TRANSPORT=none|loopback|serial|daemon] [MODEXP_CORE=no|yes]"
IO_BUS ?= eim
-KS ?= mmap
-RPC_CLIENT ?= none
-RPC_SERVER ?= $(if $(filter local,${RPC_CLIENT}),yes,no)
+KS ?= volatile
+RPC_MODE ?= none
RPC_TRANSPORT ?= daemon
MODEXP_CORE ?= no
ifeq (,$(and \
- $(filter none eim i2c fmc ,${IO_BUS}),\
- $(filter none local remote mixed ,${RPC_CLIENT}),\
- $(filter no yes ,${RPC_SERVER}),\
- $(filter volatile mmap flash ,${KS}),\
- $(filter none loopback serial daemon ,${RPC_TRANSPORT}),\
- $(filter no yes ,${MODEXP_CORE})))
+ $(filter none eim i2c fmc ,${IO_BUS}),\
+ $(filter none server client-simple client-mixed ,${RPC_MODE}),\
+ $(filter volatile mmap flash ,${KS}),\
+ $(filter none loopback serial daemon ,${RPC_TRANSPORT}),\
+ $(filter no yes ,${MODEXP_CORE})))
$(error ${USAGE})
endif
-ifneq (${RPC_SERVER},$(if $(filter local,${RPC_CLIENT}),yes,no))
- $(error RPC_SERVER=yes is probably only useful with RPC_CLIENT=local)
-endif
+$(info Building libhal with configuration IO_BUS=${IO_BUS} RPC_MODE=${RPC_MODE} KS=${KS} RPC_TRANSPORT=${RPC_TRANSPORT} MODEXP_CORE=${MODEXP_CORE})
# Whether the RSA code should use the ModExp | ModExpS6 | ModExpA7 core.
-ifeq (${MODEXP_CORE},yes)
+ifeq "${MODEXP_CORE}" "yes"
RSA_USE_MODEXP_CORE := 1
else
RSA_USE_MODEXP_CORE := 0
@@ -86,16 +82,16 @@ CORE_OBJ = core.o csprng.o pbkdf2.o aes_keywrap.o modexp.o mkmif.o ${IO_OBJ}
# I/O bus to the FPGA
#
# IO_BUS = none | eim | i2c | fmc
-# none: no FPGA I/O bus
-# eim: EIM bus from Novena
-# i2c: older I2C bus from Novena
-# fmc: FMC bus from dev-bridge and alpha boards
+# none: No FPGA I/O bus
+# eim: EIM bus from Novena
+# i2c: Older I2C bus from Novena
+# fmc: FMC bus from dev-bridge and alpha boards
-ifeq (${IO_BUS},eim)
+ifeq "${IO_BUS}" "eim"
IO_OBJ = hal_io_eim.o novena-eim.o
-else ifeq (${IO_BUS},i2c)
+else ifeq "${IO_BUS}" "i2c"
IO_OBJ = hal_io_i2c.o
-else ifeq (${IO_BUS},fmc)
+else ifeq "${IO_BUS}" "fmc"
IO_OBJ = hal_io_fmc.o
endif
@@ -103,7 +99,7 @@ endif
# hard-to-debug function pointer errors. OTOH, if we're building for Linux
# (even on the Novena), we want to make it possible to build a shared library.
-ifneq (${IO_BUS},fmc)
+ifneq "${IO_BUS}" "fmc"
CFLAGS += -fPIC
endif
@@ -117,71 +113,67 @@ endif
KS_OBJ = ks.o
-ifeq (${KS},mmap)
+ifeq "${KS}" "mmap"
KS_OBJ += ks_mmap.o
-else ifeq (${KS},volatile)
+else ifeq "${KS}" "volatile"
KS_OBJ += ks_volatile.o
-else ifeq (${KS},flash)
+else ifeq "${KS}" "flash"
KS_OBJ += ks_flash.o
endif
-# RPC_CLIENT = none | local | remote | mixed
-# none: Build without RPC client
-# local: Build for Novena or dev-bridge, access FPGA cores directly.
-# remote: Build for other host, communicate with RPC server.
-# mixed: Do hashing locally in software, other functions remotely.
-#
-# RPC_SERVER = no | yes
+# RPC_MODE = none | server | client-simple | client-mixed
+# none: Build without RPC client, use cores directly.
+# server: Build for server side of RPC (HSM), use cores directly.
+# client-simple: Build for other host, communicate with cores via RPC server.
+# client-mixed: Like client-simple but do hashing locally in software and
+# support a local keystore (for PKCS #11 public keys, etc)
#
# RPC_TRANSPORT = loopback | serial | daemon
-# loopback: communicate over loopback socket on Novena
-# serial: communicate over USB in serial pass-through mode
-# daemon: communicate over USB via a daemon, to arbitrate multiple clients
+# loopback: Communicate over loopback socket on Novena
+# serial: Communicate over USB in serial pass-through mode
+# daemon: Communicate over USB via a daemon, to arbitrate multiple clients
#
-# RPC client locality flags passed here via CFLAGS are tested as
-# integers in the C preprocessor, so the symbols we pass must be
-# defined as macros in the C code, not enum tokens.
+# Note that RPC_MODE setting also controls the RPC_CLIENT setting passed to the C
+# preprocessor via CFLAGS. Whatever we pass here must evaluate to an integer in
+# the C preprocessor: we can use symbolic names so long as they're defined as macros
+# in the C code, but we can't use things like C enum symbols.
-ifneq (${RPC_CLIENT},none)
+ifneq "${RPC_MODE}" "none"
OBJ += rpc_api.o xdr.o
endif
-ifeq (${RPC_TRANSPORT},serial)
+ifeq "${RPC_TRANSPORT}" "serial"
OBJ += slip.o
endif
RPC_CLIENT_OBJ = rpc_client.o
-ifeq (${RPC_TRANSPORT},loopback)
+ifeq "${RPC_TRANSPORT}" "loopback"
RPC_CLIENT_OBJ += rpc_client_loopback.o
-else ifeq (${RPC_TRANSPORT},serial)
+else ifeq "${RPC_TRANSPORT}" "serial"
RPC_CLIENT_OBJ += rpc_client_serial.o
-else ifeq (${RPC_TRANSPORT},daemon)
+else ifeq "${RPC_TRANSPORT}" "daemon"
RPC_CLIENT_OBJ += rpc_client_daemon.o
endif
RPC_DISPATCH_OBJ = rpc_hash.o rpc_misc.o rpc_pkey.o
RPC_SERVER_OBJ = rpc_server.o
-ifeq (${RPC_TRANSPORT},loopback)
+ifeq "${RPC_TRANSPORT}" "loopback"
RPC_SERVER_OBJ += rpc_server_loopback.o
-else ifeq (${RPC_TRANSPORT},serial)
+else ifeq "${RPC_TRANSPORT}" "serial"
RPC_SERVER_OBJ += rpc_server_serial.o
endif
-ifeq (${RPC_SERVER},yes)
- OBJ += ${RPC_SERVER_OBJ}
-endif
-
-ifeq (${RPC_CLIENT},none)
+ifeq "${RPC_MODE}" "none"
OBJ += ${CORE_OBJ}
CFLAGS += -DHAL_RSA_USE_MODEXP=${RSA_USE_MODEXP_CORE}
-else ifeq (${RPC_CLIENT},local)
- OBJ += ${CORE_OBJ} ${RPC_CLIENT_OBJ} ${RPC_DISPATCH_OBJ}
+else ifeq "${RPC_MODE}" "server"
+ OBJ += ${CORE_OBJ} ${RPC_SERVER_OBJ} ${RPC_CLIENT_OBJ} ${RPC_DISPATCH_OBJ}
CFLAGS += -DRPC_CLIENT=RPC_CLIENT_LOCAL -DHAL_RSA_USE_MODEXP=${RSA_USE_MODEXP_CORE}
-else ifeq (${RPC_CLIENT},remote)
+else ifeq "${RPC_MODE}" "client-simple"
OBJ += ${RPC_CLIENT_OBJ}
CFLAGS += -DRPC_CLIENT=RPC_CLIENT_REMOTE -DHAL_RSA_USE_MODEXP=0
-else ifeq (${RPC_CLIENT},mixed)
+else ifeq "${RPC_MODE}" "client-mixed"
OBJ += ${RPC_CLIENT_OBJ} ${RPC_DISPATCH_OBJ}
CFLAGS += -DRPC_CLIENT=RPC_CLIENT_MIXED -DHAL_RSA_USE_MODEXP=0
KS = volatile
@@ -199,24 +191,17 @@ all: ${LIB}
cd tests; ${MAKE} CFLAGS='${CFLAGS} -I..' LDFLAGS='${LDFLAGS}' $@
cd utils; ${MAKE} CFLAGS='${CFLAGS} -I..' LDFLAGS='${LDFLAGS}' $@
-local:
- ${MAKE} RPC_CLIENT=local RPC_TRANSPORT=none
-
client:
- ${MAKE} RPC_CLIENT=remote
+ ${MAKE} RPC_MODE=client-simple
mixed:
- ${MAKE} RPC_CLIENT=mixed KS=volatile
+ ${MAKE} RPC_MODE=client-mixed
server:
- ${MAKE} RPC_SERVER=yes
-
-loopback:
- ${MAKE} RPC_CLIENT=remote RPC_SERVER=yes RPC_TRANSPORT=loopback
+ ${MAKE} RPC_MODE=server
daemon: cryptech_rpcd
-# ${MAKE} RPC_CLIENT=mixed RPC_TRANSPORT=daemon
- ${MAKE} RPC_CLIENT=remote RPC_TRANSPORT=daemon
+ ${MAKE} RPC_MODE=client-mixed RPC_TRANSPORT=daemon
cryptech_rpcd: daemon.o slip.o rpc_serial.o xdr.o
${CC} ${CFLAGS} -o $@ $^ ${LDFLAGS}
@@ -236,7 +221,7 @@ last_gasp_pin_internal.h:
./utils/last_gasp_default_pin >$@
test: all
- export RPC_CLIENT RPC_SERVER
+ export RPC_MODE
cd tests; ${MAKE} -k $@
clean:
diff --git a/tests/GNUmakefile b/tests/GNUmakefile
index 5e2b3ea..f4299a0 100644
--- a/tests/GNUmakefile
+++ b/tests/GNUmakefile
@@ -32,16 +32,24 @@ LIB = ../libhal.a
# Which tests to build depends on how the library was compiled.
-ifeq (${RPC_SERVER},yes)
- BIN += test-rpc_server
-endif
+CORE_TESTS = test-aes-key-wrap test-hash test-pbkdf2 test-ecdsa test-bus test-trng test-rsa test-mkmif
+SERVER_TESTS = test-rpc_server
+CLIENT_TESTS = test-rpc_hash test-rpc_pkey test-rpc_get_version test-rpc_get_random
-ifeq (${RPC_CLIENT},none)
- BIN += test-aes-key-wrap test-hash test-pbkdf2 test-ecdsa test-bus test-trng test-rsa
-endif
+ALL_TESTS = ${CORE_TESTS} ${SERVER_TESTS} ${CLIENT_TESTS}
+
+ifeq "${RPC_MODE}" "none"
+
+ BIN += ${CORE_TESTS}
+
+else ifeq "${RPC_MODE}" "server"
+
+ BIN += ${CORE_TESTS} ${SERVER_TESTS}
+
+else
+
+ BIN += ${CLIENT_TESTS}
-ifeq (${RPC_CLIENT},local)
- BIN += test-rpc_hash test-rpc_pkey test-rpc_get_version test-rpc_get_random
endif
CFLAGS = -g3 -Wall -fPIC -std=c99 -I..
@@ -51,8 +59,8 @@ all: ${BIN}
test: all
for i in ${BIN}; do (set -x; ./$$i); done
-clean:
- rm -f *.o ${BIN}
+clean distclean:
+ rm -f *.o ${ALL_TESTS}
${BIN}: %: %.o ${LIB}
${CC} ${CFLAGS} -o $@ $^ ${LDFLAGS}
--
cgit v1.2.3
From 34f32288afd87073eb5ab9bafc3f4202ab9a0551 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Tue, 14 Jun 2016 19:06:34 -0400
Subject: test-mkmif was missing from .gitignore.
---
.gitignore | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/.gitignore b/.gitignore
index 7131463..1625b1a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,14 +11,15 @@ tests/test-bus
tests/test-ecdsa
tests/test-ecdsa-*.der
tests/test-hash
+tests/test-mkmif
tests/test-pbkdf2
+tests/test-rpc_get_random
+tests/test-rpc_get_version
tests/test-rpc_hash
tests/test-rpc_pkey
tests/test-rpc_server
tests/test-rsa
tests/test-rsa-*.der
tests/test-trng
-tests/test-rpc_get_version
-tests/test-rpc_get_random
utils/cores
utils/eim_peek_poke
--
cgit v1.2.3
From 1c3e4894ea9f1a6f9bc6602e6454a6efd9562efa Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Tue, 14 Jun 2016 21:01:11 -0400
Subject: Doh, don't build RPC client transport code when we're building the
server library, even if the old makefile (sometimes) did do that.
---
GNUmakefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/GNUmakefile b/GNUmakefile
index b5f1f2b..14e94c6 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -168,7 +168,7 @@ ifeq "${RPC_MODE}" "none"
OBJ += ${CORE_OBJ}
CFLAGS += -DHAL_RSA_USE_MODEXP=${RSA_USE_MODEXP_CORE}
else ifeq "${RPC_MODE}" "server"
- OBJ += ${CORE_OBJ} ${RPC_SERVER_OBJ} ${RPC_CLIENT_OBJ} ${RPC_DISPATCH_OBJ}
+ OBJ += ${CORE_OBJ} ${RPC_SERVER_OBJ} ${RPC_DISPATCH_OBJ}
CFLAGS += -DRPC_CLIENT=RPC_CLIENT_LOCAL -DHAL_RSA_USE_MODEXP=${RSA_USE_MODEXP_CORE}
else ifeq "${RPC_MODE}" "client-simple"
OBJ += ${RPC_CLIENT_OBJ}
--
cgit v1.2.3