From a627a489e48cde75f80446e75d057fc1f12a0b98 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Thu, 9 Jun 2016 00:30:17 -0400 Subject: hash.c triggers gcc's strict-aliasing warnings. --- GNUmakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/GNUmakefile b/GNUmakefile index 0b3647b..c37d142 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -164,7 +164,7 @@ CFLAGS += -DRPC_CLIENT=${RPC_CLIENT_FLAG} endif TFMDIR := $(abspath ../thirdparty/libtfm) -CFLAGS += -g3 -Wall -std=c99 -I${TFMDIR} +CFLAGS += -g3 -Wall -std=c99 -Wno-strict-aliasing -I${TFMDIR} LDFLAGS := -g3 -L${TFMDIR} -ltfm CFLAGS += -DHAL_STATIC_HASH_STATE_BLOCKS=${STATIC_HASH_STATE_BLOCKS} -- cgit v1.2.3 From c4705484505ed29d17becd57117ea47cb8ab249d Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Thu, 9 Jun 2016 12:54:50 -0400 Subject: Typo in SHA-224/SHA-256 software core. --- hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hash.c b/hash.c index 225a99d..5fface0 100644 --- a/hash.c +++ b/hash.c @@ -1031,7 +1031,7 @@ static hal_error_t sw_hash_core_sha256(hal_hash_state_t *state) uint32_t *H = (uint32_t *) state->core_state, S[8], W[64]; if (state->block_count == 0) { - switch (state->driver_ctrl_mode & SHA256_MODE_MASK) { + switch (state->driver->ctrl_mode & SHA256_MODE_MASK) { case SHA256_MODE_SHA_224: memcpy(H, sha224_iv, sizeof(sha224_iv)); break; case SHA256_MODE_SHA_256: memcpy(H, sha256_iv, sizeof(sha256_iv)); break; default: return HAL_ERROR_IMPOSSIBLE; -- cgit v1.2.3 From 67cb831eae0224bd80786305cf73fe05c692b29c Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Thu, 9 Jun 2016 15:31:01 -0400 Subject: Fix duplicate dispatch vectors when building for RPC_CLIENT_LOCAL. --- rpc_client.c | 11 +++++------ rpc_server.c | 2 ++ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/rpc_client.c b/rpc_client.c index 3ac6d6e..c92571b 100644 --- a/rpc_client.c +++ b/rpc_client.c @@ -971,15 +971,14 @@ const hal_rpc_pkey_dispatch_t hal_rpc_mixed_pkey_dispatch = { #endif /* RPC_CLIENT != RPC_CLIENT_LOCAL */ -#if RPC_CLIENT == RPC_CLIENT_LOCAL -const hal_rpc_misc_dispatch_t * hal_rpc_misc_dispatch = &hal_rpc_local_misc_dispatch; -const hal_rpc_hash_dispatch_t * hal_rpc_hash_dispatch = &hal_rpc_local_hash_dispatch; -const hal_rpc_pkey_dispatch_t * hal_rpc_pkey_dispatch = &hal_rpc_local_pkey_dispatch; -#elif RPC_CLIENT == RPC_CLIENT_REMOTE + +#if RPC_CLIENT == RPC_CLIENT_REMOTE const hal_rpc_misc_dispatch_t * hal_rpc_misc_dispatch = &hal_rpc_remote_misc_dispatch; const hal_rpc_hash_dispatch_t * hal_rpc_hash_dispatch = &hal_rpc_remote_hash_dispatch; const hal_rpc_pkey_dispatch_t * hal_rpc_pkey_dispatch = &hal_rpc_remote_pkey_dispatch; -#elif RPC_CLIENT == RPC_CLIENT_MIXED +#endif + +#if RPC_CLIENT == RPC_CLIENT_MIXED const hal_rpc_misc_dispatch_t * hal_rpc_misc_dispatch = &hal_rpc_remote_misc_dispatch; const hal_rpc_hash_dispatch_t * hal_rpc_hash_dispatch = &hal_rpc_local_hash_dispatch; const hal_rpc_pkey_dispatch_t * hal_rpc_pkey_dispatch = &hal_rpc_mixed_pkey_dispatch; diff --git a/rpc_server.c b/rpc_server.c index a1bca26..65ba6bb 100644 --- a/rpc_server.c +++ b/rpc_server.c @@ -738,9 +738,11 @@ void hal_rpc_server_main(void) * Dispatch vectors. */ +#if RPC_CLIENT == RPC_CLIENT_LOCAL const hal_rpc_misc_dispatch_t *hal_rpc_misc_dispatch = &hal_rpc_local_misc_dispatch; const hal_rpc_hash_dispatch_t *hal_rpc_hash_dispatch = &hal_rpc_local_hash_dispatch; const hal_rpc_pkey_dispatch_t *hal_rpc_pkey_dispatch = &hal_rpc_local_pkey_dispatch; +#endif hal_error_t hal_rpc_server_init(void) { -- cgit v1.2.3 From b3744cda1a0fab9ded7a406594b94375e311ca19 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Fri, 10 Jun 2016 02:32:54 -0400 Subject: Another attempt to clean up the libhal makefile hairball. --- GNUmakefile | 113 ++++++++++++++++++++++++++++-------------------------- hal_internal.h | 23 ++++++----- tests/GNUmakefile | 24 ++++++------ 3 files changed, 83 insertions(+), 77 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index c37d142..dbf71f9 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -37,24 +37,42 @@ STATIC_PKEY_STATE_BLOCKS = 6 INC = hal.h hal_internal.h LIB = libhal.a -USAGE = "usage: make [IO_BUS=eim|i2c|fmc] [RPC_CLIENT=local|remote|mixed] [RPC_SERVER=yes] [KS=mmap|volatile|flash]" +# Error checking on known control options, some of which allow the user entirely too much rope. + +USAGE := "usage: make [IO_BUS=eim|i2c|fmc] [RPC_CLIENT=none|local|remote|mixed] [RPC_SERVER=no|yes] [KS=volatile|mmap|flash] [RPC_TRANSPORT=none|loopback|serial|daemon]" + +IO_BUS ?= eim +KS ?= mmap +RPC_CLIENT ?= none +RPC_SERVER ?= $(if $(filter local,${RPC_CLIENT}),yes,no) +RPC_TRANSPORT ?= daemon + +ifeq (,$(and \ + $(filter none eim i2c fmc ,${IO_BUS}),\ + $(filter none local remote mixed ,${RPC_CLIENT}),\ + $(filter no yes ,${RPC_SERVER}),\ + $(filter volatile mmap flash ,${KS}),\ + $(filter none loopback serial daemon ,${RPC_TRANSPORT}))) + $(error ${USAGE}) +endif + +ifneq (${RPC_SERVER},$(if $(filter local,${RPC_CLIENT}),yes,no)) + $(error RPC_SERVER=yes is probably only useful with RPC_CLIENT=local) +endif + +WANT_RTL_CODE := $(if $(filter none local,${RPC_CLIENT}),yes,no) -OBJ = errorstrings.o -CORE_OBJ = core.o ${HASH_OBJ} ${MISC_OBJ} ${PKEY_OBJ} ${PKEY2_OBJ} ${KS_OBJ} ${IO_OBJ} ${MKMIF_OBJ} -HASH_OBJ = hash.o -MISC_OBJ = csprng.o pbkdf2.o -PKEY_OBJ = asn1.o ecdsa.o rsa.o -PKEY2_OBJ = aes_keywrap.o modexp.o -MKMIF_OBJ = mkmif.o +OBJ = errorstrings.o hash.o asn1.o ecdsa.o rsa.o ${KS_OBJ} +CORE_OBJ = core.o csprng.o pbkdf2.o aes_keywrap.o modexp.o mkmif.o ${IO_OBJ} # I/O bus to the FPGA # -# IO_BUS = eim | i2c | fmc +# IO_BUS = none | eim | i2c | fmc +# none: no FPGA I/O bus # eim: EIM bus from Novena # i2c: older I2C bus from Novena # fmc: FMC bus from dev-bridge and alpha boards -IO_BUS ?= eim ifeq (${IO_BUS},eim) IO_OBJ = hal_io_eim.o novena-eim.o else ifeq (${IO_BUS},i2c) @@ -80,7 +98,7 @@ endif # and we haven't yet written the flash code for the bridge board. KS_OBJ = ks.o -KS ?= mmap + ifeq (${KS},mmap) KS_OBJ += ks_mmap.o else ifeq (${KS},volatile) @@ -89,80 +107,67 @@ else ifeq (${KS},flash) KS_OBJ += ks_flash.o endif -# RPC_CLIENT = local | remote | mixed +# RPC_CLIENT = none | local | remote | mixed +# none: Build without RPC client # local: Build for Novena or dev-bridge, access FPGA cores directly. # remote: Build for other host, communicate with RPC server. # mixed: Do hashing locally in software, other functions remotely. # -# RPC_SERVER = yes +# RPC_SERVER = no | yes # # RPC_TRANSPORT = loopback | serial | daemon # loopback: communicate over loopback socket on Novena # serial: communicate over USB in serial pass-through mode # daemon: communicate over USB via a daemon, to arbitrate multiple clients -RPC_TRANSPORT ?= daemon +ifneq (${RPC_CLIENT},none) + OBJ += rpc_api.o xdr.o +endif + +ifeq (${RPC_TRANSPORT},serial) + OBJ += slip.o +endif -RPC_CLIENT_OBJ = rpc_api.o rpc_client.o xdr.o +RPC_CLIENT_OBJ = rpc_client.o ifeq (${RPC_TRANSPORT},loopback) RPC_CLIENT_OBJ += rpc_client_loopback.o else ifeq (${RPC_TRANSPORT},serial) - RPC_CLIENT_OBJ += rpc_client_serial.o slip.o + RPC_CLIENT_OBJ += rpc_client_serial.o else ifeq (${RPC_TRANSPORT},daemon) RPC_CLIENT_OBJ += rpc_client_daemon.o endif RPC_DISPATCH_OBJ = rpc_hash.o rpc_misc.o rpc_pkey.o -RPC_SERVER_OBJ = rpc_api.o rpc_server.o xdr.o ${RPC_DISPATCH_OBJ} +RPC_SERVER_OBJ = rpc_server.o ifeq (${RPC_TRANSPORT},loopback) RPC_SERVER_OBJ += rpc_server_loopback.o else ifeq (${RPC_TRANSPORT},serial) - RPC_SERVER_OBJ += rpc_server_serial.o slip.o + RPC_SERVER_OBJ += rpc_server_serial.o endif -# Not building any of the RPC stuff, access FPGA cores directly. -ifndef RPC_CLIENT - ifndef RPC_SERVER - OBJ += ${CORE_OBJ} - endif +ifeq (${RPC_SERVER},yes) + OBJ += ${RPC_SERVER_OBJ} endif -# Building the RPC server. -ifdef RPC_SERVER - OBJ += ${CORE_OBJ} ${RPC_SERVER_OBJ} -endif - -# Building the RPC client, in all its variations. -ifdef RPC_CLIENT - OBJ += ${RPC_CLIENT_OBJ} - ifeq (${RPC_CLIENT},local) - OBJ += ${CORE_OBJ} ${RPC_DISPATCH_OBJ} - else - CFLAGS += -DHAL_RSA_USE_MODEXP=0 - OBJ += ${PKEY_OBJ} - ifeq (${RPC_CLIENT},mixed) - KS = volatile - OBJ += ${HASH_OBJ} ${PKEY2_OBJ} ${RPC_DISPATCH_OBJ} ${KS_OBJ} - endif - endif -endif - -# RPC client locality, for rpc_client.c. This has to be kept in sync with -# hal_internal.h. Yeah, it's ugly, but the C preprocessor can only -# compare integers, not strings. - -ifeq (${RPC_CLIENT},local) - RPC_CLIENT_FLAG = 0 +ifeq (${RPC_CLIENT},none) + OBJ += ${CORE_OBJ} +else ifeq (${RPC_CLIENT},local) + OBJ += ${CORE_OBJ} ${RPC_CLIENT_OBJS} ${RPC_DISPATCH_OBJS} + CFLAGS += -DRPC_CLIENT=RPC_CLIENT_LOCAL else ifeq (${RPC_CLIENT},remote) - RPC_CLIENT_FLAG = 1 + OBJ += ${RPC_CLIENT_OBJS} + CFLAGS += -DRPC_CLIENT=RPC_CLIENT_REMOTE -DHAL_RSA_USE_MODEXP=0 else ifeq (${RPC_CLIENT},mixed) - RPC_CLIENT_FLAG = 2 -endif -ifdef RPC_CLIENT_FLAG -CFLAGS += -DRPC_CLIENT=${RPC_CLIENT_FLAG} + OBJ += ${RPC_CLIENT_OBJS} ${RPC_DISPATCH_OBJS} + CFLAGS += -DRPC_CLIENT=RPC_CLIENT_MIXED -DHAL_RSA_USE_MODEXP=0 + KS = volatile endif +# RPC client locality, for rpc_client.c. Value passed here is tested +# as an integer in the C preprocessor, so the symbols used here need +# to be defined as macros in the C code, not enum tokens. + TFMDIR := $(abspath ../thirdparty/libtfm) CFLAGS += -g3 -Wall -std=c99 -Wno-strict-aliasing -I${TFMDIR} LDFLAGS := -g3 -L${TFMDIR} -ltfm diff --git a/hal_internal.h b/hal_internal.h index 60aed3b..9896ac0 100644 --- a/hal_internal.h +++ b/hal_internal.h @@ -241,7 +241,7 @@ extern const hal_rpc_pkey_dispatch_t hal_rpc_local_pkey_dispatch, hal_rpc_remote * See code in rpc_pkey.c for how this flag fits into the pkey handle. */ -#define HAL_PKEY_HANDLE_PROXIMATE_FLAG (1 << 31) +#define HAL_PKEY_HANDLE_PROXIMATE_FLAG (1 << 31) /* * Keystore API. @@ -257,9 +257,9 @@ extern const hal_rpc_pkey_dispatch_t hal_rpc_local_pkey_dispatch, hal_rpc_remote * * 2048-bit RSA: 1194 bytes * 4096-bit RSA: 2351 bytes - * 8192-bit RSA: 4655 bytes - * EC P-256: 121 bytes - * EC P-384: 167 bytes + * 8192-bit RSA: 4655 bytes + * EC P-256: 121 bytes + * EC P-384: 167 bytes * EC P-521: 223 bytes * * Plus we need a bit of AES-keywrap overhead, since we're storing the @@ -271,7 +271,7 @@ extern const hal_rpc_pkey_dispatch_t hal_rpc_local_pkey_dispatch, hal_rpc_remote * to keep them private, they don't require tamper-protected RAM. */ -#define HAL_KS_WRAPPED_KEYSIZE ((4655 + 15) & ~7) +#define HAL_KS_WRAPPED_KEYSIZE ((4655 + 15) & ~7) #ifndef HAL_STATIC_PKEY_STATE_BLOCKS #define HAL_STATIC_PKEY_STATE_BLOCKS 0 @@ -429,14 +429,17 @@ typedef enum { RPC_FUNC_PKEY_RENAME, } rpc_func_num_t; -#define RPC_VERSION 0x00010000 /* 0.1.0.0 */ +#define RPC_VERSION 0x00010000 /* 0.1.0.0 */ -/* RPC client locality. These have to be defines rather than an enum, +/* + * RPC client locality. These have to be defines rather than an enum, * because they're handled by the preprocessor. */ -#define RPC_CLIENT_LOCAL 0 -#define RPC_CLIENT_REMOTE 1 -#define RPC_CLIENT_MIXED 2 + +#define RPC_CLIENT_LOCAL 0 +#define RPC_CLIENT_REMOTE 1 +#define RPC_CLIENT_MIXED 2 +#define RPC_CLIENT_NONE 3 #endif /* _HAL_INTERNAL_H_ */ diff --git a/tests/GNUmakefile b/tests/GNUmakefile index 65c7a25..5e2b3ea 100644 --- a/tests/GNUmakefile +++ b/tests/GNUmakefile @@ -29,21 +29,19 @@ INC = ../hal.h LIB = ../libhal.a -BIN := test-aes-key-wrap test-hash test-pbkdf2 test-ecdsa test-bus test-trng test-rsa -ifndef RPC_SERVER - ifdef RPC_CLIENT - ifneq (${RPC_CLIENT},local) - # If we're only building a remote RPC client lib, don't include - # tests that access the FPGA cores. - BIN := - endif - endif + +# Which tests to build depends on how the library was compiled. + +ifeq (${RPC_SERVER},yes) + BIN += test-rpc_server endif -ifdef RPC_CLIENT - BIN += test-rpc_hash test-rpc_pkey test-rpc_get_version test-rpc_get_random + +ifeq (${RPC_CLIENT},none) + BIN += test-aes-key-wrap test-hash test-pbkdf2 test-ecdsa test-bus test-trng test-rsa endif -ifdef RPC_SERVER - BIN += test-rpc_server + +ifeq (${RPC_CLIENT},local) + BIN += test-rpc_hash test-rpc_pkey test-rpc_get_version test-rpc_get_random endif CFLAGS = -g3 -Wall -fPIC -std=c99 -I.. -- cgit v1.2.3 From d3c389455f3e4084968da796d33e12d3fb32f85b Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Fri, 10 Jun 2016 02:47:16 -0400 Subject: Helps to get the makefile variable names right. --- GNUmakefile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index dbf71f9..1862cb8 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -119,6 +119,10 @@ endif # loopback: communicate over loopback socket on Novena # serial: communicate over USB in serial pass-through mode # daemon: communicate over USB via a daemon, to arbitrate multiple clients +# +# RPC client locality flags passed here via CFLAGS are tested as +# integers in the C preprocessor, so the symbols we pass must be +# defined as macros in the C code, not enum tokens. ifneq (${RPC_CLIENT},none) OBJ += rpc_api.o xdr.o @@ -153,21 +157,17 @@ endif ifeq (${RPC_CLIENT},none) OBJ += ${CORE_OBJ} else ifeq (${RPC_CLIENT},local) - OBJ += ${CORE_OBJ} ${RPC_CLIENT_OBJS} ${RPC_DISPATCH_OBJS} + OBJ += ${CORE_OBJ} ${RPC_CLIENT_OBJ} ${RPC_DISPATCH_OBJ} CFLAGS += -DRPC_CLIENT=RPC_CLIENT_LOCAL else ifeq (${RPC_CLIENT},remote) - OBJ += ${RPC_CLIENT_OBJS} + OBJ += ${RPC_CLIENT_OBJ} CFLAGS += -DRPC_CLIENT=RPC_CLIENT_REMOTE -DHAL_RSA_USE_MODEXP=0 else ifeq (${RPC_CLIENT},mixed) - OBJ += ${RPC_CLIENT_OBJS} ${RPC_DISPATCH_OBJS} + OBJ += ${RPC_CLIENT_OBJ} ${RPC_DISPATCH_OBJ} CFLAGS += -DRPC_CLIENT=RPC_CLIENT_MIXED -DHAL_RSA_USE_MODEXP=0 KS = volatile endif -# RPC client locality, for rpc_client.c. Value passed here is tested -# as an integer in the C preprocessor, so the symbols used here need -# to be defined as macros in the C code, not enum tokens. - TFMDIR := $(abspath ../thirdparty/libtfm) CFLAGS += -g3 -Wall -std=c99 -Wno-strict-aliasing -I${TFMDIR} LDFLAGS := -g3 -L${TFMDIR} -ltfm -- cgit v1.2.3 From 01e87b5d974c1ad761448732b78e7b33a43c6b61 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Fri, 10 Jun 2016 11:29:38 -0400 Subject: Allow host-side libhal build without access to secure hardware to store unencrypted public keys (we don't allow this for private keys). Yet another screwball feature to support PKCS #11, sigh. Anyway, with this change, mixed-mode builds should work again. --- ks.c | 45 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/ks.c b/ks.c index b6cb32f..d252620 100644 --- a/ks.c +++ b/ks.c @@ -42,12 +42,28 @@ #define KEK_LENGTH (bitsToBytes(256)) +/* + * In "remote" and "mixed" RPC modes we're a software only RPC client + * without (direct) access to secure hardware, thus there is no real + * point in encrypting keys. As precautions, we (a) warn about this + * when configured in one of these modes, and (b) refuse to store any + * sort of private keys. + */ + +#define USE_KEK (RPC_CLIENT != RPC_CLIENT_REMOTE && RPC_CLIENT != RPC_CLIENT_MIXED) + +#if !USE_KEK +#warning ks.c compiled without KEK support and will only accept public keys -- this is normal for the host-side build of libhsm +#endif + static inline int acceptable_key_type(const hal_key_type_t type) { switch (type) { +#if USE_KEK case HAL_KEY_TYPE_RSA_PRIVATE: - case HAL_KEY_TYPE_RSA_PUBLIC: case HAL_KEY_TYPE_EC_PRIVATE: +#endif + case HAL_KEY_TYPE_RSA_PUBLIC: case HAL_KEY_TYPE_EC_PUBLIC: return 1; default: @@ -96,6 +112,8 @@ hal_error_t hal_ks_store(const hal_key_type_t type, memset(&k, 0, sizeof(k)); k.der_len = sizeof(k.der); +#if USE_KEK + uint8_t kek[KEK_LENGTH]; size_t kek_len; @@ -107,6 +125,16 @@ hal_error_t hal_ks_store(const hal_key_type_t type, if (err != HAL_OK) return err; +#else /* USE_KEK */ + + if (der_len > k.der_len) + return HAL_ERROR_RESULT_TOO_LONG; + + k.der_len = der_len; + memcpy(k.der, der, der_len); + +#endif /* USE_KEK */ + assert(name_len <= sizeof(k.name)); memcpy(k.name, name, name_len); k.name_len = name_len; @@ -199,6 +227,9 @@ hal_error_t hal_ks_fetch(const hal_key_type_t type, *der_len = k->der_len; if (der != NULL) { + +#if USE_KEK + uint8_t kek[KEK_LENGTH]; size_t kek_len, der_len_; hal_error_t err; @@ -215,6 +246,18 @@ hal_error_t hal_ks_fetch(const hal_key_type_t type, if (err != HAL_OK) return err; + +#else /* USE_KEK */ + + if (k->der_len > der_max) + return HAL_ERROR_RESULT_TOO_LONG; + + if (der_len != NULL) + *der_len = k->der_len; + + memcpy(der, k->der, k->der_len); + +#endif /* USE_KEK */ } return HAL_OK; -- cgit v1.2.3 From 290d6ff054e2b68717eacc15ddaecae080d1ad3d Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sun, 12 Jun 2016 18:31:55 -0400 Subject: Turn hardware modexp off again, as it has problems with some of the key sizes hsmbully tries. --- GNUmakefile | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 1862cb8..04efc1f 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -39,20 +39,22 @@ LIB = libhal.a # Error checking on known control options, some of which allow the user entirely too much rope. -USAGE := "usage: make [IO_BUS=eim|i2c|fmc] [RPC_CLIENT=none|local|remote|mixed] [RPC_SERVER=no|yes] [KS=volatile|mmap|flash] [RPC_TRANSPORT=none|loopback|serial|daemon]" +USAGE := "usage: ${MAKE} [IO_BUS=eim|i2c|fmc] [RPC_CLIENT=none|local|remote|mixed] [RPC_SERVER=no|yes] [KS=volatile|mmap|flash] [RPC_TRANSPORT=none|loopback|serial|daemon] [MODEXP_CORE=no|yes]" IO_BUS ?= eim KS ?= mmap RPC_CLIENT ?= none RPC_SERVER ?= $(if $(filter local,${RPC_CLIENT}),yes,no) RPC_TRANSPORT ?= daemon +MODEXP_CORE ?= no ifeq (,$(and \ $(filter none eim i2c fmc ,${IO_BUS}),\ $(filter none local remote mixed ,${RPC_CLIENT}),\ $(filter no yes ,${RPC_SERVER}),\ $(filter volatile mmap flash ,${KS}),\ - $(filter none loopback serial daemon ,${RPC_TRANSPORT}))) + $(filter none loopback serial daemon ,${RPC_TRANSPORT}),\ + $(filter no yes ,${MODEXP_CORE}))) $(error ${USAGE}) endif @@ -60,9 +62,25 @@ ifneq (${RPC_SERVER},$(if $(filter local,${RPC_CLIENT}),yes,no)) $(error RPC_SERVER=yes is probably only useful with RPC_CLIENT=local) endif -WANT_RTL_CODE := $(if $(filter none local,${RPC_CLIENT}),yes,no) +# Whether the RSA code should use the ModExp | ModExpS6 | ModExpA7 core. + +ifeq (${MODEXP_CORE},yes) + RSA_USE_MODEXP_CORE := 1 +else + RSA_USE_MODEXP_CORE := 0 +endif + +# Object files to build, initialized with ones we always want. +# There's a balance here between skipping files we don't strictly +# need and reducing the number of unnecessary conditionals in this +# makefile, so the working definition of "always want" is sometimes +# just "building this is harmless even if we don't use it." OBJ = errorstrings.o hash.o asn1.o ecdsa.o rsa.o ${KS_OBJ} + +# Object files to build when we're on a platform with direct access +# to our hardware (Verilog) cores. + CORE_OBJ = core.o csprng.o pbkdf2.o aes_keywrap.o modexp.o mkmif.o ${IO_OBJ} # I/O bus to the FPGA @@ -156,9 +174,10 @@ endif ifeq (${RPC_CLIENT},none) OBJ += ${CORE_OBJ} + CFLAGS += -DHAL_RSA_USE_MODEXP=${RSA_USE_MODEXP_CORE} else ifeq (${RPC_CLIENT},local) OBJ += ${CORE_OBJ} ${RPC_CLIENT_OBJ} ${RPC_DISPATCH_OBJ} - CFLAGS += -DRPC_CLIENT=RPC_CLIENT_LOCAL + CFLAGS += -DRPC_CLIENT=RPC_CLIENT_LOCAL -DHAL_RSA_USE_MODEXP=${RSA_USE_MODEXP_CORE} else ifeq (${RPC_CLIENT},remote) OBJ += ${RPC_CLIENT_OBJ} CFLAGS += -DRPC_CLIENT=RPC_CLIENT_REMOTE -DHAL_RSA_USE_MODEXP=0 @@ -232,3 +251,6 @@ tags: TAGS TAGS: *.[ch] tests/*.[ch] utils/*.[ch] etags $^ + +help usage: + @echo ${USAGE} -- cgit v1.2.3 From a20af9980516d516f0403bb80551db8d283aa383 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Mon, 13 Jun 2016 12:49:53 -0400 Subject: Allow NULL der_len parameter in hal-rsa_private_key_to_der(). --- rsa.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/rsa.c b/rsa.c index 7269aa9..8438bea 100644 --- a/rsa.c +++ b/rsa.c @@ -697,7 +697,7 @@ hal_error_t hal_rsa_private_key_to_der(const hal_rsa_key_t * const key, { hal_error_t err = HAL_OK; - if (key == NULL || der_len == NULL || key->type != HAL_KEY_TYPE_RSA_PRIVATE) + if (key == NULL || key->type != HAL_KEY_TYPE_RSA_PRIVATE) return HAL_ERROR_BAD_ARGUMENTS; fp_int version[1] = INIT_FP_INT; @@ -706,9 +706,9 @@ hal_error_t hal_rsa_private_key_to_der(const hal_rsa_key_t * const key, * Calculate data length. */ - size_t vlen = 0; + size_t hlen = 0, vlen = 0; -#define _(x) { size_t i; if ((err = hal_asn1_encode_integer(x, NULL, &i, der_max - vlen)) != HAL_OK) return err; vlen += i; } +#define _(x) { size_t n; if ((err = hal_asn1_encode_integer(x, NULL, &n, der_max - vlen)) != HAL_OK) return err; vlen += n; } RSAPrivateKey_fields; #undef _ @@ -716,11 +716,11 @@ hal_error_t hal_rsa_private_key_to_der(const hal_rsa_key_t * const key, * Encode header. */ - if ((err = hal_asn1_encode_header(ASN1_SEQUENCE, vlen, der, der_len, der_max)) != HAL_OK) + if ((err = hal_asn1_encode_header(ASN1_SEQUENCE, vlen, der, &hlen, der_max)) != HAL_OK) return err; - const size_t hlen = *der_len; - *der_len += vlen; + if (der_len != NULL) + *der_len = hlen + vlen; if (der == NULL) return HAL_OK; @@ -731,7 +731,7 @@ hal_error_t hal_rsa_private_key_to_der(const hal_rsa_key_t * const key, der += hlen; -#define _(x) { size_t i; if ((err = hal_asn1_encode_integer(x, der, &i, vlen)) != HAL_OK) return err; der += i; vlen -= i; } +#define _(x) { size_t n; if ((err = hal_asn1_encode_integer(x, der, &n, vlen)) != HAL_OK) return err; der += n; vlen -= n; } RSAPrivateKey_fields; #undef _ -- cgit v1.2.3 From 97c3a85d32893ec5f17ecd807a45bac935e42dd5 Mon Sep 17 00:00:00 2001 From: Paul Selkirk Date: Tue, 14 Jun 2016 17:25:29 -0400 Subject: Add support for ModExpA7 --- core.c | 1 + hal.h | 10 ++++++++-- rsa.c | 3 ++- tests/test-rsa.c | 2 ++ verilog_constants.h | 17 +++++++++++++++++ 5 files changed, 30 insertions(+), 3 deletions(-) diff --git a/core.c b/core.c index b7bf3b0..ffe61e6 100644 --- a/core.c +++ b/core.c @@ -108,6 +108,7 @@ static int name_matches(const hal_core_t *const core, const char * const name) static const struct { const char *name; hal_addr_t extra; } gaps[] = { { "csprng", 11 * CORE_SIZE }, /* empty slots after csprng */ { "modexps6", 3 * CORE_SIZE }, /* ModexpS6 uses four slots */ + { "modexpa7", 3 * CORE_SIZE }, /* ModexpA7 uses four slots */ }; static hal_core_t *probe_cores(void) diff --git a/hal.h b/hal.h index 12ed579..776acac 100644 --- a/hal.h +++ b/hal.h @@ -90,8 +90,14 @@ #define CHACHA_NAME "chacha " #define CHACHA_VERSION "0.80" -#define MODEXPS6_NAME "modexps6" -#define MODEXPS6_VERSION "0.10" +#define MODEXP_NAME "modexp" +#define MODEXP_VERSION "0.10" + +#define MODEXPS6_NAME "modexps6" +#define MODEXPS6_VERSION "0.10" + +#define MODEXPA7_NAME "modexpa7" +#define MODEXPA7_VERSION "0.10" #define MKMIF_NAME "mkmif " #define MKMIF_VERSION "0.10" diff --git a/rsa.c b/rsa.c index 8438bea..c8a1479 100644 --- a/rsa.c +++ b/rsa.c @@ -197,7 +197,8 @@ static hal_error_t modexp(const hal_core_t *core, { hal_error_t err = HAL_OK; - if ((err = hal_core_check_name(&core, MODEXPS6_NAME)) != HAL_OK) + if (((err = hal_core_check_name(&core, MODEXPS6_NAME)) != HAL_OK) && + ((err = hal_core_check_name(&core, MODEXPA7_NAME)) != HAL_OK)) return err; assert(msg != NULL && exp != NULL && mod != NULL && res != NULL); diff --git a/tests/test-rsa.c b/tests/test-rsa.c index 1fc516b..60fe2a5 100644 --- a/tests/test-rsa.c +++ b/tests/test-rsa.c @@ -299,6 +299,8 @@ static int test_rsa(const hal_core_t *core, const rsa_tc_t * const tc) int main(int argc, char *argv[]) { const hal_core_t *core = hal_core_find(MODEXPS6_NAME, NULL); + if (core == NULL) + core = hal_core_find(MODEXPA7_NAME, NULL); const hal_core_info_t *core_info = hal_core_info(core); if (core_info != NULL) diff --git a/verilog_constants.h b/verilog_constants.h index 085b973..f0ae070 100644 --- a/verilog_constants.h +++ b/verilog_constants.h @@ -223,6 +223,23 @@ #define MODEXPS6_ADDR_EXPONENT (MODEXPS6_ADDR_OPERANDS + 2 * MODEXPS6_OPERAND_WORDS) #define MODEXPS6_ADDR_RESULT (MODEXPS6_ADDR_OPERANDS + 3 * MODEXPS6_OPERAND_WORDS) +/* + * ModExpA7 core. MODEXPA7_OPERAND_BITS is size in bits of largest + * supported modulus. + */ + +#define MODEXPA7_OPERAND_BITS (4096) +#define MODEXPA7_OPERAND_WORDS (MODEXPA7_OPERAND_BITS / 32) +#define MODEXPA7_ADDR_REGISTERS (0 * MODEXPA7_OPERAND_WORDS) +#define MODEXPA7_ADDR_OPERANDS (4 * MODEXPA7_OPERAND_WORDS) +#define MODEXPA7_ADDR_MODE (MODEXPA7_ADDR_REGISTERS + 0x10) +#define MODEXPA7_ADDR_MODULUS_WIDTH (MODEXPA7_ADDR_REGISTERS + 0x11) +#define MODEXPA7_ADDR_EXPONENT_WIDTH (MODEXPA7_ADDR_REGISTERS + 0x12) +#define MODEXPA7_ADDR_MODULUS (MODEXPA7_ADDR_OPERANDS + 0 * MODEXPA7_OPERAND_WORDS) +#define MODEXPA7_ADDR_MESSAGE (MODEXPA7_ADDR_OPERANDS + 1 * MODEXPA7_OPERAND_WORDS) +#define MODEXPA7_ADDR_EXPONENT (MODEXPA7_ADDR_OPERANDS + 2 * MODEXPA7_OPERAND_WORDS) +#define MODEXPA7_ADDR_RESULT (MODEXPA7_ADDR_OPERANDS + 3 * MODEXPA7_OPERAND_WORDS) + /* * Utility cores. */ -- cgit v1.2.3 From 282617c06a8b5eff135d1cf6f1d6fe148f632c5a Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Tue, 14 Jun 2016 18:57:06 -0400 Subject: Collapse RPC_CLIENT and RPC_SERVER makefile settings into a single RPC_MODE setting. --- GNUmakefile | 117 ++++++++++++++++++++++++------------------------------ tests/GNUmakefile | 28 ++++++++----- 2 files changed, 69 insertions(+), 76 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 04efc1f..b5f1f2b 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -39,32 +39,28 @@ LIB = libhal.a # Error checking on known control options, some of which allow the user entirely too much rope. -USAGE := "usage: ${MAKE} [IO_BUS=eim|i2c|fmc] [RPC_CLIENT=none|local|remote|mixed] [RPC_SERVER=no|yes] [KS=volatile|mmap|flash] [RPC_TRANSPORT=none|loopback|serial|daemon] [MODEXP_CORE=no|yes]" +USAGE := "usage: ${MAKE} [IO_BUS=eim|i2c|fmc] [RPC_MODE=none|server|client-simple|client-mixed] [KS=volatile|mmap|flash] [RPC_TRANSPORT=none|loopback|serial|daemon] [MODEXP_CORE=no|yes]" IO_BUS ?= eim -KS ?= mmap -RPC_CLIENT ?= none -RPC_SERVER ?= $(if $(filter local,${RPC_CLIENT}),yes,no) +KS ?= volatile +RPC_MODE ?= none RPC_TRANSPORT ?= daemon MODEXP_CORE ?= no ifeq (,$(and \ - $(filter none eim i2c fmc ,${IO_BUS}),\ - $(filter none local remote mixed ,${RPC_CLIENT}),\ - $(filter no yes ,${RPC_SERVER}),\ - $(filter volatile mmap flash ,${KS}),\ - $(filter none loopback serial daemon ,${RPC_TRANSPORT}),\ - $(filter no yes ,${MODEXP_CORE}))) + $(filter none eim i2c fmc ,${IO_BUS}),\ + $(filter none server client-simple client-mixed ,${RPC_MODE}),\ + $(filter volatile mmap flash ,${KS}),\ + $(filter none loopback serial daemon ,${RPC_TRANSPORT}),\ + $(filter no yes ,${MODEXP_CORE}))) $(error ${USAGE}) endif -ifneq (${RPC_SERVER},$(if $(filter local,${RPC_CLIENT}),yes,no)) - $(error RPC_SERVER=yes is probably only useful with RPC_CLIENT=local) -endif +$(info Building libhal with configuration IO_BUS=${IO_BUS} RPC_MODE=${RPC_MODE} KS=${KS} RPC_TRANSPORT=${RPC_TRANSPORT} MODEXP_CORE=${MODEXP_CORE}) # Whether the RSA code should use the ModExp | ModExpS6 | ModExpA7 core. -ifeq (${MODEXP_CORE},yes) +ifeq "${MODEXP_CORE}" "yes" RSA_USE_MODEXP_CORE := 1 else RSA_USE_MODEXP_CORE := 0 @@ -86,16 +82,16 @@ CORE_OBJ = core.o csprng.o pbkdf2.o aes_keywrap.o modexp.o mkmif.o ${IO_OBJ} # I/O bus to the FPGA # # IO_BUS = none | eim | i2c | fmc -# none: no FPGA I/O bus -# eim: EIM bus from Novena -# i2c: older I2C bus from Novena -# fmc: FMC bus from dev-bridge and alpha boards +# none: No FPGA I/O bus +# eim: EIM bus from Novena +# i2c: Older I2C bus from Novena +# fmc: FMC bus from dev-bridge and alpha boards -ifeq (${IO_BUS},eim) +ifeq "${IO_BUS}" "eim" IO_OBJ = hal_io_eim.o novena-eim.o -else ifeq (${IO_BUS},i2c) +else ifeq "${IO_BUS}" "i2c" IO_OBJ = hal_io_i2c.o -else ifeq (${IO_BUS},fmc) +else ifeq "${IO_BUS}" "fmc" IO_OBJ = hal_io_fmc.o endif @@ -103,7 +99,7 @@ endif # hard-to-debug function pointer errors. OTOH, if we're building for Linux # (even on the Novena), we want to make it possible to build a shared library. -ifneq (${IO_BUS},fmc) +ifneq "${IO_BUS}" "fmc" CFLAGS += -fPIC endif @@ -117,71 +113,67 @@ endif KS_OBJ = ks.o -ifeq (${KS},mmap) +ifeq "${KS}" "mmap" KS_OBJ += ks_mmap.o -else ifeq (${KS},volatile) +else ifeq "${KS}" "volatile" KS_OBJ += ks_volatile.o -else ifeq (${KS},flash) +else ifeq "${KS}" "flash" KS_OBJ += ks_flash.o endif -# RPC_CLIENT = none | local | remote | mixed -# none: Build without RPC client -# local: Build for Novena or dev-bridge, access FPGA cores directly. -# remote: Build for other host, communicate with RPC server. -# mixed: Do hashing locally in software, other functions remotely. -# -# RPC_SERVER = no | yes +# RPC_MODE = none | server | client-simple | client-mixed +# none: Build without RPC client, use cores directly. +# server: Build for server side of RPC (HSM), use cores directly. +# client-simple: Build for other host, communicate with cores via RPC server. +# client-mixed: Like client-simple but do hashing locally in software and +# support a local keystore (for PKCS #11 public keys, etc) # # RPC_TRANSPORT = loopback | serial | daemon -# loopback: communicate over loopback socket on Novena -# serial: communicate over USB in serial pass-through mode -# daemon: communicate over USB via a daemon, to arbitrate multiple clients +# loopback: Communicate over loopback socket on Novena +# serial: Communicate over USB in serial pass-through mode +# daemon: Communicate over USB via a daemon, to arbitrate multiple clients # -# RPC client locality flags passed here via CFLAGS are tested as -# integers in the C preprocessor, so the symbols we pass must be -# defined as macros in the C code, not enum tokens. +# Note that RPC_MODE setting also controls the RPC_CLIENT setting passed to the C +# preprocessor via CFLAGS. Whatever we pass here must evaluate to an integer in +# the C preprocessor: we can use symbolic names so long as they're defined as macros +# in the C code, but we can't use things like C enum symbols. -ifneq (${RPC_CLIENT},none) +ifneq "${RPC_MODE}" "none" OBJ += rpc_api.o xdr.o endif -ifeq (${RPC_TRANSPORT},serial) +ifeq "${RPC_TRANSPORT}" "serial" OBJ += slip.o endif RPC_CLIENT_OBJ = rpc_client.o -ifeq (${RPC_TRANSPORT},loopback) +ifeq "${RPC_TRANSPORT}" "loopback" RPC_CLIENT_OBJ += rpc_client_loopback.o -else ifeq (${RPC_TRANSPORT},serial) +else ifeq "${RPC_TRANSPORT}" "serial" RPC_CLIENT_OBJ += rpc_client_serial.o -else ifeq (${RPC_TRANSPORT},daemon) +else ifeq "${RPC_TRANSPORT}" "daemon" RPC_CLIENT_OBJ += rpc_client_daemon.o endif RPC_DISPATCH_OBJ = rpc_hash.o rpc_misc.o rpc_pkey.o RPC_SERVER_OBJ = rpc_server.o -ifeq (${RPC_TRANSPORT},loopback) +ifeq "${RPC_TRANSPORT}" "loopback" RPC_SERVER_OBJ += rpc_server_loopback.o -else ifeq (${RPC_TRANSPORT},serial) +else ifeq "${RPC_TRANSPORT}" "serial" RPC_SERVER_OBJ += rpc_server_serial.o endif -ifeq (${RPC_SERVER},yes) - OBJ += ${RPC_SERVER_OBJ} -endif - -ifeq (${RPC_CLIENT},none) +ifeq "${RPC_MODE}" "none" OBJ += ${CORE_OBJ} CFLAGS += -DHAL_RSA_USE_MODEXP=${RSA_USE_MODEXP_CORE} -else ifeq (${RPC_CLIENT},local) - OBJ += ${CORE_OBJ} ${RPC_CLIENT_OBJ} ${RPC_DISPATCH_OBJ} +else ifeq "${RPC_MODE}" "server" + OBJ += ${CORE_OBJ} ${RPC_SERVER_OBJ} ${RPC_CLIENT_OBJ} ${RPC_DISPATCH_OBJ} CFLAGS += -DRPC_CLIENT=RPC_CLIENT_LOCAL -DHAL_RSA_USE_MODEXP=${RSA_USE_MODEXP_CORE} -else ifeq (${RPC_CLIENT},remote) +else ifeq "${RPC_MODE}" "client-simple" OBJ += ${RPC_CLIENT_OBJ} CFLAGS += -DRPC_CLIENT=RPC_CLIENT_REMOTE -DHAL_RSA_USE_MODEXP=0 -else ifeq (${RPC_CLIENT},mixed) +else ifeq "${RPC_MODE}" "client-mixed" OBJ += ${RPC_CLIENT_OBJ} ${RPC_DISPATCH_OBJ} CFLAGS += -DRPC_CLIENT=RPC_CLIENT_MIXED -DHAL_RSA_USE_MODEXP=0 KS = volatile @@ -199,24 +191,17 @@ all: ${LIB} cd tests; ${MAKE} CFLAGS='${CFLAGS} -I..' LDFLAGS='${LDFLAGS}' $@ cd utils; ${MAKE} CFLAGS='${CFLAGS} -I..' LDFLAGS='${LDFLAGS}' $@ -local: - ${MAKE} RPC_CLIENT=local RPC_TRANSPORT=none - client: - ${MAKE} RPC_CLIENT=remote + ${MAKE} RPC_MODE=client-simple mixed: - ${MAKE} RPC_CLIENT=mixed KS=volatile + ${MAKE} RPC_MODE=client-mixed server: - ${MAKE} RPC_SERVER=yes - -loopback: - ${MAKE} RPC_CLIENT=remote RPC_SERVER=yes RPC_TRANSPORT=loopback + ${MAKE} RPC_MODE=server daemon: cryptech_rpcd -# ${MAKE} RPC_CLIENT=mixed RPC_TRANSPORT=daemon - ${MAKE} RPC_CLIENT=remote RPC_TRANSPORT=daemon + ${MAKE} RPC_MODE=client-mixed RPC_TRANSPORT=daemon cryptech_rpcd: daemon.o slip.o rpc_serial.o xdr.o ${CC} ${CFLAGS} -o $@ $^ ${LDFLAGS} @@ -236,7 +221,7 @@ last_gasp_pin_internal.h: ./utils/last_gasp_default_pin >$@ test: all - export RPC_CLIENT RPC_SERVER + export RPC_MODE cd tests; ${MAKE} -k $@ clean: diff --git a/tests/GNUmakefile b/tests/GNUmakefile index 5e2b3ea..f4299a0 100644 --- a/tests/GNUmakefile +++ b/tests/GNUmakefile @@ -32,16 +32,24 @@ LIB = ../libhal.a # Which tests to build depends on how the library was compiled. -ifeq (${RPC_SERVER},yes) - BIN += test-rpc_server -endif +CORE_TESTS = test-aes-key-wrap test-hash test-pbkdf2 test-ecdsa test-bus test-trng test-rsa test-mkmif +SERVER_TESTS = test-rpc_server +CLIENT_TESTS = test-rpc_hash test-rpc_pkey test-rpc_get_version test-rpc_get_random -ifeq (${RPC_CLIENT},none) - BIN += test-aes-key-wrap test-hash test-pbkdf2 test-ecdsa test-bus test-trng test-rsa -endif +ALL_TESTS = ${CORE_TESTS} ${SERVER_TESTS} ${CLIENT_TESTS} + +ifeq "${RPC_MODE}" "none" + + BIN += ${CORE_TESTS} + +else ifeq "${RPC_MODE}" "server" + + BIN += ${CORE_TESTS} ${SERVER_TESTS} + +else + + BIN += ${CLIENT_TESTS} -ifeq (${RPC_CLIENT},local) - BIN += test-rpc_hash test-rpc_pkey test-rpc_get_version test-rpc_get_random endif CFLAGS = -g3 -Wall -fPIC -std=c99 -I.. @@ -51,8 +59,8 @@ all: ${BIN} test: all for i in ${BIN}; do (set -x; ./$$i); done -clean: - rm -f *.o ${BIN} +clean distclean: + rm -f *.o ${ALL_TESTS} ${BIN}: %: %.o ${LIB} ${CC} ${CFLAGS} -o $@ $^ ${LDFLAGS} -- cgit v1.2.3 From 34f32288afd87073eb5ab9bafc3f4202ab9a0551 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Tue, 14 Jun 2016 19:06:34 -0400 Subject: test-mkmif was missing from .gitignore. --- .gitignore | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 7131463..1625b1a 100644 --- a/.gitignore +++ b/.gitignore @@ -11,14 +11,15 @@ tests/test-bus tests/test-ecdsa tests/test-ecdsa-*.der tests/test-hash +tests/test-mkmif tests/test-pbkdf2 +tests/test-rpc_get_random +tests/test-rpc_get_version tests/test-rpc_hash tests/test-rpc_pkey tests/test-rpc_server tests/test-rsa tests/test-rsa-*.der tests/test-trng -tests/test-rpc_get_version -tests/test-rpc_get_random utils/cores utils/eim_peek_poke -- cgit v1.2.3 From 1c3e4894ea9f1a6f9bc6602e6454a6efd9562efa Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Tue, 14 Jun 2016 21:01:11 -0400 Subject: Doh, don't build RPC client transport code when we're building the server library, even if the old makefile (sometimes) did do that. --- GNUmakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/GNUmakefile b/GNUmakefile index b5f1f2b..14e94c6 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -168,7 +168,7 @@ ifeq "${RPC_MODE}" "none" OBJ += ${CORE_OBJ} CFLAGS += -DHAL_RSA_USE_MODEXP=${RSA_USE_MODEXP_CORE} else ifeq "${RPC_MODE}" "server" - OBJ += ${CORE_OBJ} ${RPC_SERVER_OBJ} ${RPC_CLIENT_OBJ} ${RPC_DISPATCH_OBJ} + OBJ += ${CORE_OBJ} ${RPC_SERVER_OBJ} ${RPC_DISPATCH_OBJ} CFLAGS += -DRPC_CLIENT=RPC_CLIENT_LOCAL -DHAL_RSA_USE_MODEXP=${RSA_USE_MODEXP_CORE} else ifeq "${RPC_MODE}" "client-simple" OBJ += ${RPC_CLIENT_OBJ} -- cgit v1.2.3