[Cryptech-Commits] [user/sra/novena-releng] 01/03: Initial version of Novean release engineering superrepository. Not yet fully tested.

git at cryptech.is git at cryptech.is
Sat Jul 4 05:39:58 UTC 2015


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch master
in repository user/sra/novena-releng.

commit ea04b71ff14523ffcfc02eb43cf509e238807bef
Author: Rob Austein <sra at hactrn.net>
Date:   Sat Jul 4 00:18:36 2015 -0400

    Initial version of Novean release engineering superrepository.
    Not yet fully tested.
---
 .gitmodules                       | 48 +++++++++++++++++++++++++++
 Makefile                          | 70 +++++++++++++++++++++++++++++++++++++++
 README.md                         | 10 ++++++
 rtl/Makefile                      | 16 +++++++++
 rtl/core/cipher/aes               |  1 +
 rtl/core/cipher/chacha            |  1 +
 rtl/core/comm/eim                 |  1 +
 rtl/core/hash/sha1                |  1 +
 rtl/core/hash/sha256              |  1 +
 rtl/core/hash/sha512              |  1 +
 rtl/core/math/modexp              |  1 +
 rtl/core/platform/common          |  1 +
 rtl/core/platform/novena          |  1 +
 rtl/core/rng/avalanche_entropy    |  1 +
 rtl/core/rng/rosc_entropy         |  1 +
 rtl/core/rng/trng                 |  1 +
 rtl/debian/compat                 |  1 +
 rtl/debian/control                | 14 ++++++++
 rtl/debian/copyright              | 27 +++++++++++++++
 rtl/debian/rules                  |  4 +++
 rtl/debian/source/format          |  1 +
 rtl/patches/01-config-cores.patch | 27 +++++++++++++++
 sw/Makefile                       | 21 ++++++++++++
 sw/debian/compat                  |  1 +
 sw/debian/control                 | 14 ++++++++
 sw/debian/copyright               | 27 +++++++++++++++
 sw/debian/rules                   |  4 +++
 sw/debian/source/format           |  1 +
 sw/sw/libhal                      |  1 +
 sw/sw/libtfm                      |  1 +
 sw/sw/pkcs11                      |  1 +
 sw/sw/sqlite3                     |  1 +
 32 files changed, 302 insertions(+)

diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..8e21521
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,48 @@
+[submodule "sw/sw/libhal"]
+	path = sw/sw/libhal
+	url = git at git.cryptech.is:user/sra/libhal
+[submodule "sw/sw/libtfm"]
+	path = sw/sw/libtfm
+	url = git at git.cryptech.is:user/sra/libtfm
+[submodule "sw/sw/pkcs11"]
+	path = sw/sw/pkcs11
+	url = git at git.cryptech.is:user/sra/pkcs11
+[submodule "sw/sw/sqlite3"]
+	path = sw/sw/sqlite3
+	url = git at git.cryptech.is:user/sra/sqlite3
+[submodule "rtl/core/cipher/aes"]
+	path = rtl/core/cipher/aes
+	url = git at git.cryptech.is:core/cipher/aes.git
+[submodule "rtl/core/cipher/chacha"]
+	path = rtl/core/cipher/chacha
+	url = git at git.cryptech.is:core/cipher/chacha.git
+[submodule "rtl/core/comm/eim"]
+	path = rtl/core/comm/eim
+	url = git at git.cryptech.is:core/comm/eim.git
+[submodule "rtl/core/hash/sha1"]
+	path = rtl/core/hash/sha1
+	url = git at git.cryptech.is:core/hash/sha1.git
+[submodule "rtl/core/hash/sha256"]
+	path = rtl/core/hash/sha256
+	url = git at git.cryptech.is:core/hash/sha256.git
+[submodule "rtl/core/hash/sha512"]
+	path = rtl/core/hash/sha512
+	url = git at git.cryptech.is:core/hash/sha512.git
+[submodule "rtl/core/math/modexp"]
+	path = rtl/core/math/modexp
+	url = git at git.cryptech.is:core/math/modexp.git
+[submodule "rtl/core/platform/common"]
+	path = rtl/core/platform/common
+	url = git at git.cryptech.is:core/platform/common.git
+[submodule "rtl/core/platform/novena"]
+	path = rtl/core/platform/novena
+	url = git at git.cryptech.is:core/platform/novena.git
+[submodule "rtl/core/rng/avalanche_entropy"]
+	path = rtl/core/rng/avalanche_entropy
+	url = git at git.cryptech.is:core/rng/avalanche_entropy.git
+[submodule "rtl/core/rng/rosc_entropy"]
+	path = rtl/core/rng/rosc_entropy
+	url = git at git.cryptech.is:core/rng/rosc_entropy.git
+[submodule "rtl/core/rng/trng"]
+	path = rtl/core/rng/trng
+	url = git at git.cryptech.is:core/rng/trng.git
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..b1c7467
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,70 @@
+# Top-level build of packages for Novena PVT-1.
+#
+# Building source and binary packages separately isn't strictly
+# necessary, but simplifies fault isolation.
+#
+# We generate the changes file on the fly to keep all the version
+# information in one place.  Nothing actually uses the changes file
+# once we've generated the source package, so this is harmless.  If
+# somebody really wants to be the human maintainer for a changes
+# file, be my guest.
+#
+# We don't sign anything yet.  This will need fixing.
+
+# Version of the software in human terms (major.minor)
+
+export CRYPTECH_VERSION := 1.0
+
+# Version suffix to add to package names.  The extra fields come from
+# HEAD of the git superrepository.  The date field is primarily to
+# make sure that versions sort into the correct order when fed to
+# reprepro; the commit hash uniquely identifies the (base) version of
+# the superrepository that generated the packages.  This won't help if
+# somebody publishes packages generated with a modified version of the
+# superrepository, so don't do that (add check for uncommitted # changes?)
+
+ifdef NOTYET
+
+HEAD_TIME := $(shell git show -s --format=%ct HEAD)
+HEAD_HASH := $(shell git rev-parse HEAD)
+
+CRYPTECH_PACKAGE_VERSION := ${CRYPTECH_VERSION}~${HEAD_TIME}~${HEAD_HASH}
+
+else
+
+CRYPTECH_PACKAGE_VERSION := ${CRYPTECH_VERSION}~something
+
+endif
+
+# Make sure git can find certificatess.  We might want to change this
+# to use GIT_SSL_CAINFO so we can specify a particular file, perhaps
+# even a file in this repository, but skip that for the moment.
+
+export GIT_SSL_CAPATH=/etc/ssl/certs
+
+# Command to generate a new changelog containing one entry.
+# Does nothing if the changelog already exists.
+
+DCH =	test -f debian/changelog || \
+	EDITOR=true VISUAL=true TZ=UTC DEBEMAIL='APT Builder Robot <aptbot at cryptech.is>' \
+	dch --create --package cryptech-novena-$(1) --newversion '${CRYPTECH_PACKAGE_VERSION}' \
+	'Version ${CRYPTECH_VERSION} of Cryptech $(2) for the Novena PVT-1 development board.'
+
+
+all: init sw rtl
+
+init:
+	git submodule update --init --recursive
+
+sw:
+	cd sw; $(call DCH,sw,software tools)
+	cd sw; debuild -S -uc -us
+	cd sw; debuild -b -uc -us -aarmhf
+
+rtl:
+	cd rtl; $(call DCH,rtl,RTL bitstream)
+	cd rtl; debuild -S -uc -us
+	cd rtl; debuild -b -uc -us
+
+
+.PHONY: sw rtl
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..b7a8b7c
--- /dev/null
+++ b/README.md
@@ -0,0 +1,10 @@
+novena-releng
+=============
+
+Release engineering tree for the Cryptech code for the Novena PVT-1,
+initially targetted at what we need to package for IETF 93 in Praha.
+
+General idea is to build two binary packages, one with the bitstream
+for the FPGA, one for software cross-compiled for the Novena.  Might
+want a third package just as a meta package to pull the first two in
+via dependencies.
diff --git a/rtl/Makefile b/rtl/Makefile
new file mode 100644
index 0000000..79ebf76
--- /dev/null
+++ b/rtl/Makefile
@@ -0,0 +1,16 @@
+BUILD_DIR := core/platform/novena/eim/build
+
+# This business of patching files that are under revision control
+# because we can't be bothered to generate a proper configuration file
+# is kind of nasty.
+
+all:
+	patch -p1 --forward <patches/01-config-cores.patch
+	cd ${BUILD_DIR}; $(MAKE)
+	patch -p1 --reverse <patches/01-config-cores.patch
+
+clean:
+	cd ${BUILD_DIR}; $(MAKE) clean
+
+install:
+	install -D ${BUILD_DIR}/novena_eim.bit ${DESTDIR}/usr/share/cryptech/novena_eim.bit
diff --git a/rtl/core/cipher/aes b/rtl/core/cipher/aes
new file mode 160000
index 0000000..fc8c932
--- /dev/null
+++ b/rtl/core/cipher/aes
@@ -0,0 +1 @@
+Subproject commit fc8c9324320af3fc258df33f176583506ea5de38
diff --git a/rtl/core/cipher/chacha b/rtl/core/cipher/chacha
new file mode 160000
index 0000000..549b75a
--- /dev/null
+++ b/rtl/core/cipher/chacha
@@ -0,0 +1 @@
+Subproject commit 549b75a635817ce263c368c9b8b5b0b07f90ec21
diff --git a/rtl/core/comm/eim b/rtl/core/comm/eim
new file mode 160000
index 0000000..9ed8ee7
--- /dev/null
+++ b/rtl/core/comm/eim
@@ -0,0 +1 @@
+Subproject commit 9ed8ee7596023a6f4e43d8468bbdd0473c6570ed
diff --git a/rtl/core/hash/sha1 b/rtl/core/hash/sha1
new file mode 160000
index 0000000..febb275
--- /dev/null
+++ b/rtl/core/hash/sha1
@@ -0,0 +1 @@
+Subproject commit febb27562431216a080cb980fdcda09454e72c38
diff --git a/rtl/core/hash/sha256 b/rtl/core/hash/sha256
new file mode 160000
index 0000000..ce56b11
--- /dev/null
+++ b/rtl/core/hash/sha256
@@ -0,0 +1 @@
+Subproject commit ce56b11187b92572193fa9327841ad2ef2e792f8
diff --git a/rtl/core/hash/sha512 b/rtl/core/hash/sha512
new file mode 160000
index 0000000..51ad57c
--- /dev/null
+++ b/rtl/core/hash/sha512
@@ -0,0 +1 @@
+Subproject commit 51ad57c37bb4a0f59e4af4ee069ac18f8fb9284e
diff --git a/rtl/core/math/modexp b/rtl/core/math/modexp
new file mode 160000
index 0000000..e61c650
--- /dev/null
+++ b/rtl/core/math/modexp
@@ -0,0 +1 @@
+Subproject commit e61c65059054df407206e58b88a1b203f5ad3c3e
diff --git a/rtl/core/platform/common b/rtl/core/platform/common
new file mode 160000
index 0000000..f05a3c6
--- /dev/null
+++ b/rtl/core/platform/common
@@ -0,0 +1 @@
+Subproject commit f05a3c65ec65004b097cb63d5ac6d463a7a9dc2f
diff --git a/rtl/core/platform/novena b/rtl/core/platform/novena
new file mode 160000
index 0000000..33cc55a
--- /dev/null
+++ b/rtl/core/platform/novena
@@ -0,0 +1 @@
+Subproject commit 33cc55adaf9ff31473802414f9c0d6e4a553cddf
diff --git a/rtl/core/rng/avalanche_entropy b/rtl/core/rng/avalanche_entropy
new file mode 160000
index 0000000..4a0c596
--- /dev/null
+++ b/rtl/core/rng/avalanche_entropy
@@ -0,0 +1 @@
+Subproject commit 4a0c59617c582ef3f0e558067f913309db772f75
diff --git a/rtl/core/rng/rosc_entropy b/rtl/core/rng/rosc_entropy
new file mode 160000
index 0000000..4c3b76c
--- /dev/null
+++ b/rtl/core/rng/rosc_entropy
@@ -0,0 +1 @@
+Subproject commit 4c3b76c5b8d2809b236d2396ed6a8b36be4587e8
diff --git a/rtl/core/rng/trng b/rtl/core/rng/trng
new file mode 160000
index 0000000..d5974ed
--- /dev/null
+++ b/rtl/core/rng/trng
@@ -0,0 +1 @@
+Subproject commit d5974ed0d389f8953b23d98bb69b1576adad27b8
diff --git a/rtl/debian/compat b/rtl/debian/compat
new file mode 100644
index 0000000..ec63514
--- /dev/null
+++ b/rtl/debian/compat
@@ -0,0 +1 @@
+9
diff --git a/rtl/debian/control b/rtl/debian/control
new file mode 100644
index 0000000..84a4e91
--- /dev/null
+++ b/rtl/debian/control
@@ -0,0 +1,14 @@
+Source: cryptech-novena-rtl
+Maintainer: Paul Selkirk <paul at psgd.org>
+Section: misc
+Priority: optional
+Standards-Version: 3.9.6
+Build-Depends: debhelper (>= 9)
+Homepage: http://trac.cryptech.is/wiki
+
+Package: cryptech-novena-rtl
+Architecture: all
+Depends: libc6 (>= 2.13), ${misc:Depends}
+Description: Cryptech open-source crypto hardware
+ "cryptech-novena-rtl" contains FGPA configuration (RTL bitstream) for the Cryptech project on
+ the Novena PVT-1 development board.
diff --git a/rtl/debian/copyright b/rtl/debian/copyright
new file mode 100644
index 0000000..fd7518e
--- /dev/null
+++ b/rtl/debian/copyright
@@ -0,0 +1,27 @@
+Copyright (c) 2015, NORDUnet A/S All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+- Redistributions of source code must retain the above copyright notice,
+  this list of conditions and the following disclaimer.
+
+- Redistributions in binary form must reproduce the above copyright
+  notice, this list of conditions and the following disclaimer in the
+  documentation and/or other materials provided with the distribution.
+
+- Neither the name of the NORDUnet nor the names of its contributors may
+  be used to endorse or promote products derived from this software
+  without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/rtl/debian/rules b/rtl/debian/rules
new file mode 100755
index 0000000..2d33f6a
--- /dev/null
+++ b/rtl/debian/rules
@@ -0,0 +1,4 @@
+#!/usr/bin/make -f
+
+%:
+	dh $@
diff --git a/rtl/debian/source/format b/rtl/debian/source/format
new file mode 100644
index 0000000..89ae9db
--- /dev/null
+++ b/rtl/debian/source/format
@@ -0,0 +1 @@
+3.0 (native)
diff --git a/rtl/patches/01-config-cores.patch b/rtl/patches/01-config-cores.patch
new file mode 100644
index 0000000..245e8a3
--- /dev/null
+++ b/rtl/patches/01-config-cores.patch
@@ -0,0 +1,27 @@
+Description: configure core selectors for cryptech dnssec signer
+
+--- core/platform/common/core_selector/src/rtl/cipher_selector.v~
++++ core/platform/common/core_selector/src/rtl/cipher_selector.v
+@@ -67,7 +67,7 @@ module cipher_selector
+    //----------------------------------------------------------------
+    // Comment following lines to exclude cores from implementation.
+    `define  USE_CORE_AES
+-   `define  USE_CORE_CHACHA
++//   `define  USE_CORE_CHACHA
+ 
+ 
+    //----------------------------------------------------------------
+--- core/platform/common/core_selector/src/rtl/hash_selector.v~
++++ core/platform/common/core_selector/src/rtl/hash_selector.v
+@@ -125,9 +125,9 @@ XXX move to `define in wrapper core??
+    // List of Available Cores
+    //----------------------------------------------------------------
+    // Comment following lines to exclude cores from implementation.
+-   `define  USE_CORE_SHA1
++//   `define  USE_CORE_SHA1
+    `define  USE_CORE_SHA256
+-   `define  USE_CORE_SHA512
++//   `define  USE_CORE_SHA512
+    
+    
+    //----------------------------------------------------------------
diff --git a/sw/Makefile b/sw/Makefile
new file mode 100644
index 0000000..962d448
--- /dev/null
+++ b/sw/Makefile
@@ -0,0 +1,21 @@
+export CC	:= arm-linux-gnueabihf-gcc 
+export AR	:= arm-linux-gnueabihf-ar
+export OBJCOPY	:= arm-linux-gnueabihf-objcopy 
+
+# Something is messing up the CFLAGS and LDFLAGS settings to libhal.
+# Using autoconf was probably a mistake, but hack around it for now.
+
+all:
+	cd sw/libtfm;  ${MAKE}
+	cd sw/libhal;  ./configure CFLAGS='-g3 -Wall -fPIC -std=c99 -I$${TFMDIR}' LDFLAGS='-g3 -L$${TFMDIR} -ltfm'
+	cd sw/libhal;  ${MAKE}
+	cd sw/sqlite3; ${MAKE} CROSS_COMPILE=arm-unknown-linux-gnueabi
+	cd sw/pkcs11;  ${MAKE}
+
+clean distclean:
+	for d in libtfm libhal sqlite3 pkcs11; do (cd sw/$$d && ${MAKE} $@); done
+
+install: all
+	install -D sw/pkcs11/libpkcs11.so ${DESTDIR}/usr/lib/libpkcs11.so
+	install -D sw/pkcs11/p11util      ${DESTDIR}/usr/sbin/p11util
+
diff --git a/sw/debian/compat b/sw/debian/compat
new file mode 100644
index 0000000..ec63514
--- /dev/null
+++ b/sw/debian/compat
@@ -0,0 +1 @@
+9
diff --git a/sw/debian/control b/sw/debian/control
new file mode 100644
index 0000000..4d83526
--- /dev/null
+++ b/sw/debian/control
@@ -0,0 +1,14 @@
+Source: cryptech-novena-sw
+Maintainer: Paul Selkirk <paul at psgd.org>
+Section: misc
+Priority: optional
+Standards-Version: 3.9.6
+Build-Depends: debhelper (>= 9)
+Homepage: http://trac.cryptech.is/wiki
+
+Package: cryptech-novena-sw
+Architecture: armhf
+Depends: libc6 (>= 2.13), ${misc:Depends}
+Description: Cryptech open-source crypto software
+ "cryptech-novena-sw" contains software for use with the Cryptech Project RTL images on
+ the Novena PVT-1 development board.
diff --git a/sw/debian/copyright b/sw/debian/copyright
new file mode 100644
index 0000000..fd7518e
--- /dev/null
+++ b/sw/debian/copyright
@@ -0,0 +1,27 @@
+Copyright (c) 2015, NORDUnet A/S All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+- Redistributions of source code must retain the above copyright notice,
+  this list of conditions and the following disclaimer.
+
+- Redistributions in binary form must reproduce the above copyright
+  notice, this list of conditions and the following disclaimer in the
+  documentation and/or other materials provided with the distribution.
+
+- Neither the name of the NORDUnet nor the names of its contributors may
+  be used to endorse or promote products derived from this software
+  without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/sw/debian/rules b/sw/debian/rules
new file mode 100755
index 0000000..2d33f6a
--- /dev/null
+++ b/sw/debian/rules
@@ -0,0 +1,4 @@
+#!/usr/bin/make -f
+
+%:
+	dh $@
diff --git a/sw/debian/source/format b/sw/debian/source/format
new file mode 100644
index 0000000..89ae9db
--- /dev/null
+++ b/sw/debian/source/format
@@ -0,0 +1 @@
+3.0 (native)
diff --git a/sw/sw/libhal b/sw/sw/libhal
new file mode 160000
index 0000000..e80f25d
--- /dev/null
+++ b/sw/sw/libhal
@@ -0,0 +1 @@
+Subproject commit e80f25d31235628f2d9cfb410d48bcc83b4487d5
diff --git a/sw/sw/libtfm b/sw/sw/libtfm
new file mode 160000
index 0000000..108e789
--- /dev/null
+++ b/sw/sw/libtfm
@@ -0,0 +1 @@
+Subproject commit 108e78987bc39f11d0abbba7dbfe80704cbf0282
diff --git a/sw/sw/pkcs11 b/sw/sw/pkcs11
new file mode 160000
index 0000000..5f0d1c2
--- /dev/null
+++ b/sw/sw/pkcs11
@@ -0,0 +1 @@
+Subproject commit 5f0d1c2ecfde778a164dd4cfc362f7bd29ebe241
diff --git a/sw/sw/sqlite3 b/sw/sw/sqlite3
new file mode 160000
index 0000000..7bdeab3
--- /dev/null
+++ b/sw/sw/sqlite3
@@ -0,0 +1 @@
+Subproject commit 7bdeab315c5fdaf6d1b087423b98e80e80fefec8



More information about the Commits mailing list