Age | Commit message (Collapse) | Author | |
---|---|---|---|
2018-08-15 | Add support for Joachim's keywrap core. | Paul Selkirk | |
2018-07-31 | Add hashsig description to README | Paul Selkirk | |
2018-07-25 | Merge branch 'hashsig' | Paul Selkirk | |
2018-07-24 | Change the rest of the hashsig ASN.1 wrapper functions to static inline, for ↵ | Paul Selkirk | |
consistency. | |||
2018-07-24 | A recent(?) version of arm-none-eabi-gcc decided to make storage for enums | Paul Selkirk | |
the minimum size necessary, so hal_asn1_decode_lms_algorithm and hal_asn1_decode_lmots_algorithm were writing 4 bytes of data into 1-byte variables. Hilarity ensued. Yes, I already knew that conflating enum with uint32_t was a bad idea, I was just being lazy. For that matter, sizeof(size_t) isn't guaranteed either, although arm-none-eabi-gcc treats it as 32 bits on this 32-bit target (for now), so exercise proper data hygiene in hal_asn1_decode_size_t as well. | |||
2018-07-24 | Add protection against trying to use hashsig while the restart mechanism is ↵ | Paul Selkirk | |
rebuilding the tree. | |||
2018-07-24 | Housekeeping: Mark hal_ks_pin_uuid extern, so it doesn't get instantiated in ↵ | Paul Selkirk | |
each object module. | |||
2018-07-24 | Add descriptions of signature algorithm OIDs, because pre-encoded ASN.1 ↵ | Paul Selkirk | |
blobs are really inscrutable. | |||
2018-07-16 | No-op out core alloc/free when no cores exist. | Rob Austein | |
2018-07-15 | Support PF_UNIX socket inode modes other than 0600. | Rob Austein | |
2018-05-27 | Inline hal_core_base(). | Rob Austein | |
2018-05-27 | FMC cleanup: constification, gratuitous pointer. | Rob Austein | |
2018-05-22 | Disable seldom-used FMC I/O debugging code by default. | Rob Austein | |
Profiling reports significant time spent in the hal_io_fmc.c debugging code even when runtime debugging is off. This is odd, and may be a profiling artifact, but we don't use that debugging code often, so if it costs anything at all we might as well disable it when not needed. | |||
2018-05-20 | Drop <assert.h> now that everything should be using hal_assert() instead. | Rob Austein | |
2018-05-20 | Better hal_core_alloc() semantics, assert() and printf() cleanup. | Rob Austein | |
Various fixes extracted from the abandoned(-for-now?) reuse-cores branch, principally: * Change hal_core_alloc*() to support core reuse and to pick the least-recently-used core of a particular type otherwise; * Replace assert() and printf() calls with hal_assert() and hal_log(), respectively. assert() is particularly useless on the HSM, since it sends its error message into hyperspace then hangs the HSM. | |||
2018-05-20 | Clean up parallel signature test script. | Rob Austein | |
Aside from not really needing to use every crayon in the box, using a simpler control structure makes exceptions behave more as one expects. | |||
2018-05-20 | Add small cache for RSA blinding factors. | Rob Austein | |
Generating new RSA blinding factors turns out to be relatively expensive, but we can amortize that cost by maintaining a small cache and simply mutating old values after each use with a cheaper operation. Squaring works, pretty much by definition. Blinding factors are only sort-of-sensitive: we don't want them to leak out of the HSM, but they're only based on the public modulus, not the private key components, and we're only using them to foil side channel attacks, so the risk involved in caching them seems small. For the moment, the cache is very small, since we only care about this for bulk signature operations. Tune this later if it becomes an issue. | |||
2018-05-20 | Silence compiler warning in revised hal_ks_fetch(). | Rob Austein | |
2018-05-19 | Release keystore lock before unwrapping key. | Rob Austein | |
hal_ks_fetch() was written as lock-at-the-top, unlock-at-the-bottom to keep it as simple as possible, but this turns out to have bad performance implications when unwrapping the key is slow. So now we grab the wrapped key, release the lock, then unwrap, which should be safe enough given that hal_ks_fetch() is read-only. This lets us make better use of multiple AES cores to unwrap in parallel when we have multiple active clients. | |||
2018-05-01 | Add some yields to try to improve responsiveness during hashsig key ↵ | Paul Selkirk | |
generation and deletion. | |||
2018-04-19 | Merge branch 'profiling' into hashsig | Paul Selkirk | |
2018-04-19 | Rebase hashsig from master | Paul Selkirk | |
2018-04-19 | Reconstruct the hashsig hash tree(s) on device restart. | Paul Selkirk | |
2018-04-19 | Update to draft-10: clarifications and Test Case 2; | Paul Selkirk | |
add ability to export public key to xdr for interop testing | |||
2018-04-19 | For 2^w and 2^h, replace hard-coded w2 and h2 values with 1<<w and 1<<h. | Paul Selkirk | |
2018-04-19 | Add Test Case 2 from draft-mcgrew-09 | Paul Selkirk | |
2018-04-19 | Fold the coef* functions into a single function, because that really was ↵ | Paul Selkirk | |
premature optimization. | |||
2018-04-19 | Fix coef4, which was swapping digits | Paul Selkirk | |
2018-04-19 | Implement hash-based signatures, per draft-mcgrew-hash-sigs-08.txt | Paul Selkirk | |
2018-04-19 | Add hal_ks_available | Paul Selkirk | |
2018-04-19 | Encode/decode uint32_t and octet strings | Paul Selkirk | |
2018-04-19 | Clean up RPC code, track changes to XDR API. | Paul Selkirk | |
2018-04-19 | Refactor XDR code, add support for fixed-length opaque data. | Paul Selkirk | |
2018-04-19 | Reconstruct the hashsig hash tree(s) on device restart. | Paul Selkirk | |
2018-04-14 | Clean up definition of HAL_KS_WRAPPED_KEYSIZE. | Rob Austein | |
2018-03-30 | More accurate timing. | Rob Austein | |
2018-03-30 | Tweak report output. | Rob Austein | |
Copy ContextManagedUnpacker from latest version of libhal.py so that this script won't depend on the current development code. | |||
2018-03-30 | First cut at parallel signature timing test. | Rob Austein | |
At the moment this only handles RSA keys, and can only handle one size of key at a time. More bells and whistles will follow eventually, now that the basic asynchronous API to our RPC protocol works. | |||
2018-03-25 | Clear search state variables in rsa.c's find_prime(). | Rob Austein | |
Failing to clear the temporary buffer used to transfer bits from the TRNG into a bignum was a real leak of something very close to keying material, albeit only onto the local stack where it was almost certain to have been overwritten by subsequent operations (generation of other key components, wrap and PKCS #8 encoding) before pkey_generate_rsa() ever returned to its caller. Still, bad coder, no biscuit. Failing to clear the remainders array was probably harmless, but doctrine says clear it anyway. | |||
2018-03-21 | Supply our own context manager instead of using contextlib. | Rob Austein | |
contextlib is cute, but incompatible with other coroutine schemes like Tornado, so just write our own context manager for xdrlib.Unpacker. | |||
2018-03-15 | Update to draft-10: clarifications and Test Case 2; | Paul Selkirk | |
add ability to export public key to xdr for interop testing | |||
2018-03-10 | For 2^w and 2^h, replace hard-coded w2 and h2 values with 1<<w and 1<<h. | Paul Selkirk | |
2018-03-10 | Add Test Case 2 from draft-mcgrew-09 | Paul Selkirk | |
2018-03-10 | Fold the coef* functions into a single function, because that really was ↵ | Paul Selkirk | |
premature optimization. | |||
2018-03-10 | Fix coef4, which was swapping digits | Paul Selkirk | |
2018-02-27 | Implement hash-based signatures, per draft-mcgrew-hash-sigs-08.txt | Paul Selkirk | |
2018-02-27 | Add hal_ks_available | Paul Selkirk | |
2018-02-27 | Encode/decode uint32_t and octet strings | Paul Selkirk | |
2018-02-27 | Clean up RPC code, track changes to XDR API. | Paul Selkirk | |
2018-02-27 | Refactor XDR code, add support for fixed-length opaque data. | Paul Selkirk | |