aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-11-01Fix hal_rpc_pkey_match() calling convention.Rob Austein
Old calling sequence didn't quite work, caller had no sane way to know how large the buffer needed to be. Revised sequence is similar to what the PKCS #11 C_FindObject() call does: return the next batch of UUIDs, up to the number specified, end of data indicated by getting back something less than a full block of UUIDs.
2016-11-01Clean out debugging code (flash I/O ring log).Rob Austein
2016-11-01hal_ks_index_fsck() and a pile of debugging code.Rob Austein
The debugging code was for tracking down what turned out to be a race condition in the Alpha's flash driver code (see sw/stm32); much of this was temporary, and will be removed in a (near) future commit, but some of the techniques were useful and belong in the repository in case we need to pull them back for something similar in the future. hal_ks_index_fsck() attempts to diagnose all the things I found wrong in the ks_flash index after one long series of errors. As presently written, it doesn't attempt to fix anything, just diagnose errors: the intent is that we can call this, before and after every modification if necessary, to poinpoint exactly which calls introduce errors. Once things stablize a bit, we may want to crank down the number of calls to this (it's a bit expensive, since it checks the entire index), and perhaps add the ability to clean up whatever errors it might find; the latter might be a good candidate for a CLI command.
2016-10-30Interop tests against Python RSA and ECDSA implementations.Rob Austein
2016-10-30Continue fleshing out libhal Python unit tests.Rob Austein
2016-10-30Preliminary libhal.py test code superseded by unit-tests.pyRob Austein
2016-10-30Use public RPC API when dispatching from RPC server.Rob Austein
The rpc_server code used to bypass the public API calls by using the RPC dispatch vectors directly, but doing so bypasses various checks for trivial argument errors. It's not safe for the HSM to trust the client to check these, and duplicating the checks in the client and server code is error prone, so the best solution is for the server code to dispatch via the public API, as it was originally designed to do, and not try to micro-optimize the dispatch calls.
2016-10-29Add a bunch of static key tests, including a mixed-mode workout suite.Rob Austein
2016-10-29Mixed mode needs to support PKCS #1.5 DigestInfo for RSA.Rob Austein
2016-10-26Version 0.1 of a set of HSM unit tests, using the Python RPC API.Rob Austein
This is very incomplete. Portions of it are still verbatim copies of the PKCS #11 unit tests, and have not yet been pruned for relevance, much less converted to the corresponding libhal tests.
2016-10-26Add PyCrypto-based mixed-mode support to Python RPC client.Rob Austein
2016-10-26Fix pure-remote-mode hal_rpc_pkey_{sign,verify}().Rob Austein
Pure-remote-mode (where even the hashing is done in the HSM) did not work, because XDR passes zero length strings rather than NULL string pointers. Mostly, we use fixed mode, so nobody noticed.
2016-10-25Uppercase HAL_DIGEST_ALGORITHM_ symbols for API consistency.Rob Austein
2016-10-24Flesh out key object access control.Rob Austein
This is more complicated than I'd have liked, because the PKCS #11 semantics are (much) more complicated than just "are you logged in?" New code passes basic testing with libhal.py and the PKCS #11 unit tests, but there are still unexplored corner cases to be checked. Private token objects remain simple. Code which does not need PKCS HAL_KEY_FLAG_TOKEN and avoid HAL_KEY_FLAG_PUBLIC.
2016-10-24Make previous_uuid an input-only argument to hal_rpc_pkey_match().Rob Austein
In retrospect it's obvious that this never needed to be an input/output argument, as its value will always be the same as the last value in the returned array. Doh. So simplify the RPC and call sequence slightly by removing the unnecessary output value.
2016-10-21Tweak enum handling to handle more of the C enum definition syntax.Rob Austein
Intent is to make it easier just to paste C enum definitions into Python code and have the right thing happen, to simplify keeping C and Python definitions in sync.
2016-10-21Better enum handling, more readable RPC methods.Rob Austein
Using a context manager allows us to write the individual RPC methods fairly legibly, while still enforcing xdrlib.Unpacker.done() logic. Python doesn't really have enums in the sense that C does, and many people have put entirely too much skull sweat into trying to invent the Most Pythonic reimplementation of the enum concept, but an int subclass with a few extra methods is close enough for our purposes.
2016-10-20Fix HAL_KEY_TYPE_* symbols, add Attribute class.Rob Austein
2016-10-19Add handle objects to make API a bit more Pythonic.Rob Austein
2016-10-19Shake first round of bugs out of hal_rpc_pkey_match().Rob Austein
The filtering code for this function has not been tested yet.
2016-10-19Use correct RPC function code in hash_get_digest_algorithm_id().Rob Austein
2016-10-19First cut at Python interface to native libhal RPC.Rob Austein
2016-10-16Debug keystore attribute code; handle name properly in ks_index_replace().Rob Austein
hal_rpc_pkey_match() still untested.
2016-10-15Fencepost error in ks_heapsort().Rob Austein
2016-10-14Keystore attribute code. Not really tested.Rob Austein
Passes PKCS #11 "make test" but nothing uses the new attribute code yet. Refactored some of the flash block update code. Attribute code is annoyingly verbose, might be possible to refactor some of that.
2016-10-09Per-session objects in ks_volatile; more untested ks_attribute code.Rob Austein
Mostly this is another checkpoint (still passes PKCS #11 "make test"). ks_volatile.c now contains support for per-session object visibility; this may need more work to support things like a CLI view of all objects regardless of session. Adding this required minor changes to the keystore and pkey APIs, mostly because sessions are per-client. ks_volatile.c also contains an untested first cut at attribute support. Attribute support in ks_flash.c still under construction.
2016-10-07Fix session handle arguments in RPC calls.Rob Austein
RPC calls which pass a pkey handle don't need to pass a session handle, because the session handle is already in the HSM's pkey slot object; pkey RPC calls which don't pass a pkey argument do need to pass a session handle. This change percolates down to the keystore driver, because only the keystore driver knows whether that particular keystore cares about session handles.
2016-10-07Stop whining about POSIX strnlen() function.Rob Austein
2016-10-07Checkpoint along the way to adding keystore attribute support.Rob Austein
This is mostly to archive a commit where PKCS #11 "make test" still works after converting the ks_volatile code to use SDRAM allocated at startup instead of (large) static variables. The attribute code itself is incomplete at this point.
2016-09-30Multi-block object support in keystore.Rob Austein
The main reason for supporting multi-block objects is to allow the PKCS #11 code to attach more attributes than will fit comfortably in a single flash block. This may turn out to be unnecessary once we've fleshed out the attribute storage and retrieval code; if so, we can simplify the code, but this way the keystore won't impose arbitrary (and somewhat inscrutable) size limits on PKCS #11 attributes for large keys. This snapshot passes light testing (PKCS #11 "make test" runs), but the tombstone recovery code in ks_init() is a bit involved, and needs more testing with simulated failures (probably induced under GDB).
2016-09-27Redesign ks_flash block header.Rob Austein
* block_status is now a separate field from block_type, rather than being a composite value. * block_status is checked directly for allowed values in block_read(), and is excluded from the CRC, simplifying the tombstone logic and removing the need for a second CRC field. * Added header fields to allow for objects too large to fit in a single block (8192-bit RSA keys, any key with enough opaque attributes attached). So far this is just the header changes, it's not (yet) full support for multi-block objects.
2016-09-27Write updated PIN block before updating index.Rob Austein
Order of operations is tricky when updating flash blocks, because the process is not atomic and we want to leave the index in a consistent state if something fails.
2016-09-27Fix swapped memmove() arguments in hal_ks_index_replace().Rob Austein
2016-09-27Add hal_ks_index_replace().Rob Austein
2016-09-26More ks_flash cleanup.Rob Austein
block_read() no longer needs `fast` argument. block_zero() now just zeros first page of block.
2016-09-26Rewrite block_erase_maybe() to run the "maybe" check in constant time.Rob Austein
Running this check in constant time probably isn't necessary, but it plugs a (somewhat far-fetched) timing leak and is easy enough. While we're at this, we also skip the CRC check, which is irrelevant here.
2016-09-23Use subsectors instead of sectors in keystore.Rob Austein
2016-09-16Debug new ks_flash code.Rob Austein
2016-09-16Revised ks_flash. Compiles, not yet tested.Rob Austein
2016-09-13Cleanup prior to rewriting ks_flash.c.Rob Austein
Whack masterkey code to meet libhal coding standards, such as they are. Started layout of new ks_flash data structures but no changes to functions or flash usage yet. MKM initialization from flash placed under compile-time conditional with warning because it's a dangerous kludge that should go away. Started getting rid of obsolete keystore code; ks_mmap.c kept for now, until I get around to merging the useful bits into ks_volatile.
2016-09-12CRC-32 code for use in ks_flash, stm32 DFU, possibly elsewhere.Rob Austein
This is an open source C99 CRC-32 implementation generated by pycrc, see notes in source on copyright status and pycrc options used. crc32.c contains two different implementations of the CRC-32 algorithm with the same API, one optimized for speed, the other optimized for much smaller code space at the expense of speed. We use the fast implementation by default, but maybe the small implementation will be useful, eg, in the bootloader. Remove the extra later if this turns out to have been a waste of time.
2016-09-12Doh, allow keystore reinitialization after unclean reboot.Rob Austein
2016-09-11Explicit initialization of keystore drivers instead of guessing.Rob Austein
2016-09-09Portable fix for ks_find() fencepost error.Rob Austein
Binary search of an array is a notorious example of a simple algorithm which is hard to get exactly right. The variant we're using is nice because it automatically computes the correct insertion point when a key doesn't exist, but runs into one of the portability corner cases of signed integer arithemtic in C. Rather than leave a landmine waiting to explode if somebody builds this code on a platform where (-1 >> 1) != -1, we test for the corner case explictly and accept the miniscule performance hit (which will be lost in other noise anyway).
2016-09-09Rewrite ks_volatile driver to use new ks_index infrastructure.Rob Austein
2016-09-09Fencepost error in ks_find().Rob Austein
2016-09-09Missed a few instances of type-based key naming in keystore drivers.Rob Austein
2016-09-09Simplify hal_rpc_pkey_find() by removing `type` argument.Rob Austein
Now that key names are UUIDs generated by the HSM, there's no real need to specify type key type when looking up a key, and removing the `type` argument allows a few simplifications of both the internal keystore API and of client code calling the public RPC API.
2016-09-08New keystore index internal API. Compiles, not yet integrated or tested.Rob Austein
2016-09-03Plug pkey handle leak.Rob Austein
New keystore code requires slightly different cleanup to avoid leaking pkey handle table slots. Pricetag for reducing the amount of data duplicated between pkey and keystore layers.