aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-04-17Make sure hal_aes_keyunwrap() frees the core in all error cases.Paul Selkirk
2017-04-17Remove a redundant 'err' variable in ks_fetch() that was masking errorPaul Selkirk
conditions. This manifested as hal_aes_keyunwrap() returning HAL_ERROR_CORE_BUSY, but getting reported as HAL_OK, which led to HAL_ERROR_ASN1_PARSE_FAILED when trying to parse the not-unwrapped der.
2017-04-15Write to console socket and console log in parallel.Rob Austein
We're using non-blocking I/O in any case, might as well take advantage of it to keep console output a little smoother.
2017-04-15Add console log support to muxd.Rob Austein
2017-04-15Typo.Rob Austein
2017-04-15Logging infrastructure.Rob Austein
2017-04-14Clean up and document cryptech_backup.Rob Austein
2017-04-14Python interface API will need to be cryptech.libhal for installation.Rob Austein
2017-04-12Fix buffer size check when crossing token->volatile boundary in pkey_match().Rob Austein
2017-04-11Merge branch 'pymux' into pkcs8Rob Austein
2017-04-11Move login tests to "slow" test category.Rob Austein
2017-04-11Log packet drops.Rob Austein
2017-04-11Merge branch 'pymux' into pkcs8Rob Austein
2017-04-11Reject malformed messages from RPC UART, not just too-short ones.Rob Austein
2017-04-11API cleanup: pkey_open() and pkey_match().Rob Austein
pkey_open() now looks in both keystores rather than requiring the user to know. The chance of collision with randomly-generated UUID is low enough that we really ought to be able to present a single namespace. So now we do. pkey_match() now takes a couple of extra arguments which allow a single search to cover both keystores, as well as matching for specific key flags. The former interface was pretty much useless for anything involving flags, and required the user to issue a separate call for each keystore. User wheel is now exempt from the per-session key lookup constraints, Whether this is a good idea or not is an interesting question, but the whole PKCS #11 derived per-session key thing is weird to begin with, and having keystore listings on the console deliberately ignore session keys was just too confusing.
2017-04-09First cut at HSM backup script.Rob Austein
2017-04-09Unit tests for key backup operations.Rob Austein
2017-04-07Tighten up hal_rpc_pkey_import() a bit more.Rob Austein
Enforce minimum PKCS #1.5 padding length when decrypting KEK. Use public interface to hal_pkey_load() rather than calling the internal function directly, so we go through all the normal error checks.
2017-04-07Pull key type information from uploaded key in hal_rpc_pkey_load().Rob Austein
Now that we use PKCS #8 format for private keys, all key formats we use include ASN.1 AlgorithmIdentifier field describing the key, so specifying key type and curve as arguments to hal_rpc_pkey_load() is neither necessary nor particularly useful.
2017-04-07Enforce key usage flags.Rob Austein
2017-04-07Shake bugs out of hal_rpc_pkey_import().Rob Austein
2017-04-06Defend against Bleichenbacher's Attack in hal_rpc_pkey_import().Rob Austein
Borrowing an idea from PyCrypto, we substitute CSPRNG output for the value of a decrypted KEK if the PKCS #1.5 type 02 block format check fails. Done properly, this should be very close to constant-time, and should make it harder to use hal_rpc_pkey_import() as an oracle.
2017-04-06Initial test and debug script for key backup.Rob Austein
In the long run this code will fork for two different purposes: a) A user backup script, which need not handle ASN.1 or crypto, thus can (and should) be really simple; and b) Unit test code for the key export and import functions. So far, hal_rpc_pkey_export() appears to be working, at least under light testing (result of unpacking everything looks like a key, anyway, haven't tested the unpacked key yet). Still need to write test code for hal_rpc_pkey_import().
2017-04-06Shake bugs out of hal_rpc_pkey_export().Rob Austein
Among other things, it turns out that this works better if one remembers to write the RPC server dispatch code as well as the client code, doh.
2017-04-06First cut at libhal.py support for key backup.Rob Austein
2017-04-06Fix a few dumb compile-time bugs.Rob Austein
2017-04-05First cut at key backup code. Not tested yet.Rob Austein
Still missing Python script to drive backup process, and need to do something about setting the EXPORTABLE key flag for this to be useful.
2017-04-04Rework PKCS #8 PrivateKeyInfo wrapper code.Rob Austein
Handle AlgorithmIdentifier.parameters as in SubjectPublicKeyInfo: the field is OPTIONAL, but it's usually set to NULL if no OID is present. I have a vague memory that this is fallout from a specification error years ago in which the OPTIONAL was accidently left out. Whatever.
2017-04-04Fix strnagely-named test.Rob Austein
2017-04-03PKCS #8 bumps max key buffer size up by a few bytes.Rob Austein
2017-04-03Merge branch 'pymux' into pkcs8Rob Austein
2017-04-03Race condition in test was triggering HAL_ERROR_KEY_NOT_FOUND.Rob Austein
2017-04-03Unit tests mostly working with PKCS #8.Rob Austein
A few parsing problems remaining, mostly with objects large enough that PKCS #8 may have pushed them over some buffer size or another. These are all with RSA, where the Python code (PyCrypto) already supported PKCS #8, so most likely it's a problem in the new C code. Python ECDSA PKCS #8 shim code is nasty and could use some cleanup. If practical, we might want to sub-class ecdsa.keys.SigningKey; we might also want to flesh this out into something we can send upstream to the author of the Python ecdsa library.
2017-04-03Obscure C syntax nit.Rob Austein
2017-04-03PKCS #8 code for RSA and ECDSA.Rob Austein
Compiles, not yet tested. Existing tests need conversion to PKCS #8 before we can do anything useful with this. Once everything uses PKCS #8 instead of algorithm-specific formats, we can revisit API issues like whether hal_rpc_pkey_load() should still be taking `type` and `curve` arguments.
2017-04-02PKCS #8 ASN.1 wrapper functions.Rob Austein
2017-03-28Snapshot PKCS #8 Python hacks.Rob Austein
This will almost certainly merge into test scripts or libhal.py at some later date, right now just get it into git for archive.
2017-03-10Typo.Rob Austein
2017-03-09Merge branch 'ksng' into pymuxRob Austein
2017-03-09Backport ECDSA core support to ksng branch.Rob Austein
Support for the core/pkey/ecdsa{256,384} cores is cooked before the branch on which it was based. Oops. Time to backport. See pymux branch for original commit history. git should do the right thing when the pymux branch is cooked enough to merge back to the ksng or master branches.
2017-03-09Merge branch 'hw_ecdsa_p256' into pymuxRob Austein
Support for core/pkey/ecdsa256 and core/pkey/ecdsa384.
2017-03-08Clean up libhal build system a bit.Rob Austein
Exporting CFLAGS as an environment variable turns out to interact badly with certain other settings here. I *think* this only happens when we use one of the shorthand targets which re-runs make in the same directory with non-default settings, but this is complicated enough without having to remember which voodoo triggers it. So instead of exporting CFLAGS as an environment variable we just pass it on the command line in the handful of cases where it's needed.
2017-03-08Cleanup.Rob Austein
2017-03-06Support setting attributes via keyword arguments.Rob Austein
2017-03-06Add timestamps to debug logging.Rob Austein
2017-03-06Debugging code to track message flow.Rob Austein
2017-03-06Bump size of some static tables, particuarly pkey slots.Rob Austein
2017-03-04Add --io-log option to unit-tests.py.Rob Austein
2017-03-04Don't use assert() for point-on-curve checks.Rob Austein
The stock assert() implementation turns out to be problematic in the stm32 environment, due to the lack of an output device, which makes "assert(foo)" equivalent to "if (!foo) abort()", leading to silent hangs. We probably ought to reimplement assert() to do something more useful, but, for now, avoid using it for "impossible" conditions which we do seem to be triggering anyway, like the occasional point-not-on-curve errors we get for points we ourselves have picked when testing multiple ECDSA clients in parallel. This should never happen, and we need to figure out what's causing it, but hanging the HSM when it happens does not help very much. assert() is somewhat problematic in an embedded environment in any case, since anything that can go wrong really should have some kind of recovery action, but in some of the low-probability cases it's far from obvious what sane recovery action we could possibly take.
2017-03-03Fix race condition in pkey_slot allocation.Rob Austein