aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-07-05export RPC_MODE for testsPaul Selkirk
2016-07-01glibc "feature test" insanity bites again.Rob Austein
2016-07-01Apparently the magic Mac OS X ioctl(IOSSIOSPEED) must come AFTER the ↵Rob Austein
tcsetattr(). With this change, we appear to have working libhal client code on Mac OS X.
2016-07-01Use environment variables to specify serial device rather than hard-wiring it.Rob Austein
2016-07-01Merge branch 'master' into macosxRob Austein
Too many recent tweaks to same few lines of this Makefile for a straight merge to work; fortunately, the obvious simplification should also work as a fix for the most recent problem.
2016-07-01Don't want rpc_serial.c for server builds.Rob Austein
2016-06-30Merge branch 'master' into macosx.Rob Austein
2016-06-30RPC wire format now includes client handle in all requests, and opcode andPaul Selkirk
client handle in all responses. This simplies the daemon a little, and means that the directly-connected serial client uses the same wire format as the daemon. The expense is some redundant code in rpc_client and rpc_server to process (and throw away) this extra stuff.
2016-06-30Start work to support client code on Mac OS X.Rob Austein
Includes preliminary support for the magic Mac-specific ioctl() to see line speed, but has not yet been tested, that's waiting for some supporting tweaks to the RPC code from Paul. Includes some general cleanup which isn't really specific to Mac OS X per se but which needed doing and which simplifies adding the Mac code.
2016-06-30serial_internal.h is both unused and incorrect, so away with it.Rob Austein
2016-06-26Merge branch 'master' of https://git.cryptech.is/sw/libhal.git.Rob Austein
2016-06-26Update libhal makefiles to use new LIBxxx_SRC / LIBxxx_BLD scheme so libhal ↵Rob Austein
can find tfm.h again.
2016-06-26Add hal_set_pin_default_iterations so the CLI can use hal_rpc_set_pin with ↵Paul Selkirk
control over iterations.
2016-06-25Dial back the last-gasp iterations to something sane.Paul Selkirk
I can't see protecting the well-known default password against a brute-force attack, and 100k iterations takes almost a minute, which makes a terrible first impression.
2016-06-25Rename GNUmakefile to Makefile for consistency.Paul Selkirk
2016-06-24Support VPATH builds.Rob Austein
2016-06-24Merge branch 'master' of git.cryptech.is.:sw/libhalFredrik Thulin
2016-06-24Use hal_error_t as suggested by Rob.Fredrik Thulin
2016-06-23ks_flash returns all-ones instead of all-zeros for "blank" memory, cope.Rob Austein
This will need refactoring once we have a proper test for whether the HSM is initializing after receiving a fresh software load.
2016-06-23Preserve externally supplied LDFLAGS value (Lintian whines otherwise).Rob Austein
2016-06-23Implement master key for wrapping keys in the keystore.Fredrik Thulin
The KEK (Key Encryption Key) is first fetched from the FPGA that gets it from the volatile Master Key Memory (that in theory has tamper*kek_len = len protection with wiping), and secondly from flash. The flash option is meant for development/evaluation use using an Alpha board where the Master Key Memory is not battery backed. For any serious use of an Alpha, an option is to enter the master key into the volatile MKM on each power-on as a way to unlock the keystore.
2016-06-16Merge branch 'master' into ft-ks_flashFredrik Thulin
2016-06-14Doh, don't build RPC client transport code when we're building theRob Austein
server library, even if the old makefile (sometimes) did do that.
2016-06-14test-mkmif was missing from .gitignore.Rob Austein
2016-06-14Collapse RPC_CLIENT and RPC_SERVER makefile settings into a single RPC_MODE ↵Rob Austein
setting.
2016-06-14Add support for ModExpA7Paul Selkirk
2016-06-13Allow NULL der_len parameter in hal-rsa_private_key_to_der().Rob Austein
2016-06-12Turn hardware modexp off again, as it has problems with some of the key ↵Rob Austein
sizes hsmbully tries.
2016-06-10Allow host-side libhal build without access to secure hardware toRob Austein
store unencrypted public keys (we don't allow this for private keys). Yet another screwball feature to support PKCS #11, sigh. Anyway, with this change, mixed-mode builds should work again.
2016-06-10Helps to get the makefile variable names right.Rob Austein
2016-06-10Another attempt to clean up the libhal makefile hairball.Rob Austein
2016-06-09Fix duplicate dispatch vectors when building for RPC_CLIENT_LOCAL.Rob Austein
2016-06-09Typo in SHA-224/SHA-256 software core.Rob Austein
2016-06-09some cleanup, and fix delete operationFredrik Thulin
2016-06-09Sort out the redeclaration of HAL_OK with Rob's help.Fredrik Thulin
Thanks Rob!
2016-06-09bugfixes and cleanups, seems to sort-of work nowFredrik Thulin
2016-06-09hash.c triggers gcc's strict-aliasing warnings.Rob Austein
2016-06-08Implement flash keystore storage. Most of it is still untested.Fredrik Thulin
2016-06-03mkmif.o got lost in makefile cleanup (9ad64e1)Paul Selkirk
2016-06-02Add RPC client daemon.Paul Selkirk
2016-06-02Refactor serial and slip.Paul Selkirk
2016-06-01Add hal_rpc_client_close() where needed.Paul Selkirk
2016-06-01Make the makefile hopefully a little more readable/maintainable.Paul Selkirk
2016-05-31SHA-224 driver and soft core.Rob Austein
2016-05-31Conditionalize "mixed" operations so we can build a clean remote client.Paul Selkirk
Note that mixed mode doesn't actually work, because aes_keywrap tries to hal_io_write to the AES core.
2016-05-26correct BPKDF2 -> PBKDF2 ;)Fredrik Thulin
2016-05-25Doh, helps if one actually **uses** the argument one just parsed.Rob Austein
2016-05-25PBKDF2 works better if we generate the right number of output bytes.Rob Austein
2016-05-25Start cleaning up PIN code.Rob Austein
2016-05-25correct PBPDF2 -> PBKDF2Fredrik Thulin