Age | Commit message (Collapse) | Author | |
---|---|---|---|
2018-07-24 | A recent(?) version of arm-none-eabi-gcc decided to make storage for enums | Paul Selkirk | |
the minimum size necessary, so hal_asn1_decode_lms_algorithm and hal_asn1_decode_lmots_algorithm were writing 4 bytes of data into 1-byte variables. Hilarity ensued. Yes, I already knew that conflating enum with uint32_t was a bad idea, I was just being lazy. For that matter, sizeof(size_t) isn't guaranteed either, although arm-none-eabi-gcc treats it as 32 bits on this 32-bit target (for now), so exercise proper data hygiene in hal_asn1_decode_size_t as well. | |||
2018-07-24 | Add protection against trying to use hashsig while the restart mechanism is ↵ | Paul Selkirk | |
rebuilding the tree. | |||
2018-07-24 | Housekeeping: Mark hal_ks_pin_uuid extern, so it doesn't get instantiated in ↵ | Paul Selkirk | |
each object module. | |||
2018-07-24 | Add descriptions of signature algorithm OIDs, because pre-encoded ASN.1 ↵ | Paul Selkirk | |
blobs are really inscrutable. | |||
2018-05-01 | Add some yields to try to improve responsiveness during hashsig key ↵ | Paul Selkirk | |
generation and deletion. | |||
2018-04-19 | Merge branch 'profiling' into hashsig | Paul Selkirk | |
2018-04-19 | Rebase hashsig from master | Paul Selkirk | |
2018-04-19 | Reconstruct the hashsig hash tree(s) on device restart. | Paul Selkirk | |
2018-04-19 | Update to draft-10: clarifications and Test Case 2; | Paul Selkirk | |
add ability to export public key to xdr for interop testing | |||
2018-04-19 | For 2^w and 2^h, replace hard-coded w2 and h2 values with 1<<w and 1<<h. | Paul Selkirk | |
2018-04-19 | Add Test Case 2 from draft-mcgrew-09 | Paul Selkirk | |
2018-04-19 | Fold the coef* functions into a single function, because that really was ↵ | Paul Selkirk | |
premature optimization. | |||
2018-04-19 | Fix coef4, which was swapping digits | Paul Selkirk | |
2018-04-19 | Implement hash-based signatures, per draft-mcgrew-hash-sigs-08.txt | Paul Selkirk | |
2018-04-19 | Add hal_ks_available | Paul Selkirk | |
2018-04-19 | Encode/decode uint32_t and octet strings | Paul Selkirk | |
2018-04-19 | Clean up RPC code, track changes to XDR API. | Paul Selkirk | |
2018-04-19 | Refactor XDR code, add support for fixed-length opaque data. | Paul Selkirk | |
2018-04-19 | Reconstruct the hashsig hash tree(s) on device restart. | Paul Selkirk | |
2018-04-14 | Clean up definition of HAL_KS_WRAPPED_KEYSIZE. | Rob Austein | |
2018-03-30 | More accurate timing. | Rob Austein | |
2018-03-30 | Tweak report output. | Rob Austein | |
Copy ContextManagedUnpacker from latest version of libhal.py so that this script won't depend on the current development code. | |||
2018-03-30 | First cut at parallel signature timing test. | Rob Austein | |
At the moment this only handles RSA keys, and can only handle one size of key at a time. More bells and whistles will follow eventually, now that the basic asynchronous API to our RPC protocol works. | |||
2018-03-25 | Clear search state variables in rsa.c's find_prime(). | Rob Austein | |
Failing to clear the temporary buffer used to transfer bits from the TRNG into a bignum was a real leak of something very close to keying material, albeit only onto the local stack where it was almost certain to have been overwritten by subsequent operations (generation of other key components, wrap and PKCS #8 encoding) before pkey_generate_rsa() ever returned to its caller. Still, bad coder, no biscuit. Failing to clear the remainders array was probably harmless, but doctrine says clear it anyway. | |||
2018-03-21 | Supply our own context manager instead of using contextlib. | Rob Austein | |
contextlib is cute, but incompatible with other coroutine schemes like Tornado, so just write our own context manager for xdrlib.Unpacker. | |||
2018-03-15 | Update to draft-10: clarifications and Test Case 2; | Paul Selkirk | |
add ability to export public key to xdr for interop testing | |||
2018-03-10 | For 2^w and 2^h, replace hard-coded w2 and h2 values with 1<<w and 1<<h. | Paul Selkirk | |
2018-03-10 | Add Test Case 2 from draft-mcgrew-09 | Paul Selkirk | |
2018-03-10 | Fold the coef* functions into a single function, because that really was ↵ | Paul Selkirk | |
premature optimization. | |||
2018-03-10 | Fix coef4, which was swapping digits | Paul Selkirk | |
2018-02-27 | Implement hash-based signatures, per draft-mcgrew-hash-sigs-08.txt | Paul Selkirk | |
2018-02-27 | Add hal_ks_available | Paul Selkirk | |
2018-02-27 | Encode/decode uint32_t and octet strings | Paul Selkirk | |
2018-02-27 | Clean up RPC code, track changes to XDR API. | Paul Selkirk | |
2018-02-27 | Refactor XDR code, add support for fixed-length opaque data. | Paul Selkirk | |
2018-01-04 | Add hal_core_alloc2() to fix a dining philosophers problem in hal_modexp2(). | Paul Selkirk | |
Uncoordinated attempts to allocate two modexpa7 cores leads to deadlock if multiple clients try to do concurrent RSA signing operations. The simplest solution (back off and retry) could theoretically lead to resource starvation, but we haven't seen it in actual testing. | |||
2017-12-13 | Merge branch systolic_crt into master. | Rob Austein | |
This branch was sitting for long enough that master had been through a cleanup pass, so beware of accidental reversions. | |||
2017-10-27 | ~0 is actually more correct, or more portable | Paul Selkirk | |
2017-10-23 | Cleanup signed/unsigned mismatches, mostly in loop counters | Paul Selkirk | |
2017-10-15 | Correctly mark "unsecure" KEK as erased. | Paul Selkirk | |
2017-10-15 | Cleanup: keystore driver functions return HAL_StatusTypeDef instead of magic ↵ | Paul Selkirk | |
values. | |||
2017-10-11 | Cleanup: Remove "const" qualifiers from function return types. | Paul Selkirk | |
2017-09-15 | 4096-bit RSA keys working again, with 8k keystore "blocks". | Rob Austein | |
2017-09-13 | Oops, forgot hal_io.c. | Rob Austein | |
2017-09-13 | Preliminary support for parallel core RSA CRT. | Rob Austein | |
2017-09-13 | Sort-of-working, large (4096-bit) RSA keys broken. | Rob Austein | |
Snapshot of mostly but not entirely working code to include the extra ModExpA7 key components in the keystore. Need to investigate whether a more compact representation is practical for these components, as the current one bloats the key object so much that a bare 4096-bit key won't fit in a single hash block, and there may not be enough room for PKCS #11 attributes even for smaller keys. If more compact representation not possible or insufficient, the other option is to double the size of a keystore object, making it two flash subsectors for a total of 8192 octets. Which would of course halve the number of keys we can store and require a bunch of little tweaks all through the ks code (particularly flash erase), so definitely worth trying for a more compact representation first. | |||
2017-09-12 | Silly macro bugs. | Rob Austein | |
2017-09-12 | Untested ASN.1 support for ModExpA7 private speedup factors. | Rob Austein | |
2017-09-11 | Reverse the polarity of the neutron flow | Rob Austein | |
2017-09-09 | Far too much fun with modexpa7 operand lengths and locations. | Rob Austein | |