Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-09-06 | Can't write bytes to JSON, only str | Rob Austein | |
2020-09-02 | Well of course there had to be one last dumb Python3 string bugpython3 | Rob Austein | |
2020-09-01 | Work around PyCrypto being EOL and therefore not tracking Python 3.8 | Rob Austein | |
This is a short term kludge to let the old unit test code continue to work under Python 3.8. Medium term, we should replace all use of PyCrypto with PyCryptodome (API-compatible successor package). Long term we might want a newer API, but that can wait. | |||
2020-07-13 | Whack all Python shebangs to Python 3 | Rob Austein | |
2020-06-10 | Fix remaining Python 3 unit test string encoding bug | Rob Austein | |
Really just one bug, but confusingly masked by an interaction between generators and our XDR context manager, so don't use the context manager in the one generator method in the cryptech.libhal API. Also run reindent.py on a few old test modules. | |||
2020-06-09 | Whack with club until Python 2 works again and Python 3 almost works | Rob Austein | |
There's still something wrong with XDR for attribute lists in Python 3, XDR complains that there's unconsumed data and attributes coming back are (sometimes truncated). Python 2 works. Probably data type issue somewhere but haven't spotted it yet. | |||
2020-05-26 | Wow, python-version-independent hexadecimal is painful | Rob Austein | |
2020-05-25 | Untested conversion to support Python 3 | Rob Austein | |
2020-05-06 | If a hash core can't restore state, use a soft core instead. | Paul Selkirk | |
2020-05-04 | Re-enable support for HAL_MKM_FLASH_BACKUP_KLUDGE. | Paul Selkirk | |
2020-04-29 | The new keywrap core now talks directly to the MKM, so I split the code | Paul Selkirk | |
that talks to that core out of aes_keywrap.c. The HSM will now be built with just the keywrap core, with no user access to aes or mkmif. | |||
2020-03-25 | Reduce keywrap to 16 core blocks, to match how it's actually built now. | Paul Selkirk | |
2020-03-10 | trivial cleanup | Paul Selkirk | |
2020-03-10 | alloc mkmif core around both reads (status + KEK) | Paul Selkirk | |
2020-03-10 | fallthrough comments to silence compiler warnings | Paul Selkirk | |
2020-03-10 | auto-detect cores | Paul Selkirk | |
2020-03-04 | Take advantage of ModExpNG core's blinding factor mutation. | Paul Selkirk | |
2020-02-26 | Merge branch 'js_keywrap' to 'master' | Paul Selkirk | |
2020-02-26 | Remove init checks from hal_io_[write|read], since initialization is done | Paul Selkirk | |
in stm_init, and the checks add unneccesary delays to critical code paths. | |||
2020-02-26 | Merge branch 'modexpng' to 'master' | Paul Selkirk | |
2020-02-18 | timing tests for RSA signingmodexpng | Paul Selkirk | |
2020-02-07 | driver for Pavel's ModExpNG core | Paul Selkirk | |
2019-04-10 | Allow multiple iterations in verify, for better timing measurement. | Paul Selkirk | |
2019-04-10 | Add hashsig interop tests. | Paul Selkirk | |
2019-04-09 | Huh, I forgot to add a Python RPC handler for pkey_generate_hashsig, | Paul Selkirk | |
over a year ago. | |||
2019-04-09 | In pkey_local_sign_hashsig, don't create the digest in the signature | Paul Selkirk | |
buffer, because hal_hashsig_sign assembles the signature incrementally, and will overwrite the digest before it's ready to sign it. | |||
2019-04-05 | Update FPGA core name/version list | Paul Selkirk | |
2019-04-05 | The FPGA register interface now does byte-swapping in hardware, so we can | Paul Selkirk | |
just call memcpy here. (Although it turns out to be more efficient to use an inline version of memcpy than the library function.) | |||
2019-04-02 | The all-singing, all-dancing key management app | Paul Selkirk | |
2019-04-02 | Small cleanups in RPC code, e.g. to support null arguments. | Paul Selkirk | |
- Add support for null pointer arguments in RPCs for get_digest_algorithm_id and get_public_key. This is years overdue, and would have obviated the need for get_public_key_len as a separate RPC. - Refactor pkey_local_get_public_key_len in terms of pkey_local_get_public_key. - Add more parameter sanity checks to rpc_api.c. - Add a len_max parameter to hal_xdr_decode_variable_opaque, rather than having len be an in/out parameter. This brings xdr slightly more in line with the rest of the code base (again after literal years), and slightly simplifies several calls in rpc_client.c. | |||
2019-03-31 | Hashsig cleanup. | Paul Selkirk | |
- Move hashsig.h contents into hal.h. - Uppercase lmots and lms algorithm types, because we have a convention that enum values are uppercase. - Change all I to hal_uuid_t, because that how we're using them, and it seems silly to have two different 16-byte array types. - Change all "memcpy(&this, &that, sizeof(this))" to "this = that", because it's more succinct, more type-safe, and harder to get wrong. - Slightly tighten up lmots_generate, lmots_sign, and lmots_public_key_candidate. - Remove verbatim draft text, now that I'm pretty sure I implemented it correctly. | |||
2019-03-31 | Add support for hashsig key export/import. | Paul Selkirk | |
2019-03-04 | Restructure hashsig test program | Paul Selkirk | |
2019-03-04 | On device restart, if a hashsig key was generated using the pseudorandom | Paul Selkirk | |
method, and it's missing one or more lmots keys, those keys can be regenerated. OTOH, if an lms key is damaged or missing, it's still a fatal error, because that's the only place we record the current q value. | |||
2019-03-04 | Use the hashsig pseudorandom key generation method if the key is exportable. | Paul Selkirk | |
2019-02-28 | Increase volatile keystore size to allow for multi-level hashsig trees. | Paul Selkirk | |
2019-02-01 | Clean up mkm.c | Paul Selkirk | |
2019-02-01 | Remove global stored core pointer from mkm.c. | Paul Selkirk | |
This forces each hal_mkmif_* function to alloc/free the core, which is a miniscule performance hit, but the only sane thing to do in a tasking environment. Otherwise (with a stored/shared core pointer), one task will initiate a read, yield in hal_io_wait, another task will initiate a read, and both will be unhappy. | |||
2018-12-03 | add some more statistics to parallel-signatures.py | Paul Selkirk | |
2018-11-14 | Add some yields to hal_hashsig_ks_init, so other tasks can run while we're ↵ | Paul Selkirk | |
rebuilding the hash tree. | |||
2018-11-14 | Change scanf/printf %hhx format strings to %x, because not every libc ↵ | Paul Selkirk | |
supports it. In particular, the version of newlib distributed by Ubuntu is not configured with --enable-newlib-io-c99-formats, and now includes guard code that treats %hhx as an error, rather than silently interpreting it as %hx. The net effect was to break hal_uuid_parse. (Ironically, vfprintf.c does not (yet) include this guard code, but it's probably only a matter of time, and it seemed expedient to change hal_uuid_format at the same time.) | |||
2018-11-01 | Tornado 5.0 made an incompatible API change in iostream.BaseIOStream. | Paul Selkirk | |
Found when upgrading Ubuntu to 18.10. | |||
2018-10-29 | Sigh, add8e03 botched handling of 0-length hal_xdr_encode_fixed_opaque requests. | Paul Selkirk | |
It's an edge case, but it's supported, and it's used in a few places. | |||
2018-10-25 | Enable bloat tests, since they work with the current 8K keystore block size. | Paul Selkirk | |
2018-10-25 | Change explicitly signed XDR buffer overflow checks to explicitly unsigned. | Paul Selkirk | |
This fixes CT-01-006 MCU: Value cast allows a bypass of the size checks (Critical) | |||
2018-10-25 | Add buffer overflow checks before allocating stack arrays. | Paul Selkirk | |
This fixes CT-01-005: OOB writes through dynamic stack allocations (Critical) | |||
2018-09-11 | Track Joachim's latest keywrap core - unroll bank-switched memory into a ↵ | Paul Selkirk | |
number of core register blocks. | |||
2018-08-27 | fix pkey_remote_get_attributes | Paul Selkirk | |
2018-08-16 | Correct the limit on memory banks in the keywrap core. | Paul Selkirk | |
2018-08-15 | Add support for Joachim's keywrap core. | Paul Selkirk | |