aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-09-02Test both in-memory and on-flash keystores.Rob Austein
2016-09-02Fencepost error in hal_uuid_format().Rob Austein
2016-09-02Code to convert between text and internal forms of UUIDs.Rob Austein
Includes a few cosmetic fixes to address gcc format string warnings and git trailing whitespace warnings.
2016-09-01Move in-memory keystore from client to server. Whack with club until compiles.Rob Austein
Fixes for various minor issues found while integrating with sw/stm32. Moving the in-memory keystore (PKCS #11 session objects, etc) from the client library to the HSM was on the near term to-do list in any case, doing it now turned out to be the easiest way to solve one of the build problems.
2016-09-01Revised keystore API, part one. Not usable yet.Rob Austein
Changes to implement a revised keystore API. This code probably won't even compile properly yet, and almost certainly will not run, but most of the expected changes are complete at this point. Main points: * Key names are now UUIDs, and are generated by the HSM, not the client. * Keystore API no longer assumes that key database is resident in memory (original API was written on the assumption that the keystore flash would be mapped into the HSM CPU's address space, but apparently the board and flash drivers don't really support that). A few other changes have probably crept in, but the bulk of this changeset is just following through implications of the above, some of which percolate all the way back to the public RPC API.
2016-08-23Merge branch 'master' of git.cryptech.is:sw/libhalPaul Selkirk
2016-08-16Lock RPC device after opening it.Rob Austein
Current design of the RPC protocol assumes that there is exactly one client speaking directly to the HSM via the RPC channel, whether that single client really is single or is a multiplexing daemon. PKCS #11 mutexes won't help here, so using flock(2) to grab an exclusive "advisory" lock on the RPC file descriptor is the simplest solution.
2016-08-10Reset table of cores, e.g. after resetting FPGA from CLI.Paul Selkirk
2016-08-10Merge branch 'resource_management'Paul Selkirk
2016-08-10Merge branch 'master' of https://git.cryptech.is/sw/libhalRob Austein
2016-08-10Mixed-mode pkey sign and verify must construct DigestInfo for PKCS #1.5.Rob Austein
PKCS #11 expects a DigestInfo rather than a raw digest when passing a pre-computed digest for PKCS #1.5 signature or verification, so the rpc_pkey signature and verification calls do too. This requires special case handling of RSA when the user passes a digest handle in mixed mode. Annoying, but PKCS #1.5 is weird enoug that there's no way to avoid some kind of special case handling, this approach has the advantage of not requiring us to parse and reconstruct the ASN.1, and is probably what PKCS #11 has trained software to expect in any case.
2016-07-12Fix checking for multiple errors in one operation.Paul Selkirk
err = hal_foo() || hal_bar() || hal_baz; maps all errors to 1 (HAL_ERROR_BAD_ARGUMENTS).
2016-07-12Make probe_cores deal with an unconfigured FPGA (and come back later).Paul Selkirk
See, reading from an unconfigured FPGA returns all-1, while reading from empty cores on a configured FPGA returns all-0. The consequence of this is that the HSM was probing the FPGA once on startup, filling its core table with 0xff, rendering the FPGA useless. Along the way, I put the FPGA core table in static memory, rather than malloc'ing it, because that's not so good in an embedded environment. But I kept the linked list, because that at least tells us what to do if HAL_STATIC_CORE_STATE_BLOCKS is 0.
2016-07-08Merge branch 'master' of https://git.cryptech.is/sw/libhal.gitRob Austein
2016-07-08Enable software hash cores on all platforms, for now, anyway.Rob Austein
2016-07-08Don't reuse local variable in check() macro.Paul Selkirk
2016-07-07Check and propagate XDR error codes, to detect bad request packets.Paul Selkirk
2016-07-07Fix buffer overflow check.Rob Austein
2016-07-07Drop RPC response message if the opcode doesn't match what we sent.Rob Austein
2016-07-07Use environment variables rather than wired-in defaults in cryptech_rpcd.Rob Austein
This change allows the RPC MUX daemon to use the same environment variable scheme to configure the RPC device and line speed as the stand-alone RPC client code does, the only difference being that the daemon, being an independent program, still allows one to override these settings from the command line.
2016-07-07Change names of RPC client environment variables to something a bit less ↵Rob Austein
obscure.
2016-07-06Previous "fix" to speed setting didn't compile on OSX.Rob Austein
2016-07-06Use the second sha256 core, if available, for pbkdf2.Paul Selkirk
This is a hopefully temporary stopgap, in lieu of proper resource management and/or sharing of cores between threads.
2016-07-06Add a couple more testsPaul Selkirk
2016-07-06Fix speed setting?Paul Selkirk
2016-07-06Return an intelligent error from hal_ks_get_kek.Paul Selkirk
2016-07-06Belatedly adjust hal_io_read/write to the new flat addressing architecture.Paul Selkirk
2016-07-05Attempt to add resource management, for multiple cores of the same type.Paul Selkirk
Find a suitable core, and mark it busy. Don't forget to release it as soon as you're done. This has a knock-on effect of un-const'ing core arguments and struct fields in a lot of places, and it moves some core checks around.
2016-07-05export RPC_MODE for testsPaul Selkirk
2016-07-01glibc "feature test" insanity bites again.Rob Austein
2016-07-01Apparently the magic Mac OS X ioctl(IOSSIOSPEED) must come AFTER the ↵Rob Austein
tcsetattr(). With this change, we appear to have working libhal client code on Mac OS X.
2016-07-01Use environment variables to specify serial device rather than hard-wiring it.Rob Austein
2016-07-01Merge branch 'master' into macosxRob Austein
Too many recent tweaks to same few lines of this Makefile for a straight merge to work; fortunately, the obvious simplification should also work as a fix for the most recent problem.
2016-07-01Don't want rpc_serial.c for server builds.Rob Austein
2016-06-30Merge branch 'master' into macosx.Rob Austein
2016-06-30RPC wire format now includes client handle in all requests, and opcode andPaul Selkirk
client handle in all responses. This simplies the daemon a little, and means that the directly-connected serial client uses the same wire format as the daemon. The expense is some redundant code in rpc_client and rpc_server to process (and throw away) this extra stuff.
2016-06-30Start work to support client code on Mac OS X.Rob Austein
Includes preliminary support for the magic Mac-specific ioctl() to see line speed, but has not yet been tested, that's waiting for some supporting tweaks to the RPC code from Paul. Includes some general cleanup which isn't really specific to Mac OS X per se but which needed doing and which simplifies adding the Mac code.
2016-06-30serial_internal.h is both unused and incorrect, so away with it.Rob Austein
2016-06-26Merge branch 'master' of https://git.cryptech.is/sw/libhal.git.Rob Austein
2016-06-26Update libhal makefiles to use new LIBxxx_SRC / LIBxxx_BLD scheme so libhal ↵Rob Austein
can find tfm.h again.
2016-06-26Add hal_set_pin_default_iterations so the CLI can use hal_rpc_set_pin with ↵Paul Selkirk
control over iterations.
2016-06-25Dial back the last-gasp iterations to something sane.Paul Selkirk
I can't see protecting the well-known default password against a brute-force attack, and 100k iterations takes almost a minute, which makes a terrible first impression.
2016-06-25Rename GNUmakefile to Makefile for consistency.Paul Selkirk
2016-06-24Support VPATH builds.Rob Austein
2016-06-24Merge branch 'master' of git.cryptech.is.:sw/libhalFredrik Thulin
2016-06-24Use hal_error_t as suggested by Rob.Fredrik Thulin
2016-06-23ks_flash returns all-ones instead of all-zeros for "blank" memory, cope.Rob Austein
This will need refactoring once we have a proper test for whether the HSM is initializing after receiving a fresh software load.
2016-06-23Preserve externally supplied LDFLAGS value (Lintian whines otherwise).Rob Austein
2016-06-23Implement master key for wrapping keys in the keystore.Fredrik Thulin
The KEK (Key Encryption Key) is first fetched from the FPGA that gets it from the volatile Master Key Memory (that in theory has tamper*kek_len = len protection with wiping), and secondly from flash. The flash option is meant for development/evaluation use using an Alpha board where the Master Key Memory is not battery backed. For any serious use of an Alpha, an option is to enter the master key into the volatile MKM on each power-on as a way to unlock the keystore.
2016-06-16Merge branch 'master' into ft-ks_flashFredrik Thulin