| Age | Commit message (Collapse) | Author |
|---|
|
that talks to that core out of aes_keywrap.c. The HSM will now be built
with just the keywrap core, with no user access to aes or mkmif.
|
|
- Move hashsig.h contents into hal.h.
- Uppercase lmots and lms algorithm types, because we have a convention
that enum values are uppercase.
- Change all I to hal_uuid_t, because that how we're using them, and it
seems silly to have two different 16-byte array types.
- Change all "memcpy(&this, &that, sizeof(this))" to "this = that",
because it's more succinct, more type-safe, and harder to get wrong.
- Slightly tighten up lmots_generate, lmots_sign, and
lmots_public_key_candidate.
- Remove verbatim draft text, now that I'm pretty sure I implemented it
correctly.
|
|
|
|
|
|
|
|
|
|
At least for now, the speed tradeoff between software ModExp and our
Verilog ModExp core differs significantly between signature and key
generation. We don't really know why, but since key generation does
not need to be constant time, we split out control over whether to use
the software or FPGA implementation, so that we can use the FPGA for
signature while using software for key generation.
Revisit this if and when we figure out what the bottleneck is, as well
as any time that the FPGA core itself changes significantly.
|
|
|
|
Still not yet expected to compile, much less run, but getting closer.
|
|
|
|
The Novena-era mmap()-based keystore is far enough out of date that
it's not worth maintaining (and we haven't been doing so): if we ever
need one again, it would be easier to rewrite it from scratch.
|
|
|
|
|
|
Support for core/pkey/ecdsa256 and core/pkey/ecdsa384.
|
|
Exporting CFLAGS as an environment variable turns out to interact
badly with certain other settings here. I *think* this only happens
when we use one of the shorthand targets which re-runs make in the
same directory with non-default settings, but this is complicated
enough without having to remember which voodoo triggers it. So
instead of exporting CFLAGS as an environment variable we just pass it
on the command line in the handful of cases where it's needed.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The debugging code was for tracking down what turned out to be a race
condition in the Alpha's flash driver code (see sw/stm32); much of
this was temporary, and will be removed in a (near) future commit, but
some of the techniques were useful and belong in the repository in
case we need to pull them back for something similar in the future.
hal_ks_index_fsck() attempts to diagnose all the things I found wrong
in the ks_flash index after one long series of errors. As presently
written, it doesn't attempt to fix anything, just diagnose errors: the
intent is that we can call this, before and after every modification
if necessary, to poinpoint exactly which calls introduce errors. Once
things stablize a bit, we may want to crank down the number of calls
to this (it's a bit expensive, since it checks the entire index), and
perhaps add the ability to clean up whatever errors it might find; the
latter might be a good candidate for a CLI command.
|
|
This is mostly to archive a commit where PKCS #11 "make test" still
works after converting the ks_volatile code to use SDRAM allocated at
startup instead of (large) static variables.
The attribute code itself is incomplete at this point.
|
|
|
|
Whack masterkey code to meet libhal coding standards, such as they
are.
Started layout of new ks_flash data structures but no changes to
functions or flash usage yet.
MKM initialization from flash placed under compile-time conditional
with warning because it's a dangerous kludge that should go away.
Started getting rid of obsolete keystore code; ks_mmap.c kept for now,
until I get around to merging the useful bits into ks_volatile.
|
|
This is an open source C99 CRC-32 implementation generated by pycrc,
see notes in source on copyright status and pycrc options used.
crc32.c contains two different implementations of the CRC-32 algorithm
with the same API, one optimized for speed, the other optimized for
much smaller code space at the expense of speed. We use the fast
implementation by default, but maybe the small implementation will be
useful, eg, in the bootloader. Remove the extra later if this turns
out to have been a waste of time.
|
|
|
|
Fixes for various minor issues found while integrating with sw/stm32.
Moving the in-memory keystore (PKCS #11 session objects, etc) from the
client library to the HSM was on the near term to-do list in any case,
doing it now turned out to be the easiest way to solve one of the
build problems.
|
|
Changes to implement a revised keystore API. This code probably won't
even compile properly yet, and almost certainly will not run, but most
of the expected changes are complete at this point. Main points:
* Key names are now UUIDs, and are generated by the HSM, not the client.
* Keystore API no longer assumes that key database is resident in
memory (original API was written on the assumption that the keystore
flash would be mapped into the HSM CPU's address space, but
apparently the board and flash drivers don't really support that).
A few other changes have probably crept in, but the bulk of this
changeset is just following through implications of the above, some of
which percolate all the way back to the public RPC API.
|
|
See, reading from an unconfigured FPGA returns all-1, while reading from
empty cores on a configured FPGA returns all-0. The consequence of this is
that the HSM was probing the FPGA once on startup, filling its core table
with 0xff, rendering the FPGA useless.
Along the way, I put the FPGA core table in static memory, rather than
malloc'ing it, because that's not so good in an embedded environment.
But I kept the linked list, because that at least tells us what to do if
HAL_STATIC_CORE_STATE_BLOCKS is 0.
|
|
|
|
|
|
Too many recent tweaks to same few lines of this Makefile for a
straight merge to work; fortunately, the obvious simplification should
also work as a fix for the most recent problem.
|
|
|
|
client handle in all responses.
This simplies the daemon a little, and means that the directly-connected
serial client uses the same wire format as the daemon. The expense is some
redundant code in rpc_client and rpc_server to process (and throw away)
this extra stuff.
|
|
Includes preliminary support for the magic Mac-specific ioctl() to see
line speed, but has not yet been tested, that's waiting for some
supporting tweaks to the RPC code from Paul.
Includes some general cleanup which isn't really specific to Mac OS X
per se but which needed doing and which simplifies adding the Mac code.
|
|
can find tfm.h again.
|
|
|
