sw/libhal - Cryptech libhal: crypto software, HSM management, RPC

Age	Commit message (Collapse)	Author
2019-12-02	After some thought, I'd rather make raw export/import a sub-function of	Paul Selkirk
	key export/import (kekek = none, kek_len = 0), rather than separate RPCs.
2019-11-06	Export/import "raw" keys for external storage.	Paul Selkirk
	Exported keys are wrapped with the MKM KEK, not a transit KEK, and can only be imported back to the same HSM. The idea is to support operators who have more keys than will fit on the HSM, so they will cycle keys into and out of the HSM as needed. NOTE that hashsig is, as always, special. The hashsig key has an internal index that is updated on every signature. To prevent a hashsig key from being re-imported with an old index (which would compromise the security of the key), the hashsig key is disabled on export, and must be deleted from the HSM before being re-imported.
2019-04-09	Huh, I forgot to add a Python RPC handler for pkey_generate_hashsig,	Paul Selkirk
	over a year ago.
2018-03-21	Supply our own context manager instead of using contextlib.	Rob Austein
	contextlib is cute, but incompatible with other coroutine schemes like Tornado, so just write our own context manager for xdrlib.Unpacker.
2017-09-15	4096-bit RSA keys working again, with 8k keystore "blocks".	Rob Austein

2017-06-11	None is more Pythonic than "" as indicator for "no key"	Rob Austein

2017-05-28	Almost compiles.	Rob Austein
	Need to refactor init sequence slightly (again), this time to humor the bootloader, which has its own special read-only view of the PIN block in the token keystore.
2017-04-14	Python interface API will need to be cryptech.libhal for installation.	Rob Austein