Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-09-16 | Debug new ks_flash code. | Rob Austein | |
2016-09-16 | Revised ks_flash. Compiles, not yet tested. | Rob Austein | |
2016-09-09 | Simplify hal_rpc_pkey_find() by removing `type` argument. | Rob Austein | |
Now that key names are UUIDs generated by the HSM, there's no real need to specify type key type when looking up a key, and removing the `type` argument allows a few simplifications of both the internal keystore API and of client code calling the public RPC API. | |||
2016-09-01 | Revised keystore API, part one. Not usable yet. | Rob Austein | |
Changes to implement a revised keystore API. This code probably won't even compile properly yet, and almost certainly will not run, but most of the expected changes are complete at this point. Main points: * Key names are now UUIDs, and are generated by the HSM, not the client. * Keystore API no longer assumes that key database is resident in memory (original API was written on the assumption that the keystore flash would be mapped into the HSM CPU's address space, but apparently the board and flash drivers don't really support that). A few other changes have probably crept in, but the bulk of this changeset is just following through implications of the above, some of which percolate all the way back to the public RPC API. | |||
2016-08-10 | Reset table of cores, e.g. after resetting FPGA from CLI. | Paul Selkirk | |
2016-08-10 | Merge branch 'resource_management' | Paul Selkirk | |
2016-07-07 | Check and propagate XDR error codes, to detect bad request packets. | Paul Selkirk | |
2016-07-05 | Attempt to add resource management, for multiple cores of the same type. | Paul Selkirk | |
Find a suitable core, and mark it busy. Don't forget to release it as soon as you're done. This has a knock-on effect of un-const'ing core arguments and struct fields in a lot of places, and it moves some core checks around. | |||
2016-06-24 | Use hal_error_t as suggested by Rob. | Fredrik Thulin | |
2016-06-14 | Add support for ModExpA7 | Paul Selkirk | |
2016-05-31 | SHA-224 driver and soft core. | Rob Austein | |
2016-05-25 | Start cleaning up PIN code. | Rob Austein | |
2016-05-24 | Add mkmif | Paul Selkirk | |
2016-05-15 | Add hal_rpc_pkey_rename(); allow null string as (temporary) key name. | Rob Austein | |
Temporary nature of null string as key name is not enforced by the keystore code, it's just a convention to allow callers to generate a keypair, obtain the public key, hash that to a Subject Key Identifier (SKI), and rename the key using the SKI as the new name. This is a compromise to let us use SKI-based key names in PKCS #11 while keeping the keystore code simple. | |||
2016-05-14 | Add mixed-mode key support, for PKCS #11 "session" (ie, not "token") keys. | Rob Austein | |
2016-05-12 | Add hal_digest_algorithm_none; tweak handling of none handles. | Rob Austein | |
2016-04-24 | Break the RPC dispatch out of hal_rpc_server_main, for the benefit of the ↵ | Paul Selkirk | |
threaded server. | |||
2016-03-29 | Add rpc error codes. | Paul Selkirk | |
2016-03-16 | Added serial RPC transport and lots more... | Paul Selkirk | |
Added RPC function to get server version number. Substantially reworked GNUMakefile with conditionals. Renamed rpc_*() and xdr_*() to hal_*() for consistency. Moved hal_io_fmc.c from stm32 repo. | |||
2016-02-25 | RPC over loopback socket, just to work out the mechanics for serialization ↵ | Paul Selkirk | |
and dispatch. | |||
2015-12-24 | hal_rpc_logout_all(), hal_rpc_is_logged_in(). | Rob Austein | |
2015-12-24 | More work on PIN/login/logout code. Access control still missing, | Rob Austein | |
committing now so Paul has a chance to look at the current RPC API. | |||
2015-12-23 | RPC interface to TRNG and (incomplete) PIN code. | Rob Austein | |
2015-12-22 | Add ASN.1 support for public keys (X.509 SubjectPublicKeyInfo format). | Rob Austein | |
2015-12-21 | Fix names of private key DER functions. | Rob Austein | |
2015-12-20 | Drop support for the ASN.1-based ECDSA signature format in favor of | Rob Austein | |
the simpler format which PKCS #11 uses, since we have to support the latter in any case and it's not worth the complexity of supporting both. | |||
2015-12-20 | RPC server stuff mostly written. Compiles, not yet tested. RPC | Rob Austein | |
public key extraction functions on hold pending ASN.1 cleanup. | |||
2015-12-13 | Add rpc_hash.c. Convert dynamic allocator in hash.c to use private | Rob Austein | |
pool of pre-configured state blocks, suitable for an embedded system. | |||
2015-11-13 | Merge branch 'config_core_selector' | Paul Selkirk | |
2015-10-19 | catch up to changes in core version numbers | Paul Selkirk | |
2015-10-04 | Whack libhal API to use current configure_core_selector mechanism. | Rob Austein | |
Compiles, not yet tested. | |||
2015-10-04 | off_t => hal_addr_t. | Rob Austein | |
2015-09-08 | Merge branch 'master' into ecdsa | Rob Austein | |
This required a bit of manual cleanup in hal.h, hash.c, and rsa.c. No intended changes to functionality provided by parent comments, just a few tweaks to track API changes beyond git's ken. | |||
2015-09-08 | Merge branch 'state_access' | Rob Austein | |
2015-09-06 | Add ECPoint I/O functions. ASN.1 cleanup. | Rob Austein | |
2015-09-02 | Still more const-ification. | Rob Austein | |
2015-09-02 | Add PKCS11 ECDSA signature format. | Rob Austein | |
2015-09-02 | Clean up excessively complicated handling of opaque types in hash and | Rob Austein | |
RSA code; use simpler model (pointer to incomplete structure) used in ECDSA code. Refactor RSA code to use shared ASN.1 routines. | |||
2015-08-22 | Add hal_ecdsa_verify(). Move hashing out of ECDSA routines. Clean up | Rob Austein | |
a few bits that didn't pass self-review. | |||
2015-08-21 | Snapshot along the way to ECDSA. Code mostly written, except for | Rob Austein | |
ecdsa_verify(). Untested. Point addition and doubling algorithms are the ones from libtomcrypt, main point of this commit is to save those before replacing them with faster algorithms from hyperelliptic.org. | |||
2015-07-18 | Add support for dynamic allocation of hash and HMAC state, for cases | Rob Austein | |
where it's unavoidable. | |||
2015-07-17 | First cut at libhal support for hash cores with ability to save and | Rob Austein | |
restore internal state. Compiles, not yet tested. | |||
2015-07-14 | Changes to support Pavel's ModExpS6 core. | Rob Austein | |
2015-06-24 | Rework API for loading keys from components. Relax key size | Rob Austein | |
constraints to allow any key size within our supported range, since hsmbully seems to want to twist this knob to every possible setting. | |||
2015-06-21 | libcryptech -> libhal, doh. | Rob Austein | |