aboutsummaryrefslogtreecommitdiff
path: root/ks.c
AgeCommit message (Collapse)Author
2020-02-18timing tests for RSA signingmodexpngPaul Selkirk
2018-07-25Merge branch 'hashsig'Paul Selkirk
2018-05-20Silence compiler warning in revised hal_ks_fetch().Rob Austein
2018-05-19Release keystore lock before unwrapping key.Rob Austein
hal_ks_fetch() was written as lock-at-the-top, unlock-at-the-bottom to keep it as simple as possible, but this turns out to have bad performance implications when unwrapping the key is slow. So now we grab the wrapped key, release the lock, then unwrap, which should be safe enough given that hal_ks_fetch() is read-only. This lets us make better use of multiple AES cores to unwrap in parallel when we have multiple active clients.
2018-04-19Implement hash-based signatures, per draft-mcgrew-hash-sigs-08.txtPaul Selkirk
2018-04-19Add hal_ks_availablePaul Selkirk
2017-12-13Merge branch systolic_crt into master.Rob Austein
This branch was sitting for long enough that master had been through a cleanup pass, so beware of accidental reversions.
2017-10-27~0 is actually more correct, or more portablePaul Selkirk
2017-10-23Cleanup signed/unsigned mismatches, mostly in loop countersPaul Selkirk
2017-09-13Sort-of-working, large (4096-bit) RSA keys broken.Rob Austein
Snapshot of mostly but not entirely working code to include the extra ModExpA7 key components in the keystore. Need to investigate whether a more compact representation is practical for these components, as the current one bloats the key object so much that a bare 4096-bit key won't fit in a single hash block, and there may not be enough room for PKCS #11 attributes even for smaller keys. If more compact representation not possible or insufficient, the other option is to double the size of a keystore object, making it two flash subsectors for a total of 8192 octets. Which would of course halve the number of keys we can store and require a bunch of little tweaks all through the ks code (particularly flash erase), so definitely worth trying for a more compact representation first.
2017-06-04Tweak CRC input to be backwards compatabile with ksng.Rob Austein
Except for torture tests, we never really used the hideously complex multi-block capabilities of the ksng version of the flash keystore, among other reasons because the only keys large enough to trigger the multi-block code were slow enough to constitute torture on their own. So we can preserve backwards compatabliity simply by including the former *chunk fields (renamed legacy* here) in the CRC and checking for the expected single-block key values. We probably want to include everything in the CRC in any case except when there's an explicit reason omit something, so, this is cheap, just a bit obscure. At some point in the future we can phase out support for the backwards compatible values, but there's no particular hurry about it unless we want to reuse those fields for some other purpose.
2017-05-30Hold keystore lock before calling keystore driver methods.Rob Austein
Most keystore methods already followed this rule, but hal_ks_*_init() and hal_ks_*_logout() were confused, in different ways.
2017-05-30Merge branch 'logout' into ks9Rob Austein
The internal keystore API has changed enough since where the "logout" branch forked that a plain merge would have no prayer of compiling, must less running. So this merge goes well beyond manual conflict resolution: it salvages the useful code from the "logout" branch, with additional code as needed to reimplement the functionality. Sorry.
2017-05-29Simplify per-session keys.Rob Austein
Cosmetic cleanup of pkey_slot along the way.
2017-05-29Indentation.Rob Austein
2017-05-29Debug per-session keys.Rob Austein
2017-05-28Almost compiles.Rob Austein
Need to refactor init sequence slightly (again), this time to humor the bootloader, which has its own special read-only view of the PIN block in the token keystore.
2017-05-28Further keystore cleanup and consolidation.Rob Austein
Still not yet expected to compile, much less run, but getting closer.
2017-05-25Checkpoint while refactoring. Almost certainly will not compile.Rob Austein
2017-05-25Fix up ks driver calls and inline wrappers.Rob Austein
2017-05-24Type name cleanup, key visibility.Rob Austein
2017-05-24Checkpoint, not expected to work yet, includes a lot of notes.Rob Austein
2016-09-13Cleanup prior to rewriting ks_flash.c.Rob Austein
Whack masterkey code to meet libhal coding standards, such as they are. Started layout of new ks_flash data structures but no changes to functions or flash usage yet. MKM initialization from flash placed under compile-time conditional with warning because it's a dangerous kludge that should go away. Started getting rid of obsolete keystore code; ks_mmap.c kept for now, until I get around to merging the useful bits into ks_volatile.
2016-09-08New keystore index internal API. Compiles, not yet integrated or tested.Rob Austein
2016-09-01Move in-memory keystore from client to server. Whack with club until compiles.Rob Austein
Fixes for various minor issues found while integrating with sw/stm32. Moving the in-memory keystore (PKCS #11 session objects, etc) from the client library to the HSM was on the near term to-do list in any case, doing it now turned out to be the easiest way to solve one of the build problems.
2016-06-23ks_flash returns all-ones instead of all-zeros for "blank" memory, cope.Rob Austein
This will need refactoring once we have a proper test for whether the HSM is initializing after receiving a fresh software load.
2016-06-10Allow host-side libhal build without access to secure hardware toRob Austein
store unencrypted public keys (we don't allow this for private keys). Yet another screwball feature to support PKCS #11, sigh. Anyway, with this change, mixed-mode builds should work again.
2016-05-25Start cleaning up PIN code.Rob Austein
2016-05-17Increment return count, not pointer to return count. Feh, C.Rob Austein
2016-05-15Tweak keystore API to allow update-in-place, so hal_ks_rename() will work.Rob Austein
2016-05-15Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.Rob Austein
Temporary nature of null string as key name is not enforced by the keystore code, it's just a convention to allow callers to generate a keypair, obtain the public key, hash that to a Subject Key Identifier (SKI), and rename the key using the SKI as the new name. This is a compromise to let us use SKI-based key names in PKCS #11 while keeping the keystore code simple.
2016-05-14Trailing whitespace cleanup.Rob Austein
2016-03-11First round of debugging based on RPC pkey tests: mostly ASN.1Rob Austein
silliness, with a bit of PKCS #1.5 padding silliness for desert.
2016-03-03Initial implementations of ks_get_kek(). Untested, and none of theseRob Austein
are secure (the one in ks_flash.c is a stub, and the others are for cases where we have no secure hardware in which to store the KEK). These are primarily for testing, since in the long run the entire software implementation of AES-keywrap will be replaced by Verilog which never lets software see the unwrapped key. Or so says current theory. For the moment, we just need something that will let us test the rest of the RPC and keystore mechanisms.
2016-02-25RPC over loopback socket, just to work out the mechanics for serialization ↵Paul Selkirk
and dispatch.
2015-12-24More work on PIN/login/logout code. Access control still missing,Rob Austein
committing now so Paul has a chance to look at the current RPC API.
2015-12-23RPC interface to TRNG and (incomplete) PIN code.Rob Austein
2015-12-20RPC server stuff mostly written. Compiles, not yet tested. RPCRob Austein
public key extraction functions on hold pending ASN.1 cleanup.