aboutsummaryrefslogtreecommitdiff
path: root/libhal.py
AgeCommit message (Collapse)Author
2017-03-06Support setting attributes via keyword arguments.Rob Austein
2017-02-03Debug logging for pkey open/close/delete events.Rob Austein
2017-01-31Enable low-level debugging support in libhal.py.Rob Austein
2017-01-10Handle connection close events properly, use logging library.Rob Austein
2017-01-05Whack multiplexer to handle console too.Rob Austein
Renamed multiplexer to cryptech_muxd, since it now handles both RPC and CTY. Added new program cryptech_console to act as client for CTY multiplexer. Might want to add console logging capability eventually, not today. Probably want to incorporate UART probing (what cryptech_probe does now) eventually, also not today.
2016-12-28Experimental libhal RPC MUX based on PySerial and Tornado.Rob Austein
This is a work in progress, so far it only works with libhal.py client, haven't adapted libhal C client code for this yet. General idea is to let PySerial and Tornado handle all the pesky work of dealing with Unix serial ports, PF_LOCAL connection management, select() vs epoll() vs kqueue() vs ... I/O management, etcetera. We could do this with just PySerial and the Python standard libraries, but using Tornado allows us to do it in a single process, without threading, and also leaves the door open for consolidating other HSM management functions (eg, console access) into the same single daemon process. For the moment we're using SLIP framing over a SOCK_STREAM connection, which is a bit silly but avoids the problem of OSX not supporting SOCK_SEQPACKET. In the long run we're going to want a real channel security protocol here, so don't sweat this too much right now.
2016-11-21Whack attribute code with a club until it works with PKCS #11.Rob Austein
PKCS #11 supports zero-length attributes (eg, CKA_LABEL) so hack of using zero length attribute as NIL value won't work, instead we use a slightly more portable version of the hack PKCS #11 uses (PKCS #11 stuffs -1 into a CK_ULONG, we stuff 0xFFFFFFFF into a uint32_t). ks_attribute.c code was trying too hard and tripping over its own socks. Instead of trying to maintain attributes[] in place during modification, we now perform the minimum necessary change then re-scan the block. This is (very slightly) slower but more robust, both because the scan code has better error checking and because it's the scan code that we want to be sure is happy before committing a change. Rename hal_rpc_pkey_attribute_t to hal_pkey_attribute_t.
2016-11-19Support queries for attribute length and presence.Rob Austein
Calling hal_rpc_pkey_get_attributes() with attribute_buffer_len = 0 now changes the return behavior so that it reports the lengths of attributes listed in the query, with a length of zero for attributes not present at all. This is mostly to support C_GetAttributeValue() in PKCS #11, but we also use it to make the Python interface a bit kinder to the user.
2016-11-14More API cleanup: remove hal_rpc_pkey_list().Rob Austein
hal_rpc_pkey_list() was a simplistic solution that worked when the keystore only supported a handful of keys and we needed a quick temporary solution in time for a workshop. It doesn't handle large numbers of keys well, and while we could fix that, all of its functionality is now available via more robust API functions, so simplifying the API by deleting it seems best. Since this change required mucking with dispatch vectors yet again, it converts them to use C99 "designated initializer" syntax.
2016-11-14hal_rpc_pkey_find() -> hal_rpc_pkey_open().Rob Austein
2016-11-10Clean out huge swacks of RPC API we don't need anymore.Rob Austein
pkey attribute API is now just set_attributes() and get_attributes().
2016-11-10First cut at ks_flash support for attribute get/set/delete API.Rob Austein
Passes minimal unit-testing and the same minimal tests report that it does deliver the desired performance speed-up. More testing and much cleanup still needed. Attribute API not quite stable yet, we're probably going to want to remove all the singleton attribute operations from the RPC protocol, and it turns out that ks_delete_attributes() has enough code in common with ks_set_attributes() that it makes more sense to handle the former as a special case of the latter.
2016-11-08First cut at multi-attribute get/set/delete API.Rob Austein
This is not yet complete, only the ks_volatile driver supports it, ks_flash will be a bit more complicated and isn't written yet. At the moment, this adds a complete duplicate set of {set,get,delete}_attributes() functions in parallel to the earlier {set,get,delete}_attribute() functions. We will almost certainly want to get rid of the duplicates, probably (but not necessarily) the entire single-attribute suite. At the moment, though, we want both sets so we can compare execution speeds of the two sets of functions.
2016-11-02Get rid of libhal.Attribute (dict suffices).Rob Austein
2016-11-02Debug dict() support, add set() support.Rob Austein
2016-11-02Fix pkey_get_attribute(), handle XDR encoding of base types properly.Rob Austein
pkey_get_attribute() wasn't passing value_max, resulting in an XDR error. XDR encoding of built-in types now uses isinstance() rather than playing nasty games with the string names of base types.
2016-11-01Add hal_rpc_pkey_get_key_curve().Rob Austein
Incidental minor refactoring of hal_rpc_server_dispatch().
2016-11-01More Pythonic API for certain pkey calls.Rob Austein
PKey objects can now be used as context managers, in which case the key handle will be closed when the block exits. HSM.pkey_find() now returns a generator which will iterate through the full set of results, making additional RPC calls as necessary. NIST ECDSA test vector test refactored to remove duplicated code.
2016-11-01hal_ks_index_fsck() and a pile of debugging code.Rob Austein
The debugging code was for tracking down what turned out to be a race condition in the Alpha's flash driver code (see sw/stm32); much of this was temporary, and will be removed in a (near) future commit, but some of the techniques were useful and belong in the repository in case we need to pull them back for something similar in the future. hal_ks_index_fsck() attempts to diagnose all the things I found wrong in the ks_flash index after one long series of errors. As presently written, it doesn't attempt to fix anything, just diagnose errors: the intent is that we can call this, before and after every modification if necessary, to poinpoint exactly which calls introduce errors. Once things stablize a bit, we may want to crank down the number of calls to this (it's a bit expensive, since it checks the entire index), and perhaps add the ability to clean up whatever errors it might find; the latter might be a good candidate for a CLI command.
2016-10-30Preliminary libhal.py test code superseded by unit-tests.pyRob Austein
2016-10-29Mixed mode needs to support PKCS #1.5 DigestInfo for RSA.Rob Austein
2016-10-26Add PyCrypto-based mixed-mode support to Python RPC client.Rob Austein
2016-10-25Uppercase HAL_DIGEST_ALGORITHM_ symbols for API consistency.Rob Austein
2016-10-24Flesh out key object access control.Rob Austein
This is more complicated than I'd have liked, because the PKCS #11 semantics are (much) more complicated than just "are you logged in?" New code passes basic testing with libhal.py and the PKCS #11 unit tests, but there are still unexplored corner cases to be checked. Private token objects remain simple. Code which does not need PKCS HAL_KEY_FLAG_TOKEN and avoid HAL_KEY_FLAG_PUBLIC.
2016-10-24Make previous_uuid an input-only argument to hal_rpc_pkey_match().Rob Austein
In retrospect it's obvious that this never needed to be an input/output argument, as its value will always be the same as the last value in the returned array. Doh. So simplify the RPC and call sequence slightly by removing the unnecessary output value.
2016-10-21Tweak enum handling to handle more of the C enum definition syntax.Rob Austein
Intent is to make it easier just to paste C enum definitions into Python code and have the right thing happen, to simplify keeping C and Python definitions in sync.
2016-10-21Better enum handling, more readable RPC methods.Rob Austein
Using a context manager allows us to write the individual RPC methods fairly legibly, while still enforcing xdrlib.Unpacker.done() logic. Python doesn't really have enums in the sense that C does, and many people have put entirely too much skull sweat into trying to invent the Most Pythonic reimplementation of the enum concept, but an int subclass with a few extra methods is close enough for our purposes.
2016-10-20Fix HAL_KEY_TYPE_* symbols, add Attribute class.Rob Austein
2016-10-19Add handle objects to make API a bit more Pythonic.Rob Austein
2016-10-19First cut at Python interface to native libhal RPC.Rob Austein