sw/libhal - Cryptech libhal: crypto software, HSM management, RPC

Age	Commit message (Collapse)	Author
2016-08-10	Mixed-mode pkey sign and verify must construct DigestInfo for PKCS #1.5.	Rob Austein
	PKCS #11 expects a DigestInfo rather than a raw digest when passing a pre-computed digest for PKCS #1.5 signature or verification, so the rpc_pkey signature and verification calls do too. This requires special case handling of RSA when the user passes a digest handle in mixed mode. Annoying, but PKCS #1.5 is weird enoug that there's no way to avoid some kind of special case handling, this approach has the advantage of not requiring us to parse and reconstruct the ASN.1, and is probably what PKCS #11 has trained software to expect in any case.
2016-07-07	Drop RPC response message if the opcode doesn't match what we sent.	Rob Austein

2016-06-30	RPC wire format now includes client handle in all requests, and opcode and	Paul Selkirk
	client handle in all responses. This simplies the daemon a little, and means that the directly-connected serial client uses the same wire format as the daemon. The expense is some redundant code in rpc_client and rpc_server to process (and throw away) this extra stuff.
2016-06-09	Fix duplicate dispatch vectors when building for RPC_CLIENT_LOCAL.	Rob Austein

2016-05-31	Conditionalize "mixed" operations so we can build a clean remote client.	Paul Selkirk
	Note that mixed mode doesn't actually work, because aes_keywrap tries to hal_io_write to the AES core.
2016-05-18	Impressive how hard it can be to diagnose getting everything but the RPC ↵	Rob Austein
	opcode right.
2016-05-15	Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.	Rob Austein
	Temporary nature of null string as key name is not enforced by the keystore code, it's just a convention to allow callers to generate a keypair, obtain the public key, hash that to a Subject Key Identifier (SKI), and rename the key using the SKI as the new name. This is a compromise to let us use SKI-based key names in PKCS #11 while keeping the keystore code simple.
2016-05-14	Trailing whitespace cleanup.	Rob Austein

2016-05-14	Clean up pkey mixed mode.	Rob Austein

2016-05-14	Entirely too much fun with C const-ification.	Rob Austein

2016-05-14	Add mixed-mode key support, for PKCS #11 "session" (ie, not "token") keys.	Rob Austein

2016-05-12	Fix buffer allocations in RPC client code.	Rob Austein
	The client wrappers for several RPC calls were not allocating enough space for all of their arguments. Fixed, and added a bit of syntactic sugar to make inspection a bit easier to combat the eyes-glazing-over effect of an entire file full of nearly-identical RPC client stubs.
2016-03-29	Enable 'mixed' mode, with client-side hashing.	Paul Selkirk

2016-03-16	Added serial RPC transport and lots more...	Paul Selkirk
	Added RPC function to get server version number. Substantially reworked GNUMakefile with conditionals. Renamed rpc_() and xdr_() to hal_*() for consistency. Moved hal_io_fmc.c from stm32 repo.
2016-02-25	RPC over loopback socket, just to work out the mechanics for serialization ↵	Paul Selkirk
	and dispatch.
2015-12-24	hal_rpc_logout_all(), hal_rpc_is_logged_in().	Rob Austein

2015-12-24	More work on PIN/login/logout code. Access control still missing,	Rob Austein
	committing now so Paul has a chance to look at the current RPC API.
2015-12-23	RPC interface to TRNG and (incomplete) PIN code.	Rob Austein

2015-12-22	Add ASN.1 support for public keys (X.509 SubjectPublicKeyInfo format).	Rob Austein

2015-12-20	RPC server stuff mostly written. Compiles, not yet tested. RPC	Rob Austein
	public key extraction functions on hold pending ASN.1 cleanup.
2015-12-13	Add rpc_hash.c. Convert dynamic allocator in hash.c to use private	Rob Austein
	pool of pre-configured state blocks, suitable for an embedded system.
2015-12-11	RPC API dispatch, skeleton client functions, mixed-mode handlers for	Rob Austein
	local hashing with remote pkey.