| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-04-26 | Lower PBKDF2 password iterations and add delay on bad PIN. | Rob Austein | |
| Consistent user complaints about HSM login taking too long. Underlying issue has both superficial and fundamental causes. Superficial: Our PBKDF2 implementation is slow. We could almost certainly make it faster by taking advantage of partial pre-calculation (see notes in code) and by reenabling use of FPGA hash cores when when checking passwords (which mgiht require linking the bootloader against a separate libhal build to avoid chicken-and-egg problem of needing FPGA to log into console to configure FPGA). Fundamental: The PBKDF2 iteration counts we used to use (10,000 minimum, 20,000 default) are in line with current NIST recommendations. The new, faster values (1,000 and 2,000, respectively) are not, or, rather, they're in line with what NIST recommended a decade ago. Well, OK, maybe the Coretex M4 is so slow that it's living in the past, but still. The fundamental issue is that anybody who can capture the encoded PIN can mount an offline dictionary attack on it, so we'd like to make that expensive. But the users are unhappy with the current behavior, so this change falls back to the ancient technique of adding a delay (currently five seconds, configurable at compile time) after a bad PIN, which makes it painful to use the login function as an oracle but does nothing about the offline dictionary attack problem. Feh. Note that users can still choose a higher iteration count, by setting the iteration count via the console. It's just not the default out of the box anymore. | |||
| 2017-02-02 | Add locking around keystore operations. | Rob Austein | |
| 2016-11-14 | More API cleanup: remove hal_rpc_pkey_list(). | Rob Austein | |
| hal_rpc_pkey_list() was a simplistic solution that worked when the keystore only supported a handful of keys and we needed a quick temporary solution in time for a workshop. It doesn't handle large numbers of keys well, and while we could fix that, all of its functionality is now available via more robust API functions, so simplifying the API by deleting it seems best. Since this change required mucking with dispatch vectors yet again, it converts them to use C99 "designated initializer" syntax. | |||
| 2016-09-08 | New keystore index internal API. Compiles, not yet integrated or tested. | Rob Austein | |
| 2016-06-26 | Add hal_set_pin_default_iterations so the CLI can use hal_rpc_set_pin with ↵ | Paul Selkirk | |
| control over iterations. | |||
| 2016-06-23 | ks_flash returns all-ones instead of all-zeros for "blank" memory, cope. | Rob Austein | |
| This will need refactoring once we have a proper test for whether the HSM is initializing after receiving a fresh software load. | |||
| 2016-05-25 | Start cleaning up PIN code. | Rob Austein | |
| 2016-05-14 | Add mixed-mode key support, for PKCS #11 "session" (ie, not "token") keys. | Rob Austein | |
| 2016-03-16 | Added serial RPC transport and lots more... | Paul Selkirk | |
| Added RPC function to get server version number. Substantially reworked GNUMakefile with conditionals. Renamed rpc_*() and xdr_*() to hal_*() for consistency. Moved hal_io_fmc.c from stm32 repo. | |||
| 2015-12-24 | Fix dispatch vector names. | Rob Austein | |
| 2015-12-24 | hal_rpc_logout_all(), hal_rpc_is_logged_in(). | Rob Austein | |
| 2015-12-24 | More work on PIN/login/logout code. Access control still missing, | Rob Austein | |
| committing now so Paul has a chance to look at the current RPC API. | |||
| 2015-12-23 | RPC interface to TRNG and (incomplete) PIN code. | Rob Austein | |
 |
index : sw/libhal | |
| Cryptech libhal: crypto software, HSM management, RPC | git repositories |
| aboutsummaryrefslogtreecommitdiff |
path: root/rpc_misc.c