aboutsummaryrefslogtreecommitdiff
path: root/rpc_misc.c
AgeCommit message (Collapse)Author
2017-04-26Lower PBKDF2 password iterations and add delay on bad PIN.Rob Austein
Consistent user complaints about HSM login taking too long. Underlying issue has both superficial and fundamental causes. Superficial: Our PBKDF2 implementation is slow. We could almost certainly make it faster by taking advantage of partial pre-calculation (see notes in code) and by reenabling use of FPGA hash cores when when checking passwords (which mgiht require linking the bootloader against a separate libhal build to avoid chicken-and-egg problem of needing FPGA to log into console to configure FPGA). Fundamental: The PBKDF2 iteration counts we used to use (10,000 minimum, 20,000 default) are in line with current NIST recommendations. The new, faster values (1,000 and 2,000, respectively) are not, or, rather, they're in line with what NIST recommended a decade ago. Well, OK, maybe the Coretex M4 is so slow that it's living in the past, but still. The fundamental issue is that anybody who can capture the encoded PIN can mount an offline dictionary attack on it, so we'd like to make that expensive. But the users are unhappy with the current behavior, so this change falls back to the ancient technique of adding a delay (currently five seconds, configurable at compile time) after a bad PIN, which makes it painful to use the login function as an oracle but does nothing about the offline dictionary attack problem. Feh. Note that users can still choose a higher iteration count, by setting the iteration count via the console. It's just not the default out of the box anymore.
2017-02-02Add locking around keystore operations.Rob Austein
2016-11-14More API cleanup: remove hal_rpc_pkey_list().Rob Austein
hal_rpc_pkey_list() was a simplistic solution that worked when the keystore only supported a handful of keys and we needed a quick temporary solution in time for a workshop. It doesn't handle large numbers of keys well, and while we could fix that, all of its functionality is now available via more robust API functions, so simplifying the API by deleting it seems best. Since this change required mucking with dispatch vectors yet again, it converts them to use C99 "designated initializer" syntax.
2016-09-08New keystore index internal API. Compiles, not yet integrated or tested.Rob Austein
2016-06-26Add hal_set_pin_default_iterations so the CLI can use hal_rpc_set_pin with ↵Paul Selkirk
control over iterations.
2016-06-23ks_flash returns all-ones instead of all-zeros for "blank" memory, cope.Rob Austein
This will need refactoring once we have a proper test for whether the HSM is initializing after receiving a fresh software load.
2016-05-25Start cleaning up PIN code.Rob Austein
2016-05-14Add mixed-mode key support, for PKCS #11 "session" (ie, not "token") keys.Rob Austein
2016-03-16Added serial RPC transport and lots more...Paul Selkirk
Added RPC function to get server version number. Substantially reworked GNUMakefile with conditionals. Renamed rpc_*() and xdr_*() to hal_*() for consistency. Moved hal_io_fmc.c from stm32 repo.
2015-12-24Fix dispatch vector names.Rob Austein
2015-12-24hal_rpc_logout_all(), hal_rpc_is_logged_in().Rob Austein
2015-12-24More work on PIN/login/logout code. Access control still missing,Rob Austein
committing now so Paul has a chance to look at the current RPC API.
2015-12-23RPC interface to TRNG and (incomplete) PIN code.Rob Austein