aboutsummaryrefslogtreecommitdiff
path: root/rpc_pkey.c
AgeCommit message (Collapse)Author
2016-09-01Revised keystore API, part one. Not usable yet.Rob Austein
Changes to implement a revised keystore API. This code probably won't even compile properly yet, and almost certainly will not run, but most of the expected changes are complete at this point. Main points: * Key names are now UUIDs, and are generated by the HSM, not the client. * Keystore API no longer assumes that key database is resident in memory (original API was written on the assumption that the keystore flash would be mapped into the HSM CPU's address space, but apparently the board and flash drivers don't really support that). A few other changes have probably crept in, but the bulk of this changeset is just following through implications of the above, some of which percolate all the way back to the public RPC API.
2016-08-10Mixed-mode pkey sign and verify must construct DigestInfo for PKCS #1.5.Rob Austein
PKCS #11 expects a DigestInfo rather than a raw digest when passing a pre-computed digest for PKCS #1.5 signature or verification, so the rpc_pkey signature and verification calls do too. This requires special case handling of RSA when the user passes a digest handle in mixed mode. Annoying, but PKCS #1.5 is weird enoug that there's no way to avoid some kind of special case handling, this approach has the advantage of not requiring us to parse and reconstruct the ASN.1, and is probably what PKCS #11 has trained software to expect in any case.
2016-05-25Start cleaning up PIN code.Rob Austein
2016-05-16Fix inverted length check.Rob Austein
2016-05-16Round buffer size up to word boundary when verifying RSA signatures.Rob Austein
hsmbully tests strange RSA key sizes (eg, 3416 bits) which don't fall on word boundaries, at which point we have buffer padding and alignment issues when performing RSA signature verification.
2016-05-15Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.Rob Austein
Temporary nature of null string as key name is not enforced by the keystore code, it's just a convention to allow callers to generate a keypair, obtain the public key, hash that to a Subject Key Identifier (SKI), and rename the key using the SKI as the new name. This is a compromise to let us use SKI-based key names in PKCS #11 while keeping the keystore code simple.
2016-05-14Trailing whitespace cleanup.Rob Austein
2016-05-14Clean up pkey mixed mode.Rob Austein
2016-05-14Add mixed-mode key support, for PKCS #11 "session" (ie, not "token") keys.Rob Austein
2016-05-12Add hal_digest_algorithm_none; tweak handling of none handles.Rob Austein
2016-03-11First round of debugging based on RPC pkey tests: mostly ASN.1Rob Austein
silliness, with a bit of PKCS #1.5 padding silliness for desert.
2015-12-24More work on PIN/login/logout code. Access control still missing,Rob Austein
committing now so Paul has a chance to look at the current RPC API.
2015-12-23RPC interface to TRNG and (incomplete) PIN code.Rob Austein
2015-12-22Add ASN.1 support for public keys (X.509 SubjectPublicKeyInfo format).Rob Austein
2015-12-21Fix names of private key DER functions.Rob Austein
2015-12-20Drop support for the ASN.1-based ECDSA signature format in favor ofRob Austein
the simpler format which PKCS #11 uses, since we have to support the latter in any case and it's not worth the complexity of supporting both.
2015-12-20RPC server stuff mostly written. Compiles, not yet tested. RPCRob Austein
public key extraction functions on hold pending ASN.1 cleanup.