sw/libhal - Cryptech libhal: crypto software, HSM management, RPC

Age	Commit message (Collapse)	Author
2017-04-11	API cleanup: pkey_open() and pkey_match().	Rob Austein
	pkey_open() now looks in both keystores rather than requiring the user to know. The chance of collision with randomly-generated UUID is low enough that we really ought to be able to present a single namespace. So now we do. pkey_match() now takes a couple of extra arguments which allow a single search to cover both keystores, as well as matching for specific key flags. The former interface was pretty much useless for anything involving flags, and required the user to issue a separate call for each keystore. User wheel is now exempt from the per-session key lookup constraints, Whether this is a good idea or not is an interesting question, but the whole PKCS #11 derived per-session key thing is weird to begin with, and having keystore listings on the console deliberately ignore session keys was just too confusing.
2017-04-07	Pull key type information from uploaded key in hal_rpc_pkey_load().	Rob Austein
	Now that we use PKCS #8 format for private keys, all key formats we use include ASN.1 AlgorithmIdentifier field describing the key, so specifying key type and curve as arguments to hal_rpc_pkey_load() is neither necessary nor particularly useful.
2016-11-21	Whack attribute code with a club until it works with PKCS #11.	Rob Austein
	PKCS #11 supports zero-length attributes (eg, CKA_LABEL) so hack of using zero length attribute as NIL value won't work, instead we use a slightly more portable version of the hack PKCS #11 uses (PKCS #11 stuffs -1 into a CK_ULONG, we stuff 0xFFFFFFFF into a uint32_t). ks_attribute.c code was trying too hard and tripping over its own socks. Instead of trying to maintain attributes[] in place during modification, we now perform the minimum necessary change then re-scan the block. This is (very slightly) slower but more robust, both because the scan code has better error checking and because it's the scan code that we want to be sure is happy before committing a change. Rename hal_rpc_pkey_attribute_t to hal_pkey_attribute_t.
2016-11-11	Drag C pkey test code up to current RPC API.	Rob Austein

2016-11-10	Clean out huge swacks of RPC API we don't need anymore.	Rob Austein
	pkey attribute API is now just set_attributes() and get_attributes().
2016-11-05	Add hal_rpc_pkey_match() tests to C client test code.	Rob Austein

2016-10-16	Debug keystore attribute code; handle name properly in ks_index_replace().	Rob Austein
	hal_rpc_pkey_match() still untested.
2016-09-02	Test both in-memory and on-flash keystores.	Rob Austein

2016-09-01	Move in-memory keystore from client to server. Whack with club until compiles.	Rob Austein
	Fixes for various minor issues found while integrating with sw/stm32. Moving the in-memory keystore (PKCS #11 session objects, etc) from the client library to the HSM was on the near term to-do list in any case, doing it now turned out to be the easiest way to solve one of the build problems.
2016-06-01	Add hal_rpc_client_close() where needed.	Paul Selkirk

2016-03-29	Remove unneeded hal_internal.h	Paul Selkirk

2016-03-12	Test RPC key generation API.	Rob Austein

2016-03-12	Doh, helps to specify the curve.	Rob Austein

2016-03-12	Basic RPC ECDSA tests.	Rob Austein

2016-03-11	First round of debugging based on RPC pkey tests: mostly ASN.1	Rob Austein
	silliness, with a bit of PKCS #1.5 padding silliness for desert.
2016-03-11	First step towards RPC PKEY tests. Currently RSA-only, test-vector	Rob Austein
	only, requires AES core (for key wrapping).