Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
Really just one bug, but confusingly masked by an interaction between
generators and our XDR context manager, so don't use the context
manager in the one generator method in the cryptech.libhal API.
Also run reindent.py on a few old test modules.
|
|
|
|
|
|
- Add support for null pointer arguments in RPCs for get_digest_algorithm_id
and get_public_key. This is years overdue, and would have obviated the need
for get_public_key_len as a separate RPC.
- Refactor pkey_local_get_public_key_len in terms of pkey_local_get_public_key.
- Add more parameter sanity checks to rpc_api.c.
- Add a len_max parameter to hal_xdr_decode_variable_opaque, rather than
having len be an in/out parameter. This brings xdr slightly more in line
with the rest of the code base (again after literal years), and slightly
simplifies several calls in rpc_client.c.
|
|
- Move hashsig.h contents into hal.h.
- Uppercase lmots and lms algorithm types, because we have a convention
that enum values are uppercase.
- Change all I to hal_uuid_t, because that how we're using them, and it
seems silly to have two different 16-byte array types.
- Change all "memcpy(&this, &that, sizeof(this))" to "this = that",
because it's more succinct, more type-safe, and harder to get wrong.
- Slightly tighten up lmots_generate, lmots_sign, and
lmots_public_key_candidate.
- Remove verbatim draft text, now that I'm pretty sure I implemented it
correctly.
|
|
|
|
|
|
|
|
|
|
Move lm[ot]s_algorithm_t definitions to hal.h, prefix all public symbols with 'hal_'.
Remove some unused functions.
Wrap hal_pkey_slot_t initializers in an extra set of curly braces.
Remove an unused-argument kludge (x=x;) because gcc doesn't care, and clang complains.
Make timersub a proper macro.
Add some casts to printf arguments, because !@#$ printf formats.
|
|
timersub() is a macro on *BSD, including MacOS, so redefinition as a
function in hashsig test code was breaking the whole build.
Clang has other comments on the hashsig code, leaving those for Paul.
|
|
|
|
Various fixes extracted from the abandoned(-for-now?) reuse-cores
branch, principally:
* Change hal_core_alloc*() to support core reuse and to pick the
least-recently-used core of a particular type otherwise;
* Replace assert() and printf() calls with hal_assert() and hal_log(),
respectively. assert() is particularly useless on the HSM, since it
sends its error message into hyperspace then hangs the HSM.
|
|
Aside from not really needing to use every crayon in the box, using a
simpler control structure makes exceptions behave more as one expects.
|
|
|
|
add ability to export public key to xdr for interop testing
|
|
|
|
|
|
|
|
|
|
Copy ContextManagedUnpacker from latest version of libhal.py so that
this script won't depend on the current development code.
|
|
At the moment this only handles RSA keys, and can only handle one size
of key at a time. More bells and whistles will follow eventually,
now that the basic asynchronous API to our RPC protocol works.
|
|
This branch was sitting for long enough that master had been through a
cleanup pass, so beware of accidental reversions.
|
|
|
|
|
|
|
|
|
|
Initial version, very basic, RSA-only. Gussy up later.
|
|
|
|
pkey_open() now looks in both keystores rather than requiring the user
to know. The chance of collision with randomly-generated UUID is low
enough that we really ought to be able to present a single namespace.
So now we do.
pkey_match() now takes a couple of extra arguments which allow a
single search to cover both keystores, as well as matching for
specific key flags. The former interface was pretty much useless for
anything involving flags, and required the user to issue a separate
call for each keystore.
User wheel is now exempt from the per-session key lookup constraints,
Whether this is a good idea or not is an interesting question, but the
whole PKCS #11 derived per-session key thing is weird to begin with,
and having keystore listings on the console deliberately ignore
session keys was just too confusing.
|
|
Now that we use PKCS #8 format for private keys, all key formats we
use include ASN.1 AlgorithmIdentifier field describing the key, so
specifying key type and curve as arguments to hal_rpc_pkey_load() is
neither necessary nor particularly useful.
|
|
PKCS #11 supports zero-length attributes (eg, CKA_LABEL) so hack of
using zero length attribute as NIL value won't work, instead we use a
slightly more portable version of the hack PKCS #11 uses (PKCS #11
stuffs -1 into a CK_ULONG, we stuff 0xFFFFFFFF into a uint32_t).
ks_attribute.c code was trying too hard and tripping over its own
socks. Instead of trying to maintain attributes[] in place during
modification, we now perform the minimum necessary change then re-scan
the block. This is (very slightly) slower but more robust, both
because the scan code has better error checking and because it's the
scan code that we want to be sure is happy before committing a change.
Rename hal_rpc_pkey_attribute_t to hal_pkey_attribute_t.
|
|
|
|
pkey attribute API is now just set_attributes() and get_attributes().
|
|
|
|
|
|
hal_rpc_pkey_match() still untested.
|
|
|
|
Includes a few cosmetic fixes to address gcc format string warnings
and git trailing whitespace warnings.
|
|
Fixes for various minor issues found while integrating with sw/stm32.
Moving the in-memory keystore (PKCS #11 session objects, etc) from the
client library to the HSM was on the near term to-do list in any case,
doing it now turned out to be the easiest way to solve one of the
build problems.
|
|
|
|
|
|
Find a suitable core, and mark it busy. Don't forget to release it as soon
as you're done. This has a knock-on effect of un-const'ing core arguments
and struct fields in a lot of places, and it moves some core checks around.
|
|
can find tfm.h again.
|
|
|
|
|
|
setting.
|