aboutsummaryrefslogtreecommitdiff
path: root/utils
AgeCommit message (Collapse)Author
2019-11-06Export/import "raw" keys for external storage.Paul Selkirk
Exported keys are wrapped with the MKM KEK, not a transit KEK, and can only be imported back to the same HSM. The idea is to support operators who have more keys than will fit on the HSM, so they will cycle keys into and out of the HSM as needed. NOTE that hashsig is, as always, special. The hashsig key has an internal index that is updated on every signature. To prevent a hashsig key from being re-imported with an old index (which would compromise the security of the key), the hashsig key is disabled on export, and must be deleted from the HSM before being re-imported.
2019-04-10Allow multiple iterations in verify, for better timing measurement.Paul Selkirk
2019-04-02The all-singing, all-dancing key management appPaul Selkirk
2019-03-31Add support for hashsig key export/import.Paul Selkirk
2018-08-12Simplify makefile to make them easier to use with non-default directory namesPaul Selkirk
2017-10-23Cleanup signed/unsigned mismatches, mostly in loop countersPaul Selkirk
2017-04-26Lower PBKDF2 password iterations and add delay on bad PIN.Rob Austein
Consistent user complaints about HSM login taking too long. Underlying issue has both superficial and fundamental causes. Superficial: Our PBKDF2 implementation is slow. We could almost certainly make it faster by taking advantage of partial pre-calculation (see notes in code) and by reenabling use of FPGA hash cores when when checking passwords (which mgiht require linking the bootloader against a separate libhal build to avoid chicken-and-egg problem of needing FPGA to log into console to configure FPGA). Fundamental: The PBKDF2 iteration counts we used to use (10,000 minimum, 20,000 default) are in line with current NIST recommendations. The new, faster values (1,000 and 2,000, respectively) are not, or, rather, they're in line with what NIST recommended a decade ago. Well, OK, maybe the Coretex M4 is so slow that it's living in the past, but still. The fundamental issue is that anybody who can capture the encoded PIN can mount an offline dictionary attack on it, so we'd like to make that expensive. But the users are unhappy with the current behavior, so this change falls back to the ancient technique of adding a delay (currently five seconds, configurable at compile time) after a bad PIN, which makes it painful to use the login function as an oracle but does nothing about the offline dictionary attack problem. Feh. Note that users can still choose a higher iteration count, by setting the iteration count via the console. It's just not the default out of the box anymore.
2016-07-05Attempt to add resource management, for multiple cores of the same type.Paul Selkirk
Find a suitable core, and mark it busy. Don't forget to release it as soon as you're done. This has a knock-on effect of un-const'ing core arguments and struct fields in a lot of places, and it moves some core checks around.
2016-06-26Merge branch 'master' of https://git.cryptech.is/sw/libhal.git.Rob Austein
2016-06-26Update libhal makefiles to use new LIBxxx_SRC / LIBxxx_BLD scheme so libhal ↵Rob Austein
can find tfm.h again.
2016-06-25Dial back the last-gasp iterations to something sane.Paul Selkirk
I can't see protecting the well-known default password against a brute-force attack, and 100k iterations takes almost a minute, which makes a terrible first impression.
2016-06-25Rename GNUmakefile to Makefile for consistency.Paul Selkirk
2016-06-24Support VPATH builds.Rob Austein
2016-06-01Make the makefile hopefully a little more readable/maintainable.Paul Selkirk
2016-05-26correct BPKDF2 -> PBKDF2 ;)Fredrik Thulin
2016-05-25Doh, helps if one actually **uses** the argument one just parsed.Rob Austein
2016-05-25PBKDF2 works better if we generate the right number of output bytes.Rob Austein
2016-05-25Start cleaning up PIN code.Rob Austein
2016-05-14Trailing whitespace cleanup.Rob Austein
2015-12-13Merge Paul's copyright updates.Rob Austein
2015-12-13whack copyrightsPaul Selkirk
2015-12-12Silence platform-dependent compiler whining: in general, when printf()Rob Austein
whines about some platform-dependent integer size issue, it's best to use both an explicitly sized format (eg, "%lu") and an explicit cast (eg, "(unsigned long)") when silencing the warning, otherwise it'll just pop up again in different form on the next platform tested.
2015-11-14Catch up with other branch merges.Paul Selkirk
- TRNG cores are contiguous (but they still have their own mux, so occupy a block of 16 cores). - Use Rob's updated libhal in my new apps.
2015-11-12fix printf warnings, fix time_check calculationPaul Selkirk
2015-10-31add core probe utilityPaul Selkirk
2015-07-17Debian Jessie hangs with bs=128, Kosagi forum tells us that the magicRob Austein
solution is to change to bs=32.
2015-07-05Add load_novena_fpga script.Rob Austein
2015-07-05Use C99 variadic macro as safety wrapper around variadic function.Rob Austein
Are we having fun yet?
2015-07-05NULL-terminate string list, doh.Rob Austein
2015-07-05Get rid of autoconf, as we don't really need it. Add eim_peek_pokeRob Austein
utility program, based on Paul's example in the core/platform/novena repository.