sw/libhal - Cryptech libhal: crypto software, HSM management, RPC

Age	Commit message (Collapse)	Author
2017-04-26	Lower PBKDF2 password iterations and add delay on bad PIN.	Rob Austein
	Consistent user complaints about HSM login taking too long. Underlying issue has both superficial and fundamental causes. Superficial: Our PBKDF2 implementation is slow. We could almost certainly make it faster by taking advantage of partial pre-calculation (see notes in code) and by reenabling use of FPGA hash cores when when checking passwords (which mgiht require linking the bootloader against a separate libhal build to avoid chicken-and-egg problem of needing FPGA to log into console to configure FPGA). Fundamental: The PBKDF2 iteration counts we used to use (10,000 minimum, 20,000 default) are in line with current NIST recommendations. The new, faster values (1,000 and 2,000, respectively) are not, or, rather, they're in line with what NIST recommended a decade ago. Well, OK, maybe the Coretex M4 is so slow that it's living in the past, but still. The fundamental issue is that anybody who can capture the encoded PIN can mount an offline dictionary attack on it, so we'd like to make that expensive. But the users are unhappy with the current behavior, so this change falls back to the ancient technique of adding a delay (currently five seconds, configurable at compile time) after a bad PIN, which makes it painful to use the login function as an oracle but does nothing about the offline dictionary attack problem. Feh. Note that users can still choose a higher iteration count, by setting the iteration count via the console. It's just not the default out of the box anymore.
2016-06-25	Dial back the last-gasp iterations to something sane.	Paul Selkirk
	I can't see protecting the well-known default password against a brute-force attack, and 100k iterations takes almost a minute, which makes a terrible first impression.
2016-05-26	correct BPKDF2 -> PBKDF2 ;)	Fredrik Th # Copyright (c) 2015, NORDUnet A/S # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are # met: # - Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # # - Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # - Neither the name of the NORDUnet nor the names of its contributors may # be used to endorse or promote products derived from this software # without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS # IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A # PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED # TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR # PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ifndef CRYPTECH_ROOT CRYPTECH_ROOT := $(abspath ../../..) endif LIBTFM_SRC ?= ${CRYPTECH_ROOT}/sw/thirdparty/libtfm LIBTFM_BLD ?= ${LIBTFM_SRC} LIBHAL_SRC ?= ${CRYPTECH_ROOT}/sw/libhal LIBHAL_BLD ?= ${LIBHAL_SRC} LIBS = ${LIBHAL_BLD}/libhal.a ${LIBTFM_BLD}/libtfm.a CFLAGS ?= -g3 -Wall -fPIC -std=c99 -I${LIBHAL_SRC} -I${LIBTFM_BLD} # Which tests to build depends on how the library was compiled. CORE_TESTS = test-aes-key-wrap test-hash test-pbkdf2 test-ecdsa test-bus test-trng test-rsa test-mkmif SERVER_TESTS = test-rpc_server CLIENT_TESTS = test-rpc_hash test-rpc_pkey test-rpc_get_version test-rpc_get_random test-rpc_login test-rpc_bighash ALL_TESTS = ${CORE_TESTS} ${SERVER_TESTS} ${CLIENT_TESTS} ifeq "${RPC_MODE}" "none" BIN += ${CORE_TESTS} else ifeq "${RPC_MODE}" "server" BIN += ${CORE_TESTS} ${SERVER_TESTS} else BIN += ${CLIENT_TESTS} endif $(info Building libhal with configuration IO_BUS=${IO_BUS} RPC_MODE=${RPC_MODE} KS=${KS} RPC_TRANSPORT=${RPC_TRANSPORT} MODEXP_CORE=${MODEXP_CORE}) all: ${BIN} test: all for i in ${BIN}; do (set -x; ./$$i); done clean distclean: rm -f .o ${ALL_TESTS} ${BIN}: %: %.o ${LIBS} ${CC} ${CFLAGS} -o $@ $^ ${LDFLAGS} %.o: %.c ${LBHAL_SRC}/.h ${LIBTFM_BLD}/tfm.h ${CC} ${CFLAGS} -c -o $@ $<