Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-07-13 | Yet another wired-in python version | Rob Austein | |
2020-07-13 | Whack all Python shebangs to Python 3 | Rob Austein | |
2020-06-10 | Whack with club until works with Python 2 and Python 3 | Rob Austein | |
String types are still a bit weird. Amost everything here is currently required to be bytes rather than str in Python 3, which feels a bit unnatural, but everything on the wire has to be bytes and we don't really have enough information to know when we should be converting back to str. In the long term, once we ditch Python 2, we may be able to do a bit better for things like the string versions of attribute names, but for the moment it's simplest to stick with bytes. | |||
2020-05-26 | Wow, python-version-independent hexadecimal is painful | Rob Austein | |
2020-05-25 | Untested conversion to support Python 3 | Rob Austein | |
2018-08-27 | Update .gitignore with newish test apps | Paul Selkirk | |
2018-08-27 | Fix shared library name | Paul Selkirk | |
2018-08-27 | Support non-standard libhal/libtfm location | Paul Selkirk | |
2018-07-18 | Clean up old unused variable warnings. | Rob Austein | |
2018-03-03 | More useful script output. | Rob Austein | |
Overall performance numbers are still bad. Presumably having a single global PKCS #11 lock does not help here. Need a bitstream with more ModExp and ECDSA cores before this will matter much, but will likely need to figure out some way to do per-session locking instead of global for operations we want to run in parallel. At which point we'll be on the road to deadlock hell, so will need some care. | |||
2018-03-03 | Doh, mutexes work better when plugged in. | Rob Austein | |
2018-03-03 | Cleanup. | Rob Austein | |
2018-03-03 | First cut at timing test using multiple threads. | Rob Austein | |
At the moment this only works with a single worker thread: multiple threads get weird errors from PKCS #11. This is probably a PKCS #11 implementation issue rather than a bug in this script. So, in the spirit of test-driven development, this script is the failing test. | |||
2017-05-20 | Clean up C_GetTokenInfo(). | Rob Austein | |
2017-05-20 | HMAC notes. | Rob Austein | |
2017-05-20 | Clean up ancient cruft: p11util, SQL-based hsmbully test. | Rob Austein | |
p11util has long since been overtaken by developments: everything it used to do is now doable on the console, and if for some reason we really needed a tool to change PINs via the RPC port, we could do it in a dozen lines of Python using the cryptech.libhal RPC API. hsmbully may still be a useful test, but all the antics with configuring SQL database and on-disk keystores is long since obsolete. | |||
2017-05-19 | More access control cleanup. | Rob Austein | |
2017-05-19 | Start cleaning up info functions. | Rob Austein | |
2017-05-19 | Consolidate session-state-based access control. | Rob Austein | |
2017-05-18 | Translate more PKCS #11 attributes into HAL_KEY_FLAG_* settings. | Rob Austein | |
2017-05-18 | Clean up a few gratuitous obscurities. | Rob Austein | |
2017-05-10 | Clean up default location of PKCS #11 library. | Rob Austein | |
2017-05-09 | Update README.md. | Rob Austein | |
2017-05-04 | Regression tests for today's C_FindObjects() bugfixes. | Rob Austein | |
2017-05-04 | Doh, C_FindObjects() works better if we preserve its state across calls. | Rob Austein | |
2017-05-04 | Support using C_GetFunctionList() instead of library symbols. | Rob Austein | |
The Python ctypes library allows us direct access to the public symbols of a shared library, so we never bothered to implement support for using the dispatch vector returned by C_GetFunctionList(). Well, it turns out that there are useful debugging tools like pkcs11-spy which require the dispatch vector support, so refactor to add it. | |||
2017-04-14 | Python interface API will need to be cryptech.py11 for installation. | Rob Austein | |
2017-04-11 | Track API changes on sw/libhal pkcs8 branch. | Rob Austein | |
2017-04-08 | Track API changes in sw/libhal pkcs8 branch. | Rob Austein | |
2017-03-08 | Check for cryptech_muxd when setting LIBHAL_TARGET. | Rob Austein | |
2017-03-03 | Clean up time-signature script. | Rob Austein | |
2017-03-01 | Flip default connection method from "serial" to "daemon". | Rob Austein | |
2017-03-01 | Test all key types by default. | Rob Austein | |
2017-03-01 | Timing test script. | Rob Austein | |
2017-01-31 | Be more careful with handle cleanup, to support parallel testing. | Rob Austein | |
2016-11-22 | Remove SQLite3 from build, no longer needed. | Rob Austein | |
2016-11-22 | Doh, C_GetAttributeValue() lost descriptor lookup during conversion from SQL. | Rob Austein | |
Track change from hal_rpc_pkey_attribute_t to hal_pkey_attribute_t. | |||
2016-11-21 | Start shaking bugs out of new pkcs11.c code. Still pretty broken. | Rob Austein | |
2016-11-20 | Compiles without SQLite3. Does not run (yet). | Rob Austein | |
2016-11-19 | New branch for PKCS #11 without SQLite3. Checkpoint, doesn't compile yet. | Rob Austein | |
We're going to want this in a separate branch from ksng at least for a little while, so that we can flip back and forth easily to run the same tests. Current code doesn't even compile yet, but is far enough along to be worth backing up off-machine. | |||
2016-11-14 | hal_rpc_pkey_find() -> hal_rpc_pkey_open(). | Rob Austein | |
2016-10-25 | Remove unused column from schema. | Rob Austein | |
2016-10-25 | Track libhal HAL_DIGEST_ALGORITHM_ change. | Rob Austein | |
2016-10-16 | Clean Python compiled byte code too. | Rob Austein | |
2016-10-07 | Track changes to libhal RPC pkey API. | Rob Austein | |
2016-09-09 | Track removal of `type` argument from hal_rpc_pkey_find(). | Rob Austein | |
2016-09-03 | Hack PKCS #11 to work with revised libhal pkey API. | Rob Austein | |
2016-08-16 | More pkcs11test fixes: nuanced read-only, error code proliferation. | Rob Austein | |
PKCS #11's notion of a "read-only" session is odd: read-only sessions can still create/modify/destroy objects, just not "token" objects. C_SeedRandom() has its own special "nope, didn't implement that" error code, apparently the one everything else uses wasn't good enough. C_Login() has different error codes for "you're already logged in" and "you're already logged in as somebody else". | |||
2016-08-14 | First round of fixes for bugs found by Google pkcs11test. | Rob Austein | |
Testing against https://github.com/google/pkcs11test.git found various bugs, some trivial, some more interesting, some arguably places where the specification is looser than pkcs11test. I'm still digging through the test results, but this commit fixes several of the most obvious issues. | |||
2016-08-10 | Shared library symbol versioning support from Ondrej Sury (thanks!). | Rob Austein | |
Apparently this is how the cool kids handle hiding library-internal symbols now, using objcopy is old hat. Ondrey tells us that this should work on GNU/Linux and on *BSD, which, at the moment, just leaves OSX, which we already handle with an OSX-specific kludge. |