Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-06-26 | More GNUmakefile cleanup. | Rob Austein | |
2016-06-25 | Rename GNUmakefile to Makefile for consistency. | Paul Selkirk | |
2016-06-24 | VPATH build for libpkcs11.so, and first cut at libpkcs11.dylib for Mac OS X. | Rob Austein | |
The Mac OS X build compiles, but is otherwise completely untested, and won't even be testable until cryptech_rpcd support configuring high-speed UARTs on Mac OS X (OS-specific voodoo). | |||
2016-06-23 | Reorder ld arguments to get search order right. | Rob Austein | |
2016-06-23 | Support use of system sqlite3 library instead of our own; various other ↵ | Rob Austein | |
tweaks Lintian wanted. | |||
2016-06-16 | Convert timing report to integrate with unittest.TextTestRunner, to avoid ↵ | Rob Austein | |
garbled reports if a test fails. | |||
2016-06-16 | Generalize and extend tests of externally-supplied RSA keys. | Rob Austein | |
Disable 3416-bit RSA key generation tests while we sort out whether simply padding the modulus out to the next 32-bit boundary is sufficient to support these with ModExpS6/ModExpA7. | |||
2016-06-16 | Completely farbled most of the super() incantations, sigh. | Rob Austein | |
2016-06-16 | Add timing of individual tests, test descriptions. | Rob Austein | |
2016-06-16 | Tweak unit tests to be a bit less annoying on Alpha. | Rob Austein | |
* Don't modify the wheel PIN unless specifically requested * Don't try to run the Novena RPC test server (or any server) by default. Still need to rewrite some of the RSA key tests, particularly the external key load test, to conform to known implementation constraint that key length must be a multiple of 32 bits; deferred until we switch back to hardware modexp, as this won't matter until then. | |||
2016-06-14 | Clean up debugging output left in one of the unit tests. | Rob Austein | |
2016-06-13 | Add test for loading an externally generated keypair via C_CreateObject(). | Rob Austein | |
2016-06-13 | Set return value properly in C_CreateObject(). | Rob Austein | |
2016-06-13 | Support for adding private keys via C_CreateObject(). | Rob Austein | |
2016-06-12 | A few RSA unit tests inspired by hsmbully. | Rob Austein | |
2016-06-10 | Support split keypairs, where private key is a token object and public | Rob Austein | |
key is a session object. Doesn't actually save us anything, but Jakob tells us that this makes a difference on some HSMs so we people use this kind of setup and we need to support it. Explicitly disallow private keys as session objects, since we have no way to protect them. Update unit-tests now that we return the correct error code for this case. | |||
2016-06-10 | Add support for running only a specified subset of the unit tests. | Rob Austein | |
2016-06-10 | Update unit tests to match new behavior: we no longer allow private | Rob Austein | |
keys to be stored as session objects, so test that doing so fails as expected, and update other tests to specify CKA_TOKEN = True. | |||
2016-05-25 | Track PIN changes on libhal master branch. | Rob Austein | |
2016-05-19 | Add test case using public key via C_CreateObject() to verify signature ↵ | Rob Austein | |
created by earlier keypair. | |||
2016-05-18 | Add explicit generate/sign/verify unit tests both on and off the | Rob Austein | |
token, since we just demonstrated (the hard way) that testing only one is not sufficient. | |||
2016-05-18 | Refactor object creation code. | Rob Austein | |
2016-05-17 | Bugfixes to new error handling code, refactor some unreadable nested logic ↵ | Rob Austein | |
in handle lookup code. The mapping between PKCS #11 objects and libhal handles isn't quite right yet. This is a snapshot of bugfixes accumulated along the way, before refactoring mapping code to deal with the underlying problem. | |||
2016-05-17 | Start error handling cleanup and rewrite. | Rob Austein | |
Error handling and hte underlying functions and macros that support it will probably change a bit more as it goes along. Trying to strike the right balance between having the main code be readable and having the underlying support code be at least comprehensible and straightforward to review. Also need to address current over-use of CKR_FUNCTION_FAILED. | |||
2016-05-16 | Fix leading zero handling in Py11's BigInteger encoder. | Rob Austein | |
2016-05-16 | Identical CKA_ID values no longer constitute a conflict, adjust test. | Rob Austein | |
2016-05-15 | Use key hashes instead of CKA_ID to name objects in libhal keystore. | Rob Austein | |
2016-05-15 | Update hsmbully recipe for libhsm RPC. | Rob Austein | |
2016-05-15 | Fix broken unit test. | Rob Austein | |
Turns out that the one remaining old PKCS #11 unit test we weren't passing was a broken test: code was correctly rejecting CKA_ID conflicts. Rewrote test, and added test setup code to use separate client and server keystores when using the ks_mmap keystore driver. | |||
2016-05-14 | Key flag handling, more trailing whitespace cleanup. | Rob Austein | |
At this point we are passing most of the unit tests in RPC loopback mode. Remaining failure is TestKeys.test_keygen_token_vs_session(), which gets HAL_ERROR_KEY_NAME_IN_USE when attempting to generate a session key and a token key with the same CKA_ID value, so clearly something is not quite right yet in the keystore selection logic. | |||
2016-05-14 | Add (back) ability to construct public keys from stored attributes. | Rob Austein | |
2016-05-14 | Track (trivial) libhal API change. | Rob Austein | |
2016-05-13 | Sort out some disagreements between our command line parsing and unit_test's ↵ | Rob Austein | |
defaults. | |||
2016-05-13 | Rework unit_test framework to use argparse and to run RPC server ↵ | Rob Austein | |
automatically if present. | |||
2016-05-13 | The libhal RPC channel works better when one remembers to initialize it. | Rob Austein | |
2016-05-12 | Fix RSA key length and CKA_ID lookup. | Rob Austein | |
libhal RPC API takes RSA key lengths in bits, not bytes. Insisting on receiving matching CKA_ID in both public and private templates on key generation is probably unwise, so back down using CKA_ID from private template if provided, otherwise from the public template, and only raise incompete template error if both are missing. | |||
2016-05-12 | Remove vestigial KEK code, that's all handled by libhal now. | Rob Austein | |
2016-05-12 | p11util now uses libhal and doesn't need to touch SQL. | Rob Austein | |
"p11util" is now something of a misnomer, since there's no longer anything about it that's specific to PKCS #11. Probably should become a libhal utility program, eventually. | |||
2016-05-12 | First pass on converting from direct libhal calls to libhal RPC calls. | Rob Austein | |
This version isn't really expected to work properly, but it's far enough along to be worth archiving before starting runtime testing. | |||
2016-05-06 | Track API changes on sw/libhal rpc branch. | Rob Austein | |
So far this is just dumb little things like changed names for old data types and functions. Changes to use new API features will come later. | |||
2015-12-13 | whack copyrights | Paul Selkirk | |
2015-10-04 | Minimal conversion to config_core_selector libhal API. Not doing | Rob Austein | |
anything particularly clever with the new capabilities (yet). | |||
2015-09-22 | Update README.md. | Rob Austein | |
2015-09-22 | Makefile cleanup. | Rob Austein | |
2015-09-22 | Clean up Python APIs to C_FindObject*() and C_GetSlotList(). | Rob Austein | |
2015-09-21 | Better test for keypair object class. | Rob Austein | |
2015-09-21 | More key unit tests. | Rob Austein | |
2015-09-21 | More test cases. | Rob Austein | |
2015-09-21 | Add keyword arguments to C_GenerateKeyPair() in an attempt to present | Rob Austein | |
a saner API to the user. This requires the library to know more than it really should about which attributes go into the public and private templates; if doing it this way proves infeasible, we may have to parse more details out of attributes.yaml to support this feature. | |||
2015-09-21 | Unit tests for init, session, and login functions. | Rob Austein | |