aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-08-10Shared library symbol versioning support from Ondrej Sury (thanks!).Rob Austein
Apparently this is how the cool kids handle hiding library-internal symbols now, using objcopy is old hat. Ondrey tells us that this should work on GNU/Linux and on *BSD, which, at the moment, just leaves OSX, which we already handle with an OSX-specific kludge.
2016-08-10Allow environment (eg, Debian build) to augment CFLAGS.Rob Austein
2016-08-10Add regression test for borked or missing PKCS #1.5 DigestInfo.Rob Austein
Oleg found a cute bug where C_SignUpdate() and C_SignFinal() would generate an incorrect signature which C_VerifyUpdate() and C_VerifyFinal() would think was fine because the verification code had essentially the same bug as the signature code. None of this applied to the (much) more commonly used C_Sign() and C_Verify() functions, which is why nobody noticed until now. Bug fixed in sw/libhal commit 36dfaf0adbddbb9f1f7852911228b3ab24ba01aa but we need a regression test to make sure we don't reintroduce the bug. So we add a test which computes the signature both ways, then verifies it with PyCrypto as well as both ways with our own code. We should probably be doing more comparisons of RSA results with PyCrypto. For ECDSA with non-deterministic signatures it's a bit harder, but more checking against the Python ecdsa library would still be a good idea.
2016-07-13Add "cryptech" to public "pkcs11" names.Rob Austein
Database location environment variable is now CRYPTECH_PKCS11_DATABASE. Installed library is now libcryptech-pkcs11.{so,dylib}.
2016-07-12Light the "user PIN initialized" bit, for OpenSSL's pkcs11 engine.Rob Austein
Like several other recent commits, this just nails up some value which really should be coming from the HSM via some as-yet-unwritten RPC call, but that can wait until after the upcoming workshop.
2016-07-12Whoops, CKR_BUFFER_TOO_SMALL doesn't terminate a sign or digest operation.Rob Austein
2016-07-12Add a few missing informational functions that pkcs11-tool wanted.Rob Austein
opensc's pkcs11-tool wants to use C_GetInfo(), C_GetSlotInfo(), and C_GetMechanismList(). All are trivial functions, but we hadn't implemented any of them. As with most of the informational functions, some of the returned values are nonsense: in the long run, fixing this just means adding one or more new informational queries to the RPC protocol, but I'm not going to do that while we're in, well, not code freeze, but at least code jello. Adding C_GetMechanismList() exposed that we had never added all the SHA-224 variants to pkcs11.c: since these are just a pass-through to libhal, adding them now seems low-risk (famous last words). Closes #40.
2016-07-07Disable RPC daemon on all platforms for now.Rob Austein
2016-07-07Clean up test code that made sense on the Novena but not on the Alpha.Rob Austein
2016-06-30libhal's RPC MUX daemon doesn't work with Apple's lame sockets implementation.Rob Austein
Apple, for reasons unknown, chose not to implement SOCK_SEQPACKET. This works on Linux and *BSD, and libhal's MUX daemon uses it to avoid having to add its own framing protocol on top of SOCK_STREAM. So, at least for now, Mac OS X will not support the multiplex daemon, only direct connection to the HSM by a single client.
2016-06-28Move hal_pkey_* columns from the object table intoRob Austein
{session,token}_object tables to preserve the mapping from pkcs11 token objects to libhal pkey objects.
2016-06-27Apparently sw/pkcs11 somehow missed the great ${foo_LIB} => ${foo_SRC}, ↵Rob Austein
${foo_BLD} Makefile cleanup.
2016-06-26libtfm assembly code has portability issues under pbuilder, and we don't ↵Rob Austein
really need it for libpkcs11.
2016-06-26More GNUmakefile cleanup.Rob Austein
2016-06-25Rename GNUmakefile to Makefile for consistency.Paul Selkirk
2016-06-24VPATH build for libpkcs11.so, and first cut at libpkcs11.dylib for Mac OS X.Rob Austein
The Mac OS X build compiles, but is otherwise completely untested, and won't even be testable until cryptech_rpcd support configuring high-speed UARTs on Mac OS X (OS-specific voodoo).
2016-06-23Reorder ld arguments to get search order right.Rob Austein
2016-06-23Support use of system sqlite3 library instead of our own; various other ↵Rob Austein
tweaks Lintian wanted.
2016-06-16Convert timing report to integrate with unittest.TextTestRunner, to avoid ↵Rob Austein
garbled reports if a test fails.
2016-06-16Generalize and extend tests of externally-supplied RSA keys.Rob Austein
Disable 3416-bit RSA key generation tests while we sort out whether simply padding the modulus out to the next 32-bit boundary is sufficient to support these with ModExpS6/ModExpA7.
2016-06-16Completely farbled most of the super() incantations, sigh.Rob Austein
2016-06-16Add timing of individual tests, test descriptions.Rob Austein
2016-06-16Tweak unit tests to be a bit less annoying on Alpha.Rob Austein
* Don't modify the wheel PIN unless specifically requested * Don't try to run the Novena RPC test server (or any server) by default. Still need to rewrite some of the RSA key tests, particularly the external key load test, to conform to known implementation constraint that key length must be a multiple of 32 bits; deferred until we switch back to hardware modexp, as this won't matter until then.
2016-06-14Clean up debugging output left in one of the unit tests.Rob Austein
2016-06-13Add test for loading an externally generated keypair via C_CreateObject().Rob Austein
2016-06-13Set return value properly in C_CreateObject().Rob Austein
2016-06-13Support for adding private keys via C_CreateObject().Rob Austein
2016-06-12A few RSA unit tests inspired by hsmbully.Rob Austein
2016-06-10Support split keypairs, where private key is a token object and publicRob Austein
key is a session object. Doesn't actually save us anything, but Jakob tells us that this makes a difference on some HSMs so we people use this kind of setup and we need to support it. Explicitly disallow private keys as session objects, since we have no way to protect them. Update unit-tests now that we return the correct error code for this case.
2016-06-10Add support for running only a specified subset of the unit tests.Rob Austein
2016-06-10Update unit tests to match new behavior: we no longer allow privateRob Austein
keys to be stored as session objects, so test that doing so fails as expected, and update other tests to specify CKA_TOKEN = True.
2016-05-25Track PIN changes on libhal master branch.Rob Austein
2016-05-19Add test case using public key via C_CreateObject() to verify signature ↵Rob Austein
created by earlier keypair.
2016-05-18Add explicit generate/sign/verify unit tests both on and off theRob Austein
token, since we just demonstrated (the hard way) that testing only one is not sufficient.
2016-05-18Refactor object creation code.Rob Austein
2016-05-17Bugfixes to new error handling code, refactor some unreadable nested logic ↵Rob Austein
in handle lookup code. The mapping between PKCS #11 objects and libhal handles isn't quite right yet. This is a snapshot of bugfixes accumulated along the way, before refactoring mapping code to deal with the underlying problem.
2016-05-17Start error handling cleanup and rewrite.Rob Austein
Error handling and hte underlying functions and macros that support it will probably change a bit more as it goes along. Trying to strike the right balance between having the main code be readable and having the underlying support code be at least comprehensible and straightforward to review. Also need to address current over-use of CKR_FUNCTION_FAILED.
2016-05-16Fix leading zero handling in Py11's BigInteger encoder.Rob Austein
2016-05-16Identical CKA_ID values no longer constitute a conflict, adjust test.Rob Austein
2016-05-15Use key hashes instead of CKA_ID to name objects in libhal keystore.Rob Austein
2016-05-15Update hsmbully recipe for libhsm RPC.Rob Austein
2016-05-15Fix broken unit test.Rob Austein
Turns out that the one remaining old PKCS #11 unit test we weren't passing was a broken test: code was correctly rejecting CKA_ID conflicts. Rewrote test, and added test setup code to use separate client and server keystores when using the ks_mmap keystore driver.
2016-05-14Key flag handling, more trailing whitespace cleanup.Rob Austein
At this point we are passing most of the unit tests in RPC loopback mode. Remaining failure is TestKeys.test_keygen_token_vs_session(), which gets HAL_ERROR_KEY_NAME_IN_USE when attempting to generate a session key and a token key with the same CKA_ID value, so clearly something is not quite right yet in the keystore selection logic.
2016-05-14Add (back) ability to construct public keys from stored attributes.Rob Austein
2016-05-14Track (trivial) libhal API change.Rob Austein
2016-05-13Sort out some disagreements between our command line parsing and unit_test's ↵Rob Austein
defaults.
2016-05-13Rework unit_test framework to use argparse and to run RPC server ↵Rob Austein
automatically if present.
2016-05-13The libhal RPC channel works better when one remembers to initialize it.Rob Austein
2016-05-12Fix RSA key length and CKA_ID lookup.Rob Austein
libhal RPC API takes RSA key lengths in bits, not bytes. Insisting on receiving matching CKA_ID in both public and private templates on key generation is probably unwise, so back down using CKA_ID from private template if provided, otherwise from the public template, and only raise incompete template error if both are missing.
2016-05-12Remove vestigial KEK code, that's all handled by libhal now.Rob Austein