Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-05-15 | Use key hashes instead of CKA_ID to name objects in libhal keystore. | Rob Austein | |
2016-05-15 | Update hsmbully recipe for libhsm RPC. | Rob Austein | |
2016-05-15 | Fix broken unit test. | Rob Austein | |
Turns out that the one remaining old PKCS #11 unit test we weren't passing was a broken test: code was correctly rejecting CKA_ID conflicts. Rewrote test, and added test setup code to use separate client and server keystores when using the ks_mmap keystore driver. | |||
2016-05-14 | Key flag handling, more trailing whitespace cleanup. | Rob Austein | |
At this point we are passing most of the unit tests in RPC loopback mode. Remaining failure is TestKeys.test_keygen_token_vs_session(), which gets HAL_ERROR_KEY_NAME_IN_USE when attempting to generate a session key and a token key with the same CKA_ID value, so clearly something is not quite right yet in the keystore selection logic. | |||
2016-05-14 | Add (back) ability to construct public keys from stored attributes. | Rob Austein | |
2016-05-14 | Track (trivial) libhal API change. | Rob Austein | |
2016-05-13 | Sort out some disagreements between our command line parsing and unit_test's ↵ | Rob Austein | |
defaults. | |||
2016-05-13 | Rework unit_test framework to use argparse and to run RPC server ↵ | Rob Austein | |
automatically if present. | |||
2016-05-13 | The libhal RPC channel works better when one remembers to initialize it. | Rob Austein | |
2016-05-12 | Fix RSA key length and CKA_ID lookup. | Rob Austein | |
libhal RPC API takes RSA key lengths in bits, not bytes. Insisting on receiving matching CKA_ID in both public and private templates on key generation is probably unwise, so back down using CKA_ID from private template if provided, otherwise from the public template, and only raise incompete template error if both are missing. | |||
2016-05-12 | Remove vestigial KEK code, that's all handled by libhal now. | Rob Austein | |
2016-05-12 | p11util now uses libhal and doesn't need to touch SQL. | Rob Austein | |
"p11util" is now something of a misnomer, since there's no longer anything about it that's specific to PKCS #11. Probably should become a libhal utility program, eventually. | |||
2016-05-12 | First pass on converting from direct libhal calls to libhal RPC calls. | Rob Austein | |
This version isn't really expected to work properly, but it's far enough along to be worth archiving before starting runtime testing. | |||
2016-05-06 | Track API changes on sw/libhal rpc branch. | Rob Austein | |
So far this is just dumb little things like changed names for old data types and functions. Changes to use new API features will come later. | |||
2015-12-13 | whack copyrights | Paul Selkirk | |
2015-10-04 | Minimal conversion to config_core_selector libhal API. Not doing | Rob Austein | |
anything particularly clever with the new capabilities (yet). | |||
2015-09-22 | Update README.md. | Rob Austein | |
2015-09-22 | Makefile cleanup. | Rob Austein | |
2015-09-22 | Clean up Python APIs to C_FindObject*() and C_GetSlotList(). | Rob Austein | |
2015-09-21 | Better test for keypair object class. | Rob Austein | |
2015-09-21 | More key unit tests. | Rob Austein | |
2015-09-21 | More test cases. | Rob Austein | |
2015-09-21 | Add keyword arguments to C_GenerateKeyPair() in an attempt to present | Rob Austein | |
a saner API to the user. This requires the library to know more than it really should about which attributes go into the public and private templates; if doing it this way proves infeasible, we may have to parse more details out of attributes.yaml to support this feature. | |||
2015-09-21 | Unit tests for init, session, and login functions. | Rob Austein | |
2015-09-21 | First step towards unit tests. | Rob Austein | |
2015-09-20 | Minimal documentation for py11. | Rob Austein | |
2015-09-20 | Debug mutex implementation. | Rob Austein | |
2015-09-20 | Implement mutexes in py11 library using threading.Lock objects. | Rob Austein | |
2015-09-18 | MUTEX callbacks via ctypes. Beware of Garbage Collector. | Rob Austein | |
2015-09-17 | Enable locking in py11. | Rob Austein | |
2015-09-16 | Call correct underlying methods from wrappers. | Rob Austein | |
2015-09-16 | Add C_SignUpdate(), C_SignFinal(), C_VerifyUpdate(), C_VerifyFinal(). | Rob Austein | |
2015-09-15 | Checkpoint of py11-test.py. | Rob Austein | |
2015-09-15 | py11 support for C_CreateObject(). | Rob Austein | |
2015-09-15 | Add C_CreateObject(), which required refactoring some of the ↵ | Rob Austein | |
template-checking code. | |||
2015-09-14 | Debug PKCS #11 ECDSA signature and verification. | Rob Austein | |
2015-09-12 | Move YAML parsing to external script so py11 doesn't have to worry | Rob Austein | |
about finding attributes.yaml at runtime. | |||
2015-09-12 | Add attribute database based on attributes.yaml. | Rob Austein | |
Simplify prototype definitions and move them to separate module. | |||
2015-09-11 | Remove CKA_NAME_HASH_ALGORITHM for now. It appears in the | Rob Austein | |
specification but not in the header file, so we don't know its numeric value in any case. Re-add if and when it shows up in the header file. | |||
2015-09-11 | Fix size_t vs CK_ULONG type mismatch (platform dependent). | Rob Austein | |
2015-09-11 | Python ctypes arrays and pointers really do work just as in C, once | Rob Austein | |
one wraps one's brain around the syntactic differences. | |||
2015-09-11 | Add C_FindObject*() to py11. | Rob Austein | |
2015-09-11 | First cut at Python interface to PKCS #11 using ctypes API. | Rob Austein | |
2015-09-11 | verify_rsa_pkcs() should be static. | Rob Austein | |
2015-09-09 | Add ECDSA signature and verification. Compiles, not tested. | Rob Austein | |
2015-09-09 | Refactor C_Sign() and C_Verify() to move algorithm-dependent code to | Rob Austein | |
helper functions. As a happy side effect, this also simplifies locking slightly and gives us a straightforward path towards the *Update() and *Final() incremental-hashing functions. Compiles, not yet tested. | |||
2015-09-08 | Merge branch 'master' into ecdsa | Rob Austein | |
2015-09-07 | Checkpoint of partial support for ECDSA. Compiles, not yet tested, | Rob Austein | |
probably doesn't work. Probably should merge state_access branch before going much further with this. | |||
2015-09-02 | Track changes to hal_rsa_key_t and hal_hash_state_t. | Rob Austein | |
2015-07-23 | First pass at adding incremental digest support. C_Digest*() only so | Rob Austein | |
far. Compiles, not yet tested. |