aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-05-18Refactor object creation code.Rob Austein
2016-05-17Bugfixes to new error handling code, refactor some unreadable nested logic ↵Rob Austein
in handle lookup code. The mapping between PKCS #11 objects and libhal handles isn't quite right yet. This is a snapshot of bugfixes accumulated along the way, before refactoring mapping code to deal with the underlying problem.
2016-05-17Start error handling cleanup and rewrite.Rob Austein
Error handling and hte underlying functions and macros that support it will probably change a bit more as it goes along. Trying to strike the right balance between having the main code be readable and having the underlying support code be at least comprehensible and straightforward to review. Also need to address current over-use of CKR_FUNCTION_FAILED.
2016-05-16Fix leading zero handling in Py11's BigInteger encoder.Rob Austein
2016-05-16Identical CKA_ID values no longer constitute a conflict, adjust test.Rob Austein
2016-05-15Use key hashes instead of CKA_ID to name objects in libhal keystore.Rob Austein
2016-05-15Update hsmbully recipe for libhsm RPC.Rob Austein
2016-05-15Fix broken unit test.Rob Austein
Turns out that the one remaining old PKCS #11 unit test we weren't passing was a broken test: code was correctly rejecting CKA_ID conflicts. Rewrote test, and added test setup code to use separate client and server keystores when using the ks_mmap keystore driver.
2016-05-14Key flag handling, more trailing whitespace cleanup.Rob Austein
At this point we are passing most of the unit tests in RPC loopback mode. Remaining failure is TestKeys.test_keygen_token_vs_session(), which gets HAL_ERROR_KEY_NAME_IN_USE when attempting to generate a session key and a token key with the same CKA_ID value, so clearly something is not quite right yet in the keystore selection logic.
2016-05-14Add (back) ability to construct public keys from stored attributes.Rob Austein
2016-05-14Track (trivial) libhal API change.Rob Austein
2016-05-13Sort out some disagreements between our command line parsing and unit_test's ↵Rob Austein
defaults.
2016-05-13Rework unit_test framework to use argparse and to run RPC server ↵Rob Austein
automatically if present.
2016-05-13The libhal RPC channel works better when one remembers to initialize it.Rob Austein
2016-05-12Fix RSA key length and CKA_ID lookup.Rob Austein
libhal RPC API takes RSA key lengths in bits, not bytes. Insisting on receiving matching CKA_ID in both public and private templates on key generation is probably unwise, so back down using CKA_ID from private template if provided, otherwise from the public template, and only raise incompete template error if both are missing.
2016-05-12Remove vestigial KEK code, that's all handled by libhal now.Rob Austein
2016-05-12p11util now uses libhal and doesn't need to touch SQL.Rob Austein
"p11util" is now something of a misnomer, since there's no longer anything about it that's specific to PKCS #11. Probably should become a libhal utility program, eventually.
2016-05-12First pass on converting from direct libhal calls to libhal RPC calls.Rob Austein
This version isn't really expected to work properly, but it's far enough along to be worth archiving before starting runtime testing.
2016-05-06Track API changes on sw/libhal rpc branch.Rob Austein
So far this is just dumb little things like changed names for old data types and functions. Changes to use new API features will come later.
2015-12-13whack copyrightsPaul Selkirk
2015-10-04Minimal conversion to config_core_selector libhal API. Not doingRob Austein
anything particularly clever with the new capabilities (yet).
2015-09-22Update README.md.Rob Austein
2015-09-22Makefile cleanup.Rob Austein
2015-09-22Clean up Python APIs to C_FindObject*() and C_GetSlotList().Rob Austein
2015-09-21Better test for keypair object class.Rob Austein
2015-09-21More key unit tests.Rob Austein
2015-09-21More test cases.Rob Austein
2015-09-21Add keyword arguments to C_GenerateKeyPair() in an attempt to presentRob Austein
a saner API to the user. This requires the library to know more than it really should about which attributes go into the public and private templates; if doing it this way proves infeasible, we may have to parse more details out of attributes.yaml to support this feature.
2015-09-21Unit tests for init, session, and login functions.Rob Austein
2015-09-21First step towards unit tests.Rob Austein
2015-09-20Minimal documentation for py11.Rob Austein
2015-09-20Debug mutex implementation.Rob Austein
2015-09-20Implement mutexes in py11 library using threading.Lock objects.Rob Austein
2015-09-18MUTEX callbacks via ctypes. Beware of Garbage Collector.Rob Austein
2015-09-17Enable locking in py11.Rob Austein
2015-09-16Call correct underlying methods from wrappers.Rob Austein
2015-09-16Add C_SignUpdate(), C_SignFinal(), C_VerifyUpdate(), C_VerifyFinal().Rob Austein
2015-09-15Checkpoint of py11-test.py.Rob Austein
2015-09-15py11 support for C_CreateObject().Rob Austein
2015-09-15Add C_CreateObject(), which required refactoring some of the ↵Rob Austein
template-checking code.
2015-09-14Debug PKCS #11 ECDSA signature and verification.Rob Austein
2015-09-12Move YAML parsing to external script so py11 doesn't have to worryRob Austein
about finding attributes.yaml at runtime.
2015-09-12Add attribute database based on attributes.yaml.Rob Austein
Simplify prototype definitions and move them to separate module.
2015-09-11Remove CKA_NAME_HASH_ALGORITHM for now. It appears in theRob Austein
specification but not in the header file, so we don't know its numeric value in any case. Re-add if and when it shows up in the header file.
2015-09-11Fix size_t vs CK_ULONG type mismatch (platform dependent).Rob Austein
2015-09-11Python ctypes arrays and pointers really do work just as in C, onceRob Austein
one wraps one's brain around the syntactic differences.
2015-09-11Add C_FindObject*() to py11.Rob Austein
2015-09-11First cut at Python interface to PKCS #11 using ctypes API.Rob Austein
2015-09-11verify_rsa_pkcs() should be static.Rob Austein
2015-09-09Add ECDSA signature and verification. Compiles, not tested.Rob Austein