Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-06-13 | Support for adding private keys via C_CreateObject(). | Rob Austein | |
2016-06-10 | Support split keypairs, where private key is a token object and public | Rob Austein | |
key is a session object. Doesn't actually save us anything, but Jakob tells us that this makes a difference on some HSMs so we people use this kind of setup and we need to support it. Explicitly disallow private keys as session objects, since we have no way to protect them. Update unit-tests now that we return the correct error code for this case. | |||
2016-05-25 | Track PIN changes on libhal master branch. | Rob Austein | |
2016-05-18 | Refactor object creation code. | Rob Austein | |
2016-05-17 | Bugfixes to new error handling code, refactor some unreadable nested logic ↵ | Rob Austein | |
in handle lookup code. The mapping between PKCS #11 objects and libhal handles isn't quite right yet. This is a snapshot of bugfixes accumulated along the way, before refactoring mapping code to deal with the underlying problem. | |||
2016-05-17 | Start error handling cleanup and rewrite. | Rob Austein | |
Error handling and hte underlying functions and macros that support it will probably change a bit more as it goes along. Trying to strike the right balance between having the main code be readable and having the underlying support code be at least comprehensible and straightforward to review. Also need to address current over-use of CKR_FUNCTION_FAILED. | |||
2016-05-15 | Use key hashes instead of CKA_ID to name objects in libhal keystore. | Rob Austein | |
2016-05-14 | Key flag handling, more trailing whitespace cleanup. | Rob Austein | |
At this point we are passing most of the unit tests in RPC loopback mode. Remaining failure is TestKeys.test_keygen_token_vs_session(), which gets HAL_ERROR_KEY_NAME_IN_USE when attempting to generate a session key and a token key with the same CKA_ID value, so clearly something is not quite right yet in the keystore selection logic. | |||
2016-05-14 | Add (back) ability to construct public keys from stored attributes. | Rob Austein | |
2016-05-14 | Track (trivial) libhal API change. | Rob Austein | |
2016-05-13 | The libhal RPC channel works better when one remembers to initialize it. | Rob Austein | |
2016-05-12 | Fix RSA key length and CKA_ID lookup. | Rob Austein | |
libhal RPC API takes RSA key lengths in bits, not bytes. Insisting on receiving matching CKA_ID in both public and private templates on key generation is probably unwise, so back down using CKA_ID from private template if provided, otherwise from the public template, and only raise incompete template error if both are missing. | |||
2016-05-12 | Remove vestigial KEK code, that's all handled by libhal now. | Rob Austein | |
2016-05-12 | p11util now uses libhal and doesn't need to touch SQL. | Rob Austein | |
"p11util" is now something of a misnomer, since there's no longer anything about it that's specific to PKCS #11. Probably should become a libhal utility program, eventually. | |||
2016-05-12 | First pass on converting from direct libhal calls to libhal RPC calls. | Rob Austein | |
This version isn't really expected to work properly, but it's far enough along to be worth archiving before starting runtime testing. | |||
2016-05-06 | Track API changes on sw/libhal rpc branch. | Rob Austein | |
So far this is just dumb little things like changed names for old data types and functions. Changes to use new API features will come later. | |||
2015-12-13 | whack copyrights | Paul Selkirk | |
2015-10-04 | Minimal conversion to config_core_selector libhal API. Not doing | Rob Austein | |
anything particularly clever with the new capabilities (yet). | |||
2015-09-22 | Makefile cleanup. | Rob Austein | |
2015-09-21 | Unit tests for init, session, and login functions. | Rob Austein | |
2015-09-16 | Add C_SignUpdate(), C_SignFinal(), C_VerifyUpdate(), C_VerifyFinal(). | Rob Austein | |
2015-09-15 | py11 support for C_CreateObject(). | Rob Austein | |
2015-09-15 | Add C_CreateObject(), which required refactoring some of the ↵ | Rob Austein | |
template-checking code. | |||
2015-09-14 | Debug PKCS #11 ECDSA signature and verification. | Rob Austein | |
2015-09-11 | Fix size_t vs CK_ULONG type mismatch (platform dependent). | Rob Austein | |
2015-09-11 | verify_rsa_pkcs() should be static. | Rob Austein | |
2015-09-09 | Add ECDSA signature and verification. Compiles, not tested. | Rob Austein | |
2015-09-09 | Refactor C_Sign() and C_Verify() to move algorithm-dependent code to | Rob Austein | |
helper functions. As a happy side effect, this also simplifies locking slightly and gives us a straightforward path towards the *Update() and *Final() incremental-hashing functions. Compiles, not yet tested. | |||
2015-09-08 | Merge branch 'master' into ecdsa | Rob Austein | |
2015-09-07 | Checkpoint of partial support for ECDSA. Compiles, not yet tested, | Rob Austein | |
probably doesn't work. Probably should merge state_access branch before going much further with this. | |||
2015-09-02 | Track changes to hal_rsa_key_t and hal_hash_state_t. | Rob Austein | |
2015-07-23 | First pass at adding incremental digest support. C_Digest*() only so | Rob Austein | |
far. Compiles, not yet tested. | |||
2015-07-17 | Add C_GetSessionInfo(). | Rob Austein | |
2015-07-17 | Don't insist that both keys in a pair must be token objects if either | Rob Austein | |
one is. Apparently making the public key be a session object is a standard hack for conserving space on the token. | |||
2015-07-09 | Might help to spell function name correctly. | Rob Austein | |
2015-07-09 | Add hashes to C_GetMechanismInfo(). | Rob Austein | |
2015-07-05 | Turn PKCS #11 debugging verbosity down a notch. | Rob Austein | |
2015-07-01 | Clean up raw SQL silliness in GNUmakefile "bully" target. Add --help. | Rob Austein | |
Clean up trailing whitespace in multiple files. Add missing copyright. | |||
2015-07-01 | Add p11util program to do things like fiddling with the BPKDF2 | Rob Austein | |
iteration count, setting PINs, and so forth. Factor some SQL utility code out to a separate file so we can reuse it for p11util. | |||
2015-06-24 | Fix a few new warnings on the Novena. | Rob Austein | |
2015-06-24 | Extracting the private key from a public key object doesn't work very well. | Rob Austein | |
2015-06-24 | Doh, get ENTER_PUBLIC_FUNCTION() log message right. | Rob Austein | |
2015-06-24 | Refactor PKCS #1.5 code, add C_Verify*() functions. Tidy up and | Rob Austein | |
extend debug-by-printf() support, given all the fun we've been having with gdb and threads on the Novena. | |||
2015-06-24 | First batch of tweaks after testing with hsmbully. | Rob Austein | |
2015-06-23 | Debug interface to libhal. With these fixes, passes minimal DNSSEC | Rob Austein | |
signer test. | |||
2015-06-22 | Convert from Cryptlib to libhal. Compiles, not yet tested otherwise. | Rob Austein | |
2015-06-03 | Minor cleanup of new mutex code after confirming that DNSSEC signer | Rob Austein | |
test still works. | |||
2015-06-02 | Add basic mutex support, including default ("OS") implementation using | Rob Austein | |
POSIX threads. Compiles, but no runtime testing done yet. | |||
2015-04-28 | First public commit of PKCS #11 implementation. | Rob Austein | |