aboutsummaryrefslogtreecommitdiff
path: root/pkcs11.c
AgeCommit message (Collapse)Author
2016-05-25Track PIN changes on libhal master branch.Rob Austein
2016-05-18Refactor object creation code.Rob Austein
2016-05-17Bugfixes to new error handling code, refactor some unreadable nested logic ↵Rob Austein
in handle lookup code. The mapping between PKCS #11 objects and libhal handles isn't quite right yet. This is a snapshot of bugfixes accumulated along the way, before refactoring mapping code to deal with the underlying problem.
2016-05-17Start error handling cleanup and rewrite.Rob Austein
Error handling and hte underlying functions and macros that support it will probably change a bit more as it goes along. Trying to strike the right balance between having the main code be readable and having the underlying support code be at least comprehensible and straightforward to review. Also need to address current over-use of CKR_FUNCTION_FAILED.
2016-05-15Use key hashes instead of CKA_ID to name objects in libhal keystore.Rob Austein
2016-05-14Key flag handling, more trailing whitespace cleanup.Rob Austein
At this point we are passing most of the unit tests in RPC loopback mode. Remaining failure is TestKeys.test_keygen_token_vs_session(), which gets HAL_ERROR_KEY_NAME_IN_USE when attempting to generate a session key and a token key with the same CKA_ID value, so clearly something is not quite right yet in the keystore selection logic.
2016-05-14Add (back) ability to construct public keys from stored attributes.Rob Austein
2016-05-14Track (trivial) libhal API change.Rob Austein
2016-05-13The libhal RPC channel works better when one remembers to initialize it.Rob Austein
2016-05-12Fix RSA key length and CKA_ID lookup.Rob Austein
libhal RPC API takes RSA key lengths in bits, not bytes. Insisting on receiving matching CKA_ID in both public and private templates on key generation is probably unwise, so back down using CKA_ID from private template if provided, otherwise from the public template, and only raise incompete template error if both are missing.
2016-05-12Remove vestigial KEK code, that's all handled by libhal now.Rob Austein
2016-05-12p11util now uses libhal and doesn't need to touch SQL.Rob Austein
"p11util" is now something of a misnomer, since there's no longer anything about it that's specific to PKCS #11. Probably should become a libhal utility program, eventually.
2016-05-12First pass on converting from direct libhal calls to libhal RPC calls.Rob Austein
This version isn't really expected to work properly, but it's far enough along to be worth archiving before starting runtime testing.
2016-05-06Track API changes on sw/libhal rpc branch.Rob Austein
So far this is just dumb little things like changed names for old data types and functions. Changes to use new API features will come later.
2015-12-13whack copyrightsPaul Selkirk
2015-10-04Minimal conversion to config_core_selector libhal API. Not doingRob Austein
anything particularly clever with the new capabilities (yet).
2015-09-22Makefile cleanup.Rob Austein
2015-09-21Unit tests for init, session, and login functions.Rob Austein
2015-09-16Add C_SignUpdate(), C_SignFinal(), C_VerifyUpdate(), C_VerifyFinal().Rob Austein
2015-09-15py11 support for C_CreateObject().Rob Austein
2015-09-15Add C_CreateObject(), which required refactoring some of the ↵Rob Austein
template-checking code.
2015-09-14Debug PKCS #11 ECDSA signature and verification.Rob Austein
2015-09-11Fix size_t vs CK_ULONG type mismatch (platform dependent).Rob Austein
2015-09-11verify_rsa_pkcs() should be static.Rob Austein
2015-09-09Add ECDSA signature and verification. Compiles, not tested.Rob Austein
2015-09-09Refactor C_Sign() and C_Verify() to move algorithm-dependent code toRob Austein
helper functions. As a happy side effect, this also simplifies locking slightly and gives us a straightforward path towards the *Update() and *Final() incremental-hashing functions. Compiles, not yet tested.
2015-09-08Merge branch 'master' into ecdsaRob Austein
2015-09-07Checkpoint of partial support for ECDSA. Compiles, not yet tested,Rob Austein
probably doesn't work. Probably should merge state_access branch before going much further with this.
2015-09-02Track changes to hal_rsa_key_t and hal_hash_state_t.Rob Austein
2015-07-23First pass at adding incremental digest support. C_Digest*() only soRob Austein
far. Compiles, not yet tested.
2015-07-17Add C_GetSessionInfo().Rob Austein
2015-07-17Don't insist that both keys in a pair must be token objects if eitherRob Austein
one is. Apparently making the public key be a session object is a standard hack for conserving space on the token.
2015-07-09Might help to spell function name correctly.Rob Austein
2015-07-09Add hashes to C_GetMechanismInfo().Rob Austein
2015-07-05Turn PKCS #11 debugging verbosity down a notch.Rob Austein
2015-07-01Clean up raw SQL silliness in GNUmakefile "bully" target. Add --help.Rob Austein
Clean up trailing whitespace in multiple files. Add missing copyright.
2015-07-01Add p11util program to do things like fiddling with the BPKDF2Rob Austein
iteration count, setting PINs, and so forth. Factor some SQL utility code out to a separate file so we can reuse it for p11util.
2015-06-24Fix a few new warnings on the Novena.Rob Austein
2015-06-24Extracting the private key from a public key object doesn't work very well.Rob Austein
2015-06-24Doh, get ENTER_PUBLIC_FUNCTION() log message right.Rob Austein
2015-06-24Refactor PKCS #1.5 code, add C_Verify*() functions. Tidy up andRob Austein
extend debug-by-printf() support, given all the fun we've been having with gdb and threads on the Novena.
2015-06-24First batch of tweaks after testing with hsmbully.Rob Austein
2015-06-23Debug interface to libhal. With these fixes, passes minimal DNSSECRob Austein
signer test.
2015-06-22Convert from Cryptlib to libhal. Compiles, not yet tested otherwise.Rob Austein
2015-06-03Minor cleanup of new mutex code after confirming that DNSSEC signerRob Austein
test still works.
2015-06-02Add basic mutex support, including default ("OS") implementation usingRob Austein
POSIX threads. Compiles, but no runtime testing done yet.
2015-04-28First public commit of PKCS #11 implementation.Rob Austein