sw/pkcs11 - PKCS #11 library for Cryptech on top of libhal RPC

Age	Commit message (Collapse)	Author
2020-05-25	Untested conversion to support Python 3	Rob Austein

2017-05-10	Clean up default location of PKCS #11 library.	Rob Austein

2017-05-04	Regression tests for today's C_FindObjects() bugfixes.	Rob Austein

2017-04-14	Python interface API will need to be cryptech.py11 for installation.	Rob Austein

2017-01-31	Be more careful with handle cleanup, to support parallel testing.	Rob Austein

2016-11-22	Remove SQLite3 from build, no longer needed.	Rob Austein

2016-09-03	Hack PKCS #11 to work with revised libhal pkey API.	Rob Austein

2016-08-10	Add regression test for borked or missing PKCS #1.5 DigestInfo.	Rob Austein
	Oleg found a cute bug where C_SignUpdate() and C_SignFinal() would generate an incorrect signature which C_VerifyUpdate() and C_VerifyFinal() would think was fine because the verification code had essentially the same bug as the signature code. None of this applied to the (much) more commonly used C_Sign() and C_Verify() functions, which is why nobody noticed until now. Bug fixed in sw/libhal commit 36dfaf0adbddbb9f1f7852911228b3ab24ba01aa but we need a regression test to make sure we don't reintroduce the bug. So we add a test which computes the signature both ways, then verifies it with PyCrypto as well as both ways with our own code. We should probably be doing more comparisons of RSA results with PyCrypto. For ECDSA with non-deterministic signatures it's a bit harder, but more checking against the Python ecdsa library would still be a good idea.
2016-07-13	Add "cryptech" to public "pkcs11" names.	Rob Austein
	Database location environment variable is now CRYPTECH_PKCS11_DATABASE. Installed library is now libcryptech-pkcs11.{so,dylib}.
2016-07-07	Clean up test code that made sense on the Novena but not on the Alpha.	Rob Austein

2016-06-16	Convert timing report to integrate with unittest.TextTestRunner, to avoid ↵	Rob Austein
	garbled reports if a test fails.
2016-06-16	Generalize and extend tests of externally-supplied RSA keys.	Rob Austein
	Disable 3416-bit RSA key generation tests while we sort out whether simply padding the modulus out to the next 32-bit boundary is sufficient to support these with ModExpS6/ModExpA7.
2016-06-16	Completely farbled most of the super() incantations, sigh.	Rob Austein

2016-06-16	Add timing of individual tests, test descriptions.	Rob Austein

2016-06-16	Tweak unit tests to be a bit less annoying on Alpha.	Rob Austein
	* Don't modify the wheel PIN unless specifically requested * Don't try to run the Novena RPC test server (or any server) by default. Still need to rewrite some of the RSA key tests, particularly the external key load test, to conform to known implementation constraint that key length must be a multiple of 32 bits; deferred until we switch back to hardware modexp, as this won't matter until then.
2016-06-14	Clean up debugging output left in one of the unit tests.	Rob Austein

2016-06-13	Add test for loading an externally generated keypair via C_CreateObject().	Rob Austein

2016-06-12	A few RSA unit tests inspired by hsmbully.	Rob Austein

2016-06-10	Support split keypairs, where private key is a token object and public	Rob Austein
	key is a session object. Doesn't actually save us anything, but Jakob tells us that this makes a difference on some HSMs so we people use this kind of setup and we need to support it. Explicitly disallow private keys as session objects, since we have no way to protect them. Update unit-tests now that we return the correct error code for this case.
2016-06-10	Add support for running only a specified subset of the unit tests.	Rob Austein

2016-06-10	Update unit tests to match new behavior: we no longer allow private	Rob Austein
	keys to be stored as session objects, so test that doing so fails as expected, and update other tests to specify CKA_TOKEN = True.
2016-05-25	Track PIN changes on libhal master branch.	Rob Austein

2016-05-19	Add test case using public key via C_CreateObject() to verify signature ↵	Rob Austein
	created by earlier keypair.
2016-05-18	Add explicit generate/sign/verify unit tests both on and off the	Rob Austein
	token, since we just demonstrated (the hard way) that testing only one is not sufficient.
2016-05-17	Bugfixes to new error handling code, refactor some unreadable nested logic ↵	Rob Austein
	in handle lookup code. The mapping between PKCS #11 objects and libhal handles isn't quite right yet. This is a snapshot of bugfixes accumulated along the way, before refactoring mapping code to deal with the underlying problem.
2016-05-16	Identical CKA_ID values no longer constitute a conflict, adjust test.	Rob Austein

2016-05-15	Fix broken unit test.	Rob Austein
	Turns out that the one remaining old PKCS #11 unit test we weren't passing was a broken test: code was correctly rejecting CKA_ID conflicts. Rewrote test, and added test setup code to use separate client and server keystores when using the ks_mmap keystore driver.
2016-05-13	Sort out some disagreements between our command line parsing and unit_test's ↵	Rob Austein
	defaults.
2016-05-13	Rework unit_test framework to use argparse and to run RPC server ↵	Rob Austein
	automatically if present.
2015-09-22	Clean up Python APIs to C_FindObject*() and C_GetSlotList().	Rob Austein

2015-09-21	Better test for keypair object class.	Rob Austein

2015-09-21	More key unit tests.	Rob Austein

2015-09-21	More test cases.	Rob Austein

2015-09-21	Unit tests for init, session, and login functions.	Rob Austein

2015-09-21	First step towards unit tests.	Rob Austein