16 Aug, 2016
1 commit
-
PKCS #11's notion of a "read-only" session is odd: read-only sessions can still create/modify/destroy objects, just not "token" objects. C_SeedRandom() has its own special "nope, didn't implement that" error code, apparently the one everything else uses wasn't good enough. C_Login() has different error codes for "you're already logged in" and "you're already logged in as somebody else".
14 Aug, 2016
1 commit
-
Testing against https://github.com/google/pkcs11test.git found various bugs, some trivial, some more interesting, some arguably places where the specification is looser than pkcs11test. I'm still digging through the test results, but this commit fixes several of the most obvious issues.
10 Aug, 2016
3 commits
-
Apparently this is how the cool kids handle hiding library-internal symbols now, using objcopy is old hat. Ondrey tells us that this should work on GNU/Linux and on *BSD, which, at the moment, just leaves OSX, which we already handle with an OSX-specific kludge.
-
Oleg found a cute bug where C_SignUpdate() and C_SignFinal() would generate an incorrect signature which C_VerifyUpdate() and C_VerifyFinal() would think was fine because the verification code had essentially the same bug as the signature code. None of this applied to the (much) more commonly used C_Sign() and C_Verify() functions, which is why nobody noticed until now. Bug fixed in sw/libhal commit 36dfaf0adbddbb9f1f7852911228b3ab24ba01aa but we need a regression test to make sure we don't reintroduce the bug. So we add a test which computes the signature both ways, then verifies it with PyCrypto as well as both ways with our own code. We should probably be doing more comparisons of RSA results with PyCrypto. For ECDSA with non-deterministic signatures it's a bit harder, but more checking against the Python ecdsa library would still be a good idea.
13 Jul, 2016
1 commit
-
Database location environment variable is now CRYPTECH_PKCS11_DATABASE. Installed library is now libcryptech-pkcs11.{so,dylib}.
12 Jul, 2016
3 commits
-
Like several other recent commits, this just nails up some value which really should be coming from the HSM via some as-yet-unwritten RPC call, but that can wait until after the upcoming workshop.
-
opensc's pkcs11-tool wants to use C_GetInfo(), C_GetSlotInfo(), and C_GetMechanismList(). All are trivial functions, but we hadn't implemented any of them. As with most of the informational functions, some of the returned values are nonsense: in the long run, fixing this just means adding one or more new informational queries to the RPC protocol, but I'm not going to do that while we're in, well, not code freeze, but at least code jello. Adding C_GetMechanismList() exposed that we had never added all the SHA-224 variants to pkcs11.c: since these are just a pass-through to libhal, adding them now seems low-risk (famous last words). Closes #40.
07 Jul, 2016
2 commits
30 Jun, 2016
1 commit
-
Apple, for reasons unknown, chose not to implement SOCK_SEQPACKET. This works on Linux and *BSD, and libhal's MUX daemon uses it to avoid having to add its own framing protocol on top of SOCK_STREAM. So, at least for now, Mac OS X will not support the multiplex daemon, only direct connection to the HSM by a single client.
28 Jun, 2016
1 commit
-
{session,token}_object tables to preserve the mapping from pkcs11 token objects to libhal pkey objects.
27 Jun, 2016
1 commit
26 Jun, 2016
2 commits
-
…need it for libpkcs11.
25 Jun, 2016
1 commit
24 Jun, 2016
1 commit
-
The Mac OS X build compiles, but is otherwise completely untested, and won't even be testable until cryptech_rpcd support configuring high-speed UARTs on Mac OS X (OS-specific voodoo).
23 Jun, 2016
2 commits
16 Jun, 2016
5 commits
-
…d reports if a test fails.
-
Disable 3416-bit RSA key generation tests while we sort out whether simply padding the modulus out to the next 32-bit boundary is sufficient to support these with ModExpS6/ModExpA7.
-
* Don't modify the wheel PIN unless specifically requested * Don't try to run the Novena RPC test server (or any server) by default. Still need to rewrite some of the RSA key tests, particularly the external key load test, to conform to known implementation constraint that key length must be a multiple of 32 bits; deferred until we switch back to hardware modexp, as this won't matter until then.
14 Jun, 2016
1 commit
13 Jun, 2016
3 commits
12 Jun, 2016
1 commit
10 Jun, 2016
3 commits
-
key is a session object. Doesn't actually save us anything, but Jakob tells us that this makes a difference on some HSMs so we people use this kind of setup and we need to support it. Explicitly disallow private keys as session objects, since we have no way to protect them. Update unit-tests now that we return the correct error code for this case.
-
keys to be stored as session objects, so test that doing so fails as expected, and update other tests to specify CKA_TOKEN = True.
25 May, 2016
1 commit
19 May, 2016
1 commit
18 May, 2016
2 commits
-
token, since we just demonstrated (the hard way) that testing only one is not sufficient.
17 May, 2016
2 commits
-
The mapping between PKCS #11 objects and libhal handles isn't quite right yet. This is a snapshot of bugfixes accumulated along the way, before refactoring mapping code to deal with the underlying problem.
-
Error handling and hte underlying functions and macros that support it will probably change a bit more as it goes along. Trying to strike the right balance between having the main code be readable and having the underlying support code be at least comprehensible and straightforward to review. Also need to address current over-use of CKR_FUNCTION_FAILED.
16 May, 2016
1 commit