[Cryptech-Commits] [sw/libhal] branch auto_zeroise updated (e529855 -> 71fd8da)

git at cryptech.is git at cryptech.is
Tue Apr 9 22:20:55 UTC 2019


This is an automated email from the git hooks/post-receive script.

paul at psgd.org pushed a change to branch auto_zeroise
in repository sw/libhal.

    from e529855  If a KEK is given to keywrap/unwrap, zero it out of the keywrap core after use.
     add 91658ab  Un-break builds on MacOS.
     add 7537c3a  Clean up builds for *BSD/clang.
     add dfc2522  Simplify makefile to make them easier to use with non-default directory names
     add cd7b69c  Update .gitignore with newish test apps
     add 7219e78  fix pkey_remote_get_attributes
     add 2b4972e  Add buffer overflow checks before allocating stack arrays.
     add add8e03  Change explicitly signed XDR buffer overflow checks to explicitly unsigned.
     add 4eebeee  Enable bloat tests, since they work with the current 8K keystore block size.
     add e5b24f3  Sigh, add8e03 botched handling of 0-length hal_xdr_encode_fixed_opaque requests.
     add e017cb6  Tornado 5.0 made an incompatible API change in iostream.BaseIOStream. Found when upgrading Ubuntu to 18.10.
     add 6de40f1  Change scanf/printf %hhx format strings to %x, because not every libc supports it.
     add 44debb4  Add some yields to hal_hashsig_ks_init, so other tasks can run while we're rebuilding the hash tree.
     add ccb61f2  add some more statistics to parallel-signatures.py
     add 8fc2999  Remove global stored core pointer from mkm.c.
     add d8c550b  Clean up mkm.c
     add ffb543f  Increase volatile keystore size to allow for multi-level hashsig trees.
     add 5b2d3d2  Use the hashsig pseudorandom key generation method if the key is exportable.
     add a363b85  On device restart, if a hashsig key was generated using the pseudorandom method, and it's missing one or more lmots keys, those keys can be regenerated.
     add 16d9cf7  Restructure hashsig test program
     add 418b768  Add support for hashsig key export/import.
     add 5e420cb  Hashsig cleanup.
     add 6b0c67a  Small cleanups in RPC code, e.g. to support null arguments.
     add edb4ae6  The all-singing, all-dancing key management app
     add 4f4c9ed  The FPGA register interface now does byte-swapping in hardware, so we can just call memcpy here.
     add 486416e  Update FPGA core name/version list
     add 903ba7a  In pkey_local_sign_hashsig, don't create the digest in the signature buffer, because hal_hashsig_sign assembles the signature incrementally, and will overwrite the digest before it's ready to sign it.
     add 1c07fa5  Huh, I forgot to add a Python RPC handler for pkey_generate_hashsig, over a year ago.
     add 985be95  Add support for Joachim's keywrap core.
     add 0c705cb  Correct the limit on memory banks in the keywrap core.
     add 51d57ab  Track Joachim's latest keywrap core - unroll bank-switched memory into a number of core register blocks.
     add 411b5a9  Rebase branch 'js_keywrap' from master.
     new 1376b16  Track Joachim's latest keywrap core - KEK remains in the AES core until it times out or is explicitly zeroed out.
     new ddee60a  If a KEK is given to keywrap/unwrap, zero it out of the keywrap core after use.
     new 71fd8da  Rebase branch 'auto_zeroise' from js_keywrap

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 Makefile                     |   14 +-
 cryptech/libhal.py           |   35 +-
 cryptech_muxd                |   12 +-
 hal.h                        |  133 ++++-
 hal_internal.h               |    4 +-
 hal_io_fmc.c                 |   72 ++-
 hashsig.c                    | 1135 ++++++++++++++++++++-------------------
 hashsig.h                    |  118 ----
 mkm.c                        |   72 ++-
 rpc_api.c                    |   13 +-
 rpc_client.c                 |   73 +--
 rpc_client_daemon.c          |    1 +
 rpc_misc.c                   |    2 +-
 rpc_pkey.c                   |  212 ++++----
 rpc_server.c                 |   48 +-
 tests/Makefile               |   16 +-
 tests/parallel-signatures.py |   63 ++-
 tests/test-rpc_hashsig.c     |  524 ++++++++++--------
 tests/test-xdr.c             |    4 +-
 unit-tests.py                |   76 ++-
 utils/Makefile               |   16 +-
 utils/pkey-export.c          |  187 +++++++
 utils/pkey-import.c          |  168 ++++++
 utils/pkey.c                 | 1215 ++++++++++++++++++++++++++++++++++++++++++
 uuid.c                       |   28 +-
 xdr.c                        |   44 +-
 xdr_internal.h               |    2 +-
 27 files changed, 3035 insertions(+), 1252 deletions(-)
 delete mode 100644 hashsig.h
 create mode 100644 utils/pkey-export.c
 create mode 100644 utils/pkey-import.c
 create mode 100644 utils/pkey.c



More information about the Commits mailing list