/*
 * ks_flash.c
 * ----------
 * Keystore implementation in flash memory.
 *
 * Authors: Rob Austein, Fredrik Thulin
 * Copyright (c) 2015-2016, NORDUnet A/S All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 * - Redistributions of source code must retain the above copyright notice,
 *   this list of conditions and the following disclaimer.
 *
 * - Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in the
 *   documentation and/or other materials provided with the distribution.
 *
 * - Neither the name of the NORDUnet nor the names of its contributors may
 *   be used to endorse or promote products derived from this software
 *   without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/*
 * This keystore driver operates over bare flash, versus over a flash file
 * system or flash translation layer. The block size is large enough to
 * hold an AES-keywrapped 4096-bit RSA key. Any remaining space in the key
 * block may be used to store attributes (opaque TLV blobs). If the
 * attributes overflow the key block, additional blocks may be added, but
 * no attribute may exceed the block size.
 */

#include <stddef.h>
#include <string.h>
#include <assert.h>

#include "hal.h"
#include "hal_internal.h"

#include "last_gasp_pin_internal.h"

#define HAL_OK CMIS_HAL_OK
#include "stm-keystore.h"
#undef HAL_OK

/*
 * Known block states.
 *
 * C does not guarantee any particular representation for enums, so
 * including enums directly in the block header isn't safe.  Instead,
 * we use an access method which casts when reading from the header.
 * Writing to the header isn't a problem, because C does guarantee
 * that enum is compatible with *some* integer type, it just doesn't
 * specify which one.
 */

typedef enum {
  BLOCK_TYPE_ERASED  = 0xFF, /* Pristine erased block (candidate for reuse) */
  BLOCK_TYPE_ZEROED  = 0x00, /* Zeroed block (recently used) */
  BLOCK_TYPE_KEY     = 0x55, /* Block contains key material */
  BLOCK_TYPE_ATTR    = 0x66, /* Block contains key attributes (overflow from key block) */
  BLOCK_TYPE_PIN     = 0xAA, /* Block contains PINs */
  BLOCK_TYPE_UNKNOWN = -1,   /* Internal code for "I have no clue what this is" */
} flash_block_type_t;

/*
 * Block status.
 */

typedef enum {
  BLOCK_STATUS_LIVE      = 0x66, /* This is a live flash block */
  BLOCK_STATUS_TOMBSTONE = 0x44, /* This is a tombstone left behind during an update  */
  BLOCK_STATUS_UNKNOWN   = -1,   /* Internal code for "I have no clue what this is" */
} flash_block_status_t;

/*
 * Common header for all flash block types.
 * A few of these fields are deliberately omitted from the CRC.
 */

typedef struct {
  uint8_t               block_type;
  uint8_t               block_status;
  uint8_t               total_chunks;
  uint8_t               this_chunk;
  hal_crc32_t           crc;
} flash_block_header_t;

/*
 * Key block.  Tail end of "der" field (after der_len) used for attributes.
 */

typedef struct {
  flash_block_header_t  header;
  hal_uuid_t            name;
  hal_key_type_t        type;
  hal_curve_name_t      curve;
  hal_key_flags_t       flags;
  size_t                der_len;
  unsigned              attributes_len;
  uint8_t               der[];  /* Must be last field -- C99 "flexible array member" */
} flash_key_block_t;

#define SIZEOF_FLASH_KEY_BLOCK_DER \
  (KEYSTORE_SUBSECTOR_SIZE - offsetof(flash_key_block_t, der))

/*
 * Key attribute overflow block (attributes which don't fit in der field of key block).
 */

typedef struct {
  flash_block_header_t  header;
  hal_uuid_t            name;
  unsigned              attributes_len;
  uint8_t               attributes[]; /* Must be last field -- C99 "flexible array member" */
} flash_attributes_block_t;

#define SIZEOF_FLASH_ATTRIBUTE_BLOCK_ATTRIBUTES \
  (KEYSTORE_SUBSECTOR_SIZE - offsetof(flash_attributes_block_t, attributes))

/*
 * PIN block.  Also includes space for backing up the KEK when
 * HAL_MKM_FLASH_BACKUP_KLUDGE is enabled.
 */

typedef struct {
  flash_block_header_t  header;
  hal_ks_pin_t          wheel_pin;
  hal_ks_pin_t          so_pin;
  hal_ks_pin_t          user_pin;
#if HAL_MKM_FLASH_BACKUP_KLUDGE
  uint32_t              kek_set;
  uint8_t               kek[KEK_LENGTH];
#endif
} flash_pin_block_t;

#define FLASH_KEK_SET   0x33333333

/*
 * One flash block.
 */

typedef union {
  uint8_t                       bytes[KEYSTORE_SUBSECTOR_SIZE];
  flash_block_header_t          header;
  flash_key_block_t             key;
  flash_attributes_block_t      attr;
  flash_pin_block_t             pin;
} flash_block_t;

/*
 * In-memory cache.
 */

typedef struct {
  unsigned            blockno;
  uint32_t            lru;
  flash_block_t       block;
} cache_block_t;

/*
 * In-memory database.
 *
 * The top-level structure is a static variable; the arrays are allocated at runtime
 * using hal_allocate_static_memory() because they can get kind of large.
 */

#ifndef KS_FLASH_CACHE_SIZE
#define KS_FLASH_CACHE_SIZE 4
#endif

#define NUM_FLASH_BLOCKS        KEYSTORE_NUM_SUBSECTORS

typedef struct {
  hal_ks_t              ks;                  /* Must be first (C "subclassing") */
  hal_ks_index_t        ksi;
  hal_ks_pin_t          wheel_pin;
  hal_ks_pin_t          so_pin;
  hal_ks_pin_t          user_pin;
  uint32_t              cache_lru;
  cache_block_t         *cache;
} db_t;

/*
 * PIN block gets the all-zeros UUID, which will never be returned by
 * the UUID generation code (by definition -- it's not a version 4 UUID).
 */

const static hal_uuid_t pin_uuid = {{0}};

/*
 * The in-memory database structure itself is small, but the arrays it
 * points to are large enough that they come from SDRAM allocated at
 * startup.
 */

static db_t db;

/*
 * Type safe casts.
 */

static inline flash_block_type_t block_get_type(const flash_block_t * const block)
{
  assert(block != NULL);
  return (flash_block_type_t) block->header.block_type;
}

static inline flash_block_status_t block_get_status(const flash_block_t * const block)
{
  assert(block != NULL);
  return (flash_block_status_t) block->header.block_status;
}

/*
 * Pick unused or least-recently-used slot in our in-memory cache.
 *
 * Updating lru values is caller's problem: if caller is using a cache
 * slot as a temporary buffer and there's no point in caching the
 * result, leave the lru values alone and the right thing will happen.
 */

static inline flash_block_t *cache_pick_lru(void)
{
  uint32_t best_delta = 0;
  int      best_index = 0;

  for (int i = 0; i < KS_FLASH_CACHE_SIZE; i++) {

    if (db.cache[i].blockno == ~0)
      return &db.cache[i].block;

    const uint32_t delta = db.cache_lru - db.cache[i].lru;
    if (delta > best_delta) {
      best_delta = delta;
      best_index = i;
    }

  }

  db.cache[best_index].blockno = ~0;
  return &db.cache[best_index].block;
}

/*
 * Find a block in our in-memory cache; return block or NULL if not present.
 */

static inline flash_block_t *cache_find_block(const unsigned blockno)
{
  for (int i = 0; i < KS_FLASH_CACHE_SIZE; i++)
    if (db.cache[i].blockno == blockno)
      return &db.cache[i].block;
  return NULL;
}

/*
 * Mark a block in our in-memory cache as being in current use.
 */

static inline void cache_mark_used(const flash_block_t * const block, const unsigned blockno)
{
  for (int i = 0; i < KS_FLASH_CACHE_SIZE; i++) {
    if (&db.cache[i].block == block) {
      db.cache[i].blockno = blockno;
      db.cache[i].lru = ++db.cache_lru;
      return;
    }
  }
}

/*
 * Release a block from the in-memory cache.
 */

static inline void cache_release(const flash_block_t * const block)
{
  if (block != NULL)
    cache_mark_used(block, ~0);
}

/*
 * Generate CRC-32 for a block.
 *
 * This function needs to understand the structure of
 * flash_block_header_t, so that it can skip over fields that
 * shouldn't be included in the CRC.
 */

static hal_crc32_t calculate_block_crc(const flash_block_t * const block)
{
  assert(block != NULL);

  hal_crc32_t crc = hal_crc32_init();

  crc = hal_crc32_update(crc, &block->header.block_type,
                         sizeof(block->header.block_type));

  crc = hal_crc32_update(crc, &block->header.total_chunks,
                         sizeof(block->header.total_chunks));

  crc = hal_crc32_update(crc, &block->header.this_chunk,
                         sizeof(block->header.this_chunk));

  crc = hal_crc32_update(crc, block->bytes + sizeof(flash_block_header_t),
                         sizeof(*block) - sizeof(flash_block_header_t));

  return hal_crc32_finalize(crc);
}

/*
 * Calculate offset of the block in the flash address space.
 */

static inline uint32_t block_offset(const unsigned blockno)
{
  return blockno * KEYSTORE_SUBSECTOR_SIZE;
}

/*
 * Read a flash block.
 *
 * Flash read on the Alpha is slow enough that it pays to check the
 * first page before reading the rest of the block.
 */

static hal_error_t block_read(const unsigned blockno, flash_block_t *block)
{
  if (block == NULL || blockno >= NUM_FLASH_BLOCKS || sizeof(*block) != KEYSTORE_SUBSECTOR_SIZE)
    return HAL_ERROR_IMPOSSIBLE;

  /* Sigh, magic numeric return codes */
  if (keystore_read_data(block_offset(blockno),
                         block->bytes,
                         KEYSTORE_PAGE_SIZE) != 1)
    return HAL_ERROR_KEYSTORE_ACCESS;

  switch (block_get_type(block)) {
  case BLOCK_TYPE_ERASED:
  case BLOCK_TYPE_ZEROED:
    return HAL_OK;
  case BLOCK_TYPE_KEY:
  case BLOCK_TYPE_PIN:
  case BLOCK_TYPE_ATTR:
    break;
  default:
    return HAL_ERROR_KEYSTORE_BAD_BLOCK_TYPE;
  }

  switch (block_get_status(block)) {
  case BLOCK_STATUS_LIVE:
  case BLOCK_STATUS_TOMBSTONE:
    break;
  default:
    return HAL_ERROR_KEYSTORE_BAD_BLOCK_TYPE;
  }

  /* Sigh, magic numeric return codes */
  if (keystore_read_data(block_offset(blockno) + KEYSTORE_PAGE_SIZE,
                         block->bytes + KEYSTORE_PAGE_SIZE,
                         sizeof(*block) - KEYSTORE_PAGE_SIZE) != 1)
    return HAL_ERROR_KEYSTORE_ACCESS;

  if (calculate_block_crc(block) != block->header.crc)
    return HAL_ERROR_KEYSTORE_BAD_CRC;

  return HAL_OK;
}

/*
 * Read a block using the cache.  Marking the block as used is left
 * for the caller, so we can avoid blowing out the cache when we
 * perform a ks_match() operation.
 */

static hal_error_t block_read_cached(const unsigned blockno, flash_block_t **block)
{
  if (block == NULL)
    return HAL_ERROR_IMPOSSIBLE;

  if ((*block = cache_find_block(blockno)) != NULL)
    return HAL_OK;

  if ((*block = cache_pick_lru()) == NULL)
    return HAL_ERROR_IMPOSSIBLE;

  return block_read(blockno, *block);
}

/*
 * Convert a live block into a tombstone.  Caller is responsible for
 * making sure that the block being converted is valid; since we don't
 * need to update the CRC for this, we just modify the first page.
 */

static hal_error_t block_deprecate(const unsigned blockno)
{
  if (blockno >= NUM_FLASH_BLOCKS)
    return HAL_ERROR_IMPOSSIBLE;

  uint8_t page[KEYSTORE_PAGE_SIZE];
  flash_block_header_t *header = (void *) page;
  uint32_t offset = block_offset(blockno);

  /* Sigh, magic numeric return codes */
  if (keystore_read_data(offset, page, sizeof(page)) != 1)
    return HAL_ERROR_KEYSTORE_ACCESS;

  header->block_status = BLOCK_STATUS_TOMBSTONE;

  /* Sigh, magic numeric return codes */
  if (keystore_write_data(offset, page, sizeof(page)) != 1)
    return HAL_ERROR_KEYSTORE_ACCESS;

  return HAL_OK;
}

/*
 * Zero (not erase) a flash block.  Just need to zero the first page.
 */

static hal_error_t block_zero(const unsigned blockno)
{
  if (blockno >= NUM_FLASH_BLOCKS)
    return HAL_ERROR_IMPOSSIBLE;

  uint8_t page[KEYSTORE_PAGE_SIZE] = {0};

  /* Sigh, magic numeric return codes */
  if (keystore_write_data(block_offset(blockno), page, sizeof(page)) != 1)
    return HAL_ERROR_KEYSTORE_ACCESS;

  return HAL_OK;
}

/*
 * Erase a flash block.  Also see block_erase_maybe(), below.
 */

static hal_error_t block_erase(const unsigned blockno)
{
  if (blockno >= NUM_FLASH_BLOCKS)
    return HAL_ERROR_IMPOSSIBLE;

  /* Sigh, magic numeric return codes */
  if (keystore_erase_subsector(blockno) != 1)
    return HAL_ERROR_KEYSTORE_ACCESS;

  return HAL_OK;
}

/*
 * Erase a flash block if it hasn't already been erased.
 * May not be necessary, trying to avoid unnecessary wear.
 *
 * Unclear whether there's any sane reason why this needs to be
 * constant time, given how slow erasure is.  But side channel attacks
 * can be tricky things, and it's theoretically possible that we could
 * leak information about, eg, key length, so we do constant time.
 */

static hal_error_t block_erase_maybe(const unsigned blockno)
{
  if (blockno >= NUM_FLASH_BLOCKS)
    return HAL_ERROR_IMPOSSIBLE;

  uint8_t mask = 0xFF;

  for (uint32_t a = block_offset(blockno); a < block_offset(blockno + 1); a += KEYSTORE_PAGE_SIZE) {
    uint8_t page[KEYSTORE_PAGE_SIZE];
    if (keystore_read_data(a, page, sizeof(page)) != 1)
      return HAL_ERROR_KEYSTORE_ACCESS;
    for (int i = 0; i < KEYSTORE_PAGE_SIZE; i++)
      mask &= page[i];
  }

  return mask == 0xFF ? HAL_OK : block_erase(blockno);
}

/*
 * Write a flash block, calculating CRC when appropriate.
 */

static hal_error_t block_write(const unsigned blockno, flash_block_t *block)
{
  if (block == NULL || blockno >= NUM_FLASH_BLOCKS || sizeof(*block) != KEYSTORE_SUBSECTOR_SIZE)
    return HAL_ERROR_IMPOSSIBLE;

  hal_error_t err = block_erase_maybe(blockno);

  if (err != HAL_OK)
    return err;

  switch (block_get_type(block)) {
  case BLOCK_TYPE_KEY:
  case BLOCK_TYPE_PIN:
  case BLOCK_TYPE_ATTR:
    block->header.crc = calculate_block_crc(block);
    break;
  default:
    break;
  }

  /* Sigh, magic numeric return codes */
  if (keystore_write_data(block_offset(blockno), block->bytes, sizeof(*block)) != 1)
    return HAL_ERROR_KEYSTORE_ACCESS;

  return HAL_OK;
}

/*
 * Update one flash block, including zombie jamboree.
 */

static hal_error_t block_update(const unsigned b1, flash_block_t *block,
                                const hal_uuid_t * const uuid, const unsigned chunk, int *hint)
{
  if (block == NULL)
    return HAL_ERROR_IMPOSSIBLE;

  if (db.ksi.used == db.ksi.size)
    return HAL_ERROR_NO_KEY_INDEX_SLOTS;

  cache_release(block);

  hal_error_t err;
  unsigned b2;

  if ((err = block_deprecate(b1))                                       != HAL_OK ||
      (err = hal_ks_index_replace(&db.ksi, uuid, chunk, &b2, hint))     != HAL_OK ||
      (err = block_write(b2, block))                                    != HAL_OK ||
      (err = block_zero(b1))                                            != HAL_OK)
    return err;

  cache_mark_used(block, b2);

  /*
   * Erase the first block in the free list. In case of restart, this
   * puts the block back at the head of the free list.
   */

  return block_erase_maybe(db.ksi.index[db.ksi.used]);
}

/*
 * Forward reference.
 */

static hal_error_t fetch_pin_block(unsigned *b, flash_block_t **block);

/*
 * Initialize keystore.  This includes various tricky bits, some of
 * which attempt to preserve the free list ordering across reboots, to
 * improve our simplistic attempt at wear leveling, others attempt to
 * recover from unclean shutdown.
 */

static inline void *gnaw(uint8_t **mem, size_t *len, const size_t size)
{
  if (mem == NULL || *mem == NULL || len == NULL || size > *len)
    return NULL;
  void *ret = *mem;
  *mem += size;
  *len -= size;
  return ret;
}

static hal_error_t ks_init(const hal_ks_driver_t * const driver, const int alloc)
{
  hal_error_t err = HAL_OK;

  hal_ks_lock();

  /*
   * Initialize the in-memory database.
   */

  if (alloc) {

    size_t len = (sizeof(*db.ksi.index) * NUM_FLASH_BLOCKS +
                  sizeof(*db.ksi.names) * NUM_FLASH_BLOCKS +
                  sizeof(*db.cache)     * KS_FLASH_CACHE_SIZE);

    /*
     * This is done as a single large allocation, rather than 3 smaller
     * allocations, to make it atomic - we need all 3, so either all
     * succeed or all fail.
     */

    uint8_t *mem = hal_allocate_static_memory(len);

    if (mem == NULL) {
      err = HAL_ERROR_ALLOCATION_FAILURE;
      goto done;
    }

    memset(&db, 0, sizeof(db));
    memset(mem, 0, len);

    db.ksi.index = gnaw(&mem, &len, sizeof(*db.ksi.index) * NUM_FLASH_BLOCKS);
    db.ksi.names = gnaw(&mem, &len, sizeof(*db.ksi.names) * NUM_FLASH_BLOCKS);
    db.cache     = gnaw(&mem, &len, sizeof(*db.cache)     * KS_FLASH_CACHE_SIZE);
    db.ksi.size  = NUM_FLASH_BLOCKS;
  }

  else {
    memset(&db.wheel_pin, 0, sizeof(db.wheel_pin));
    memset(&db.so_pin,    0, sizeof(db.so_pin));
    memset(&db.user_pin,  0, sizeof(db.user_pin));
  }

  db.ksi.used  = 0;

  if (db.ksi.index == NULL || db.ksi.names == NULL || db.cache == NULL) {
    err = HAL_ERROR_IMPOSSIBLE;
    goto done;
  }

  for (int i = 0; i < KS_FLASH_CACHE_SIZE; i++)
    db.cache[i].blockno = ~0;

  /*
   * Scan existing content of flash to figure out what we've got.
   * This gets a bit involved due to the need to recover from things
   * like power failures at inconvenient times.
   */

  flash_block_type_t   block_types[NUM_FLASH_BLOCKS];
  flash_block_status_t block_status[NUM_FLASH_BLOCKS];
  flash_block_t *block = cache_pick_lru();
  int first_erased = -1;
  uint16_t n = 0;

  if (block == NULL) {
    err = HAL_ERROR_IMPOSSIBLE;
    goto done;
  }

  for (int i = 0; i < NUM_FLASH_BLOCKS; i++) {

    /*
     * Read one block.  If the CRC is bad or the block type is
     * unknown, it's old data we don't understand, something we were
     * writing when we crashed, or bad flash; in any of these cases,
     * we want the block to end up near the end of the free list.
     */

    err = block_read(i, block);

    if (err == HAL_ERROR_KEYSTORE_BAD_CRC || err == HAL_ERROR_KEYSTORE_BAD_BLOCK_TYPE)
      block_types[i] = BLOCK_TYPE_UNKNOWN;

    else if (err == HAL_OK)
      block_types[i] = block_get_type(block);

    else
      goto done;

    switch (block_types[i]) {
    case BLOCK_TYPE_KEY:
    case BLOCK_TYPE_PIN:
    case BLOCK_TYPE_ATTR:
      block_status[i] = block_get_status(block);
      break;
    default:
      block_status[i] = BLOCK_STATUS_UNKNOWN;
    }

    /*
     * First erased block we see is head of the free list.
     */

    if (block_types[i] == BLOCK_TYPE_ERASED && first_erased < 0)
      first_erased = i;

    /*
     * If it's a valid data block, include it in the index.  We remove
     * tombstones (if any) below, for now it's easiest to include them
     * in the index, so we can look them up by name if we must.
     */

    const hal_uuid_t *uuid = NULL;

    switch (block_types[i]) {
    case BLOCK_TYPE_KEY:        uuid = &block->key.name;        break;
    case BLOCK_TYPE_ATTR:       uuid = &block->attr.name;       break;
    case BLOCK_TYPE_PIN:        uuid = &pin_uuid;               break;
    default:                    /* Keep GCC happy */            break;
    }

    if (uuid != NULL) {
      db.ksi.names[i].name = *uuid;
      db.ksi.names[i].chunk = block->header.this_chunk;
      db.ksi.index[n++] = i;
    }
  }

  db.ksi.used = n;

  assert(db.ksi.used <= db.ksi.size);

  /*
   * At this point we've built the (unsorted) index from all the valid
   * blocks.  Now we need to insert free and unrecognized blocks into
   * the free list in our preferred order.  It's possible that there's
   * a better way to do this than linear scan, but this is just
   * integer comparisons in a fairly small data set, so it's probably
   * not worth trying to optimize.
   */

  if (n < db.ksi.size)
    for (int i = 0; i < NUM_FLASH_BLOCKS; i++)
      if (block_types[i] == BLOCK_TYPE_ERASED)
        db.ksi.index[n++] = i;

  if (n < db.ksi.size)
    for (int i = first_erased; i < NUM_FLASH_BLOCKS; i++)
      if (block_types[i] == BLOCK_TYPE_ZEROED)
        db.ksi.index[n++] = i;

  if (n < db.ksi.size)
    for (int i = 0; i < first_erased; i++)
      if (block_types[i] == BLOCK_TYPE_ZEROED)
        db.ksi.index[n++] = i;

  if (n < db.ksi.size)
    for (int i = 0; i < NUM_FLASH_BLOCKS; i++)
      if (block_types[i] == BLOCK_TYPE_UNKNOWN)
        db.ksi.index[n++] = i;

  assert(n == db.ksi.size);

  /*
   * Initialize the index.
   */

  if ((err = hal_ks_index_setup(&db.ksi)) != HAL_OK)
    goto done;

  /*
   * We might want to call hal_ks_index_fsck() here, if we can figure
   * out some safe set of recovery actions we can take.
   */

  /*
   * Deal with tombstones.  These are blocks left behind when
   * something bad (like a power failure) happened while we updating.
   * The sequence of operations while updating is designed so that,
   * barring a bug or a hardware failure, we should never lose data.
   *
   * For any tombstone we find, we start by looking for all the blocks
   * with a matching UUID, then see what valid sequences we can
   * construct from what we found. This basically works in reverse of
   * the update sequence in ks_set_attributes().
   *
   * If we can construct a valid sequence of live blocks, the complete
   * update was written out, and we just need to finish zeroing the
   * tombstones.
   *
   * Otherwise, if we can construct a complete sequence of tombstone
   * blocks, the update failed before it was completely written, so we
   * have to zero the incomplete sequence of live blocks then restore
   * the tombstones.
   *
   * Otherwise, if the live and tombstone blocks taken together form a
   * valid sequence, the update failed while deprecating the old live
   * blocks, and none of the new data was written, so we need to restore
   * the tombstones and leave the live blocks alone.
   *
   * If none of the above applies, we don't understand what happened,
   * which is a symptom of either a bug or a hardware failure more
   * serious than simple loss of power or reboot at an inconvenient
   * time, so we error out to avoid accidental loss of data.
   */

  for (int i = 0; i < NUM_FLASH_BLOCKS; i++) {

    if (block_status[i] != BLOCK_STATUS_TOMBSTONE)
      continue;

    hal_uuid_t name = db.ksi.names[i].name;
    unsigned n_blocks;
    int where = -1;

    if ((err = hal_ks_index_find_range(&db.ksi, &name, 0, &n_blocks, NULL, &where, 0)) != HAL_OK)
      goto done;

    /*
     * hal_ks_index_find_range does a binary search, not a linear search,
     * so it may not return the first instance of a block with the given
     * name and chunk=0. Search backwards to make sure we have all chunks.
     */

    while (where > 0 && !hal_uuid_cmp(&name, &db.ksi.names[db.ksi.index[where - 1]].name)) {
      where--;
      n_blocks++;
    }

    /*
     * Rather than calling hal_ks_index_find_range with an array pointer
     * to get the list of matching blocks (because of the binary search
     * issue), we're going to fondle the index directly. This is really
     * not something to do in regular code, but this is error-recovery
     * code.
     */

    int live_ok = 1, tomb_ok = 1, join_ok = 1;
    unsigned n_live = 0, n_tomb = 0;
    unsigned i_live = 0, i_tomb = 0;

    for (int j = 0; j < n_blocks; j++) {
      unsigned b = db.ksi.index[where + j];
      switch (block_status[b]) {
      case BLOCK_STATUS_LIVE:           n_live++;                       break;
      case BLOCK_STATUS_TOMBSTONE:      n_tomb++;                       break;
      default:                          err = HAL_ERROR_IMPOSSIBLE;     goto done;
      }
    }

    uint16_t live_blocks[n_live], tomb_blocks[n_tomb];

    for (int j = 0; j < n_blocks; j++) {
      unsigned b = db.ksi.index[where + j];

      if ((err = block_read(b, block)) != HAL_OK)
        goto done;

      join_ok &= block->header.this_chunk == j && block->header.total_chunks == n_blocks;

      switch (block_status[b]) {
      case BLOCK_STATUS_LIVE:
        live_blocks[i_live] = b;
        live_ok &= block->header.this_chunk == i_live++ && block->header.total_chunks == n_live;
        break;
      case BLOCK_STATUS_TOMBSTONE:
        tomb_blocks[i_tomb] = b;
        tomb_ok &= block->header.this_chunk == i_tomb++ && block->header.total_chunks == n_tomb;
        break;
      default:
        err = HAL_ERROR_IMPOSSIBLE;
        goto done;
      }
    }

    if (!live_ok && !tomb_ok && !join_ok) {
      err = HAL_ERROR_KEYSTORE_LOST_DATA;
      goto done;
    }

    /*
     * If live_ok or tomb_ok, we have to zero out some blocks, and adjust
     * the index. Again, don't fondle the index directly, outside of error
     * recovery.
     */

    if (live_ok) {
      for (int j = 0; j < n_tomb; j++) {
        const unsigned b = tomb_blocks[j];
        if ((err = block_zero(b)) != HAL_OK)
          goto done;
        block_types[b]  = BLOCK_TYPE_ZEROED;
        block_status[b] = BLOCK_STATUS_UNKNOWN;
      }
    }

    else if (tomb_ok) {
      for (int j = 0; j < n_live; j++) {
        const unsigned b = live_blocks[j];
        if ((err = block_zero(b)) != HAL_OK)
          goto done;
        block_types[b]  = BLOCK_TYPE_ZEROED;
        block_status[b] = BLOCK_STATUS_UNKNOWN;
      }
    }

    if (live_ok) {
      memcpy(&db.ksi.index[where], live_blocks, n_live * sizeof(*db.ksi.index));
      memmove(&db.ksi.index[where + n_live], &db.ksi.index[where + n_blocks],
              (db.ksi.size - where - n_blocks) * sizeof(*db.ksi.index));
      memcpy(&db.ksi.index[db.ksi.size - n_tomb], tomb_blocks, n_tomb * sizeof(*db.ksi.index));
      db.ksi.used -= n_tomb;
      n_blocks = n_live;
    }

    else if (tomb_ok) {
      memcpy(&db.ksi.index[where], tomb_blocks, n_tomb * sizeof(*db.ksi.index));
      memmove(&db.ksi.index[where + n_tomb], &db.ksi.index[where + n_blocks],
              (db.ksi.size - where - n_blocks) * sizeof(*db.ksi.index));
      memcpy(&db.ksi.index[db.ksi.size - n_live], live_blocks, n_live * sizeof(*db.ksi.index));
      db.ksi.used -= n_live;
      n_blocks = n_tomb;
    }

    /*
     * Restore tombstone blocks (tomb_ok or join_ok).
     */

    for (int j = 0; j < n_blocks; j++) {
      int hint = where + j;
      unsigned b1 = db.ksi.index[hint], b2;
      if (block_status[b1] != BLOCK_STATUS_TOMBSTONE)
        continue;
      if ((err = block_read(b1, block)) != HAL_OK)
        goto done;
      block->header.block_status = BLOCK_STATUS_LIVE;
      if ((err = hal_ks_index_replace(&db.ksi, &name, j, &b2, &hint)) != HAL_OK ||
          (err = block_write(b2, block)) != HAL_OK)
        goto done;
      block_types[b1]  = BLOCK_TYPE_ZEROED;
      block_status[b1] = BLOCK_STATUS_UNKNOWN;
      block_status[b2] = BLOCK_STATUS_LIVE;
    }
  }

  /*
   * Fetch or create the PIN block.
   */

  err = fetch_pin_block(NULL, &block);

  if (err == HAL_OK) {
    db.wheel_pin = block->pin.wheel_pin;
    db.so_pin    = block->pin.so_pin;
    db.user_pin  = block->pin.user_pin;
  }

  else if (err != HAL_ERROR_KEY_NOT_FOUND)
    goto done;

  else {
    /*
     * We found no PIN block, so create one, with the user and so PINs
     * cleared and the wheel PIN set to the last-gasp value.  The
     * last-gasp WHEEL PIN is a terrible answer, but we need some kind
     * of bootstrapping mechanism when all else fails.  If you have a
     * better suggestion, we'd love to hear it.
     */

    unsigned b;

    memset(block, 0xFF, sizeof(*block));

    block->header.block_type   = BLOCK_TYPE_PIN;
    block->header.block_status = BLOCK_STATUS_LIVE;
    block->header.total_chunks = 1;
    block->header.this_chunk   = 0;

    block->pin.wheel_pin = db.wheel_pin = hal_last_gasp_pin;
    block->pin.so_pin    = db.so_pin;
    block->pin.user_pin  = db.user_pin;

    if ((err = hal_ks_index_add(&db.ksi, &pin_uuid, 0, &b, NULL)) != HAL_OK)
      goto done;

    cache_mark_used(block, b);

    err = block_write(b, block);

    cache_release(block);

    if (err != HAL_OK)
      goto done;
  }

  /*
   * Erase first block on free list if it's not already erased.
   */

  if (db.ksi.used < db.ksi.size &&
      (err = block_erase_maybe(db.ksi.index[db.ksi.used])) != HAL_OK)
    goto done;

  /*
   * And we're finally done.
   */

  db.ks.driver = driver;

  err = HAL_OK;

 done:
  hal_ks_unlock();
  return err;
}

static hal_error_t ks_shutdown(const hal_ks_driver_t * const driver)
{
  if (db.ks.driver != driver)
    return HAL_ERROR_KEYSTORE_ACCESS;
  return HAL_OK;
}

static hal_error_t ks_open(const hal_ks_driver_t * const driver,
                                    hal_ks_t **ks)
{
  if (driver != hal_ks_token_driver || ks == NULL)
    return HAL_ERROR_BAD_ARGUMENTS;

  *ks = &db.ks;
  return HAL_OK;
}

static hal_error_t ks_close(hal_ks_t *ks)
{
  if (ks != NULL && ks != &db.ks)
    return HAL_ERROR_BAD_ARGUMENTS;

  return HAL_OK;
}

static inline int acceptable_key_type(const hal_key_type_t type)
{
  switch (type) {
  case HAL_KEY_TYPE_RSA_PRIVATE:
  case HAL_KEY_TYPE_EC_PRIVATE:
  case HAL_KEY_TYPE_RSA_PUBLIC:
  case HAL_KEY_TYPE_EC_PUBLIC:
    return 1;
  default:
    return 0;
  }
}

static hal_error_t ks_store(hal_ks_t *ks,
                            hal_pkey_slot_t *slot,
                            const uint8_t * const der, const size_t der_len)
{
  if (ks != &db.ks || slot == NULL || der == NULL || der_len == 0 || !acceptable_key_type(slot->type))
    return HAL_ERROR_BAD_ARGUMENTS;

  hal_error_t err = HAL_OK;
  flash_block_t *block;
  flash_key_block_t *k;
  uint8_t kek[KEK_LENGTH];
  size_t kek_len;
  unsigned b;

  hal_ks_lock();

  if ((block = cache_pick_lru()) == NULL) {
    err = HAL_ERROR_IMPOSSIBLE;
    goto done;
  }

  k = &block->key;

  if ((err = hal_ks_index_add(&db.ksi, &slot->name, 0, &b, &slot->hint)) != HAL_OK)
    goto done;

  cache_mark_used(block, b);

  memset(block, 0xFF, sizeof(*block));

  block->header.block_type   = BLOCK_TYPE_KEY;
  block->header.block_status = BLOCK_STATUS_LIVE;
  block->header.total_chunks = 1;
  block->header.this_chunk   = 0;

  k->name    = slot->name;
  k->type    = slot->type;
  k->curve   = slot->curve;
  k->flags   = slot->flags;
  k->der_len = SIZEOF_FLASH_KEY_BLOCK_DER;
  k->attributes_len = 0;

  if (db.ksi.used < db.ksi.size)
    err = block_erase_maybe(db.ksi.index[db.ksi.used]);

  if (err == HAL_OK)
    err = hal_mkm_get_kek(kek, &kek_len, sizeof(kek));

  if (err == HAL_OK)
    err = hal_aes_keywrap(NULL, kek, kek_len, der, der_len, k->der, &k->der_len);

  memset(kek, 0, sizeof(kek));

  if (err == HAL_OK)
    err = block_write(b, block);

  if (err == HAL_OK)
    goto done;

  memset(block, 0, sizeof(*block));
  cache_release(block);
  (void) hal_ks_index_delete(&db.ksi, &slot->name, 0, NULL, &slot->hint);

 done:
  hal_ks_unlock();
  return err;
}

static hal_error_t ks_fetch(hal_ks_t *ks,
                            hal_pkey_slot_t *slot,
                            uint8_t *der, size_t *der_len, const size_t der_max)
{
  if (ks != &db.ks || slot == NULL)
    return HAL_ERROR_BAD_ARGUMENTS;

  hal_error_t err = HAL_OK;
  flash_block_t *block;
  unsigned b;

  hal_ks_lock();

  if ((err = hal_ks_index_find(&db.ksi, &slot->name, 0, &b, &slot->hint)) != HAL_OK ||
      (err = block_read_cached(b, &block))                                != HAL_OK)
    goto done;

  if (block_get_type(block) != BLOCK_TYPE_KEY) {
    err = HAL_ERROR_KEYSTORE_WRONG_BLOCK_TYPE; /* HAL_ERROR_KEY_NOT_FOUND */
    goto done;
  }

  cache_mark_used(block, b);

  flash_key_block_t *k = &block->key;

  slot->type  = k->type;
  slot->curve = k->curve;
  slot->flags = k->flags;

  if (der == NULL && der_len != NULL)
    *der_len = k->der_len;

  if (der != NULL) {

    uint8_t kek[KEK_LENGTH];
    size_t kek_len, der_len_;
    hal_error_t err;

    if (der_len == NULL)
      der_len = &der_len_;

    *der_len = der_max;

    if ((err = hal_mkm_get_kek(kek, &kek_len, sizeof(kek))) == HAL_OK)
      err = hal_aes_keyunwrap(NULL, kek, kek_len, k->der, k->der_len, der, der_len);

    memset(kek, 0, sizeof(kek));
  }

 done:
  hal_ks_unlock();
  return err;
}

static hal_error_t ks_delete(hal_ks_t *ks,
                             hal_pkey_slot_t *slot)
{
  if (ks != &db.ks || slot == NULL)
    return HAL_ERROR_BAD_ARGUMENTS;

  hal_error_t err = HAL_OK;
  unsigned n;

  hal_ks_lock();

  {
    /*
     * Get the count of blocks to delete.
     */

    if ((err = hal_ks_index_delete_range(&db.ksi, &slot->name, 0, &n, NULL, &slot->hint)) != HAL_OK)
      goto done;

    /*
     * Then delete them.
     */

    unsigned b[n];

    if ((err = hal_ks_index_delete_range(&db.ksi, &slot->name, n, NULL, b, &slot->hint)) != HAL_OK)
      goto done;

    for (int i = 0; i < n; i++)
      cache_release(cache_find_block(b[i]));

    /*
     * Zero the blocks, to mark them as recently used.
     */

    for (int i = 0; i < n; i++)
      if ((err = block_zero(b[i])) != HAL_OK)
        goto done;

    /*
     * Erase the first block in the free list. In case of restart, this
     * puts the block back at the head of the free list.
     */

    err = block_erase_maybe(db.ksi.index[db.ksi.used]);
  }

 done:
  hal_ks_unlock();
  return err;
}

static inline hal_error_t locate_attributes(flash_block_t *block, const unsigned chunk,
                                            uint8_t **bytes, size_t *bytes_len,
                                            unsigned **attrs_len)
{
  if (block == NULL || bytes == NULL || bytes_len == NULL || attrs_len == NULL)
    return HAL_ERROR_IMPOSSIBLE;

  if (chunk == 0) {
    if (block_get_type(block) != BLOCK_TYPE_KEY)
      return HAL_ERROR_KEYSTORE_WRONG_BLOCK_TYPE; /* HAL_ERROR_KEY_NOT_FOUND */
    *attrs_len = &block->key.attributes_len;
    *bytes = block->key.der + block->key.der_len;
    *bytes_len = SIZEOF_FLASH_KEY_BLOCK_DER - block->key.der_len;
  }

  else {
    if (block_get_type(block) != BLOCK_TYPE_ATTR)
      return HAL_ERROR_KEYSTORE_WRONG_BLOCK_TYPE; /* HAL_ERROR_KEY_NOT_FOUND */
    *attrs_len = &block->attr.attributes_len;
    *bytes = block->attr.attributes;
    *bytes_len = SIZEOF_FLASH_ATTRIBUTE_BLOCK_ATTRIBUTES;
  }

  return HAL_OK;
}

static hal_error_t ks_match(hal_ks_t *ks,
                            const hal_client_handle_t client,
                            const hal_session_handle_t session,
                            const hal_key_type_t type,
                            const hal_curve_name_t curve,
                            const hal_key_flags_t mask,
                            const hal_key_flags_t flags,
                            const hal_pkey_attribute_t *attributes,
                            const unsigned attributes_len,
                            hal_uuid_t *result,
                            unsigned *result_len,
                            const unsigned result_max,
                            const hal_uuid_t * const previous_uuid)
{
  if (ks == NULL || (attributes == NULL && attributes_len > 0) ||
      result == NULL || result_len == NULL || previous_uuid == NULL)
    return HAL_ERROR_BAD_ARGUMENTS;

  uint8_t need_attr[attributes_len > 0 ? attributes_len : 1];
  hal_error_t err = HAL_OK;
  flash_block_t *block;
  int possible = 0;
  int i = -1;

  hal_ks_lock();

  *result_len = 0;

  err = hal_ks_index_find(&db.ksi, previous_uuid, 0, NULL, &i);

  if (err == HAL_ERROR_KEY_NOT_FOUND)
    i--;
  else if (err != HAL_OK)
    goto done;

  while (*result_len < result_max && ++i < db.ksi.used) {

    unsigned b = db.ksi.index[i];

    if (db.ksi.names[b].chunk == 0)
      possible = 1;

    if (!possible)
      continue;

    if ((err = block_read_cached(b, &block)) != HAL_OK)
      goto done;

    if (db.ksi.names[b].chunk == 0) {
      memset(need_attr, 1, sizeof(need_attr));
      possible = ((type == HAL_KEY_TYPE_NONE || type  == block->key.type) &&
                  (curve == HAL_CURVE_NONE   || curve == block->key.curve) &&
                  ((flags ^ block->key.flags) & mask) == 0);
    }

    if (!possible)
      continue;

    if (attributes_len > 0) {
      uint8_t *bytes = NULL;
      size_t bytes_len = 0;
      unsigned *attrs_len;

      if ((err = locate_attributes(block, db.ksi.names[b].chunk,
                                   &bytes, &bytes_len, &attrs_len)) != HAL_OK)
        goto done;

      if (*attrs_len > 0) {
        hal_pkey_attribute_t attrs[*attrs_len];

        if ((err = hal_ks_attribute_scan(bytes, bytes_len, attrs, *attrs_len, NULL)) != HAL_OK)
          goto done;

        for (int j = 0; possible && j < attributes_len; j++) {

          if (!need_attr[j])
            continue;

          for (hal_pkey_attribute_t *a = attrs; a < attrs + *attrs_len; a++) {
            if (a->type != attributes[j].type)
              continue;
            need_attr[j] = 0;
            possible = (a->length == attributes[j].length &&
                        !memcmp(a->value, attributes[j].value, a->length));
            break;
          }
        }
      }
    }

    if (!possible)
      continue;

    if (attributes_len > 0 && memchr(need_attr, 1, sizeof(need_attr)) != NULL)
      continue;

    result[*result_len] = db.ksi.names[b].name;
    ++*result_len;
    possible = 0;
  }

  err = HAL_OK;

 done:
  hal_ks_unlock();
  return err;
}

/*
 * This controls whether we include a separate code path for the
 * common case where we can handle attribute setting via a single
 * block update.  It's a lot simpler when it works, but it's yet
 * another code path, and enabling it leaves the slower full-blown
 * algorithm less tested.
 */

#ifndef KS_SET_ATTRIBUTES_SINGLE_BLOCK_UPDATE_FAST_PATH
#define KS_SET_ATTRIBUTES_SINGLE_BLOCK_UPDATE_FAST_PATH 0
#endif

/*
 * ks_set_attributes() is much too long.  Probably needs to be broken
 * up into a collection of inline functions, even if most of them end
 * up being called exactly once.
 */

static  hal_error_t ks_set_attributes(hal_ks_t *ks,
                                      hal_pkey_slot_t *slot,
                                      const hal_pkey_attribute_t *attributes,
                                      const unsigned attributes_len)
{
  if (ks != &db.ks || slot == NULL || attributes == NULL || attributes_len == 0)
    return HAL_ERROR_BAD_ARGUMENTS;

  /*
   * Perform initial scan of the object to figure out the total
   * attribute count and a few other parameters.
   *
   * If enabled, try to do everything as as a single-block update.  If
   * single block update fails, we MUST clear the modified block from
   * the cache before doing anything else.
   */

  unsigned updated_attributes_len = attributes_len;
  hal_error_t err = HAL_OK;
  flash_block_t *block;
  unsigned chunk = 0;
  unsigned b;

  hal_ks_lock();

  {

    do {
      int hint = slot->hint + chunk;

      if ((err = hal_ks_index_find(&db.ksi, &slot->name, chunk, &b, &hint)) != HAL_OK ||
          (err = block_read_cached(b, &block))                              != HAL_OK)
        goto done;

      if (block->header.this_chunk != chunk) {
        err = HAL_ERROR_IMPOSSIBLE;
        goto done;
      }

      cache_mark_used(block, b);

      if (chunk == 0)
        slot->hint = hint;

      uint8_t *bytes = NULL;
      size_t bytes_len = 0;
      unsigned *attrs_len;

      if ((err = locate_attributes(block, chunk, &bytes, &bytes_len, &attrs_len)) != HAL_OK)
        goto done;

      updated_attributes_len += *attrs_len;

#if KS_SET_ATTRIBUTES_SINGLE_BLOCK_UPDATE_FAST_PATH

      hal_pkey_attribute_t attrs[*attrs_len + attributes_len];
      size_t total;

      if ((err = hal_ks_attribute_scan(bytes, bytes_len, attrs, *attrs_len, &total)) != HAL_OK)
        goto done;

      for (int i = 0; err == HAL_OK && i < attributes_len; i++)
        if (attributes[i].length == HAL_PKEY_ATTRIBUTE_NIL)
          err = hal_ks_attribute_delete(bytes, bytes_len, attrs, attrs_len, &total,
                                        attributes[i].type);
        else
          err = hal_ks_attribute_insert(bytes, bytes_len, attrs, attrs_len, &total,
                                        attributes[i].type,
                                        attributes[i].value,
                                        attributes[i].length);

      if (err != HAL_OK)
        cache_release(block);

      if (err == HAL_ERROR_RESULT_TOO_LONG)
        continue;

      if (err == HAL_OK)
        err = block_update(b, block, &slot->name, chunk, &hint);

      goto done;

#endif /* KS_SET_ATTRIBUTES_SINGLE_BLOCK_UPDATE_FAST_PATH */

    } while (++chunk < block->header.total_chunks);

    /*
     * If we get here, we're on the slow path, which requires rewriting
     * all the chunks in this object but which can also add or remove
     * chunks from this object.  We need to keep track of all the old
     * chunks so we can zero them at the end, and because we can't zero
     * them until we've written out the new chunks, we need enough free
     * blocks to hold all the new chunks.
     *
     * Calculating all of this is extremely tedious, but flash writes
     * are so much more expensive than anything else we do here that
     * it's almost certainly worth it.
     *
     * We don't need the attribute values to compute the sizes, just the
     * attribute sizes, so we scan all the existing blocks, build up a
     * structure with the current attribute types and sizes, modify that
     * according to our arguments, and compute the needed size.  Once we
     * have that, we can start rewriting existing blocks.  We put all
     * the new stuff at the end, which simplifies this slightly.
     *
     * In theory, this process never requires us to have more than two
     * blocks in memory at the same time (source and destination when
     * copying across chunk boundaries), but having enough cache buffers
     * to keep the whole set in memory will almost certainly make this
     * run faster.
     */

    hal_pkey_attribute_t updated_attributes[updated_attributes_len];
    const unsigned total_chunks_old = block->header.total_chunks;
    size_t bytes_available = 0;

    updated_attributes_len = 0;

    /*
     * Phase 0.1: Walk the old chunks to populate updated_attributes[].
     * This also initializes bytes_available, since we can only get that
     * by reading old chunk zero.
     */

    for (chunk = 0; chunk < total_chunks_old; chunk++) {
      int hint = slot->hint + chunk;

      if ((err = hal_ks_index_find(&db.ksi, &slot->name, chunk, &b, &hint)) != HAL_OK ||
          (err = block_read_cached(b, &block))                              != HAL_OK)
        goto done;

      if (block->header.this_chunk != chunk) {
        err = HAL_ERROR_IMPOSSIBLE;
        goto done;
      }

      cache_mark_used(block, b);

      uint8_t *bytes = NULL;
      size_t bytes_len = 0;
      unsigned *attrs_len;

      if ((err = locate_attributes(block, chunk, &bytes, &bytes_len, &attrs_len)) != HAL_OK)
        goto done;

      hal_pkey_attribute_t attrs[*attrs_len];
      size_t total;

      if ((err = hal_ks_attribute_scan(bytes, bytes_len, attrs, *attrs_len, &total)) != HAL_OK)
        goto done;

      if (chunk == 0)
        bytes_available = bytes_len;

      for (int i = 0; i < *attrs_len; i++) {

        if (updated_attributes_len >= sizeof(updated_attributes)/sizeof(*updated_attributes)) {
          err = HAL_ERROR_IMPOSSIBLE;
          goto done;
        }

        updated_attributes[updated_attributes_len].type   = attrs[i].type;
        updated_attributes[updated_attributes_len].length = attrs[i].length;
        updated_attributes[updated_attributes_len].value  = NULL;
        updated_attributes_len++;
      }
    }

    /*
     * Phase 0.2: Merge new attributes into updated_attributes[].
     * For each new attribute type, mark any existing attributes of that
     * type for deletion. Append new attributes to updated_attributes[].
     */

    for (int i = 0; i < attributes_len; i++) {

      for (int j = 0; j < updated_attributes_len; j++)
        if (updated_attributes[j].type == attributes[i].type)
          updated_attributes[j].length = HAL_PKEY_ATTRIBUTE_NIL;

      if (updated_attributes_len >= sizeof(updated_attributes)/sizeof(*updated_attributes)) {
        err = HAL_ERROR_IMPOSSIBLE;
        goto done;
      }

      updated_attributes[updated_attributes_len].type   = attributes[i].type;
      updated_attributes[updated_attributes_len].length = attributes[i].length;
      updated_attributes[updated_attributes_len].value  = attributes[i].value;
      updated_attributes_len++;
    }

    /*
     * Phase 0.3: Prune trailing deletion actions: we don't need them to
     * maintain synchronization with existing attributes, and doing so
     * simplifies logic for updating the final new chunk.
     */

    while (updated_attributes_len > 0 &&
           updated_attributes[updated_attributes_len - 1].length == HAL_PKEY_ATTRIBUTE_NIL)
      --updated_attributes_len;

    /*
     * Phase 0.4: Figure out how many chunks all this will occupy.
     */

    chunk = 0;

    for (int i = 0; i < updated_attributes_len; i++) {

      if (updated_attributes[i].length == HAL_PKEY_ATTRIBUTE_NIL)
        continue;

      const size_t needed = hal_ks_attribute_header_size + updated_attributes[i].length;

      if (needed > bytes_available) {
        bytes_available = SIZEOF_FLASH_ATTRIBUTE_BLOCK_ATTRIBUTES;
        chunk++;
      }

      if (needed > bytes_available) {
        err = HAL_ERROR_RESULT_TOO_LONG;
        goto done;
      }

      bytes_available -= needed;
    }

    const unsigned total_chunks_new = chunk + 1;

    /*
     * If there aren't enough free blocks, give up now, before changing anything.
     */

    if (db.ksi.used + total_chunks_new > db.ksi.size) {
      err = HAL_ERROR_NO_KEY_INDEX_SLOTS;
      goto done;
    }

    /*
     * Phase 1: Deprecate all the old chunks, remember where they were.
     */

    unsigned old_blocks[total_chunks_old];

    for (chunk = 0; chunk < total_chunks_old; chunk++) {
      int hint = slot->hint + chunk;
      if ((err = hal_ks_index_find(&db.ksi, &slot->name, chunk, &b, &hint)) != HAL_OK ||
          (err = block_deprecate(b))                                        != HAL_OK)
        goto done;
      old_blocks[chunk] = b;
    }

    /*
     * Phase 2: Write new chunks, copying attributes from old chunks or
     * from attributes[], as needed.
     */

    {
      hal_pkey_attribute_t old_attrs[updated_attributes_len], new_attrs[updated_attributes_len];
      unsigned                *old_attrs_len = NULL,             *new_attrs_len = NULL;
      flash_block_t           *old_block     = NULL,             *new_block     = NULL;
      uint8_t                 *old_bytes     = NULL,             *new_bytes     = NULL;
      size_t                   old_bytes_len = 0,                 new_bytes_len = 0;
      unsigned                 old_chunk     = 0,                 new_chunk     = 0;
      size_t                   old_total     = 0,                 new_total     = 0;

      int updated_attributes_i = 0, old_attrs_i = 0;

      uint32_t       new_attr_type;
      size_t         new_attr_length;
      const uint8_t *new_attr_value;

      while (updated_attributes_i < updated_attributes_len) {

        if (old_chunk >= total_chunks_old || new_chunk >= total_chunks_new) {
          err = HAL_ERROR_IMPOSSIBLE;
          goto done;
        }

        /*
         * If we've gotten as far as new data that comes from
         * attributes[], we have it in hand and can just copy it.
         */

        if (updated_attributes_len - updated_attributes_i <= attributes_len) {
          new_attr_type   = updated_attributes[updated_attributes_i].type;
          new_attr_length = updated_attributes[updated_attributes_i].length;
          new_attr_value  = updated_attributes[updated_attributes_i].value;
        }

        /*
         * Otherwise, we have to read it from an old block, which may in
         * turn require reading in the next old block.
         */

        else {

          if (old_block == NULL) {

            if ((err = block_read_cached(old_blocks[old_chunk], &old_block)) != HAL_OK)
              goto done;

            if (old_block->header.this_chunk != old_chunk) {
              err = HAL_ERROR_IMPOSSIBLE;
              goto done;
            }

            if ((err = locate_attributes(old_block, old_chunk,
                                         &old_bytes, &old_bytes_len, &old_attrs_len)) != HAL_OK ||
                (err = hal_ks_attribute_scan(old_bytes, old_bytes_len,
                                             old_attrs, *old_attrs_len, &old_total))  != HAL_OK)
              goto done;

            old_attrs_i = 0;
          }

          if (old_attrs_i >= *old_attrs_len) {
            old_chunk++;
            old_block = NULL;
            continue;
          }

          new_attr_type   = old_attrs[old_attrs_i].type;
          new_attr_length = old_attrs[old_attrs_i].length;
          new_attr_value  = old_attrs[old_attrs_i].value;

          if (new_attr_type != updated_attributes[updated_attributes_i].type) {
            err = HAL_ERROR_IMPOSSIBLE;
            goto done;
          }

          old_attrs_i++;
        }

        /*
         * Unless this is a deletion, we should have something to write.
         */

        if (new_attr_length != HAL_PKEY_ATTRIBUTE_NIL && new_attr_value == NULL) {
          err = HAL_ERROR_IMPOSSIBLE;
          goto done;
        }

        /*
         * Initialize the new block if necessary.  If it's the new chunk
         * zero, we need to copy all the non-attribute data from the old
         * chunk zero; otherwise, it's a new empty attribute block.
         */

        if (new_block == NULL) {

          new_block = cache_pick_lru();
          memset(new_block, 0xFF, sizeof(*new_block));

          if (new_chunk == 0) {
            flash_block_t *tmp_block;
            if ((err = block_read_cached(old_blocks[0], &tmp_block)) != HAL_OK)
              goto done;
            if (tmp_block->header.this_chunk != 0) {
              err = HAL_ERROR_IMPOSSIBLE;
              goto done;
            }
            new_block->header.block_type   = BLOCK_TYPE_KEY;
            new_block->key.name            = slot->name;
            new_block->key.type            = tmp_block->key.type;
            new_block->key.curve           = tmp_block->key.curve;
            new_block->key.flags           = tmp_block->key.flags;
            new_block->key.der_len         = tmp_block->key.der_len;
            new_block->key.attributes_len  = 0;
            memcpy(new_block->key.der, tmp_block->key.der, tmp_block->key.der_len);
          }
          else {
            new_block->header.block_type   = BLOCK_TYPE_ATTR;
            new_block->attr.name           = slot->name;
            new_block->attr.attributes_len = 0;
          }

          new_block->header.block_status = BLOCK_STATUS_LIVE;
          new_block->header.total_chunks = total_chunks_new;
          new_block->header.this_chunk   = new_chunk;

          if ((err = locate_attributes(new_block, new_chunk,
                                       &new_bytes, &new_bytes_len, &new_attrs_len)) != HAL_OK)
            goto done;

          new_total = 0;
        }

        /*
         * After all that setup, we finally get to write the frelling attribute.
         */

        if (new_attr_length != HAL_PKEY_ATTRIBUTE_NIL)
          err = hal_ks_attribute_insert(new_bytes, new_bytes_len, new_attrs, new_attrs_len, &new_total,
                                        new_attr_type, new_attr_value, new_attr_length);

        /*
         * Figure out what to do next: immediately loop for next
         * attribute, write current block, or bail out.
         */

        switch (err) {
        case HAL_OK:
          if (++updated_attributes_i < updated_attributes_len)
            continue;
          break;
        case HAL_ERROR_RESULT_TOO_LONG:
          if (new_chunk > 0 && new_attrs_len == 0)
            goto done;
          break;
        default:
          goto done;
        }

        /*
         * If we get here, either the current new block is full or we
         * finished the last block, so we need to write it out.
         */

        int hint = slot->hint + new_chunk;

        if (new_chunk < total_chunks_old)
          err = hal_ks_index_replace(&db.ksi, &slot->name, new_chunk, &b, &hint);
        else
          err = hal_ks_index_add(    &db.ksi, &slot->name, new_chunk, &b, &hint);

        if (err != HAL_OK || (err = block_write(b, new_block)) != HAL_OK)
          goto done;

        cache_mark_used(new_block, b);

        new_block = NULL;
        new_chunk++;
      }

      /*
       * If number of blocks shrank, we need to clear trailing entries from the index.
       */

      for (old_chunk = total_chunks_new; old_chunk < total_chunks_old; old_chunk++) {
        int hint = slot->hint + old_chunk;

        err = hal_ks_index_delete(&db.ksi, &slot->name, old_chunk, NULL, &hint);

        if (err != HAL_OK)
          goto done;
      }

    }

    /*
     * Phase 3: Zero the old chunks we deprecated in phase 1.
     */

    for (chunk = 0; chunk < total_chunks_old; chunk++)
      if ((err = block_zero(old_blocks[chunk])) != HAL_OK)
        goto done;

    err = HAL_OK;

  }

 done:
  hal_ks_unlock();
  return err;

#warning What happens if something goes wrong partway through this awful mess?
  // We're left in a state with all the old blocks deprecated and
  // (maybe) some of the new blocks current, need to clean that up.
  // Would be nice if we could just reuse the keystore initialization
  // code, but don't quite see how (yet?).
}

static  hal_error_t ks_get_attributes(hal_ks_t *ks,
                                      hal_pkey_slot_t *slot,
                                      hal_pkey_attribute_t *attributes,
                                      const unsigned attributes_len,
                                      uint8_t *attributes_buffer,
                                      const size_t attributes_buffer_len)
{
  if (ks != &db.ks || slot == NULL || attributes == NULL || attributes_len == 0 ||
      attributes_buffer == NULL)
    return HAL_ERROR_BAD_ARGUMENTS;

  for (int i = 0; i < attributes_len; i++) {
    attributes[i].length = 0;
    attributes[i].value  = NULL;
  }

  uint8_t *abuf = attributes_buffer;
  flash_block_t *block = NULL;
  unsigned chunk = 0;
  unsigned found = 0;
  hal_error_t err = HAL_OK;
  unsigned b;

  hal_ks_lock();

  do {
    int hint = slot->hint + chunk;

    if ((err = hal_ks_index_find(&db.ksi, &slot->name, chunk, &b, &hint)) != HAL_OK ||
        (err = block_read_cached(b, &block))                              != HAL_OK)
      goto done;

    if (block->header.this_chunk != chunk) {
      err = HAL_ERROR_IMPOSSIBLE;
      goto done;
    }

    if (chunk == 0)
      slot->hint = hint;

    cache_mark_used(block, b);

    uint8_t *bytes = NULL;
    size_t bytes_len = 0;
    unsigned *attrs_len;

    if ((err = locate_attributes(block, chunk, &bytes, &bytes_len, &attrs_len)) != HAL_OK)
      goto done;

    if (*attrs_len == 0)
      continue;

    hal_pkey_attribute_t attrs[*attrs_len];

    if ((err = hal_ks_attribute_scan(bytes, bytes_len, attrs, *attrs_len, NULL)) != HAL_OK)
      goto done;

    for (int i = 0; i < attributes_len; i++) {

      if (attributes[i].length > 0)
        continue;

      int j = 0;
      while (j < *attrs_len && attrs[j].type != attributes[i].type)
        j++;
      if (j >= *attrs_len)
        continue;
      found++;

      attributes[i].length = attrs[j].length;

      if (attributes_buffer_len == 0)
        continue;

      if (attrs[j].length > attributes_buffer + attributes_buffer_len - abuf) {
        err = HAL_ERROR_RESULT_TOO_LONG;
        goto done;
      }

      memcpy(abuf, attrs[j].value, attrs[j].length);
      attributes[i].value  = abuf;
      abuf += attrs[j].length;
    }

  } while (found < attributes_len && ++chunk < block->header.total_chunks);

  if (found < attributes_len && attributes_buffer_len > 0)
    err = HAL_ERROR_ATTRIBUTE_NOT_FOUND;
  else
    err = HAL_OK;

 done:
  hal_ks_unlock();
  return err;
}

const hal_ks_driver_t hal_ks_token_driver[1] = {{
  .init                 = ks_init,
  .shutdown             = ks_shutdown,
  .open                 = ks_open,
  .close                = ks_close,
  .store                = ks_store,
  .fetch                = ks_fetch,
  .delete               = ks_delete,
  .match                = ks_match,
  .set_attributes       = ks_set_attributes,
  .get_attributes       = ks_get_attributes
}};

/*
 * The remaining functions aren't really part of the keystore API per se,
 * but they all involve non-key data which we keep in the keystore
 * because it's the flash we've got.
 */

/*
 * Special bonus init routine used only by the bootloader, so that it
 * can read PINs set by the main firmware.  Yes, this is a kludge.  We
 * could of course call the real ks_init() routine instead, but it's
 * slow, and we don't want to allow anything that would modify the
 * flash here, so having a special entry point for this kludge is
 * simplest, overall.  Sigh.
 */

void hal_ks_init_read_only_pins_only(void)
{
  unsigned b, best_seen = ~0;
  flash_block_t block[1];

  hal_ks_lock();

  for (b = 0; b < NUM_FLASH_BLOCKS; b++) {
    if (block_read(b, block) != HAL_OK || block_get_type(block) != BLOCK_TYPE_PIN)
      continue;
    best_seen = b;
    if (block_get_status(block) == BLOCK_STATUS_LIVE)
      break;
  }

  if (b != best_seen && best_seen != ~0 && block_read(best_seen, block) != HAL_OK)
    best_seen = ~0;

  if (best_seen == ~0) {
    memset(block, 0xFF, sizeof(*block));
    block->pin.wheel_pin = hal_last_gasp_pin;
  }

  db.wheel_pin = block->pin.wheel_pin;
  db.so_pin    = block->pin.so_pin;
  db.user_pin  = block->pin.user_pin;

  hal_ks_unlock();
}

/*
 * Fetch PIN.  This is always cached, so just returned cached value.
 */

hal_error_t hal_get_pin(const hal_user_t user,
                        const hal_ks_pin_t **pin)
{
  if (pin == NULL)
    return HAL_ERROR_BAD_ARGUMENTS;

  hal_error_t err = HAL_OK;

  hal_ks_lock();

  switch (user) {
  case HAL_USER_WHEEL:  *pin = &db.wheel_pin;  break;
  case HAL_USER_SO:     *pin = &db.so_pin;     break;
  case HAL_USER_NORMAL: *pin = &db.user_pin;   break;
  default:               err = HAL_ERROR_BAD_ARGUMENTS;
  }

  hal_ks_unlock();

  return err;
}

/*
 * Fetch PIN block.  hint = 0 because we know that the all-zeros UUID
 * should always sort to first slot in the index.
 */

static hal_error_t fetch_pin_block(unsigned *b, flash_block_t **block)
{
  if (block == NULL)
    return HAL_ERROR_IMPOSSIBLE;

  hal_error_t err;
  int hint = 0;
  unsigned b_;

  if (b == NULL)
    b = &b_;

  if ((err = hal_ks_index_find(&db.ksi, &pin_uuid, 0, b, &hint)) != HAL_OK ||
      (err = block_read_cached(*b, block))                       != HAL_OK)
    return err;

  cache_mark_used(*block, *b);

  if (block_get_type(*block) != BLOCK_TYPE_PIN)
    return HAL_ERROR_IMPOSSIBLE;

  return HAL_OK;
}

/*
 * Update the PIN block.  This block should always be present, but we
 * have to do the zombie jamboree to make sure we write the new PIN
 * block before destroying the old one.  hint = 0 because we know that
 * the all-zeros UUID should always sort to first slot in the index.
 */

static hal_error_t update_pin_block(const unsigned b,
                                    flash_block_t *block,
                                    const flash_pin_block_t * const new_data)
{
  if (block == NULL || new_data == NULL || block_get_type(block) != BLOCK_TYPE_PIN)
    return HAL_ERROR_IMPOSSIBLE;

  int hint = 0;

  block->pin = *new_data;

  return block_update(b, block, &pin_uuid, 0, &hint);
}

/*
 * Change a PIN.
 */

hal_error_t hal_set_pin(const hal_user_t user,
                        const hal_ks_pin_t * const pin)
{
  if (pin == NULL)
    return HAL_ERROR_BAD_ARGUMENTS;

  flash_block_t *block;
  hal_error_t err;
  unsigned b;

  hal_ks_lock();

  if ((err = fetch_pin_block(&b, &block)) != HAL_OK)
    goto done;

  flash_pin_block_t new_data = block->pin;
  hal_ks_pin_t *dp, *bp;

  switch (user) {
  case HAL_USER_WHEEL:  bp = &new_data.wheel_pin; dp = &db.wheel_pin; break;
  case HAL_USER_SO:     bp = &new_data.so_pin;    dp = &db.so_pin;    break;
  case HAL_USER_NORMAL: bp = &new_data.user_pin;  dp = &db.user_pin;  break;
  default:              err = HAL_ERROR_BAD_ARGUMENTS;  goto done;
  }

  const hal_ks_pin_t old_pin = *dp;
  *dp = *bp = *pin;

  if ((err = update_pin_block(b, block, &new_data)) != HAL_OK)
    *dp = old_pin;

 done:
  hal_ks_unlock();
  return err;
}

#if HAL_MKM_FLASH_BACKUP_KLUDGE

/*
 * Horrible insecure kludge in lieu of a battery for the MKM.
 *
 * API here is a little strange: all calls pass a length parameter,
 * but any length other than the compiled in constant just returns an
 * immediate error, there's no notion of buffer max length vs buffer
 * used length, querying for the size of buffer really needed, or
 * anything like that.
 *
 * We might want to rewrite this some day, if we don't replace it with
 * a battery first.  For now we just preserve the API as we found it
 * while re-implementing it on top of the new keystore.
 */

hal_error_t hal_mkm_flash_read_no_lock(uint8_t *buf, const size_t len)
{
  if (buf != NULL && len != KEK_LENGTH)
    return HAL_ERROR_MASTERKEY_BAD_LENGTH;

  flash_block_t *block;
  hal_error_t err;
  unsigned b;

  if ((err = fetch_pin_block(&b, &block)) != HAL_OK)
    return err;

  if (block->pin.kek_set != FLASH_KEK_SET)
    return HAL_ERROR_MASTERKEY_NOT_SET;

  if (buf != NULL)
    memcpy(buf, block->pin.kek, len);

  return HAL_OK;
}

hal_error_t hal_mkm_flash_read(uint8_t *buf, const size_t len)
{
  hal_ks_lock();
  const hal_error_t err = hal_mkm_flash_read_no_lock(buf, len);
  hal_ks_unlock();
  return err;
}

hal_error_t hal_mkm_flash_write(const uint8_t * const buf, const size_t len)
{
  if (buf == NULL)
    return HAL_ERROR_BAD_ARGUMENTS;

  if (len != KEK_LENGTH)
    return HAL_ERROR_MASTERKEY_BAD_LENGTH;

  flash_block_t *block;
  hal_error_t err;
  unsigned b;

  hal_ks_lock();

  if ((err = fetch_pin_block(&b, &block)) != HAL_OK)
    goto done;

  flash_pin_block_t new_data = block->pin;

  new_data.kek_set = FLASH_KEK_SET;
  memcpy(new_data.kek, buf, len);

  err = update_pin_block(b, block, &new_data);

 done:
  hal_ks_unlock();
  return err;
}

hal_error_t hal_mkm_flash_erase(const size_t len)
{
  if (len != KEK_LENGTH)
    return HAL_ERROR_MASTERKEY_BAD_LENGTH;

  flash_block_t *block;
  hal_error_t err;
  unsigned b;

  hal_ks_lock();

  if ((err = fetch_pin_block(&b, &block)) != HAL_OK)
    goto done;

  flash_pin_block_t new_data = block->pin;

  new_data.kek_set = FLASH_KEK_SET;
  memset(new_data.kek, 0, len);

  err = update_pin_block(b, block, &new_data);

 done:
  hal_ks_unlock();
  return err;
}

#endif /* HAL_MKM_FLASH_BACKUP_KLUDGE */


/*
 * Local variables:
 * indent-tabs-mode: nil
 * End:
 */
t;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400

Revised keystore API, part one.  Not usable yet.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=c2b116a5e46ed89bf1426def0c447d2e46cc9474'>c2b116a</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>












</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400

Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=0690aa3d48966a4b151a468fd3a0a65bb99de439'>0690aa3</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400

Revised keystore API, part one.  Not usable yet.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=c2b116a5e46ed89bf1426def0c447d2e46cc9474'>c2b116a</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>



</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400

Revised keystore API, part one.  Not usable yet.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=c2b116a5e46ed89bf1426def0c447d2e46cc9474'>c2b116a</a></span>


</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-24 17:57:35 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-24 17:57:35 -0400

Flesh out key object access control.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=41bc63d2ee629610de41c793e1eb00e1571d38d4'>41bc63d</a></span>


</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400

Revised keystore API, part one.  Not usable yet.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=c2b116a5e46ed89bf1426def0c447d2e46cc9474'>c2b116a</a></span>




</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>

</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-14 12:01:37 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-14 12:01:37 -0400

Trailing whitespace cleanup.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=b1225c11f89dad1a749b6572e50e5e5fce5234e8'>b1225c1</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>







</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400

Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=0690aa3d48966a4b151a468fd3a0a65bb99de439'>0690aa3</a></span>

</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>



</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400

Revised keystore API, part one.  Not usable yet.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=c2b116a5e46ed89bf1426def0c447d2e46cc9474'>c2b116a</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>









</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-11-01 19:47:50 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-11-01 19:47:50 -0400

Add hal_rpc_pkey_get_key_curve().' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=d844d764a4f0614bf378331b007467de288f74eb'>d844d76</a></span>



















</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>


</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400

Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=0690aa3d48966a4b151a468fd3a0a65bb99de439'>0690aa3</a></span>

</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>



</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400

Revised keystore API, part one.  Not usable yet.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=c2b116a5e46ed89bf1426def0c447d2e46cc9474'>c2b116a</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>












</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400

Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=0690aa3d48966a4b151a468fd3a0a65bb99de439'>0690aa3</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400

Revised keystore API, part one.  Not usable yet.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=c2b116a5e46ed89bf1426def0c447d2e46cc9474'>c2b116a</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-22 18:55:11 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-22 18:55:11 -0500

Add ASN.1 support for public keys (X.509 SubjectPublicKeyInfo format).' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=17da006ef0dcb18bf8da6ab6b90446c43a10c790'>17da006</a></span>










</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400

Revised keystore API, part one.  Not usable yet.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=c2b116a5e46ed89bf1426def0c447d2e46cc9474'>c2b116a</a></span>

</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-22 18:55:11 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-22 18:55:11 -0500

Add ASN.1 support for public keys (X.509 SubjectPublicKeyInfo format).' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=17da006ef0dcb18bf8da6ab6b90446c43a10c790'>17da006</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400

Revised keystore API, part one.  Not usable yet.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=c2b116a5e46ed89bf1426def0c447d2e46cc9474'>c2b116a</a></span>






</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-22 18:55:11 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-22 18:55:11 -0500

Add ASN.1 support for public keys (X.509 SubjectPublicKeyInfo format).' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=17da006ef0dcb18bf8da6ab6b90446c43a10c790'>17da006</a></span>

























</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>





</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400

Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=0690aa3d48966a4b151a468fd3a0a65bb99de439'>0690aa3</a></span>

</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400

Revised keystore API, part one.  Not usable yet.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=c2b116a5e46ed89bf1426def0c447d2e46cc9474'>c2b116a</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-22 18:55:11 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-22 18:55:11 -0500

Add ASN.1 support for public keys (X.509 SubjectPublicKeyInfo format).' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=17da006ef0dcb18bf8da6ab6b90446c43a10c790'>17da006</a></span>








</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400

Revised keystore API, part one.  Not usable yet.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=c2b116a5e46ed89bf1426def0c447d2e46cc9474'>c2b116a</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-22 18:55:11 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-22 18:55:11 -0500

Add ASN.1 support for public keys (X.509 SubjectPublicKeyInfo format).' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=17da006ef0dcb18bf8da6ab6b90446c43a10c790'>17da006</a></span>

</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400

Revised keystore API, part one.  Not usable yet.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=c2b116a5e46ed89bf1426def0c447d2e46cc9474'>c2b116a</a></span>






</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-22 18:55:11 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-22 18:55:11 -0500

Add ASN.1 support for public keys (X.509 SubjectPublicKeyInfo format).' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=17da006ef0dcb18bf8da6ab6b90446c43a10c790'>17da006</a></span>































</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>








</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400

Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=0690aa3d48966a4b151a468fd3a0a65bb99de439'>0690aa3</a></span>




</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>




</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-12 09:50:33 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-12 09:50:33 -0400

Add hal_digest_algorithm_none; tweak handling of none handles.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=e95df39ced0199cf654e4fb276c543ec5fe6308a'>e95df39</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-21 16:22:20 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-21 16:22:20 -0500

Fix names of private key DER functions.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=36f9b6627d41f72af38be1d819f37c20a11f43c5'>36f9b66</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>





</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-26 21:03:56 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-26 21:03:56 -0400

Fix pure-remote-mode hal_rpc_pkey_{sign,verify}().' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=1c2e11cde5020e577040d1f18ac07db26dc97210'>1c2e11c</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 19:03:05 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 19:03:05 -0400

Move in-memory keystore from client to server.  Whack with club until compiles.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=65e8ef470b34a9c7af92f377da297095a0251890'>65e8ef4</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>










</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400

Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=0690aa3d48966a4b151a468fd3a0a65bb99de439'>0690aa3</a></span>




</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>




</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-12 09:50:33 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-12 09:50:33 -0400

Add hal_digest_algorithm_none; tweak handling of none handles.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=e95df39ced0199cf654e4fb276c543ec5fe6308a'>e95df39</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-21 16:22:20 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-21 16:22:20 -0500

Fix names of private key DER functions.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=36f9b6627d41f72af38be1d819f37c20a11f43c5'>36f9b66</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>

</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-26 21:03:56 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-26 21:03:56 -0400

Fix pure-remote-mode hal_rpc_pkey_{sign,verify}().' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=1c2e11cde5020e577040d1f18ac07db26dc97210'>1c2e11c</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>





</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-16 23:16:58 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-16 23:16:58 -0400

Fix inverted length check.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=c7a7c9a5913c56e4d555f8c1bb2b97a3068a8aae'>c7a7c9a</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>







</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 19:08:58 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 19:08:58 -0500

Drop support for the ASN.1-based ECDSA signature format in favor of' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=e3f62b04be54fda0fddc7d9ee5e09441d1651c21'>e3f62b0</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>




</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-07 20:23:45 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-07 20:23:45 -0400

Fix session handle arguments in RPC calls.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=45061e2df746f597195b80376fc405b4538b5420'>45061e2</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400

Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=0690aa3d48966a4b151a468fd3a0a65bb99de439'>0690aa3</a></span>


</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400

Revised keystore API, part one.  Not usable yet.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=c2b116a5e46ed89bf1426def0c447d2e46cc9474'>c2b116a</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>





</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-24 01:16:10 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-24 01:16:10 -0500

More work on PIN/login/logout code.  Access control still missing,' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=7dfad9f2b40f32fb2f2d38c4637ae9faad4228d9'>7dfad9f</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>




</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400

Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=0690aa3d48966a4b151a468fd3a0a65bb99de439'>0690aa3</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>

</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400

Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=0690aa3d48966a4b151a468fd3a0a65bb99de439'>0690aa3</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>







</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400

Revised keystore API, part one.  Not usable yet.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=c2b116a5e46ed89bf1426def0c447d2e46cc9474'>c2b116a</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>

</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400

Revised keystore API, part one.  Not usable yet.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=c2b116a5e46ed89bf1426def0c447d2e46cc9474'>c2b116a</a></span>




</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>










</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-03-11 19:24:00 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-03-11 19:24:00 -0500

First round of debugging based on RPC pkey tests: mostly ASN.1' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=7e4d5d73cf1fdcbee10a06a307529955ad17919e'>7e4d5d7</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>




</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400

Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=0690aa3d48966a4b151a468fd3a0a65bb99de439'>0690aa3</a></span>




</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-16 20:49:17 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-16 20:49:17 -0400

Round buffer size up to word boundary when verifying RSA signatures.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=87d20a89611e4a4367fc9ca87a817bb431c2a304'>87d20a8</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>



</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-12 09:50:33 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-12 09:50:33 -0400

Add hal_digest_algorithm_none; tweak handling of none handles.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=e95df39ced0199cf654e4fb276c543ec5fe6308a'>e95df39</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-03-11 19:24:00 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-03-11 19:24:00 -0500

First round of debugging based on RPC pkey tests: mostly ASN.1' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=7e4d5d73cf1fdcbee10a06a307529955ad17919e'>7e4d5d7</a></span>











</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>

</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-26 21:03:56 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-26 21:03:56 -0400

Fix pure-remote-mode hal_rpc_pkey_{sign,verify}().' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=1c2e11cde5020e577040d1f18ac07db26dc97210'>1c2e11c</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 19:03:05 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 19:03:05 -0400

Move in-memory keystore from client to server.  Whack with club until compiles.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=65e8ef470b34a9c7af92f377da297095a0251890'>65e8ef4</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>









</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-16 20:49:17 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-16 20:49:17 -0400

Round buffer size up to word boundary when verifying RSA signatures.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=87d20a89611e4a4367fc9ca87a817bb431c2a304'>87d20a8</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>






</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400

Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=0690aa3d48966a4b151a468fd3a0a65bb99de439'>0690aa3</a></span>




</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>





</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-12 09:50:33 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-12 09:50:33 -0400

Add hal_digest_algorithm_none; tweak handling of none handles.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=e95df39ced0199cf654e4fb276c543ec5fe6308a'>e95df39</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-03-11 19:24:00 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-03-11 19:24:00 -0500

First round of debugging based on RPC pkey tests: mostly ASN.1' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=7e4d5d73cf1fdcbee10a06a307529955ad17919e'>7e4d5d7</a></span>











</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>

</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-26 21:03:56 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-26 21:03:56 -0400

Fix pure-remote-mode hal_rpc_pkey_{sign,verify}().' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=1c2e11cde5020e577040d1f18ac07db26dc97210'>1c2e11c</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>









</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 19:08:58 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 19:08:58 -0500

Drop support for the ASN.1-based ECDSA signature format in favor of' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=e3f62b04be54fda0fddc7d9ee5e09441d1651c21'>e3f62b0</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>




</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-07 20:23:45 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-07 20:23:45 -0400

Fix session handle arguments in RPC calls.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=45061e2df746f597195b80376fc405b4538b5420'>45061e2</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400

Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=0690aa3d48966a4b151a468fd3a0a65bb99de439'>0690aa3</a></span>


</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400

Revised keystore API, part one.  Not usable yet.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=c2b116a5e46ed89bf1426def0c447d2e46cc9474'>c2b116a</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>



</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-03-11 19:24:00 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-03-11 19:24:00 -0500

First round of debugging based on RPC pkey tests: mostly ASN.1' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=7e4d5d73cf1fdcbee10a06a307529955ad17919e'>7e4d5d7</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-24 01:16:10 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-24 01:16:10 -0500

More work on PIN/login/logout code.  Access control still missing,' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=7dfad9f2b40f32fb2f2d38c4637ae9faad4228d9'>7dfad9f</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>





</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400

Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=0690aa3d48966a4b151a468fd3a0a65bb99de439'>0690aa3</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>


</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-05-15 20:49:18 -0400

Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=0690aa3d48966a4b151a468fd3a0a65bb99de439'>0690aa3</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>







</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400

Revised keystore API, part one.  Not usable yet.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=c2b116a5e46ed89bf1426def0c447d2e46cc9474'>c2b116a</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>

</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-09-01 15:37:07 -0400

Revised keystore API, part one.  Not usable yet.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=c2b116a5e46ed89bf1426def0c447d2e46cc9474'>c2b116a</a></span>




</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>

</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-03-11 19:24:00 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-03-11 19:24:00 -0500

First round of debugging based on RPC pkey tests: mostly ASN.1' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=7e4d5d73cf1fdcbee10a06a307529955ad17919e'>7e4d5d7</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>






</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-09 23:02:03 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-09 23:02:03 -0400

Per-session objects in ks_volatile; more untested ks_attribute code.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=015eefa32f54f84c56bb7c6d36c0edcc104a69e8'>015eefa</a></span>

</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-07 20:23:45 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-07 20:23:45 -0400

Fix session handle arguments in RPC calls.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=45061e2df746f597195b80376fc405b4538b5420'>45061e2</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-07 17:32:14 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-07 17:32:14 -0400

Checkpoint along the way to adding keystore attribute support.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=db32574d6c85bb48a2f01d80eec6e241152704ff'>db32574</a></span>

</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-11-21 23:36:36 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-11-21 23:36:36 -0500

Whack attribute code with a club until it works with PKCS #11.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=15efcdb3e2ebe20c35818447537728c9de2f089f'>15efcdb</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-07 17:32:14 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-07 17:32:14 -0400

Checkpoint along the way to adding keystore attribute support.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=db32574d6c85bb48a2f01d80eec6e241152704ff'>db32574</a></span>



</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-24 15:15:51 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-24 15:15:51 -0400

Make previous_uuid an input-only argument to hal_rpc_pkey_match().' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=dcf3c671314b36285277073c0a3d3a09bf4d93e6'>dcf3c67</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-07 17:32:14 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-07 17:32:14 -0400

Checkpoint along the way to adding keystore attribute support.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=db32574d6c85bb48a2f01d80eec6e241152704ff'>db32574</a></span>



</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-11-21 09:25:16 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-11-21 09:25:16 -0500

pkey_match() should just skip keys it lacks permission to read.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=834924b3e4d827f6db03d307a88e23bf95dc4624'>834924b</a></span>








</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-24 17:57:35 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-24 17:57:35 -0400

Flesh out key object access control.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=41bc63d2ee629610de41c793e1eb00e1571d38d4'>41bc63d</a></span>

</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-07 17:32:14 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-07 17:32:14 -0400

Checkpoint along the way to adding keystore attribute support.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=db32574d6c85bb48a2f01d80eec6e241152704ff'>db32574</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-09 23:02:03 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-09 23:02:03 -0400

Per-session objects in ks_volatile; more untested ks_attribute code.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=015eefa32f54f84c56bb7c6d36c0edcc104a69e8'>015eefa</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-07 17:32:14 -0400
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-10-07 17:32:14 -0400

Checkpoint along the way to adding keystore attribute support.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=db32574d6c85bb48a2f01d80eec6e241152704ff'>db32574</a></span>







</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-11-08 01:44:50 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-11-08 01:44:50 -0500

First cut at multi-attribute get/set/delete API.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=09a065bb67bf055da0417a6c972c11ba5ab13da0'>09a065b</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-11-21 23:36:36 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-11-21 23:36:36 -0500

Whack attribute code with a club until it works with PKCS #11.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=15efcdb3e2ebe20c35818447537728c9de2f089f'>15efcdb</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-11-08 01:44:50 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-11-08 01:44:50 -0500

First cut at multi-attribute get/set/delete API.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=09a065bb67bf055da0417a6c972c11ba5ab13da0'>09a065b</a></span>






















</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-11-21 23:36:36 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-11-21 23:36:36 -0500

Whack attribute code with a club until it works with PKCS #11.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=15efcdb3e2ebe20c35818447537728c9de2f089f'>15efcdb</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-11-08 01:44:50 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-11-08 01:44:50 -0500

First cut at multi-attribute get/set/delete API.' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=09a065bb67bf055da0417a6c972c11ba5ab13da0'>09a065b</a></span>





















</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>
</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2016-11-14 18:02:07 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2016-11-14 18:02:07 -0500

More API cleanup: remove hal_rpc_pkey_list().' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=b448b28f538517556f3d35dee81dbf07d433df60'>b448b28</a></span>















</pre></div><div class='alt'><pre><span class='sha1'><a title='author  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500
committer  Rob Austein &lt;sra@hactrn.net&gt;  2015-12-20 17:59:29 -0500

RPC server stuff mostly written.  Compiles, not yet tested.  RPC' href='/sw/libhal/commit/rpc_pkey.c?h=auto_magic&amp;id=86b35d757048aaa122237e1cb8fb33de9d53292d'>86b35d7</a></span>






</pre></div></td>
<td class='linenumbers'><div class='alt'><pre><a id='n1' href='#n1'>1</a>
<a id='n2' href='#n2'>2</a>
<a id='n3' href='#n3'>3</a>
<a id='n4' href='#n4'>4</a>
<a id='n5' href='#n5'>5</a>
<a id='n6' href='#n6'>6</a>
<a id='n7' href='#n7'>7</a>
<a id='n8' href='#n8'>8</a>
<a id='n9' href='#n9'>9</a>
<a id='n10' href='#n10'>10</a>
<a id='n11' href='#n11'>11</a>
<a id='n12' href='#n12'>12</a>
<a id='n13' href='#n13'>13</a>
<a id='n14' href='#n14'>14</a>
<a id='n15' href='#n15'>15</a>
<a id='n16' href='#n16'>16</a>
<a id='n17' href='#n17'>17</a>
<a id='n18' href='#n18'>18</a>
<a id='n19' href='#n19'>19</a>
<a id='n20' href='#n20'>20</a>
<a id='n21' href='#n21'>21</a>
<a id='n22' href='#n22'>22</a>
<a id='n23' href='#n23'>23</a>
<a id='n24' href='#n24'>24</a>
<a id='n25' href='#n25'>25</a>
<a id='n26' href='#n26'>26</a>
<a id='n27' href='#n27'>27</a>
<a id='n28' href='#n28'>28</a>
<a id='n29' href='#n29'>29</a>
<a id='n30' href='#n30'>30</a>
<a id='n31' href='#n31'>31</a>
<a id='n32' href='#n32'>32</a>
<a id='n33' href='#n33'>33</a>
<a id='n34' href='#n34'>34</a>
<a id='n35' href='#n35'>35</a>
<a id='n36' href='#n36'>36</a>
<a id='n37' href='#n37'>37</a>
<a id='n38' href='#n38'>38</a>
<a id='n39' href='#n39'>39</a>
<a id='n40' href='#n40'>40</a>
<a id='n41' href='#n41'>41</a>
</pre></div><div class='alt'><pre><a id='n42' href='#n42'>42</a>
<a id='n43' href='#n43'>43</a>
<a id='n44' href='#n44'>44</a>
<a id='n45' href='#n45'>45</a>
<a id='n46' href='#n46'>46</a>
</pre></div><div class='alt'><pre><a id='n47' href='#n47'>47</a>
</pre></div><div class='alt'><pre><a id='n48' href='#n48'>48</a>
<a id='n49' href='#n49'>49</a>
<a id='n50' href='#n50'>50</a>
</pre></div><div class='alt'><pre><a id='n51' href='#n51'>51</a>
</pre></div><div class='alt'><pre><a id='n52' href='#n52'>52</a>
<a id='n53' href='#n53'>53</a>
<a id='n54' href='#n54'>54</a>
<a id='n55' href='#n55'>55</a>
</pre></div><div class='alt'><pre><a id='n56' href='#n56'>56</a>
<a id='n57' href='#n57'>57</a>
</pre></div><div class='alt'><pre><a id='n58' href='#n58'>58</a>
</pre></div><div class='alt'><pre><a id='n59' href='#n59'>59</a>
</pre></div><div class='alt'><pre><a id='n60' href='#n60'>60</a>
<a id='n61' href='#n61'>61</a>
</pre></div><div class='alt'><pre><a id='n62' href='#n62'>62</a>
</pre></div><div class='alt'><pre><a id='n63' href='#n63'>63</a>
</pre></div><div class='alt'><pre><a id='n64' href='#n64'>64</a>
<a id='n65' href='#n65'>65</a>
<a id='n66' href='#n66'>66</a>
</pre></div><div class='alt'><pre><a id='n67' href='#n67'>67</a>
<a id='n68' href='#n68'>68</a>
<a id='n69' href='#n69'>69</a>
</pre></div><div class='alt'><pre><a id='n70' href='#n70'>70</a>
<a id='n71' href='#n71'>71</a>
</pre></div><div class='alt'><pre><a id='n72' href='#n72'>72</a>
</pre></div><div class='alt'><pre><a id='n73' href='#n73'>73</a>
</pre></div><div class='alt'><pre><a id='n74' href='#n74'>74</a>
<a id='n75' href='#n75'>75</a>
</pre></div><div class='alt'><pre><a id='n76' href='#n76'>76</a>
</pre></div><div class='alt'><pre><a id='n77' href='#n77'>77</a>
<a id='n78' href='#n78'>78</a>
</pre></div><div class='alt'><pre><a id='n79' href='#n79'>79</a>
</pre></div><div class='alt'><pre><a id='n80' href='#n80'>80</a>
<a id='n81' href='#n81'>81</a>
<a id='n82' href='#n82'>82</a>
<a id='n83' href='#n83'>83</a>
</pre></div><div class='alt'><pre><a id='n84' href='#n84'>84</a>
<a id='n85' href='#n85'>85</a>
<a id='n86' href='#n86'>86</a>
</pre></div><div class='alt'><pre><a id='n87' href='#n87'>87</a>
<a id='n88' href='#n88'>88</a>
</pre></div><div class='alt'><pre><a id='n89' href='#n89'>89</a>
<a id='n90' href='#n90'>90</a>
<a id='n91' href='#n91'>91</a>
<a id='n92' href='#n92'>92</a>
<a id='n93' href='#n93'>93</a>
<a id='n94' href='#n94'>94</a>
<a id='n95' href='#n95'>95</a>
</pre></div><div class='alt'><pre><a id='n96' href='#n96'>96</a>
</pre></div><div class='alt'><pre><a id='n97' href='#n97'>97</a>
</pre></div><div class='alt'><pre><a id='n98' href='#n98'>98</a>
<a id='n99' href='#n99'>99</a>
<a id='n100' href='#n100'>100</a>
</pre></div><div class='alt'><pre><a id='n101' href='#n101'>101</a>
<a id='n102' href='#n102'>102</a>
<a id='n103' href='#n103'>103</a>
</pre></div><div class='alt'><pre><a id='n104' href='#n104'>104</a>
<a id='n105' href='#n105'>105</a>
</pre></div><div class='alt'><pre><a id='n106' href='#n106'>106</a>
<a id='n107' href='#n107'>107</a>
</pre></div><div class='alt'><pre><a id='n108' href='#n108'>108</a>
<a id='n109' href='#n109'>109</a>
</pre></div><div class='alt'><pre><a id='n110' href='#n110'>110</a>
<a id='n111' href='#n111'>111</a>
</pre></div><div class='alt'><pre><a id='n112' href='#n112'>112</a>
</pre></div><div class='alt'><pre><a id='n113' href='#n113'>113</a>
</pre></div><div class='alt'><pre><a id='n114' href='#n114'>114</a>
</pre></div><div class='alt'><pre><a id='n115' href='#n115'>115</a>
<a id='n116' href='#n116'>116</a>
<a id='n117' href='#n117'>117</a>
<a id='n118' href='#n118'>118</a>
<a id='n119' href='#n119'>119</a>
<a id='n120' href='#n120'>120</a>
<a id='n121' href='#n121'>121</a>
<a id='n122' href='#n122'>122</a>
<a id='n123' href='#n123'>123</a>
<a id='n124' href='#n124'>124</a>
<a id='n125' href='#n125'>125</a>
<a id='n126' href='#n126'>126</a>
<a id='n127' href='#n127'>127</a>
<a id='n128' href='#n128'>128</a>
<a id='n129' href='#n129'>129</a>
<a id='n130' href='#n130'>130</a>
<a id='n131' href='#n131'>131</a>
<a id='n132' href='#n132'>132</a>
<a id='n133' href='#n133'>133</a>
<a id='n134' href='#n134'>134</a>
<a id='n135' href='#n135'>135</a>
<a id='n136' href='#n136'>136</a>
<a id='n137' href='#n137'>137</a>
<a id='n138' href='#n138'>138</a>
<a id='n139' href='#n139'>139</a>
<a id='n140' href='#n140'>140</a>
<a id='n141' href='#n141'>141</a>
<a id='n142' href='#n142'>142</a>
<a id='n143' href='#n143'>143</a>
<a id='n144' href='#n144'>144</a>
<a id='n145' href='#n145'>145</a>
<a id='n146' href='#n146'>146</a>
</pre></div><div class='alt'><pre><a id='n147' href='#n147'>147</a>
<a id='n148' href='#n148'>148</a>
</pre></div><div class='alt'><pre><a id='n149' href='#n149'>149</a>
<a id='n150' href='#n150'>150</a>
<a id='n151' href='#n151'>151</a>
<a id='n152' href='#n152'>152</a>
<a id='n153' href='#n153'>153</a>
<a id='n154' href='#n154'>154</a>
<a id='n155' href='#n155'>155</a>
<a id='n156' href='#n156'>156</a>
</pre></div><div class='alt'><pre><a id='n157' href='#n157'>157</a>
<a id='n158' href='#n158'>158</a>
<a id='n159' href='#n159'>159</a>
<a id='n160' href='#n160'>160</a>
<a id='n161' href='#n161'>161</a>
<a id='n162' href='#n162'>162</a>
</pre></div><div class='alt'><pre><a id='n163' href='#n163'>163</a>
</pre></div><div class='alt'><pre><a id='n164' href='#n164'>164</a>
<a id='n165' href='#n165'>165</a>
<a id='n166' href='#n166'>166</a>
<a id='n167' href='#n167'>167</a>
<a id='n168' href='#n168'>168</a>
<a id='n169' href='#n169'>169</a>
<a id='n170' href='#n170'>170</a>
<a id='n171' href='#n171'>171</a>
</pre></div><div class='alt'><pre><a id='n172' href='#n172'>172</a>
</pre></div><div class='alt'><pre><a id='n173' href='#n173'>173</a>
<a id='n174' href='#n174'>174</a>
</pre></div><div class='alt'><pre><a id='n175' href='#n175'>175</a>
</pre></div><div class='alt'><pre><a id='n176' href='#n176'>176</a>
<a id='n177' href='#n177'>177</a>
<a id='n178' href='#n178'>178</a>
<a id='n179' href='#n179'>179</a>
<a id='n180' href='#n180'>180</a>
<a id='n181' href='#n181'>181</a>
<a id='n182' href='#n182'>182</a>
<a id='n183' href='#n183'>183</a>
<a id='n184' href='#n184'>184</a>
<a id='n185' href='#n185'>185</a>
<a id='n186' href='#n186'>186</a>
<a id='n187' href='#n187'>187</a>
<a id='n188' href='#n188'>188</a>
<a id='n189' href='#n189'>189</a>
<a id='n190' href='#n190'>190</a>
<a id='n191' href='#n191'>191</a>
<a id='n192' href='#n192'>192</a>
<a id='n193' href='#n193'>193</a>
<a id='n194' href='#n194'>194</a>
<a id='n195' href='#n195'>195</a>
<a id='n196' href='#n196'>196</a>
<a id='n197' href='#n197'>197</a>
<a id='n198' href='#n198'>198</a>
<a id='n199' href='#n199'>199</a>
<a id='n200' href='#n200'>200</a>
<a id='n201' href='#n201'>201</a>
<a id='n202' href='#n202'>202</a>
<a id='n203' href='#n203'>203</a>
<a id='n204' href='#n204'>204</a>
<a id='n205' href='#n205'>205</a>
<a id='n206' href='#n206'>206</a>
<a id='n207' href='#n207'>207</a>
<a id='n208' href='#n208'>208</a>
<a id='n209' href='#n209'>209</a>
<a id='n210' href='#n210'>210</a>
<a id='n211' href='#n211'>211</a>
<a id='n212' href='#n212'>212</a>
<a id='n213' href='#n213'>213</a>
<a id='n214' href='#n214'>214</a>
<a id='n215' href='#n215'>215</a>
<a id='n216' href='#n216'>216</a>
<a id='n217' href='#n217'>217</a>
</pre></div><div class='alt'><pre><a id='n218' href='#n218'>218</a>
<a id='n219' href='#n219'>219</a>
<a id='n220' href='#n220'>220</a>
<a id='n221' href='#n221'>221</a>
<a id='n222' href='#n222'>222</a>
</pre></div><div class='alt'><pre><a id='n223' href='#n223'>223</a>
<a id='n224' href='#n224'>224</a>
<a id='n225' href='#n225'>225</a>
<a id='n226' href='#n226'>226</a>
</pre></div><div class='alt'><pre><a id='n227' href='#n227'>227</a>
<a id='n228' href='#n228'>228</a>
<a id='n229' href='#n229'>229</a>
</pre></div><div class='alt'><pre><a id='n230' href='#n230'>230</a>
<a id='n231' href='#n231'>231</a>
</pre></div><div class='alt'><pre><a id='n232' href='#n232'>232</a>
<a id='n233' href='#n233'>233</a>
</pre></div><div class='alt'><pre><a id='n234' href='#n234'>234</a>
<a id='n235' href='#n235'>235</a>
<a id='n236' href='#n236'>236</a>
<a id='n237' href='#n237'>237</a>
<a id='n238' href='#n238'>238</a>
</pre></div><div class='alt'><pre><a id='n239' href='#n239'>239</a>
</pre></div><div class='alt'><pre><a id='n240' href='#n240'>240</a>
<a id='n241' href='#n241'>241</a>
</pre></div><div class='alt'><pre><a id='n242' href='#n242'>242</a>
</pre></div><div class='alt'><pre><a id='n243' href='#n243'>243</a>
</pre></div><div class='alt'><pre><a id='n244' href='#n244'>244</a>
</pre></div><div class='alt'><pre><a id='n245' href='#n245'>245</a>
<a id='n246' href='#n246'>246</a>
<a id='n247' href='#n247'>247</a>
</pre></div><div class='alt'><pre><a id='n248' href='#n248'>248</a>
</pre></div><div class='alt'><pre><a id='n249' href='#n249'>249</a>
<a id='n250' href='#n250'>250</a>
<a id='n251' href='#n251'>251</a>
</pre></div><div class='alt'><pre><a id='n252' href='#n252'>252</a>
</pre></div><div class='alt'><pre><a id='n253' href='#n253'>253</a>
<a id='n254' href='#n254'>254</a>
</pre></div><div class='alt'><pre><a id='n255' href='#n255'>255</a>
</pre></div><div class='alt'><pre><a id='n256' href='#n256'>256</a>
<a id='n257' href='#n257'>257</a>
</pre></div><div class='alt'><pre><a id='n258' href='#n258'>258</a>
</pre></div><div class='alt'><pre><a id='n259' href='#n259'>259</a>
</pre></div><div class='alt'><pre><a id='n260' href='#n260'>260</a>
</pre></div><div class='alt'><pre><a id='n261' href='#n261'>261</a>
<a id='n262' href='#n262'>262</a>
</pre></div><div class='alt'><pre><a id='n263' href='#n263'>263</a>
<a id='n264' href='#n264'>264</a>
<a id='n265' href='#n265'>265</a>
<a id='n266' href='#n266'>266</a>
<a id='n267' href='#n267'>267</a>
<a id='n268' href='#n268'>268</a>
<a id='n269' href='#n269'>269</a>
</pre></div><div class='alt'><pre><a id='n270' href='#n270'>270</a>
<a id='n271' href='#n271'>271</a>
</pre></div><div class='alt'><pre><a id='n272' href='#n272'>272</a>
</pre></div><div class='alt'><pre><a id='n273' href='#n273'>273</a>
</pre></div><div class='alt'><pre><a id='n274' href='#n274'>274</a>
<a id='n275' href='#n275'>275</a>
</pre></div><div class='alt'><pre><a id='n276' href='#n276'>276</a>
</pre></div><div class='alt'><pre><a id='n277' href='#n277'>277</a>
<a id='n278' href='#n278'>278</a>
<a id='n279' href='#n279'>279</a>
<a id='n280' href='#n280'>280</a>
<a id='n281' href='#n281'>281</a>
<a id='n282' href='#n282'>282</a>
<a id='n283' href='#n283'>283</a>
</pre></div><div class='alt'><pre><a id='n284' href='#n284'>284</a>
</pre></div><div class='alt'><pre><a id='n285' href='#n285'>285</a>
<a id='n286' href='#n286'>286</a>
</pre></div><div class='alt'><pre><a id='n287' href='#n287'>287</a>
</pre></div><div class='alt'><pre><a id='n288' href='#n288'>288</a>
</pre></div><div class='alt'><pre><a id='n289' href='#n289'>289</a>
</pre></div><div class='alt'><pre><a id='n290' href='#n290'>290</a>
</pre></div><div class='alt'><pre><a id='n291' href='#n291'>291</a>
</pre></div><div class='alt'><pre><a id='n292' href='#n292'>292</a>
<a id='n293' href='#n293'>293</a>
<a id='n294' href='#n294'>294</a>
</pre></div><div class='alt'><pre><a id='n295' href='#n295'>295</a>
</pre></div><div class='alt'><pre><a id='n296' href='#n296'>296</a>
<a id='n297' href='#n297'>297</a>
<a id='n298' href='#n298'>298</a>
</pre></div><div class='alt'><pre><a id='n299' href='#n299'>299</a>
</pre></div><div class='alt'><pre><a id='n300' href='#n300'>300</a>
<a id='n301' href='#n301'>301</a>
</pre></div><div class='alt'><pre><a id='n302' href='#n302'>302</a>
</pre></div><div class='alt'><pre><a id='n303' href='#n303'>303</a>
<a id='n304' href='#n304'>304</a>
</pre></div><div class='alt'><pre><a id='n305' href='#n305'>305</a>
<a id='n306' href='#n306'>306</a>
<a id='n307' href='#n307'>307</a>
<a id='n308' href='#n308'>308</a>
<a id='n309' href='#n309'>309</a>
<a id='n310' href='#n310'>310</a>
<a id='n311' href='#n311'>311</a>
</pre></div><div class='alt'><pre><a id='n312' href='#n312'>312</a>
<a id='n313' href='#n313'>313</a>
</pre></div><div class='alt'><pre><a id='n314' href='#n314'>314</a>
</pre></div><div class='alt'><pre><a id='n315' href='#n315'>315</a>
</pre></div><div class='alt'><pre><a id='n316' href='#n316'>316</a>
<a id='n317' href='#n317'>317</a>
<a id='n318' href='#n318'>318</a>
<a id='n319' href='#n319'>319</a>
<a id='n320' href='#n320'>320</a>
<a id='n321' href='#n321'>321</a>
<a id='n322' href='#n322'>322</a>
<a id='n323' href='#n323'>323</a>
<a id='n324' href='#n324'>324</a>
</pre></div><div class='alt'><pre><a id='n325' href='#n325'>325</a>
<a id='n326' href='#n326'>326</a>
<a id='n327' href='#n327'>327</a>
</pre></div><div class='alt'><pre><a id='n328' href='#n328'>328</a>
</pre></div><div class='alt'><pre><a id='n329' href='#n329'>329</a>
<a id='n330' href='#n330'>330</a>
<a id='n331' href='#n331'>331</a>
</pre></div><div class='alt'><pre><a id='n332' href='#n332'>332</a>
</pre></div><div class='alt'><pre><a id='n333' href='#n333'>333</a>
</pre></div><div class='alt'><pre><a id='n334' href='#n334'>334</a>
</pre></div><div class='alt'><pre><a id='n335' href='#n335'>335</a>
<a id='n336' href='#n336'>336</a>
<a id='n337' href='#n337'>337</a>
<a id='n338' href='#n338'>338</a>
<a id='n339' href='#n339'>339</a>
</pre></div><div class='alt'><pre><a id='n340' href='#n340'>340</a>
</pre></div><div class='alt'><pre><a id='n341' href='#n341'>341</a>
<a id='n342' href='#n342'>342</a>
<a id='n343' href='#n343'>343</a>
</pre></div><div class='alt'><pre><a id='n344' href='#n344'>344</a>
</pre></div><div class='alt'><pre><a id='n345' href='#n345'>345</a>
<a id='n346' href='#n346'>346</a>
</pre></div><div class='alt'><pre><a id='n347' href='#n347'>347</a>
<a id='n348' href='#n348'>348</a>
<a id='n349' href='#n349'>349</a>
</pre></div><div class='alt'><pre><a id='n350' href='#n350'>350</a>
</pre></div><div class='alt'><pre><a id='n351' href='#n351'>351</a>
</pre></div><div class='alt'><pre><a id='n352' href='#n352'>352</a>
</pre></div><div class='alt'><pre><a id='n353' href='#n353'>353</a>
<a id='n354' href='#n354'>354</a>
</pre></div><div class='alt'><pre><a id='n355' href='#n355'>355</a>
<a id='n356' href='#n356'>356</a>
</pre></div><div class='alt'><pre><a id='n357' href='#n357'>357</a>
<a id='n358' href='#n358'>358</a>
</pre></div><div class='alt'><pre><a id='n359' href='#n359'>359</a>
</pre></div><div class='alt'><pre><a id='n360' href='#n360'>360</a>
</pre></div><div class='alt'><pre><a id='n361' href='#n361'>361</a>
</pre></div><div class='alt'><pre><a id='n362' href='#n362'>362</a>
</pre></div><div class='alt'><pre><a id='n363' href='#n363'>363</a>
<a id='n364' href='#n364'>364</a>
</pre></div><div class='alt'><pre><a id='n365' href='#n365'>365</a>
<a id='n366' href='#n366'>366</a>
<a id='n367' href='#n367'>367</a>
<a id='n368' href='#n368'>368</a>
<a id='n369' href='#n369'>369</a>
<a id='n370' href='#n370'>370</a>
</pre></div><div class='alt'><pre><a id='n371' href='#n371'>371</a>
<a id='n372' href='#n372'>372</a>
<a id='n373' href='#n373'>373</a>
<a id='n374' href='#n374'>374</a>
</pre></div><div class='alt'><pre><a id='n375' href='#n375'>375</a>
<a id='n376' href='#n376'>376</a>
</pre></div><div class='alt'><pre><a id='n377' href='#n377'>377</a>
</pre></div><div class='alt'><pre><a id='n378' href='#n378'>378</a>
</pre></div><div class='alt'><pre><a id='n379' href='#n379'>379</a>
</pre></div><div class='alt'><pre><a id='n380' href='#n380'>380</a>
</pre></div><div class='alt'><pre><a id='n381' href='#n381'>381</a>
</pre></div><div class='alt'><pre><a id='n382' href='#n382'>382</a>
<a id='n383' href='#n383'>383</a>
<a id='n384' href='#n384'>384</a>
<a id='n385' href='#n385'>385</a>
<a id='n386' href='#n386'>386</a>
<a id='n387' href='#n387'>387</a>
<a id='n388' href='#n388'>388</a>
<a id='n389' href='#n389'>389</a>
</pre></div><div class='alt'><pre><a id='n390' href='#n390'>390</a>
<a id='n391' href='#n391'>391</a>
<a id='n392' href='#n392'>392</a>
</pre></div><div class='alt'><pre><a id='n393' href='#n393'>393</a>
</pre></div><div class='alt'><pre><a id='n394' href='#n394'>394</a>
<a id='n395' href='#n395'>395</a>
</pre></div><div class='alt'><pre><a id='n396' href='#n396'>396</a>
</pre></div><div class='alt'><pre><a id='n397' href='#n397'>397</a>
</pre></div><div class='alt'><pre><a id='n398' href='#n398'>398</a>
</pre></div><div class='alt'><pre><a id='n399' href='#n399'>399</a>
<a id='n400' href='#n400'>400</a>
<a id='n401' href='#n401'>401</a>
<a id='n402' href='#n402'>402</a>
<a id='n403' href='#n403'>403</a>
</pre></div><div class='alt'><pre><a id='n404' href='#n404'>404</a>
</pre></div><div class='alt'><pre><a id='n405' href='#n405'>405</a>
<a id='n406' href='#n406'>406</a>
<a id='n407' href='#n407'>407</a>
</pre></div><div class='alt'><pre><a id='n408' href='#n408'>408</a>
</pre></div><div class='alt'><pre><a id='n409' href='#n409'>409</a>
<a id='n410' href='#n410'>410</a>
</pre></div><div class='alt'><pre><a id='n411' href='#n411'>411</a>
<a id='n412' href='#n412'>412</a>
<a id='n413' href='#n413'>413</a>
</pre></div><div class='alt'><pre><a id='n414' href='#n414'>414</a>
</pre></div><div class='alt'><pre><a id='n415' href='#n415'>415</a>
</pre></div><div class='alt'><pre><a id='n416' href='#n416'>416</a>
</pre></div><div class='alt'><pre><a id='n417' href='#n417'>417</a>
<a id='n418' href='#n418'>418</a>
</pre></div><div class='alt'><pre><a id='n419' href='#n419'>419</a>
</pre></div><div class='alt'><pre><a id='n420' href='#n420'>420</a>
<a id='n421' href='#n421'>421</a>
</pre></div><div class='alt'><pre><a id='n422' href='#n422'>422</a>
</pre></div><div class='alt'><pre><a id='n423' href='#n423'>423</a>
</pre></div><div class='alt'><pre><a id='n424' href='#n424'>424</a>
</pre></div><div class='alt'><pre><a id='n425' href='#n425'>425</a>
</pre></div><div class='alt'><pre><a id='n426' href='#n426'>426</a>
<a id='n427' href='#n427'>427</a>
</pre></div><div class='alt'><pre><a id='n428' href='#n428'>428</a>
<a id='n429' href='#n429'>429</a>
<a id='n430' href='#n430'>430</a>
<a id='n431' href='#n431'>431</a>
<a id='n432' href='#n432'>432</a>
<a id='n433' href='#n433'>433</a>
</pre></div><div class='alt'><pre><a id='n434' href='#n434'>434</a>
<a id='n435' href='#n435'>435</a>
<a id='n436' href='#n436'>436</a>
<a id='n437' href='#n437'>437</a>
</pre></div><div class='alt'><pre><a id='n438' href='#n438'>438</a>
<a id='n439' href='#n439'>439</a>
</pre></div><div class='alt'><pre><a id='n440' href='#n440'>440</a>
</pre></div><div class='alt'><pre><a id='n441' href='#n441'>441</a>
</pre></div><div class='alt'><pre><a id='n442' href='#n442'>442</a>
</pre></div><div class='alt'><pre><a id='n443' href='#n443'>443</a>
</pre></div><div class='alt'><pre><a id='n444' href='#n444'>444</a>
</pre></div><div class='alt'><pre><a id='n445' href='#n445'>445</a>
<a id='n446' href='#n446'>446</a>
<a id='n447' href='#n447'>447</a>
<a id='n448' href='#n448'>448</a>
<a id='n449' href='#n449'>449</a>
<a id='n450' href='#n450'>450</a>
<a id='n451' href='#n451'>451</a>
</pre></div><div class='alt'><pre><a id='n452' href='#n452'>452</a>
</pre></div><div class='alt'><pre><a id='n453' href='#n453'>453</a>
</pre></div><div class='alt'><pre><a id='n454' href='#n454'>454</a>
</pre></div><div class='alt'><pre><a id='n455' href='#n455'>455</a>
<a id='n456' href='#n456'>456</a>
<a id='n457' href='#n457'>457</a>
<a id='n458' href='#n458'>458</a>
<a id='n459' href='#n459'>459</a>
<a id='n460' href='#n460'>460</a>
<a id='n461' href='#n461'>461</a>
<a id='n462' href='#n462'>462</a>
<a id='n463' href='#n463'>463</a>
<a id='n464' href='#n464'>464</a>
<a id='n465' href='#n465'>465</a>
<a id='n466' href='#n466'>466</a>
<a id='n467' href='#n467'>467</a>
</pre></div><div class='alt'><pre><a id='n468' href='#n468'>468</a>
</pre></div><div class='alt'><pre><a id='n469' href='#n469'>469</a>
</pre></div><div class='alt'><pre><a id='n470' href='#n470'>470</a>
</pre></div><div class='alt'><pre><a id='n471' href='#n471'>471</a>
<a id='n472' href='#n472'>472</a>
<a id='n473' href='#n473'>473</a>
<a id='n474' href='#n474'>474</a>
</pre></div><div class='alt'><pre><a id='n475' href='#n475'>475</a>
<a id='n476' href='#n476'>476</a>
<a id='n477' href='#n477'>477</a>
</pre></div><div class='alt'><pre><a id='n478' href='#n478'>478</a>
<a id='n479' href='#n479'>479</a>
<a id='n480' href='#n480'>480</a>
</pre></div><div class='alt'><pre><a id='n481' href='#n481'>481</a>
<a id='n482' href='#n482'>482</a>
<a id='n483' href='#n483'>483</a>
<a id='n484' href='#n484'>484</a>
<a id='n485' href='#n485'>485</a>
</pre></div><div class='alt'><pre><a id='n486' href='#n486'>486</a>
<a id='n487' href='#n487'>487</a>
</pre></div><div class='alt'><pre><a id='n488' href='#n488'>488</a>
</pre></div><div class='alt'><pre><a id='n489' href='#n489'>489</a>
<a id='n490' href='#n490'>490</a>
<a id='n491' href='#n491'>491</a>
<a id='n492' href='#n492'>492</a>
<a id='n493' href='#n493'>493</a>
<a id='n494' href='#n494'>494</a>
<a id='n495' href='#n495'>495</a>
<a id='n496' href='#n496'>496</a>
</pre></div><div class='alt'><pre><a id='n497' href='#n497'>497</a>
<a id='n498' href='#n498'>498</a>
</pre></div><div class='alt'><pre><a id='n499' href='#n499'>499</a>
<a id='n500' href='#n500'>500</a>
<a id='n501' href='#n501'>501</a>
<a id='n502' href='#n502'>502</a>
</pre></div><div class='alt'><pre><a id='n503' href='#n503'>503</a>
</pre></div><div class='alt'><pre><a id='n504' href='#n504'>504</a>
<a id='n505' href='#n505'>505</a>
<a id='n506' href='#n506'>506</a>
<a id='n507' href='#n507'>507</a>
<a id='n508' href='#n508'>508</a>
<a id='n509' href='#n509'>509</a>
<a id='n510' href='#n510'>510</a>
<a id='n511' href='#n511'>511</a>
<a id='n512' href='#n512'>512</a>
<a id='n513' href='#n513'>513</a>
</pre></div><div class='alt'><pre><a id='n514' href='#n514'>514</a>
<a id='n515' href='#n515'>515</a>
<a id='n516' href='#n516'>516</a>
<a id='n517' href='#n517'>517</a>
<a id='n518' href='#n518'>518</a>
<a id='n519' href='#n519'>519</a>
<a id='n520' href='#n520'>520</a>
<a id='n521' href='#n521'>521</a>
<a id='n522' href='#n522'>522</a>
<a id='n523' href='#n523'>523</a>
<a id='n524' href='#n524'>524</a>
<a id='n525' href='#n525'>525</a>
<a id='n526' href='#n526'>526</a>
<a id='n527' href='#n527'>527</a>
<a id='n528' href='#n528'>528</a>
<a id='n529' href='#n529'>529</a>
<a id='n530' href='#n530'>530</a>
<a id='n531' href='#n531'>531</a>
<a id='n532' href='#n532'>532</a>
<a id='n533' href='#n533'>533</a>
</pre></div><div class='alt'><pre><a id='n534' href='#n534'>534</a>
<a id='n535' href='#n535'>535</a>
<a id='n536' href='#n536'>536</a>
</pre></div><div class='alt'><pre><a id='n537' href='#n537'>537</a>
<a id='n538' href='#n538'>538</a>
</pre></div><div class='alt'><pre><a id='n539' href='#n539'>539</a>
<a id='n540' href='#n540'>540</a>
<a id='n541' href='#n541'>541</a>
<a id='n542' href='#n542'>542</a>
</pre></div><div class='alt'><pre><a id='n543' href='#n543'>543</a>
</pre></div><div class='alt'><pre><a id='n544' href='#n544'>544</a>
<a id='n545' href='#n545'>545</a>
<a id='n546' href='#n546'>546</a>
<a id='n547' href='#n547'>547</a>
<a id='n548' href='#n548'>548</a>
<a id='n549' href='#n549'>549</a>
<a id='n550' href='#n550'>550</a>
<a id='n551' href='#n551'>551</a>
<a id='n552' href='#n552'>552</a>
<a id='n553' href='#n553'>553</a>
<a id='n554' href='#n554'>554</a>
<a id='n555' href='#n555'>555</a>
<a id='n556' href='#n556'>556</a>
</pre></div><div class='alt'><pre><a id='n557' href='#n557'>557</a>
</pre></div><div class='alt'><pre><a id='n558' href='#n558'>558</a>
</pre></div><div class='alt'><pre><a id='n559' href='#n559'>559</a>
</pre></div><div class='alt'><pre><a id='n560' href='#n560'>560</a>
<a id='n561' href='#n561'>561</a>
<a id='n562' href='#n562'>562</a>
<a id='n563' href='#n563'>563</a>
<a id='n564' href='#n564'>564</a>
<a id='n565' href='#n565'>565</a>
<a id='n566' href='#n566'>566</a>
<a id='n567' href='#n567'>567</a>
<a id='n568' href='#n568'>568</a>
<a id='n569' href='#n569'>569</a>
<a id='n570' href='#n570'>570</a>
</pre></div><div class='alt'><pre><a id='n571' href='#n571'>571</a>
<a id='n572' href='#n572'>572</a>
</pre></div><div class='alt'><pre><a id='n573' href='#n573'>573</a>
</pre></div><div class='alt'><pre><a id='n574' href='#n574'>574</a>
<a id='n575' href='#n575'>575</a>
<a id='n576' href='#n576'>576</a>
<a id='n577' href='#n577'>577</a>
<a id='n578' href='#n578'>578</a>
<a id='n579' href='#n579'>579</a>
<a id='n580' href='#n580'>580</a>
</pre></div><div class='alt'><pre><a id='n581' href='#n581'>581</a>
<a id='n582' href='#n582'>582</a>
<a id='n583' href='#n583'>583</a>
<a id='n584' href='#n584'>584</a>
<a id='n585' href='#n585'>585</a>
<a id='n586' href='#n586'>586</a>
<a id='n587' href='#n587'>587</a>
<a id='n588' href='#n588'>588</a>
<a id='n589' href='#n589'>589</a>
<a id='n590' href='#n590'>590</a>
<a id='n591' href='#n591'>591</a>
<a id='n592' href='#n592'>592</a>
<a id='n593' href='#n593'>593</a>
<a id='n594' href='#n594'>594</a>
<a id='n595' href='#n595'>595</a>
<a id='n596' href='#n596'>596</a>
<a id='n597' href='#n597'>597</a>
<a id='n598' href='#n598'>598</a>
<a id='n599' href='#n599'>599</a>
<a id='n600' href='#n600'>600</a>
<a id='n601' href='#n601'>601</a>
<a id='n602' href='#n602'>602</a>
<a id='n603' href='#n603'>603</a>
<a id='n604' href='#n604'>604</a>
<a id='n605' href='#n605'>605</a>
<a id='n606' href='#n606'>606</a>
</pre></div><div class='alt'><pre><a id='n607' href='#n607'>607</a>
<a id='n608' href='#n608'>608</a>
<a id='n609' href='#n609'>609</a>
<a id='n610' href='#n610'>610</a>
<a id='n611' href='#n611'>611</a>
<a id='n612' href='#n612'>612</a>
</pre></div><div class='alt'><pre><a id='n613' href='#n613'>613</a>
<a id='n614' href='#n614'>614</a>
</pre></div><div class='alt'><pre><a id='n615' href='#n615'>615</a>
</pre></div><div class='alt'><pre><a id='n616' href='#n616'>616</a>
</pre></div><div class='alt'><pre><a id='n617' href='#n617'>617</a>
<a id='n618' href='#n618'>618</a>
<a id='n619' href='#n619'>619</a>
<a id='n620' href='#n620'>620</a>
<a id='n621' href='#n621'>621</a>
<a id='n622' href='#n622'>622</a>
<a id='n623' href='#n623'>623</a>
<a id='n624' href='#n624'>624</a>
<a id='n625' href='#n625'>625</a>
</pre></div><div class='alt'><pre><a id='n626' href='#n626'>626</a>
</pre></div><div class='alt'><pre><a id='n627' href='#n627'>627</a>
<a id='n628' href='#n628'>628</a>
</pre></div><div class='alt'><pre><a id='n629' href='#n629'>629</a>
<a id='n630' href='#n630'>630</a>
<a id='n631' href='#n631'>631</a>
<a id='n632' href='#n632'>632</a>
<a id='n633' href='#n633'>633</a>
<a id='n634' href='#n634'>634</a>
<a id='n635' href='#n635'>635</a>
</pre></div><div class='alt'><pre><a id='n636' href='#n636'>636</a>
<a id='n637' href='#n637'>637</a>
<a id='n638' href='#n638'>638</a>
<a id='n639' href='#n639'>639</a>
<a id='n640' href='#n640'>640</a>
<a id='n641' href='#n641'>641</a>
<a id='n642' href='#n642'>642</a>
<a id='n643' href='#n643'>643</a>
<a id='n644' href='#n644'>644</a>
<a id='n645' href='#n645'>645</a>
<a id='n646' href='#n646'>646</a>
<a id='n647' href='#n647'>647</a>
<a id='n648' href='#n648'>648</a>
<a id='n649' href='#n649'>649</a>
<a id='n650' href='#n650'>650</a>
<a id='n651' href='#n651'>651</a>
<a id='n652' href='#n652'>652</a>
<a id='n653' href='#n653'>653</a>
<a id='n654' href='#n654'>654</a>
<a id='n655' href='#n655'>655</a>
<a id='n656' href='#n656'>656</a>
<a id='n657' href='#n657'>657</a>
<a id='n658' href='#n658'>658</a>
<a id='n659' href='#n659'>659</a>
<a id='n660' href='#n660'>660</a>
<a id='n661' href='#n661'>661</a>
<a id='n662' href='#n662'>662</a>
<a id='n663' href='#n663'>663</a>
<a id='n664' href='#n664'>664</a>
<a id='n665' href='#n665'>665</a>
<a id='n666' href='#n666'>666</a>
<a id='n667' href='#n667'>667</a>
</pre></div><div class='alt'><pre><a id='n668' href='#n668'>668</a>
<a id='n669' href='#n669'>669</a>
<a id='n670' href='#n670'>670</a>
<a id='n671' href='#n671'>671</a>
<a id='n672' href='#n672'>672</a>
<a id='n673' href='#n673'>673</a>
<a id='n674' href='#n674'>674</a>
<a id='n675' href='#n675'>675</a>
<a id='n676' href='#n676'>676</a>
</pre></div><div class='alt'><pre><a id='n677' href='#n677'>677</a>
<a id='n678' href='#n678'>678</a>
<a id='n679' href='#n679'>679</a>
<a id='n680' href='#n680'>680</a>
<a id='n681' href='#n681'>681</a>
</pre></div><div class='alt'><pre><a id='n682' href='#n682'>682</a>
<a id='n683' href='#n683'>683</a>
<a id='n684' href='#n684'>684</a>
<a id='n685' href='#n685'>685</a>
<a id='n686' href='#n686'>686</a>
</pre></div><div class='alt'><pre><a id='n687' href='#n687'>687</a>
</pre></div><div class='alt'><pre><a id='n688' href='#n688'>688</a>
</pre></div><div class='alt'><pre><a id='n689' href='#n689'>689</a>
</pre></div><div class='alt'><pre><a id='n690' href='#n690'>690</a>
<a id='n691' href='#n691'>691</a>
<a id='n692' href='#n692'>692</a>
<a id='n693' href='#n693'>693</a>
<a id='n694' href='#n694'>694</a>
<a id='n695' href='#n695'>695</a>
</pre></div><div class='alt'><pre><a id='n696' href='#n696'>696</a>
</pre></div><div class='alt'><pre><a id='n697' href='#n697'>697</a>
</pre></div><div class='alt'><pre><a id='n698' href='#n698'>698</a>
<a id='n699' href='#n699'>699</a>
<a id='n700' href='#n700'>700</a>
<a id='n701' href='#n701'>701</a>
<a id='n702' href='#n702'>702</a>
<a id='n703' href='#n703'>703</a>
<a id='n704' href='#n704'>704</a>
<a id='n705' href='#n705'>705</a>
<a id='n706' href='#n706'>706</a>
<a id='n707' href='#n707'>707</a>
<a id='n708' href='#n708'>708</a>
</pre></div><div class='alt'><pre><a id='n709' href='#n709'>709</a>
<a id='n710' href='#n710'>710</a>
<a id='n711' href='#n711'>711</a>
<a id='n712' href='#n712'>712</a>
<a id='n713' href='#n713'>713</a>
</pre></div><div class='alt'><pre><a id='n714' href='#n714'>714</a>
<a id='n715' href='#n715'>715</a>
<a id='n716' href='#n716'>716</a>
<a id='n717' href='#n717'>717</a>
<a id='n718' href='#n718'>718</a>
</pre></div><div class='alt'><pre><a id='n719' href='#n719'>719</a>
</pre></div><div class='alt'><pre><a id='n720' href='#n720'>720</a>
</pre></div><div class='alt'><pre><a id='n721' href='#n721'>721</a>
</pre></div><div class='alt'><pre><a id='n722' href='#n722'>722</a>
<a id='n723' href='#n723'>723</a>
</pre></div><div class='alt'><pre><a id='n724' href='#n724'>724</a>
</pre></div><div class='alt'><pre><a id='n725' href='#n725'>725</a>
<a id='n726' href='#n726'>726</a>
<a id='n727' href='#n727'>727</a>
<a id='n728' href='#n728'>728</a>
<a id='n729' href='#n729'>729</a>
<a id='n730' href='#n730'>730</a>
</pre></div><div class='alt'><pre><a id='n731' href='#n731'>731</a>
</pre></div><div class='alt'><pre><a id='n732' href='#n732'>732</a>
<a id='n733' href='#n733'>733</a>
<a id='n734' href='#n734'>734</a>
<a id='n735' href='#n735'>735</a>
<a id='n736' href='#n736'>736</a>
<a id='n737' href='#n737'>737</a>
<a id='n738' href='#n738'>738</a>
<a id='n739' href='#n739'>739</a>
</pre></div><div class='alt'><pre><a id='n740' href='#n740'>740</a>
</pre></div><div class='alt'><pre><a id='n741' href='#n741'>741</a>
<a id='n742' href='#n742'>742</a>
<a id='n743' href='#n743'>743</a>
<a id='n744' href='#n744'>744</a>
<a id='n745' href='#n745'>745</a>
</pre></div><div class='alt'><pre><a id='n746' href='#n746'>746</a>
</pre></div><div class='alt'><pre><a id='n747' href='#n747'>747</a>
<a id='n748' href='#n748'>748</a>
<a id='n749' href='#n749'>749</a>
</pre></div><div class='alt'><pre><a id='n750' href='#n750'>750</a>
</pre></div><div class='alt'><pre><a id='n751' href='#n751'>751</a>
</pre></div><div class='alt'><pre><a id='n752' href='#n752'>752</a>
<a id='n753' href='#n753'>753</a>
<a id='n754' href='#n754'>754</a>
<a id='n755' href='#n755'>755</a>
<a id='n756' href='#n756'>756</a>
<a id='n757' href='#n757'>757</a>
</pre></div><div class='alt'><pre><a id='n758' href='#n758'>758</a>
</pre></div><div class='alt'><pre><a id='n759' href='#n759'>759</a>
<a id='n760' href='#n760'>760</a>
<a id='n761' href='#n761'>761</a>
<a id='n762' href='#n762'>762</a>
<a id='n763' href='#n763'>763</a>
</pre></div><div class='alt'><pre><a id='n764' href='#n764'>764</a>
</pre></div><div class='alt'><pre><a id='n765' href='#n765'>765</a>
<a id='n766' href='#n766'>766</a>
</pre></div><div class='alt'><pre><a id='n767' href='#n767'>767</a>
</pre></div><div class='alt'><pre><a id='n768' href='#n768'>768</a>
<a id='n769' href='#n769'>769</a>
<a id='n770' href='#n770'>770</a>
<a id='n771' href='#n771'>771</a>
<a id='n772' href='#n772'>772</a>
<a id='n773' href='#n773'>773</a>
<a id='n774' href='#n774'>774</a>
<a id='n775' href='#n775'>775</a>
</pre></div><div class='alt'><pre><a id='n776' href='#n776'>776</a>
</pre></div><div class='alt'><pre><a id='n777' href='#n777'>777</a>
<a id='n778' href='#n778'>778</a>
</pre></div><div class='alt'><pre><a id='n779' href='#n779'>779</a>
<a id='n780' href='#n780'>780</a>
<a id='n781' href='#n781'>781</a>
<a id='n782' href='#n782'>782</a>
<a id='n783' href='#n783'>783</a>
</pre></div><div class='alt'><pre><a id='n784' href='#n784'>784</a>
<a id='n785' href='#n785'>785</a>
<a id='n786' href='#n786'>786</a>
<a id='n787' href='#n787'>787</a>
<a id='n788' href='#n788'>788</a>
<a id='n789' href='#n789'>789</a>
<a id='n790' href='#n790'>790</a>
<a id='n791' href='#n791'>791</a>
<a id='n792' href='#n792'>792</a>
<a id='n793' href='#n793'>793</a>
<a id='n794' href='#n794'>794</a>
</pre></div><div class='alt'><pre><a id='n795' href='#n795'>795</a>
</pre></div><div class='alt'><pre><a id='n796' href='#n796'>796</a>
<a id='n797' href='#n797'>797</a>
<a id='n798' href='#n798'>798</a>
<a id='n799' href='#n799'>799</a>
<a id='n800' href='#n800'>800</a>
</pre></div><div class='alt'><pre><a id='n801' href='#n801'>801</a>
<a id='n802' href='#n802'>802</a>
<a id='n803' href='#n803'>803</a>
<a id='n804' href='#n804'>804</a>
<a id='n805' href='#n805'>805</a>
</pre></div><div class='alt'><pre><a id='n806' href='#n806'>806</a>
</pre></div><div class='alt'><pre><a id='n807' href='#n807'>807</a>
</pre></div><div class='alt'><pre><a id='n808' href='#n808'>808</a>
<a id='n809' href='#n809'>809</a>
<a id='n810' href='#n810'>810</a>
<a id='n811' href='#n811'>811</a>
</pre></div><div class='alt'><pre><a id='n812' href='#n812'>812</a>
</pre></div><div class='alt'><pre><a id='n813' href='#n813'>813</a>
</pre></div><div class='alt'><pre><a id='n814' href='#n814'>814</a>
<a id='n815' href='#n815'>815</a>
<a id='n816' href='#n816'>816</a>
<a id='n817' href='#n817'>817</a>
<a id='n818' href='#n818'>818</a>
<a id='n819' href='#n819'>819</a>
<a id='n820' href='#n820'>820</a>
<a id='n821' href='#n821'>821</a>
<a id='n822' href='#n822'>822</a>
<a id='n823' href='#n823'>823</a>
<a id='n824' href='#n824'>824</a>
<a id='n825' href='#n825'>825</a>
</pre></div><div class='alt'><pre><a id='n826' href='#n826'>826</a>
<a id='n827' href='#n827'>827</a>
</pre></div><div class='alt'><pre><a id='n828' href='#n828'>828</a>
</pre></div><div class='alt'><pre><a id='n829' href='#n829'>829</a>
</pre></div><div class='alt'><pre><a id='n830' href='#n830'>830</a>
<a id='n831' href='#n831'>831</a>
<a id='n832' href='#n832'>832</a>
<a id='n833' href='#n833'>833</a>
<a id='n834' href='#n834'>834</a>
<a id='n835' href='#n835'>835</a>
<a id='n836' href='#n836'>836</a>
<a id='n837' href='#n837'>837</a>
<a id='n838' href='#n838'>838</a>
<a id='n839' href='#n839'>839</a>
</pre></div><div class='alt'><pre><a id='n840' href='#n840'>840</a>
</pre></div><div class='alt'><pre><a id='n841' href='#n841'>841</a>
<a id='n842' href='#n842'>842</a>
<a id='n843' href='#n843'>843</a>
<a id='n844' href='#n844'>844</a>
<a id='n845' href='#n845'>845</a>
<a id='n846' href='#n846'>846</a>
<a id='n847' href='#n847'>847</a>
</pre></div><div class='alt'><pre><a id='n848' href='#n848'>848</a>
<a id='n849' href='#n849'>849</a>
<a id='n850' href='#n850'>850</a>
<a id='n851' href='#n851'>851</a>
<a id='n852' href='#n852'>852</a>
</pre></div><div class='alt'><pre><a id='n853' href='#n853'>853</a>
<a id='n854' href='#n854'>854</a>
<a id='n855' href='#n855'>855</a>
<a id='n856' href='#n856'>856</a>
<a id='n857' href='#n857'>857</a>
<a id='n858' href='#n858'>858</a>
</pre></div><div class='alt'><pre><a id='n859' href='#n859'>859</a>
</pre></div><div class='alt'><pre><a id='n860' href='#n860'>860</a>
</pre></div><div class='alt'><pre><a id='n861' href='#n861'>861</a>
<a id='n862' href='#n862'>862</a>
<a id='n863' href='#n863'>863</a>
<a id='n864' href='#n864'>864</a>
<a id='n865' href='#n865'>865</a>
<a id='n866' href='#n866'>866</a>
<a id='n867' href='#n867'>867</a>
<a id='n868' href='#n868'>868</a>
<a id='n869' href='#n869'>869</a>
<a id='n870' href='#n870'>870</a>
<a id='n871' href='#n871'>871</a>
<a id='n872' href='#n872'>872</a>
</pre></div><div class='alt'><pre><a id='n873' href='#n873'>873</a>
<a id='n874' href='#n874'>874</a>
</pre></div><div class='alt'><pre><a id='n875' href='#n875'>875</a>
</pre></div><div class='alt'><pre><a id='n876' href='#n876'>876</a>
<a id='n877' href='#n877'>877</a>
<a id='n878' href='#n878'>878</a>
<a id='n879' href='#n879'>879</a>
<a id='n880' href='#n880'>880</a>
<a id='n881' href='#n881'>881</a>
<a id='n882' href='#n882'>882</a>
<a id='n883' href='#n883'>883</a>
<a id='n884' href='#n884'>884</a>
<a id='n885' href='#n885'>885</a>
</pre></div><div class='alt'><pre><a id='n886' href='#n886'>886</a>
</pre></div><div class='alt'><pre><a id='n887' href='#n887'>887</a>
<a id='n888' href='#n888'>888</a>
<a id='n889' href='#n889'>889</a>
<a id='n890' href='#n890'>890</a>
<a id='n891' href='#n891'>891</a>
</pre></div><div class='alt'><pre><a id='n892' href='#n892'>892</a>
</pre></div><div class='alt'><pre><a id='n893' href='#n893'>893</a>
<a id='n894' href='#n894'>894</a>
<a id='n895' href='#n895'>895</a>
</pre></div><div class='alt'><pre><a id='n896' href='#n896'>896</a>
</pre></div><div class='alt'><pre><a id='n897' href='#n897'>897</a>
</pre></div><div class='alt'><pre><a id='n898' href='#n898'>898</a>
<a id='n899' href='#n899'>899</a>
<a id='n900' href='#n900'>900</a>
<a id='n901' href='#n901'>901</a>
</pre></div><div class='alt'><pre><a id='n902' href='#n902'>902</a>
</pre></div><div class='alt'><pre><a id='n903' href='#n903'>903</a>
</pre></div><div class='alt'><pre><a id='n904' href='#n904'>904</a>
</pre></div><div class='alt'><pre><a id='n905' href='#n905'>905</a>
<a id='n906' href='#n906'>906</a>
<a id='n907' href='#n907'>907</a>
<a id='n908' href='#n908'>908</a>
<a id='n909' href='#n909'>909</a>
<a id='n910' href='#n910'>910</a>
</pre></div><div class='alt'><pre><a id='n911' href='#n911'>911</a>
</pre></div><div class='alt'><pre><a id='n912' href='#n912'>912</a>
<a id='n913' href='#n913'>913</a>
<a id='n914' href='#n914'>914</a>
</pre></div><div class='alt'><pre><a id='n915' href='#n915'>915</a>
</pre></div><div class='alt'><pre><a id='n916' href='#n916'>916</a>
<a id='n917' href='#n917'>917</a>
<a id='n918' href='#n918'>918</a>
<a id='n919' href='#n919'>919</a>
<a id='n920' href='#n920'>920</a>
<a id='n921' href='#n921'>921</a>
<a id='n922' href='#n922'>922</a>
<a id='n923' href='#n923'>923</a>
</pre></div><div class='alt'><pre><a id='n924' href='#n924'>924</a>
</pre></div><div class='alt'><pre><a id='n925' href='#n925'>925</a>
<a id='n926' href='#n926'>926</a>
</pre></div><div class='alt'><pre><a id='n927' href='#n927'>927</a>
<a id='n928' href='#n928'>928</a>
<a id='n929' href='#n929'>929</a>
<a id='n930' href='#n930'>930</a>
<a id='n931' href='#n931'>931</a>
</pre></div><div class='alt'><pre><a id='n932' href='#n932'>932</a>
<a id='n933' href='#n933'>933</a>
</pre></div><div class='alt'><pre><a id='n934' href='#n934'>934</a>
</pre></div><div class='alt'><pre><a id='n935' href='#n935'>935</a>
<a id='n936' href='#n936'>936</a>
<a id='n937' href='#n937'>937</a>
<a id='n938' href='#n938'>938</a>
<a id='n939' href='#n939'>939</a>
<a id='n940' href='#n940'>940</a>
<a id='n941' href='#n941'>941</a>
</pre></div><div class='alt'><pre><a id='n942' href='#n942'>942</a>
<a id='n943' href='#n943'>943</a>
</pre></div><div class='alt'><pre><a id='n944' href='#n944'>944</a>
</pre></div><div class='alt'><pre><a id='n945' href='#n945'>945</a>
<a id='n946' href='#n946'>946</a>
</pre></div><div class='alt'><pre><a id='n947' href='#n947'>947</a>
</pre></div><div class='alt'><pre><a id='n948' href='#n948'>948</a>
<a id='n949' href='#n949'>949</a>
<a id='n950' href='#n950'>950</a>
<a id='n951' href='#n951'>951</a>
</pre></div><div class='alt'><pre><a id='n952' href='#n952'>952</a>
</pre></div><div class='alt'><pre><a id='n953' href='#n953'>953</a>
<a id='n954' href='#n954'>954</a>
<a id='n955' href='#n955'>955</a>
<a id='n956' href='#n956'>956</a>
</pre></div><div class='alt'><pre><a id='n957' href='#n957'>957</a>
<a id='n958' href='#n958'>958</a>
<a id='n959' href='#n959'>959</a>
<a id='n960' href='#n960'>960</a>
<a id='n961' href='#n961'>961</a>
<a id='n962' href='#n962'>962</a>
<a id='n963' href='#n963'>963</a>
<a id='n964' href='#n964'>964</a>
<a id='n965' href='#n965'>965</a>
</pre></div><div class='alt'><pre><a id='n966' href='#n966'>966</a>
<a id='n967' href='#n967'>967</a>
</pre></div><div class='alt'><pre><a id='n968' href='#n968'>968</a>
</pre></div><div class='alt'><pre><a id='n969' href='#n969'>969</a>
</pre></div><div class='alt'><pre><a id='n970' href='#n970'>970</a>
<a id='n971' href='#n971'>971</a>
<a id='n972' href='#n972'>972</a>
<a id='n973' href='#n973'>973</a>
<a id='n974' href='#n974'>974</a>
<a id='n975' href='#n975'>975</a>
<a id='n976' href='#n976'>976</a>
<a id='n977' href='#n977'>977</a>
</pre></div><div class='alt'><pre><a id='n978' href='#n978'>978</a>
</pre></div><div class='alt'><pre><a id='n979' href='#n979'>979</a>
</pre></div><div class='alt'><pre><a id='n980' href='#n980'>980</a>
<a id='n981' href='#n981'>981</a>
<a id='n982' href='#n982'>982</a>
<a id='n983' href='#n983'>983</a>
<a id='n984' href='#n984'>984</a>
<a id='n985' href='#n985'>985</a>
<a id='n986' href='#n986'>986</a>
<a id='n987' href='#n987'>987</a>
<a id='n988' href='#n988'>988</a>
<a id='n989' href='#n989'>989</a>
<a id='n990' href='#n990'>990</a>
<a id='n991' href='#n991'>991</a>
<a id='n992' href='#n992'>992</a>
<a id='n993' href='#n993'>993</a>
<a id='n994' href='#n994'>994</a>
<a id='n995' href='#n995'>995</a>
<a id='n996' href='#n996'>996</a>
<a id='n997' href='#n997'>997</a>
<a id='n998' href='#n998'>998</a>
<a id='n999' href='#n999'>999</a>
<a id='n1000' href='#n1000'>1000</a>
<a id='n1001' href='#n1001'>1001</a>
<a id='n1002' href='#n1002'>1002</a>
</pre></div><div class='alt'><pre><a id='n1003' href='#n1003'>1003</a>
</pre></div><div class='alt'><pre><a id='n1004' href='#n1004'>1004</a>
<a id='n1005' href='#n1005'>1005</a>
<a id='n1006' href='#n1006'>1006</a>
<a id='n1007' href='#n1007'>1007</a>
<a id='n1008' href='#n1008'>1008</a>
<a id='n1009' href='#n1009'>1009</a>
<a id='n1010' href='#n1010'>1010</a>
<a id='n1011' href='#n1011'>1011</a>
<a id='n1012' href='#n1012'>1012</a>
<a id='n1013' href='#n1013'>1013</a>
<a id='n1014' href='#n1014'>1014</a>
<a id='n1015' href='#n1015'>1015</a>
<a id='n1016' href='#n1016'>1016</a>
<a id='n1017' href='#n1017'>1017</a>
<a id='n1018' href='#n1018'>1018</a>
<a id='n1019' href='#n1019'>1019</a>
<a id='n1020' href='#n1020'>1020</a>
<a id='n1021' href='#n1021'>1021</a>
<a id='n1022' href='#n1022'>1022</a>
<a id='n1023' href='#n1023'>1023</a>
<a id='n1024' href='#n1024'>1024</a>
<a id='n1025' href='#n1025'>1025</a>
</pre></div><div class='alt'><pre><a id='n1026' href='#n1026'>1026</a>
</pre></div><div class='alt'><pre><a id='n1027' href='#n1027'>1027</a>
<a id='n1028' href='#n1028'>1028</a>
<a id='n1029' href='#n1029'>1029</a>
<a id='n1030' href='#n1030'>1030</a>
<a id='n1031' href='#n1031'>1031</a>
<a id='n1032' href='#n1032'>1032</a>
<a id='n1033' href='#n1033'>1033</a>
<a id='n1034' href='#n1034'>1034</a>
<a id='n1035' href='#n1035'>1035</a>
<a id='n1036' href='#n1036'>1036</a>
<a id='n1037' href='#n1037'>1037</a>
<a id='n1038' href='#n1038'>1038</a>
<a id='n1039' href='#n1039'>1039</a>
<a id='n1040' href='#n1040'>1040</a>
<a id='n1041' href='#n1041'>1041</a>
<a id='n1042' href='#n1042'>1042</a>
</pre></div><div class='alt'><pre><a id='n1043' href='#n1043'>1043</a>
<a id='n1044' href='#n1044'>1044</a>
<a id='n1045' href='#n1045'>1045</a>
<a id='n1046' href='#n1046'>1046</a>
<a id='n1047' href='#n1047'>1047</a>
<a id='n1048' href='#n1048'>1048</a>
<a id='n1049' href='#n1049'>1049</a>
</pre></div></td>
<td class='lines'><div><div><div class='alt'><pre>








































                                                                           </pre></div><div class='alt'><pre>




                                      </pre></div><div class='alt'><pre>
                                                               </pre></div><div class='alt'><pre>


      </pre></div><div class='alt'><pre>
                                                                    </pre></div><div class='alt'><pre>



                                                                      </pre></div><div class='alt'><pre>

                                                         </pre></div><div class='alt'><pre>
                                                              </pre></div><div class='alt'><pre>
                                                          </pre></div><div class='alt'><pre>

   </pre></div><div class='alt'><pre>
                                                                      </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>


                               </pre></div><div class='alt'><pre>


                                    </pre></div><div class='alt'><pre>

                      </pre></div><div class='alt'><pre>
                                                   </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>

                                        </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>

                                                                                  </pre></div><div class='alt'><pre>
               </pre></div><div class='alt'><pre>



                                                   </pre></div><div class='alt'><pre>


      </pre></div><div class='alt'><pre>

                             </pre></div><div class='alt'><pre>






                                                                      </pre></div><div class='alt'><pre>
                                                                          </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>


                               </pre></div><div class='alt'><pre>


                                               </pre></div><div class='alt'><pre>

                                                                                                   </pre></div><div class='alt'><pre>

      </pre></div><div class='alt'><pre>

                             </pre></div><div class='alt'><pre>

 </pre></div><div class='alt'><pre>
  </pre></div><div class='alt'><pre>
                                                              </pre></div><div class='alt'><pre>
  </pre></div><div class='alt'><pre>































                                                                      </pre></div><div class='alt'><pre>

   </pre></div><div class='alt'><pre>







                                                                                 </pre></div><div class='alt'><pre>





                                                                          </pre></div><div class='alt'><pre>
                                       </pre></div><div class='alt'><pre>







                                                                                  </pre></div><div class='alt'><pre>
                                       </pre></div><div class='alt'><pre>

 </pre></div><div class='alt'><pre>
  </pre></div><div class='alt'><pre>









































                                                                                     </pre></div><div class='alt'><pre>




                                                                                        </pre></div><div class='alt'><pre>



                                                      </pre></div><div class='alt'><pre>


  </pre></div><div class='alt'><pre>

                                                                      </pre></div><div class='alt'><pre>

   </pre></div><div class='alt'><pre>




                                                                      </pre></div><div class='alt'><pre>
                                                    </pre></div><div class='alt'><pre>

                                                                                   </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>
                                       </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>


                        </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>


                                                      </pre></div><div class='alt'><pre>
                                         </pre></div><div class='alt'><pre>

                                            </pre></div><div class='alt'><pre>
                                                  </pre></div><div class='alt'><pre>

               </pre></div><div class='alt'><pre>
                                </pre></div><div class='alt'><pre>
                                 </pre></div><div class='alt'><pre>
                     </pre></div><div class='alt'><pre>

                      </pre></div><div class='alt'><pre>






                                                             </pre></div><div class='alt'><pre>

                                   </pre></div><div class='alt'><pre>
               </pre></div><div class='alt'><pre>
   </pre></div><div class='alt'><pre>

                            </pre></div><div class='alt'><pre>
                     </pre></div><div class='alt'><pre>






                                                     </pre></div><div class='alt'><pre>
                                                                    </pre></div><div class='alt'><pre>

                                                                      </pre></div><div class='alt'><pre>
                                                                 </pre></div><div class='alt'><pre>
                                                               </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>
                                       </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>


                        </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>


                                                      </pre></div><div class='alt'><pre>
                                         </pre></div><div class='alt'><pre>

                                            </pre></div><div class='alt'><pre>
                     </pre></div><div class='alt'><pre>

                                 </pre></div><div class='alt'><pre>






                                                              </pre></div><div class='alt'><pre>

                                   </pre></div><div class='alt'><pre>
               </pre></div><div class='alt'><pre>
   </pre></div><div class='alt'><pre>








                                                                  </pre></div><div class='alt'><pre>


                                                                              </pre></div><div class='alt'><pre>
                                                            </pre></div><div class='alt'><pre>


                                                                                                                   </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>
                                                                </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>




                                     </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>


                                                      </pre></div><div class='alt'><pre>
                                         </pre></div><div class='alt'><pre>

                                            </pre></div><div class='alt'><pre>


                                                  </pre></div><div class='alt'><pre>
                                </pre></div><div class='alt'><pre>
                                 </pre></div><div class='alt'><pre>
                                         </pre></div><div class='alt'><pre>

                               </pre></div><div class='alt'><pre>

                                                                                </pre></div><div class='alt'><pre>

                                                                                </pre></div><div class='alt'><pre>
               </pre></div><div class='alt'><pre>
   </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>
                                                   </pre></div><div class='alt'><pre>

                 </pre></div><div class='alt'><pre>





                                                                                      </pre></div><div class='alt'><pre>



                                    </pre></div><div class='alt'><pre>

                                   </pre></div><div class='alt'><pre>
               </pre></div><div class='alt'><pre>
   </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>
                            </pre></div><div class='alt'><pre>
                     </pre></div><div class='alt'><pre>







                                                                     </pre></div><div class='alt'><pre>


                                                                             </pre></div><div class='alt'><pre>
                                                           </pre></div><div class='alt'><pre>

                                                                       </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>
                                       </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>




                                       </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>


                                                      </pre></div><div class='alt'><pre>
                                         </pre></div><div class='alt'><pre>

                                            </pre></div><div class='alt'><pre>


                                                  </pre></div><div class='alt'><pre>
                                </pre></div><div class='alt'><pre>
                                 </pre></div><div class='alt'><pre>
                                        </pre></div><div class='alt'><pre>

                      </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>

                                                                                       </pre></div><div class='alt'><pre>
               </pre></div><div class='alt'><pre>
   </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>
                                                     </pre></div><div class='alt'><pre>

                 </pre></div><div class='alt'><pre>





                                                                                        </pre></div><div class='alt'><pre>



                                    </pre></div><div class='alt'><pre>

                                   </pre></div><div class='alt'><pre>
               </pre></div><div class='alt'><pre>
   </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>
                            </pre></div><div class='alt'><pre>
                     </pre></div><div class='alt'><pre>






                                          </pre></div><div class='alt'><pre>
                                                                 </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>
                        </pre></div><div class='alt'><pre>












                                                     </pre></div><div class='alt'><pre>
                                                                  </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>
                                            </pre></div><div class='alt'><pre>



                                   </pre></div><div class='alt'><pre>


                      </pre></div><div class='alt'><pre>


                                                                         </pre></div><div class='alt'><pre>




                                                               </pre></div><div class='alt'><pre>

                                                      </pre></div><div class='alt'><pre>
                                   </pre></div><div class='alt'><pre>







                                          </pre></div><div class='alt'><pre>

                                                                        </pre></div><div class='alt'><pre>



                                   </pre></div><div class='alt'><pre>
                                            </pre></div><div class='alt'><pre>









                                   </pre></div><div class='alt'><pre>



















                                                                         </pre></div><div class='alt'><pre>


                                           </pre></div><div class='alt'><pre>

                                                                         </pre></div><div class='alt'><pre>



                                   </pre></div><div class='alt'><pre>
                                            </pre></div><div class='alt'><pre>












                                                   </pre></div><div class='alt'><pre>
                                                                         </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>
                                            </pre></div><div class='alt'><pre>










                                                                                                        </pre></div><div class='alt'><pre>

                      </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>






                                                                           </pre></div><div class='alt'><pre>

























                                                                                                     </pre></div><div class='alt'><pre>





                                         </pre></div><div class='alt'><pre>

                                                                                                 </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>
                                            </pre></div><div class='alt'><pre>








                                                                                                        </pre></div><div class='alt'><pre>
                      </pre></div><div class='alt'><pre>

                  </pre></div><div class='alt'><pre>






                                                                           </pre></div><div class='alt'><pre>































                                                                                                             </pre></div><div class='alt'><pre>








                                                                  </pre></div><div class='alt'><pre>




                                                                                                              </pre></div><div class='alt'><pre>




                                                     </pre></div><div class='alt'><pre>
                                                                                </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>
                                                                                               </pre></div><div class='alt'><pre>





                                                                                     </pre></div><div class='alt'><pre>
                                        </pre></div><div class='alt'><pre>
                                                                                                          </pre></div><div class='alt'><pre>










                                                                                                           </pre></div><div class='alt'><pre>




                                                                                                                </pre></div><div class='alt'><pre>




                                                     </pre></div><div class='alt'><pre>
                                                                                </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>
                                                                                               </pre></div><div class='alt'><pre>

               </pre></div><div class='alt'><pre>
                                        </pre></div><div class='alt'><pre>





                                                                            </pre></div><div class='alt'><pre>
                                  </pre></div><div class='alt'><pre>







                                                                            </pre></div><div class='alt'><pre>
                                                                                                             </pre></div><div class='alt'><pre>




                </pre></div><div class='alt'><pre>
                                                                </pre></div><div class='alt'><pre>


                                                                                                          </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>
                                            </pre></div><div class='alt'><pre>





                                                                        </pre></div><div class='alt'><pre>
                                                     </pre></div><div class='alt'><pre>




                                                                                                </pre></div><div class='alt'><pre>
                                 </pre></div><div class='alt'><pre>

                               </pre></div><div class='alt'><pre>
                                   </pre></div><div class='alt'><pre>







                                                                                                        </pre></div><div class='alt'><pre>
                      </pre></div><div class='alt'><pre>

                  </pre></div><div class='alt'><pre>




                                                                           </pre></div><div class='alt'><pre>










                                                                                                                        </pre></div><div class='alt'><pre>
                                                            </pre></div><div class='alt'><pre>




                                                                  </pre></div><div class='alt'><pre>




                                                                                                             </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>
                                                                      </pre></div><div class='alt'><pre>



                                                 </pre></div><div class='alt'><pre>
                                                                                </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>











                                                                               </pre></div><div class='alt'><pre>

               </pre></div><div class='alt'><pre>
                                        </pre></div><div class='alt'><pre>
                                                                                                           </pre></div><div class='alt'><pre>









                                                                                                           </pre></div><div class='alt'><pre>
                                                                            </pre></div><div class='alt'><pre>






                                       </pre></div><div class='alt'><pre>




                                                                                                               </pre></div><div class='alt'><pre>





                                                 </pre></div><div class='alt'><pre>
                                                                                </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>











                                                                                 </pre></div><div class='alt'><pre>

               </pre></div><div class='alt'><pre>
                                        </pre></div><div class='alt'><pre>









                                                                                </pre></div><div class='alt'><pre>
                                                                                                </pre></div><div class='alt'><pre>




                </pre></div><div class='alt'><pre>
                                                                  </pre></div><div class='alt'><pre>


                                                                                                 </pre></div><div class='alt'><pre>
 </pre></div><div class='alt'><pre>
                                            </pre></div><div class='alt'><pre>



                                   </pre></div><div class='alt'><pre>
                                                                                              </pre></div><div class='alt'><pre>
                                                                          </pre></div><div class='alt'><pre>
                                                       </pre></div><div class='alt'><pre>





                                                                                       </pre></div><div class='alt'><pre>
                                     </pre></div><div class='alt'><pre>


                               </pre></div><div class='alt'><pre>
                                       </pre></div><div class='alt'><pre>







                                                                                                        </pre></div><div class='alt'><pre>
                      </pre></div><div class='alt'><pre>

                  </pre></div><div class='alt'><pre>




                                                                           </pre></div><div class='alt'><pre>

                    </pre></div><div class='alt'><pre>
                                                                                                                       </pre></div><div class='alt'><pre>






                                    </pre></div><div class='alt'><pre>

                                                                       </pre></div><div class='alt'><pre>
                                                              </pre></div><div class='alt'><pre>

                                                                 </pre></div><div class='alt'><pre>
                                                                           </pre></div><div class='alt'><pre>



                                                                  </pre></div><div class='alt'><pre>
                                                                           </pre></div><div class='alt'><pre>



                      </pre></div><div class='alt'><pre>








                                      </pre></div><div class='alt'><pre>

               </pre></div><div class='alt'><pre>
                                                         </pre></div><div class='alt'><pre>
                                                                                              </pre></div><div class='alt'><pre>







                                                                                    </pre></div><div class='alt'><pre>
                                                                          </pre></div><div class='alt'><pre>
                                                                                    </pre></div><div class='alt'><pre>






















                                                                                    </pre></div><div class='alt'><pre>
                                                                              </pre></div><div class='alt'><pre>





















                                                                                        </pre></div><div class='alt'><pre>
                                                             </pre></div><div class='alt'><pre>















                                                        </pre></div><div class='alt'><pre>






                        </pre></div></div><pre><code><style>pre { line-height: 125%; }
td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
.highlight .hll { background-color: #ffffcc }
.highlight .c { color: #888888 } /* Comment */
.highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */
.highlight .k { color: #008800; font-weight: bold } /* Keyword */
.highlight .ch { color: #888888 } /* Comment.Hashbang */
.highlight .cm { color: #888888 } /* Comment.Multiline */
.highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */
.highlight .cpf { color: #888888 } /* Comment.PreprocFile */
.highlight .c1 { color: #888888 } /* Comment.Single */
.highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */
.highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .ges { font-weight: bold; font-style: italic } /* Generic.EmphStrong */
.highlight .gr { color: #aa0000 } /* Generic.Error */
.highlight .gh { color: #333333 } /* Generic.Heading */
.highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */
.highlight .go { color: #888888 } /* Generic.Output */
.highlight .gp { color: #555555 } /* Generic.Prompt */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #666666 } /* Generic.Subheading */
.highlight .gt { color: #aa0000 } /* Generic.Traceback */
.highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */
.highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */
.highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */
.highlight .kp { color: #008800 } /* Keyword.Pseudo */
.highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */
.highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */
.highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */
.highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */
.highlight .na { color: #336699 } /* Name.Attribute */
.highlight .nb { color: #003388 } /* Name.Builtin */
.highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */
.highlight .no { color: #003366; font-weight: bold } /* Name.Constant */
.highlight .nd { color: #555555 } /* Name.Decorator */
.highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */
.highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */
.highlight .nl { color: #336699; font-style: italic } /* Name.Label */
.highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */
.highlight .py { color: #336699; font-weight: bold } /* Name.Property */
.highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */
.highlight .nv { color: #336699 } /* Name.Variable */
.highlight .ow { color: #008800 } /* Operator.Word */
.highlight .w { color: #bbbbbb } /* Text.Whitespace */
.highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */
.highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */
.highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */
.highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */
.highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */
.highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */
.highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */
.highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */
.highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */
.highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */
.highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */
.highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */
.highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */
.highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */
.highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */
.highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */
.highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */
.highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */
.highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */
.highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */
.highlight .vc { color: #336699 } /* Name.Variable.Class */
.highlight .vg { color: #dd7700 } /* Name.Variable.Global */
.highlight .vi { color: #3333bb } /* Name.Variable.Instance */
.highlight .vm { color: #336699 } /* Name.Variable.Magic */
.highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */</style><div class="highlight"><pre><span></span><span class="cm">/*</span>
<span class="cm"> * rpc_pkey.c</span>
<span class="cm"> * ----------</span>
<span class="cm"> * Remote procedure call server-side public key implementation.</span>
<span class="cm"> *</span>
<span class="cm"> * Authors: Rob Austein</span>
<span class="cm"> * Copyright (c) 2015, NORDUnet A/S All rights reserved.</span>
<span class="cm"> *</span>
<span class="cm"> * Redistribution and use in source and binary forms, with or without</span>
<span class="cm"> * modification, are permitted provided that the following conditions are</span>
<span class="cm"> * met:</span>
<span class="cm"> * - Redistributions of source code must retain the above copyright notice,</span>
<span class="cm"> *   this list of conditions and the following disclaimer.</span>
<span class="cm"> *</span>
<span class="cm"> * - Redistributions in binary form must reproduce the above copyright</span>
<span class="cm"> *   notice, this list of conditions and the following disclaimer in the</span>
<span class="cm"> *   documentation and/or other materials provided with the distribution.</span>
<span class="cm"> *</span>
<span class="cm"> * - Neither the name of the NORDUnet nor the names of its contributors may</span>
<span class="cm"> *   be used to endorse or promote products derived from this software</span>
<span class="cm"> *   without specific prior written permission.</span>
<span class="cm"> *</span>
<span class="cm"> * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS</span>
<span class="cm"> * IS&quot; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED</span>
<span class="cm"> * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A</span>
<span class="cm"> * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT</span>
<span class="cm"> * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,</span>
<span class="cm"> * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED</span>
<span class="cm"> * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR</span>
<span class="cm"> * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF</span>
<span class="cm"> * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING</span>
<span class="cm"> * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS</span>
<span class="cm"> * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.</span>
<span class="cm"> */</span>

<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;string.h&gt;</span>
<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;assert.h&gt;</span>

<span class="cp">#include</span><span class="w"> </span><span class="cpf">&quot;hal.h&quot;</span>
<span class="cp">#include</span><span class="w"> </span><span class="cpf">&quot;hal_internal.h&quot;</span>

<span class="cp">#ifndef HAL_STATIC_PKEY_STATE_BLOCKS</span>
<span class="cp">#define HAL_STATIC_PKEY_STATE_BLOCKS 0</span>
<span class="cp">#endif</span>

<span class="cp">#if HAL_STATIC_PKEY_STATE_BLOCKS &gt; 0</span>
<span class="k">static</span><span class="w"> </span><span class="n">hal_pkey_slot_t</span><span class="w"> </span><span class="n">pkey_slot</span><span class="p">[</span><span class="n">HAL_STATIC_PKEY_STATE_BLOCKS</span><span class="p">];</span>
<span class="cp">#endif</span>

<span class="cm">/*</span>
<span class="cm"> * Handle allocation is simple: look for an unused (HAL_HANDLE_NONE)</span>
<span class="cm"> * slot in the table, and, assuming we find one, construct a composite</span>
<span class="cm"> * handle consisting of the index into the table and a counter whose</span>
<span class="cm"> * sole purpose is to keep the same handle from reoccurring anytime</span>
<span class="cm"> * soon, to help identify use-after-free bugs in calling code.</span>
<span class="cm"> *</span>
<span class="cm"> * The high order bit of the pkey handle is left free for</span>
<span class="cm"> * HAL_PKEY_HANDLE_TOKEN_FLAG, which is used by the mixed-mode</span>
<span class="cm"> * handlers to route calls to the appropriate destination.</span>
<span class="cm"> */</span>

<span class="k">static</span><span class="w"> </span><span class="kr">inline</span><span class="w"> </span><span class="n">hal_pkey_slot_t</span><span class="w"> </span><span class="o">*</span><span class="nf">alloc_slot</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_key_flags_t</span><span class="w"> </span><span class="n">flags</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="n">hal_pkey_slot_t</span><span class="w"> </span><span class="o">*</span><span class="n">slot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_critical_section_start</span><span class="p">();</span>

<span class="cp">#if HAL_STATIC_PKEY_STATE_BLOCKS &gt; 0</span>
<span class="w">  </span><span class="k">static</span><span class="w"> </span><span class="kt">uint16_t</span><span class="w"> </span><span class="n">next_glop</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>
<span class="w">  </span><span class="kt">uint32_t</span><span class="w"> </span><span class="n">glop</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="o">++</span><span class="n">next_glop</span><span class="w"> </span><span class="o">&lt;&lt;</span><span class="w"> </span><span class="mi">16</span><span class="p">;</span>
<span class="w">  </span><span class="n">next_glop</span><span class="w"> </span><span class="o">%=</span><span class="w"> </span><span class="mh">0x7FFF</span><span class="p">;</span>

<span class="w">  </span><span class="n">assert</span><span class="p">((</span><span class="n">glop</span><span class="w"> </span><span class="o">&amp;</span><span class="w"> </span><span class="n">HAL_PKEY_HANDLE_TOKEN_FLAG</span><span class="p">)</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="mi">0</span><span class="p">);</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">flags</span><span class="w"> </span><span class="o">&amp;</span><span class="w"> </span><span class="n">HAL_KEY_FLAG_TOKEN</span><span class="p">)</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="mi">0</span><span class="p">)</span>
<span class="w">    </span><span class="n">glop</span><span class="w"> </span><span class="o">|=</span><span class="w"> </span><span class="n">HAL_PKEY_HANDLE_TOKEN_FLAG</span><span class="p">;</span>

<span class="w">  </span><span class="k">for</span><span class="w"> </span><span class="p">(</span><span class="kt">int</span><span class="w"> </span><span class="n">i</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span><span class="w"> </span><span class="n">slot</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="n">i</span><span class="w"> </span><span class="o">&lt;</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">pkey_slot</span><span class="p">)</span><span class="o">/</span><span class="k">sizeof</span><span class="p">(</span><span class="o">*</span><span class="n">pkey_slot</span><span class="p">);</span><span class="w"> </span><span class="n">i</span><span class="o">++</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">    </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">pkey_slot</span><span class="p">[</span><span class="n">i</span><span class="p">].</span><span class="n">pkey_handle</span><span class="p">.</span><span class="n">handle</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_HANDLE_NONE</span><span class="p">)</span>
<span class="w">      </span><span class="k">continue</span><span class="p">;</span>
<span class="w">    </span><span class="n">memset</span><span class="p">(</span><span class="o">&amp;</span><span class="n">pkey_slot</span><span class="p">[</span><span class="n">i</span><span class="p">],</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">pkey_slot</span><span class="p">[</span><span class="n">i</span><span class="p">]));</span>
<span class="w">    </span><span class="n">pkey_slot</span><span class="p">[</span><span class="n">i</span><span class="p">].</span><span class="n">pkey_handle</span><span class="p">.</span><span class="n">handle</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">i</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">glop</span><span class="p">;</span>
<span class="w">    </span><span class="n">pkey_slot</span><span class="p">[</span><span class="n">i</span><span class="p">].</span><span class="n">hint</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">-1</span><span class="p">;</span>
<span class="w">    </span><span class="n">slot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="o">&amp;</span><span class="n">pkey_slot</span><span class="p">[</span><span class="n">i</span><span class="p">];</span>
<span class="w">  </span><span class="p">}</span>
<span class="cp">#endif</span>

<span class="w">  </span><span class="n">hal_critical_section_end</span><span class="p">();</span>
<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">slot</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/*</span>
<span class="cm"> * Check a caller-supplied handle.  Must be in range, in use, and have</span>
<span class="cm"> * the right glop.  Returns slot pointer on success, NULL otherwise.</span>
<span class="cm"> */</span>

<span class="k">static</span><span class="w"> </span><span class="kr">inline</span><span class="w"> </span><span class="n">hal_pkey_slot_t</span><span class="w"> </span><span class="o">*</span><span class="nf">find_handle</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_pkey_handle_t</span><span class="w"> </span><span class="n">handle</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="n">hal_pkey_slot_t</span><span class="w"> </span><span class="o">*</span><span class="n">slot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_critical_section_start</span><span class="p">();</span>

<span class="cp">#if HAL_STATIC_PKEY_STATE_BLOCKS &gt; 0</span>
<span class="w">  </span><span class="k">const</span><span class="w"> </span><span class="kt">int</span><span class="w"> </span><span class="n">i</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="kt">int</span><span class="p">)</span><span class="w"> </span><span class="p">(</span><span class="n">handle</span><span class="p">.</span><span class="n">handle</span><span class="w"> </span><span class="o">&amp;</span><span class="w"> </span><span class="mh">0xFFFF</span><span class="p">);</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">i</span><span class="w"> </span><span class="o">&lt;</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">pkey_slot</span><span class="p">)</span><span class="o">/</span><span class="k">sizeof</span><span class="p">(</span><span class="o">*</span><span class="n">pkey_slot</span><span class="p">)</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="n">pkey_slot</span><span class="p">[</span><span class="n">i</span><span class="p">].</span><span class="n">pkey_handle</span><span class="p">.</span><span class="n">handle</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">handle</span><span class="p">.</span><span class="n">handle</span><span class="p">)</span>
<span class="w">    </span><span class="n">slot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="o">&amp;</span><span class="n">pkey_slot</span><span class="p">[</span><span class="n">i</span><span class="p">];</span>
<span class="cp">#endif</span>

<span class="w">  </span><span class="n">hal_critical_section_end</span><span class="p">();</span>
<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">slot</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/*</span>
<span class="cm"> * Access rules are a bit complicated, mostly due to PKCS #11.</span>
<span class="cm"> *</span>
<span class="cm"> * The simple, obvious rule would be that one must be logged in as</span>
<span class="cm"> * HAL_USER_NORMAL to create, see, use, or delete a key, full stop.</span>
<span class="cm"> *</span>
<span class="cm"> * That&#39;s almost the rule that PKCS #11 follows for so-called</span>
<span class="cm"> * &quot;private&quot; objects (CKA_PRIVATE = CK_TRUE), but PKCS #11 has a more</span>
<span class="cm"> * model which not only allows wider visibility to &quot;public&quot; objects</span>
<span class="cm"> * (CKA_PRIVATE = CK_FALSE) but also allows write access to &quot;public</span>
<span class="cm"> * session&quot; (CKA_PRIVATE = CK_FALSE, CKA_TOKEN = CK_FALSE) objects</span>
<span class="cm"> * regardless of login state.</span>
<span class="cm"> *</span>
<span class="cm"> * PKCS #11 also has a concept of read-only sessions, which we don&#39;t</span>
<span class="cm"> * bother to implement at all on the HSM, since the PIN is required to</span>
<span class="cm"> * be the same as for the corresponding read-write session, so this</span>
<span class="cm"> * would just be additional compexity without adding any security on</span>
<span class="cm"> * the HSM; the PKCS #11 library still has to support read-only</span>
<span class="cm"> * sessions, but that&#39;s not our problem here.</span>
<span class="cm"> *</span>
<span class="cm"> * In general, non-PKCS #11 users of this API should probably never</span>
<span class="cm"> * set HAL_KEY_FLAG_PUBLIC, in which case they&#39;ll get the simple rule.</span>
<span class="cm"> *</span>
<span class="cm"> * Note that keystore drivers may need to implement additional</span>
<span class="cm"> * additional checks, eg, ks_volatile needs to enforce the rule that</span>
<span class="cm"> * session objects are only visible to the client which created them</span>
<span class="cm"> * (not the session, that would be too simple, thanks PKCS #11).  In</span>
<span class="cm"> * practice, this should not be a serious problem, since such checks</span>
<span class="cm"> * will likely only apply to existing objects.  The thing we really</span>
<span class="cm"> * want to avoid is doing all the work to create a large key only to</span>
<span class="cm"> * have the keystore driver reject access at the end, but since, by</span>
<span class="cm"> * definition, that only occurs when creating new objects, the access</span>
<span class="cm"> * decision doesn&#39;t depend on preexisting data, so the rules here</span>
<span class="cm"> * should suffice.  That&#39;s the theory, anyway, if this is wrong we may</span>
<span class="cm"> * need to refactor.</span>
<span class="cm"> */</span>

<span class="k">static</span><span class="w"> </span><span class="kr">inline</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">check_normal_or_wheel</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_client_handle_t</span><span class="w"> </span><span class="n">client</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="k">const</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_rpc_is_logged_in</span><span class="p">(</span><span class="n">client</span><span class="p">,</span><span class="w"> </span><span class="n">HAL_USER_NORMAL</span><span class="p">);</span>
<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_ERROR_FORBIDDEN</span>
<span class="w">          </span><span class="o">?</span><span class="w"> </span><span class="n">hal_rpc_is_logged_in</span><span class="p">(</span><span class="n">client</span><span class="p">,</span><span class="w"> </span><span class="n">HAL_USER_WHEEL</span><span class="p">)</span>
<span class="w">          </span><span class="o">:</span><span class="w"> </span><span class="n">err</span><span class="p">);</span>
<span class="p">}</span>

<span class="k">static</span><span class="w"> </span><span class="kr">inline</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">check_readable</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_client_handle_t</span><span class="w"> </span><span class="n">client</span><span class="p">,</span>
<span class="w">                                         </span><span class="k">const</span><span class="w"> </span><span class="n">hal_key_flags_t</span><span class="w"> </span><span class="n">flags</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">flags</span><span class="w"> </span><span class="o">&amp;</span><span class="w"> </span><span class="n">HAL_KEY_FLAG_PUBLIC</span><span class="p">)</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="mi">0</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">;</span>

<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">check_normal_or_wheel</span><span class="p">(</span><span class="n">client</span><span class="p">);</span>
<span class="p">}</span>

<span class="k">static</span><span class="w"> </span><span class="kr">inline</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">check_writable</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_client_handle_t</span><span class="w"> </span><span class="n">client</span><span class="p">,</span>
<span class="w">                                         </span><span class="k">const</span><span class="w"> </span><span class="n">hal_key_flags_t</span><span class="w"> </span><span class="n">flags</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">flags</span><span class="w"> </span><span class="o">&amp;</span><span class="w"> </span><span class="p">(</span><span class="n">HAL_KEY_FLAG_TOKEN</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">HAL_KEY_FLAG_PUBLIC</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_KEY_FLAG_PUBLIC</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">;</span>

<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">check_normal_or_wheel</span><span class="p">(</span><span class="n">client</span><span class="p">);</span>
<span class="p">}</span>

<span class="cm">/*</span>
<span class="cm"> * Pad an octet string with PKCS #1.5 padding for use with RSA.</span>
<span class="cm"> *</span>
<span class="cm"> * For the moment, this only handles type 01 encryption blocks, thus</span>
<span class="cm"> * is only suitable for use with signature and verification.  If and</span>
<span class="cm"> * when we add support for encryption and decryption, this function</span>
<span class="cm"> * should be extended to take an argument specifying the block type</span>
<span class="cm"> * and include support for generating type 02 encryption blocks.</span>
<span class="cm"> * Other than the block type code, the only difference is the padding</span>
<span class="cm"> * value: for type 01 it&#39;s constant (0xFF), for type 02 it should be</span>
<span class="cm"> * non-zero random bytes from the CSPRNG.</span>
<span class="cm"> *</span>
<span class="cm"> * We use memmove() instead of memcpy() so that the caller can</span>
<span class="cm"> * construct the data to be padded in the same buffer.</span>
<span class="cm"> */</span>

<span class="k">static</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">pkcs1_5_pad</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">data</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">data_len</span><span class="p">,</span>
<span class="w">                               </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="n">block</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">block_len</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="n">assert</span><span class="p">(</span><span class="n">data</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="n">block</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">);</span>

<span class="w">  </span><span class="cm">/*</span>
<span class="cm">   * Congregation will now please turn to RFC 2313 8.1 as we</span>
<span class="cm">   * construct a PKCS #1.5 type 01 encryption block.</span>
<span class="cm">   */</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">data_len</span><span class="w"> </span><span class="o">&gt;</span><span class="w"> </span><span class="n">block_len</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="mi">11</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_RESULT_TOO_LONG</span><span class="p">;</span>

<span class="w">  </span><span class="n">memmove</span><span class="p">(</span><span class="n">block</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="n">block_len</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">data_len</span><span class="p">,</span><span class="w"> </span><span class="n">data</span><span class="p">,</span><span class="w"> </span><span class="n">data_len</span><span class="p">);</span>

<span class="w">  </span><span class="n">block</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mh">0x00</span><span class="p">;</span>
<span class="w">  </span><span class="n">block</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mh">0x01</span><span class="p">;</span>

<span class="w">  </span><span class="cm">/* This is where we&#39;d use non-zero random bytes if constructing a type 02 block. */</span>
<span class="w">  </span><span class="n">memset</span><span class="p">(</span><span class="n">block</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="w"> </span><span class="mh">0xFF</span><span class="p">,</span><span class="w"> </span><span class="n">block_len</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">data_len</span><span class="p">);</span>

<span class="w">  </span><span class="n">block</span><span class="p">[</span><span class="n">block_len</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">data_len</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="p">]</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mh">0x00</span><span class="p">;</span>

<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/*</span>
<span class="cm"> * Given key flags, open appropriate keystore driver.</span>
<span class="cm"> */</span>

<span class="k">static</span><span class="w"> </span><span class="kr">inline</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">ks_open_from_flags</span><span class="p">(</span><span class="n">hal_ks_t</span><span class="w"> </span><span class="o">**</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">hal_key_flags_t</span><span class="w"> </span><span class="n">flags</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">hal_ks_open</span><span class="p">((</span><span class="n">flags</span><span class="w"> </span><span class="o">&amp;</span><span class="w"> </span><span class="n">HAL_KEY_FLAG_TOKEN</span><span class="p">)</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="mi">0</span>
<span class="w">                     </span><span class="o">?</span><span class="w"> </span><span class="n">hal_ks_volatile_driver</span>
<span class="w">                     </span><span class="o">:</span><span class="w"> </span><span class="n">hal_ks_token_driver</span><span class="p">,</span>
<span class="w">                     </span><span class="n">ks</span><span class="p">);</span>
<span class="p">}</span>

<span class="cm">/*</span>
<span class="cm"> * Receive key from application, generate a name (UUID), store it, and</span>
<span class="cm"> * return a key handle and the name.</span>
<span class="cm"> */</span>

<span class="k">static</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">pkey_local_load</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_client_handle_t</span><span class="w"> </span><span class="n">client</span><span class="p">,</span>
<span class="w">                                   </span><span class="k">const</span><span class="w"> </span><span class="n">hal_session_handle_t</span><span class="w"> </span><span class="n">session</span><span class="p">,</span>
<span class="w">                                   </span><span class="n">hal_pkey_handle_t</span><span class="w"> </span><span class="o">*</span><span class="n">pkey</span><span class="p">,</span>
<span class="w">                                   </span><span class="k">const</span><span class="w"> </span><span class="n">hal_key_type_t</span><span class="w"> </span><span class="n">type</span><span class="p">,</span>
<span class="w">                                   </span><span class="k">const</span><span class="w"> </span><span class="n">hal_curve_name_t</span><span class="w"> </span><span class="n">curve</span><span class="p">,</span>
<span class="w">                                   </span><span class="n">hal_uuid_t</span><span class="w"> </span><span class="o">*</span><span class="n">name</span><span class="p">,</span>
<span class="w">                                   </span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">der_len</span><span class="p">,</span>
<span class="w">                                   </span><span class="k">const</span><span class="w"> </span><span class="n">hal_key_flags_t</span><span class="w"> </span><span class="n">flags</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="n">assert</span><span class="p">(</span><span class="n">pkey</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">);</span>

<span class="w">  </span><span class="n">hal_pkey_slot_t</span><span class="w"> </span><span class="o">*</span><span class="n">slot</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_ks_t</span><span class="w"> </span><span class="o">*</span><span class="n">ks</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_error_t</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">check_writable</span><span class="p">(</span><span class="n">client</span><span class="p">,</span><span class="w"> </span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">slot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">alloc_slot</span><span class="p">(</span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_NO_KEY_SLOTS_AVAILABLE</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_uuid_gen</span><span class="p">(</span><span class="o">&amp;</span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">name</span><span class="p">))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">client_handle</span><span class="w">  </span><span class="o">=</span><span class="w"> </span><span class="n">client</span><span class="p">;</span>
<span class="w">  </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">session_handle</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">session</span><span class="p">;</span>
<span class="w">  </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">type</span><span class="w">  </span><span class="o">=</span><span class="w"> </span><span class="n">type</span><span class="p">;</span>
<span class="w">  </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">curve</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">curve</span><span class="p">;</span>
<span class="w">  </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">flags</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">flags</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">ks_open_from_flags</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">&amp;&amp;</span>
<span class="w">      </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_store</span><span class="p">(</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">slot</span><span class="p">,</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="n">der_len</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>
<span class="w">  </span><span class="k">else</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ks</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="p">(</span><span class="kt">void</span><span class="p">)</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">    </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">type</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">HAL_KEY_TYPE_NONE</span><span class="p">;</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="w">  </span><span class="p">}</span>

<span class="w">  </span><span class="o">*</span><span class="n">pkey</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">pkey_handle</span><span class="p">;</span>
<span class="w">  </span><span class="o">*</span><span class="n">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">name</span><span class="p">;</span>
<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/*</span>
<span class="cm"> * Look up a key given its name, return a key handle.</span>
<span class="cm"> */</span>

<span class="k">static</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">pkey_local_open</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_client_handle_t</span><span class="w"> </span><span class="n">client</span><span class="p">,</span>
<span class="w">                                   </span><span class="k">const</span><span class="w"> </span><span class="n">hal_session_handle_t</span><span class="w"> </span><span class="n">session</span><span class="p">,</span>
<span class="w">                                   </span><span class="n">hal_pkey_handle_t</span><span class="w"> </span><span class="o">*</span><span class="n">pkey</span><span class="p">,</span>
<span class="w">                                   </span><span class="k">const</span><span class="w"> </span><span class="n">hal_uuid_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">name</span><span class="p">,</span>
<span class="w">                                   </span><span class="k">const</span><span class="w"> </span><span class="n">hal_key_flags_t</span><span class="w"> </span><span class="n">flags</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="n">assert</span><span class="p">(</span><span class="n">pkey</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">);</span>

<span class="w">  </span><span class="n">hal_pkey_slot_t</span><span class="w"> </span><span class="o">*</span><span class="n">slot</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_ks_t</span><span class="w"> </span><span class="o">*</span><span class="n">ks</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_error_t</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">check_readable</span><span class="p">(</span><span class="n">client</span><span class="p">,</span><span class="w"> </span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">slot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">alloc_slot</span><span class="p">(</span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_NO_KEY_SLOTS_AVAILABLE</span><span class="p">;</span>

<span class="w">  </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="o">*</span><span class="n">name</span><span class="p">;</span>
<span class="w">  </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">client_handle</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">client</span><span class="p">;</span>
<span class="w">  </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">session_handle</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">session</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">ks_open_from_flags</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">&amp;&amp;</span>
<span class="w">      </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_fetch</span><span class="p">(</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">slot</span><span class="p">,</span><span class="w"> </span><span class="nb">NULL</span><span class="p">,</span><span class="w"> </span><span class="nb">NULL</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>
<span class="w">  </span><span class="k">else</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ks</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="p">(</span><span class="kt">void</span><span class="p">)</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">    </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">type</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">HAL_KEY_TYPE_NONE</span><span class="p">;</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="w">  </span><span class="p">}</span>

<span class="w">  </span><span class="o">*</span><span class="n">pkey</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">pkey_handle</span><span class="p">;</span>
<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/*</span>
<span class="cm"> * Generate a new RSA key with supplied name, return a key handle.</span>
<span class="cm"> */</span>

<span class="k">static</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">pkey_local_generate_rsa</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_client_handle_t</span><span class="w"> </span><span class="n">client</span><span class="p">,</span>
<span class="w">                                           </span><span class="k">const</span><span class="w"> </span><span class="n">hal_session_handle_t</span><span class="w"> </span><span class="n">session</span><span class="p">,</span>
<span class="w">                                           </span><span class="n">hal_pkey_handle_t</span><span class="w"> </span><span class="o">*</span><span class="n">pkey</span><span class="p">,</span>
<span class="w">                                           </span><span class="n">hal_uuid_t</span><span class="w"> </span><span class="o">*</span><span class="n">name</span><span class="p">,</span>
<span class="w">                                           </span><span class="k">const</span><span class="w"> </span><span class="kt">unsigned</span><span class="w"> </span><span class="n">key_length</span><span class="p">,</span>
<span class="w">                                           </span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">public_exponent</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">public_exponent_len</span><span class="p">,</span>
<span class="w">                                           </span><span class="k">const</span><span class="w"> </span><span class="n">hal_key_flags_t</span><span class="w"> </span><span class="n">flags</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="n">assert</span><span class="p">(</span><span class="n">pkey</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="p">(</span><span class="n">key_length</span><span class="w"> </span><span class="o">&amp;</span><span class="w"> </span><span class="mi">7</span><span class="p">)</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="mi">0</span><span class="p">);</span>

<span class="w">  </span><span class="kt">uint8_t</span><span class="w"> </span><span class="n">keybuf</span><span class="p">[</span><span class="n">hal_rsa_key_t_size</span><span class="p">];</span>
<span class="w">  </span><span class="n">hal_rsa_key_t</span><span class="w"> </span><span class="o">*</span><span class="n">key</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_pkey_slot_t</span><span class="w"> </span><span class="o">*</span><span class="n">slot</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_ks_t</span><span class="w"> </span><span class="o">*</span><span class="n">ks</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_error_t</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">check_writable</span><span class="p">(</span><span class="n">client</span><span class="p">,</span><span class="w"> </span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">slot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">alloc_slot</span><span class="p">(</span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_NO_KEY_SLOTS_AVAILABLE</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_uuid_gen</span><span class="p">(</span><span class="o">&amp;</span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">name</span><span class="p">))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">client_handle</span><span class="w">  </span><span class="o">=</span><span class="w"> </span><span class="n">client</span><span class="p">;</span>
<span class="w">  </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">session_handle</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">session</span><span class="p">;</span>
<span class="w">  </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">type</span><span class="w">  </span><span class="o">=</span><span class="w"> </span><span class="n">HAL_KEY_TYPE_RSA_PRIVATE</span><span class="p">;</span>
<span class="w">  </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">curve</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">HAL_CURVE_NONE</span><span class="p">;</span>
<span class="w">  </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">flags</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">flags</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_rsa_key_gen</span><span class="p">(</span><span class="nb">NULL</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">key</span><span class="p">,</span><span class="w"> </span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">keybuf</span><span class="p">),</span><span class="w"> </span><span class="n">key_length</span><span class="w"> </span><span class="o">/</span><span class="w"> </span><span class="mi">8</span><span class="p">,</span>
<span class="w">                             </span><span class="n">public_exponent</span><span class="p">,</span><span class="w"> </span><span class="n">public_exponent_len</span><span class="p">))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">    </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">type</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">HAL_KEY_TYPE_NONE</span><span class="p">;</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="w">  </span><span class="p">}</span>

<span class="w">  </span><span class="kt">uint8_t</span><span class="w"> </span><span class="n">der</span><span class="p">[</span><span class="n">hal_rsa_private_key_to_der_len</span><span class="p">(</span><span class="n">key</span><span class="p">)];</span>
<span class="w">  </span><span class="kt">size_t</span><span class="w"> </span><span class="n">der_len</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_rsa_private_key_to_der</span><span class="p">(</span><span class="n">key</span><span class="p">,</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">der_len</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">der</span><span class="p">)))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">&amp;&amp;</span>
<span class="w">      </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">ks_open_from_flags</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">&amp;&amp;</span>
<span class="w">      </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_store</span><span class="p">(</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">slot</span><span class="p">,</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="n">der_len</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>
<span class="w">  </span><span class="k">else</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ks</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="p">(</span><span class="kt">void</span><span class="p">)</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>

<span class="w">  </span><span class="n">memset</span><span class="p">(</span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">keybuf</span><span class="p">));</span>
<span class="w">  </span><span class="n">memset</span><span class="p">(</span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">der</span><span class="p">));</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">    </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">type</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">HAL_KEY_TYPE_NONE</span><span class="p">;</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="w">  </span><span class="p">}</span>

<span class="w">  </span><span class="o">*</span><span class="n">pkey</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">pkey_handle</span><span class="p">;</span>
<span class="w">  </span><span class="o">*</span><span class="n">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">name</span><span class="p">;</span>
<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/*</span>
<span class="cm"> * Generate a new EC key with supplied name, return a key handle.</span>
<span class="cm"> * At the moment, EC key == ECDSA key, but this is subject to change.</span>
<span class="cm"> */</span>

<span class="k">static</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">pkey_local_generate_ec</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_client_handle_t</span><span class="w"> </span><span class="n">client</span><span class="p">,</span>
<span class="w">                                          </span><span class="k">const</span><span class="w"> </span><span class="n">hal_session_handle_t</span><span class="w"> </span><span class="n">session</span><span class="p">,</span>
<span class="w">                                          </span><span class="n">hal_pkey_handle_t</span><span class="w"> </span><span class="o">*</span><span class="n">pkey</span><span class="p">,</span>
<span class="w">                                          </span><span class="n">hal_uuid_t</span><span class="w"> </span><span class="o">*</span><span class="n">name</span><span class="p">,</span>
<span class="w">                                          </span><span class="k">const</span><span class="w"> </span><span class="n">hal_curve_name_t</span><span class="w"> </span><span class="n">curve</span><span class="p">,</span>
<span class="w">                                          </span><span class="k">const</span><span class="w"> </span><span class="n">hal_key_flags_t</span><span class="w"> </span><span class="n">flags</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="n">assert</span><span class="p">(</span><span class="n">pkey</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">);</span>

<span class="w">  </span><span class="kt">uint8_t</span><span class="w"> </span><span class="n">keybuf</span><span class="p">[</span><span class="n">hal_ecdsa_key_t_size</span><span class="p">];</span>
<span class="w">  </span><span class="n">hal_ecdsa_key_t</span><span class="w"> </span><span class="o">*</span><span class="n">key</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_pkey_slot_t</span><span class="w"> </span><span class="o">*</span><span class="n">slot</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_ks_t</span><span class="w"> </span><span class="o">*</span><span class="n">ks</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_error_t</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">check_writable</span><span class="p">(</span><span class="n">client</span><span class="p">,</span><span class="w"> </span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">slot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">alloc_slot</span><span class="p">(</span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_NO_KEY_SLOTS_AVAILABLE</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_uuid_gen</span><span class="p">(</span><span class="o">&amp;</span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">name</span><span class="p">))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">client_handle</span><span class="w">  </span><span class="o">=</span><span class="w"> </span><span class="n">client</span><span class="p">;</span>
<span class="w">  </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">session_handle</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">session</span><span class="p">;</span>
<span class="w">  </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">type</span><span class="w">  </span><span class="o">=</span><span class="w"> </span><span class="n">HAL_KEY_TYPE_EC_PRIVATE</span><span class="p">;</span>
<span class="w">  </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">curve</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">curve</span><span class="p">;</span>
<span class="w">  </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">flags</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">flags</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ecdsa_key_gen</span><span class="p">(</span><span class="nb">NULL</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">key</span><span class="p">,</span><span class="w"> </span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">keybuf</span><span class="p">),</span><span class="w"> </span><span class="n">curve</span><span class="p">))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">    </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">type</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">HAL_KEY_TYPE_NONE</span><span class="p">;</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="w">  </span><span class="p">}</span>

<span class="w">  </span><span class="kt">uint8_t</span><span class="w"> </span><span class="n">der</span><span class="p">[</span><span class="n">hal_ecdsa_private_key_to_der_len</span><span class="p">(</span><span class="n">key</span><span class="p">)];</span>
<span class="w">  </span><span class="kt">size_t</span><span class="w"> </span><span class="n">der_len</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ecdsa_private_key_to_der</span><span class="p">(</span><span class="n">key</span><span class="p">,</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">der_len</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">der</span><span class="p">)))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">&amp;&amp;</span>
<span class="w">      </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">ks_open_from_flags</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">&amp;&amp;</span>
<span class="w">      </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_store</span><span class="p">(</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">slot</span><span class="p">,</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="n">der_len</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>
<span class="w">  </span><span class="k">else</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ks</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="p">(</span><span class="kt">void</span><span class="p">)</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>

<span class="w">  </span><span class="n">memset</span><span class="p">(</span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">keybuf</span><span class="p">));</span>
<span class="w">  </span><span class="n">memset</span><span class="p">(</span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">der</span><span class="p">));</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">    </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">type</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">HAL_KEY_TYPE_NONE</span><span class="p">;</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="w">  </span><span class="p">}</span>

<span class="w">  </span><span class="o">*</span><span class="n">pkey</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">pkey_handle</span><span class="p">;</span>
<span class="w">  </span><span class="o">*</span><span class="n">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">name</span><span class="p">;</span>
<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/*</span>
<span class="cm"> * Discard key handle, leaving key intact.</span>
<span class="cm"> */</span>

<span class="k">static</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">pkey_local_close</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_pkey_handle_t</span><span class="w"> </span><span class="n">pkey</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="n">hal_pkey_slot_t</span><span class="w"> </span><span class="o">*</span><span class="n">slot</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">slot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">find_handle</span><span class="p">(</span><span class="n">pkey</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_KEY_NOT_FOUND</span><span class="p">;</span>

<span class="w">  </span><span class="n">memset</span><span class="p">(</span><span class="n">slot</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="o">*</span><span class="n">slot</span><span class="p">));</span>

<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/*</span>
<span class="cm"> * Delete a key from the store, given its key handle.</span>
<span class="cm"> */</span>

<span class="k">static</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">pkey_local_delete</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_pkey_handle_t</span><span class="w"> </span><span class="n">pkey</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="n">hal_pkey_slot_t</span><span class="w"> </span><span class="o">*</span><span class="n">slot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">find_handle</span><span class="p">(</span><span class="n">pkey</span><span class="p">);</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">slot</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_KEY_NOT_FOUND</span><span class="p">;</span>

<span class="w">  </span><span class="n">hal_ks_t</span><span class="w"> </span><span class="o">*</span><span class="n">ks</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_error_t</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">check_writable</span><span class="p">(</span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">client_handle</span><span class="p">,</span><span class="w"> </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">ks_open_from_flags</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">&amp;&amp;</span>
<span class="w">      </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_delete</span><span class="p">(</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">slot</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>
<span class="w">  </span><span class="k">else</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ks</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="p">(</span><span class="kt">void</span><span class="p">)</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">||</span><span class="w"> </span><span class="n">err</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_ERROR_KEY_NOT_FOUND</span><span class="p">)</span>
<span class="w">    </span><span class="n">memset</span><span class="p">(</span><span class="n">slot</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="o">*</span><span class="n">slot</span><span class="p">));</span>

<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/*</span>
<span class="cm"> * Get type of key associated with handle.</span>
<span class="cm"> */</span>

<span class="k">static</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">pkey_local_get_key_type</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_pkey_handle_t</span><span class="w"> </span><span class="n">pkey</span><span class="p">,</span>
<span class="w">                                           </span><span class="n">hal_key_type_t</span><span class="w"> </span><span class="o">*</span><span class="n">type</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">type</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_BAD_ARGUMENTS</span><span class="p">;</span>

<span class="w">  </span><span class="n">hal_pkey_slot_t</span><span class="w"> </span><span class="o">*</span><span class="n">slot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">find_handle</span><span class="p">(</span><span class="n">pkey</span><span class="p">);</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">slot</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_KEY_NOT_FOUND</span><span class="p">;</span>

<span class="w">  </span><span class="o">*</span><span class="n">type</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">type</span><span class="p">;</span>

<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/*</span>
<span class="cm"> * Get curve of key associated with handle.</span>
<span class="cm"> */</span>

<span class="k">static</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">pkey_local_get_key_curve</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_pkey_handle_t</span><span class="w"> </span><span class="n">pkey</span><span class="p">,</span>
<span class="w">                                           </span><span class="n">hal_curve_name_t</span><span class="w"> </span><span class="o">*</span><span class="n">curve</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">curve</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_BAD_ARGUMENTS</span><span class="p">;</span>

<span class="w">  </span><span class="n">hal_pkey_slot_t</span><span class="w"> </span><span class="o">*</span><span class="n">slot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">find_handle</span><span class="p">(</span><span class="n">pkey</span><span class="p">);</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">slot</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_KEY_NOT_FOUND</span><span class="p">;</span>

<span class="w">  </span><span class="o">*</span><span class="n">curve</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">curve</span><span class="p">;</span>

<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/*</span>
<span class="cm"> * Get flags of key associated with handle.</span>
<span class="cm"> */</span>

<span class="k">static</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">pkey_local_get_key_flags</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_pkey_handle_t</span><span class="w"> </span><span class="n">pkey</span><span class="p">,</span>
<span class="w">                                            </span><span class="n">hal_key_flags_t</span><span class="w"> </span><span class="o">*</span><span class="n">flags</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">flags</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_BAD_ARGUMENTS</span><span class="p">;</span>

<span class="w">  </span><span class="n">hal_pkey_slot_t</span><span class="w"> </span><span class="o">*</span><span class="n">slot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">find_handle</span><span class="p">(</span><span class="n">pkey</span><span class="p">);</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">slot</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_KEY_NOT_FOUND</span><span class="p">;</span>

<span class="w">  </span><span class="o">*</span><span class="n">flags</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">flags</span><span class="p">;</span>

<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/*</span>
<span class="cm"> * Get length of public key associated with handle.</span>
<span class="cm"> */</span>

<span class="k">static</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="nf">pkey_local_get_public_key_len</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_pkey_handle_t</span><span class="w"> </span><span class="n">pkey</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="n">hal_pkey_slot_t</span><span class="w"> </span><span class="o">*</span><span class="n">slot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">find_handle</span><span class="p">(</span><span class="n">pkey</span><span class="p">);</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">slot</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>

<span class="w">  </span><span class="kt">size_t</span><span class="w"> </span><span class="n">result</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>

<span class="w">  </span><span class="kt">uint8_t</span><span class="w"> </span><span class="n">keybuf</span><span class="p">[</span><span class="n">hal_rsa_key_t_size</span><span class="w"> </span><span class="o">&gt;</span><span class="w"> </span><span class="n">hal_ecdsa_key_t_size</span><span class="w"> </span><span class="o">?</span><span class="w"> </span><span class="n">hal_rsa_key_t_size</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="n">hal_ecdsa_key_t_size</span><span class="p">];</span>
<span class="w">  </span><span class="n">hal_rsa_key_t</span><span class="w">   </span><span class="o">*</span><span class="n">rsa_key</span><span class="w">   </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_ecdsa_key_t</span><span class="w"> </span><span class="o">*</span><span class="n">ecdsa_key</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="kt">uint8_t</span><span class="w"> </span><span class="n">der</span><span class="p">[</span><span class="n">HAL_KS_WRAPPED_KEYSIZE</span><span class="p">];</span>
<span class="w">  </span><span class="kt">size_t</span><span class="w"> </span><span class="n">der_len</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_ks_t</span><span class="w"> </span><span class="o">*</span><span class="n">ks</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_error_t</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">ks_open_from_flags</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">&amp;&amp;</span>
<span class="w">      </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_fetch</span><span class="p">(</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">slot</span><span class="p">,</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">der_len</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">der</span><span class="p">)))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>
<span class="w">  </span><span class="k">else</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ks</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="p">(</span><span class="kt">void</span><span class="p">)</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">    </span><span class="k">switch</span><span class="w"> </span><span class="p">(</span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">type</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>

<span class="w">    </span><span class="k">case</span><span class="w"> </span><span class="no">HAL_KEY_TYPE_RSA_PUBLIC</span><span class="p">:</span>
<span class="w">    </span><span class="k">case</span><span class="w"> </span><span class="no">HAL_KEY_TYPE_EC_PUBLIC</span><span class="p">:</span>
<span class="w">      </span><span class="n">result</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">der_len</span><span class="p">;</span>
<span class="w">      </span><span class="k">break</span><span class="p">;</span>

<span class="w">    </span><span class="k">case</span><span class="w"> </span><span class="no">HAL_KEY_TYPE_RSA_PRIVATE</span><span class="p">:</span>
<span class="w">      </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">hal_rsa_private_key_from_der</span><span class="p">(</span><span class="o">&amp;</span><span class="n">rsa_key</span><span class="p">,</span><span class="w"> </span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">keybuf</span><span class="p">),</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="n">der_len</span><span class="p">)</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">        </span><span class="n">result</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_rsa_public_key_to_der_len</span><span class="p">(</span><span class="n">rsa_key</span><span class="p">);</span>
<span class="w">      </span><span class="k">break</span><span class="p">;</span>

<span class="w">    </span><span class="k">case</span><span class="w"> </span><span class="no">HAL_KEY_TYPE_EC_PRIVATE</span><span class="p">:</span>
<span class="w">      </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">hal_ecdsa_private_key_from_der</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ecdsa_key</span><span class="p">,</span><span class="w"> </span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">keybuf</span><span class="p">),</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="n">der_len</span><span class="p">)</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">        </span><span class="n">result</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ecdsa_public_key_to_der_len</span><span class="p">(</span><span class="n">ecdsa_key</span><span class="p">);</span>
<span class="w">      </span><span class="k">break</span><span class="p">;</span>

<span class="w">    </span><span class="k">default</span><span class="o">:</span>
<span class="w">      </span><span class="k">break</span><span class="p">;</span>
<span class="w">    </span><span class="p">}</span>
<span class="w">  </span><span class="p">}</span>

<span class="w">  </span><span class="n">memset</span><span class="p">(</span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">keybuf</span><span class="p">));</span>
<span class="w">  </span><span class="n">memset</span><span class="p">(</span><span class="n">der</span><span class="p">,</span><span class="w">    </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">der</span><span class="p">));</span>

<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">result</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/*</span>
<span class="cm"> * Get public key associated with handle.</span>
<span class="cm"> */</span>

<span class="k">static</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">pkey_local_get_public_key</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_pkey_handle_t</span><span class="w"> </span><span class="n">pkey</span><span class="p">,</span>
<span class="w">                                             </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="o">*</span><span class="n">der_len</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">der_max</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="n">hal_pkey_slot_t</span><span class="w"> </span><span class="o">*</span><span class="n">slot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">find_handle</span><span class="p">(</span><span class="n">pkey</span><span class="p">);</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">slot</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_KEY_NOT_FOUND</span><span class="p">;</span>

<span class="w">  </span><span class="kt">uint8_t</span><span class="w"> </span><span class="n">keybuf</span><span class="p">[</span><span class="n">hal_rsa_key_t_size</span><span class="w"> </span><span class="o">&gt;</span><span class="w"> </span><span class="n">hal_ecdsa_key_t_size</span><span class="w"> </span><span class="o">?</span><span class="w"> </span><span class="n">hal_rsa_key_t_size</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="n">hal_ecdsa_key_t_size</span><span class="p">];</span>
<span class="w">  </span><span class="n">hal_rsa_key_t</span><span class="w">   </span><span class="o">*</span><span class="n">rsa_key</span><span class="w">   </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_ecdsa_key_t</span><span class="w"> </span><span class="o">*</span><span class="n">ecdsa_key</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="kt">uint8_t</span><span class="w"> </span><span class="n">buf</span><span class="p">[</span><span class="n">HAL_KS_WRAPPED_KEYSIZE</span><span class="p">];</span>
<span class="w">  </span><span class="kt">size_t</span><span class="w"> </span><span class="n">buf_len</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_ks_t</span><span class="w"> </span><span class="o">*</span><span class="n">ks</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_error_t</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">ks_open_from_flags</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">&amp;&amp;</span>
<span class="w">      </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_fetch</span><span class="p">(</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">slot</span><span class="p">,</span><span class="w"> </span><span class="n">buf</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">buf_len</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">buf</span><span class="p">)))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>
<span class="w">  </span><span class="k">else</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ks</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="p">(</span><span class="kt">void</span><span class="p">)</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">    </span><span class="k">switch</span><span class="w"> </span><span class="p">(</span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">type</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>

<span class="w">    </span><span class="k">case</span><span class="w"> </span><span class="no">HAL_KEY_TYPE_RSA_PUBLIC</span><span class="p">:</span>
<span class="w">    </span><span class="k">case</span><span class="w"> </span><span class="no">HAL_KEY_TYPE_EC_PUBLIC</span><span class="p">:</span>
<span class="w">      </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">der_len</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">        </span><span class="o">*</span><span class="n">der_len</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">buf_len</span><span class="p">;</span>
<span class="w">      </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">der</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="n">der_max</span><span class="w"> </span><span class="o">&lt;</span><span class="w"> </span><span class="n">buf_len</span><span class="p">)</span>
<span class="w">        </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">HAL_ERROR_RESULT_TOO_LONG</span><span class="p">;</span>
<span class="w">      </span><span class="k">else</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">der</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">        </span><span class="n">memcpy</span><span class="p">(</span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="n">buf</span><span class="p">,</span><span class="w"> </span><span class="n">buf_len</span><span class="p">);</span>
<span class="w">      </span><span class="k">break</span><span class="p">;</span>

<span class="w">    </span><span class="k">case</span><span class="w"> </span><span class="no">HAL_KEY_TYPE_RSA_PRIVATE</span><span class="p">:</span>
<span class="w">      </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_rsa_private_key_from_der</span><span class="p">(</span><span class="o">&amp;</span><span class="n">rsa_key</span><span class="p">,</span><span class="w"> </span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">keybuf</span><span class="p">),</span><span class="w"> </span><span class="n">buf</span><span class="p">,</span><span class="w"> </span><span class="n">buf_len</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">        </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_rsa_public_key_to_der</span><span class="p">(</span><span class="n">rsa_key</span><span class="p">,</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="n">der_len</span><span class="p">,</span><span class="w"> </span><span class="n">der_max</span><span class="p">);</span>
<span class="w">      </span><span class="k">break</span><span class="p">;</span>

<span class="w">    </span><span class="k">case</span><span class="w"> </span><span class="no">HAL_KEY_TYPE_EC_PRIVATE</span><span class="p">:</span>
<span class="w">      </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ecdsa_private_key_from_der</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ecdsa_key</span><span class="p">,</span><span class="w"> </span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">keybuf</span><span class="p">),</span><span class="w"> </span><span class="n">buf</span><span class="p">,</span><span class="w"> </span><span class="n">buf_len</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">        </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ecdsa_public_key_to_der</span><span class="p">(</span><span class="n">ecdsa_key</span><span class="p">,</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="n">der_len</span><span class="p">,</span><span class="w"> </span><span class="n">der_max</span><span class="p">);</span>
<span class="w">      </span><span class="k">break</span><span class="p">;</span>

<span class="w">    </span><span class="k">default</span><span class="o">:</span>
<span class="w">      </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">HAL_ERROR_UNSUPPORTED_KEY</span><span class="p">;</span>
<span class="w">      </span><span class="k">break</span><span class="p">;</span>
<span class="w">    </span><span class="p">}</span>
<span class="w">  </span><span class="p">}</span>

<span class="w">  </span><span class="n">memset</span><span class="p">(</span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">keybuf</span><span class="p">));</span>
<span class="w">  </span><span class="n">memset</span><span class="p">(</span><span class="n">buf</span><span class="p">,</span><span class="w">    </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">buf</span><span class="p">));</span>

<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/*</span>
<span class="cm"> * Sign something using private key associated with handle.</span>
<span class="cm"> *</span>
<span class="cm"> * RSA has enough quirks that it&#39;s simplest to split this out into</span>
<span class="cm"> * algorithm-specific functions.</span>
<span class="cm"> */</span>

<span class="k">static</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">pkey_local_sign_rsa</span><span class="p">(</span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">keybuf_len</span><span class="p">,</span>
<span class="w">                                       </span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">der_len</span><span class="p">,</span>
<span class="w">                                       </span><span class="k">const</span><span class="w"> </span><span class="n">hal_hash_handle_t</span><span class="w"> </span><span class="n">hash</span><span class="p">,</span>
<span class="w">                                       </span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">input</span><span class="p">,</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">input_len</span><span class="p">,</span>
<span class="w">                                       </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">signature</span><span class="p">,</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="o">*</span><span class="n">signature_len</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">signature_max</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="n">hal_rsa_key_t</span><span class="w"> </span><span class="o">*</span><span class="n">key</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_error_t</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="n">assert</span><span class="p">(</span><span class="n">signature</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="n">signature_len</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">);</span>
<span class="w">  </span><span class="n">assert</span><span class="p">((</span><span class="n">hash</span><span class="p">.</span><span class="n">handle</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_HANDLE_NONE</span><span class="p">)</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="p">(</span><span class="n">input</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">||</span><span class="w"> </span><span class="n">input_len</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="mi">0</span><span class="p">));</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_rsa_private_key_from_der</span><span class="p">(</span><span class="o">&amp;</span><span class="n">key</span><span class="p">,</span><span class="w"> </span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="n">keybuf_len</span><span class="p">,</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="n">der_len</span><span class="p">))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">||</span>
<span class="w">      </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_rsa_key_get_modulus</span><span class="p">(</span><span class="n">key</span><span class="p">,</span><span class="w"> </span><span class="nb">NULL</span><span class="p">,</span><span class="w"> </span><span class="n">signature_len</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="p">))</span><span class="w">         </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="o">*</span><span class="n">signature_len</span><span class="w"> </span><span class="o">&gt;</span><span class="w"> </span><span class="n">signature_max</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_RESULT_TOO_LONG</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">input</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">||</span><span class="w"> </span><span class="n">input_len</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="mi">0</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">    </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_rpc_pkcs1_construct_digestinfo</span><span class="p">(</span><span class="n">hash</span><span class="p">,</span><span class="w"> </span><span class="n">signature</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">input_len</span><span class="p">,</span><span class="w"> </span><span class="o">*</span><span class="n">signature_len</span><span class="p">))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">      </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="w">    </span><span class="n">input</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">signature</span><span class="p">;</span>
<span class="w">  </span><span class="p">}</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">pkcs1_5_pad</span><span class="p">(</span><span class="n">input</span><span class="p">,</span><span class="w"> </span><span class="n">input_len</span><span class="p">,</span><span class="w"> </span><span class="n">signature</span><span class="p">,</span><span class="w"> </span><span class="o">*</span><span class="n">signature_len</span><span class="p">))</span><span class="w">                         </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">||</span>
<span class="w">      </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_rsa_decrypt</span><span class="p">(</span><span class="nb">NULL</span><span class="p">,</span><span class="w"> </span><span class="n">key</span><span class="p">,</span><span class="w"> </span><span class="n">signature</span><span class="p">,</span><span class="w"> </span><span class="o">*</span><span class="n">signature_len</span><span class="p">,</span><span class="w"> </span><span class="n">signature</span><span class="p">,</span><span class="w"> </span><span class="o">*</span><span class="n">signature_len</span><span class="p">))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">;</span>
<span class="p">}</span>

<span class="k">static</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">pkey_local_sign_ecdsa</span><span class="p">(</span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">keybuf_len</span><span class="p">,</span>
<span class="w">                                         </span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">der_len</span><span class="p">,</span>
<span class="w">                                         </span><span class="k">const</span><span class="w"> </span><span class="n">hal_hash_handle_t</span><span class="w"> </span><span class="n">hash</span><span class="p">,</span>
<span class="w">                                         </span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">input</span><span class="p">,</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">input_len</span><span class="p">,</span>
<span class="w">                                         </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">signature</span><span class="p">,</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="o">*</span><span class="n">signature_len</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">signature_max</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="n">hal_ecdsa_key_t</span><span class="w"> </span><span class="o">*</span><span class="n">key</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_error_t</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="n">assert</span><span class="p">(</span><span class="n">signature</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="n">signature_len</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">);</span>
<span class="w">  </span><span class="n">assert</span><span class="p">((</span><span class="n">hash</span><span class="p">.</span><span class="n">handle</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_HANDLE_NONE</span><span class="p">)</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="p">(</span><span class="n">input</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">||</span><span class="w"> </span><span class="n">input_len</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="mi">0</span><span class="p">));</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ecdsa_private_key_from_der</span><span class="p">(</span><span class="o">&amp;</span><span class="n">key</span><span class="p">,</span><span class="w"> </span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="n">keybuf_len</span><span class="p">,</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="n">der_len</span><span class="p">))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">input</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">||</span><span class="w"> </span><span class="n">input_len</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="mi">0</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">    </span><span class="n">hal_digest_algorithm_t</span><span class="w"> </span><span class="n">alg</span><span class="p">;</span>

<span class="w">    </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_rpc_hash_get_algorithm</span><span class="p">(</span><span class="n">hash</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">alg</span><span class="p">))</span><span class="w">          </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">||</span>
<span class="w">        </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_rpc_hash_get_digest_length</span><span class="p">(</span><span class="n">alg</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">input_len</span><span class="p">))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">      </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">    </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">input_len</span><span class="w"> </span><span class="o">&gt;</span><span class="w"> </span><span class="n">signature_max</span><span class="p">)</span>
<span class="w">      </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_RESULT_TOO_LONG</span><span class="p">;</span>

<span class="w">    </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_rpc_hash_finalize</span><span class="p">(</span><span class="n">hash</span><span class="p">,</span><span class="w"> </span><span class="n">signature</span><span class="p">,</span><span class="w"> </span><span class="n">input_len</span><span class="p">))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">      </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">    </span><span class="n">input</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">signature</span><span class="p">;</span>
<span class="w">  </span><span class="p">}</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ecdsa_sign</span><span class="p">(</span><span class="nb">NULL</span><span class="p">,</span><span class="w"> </span><span class="n">key</span><span class="p">,</span><span class="w"> </span><span class="n">input</span><span class="p">,</span><span class="w"> </span><span class="n">input_len</span><span class="p">,</span><span class="w"> </span><span class="n">signature</span><span class="p">,</span><span class="w"> </span><span class="n">signature_len</span><span class="p">,</span><span class="w"> </span><span class="n">signature_max</span><span class="p">))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">;</span>
<span class="p">}</span>

<span class="k">static</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">pkey_local_sign</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_pkey_handle_t</span><span class="w"> </span><span class="n">pkey</span><span class="p">,</span>
<span class="w">                                   </span><span class="k">const</span><span class="w"> </span><span class="n">hal_hash_handle_t</span><span class="w"> </span><span class="n">hash</span><span class="p">,</span>
<span class="w">                                   </span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">input</span><span class="p">,</span><span class="w">  </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">input_len</span><span class="p">,</span>
<span class="w">                                   </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">signature</span><span class="p">,</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="o">*</span><span class="n">signature_len</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">signature_max</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="n">hal_pkey_slot_t</span><span class="w"> </span><span class="o">*</span><span class="n">slot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">find_handle</span><span class="p">(</span><span class="n">pkey</span><span class="p">);</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">slot</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_KEY_NOT_FOUND</span><span class="p">;</span>

<span class="w">  </span><span class="n">hal_error_t</span><span class="w"> </span><span class="p">(</span><span class="o">*</span><span class="n">signer</span><span class="p">)(</span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">keybuf_len</span><span class="p">,</span>
<span class="w">                        </span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">der_len</span><span class="p">,</span>
<span class="w">                        </span><span class="k">const</span><span class="w"> </span><span class="n">hal_hash_handle_t</span><span class="w"> </span><span class="n">hash</span><span class="p">,</span>
<span class="w">                        </span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">input</span><span class="p">,</span><span class="w">  </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">input_len</span><span class="p">,</span>
<span class="w">                        </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">signature</span><span class="p">,</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="o">*</span><span class="n">signature_len</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">signature_max</span><span class="p">);</span>

<span class="w">  </span><span class="k">switch</span><span class="w"> </span><span class="p">(</span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">type</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">  </span><span class="k">case</span><span class="w"> </span><span class="no">HAL_KEY_TYPE_RSA_PRIVATE</span><span class="p">:</span>
<span class="w">    </span><span class="n">signer</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">pkey_local_sign_rsa</span><span class="p">;</span>
<span class="w">    </span><span class="k">break</span><span class="p">;</span>
<span class="w">  </span><span class="k">case</span><span class="w"> </span><span class="no">HAL_KEY_TYPE_EC_PRIVATE</span><span class="p">:</span>
<span class="w">    </span><span class="n">signer</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">pkey_local_sign_ecdsa</span><span class="p">;</span>
<span class="w">    </span><span class="k">break</span><span class="p">;</span>
<span class="w">  </span><span class="k">default</span><span class="o">:</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_UNSUPPORTED_KEY</span><span class="p">;</span>
<span class="w">  </span><span class="p">}</span>

<span class="w">  </span><span class="kt">uint8_t</span><span class="w"> </span><span class="n">keybuf</span><span class="p">[</span><span class="n">hal_rsa_key_t_size</span><span class="w"> </span><span class="o">&gt;</span><span class="w"> </span><span class="n">hal_ecdsa_key_t_size</span><span class="w"> </span><span class="o">?</span><span class="w"> </span><span class="n">hal_rsa_key_t_size</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="n">hal_ecdsa_key_t_size</span><span class="p">];</span>
<span class="w">  </span><span class="kt">uint8_t</span><span class="w"> </span><span class="n">der</span><span class="p">[</span><span class="n">HAL_KS_WRAPPED_KEYSIZE</span><span class="p">];</span>
<span class="w">  </span><span class="kt">size_t</span><span class="w"> </span><span class="n">der_len</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_ks_t</span><span class="w"> </span><span class="o">*</span><span class="n">ks</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_error_t</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">ks_open_from_flags</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">&amp;&amp;</span>
<span class="w">      </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_fetch</span><span class="p">(</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">slot</span><span class="p">,</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">der_len</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">der</span><span class="p">)))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>
<span class="w">  </span><span class="k">else</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ks</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="p">(</span><span class="kt">void</span><span class="p">)</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">signer</span><span class="p">(</span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">keybuf</span><span class="p">),</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="n">der_len</span><span class="p">,</span><span class="w"> </span><span class="n">hash</span><span class="p">,</span><span class="w"> </span><span class="n">input</span><span class="p">,</span><span class="w"> </span><span class="n">input_len</span><span class="p">,</span><span class="w"> </span><span class="n">signature</span><span class="p">,</span><span class="w"> </span><span class="n">signature_len</span><span class="p">,</span><span class="w"> </span><span class="n">signature_max</span><span class="p">);</span>

<span class="w">  </span><span class="n">memset</span><span class="p">(</span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">keybuf</span><span class="p">));</span>
<span class="w">  </span><span class="n">memset</span><span class="p">(</span><span class="n">der</span><span class="p">,</span><span class="w">    </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">der</span><span class="p">));</span>

<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/*</span>
<span class="cm"> * Verify something using public key associated with handle.</span>
<span class="cm"> *</span>
<span class="cm"> * RSA has enough quirks that it&#39;s simplest to split this out into</span>
<span class="cm"> * algorithm-specific functions.</span>
<span class="cm"> */</span>

<span class="k">static</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">pkey_local_verify_rsa</span><span class="p">(</span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">keybuf_len</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">hal_key_type_t</span><span class="w"> </span><span class="n">type</span><span class="p">,</span>
<span class="w">                                         </span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">der_len</span><span class="p">,</span>
<span class="w">                                         </span><span class="k">const</span><span class="w"> </span><span class="n">hal_hash_handle_t</span><span class="w"> </span><span class="n">hash</span><span class="p">,</span>
<span class="w">                                         </span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">input</span><span class="p">,</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">input_len</span><span class="p">,</span>
<span class="w">                                         </span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">signature</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">signature_len</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="kt">uint8_t</span><span class="w"> </span><span class="n">expected</span><span class="p">[</span><span class="n">signature_len</span><span class="p">],</span><span class="w"> </span><span class="n">received</span><span class="p">[(</span><span class="n">signature_len</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="mi">3</span><span class="p">)</span><span class="w"> </span><span class="o">&amp;</span><span class="w"> </span><span class="o">~</span><span class="mi">3</span><span class="p">];</span>
<span class="w">  </span><span class="n">hal_rsa_key_t</span><span class="w"> </span><span class="o">*</span><span class="n">key</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_error_t</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="n">assert</span><span class="p">(</span><span class="n">signature</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="n">signature_len</span><span class="w"> </span><span class="o">&gt;</span><span class="w"> </span><span class="mi">0</span><span class="p">);</span>
<span class="w">  </span><span class="n">assert</span><span class="p">((</span><span class="n">hash</span><span class="p">.</span><span class="n">handle</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_HANDLE_NONE</span><span class="p">)</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="p">(</span><span class="n">input</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">||</span><span class="w"> </span><span class="n">input_len</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="mi">0</span><span class="p">));</span>

<span class="w">  </span><span class="k">switch</span><span class="w"> </span><span class="p">(</span><span class="n">type</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">  </span><span class="k">case</span><span class="w"> </span><span class="no">HAL_KEY_TYPE_RSA_PRIVATE</span><span class="p">:</span>
<span class="w">    </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_rsa_private_key_from_der</span><span class="p">(</span><span class="o">&amp;</span><span class="n">key</span><span class="p">,</span><span class="w"> </span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="n">keybuf_len</span><span class="p">,</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="n">der_len</span><span class="p">);</span>
<span class="w">    </span><span class="k">break</span><span class="p">;</span>
<span class="w">  </span><span class="k">case</span><span class="w"> </span><span class="no">HAL_KEY_TYPE_RSA_PUBLIC</span><span class="p">:</span>
<span class="w">    </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_rsa_public_key_from_der</span><span class="p">(</span><span class="o">&amp;</span><span class="n">key</span><span class="p">,</span><span class="w"> </span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="n">keybuf_len</span><span class="p">,</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="n">der_len</span><span class="p">);</span>
<span class="w">    </span><span class="k">break</span><span class="p">;</span>
<span class="w">  </span><span class="k">default</span><span class="o">:</span>
<span class="w">    </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">HAL_ERROR_IMPOSSIBLE</span><span class="p">;</span>
<span class="w">  </span><span class="p">}</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">input</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">||</span><span class="w"> </span><span class="n">input_len</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="mi">0</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">    </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_rpc_pkcs1_construct_digestinfo</span><span class="p">(</span><span class="n">hash</span><span class="p">,</span><span class="w"> </span><span class="n">expected</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">input_len</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">expected</span><span class="p">)))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">      </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="w">    </span><span class="n">input</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">expected</span><span class="p">;</span>
<span class="w">  </span><span class="p">}</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">pkcs1_5_pad</span><span class="p">(</span><span class="n">input</span><span class="p">,</span><span class="w"> </span><span class="n">input_len</span><span class="p">,</span><span class="w"> </span><span class="n">expected</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">expected</span><span class="p">)))</span><span class="w">                        </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">||</span>
<span class="w">      </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_rsa_encrypt</span><span class="p">(</span><span class="nb">NULL</span><span class="p">,</span><span class="w"> </span><span class="n">key</span><span class="p">,</span><span class="w"> </span><span class="n">signature</span><span class="p">,</span><span class="w"> </span><span class="n">signature_len</span><span class="p">,</span><span class="w"> </span><span class="n">received</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">received</span><span class="p">)))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="kt">unsigned</span><span class="w"> </span><span class="n">diff</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>
<span class="w">  </span><span class="k">for</span><span class="w"> </span><span class="p">(</span><span class="kt">int</span><span class="w"> </span><span class="n">i</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span><span class="w"> </span><span class="n">i</span><span class="w"> </span><span class="o">&lt;</span><span class="w"> </span><span class="n">signature_len</span><span class="p">;</span><span class="w"> </span><span class="n">i</span><span class="o">++</span><span class="p">)</span>
<span class="w">    </span><span class="n">diff</span><span class="w"> </span><span class="o">|=</span><span class="w"> </span><span class="n">expected</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="w"> </span><span class="o">^</span><span class="w"> </span><span class="n">received</span><span class="p">[</span><span class="n">i</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">received</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">expected</span><span class="p">)];</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">diff</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="mi">0</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_INVALID_SIGNATURE</span><span class="p">;</span>

<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">;</span>
<span class="p">}</span>

<span class="k">static</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">pkey_local_verify_ecdsa</span><span class="p">(</span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">keybuf_len</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">hal_key_type_t</span><span class="w"> </span><span class="n">type</span><span class="p">,</span>
<span class="w">                                           </span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">der_len</span><span class="p">,</span>
<span class="w">                                           </span><span class="k">const</span><span class="w"> </span><span class="n">hal_hash_handle_t</span><span class="w"> </span><span class="n">hash</span><span class="p">,</span>
<span class="w">                                           </span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">input</span><span class="p">,</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">input_len</span><span class="p">,</span>
<span class="w">                                           </span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">signature</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">signature_len</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="kt">uint8_t</span><span class="w"> </span><span class="n">digest</span><span class="p">[</span><span class="n">signature_len</span><span class="p">];</span>
<span class="w">  </span><span class="n">hal_ecdsa_key_t</span><span class="w"> </span><span class="o">*</span><span class="n">key</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_error_t</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="n">assert</span><span class="p">(</span><span class="n">signature</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="n">signature_len</span><span class="w"> </span><span class="o">&gt;</span><span class="w"> </span><span class="mi">0</span><span class="p">);</span>
<span class="w">  </span><span class="n">assert</span><span class="p">((</span><span class="n">hash</span><span class="p">.</span><span class="n">handle</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_HANDLE_NONE</span><span class="p">)</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="p">(</span><span class="n">input</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">||</span><span class="w"> </span><span class="n">input_len</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="mi">0</span><span class="p">));</span>

<span class="w">  </span><span class="k">switch</span><span class="w"> </span><span class="p">(</span><span class="n">type</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">  </span><span class="k">case</span><span class="w"> </span><span class="no">HAL_KEY_TYPE_EC_PRIVATE</span><span class="p">:</span>
<span class="w">    </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ecdsa_private_key_from_der</span><span class="p">(</span><span class="o">&amp;</span><span class="n">key</span><span class="p">,</span><span class="w"> </span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="n">keybuf_len</span><span class="p">,</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="n">der_len</span><span class="p">);</span>
<span class="w">    </span><span class="k">break</span><span class="p">;</span>
<span class="w">  </span><span class="k">case</span><span class="w"> </span><span class="no">HAL_KEY_TYPE_EC_PUBLIC</span><span class="p">:</span>
<span class="w">    </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ecdsa_public_key_from_der</span><span class="p">(</span><span class="o">&amp;</span><span class="n">key</span><span class="p">,</span><span class="w"> </span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="n">keybuf_len</span><span class="p">,</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="n">der_len</span><span class="p">);</span>
<span class="w">    </span><span class="k">break</span><span class="p">;</span>
<span class="w">  </span><span class="k">default</span><span class="o">:</span>
<span class="w">    </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">HAL_ERROR_IMPOSSIBLE</span><span class="p">;</span>
<span class="w">  </span><span class="p">}</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">input</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">||</span><span class="w"> </span><span class="n">input_len</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="mi">0</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">    </span><span class="n">hal_digest_algorithm_t</span><span class="w"> </span><span class="n">alg</span><span class="p">;</span>

<span class="w">    </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_rpc_hash_get_algorithm</span><span class="p">(</span><span class="n">hash</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">alg</span><span class="p">))</span><span class="w">              </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">||</span>
<span class="w">        </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_rpc_hash_get_digest_length</span><span class="p">(</span><span class="n">alg</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">input_len</span><span class="p">))</span><span class="w">     </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">||</span>
<span class="w">        </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_rpc_hash_finalize</span><span class="p">(</span><span class="n">hash</span><span class="p">,</span><span class="w"> </span><span class="n">digest</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">digest</span><span class="p">)))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">      </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">    </span><span class="n">input</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">digest</span><span class="p">;</span>
<span class="w">  </span><span class="p">}</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ecdsa_verify</span><span class="p">(</span><span class="nb">NULL</span><span class="p">,</span><span class="w"> </span><span class="n">key</span><span class="p">,</span><span class="w"> </span><span class="n">input</span><span class="p">,</span><span class="w"> </span><span class="n">input_len</span><span class="p">,</span><span class="w"> </span><span class="n">signature</span><span class="p">,</span><span class="w"> </span><span class="n">signature_len</span><span class="p">))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">;</span>
<span class="p">}</span>

<span class="k">static</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">pkey_local_verify</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_pkey_handle_t</span><span class="w"> </span><span class="n">pkey</span><span class="p">,</span>
<span class="w">                                     </span><span class="k">const</span><span class="w"> </span><span class="n">hal_hash_handle_t</span><span class="w"> </span><span class="n">hash</span><span class="p">,</span>
<span class="w">                                     </span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">input</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">input_len</span><span class="p">,</span>
<span class="w">                                     </span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">signature</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">signature_len</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="n">hal_pkey_slot_t</span><span class="w"> </span><span class="o">*</span><span class="n">slot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">find_handle</span><span class="p">(</span><span class="n">pkey</span><span class="p">);</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">slot</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_KEY_NOT_FOUND</span><span class="p">;</span>

<span class="w">  </span><span class="n">hal_error_t</span><span class="w"> </span><span class="p">(</span><span class="o">*</span><span class="n">verifier</span><span class="p">)(</span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">keybuf_len</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">hal_key_type_t</span><span class="w"> </span><span class="n">type</span><span class="p">,</span>
<span class="w">                          </span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">der_len</span><span class="p">,</span>
<span class="w">                          </span><span class="k">const</span><span class="w"> </span><span class="n">hal_hash_handle_t</span><span class="w"> </span><span class="n">hash</span><span class="p">,</span>
<span class="w">                          </span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">input</span><span class="p">,</span><span class="w">  </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">input_len</span><span class="p">,</span>
<span class="w">                          </span><span class="k">const</span><span class="w"> </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">signature</span><span class="p">,</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">signature_len</span><span class="p">);</span>

<span class="w">  </span><span class="k">switch</span><span class="w"> </span><span class="p">(</span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">type</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">  </span><span class="k">case</span><span class="w"> </span><span class="no">HAL_KEY_TYPE_RSA_PRIVATE</span><span class="p">:</span>
<span class="w">  </span><span class="k">case</span><span class="w"> </span><span class="no">HAL_KEY_TYPE_RSA_PUBLIC</span><span class="p">:</span>
<span class="w">    </span><span class="n">verifier</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">pkey_local_verify_rsa</span><span class="p">;</span>
<span class="w">    </span><span class="k">break</span><span class="p">;</span>
<span class="w">  </span><span class="k">case</span><span class="w"> </span><span class="no">HAL_KEY_TYPE_EC_PRIVATE</span><span class="p">:</span>
<span class="w">  </span><span class="k">case</span><span class="w"> </span><span class="no">HAL_KEY_TYPE_EC_PUBLIC</span><span class="p">:</span>
<span class="w">    </span><span class="n">verifier</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">pkey_local_verify_ecdsa</span><span class="p">;</span>
<span class="w">    </span><span class="k">break</span><span class="p">;</span>
<span class="w">  </span><span class="k">default</span><span class="o">:</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_UNSUPPORTED_KEY</span><span class="p">;</span>
<span class="w">  </span><span class="p">}</span>

<span class="w">  </span><span class="kt">uint8_t</span><span class="w"> </span><span class="n">keybuf</span><span class="p">[</span><span class="n">hal_rsa_key_t_size</span><span class="w"> </span><span class="o">&gt;</span><span class="w"> </span><span class="n">hal_ecdsa_key_t_size</span><span class="w"> </span><span class="o">?</span><span class="w"> </span><span class="n">hal_rsa_key_t_size</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="n">hal_ecdsa_key_t_size</span><span class="p">];</span>
<span class="w">  </span><span class="kt">uint8_t</span><span class="w"> </span><span class="n">der</span><span class="p">[</span><span class="n">HAL_KS_WRAPPED_KEYSIZE</span><span class="p">];</span>
<span class="w">  </span><span class="kt">size_t</span><span class="w"> </span><span class="n">der_len</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_ks_t</span><span class="w"> </span><span class="o">*</span><span class="n">ks</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_error_t</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">ks_open_from_flags</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">&amp;&amp;</span>
<span class="w">      </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_fetch</span><span class="p">(</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">slot</span><span class="p">,</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">der_len</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">der</span><span class="p">)))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>
<span class="w">  </span><span class="k">else</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ks</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="p">(</span><span class="kt">void</span><span class="p">)</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">verifier</span><span class="p">(</span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">keybuf</span><span class="p">),</span><span class="w"> </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">type</span><span class="p">,</span><span class="w"> </span><span class="n">der</span><span class="p">,</span><span class="w"> </span><span class="n">der_len</span><span class="p">,</span><span class="w"> </span><span class="n">hash</span><span class="p">,</span><span class="w"> </span><span class="n">input</span><span class="p">,</span><span class="w"> </span><span class="n">input_len</span><span class="p">,</span><span class="w"> </span><span class="n">signature</span><span class="p">,</span><span class="w"> </span><span class="n">signature_len</span><span class="p">);</span>

<span class="w">  </span><span class="n">memset</span><span class="p">(</span><span class="n">keybuf</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">keybuf</span><span class="p">));</span>
<span class="w">  </span><span class="n">memset</span><span class="p">(</span><span class="n">der</span><span class="p">,</span><span class="w">    </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">der</span><span class="p">));</span>

<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="p">}</span>

<span class="k">static</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">pkey_local_match</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_client_handle_t</span><span class="w"> </span><span class="n">client</span><span class="p">,</span>
<span class="w">                                    </span><span class="k">const</span><span class="w"> </span><span class="n">hal_session_handle_t</span><span class="w"> </span><span class="n">session</span><span class="p">,</span>
<span class="w">                                    </span><span class="k">const</span><span class="w"> </span><span class="n">hal_key_type_t</span><span class="w"> </span><span class="n">type</span><span class="p">,</span>
<span class="w">                                    </span><span class="k">const</span><span class="w"> </span><span class="n">hal_curve_name_t</span><span class="w"> </span><span class="n">curve</span><span class="p">,</span>
<span class="w">                                    </span><span class="k">const</span><span class="w"> </span><span class="n">hal_key_flags_t</span><span class="w"> </span><span class="n">flags</span><span class="p">,</span>
<span class="w">                                    </span><span class="k">const</span><span class="w"> </span><span class="n">hal_pkey_attribute_t</span><span class="w"> </span><span class="o">*</span><span class="n">attributes</span><span class="p">,</span>
<span class="w">                                    </span><span class="k">const</span><span class="w"> </span><span class="kt">unsigned</span><span class="w"> </span><span class="n">attributes_len</span><span class="p">,</span>
<span class="w">                                    </span><span class="n">hal_uuid_t</span><span class="w"> </span><span class="o">*</span><span class="n">result</span><span class="p">,</span>
<span class="w">                                    </span><span class="kt">unsigned</span><span class="w"> </span><span class="o">*</span><span class="n">result_len</span><span class="p">,</span>
<span class="w">                                    </span><span class="k">const</span><span class="w"> </span><span class="kt">unsigned</span><span class="w"> </span><span class="n">result_max</span><span class="p">,</span>
<span class="w">                                    </span><span class="k">const</span><span class="w"> </span><span class="n">hal_uuid_t</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">const</span><span class="w"> </span><span class="n">previous_uuid</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="n">hal_ks_t</span><span class="w"> </span><span class="o">*</span><span class="n">ks</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_error_t</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">check_readable</span><span class="p">(</span><span class="n">client</span><span class="p">,</span><span class="w"> </span><span class="n">flags</span><span class="p">);</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_ERROR_FORBIDDEN</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">    </span><span class="n">assert</span><span class="p">(</span><span class="n">result_len</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">);</span>
<span class="w">    </span><span class="o">*</span><span class="n">result_len</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">;</span>
<span class="w">  </span><span class="p">}</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">ks_open_from_flags</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">&amp;&amp;</span>
<span class="w">      </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_match</span><span class="p">(</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">client</span><span class="p">,</span><span class="w"> </span><span class="n">session</span><span class="p">,</span><span class="w"> </span><span class="n">type</span><span class="p">,</span><span class="w"> </span><span class="n">curve</span><span class="p">,</span><span class="w"> </span><span class="n">flags</span><span class="p">,</span><span class="w"> </span><span class="n">attributes</span><span class="p">,</span><span class="w"> </span><span class="n">attributes_len</span><span class="p">,</span>
<span class="w">                          </span><span class="n">result</span><span class="p">,</span><span class="w"> </span><span class="n">result_len</span><span class="p">,</span><span class="w"> </span><span class="n">result_max</span><span class="p">,</span><span class="w"> </span><span class="n">previous_uuid</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>
<span class="w">  </span><span class="k">else</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ks</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="p">(</span><span class="kt">void</span><span class="p">)</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>

<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="p">}</span>

<span class="k">static</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">pkey_local_set_attributes</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_pkey_handle_t</span><span class="w"> </span><span class="n">pkey</span><span class="p">,</span>
<span class="w">                                             </span><span class="k">const</span><span class="w"> </span><span class="n">hal_pkey_attribute_t</span><span class="w"> </span><span class="o">*</span><span class="n">attributes</span><span class="p">,</span>
<span class="w">                                             </span><span class="k">const</span><span class="w"> </span><span class="kt">unsigned</span><span class="w"> </span><span class="n">attributes_len</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="n">hal_pkey_slot_t</span><span class="w"> </span><span class="o">*</span><span class="n">slot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">find_handle</span><span class="p">(</span><span class="n">pkey</span><span class="p">);</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">slot</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_KEY_NOT_FOUND</span><span class="p">;</span>

<span class="w">  </span><span class="n">hal_ks_t</span><span class="w"> </span><span class="o">*</span><span class="n">ks</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_error_t</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">check_writable</span><span class="p">(</span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">client_handle</span><span class="p">,</span><span class="w"> </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">ks_open_from_flags</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">&amp;&amp;</span>
<span class="w">      </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_set_attributes</span><span class="p">(</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">slot</span><span class="p">,</span><span class="w"> </span><span class="n">attributes</span><span class="p">,</span><span class="w"> </span><span class="n">attributes_len</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>
<span class="w">  </span><span class="k">else</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ks</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="p">(</span><span class="kt">void</span><span class="p">)</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>

<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="p">}</span>

<span class="k">static</span><span class="w"> </span><span class="n">hal_error_t</span><span class="w"> </span><span class="nf">pkey_local_get_attributes</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">hal_pkey_handle_t</span><span class="w"> </span><span class="n">pkey</span><span class="p">,</span>
<span class="w">                                             </span><span class="n">hal_pkey_attribute_t</span><span class="w"> </span><span class="o">*</span><span class="n">attributes</span><span class="p">,</span>
<span class="w">                                             </span><span class="k">const</span><span class="w"> </span><span class="kt">unsigned</span><span class="w"> </span><span class="n">attributes_len</span><span class="p">,</span>
<span class="w">                                             </span><span class="kt">uint8_t</span><span class="w"> </span><span class="o">*</span><span class="n">attributes_buffer</span><span class="p">,</span>
<span class="w">                                             </span><span class="k">const</span><span class="w"> </span><span class="kt">size_t</span><span class="w"> </span><span class="n">attributes_buffer_len</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">  </span><span class="n">hal_pkey_slot_t</span><span class="w"> </span><span class="o">*</span><span class="n">slot</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">find_handle</span><span class="p">(</span><span class="n">pkey</span><span class="p">);</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">slot</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="n">HAL_ERROR_KEY_NOT_FOUND</span><span class="p">;</span>

<span class="w">  </span><span class="n">hal_ks_t</span><span class="w"> </span><span class="o">*</span><span class="n">ks</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">  </span><span class="n">hal_error_t</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">ks_open_from_flags</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">slot</span><span class="o">-&gt;</span><span class="n">flags</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="w"> </span><span class="o">&amp;&amp;</span>
<span class="w">      </span><span class="p">(</span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_get_attributes</span><span class="p">(</span><span class="n">ks</span><span class="p">,</span><span class="w"> </span><span class="n">slot</span><span class="p">,</span><span class="w"> </span><span class="n">attributes</span><span class="p">,</span><span class="w"> </span><span class="n">attributes_len</span><span class="p">,</span>
<span class="w">                                   </span><span class="n">attributes_buffer</span><span class="p">,</span><span class="w"> </span><span class="n">attributes_buffer_len</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">HAL_OK</span><span class="p">)</span>
<span class="w">    </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>
<span class="w">  </span><span class="k">else</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ks</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">    </span><span class="p">(</span><span class="kt">void</span><span class="p">)</span><span class="w"> </span><span class="n">hal_ks_close</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>

<span class="w">  </span><span class="k">return</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="p">}</span>

<span class="k">const</span><span class="w"> </span><span class="n">hal_rpc_pkey_dispatch_t</span><span class="w"> </span><span class="n">hal_rpc_local_pkey_dispatch</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
<span class="w">  </span><span class="p">.</span><span class="n">load</span><span class="w">                 </span><span class="o">=</span><span class="w"> </span><span class="n">pkey_local_load</span><span class="p">,</span>
<span class="w">  </span><span class="p">.</span><span class="n">open</span><span class="w">                 </span><span class="o">=</span><span class="w"> </span><span class="n">pkey_local_open</span><span class="p">,</span>
<span class="w">  </span><span class="p">.</span><span class="n">generate_rsa</span><span class="w">         </span><span class="o">=</span><span class="w"> </span><span class="n">pkey_local_generate_rsa</span><span class="p">,</span>
<span class="w">  </span><span class="p">.</span><span class="n">generate_ec</span><span class="w">          </span><span class="o">=</span><span class="w"> </span><span class="n">pkey_local_generate_ec</span><span class="p">,</span>
<span class="w">  </span><span class="p">.</span><span class="n">close</span><span class="w">                </span><span class="o">=</span><span class="w"> </span><span class="n">pkey_local_close</span><span class="p">,</span>
<span class="w">  </span><span class="p">.</span><span class="n">delete</span><span class="w">               </span><span class="o">=</span><span class="w"> </span><span class="n">pkey_local_delete</span><span class="p">,</span>
<span class="w">  </span><span class="p">.</span><span class="n">get_key_type</span><span class="w">         </span><span class="o">=</span><span class="w"> </span><span class="n">pkey_local_get_key_type</span><span class="p">,</span>
<span class="w">  </span><span class="p">.</span><span class="n">get_key_curve</span><span class="w">        </span><span class="o">=</span><span class="w"> </span><span class="n">pkey_local_get_key_curve</span><span class="p">,</span>
<span class="w">  </span><span class="p">.</span><span class="n">get_key_flags</span><span class="w">        </span><span class="o">=</span><span class="w"> </span><span class="n">pkey_local_get_key_flags</span><span class="p">,</span>
<span class="w">  </span><span class="p">.</span><span class="n">get_public_key_len</span><span class="w">   </span><span class="o">=</span><span class="w"> </span><span class="n">pkey_local_get_public_key_len</span><span class="p">,</span>
<span class="w">  </span><span class="p">.</span><span class="n">get_public_key</span><span class="w">       </span><span class="o">=</span><span class="w"> </span><span class="n">pkey_local_get_public_key</span><span class="p">,</span>
<span class="w">  </span><span class="p">.</span><span class="n">sign</span><span class="w">                 </span><span class="o">=</span><span class="w"> </span><span class="n">pkey_local_sign</span><span class="p">,</span>
<span class="w">  </span><span class="p">.</span><span class="n">verify</span><span class="w">               </span><span class="o">=</span><span class="w"> </span><span class="n">pkey_local_verify</span><span class="p">,</span>
<span class="w">  </span><span class="p">.</span><span class="n">match</span><span class="w">                </span><span class="o">=</span><span class="w"> </span><span class="n">pkey_local_match</span><span class="p">,</span>
<span class="w">  </span><span class="p">.</span><span class="n">set_attributes</span><span class="w">       </span><span class="o">=</span><span class="w"> </span><span class="n">pkey_local_set_attributes</span><span class="p">,</span>
<span class="w">  </span><span class="p">.</span><span class="n">get_attributes</span><span class="w">       </span><span class="o">=</span><span class="w"> </span><span class="n">pkey_local_get_attributes</span>
<span class="p">};</span>

<span class="cm">/*</span>
<span class="cm"> * Local variables:</span>
<span class="cm"> * indent-tabs-mode: nil</span>
<span class="cm"> * End:</span>
<span class="cm"> */</span>
</pre></div>
</code></pre></div></td>
</tr>
</table>
</div> <!-- class=content -->
<div class='footer'>generated by <a href='https://git.zx2c4.com/cgit/about/'>cgit v1.2.3</a> (<a href='https://git-scm.com/'>git 2.25.1</a>) at 2024-09-20 09:54:07 +0000</div>
</div> <!-- id=cgit -->
</body>
</html>