API cleanup: pkey_open() and pkey_match().

pkey_open() now looks in both keystores rather than requiring the user to know. The chance of collision with randomly-generated UUID is low enough that we really ought to be able to present a single namespace. So now we do. pkey_match() now takes a couple of extra arguments which allow a single search to cover both keystores, as well as matching for specific key flags. The former interface was pretty much useless for anything involving flags, and required the user to issue a separate call for each keystore. User wheel is now exempt from the per-session key lookup constraints, Whether this is a good idea or not is an interesting question, but the whole PKCS #11 derived per-session key thing is weird to begin with, and having keystore listings on the console deliberately ignore session keys was just too confusing.
author: Rob Austein <sra@hactrn.net> 2017-04-11 00:14:59 -0400
committer: Rob Austein <sra@hactrn.net> 2017-04-11 00:14:59 -0400
commit: cc46a697de71e66e90653e3ac7fffe413acfd8c8 (patch)
tree: c6df3d427c9ea29b6cd71cb92a6e6a579e977076 /hal.h
parent: a90d24ee670af4e605cbd95418b000f811265c59 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/hal.h b/hal.h
index 4d246a3..bfb727a 100644
--- a/hal.h
+++ b/hal.h
@@ -358,7 +358,7 @@ extern hal_error_t hal_aes_keywrap(hal_core_t *core,
 extern hal_error_t hal_aes_keyunwrap(hal_core_t *core,
                                      const uint8_t *kek, const size_t kek_length,
                                      const uint8_t *ciphertext, const size_t ciphertext_length,
-                                     unsigned char *plaintext, size_t *plaintext_length);
+                                     uint8_t *plaintext, size_t *plaintext_length);
 
 extern size_t hal_aes_keywrap_ciphertext_length(const size_t plaintext_length);
 
@@ -756,8 +756,7 @@ extern hal_error_t hal_rpc_pkey_load(const hal_client_handle_t client,
 extern hal_error_t hal_rpc_pkey_open(const hal_client_handle_t client,
                                      const hal_session_handle_t session,
                                      hal_pkey_handle_t *pkey,
-                                     const hal_uuid_t * const name,
-                                     const hal_key_flags_t flags);
+                                     const hal_uuid_t * const name);
 
 extern hal_error_t hal_rpc_pkey_generate_rsa(const hal_client_handle_t client,
                                              const hal_session_handle_t session,
@@ -806,9 +805,11 @@ extern hal_error_t hal_rpc_pkey_match(const hal_client_handle_t client,
                                       const hal_session_handle_t session,
                                       const hal_key_type_t type,
                                       const hal_curve_name_t curve,
+                                      const hal_key_flags_t mask,
                                       const hal_key_flags_t flags,
                                       const hal_pkey_attribute_t *attributes,
                                       const unsigned attributes_len,
+                                      unsigned *state,
                                       hal_uuid_t *result,
                                       unsigned *result_len,
                                       const unsigned result_max,
author	Rob Austein <sra@hactrn.net>	2017-04-11 00:14:59 -0400
committer	Rob Austein <sra@hactrn.net>	2017-04-11 00:14:59 -0400
commit	cc46a697de71e66e90653e3ac7fffe413acfd8c8 (patch)
tree	c6df3d427c9ea29b6cd71cb92a6e6a579e977076 /hal.h
parent	a90d24ee670af4e605cbd95418b000f811265c59 (diff)