From 41bc63d2ee629610de41c793e1eb00e1571d38d4 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Mon, 24 Oct 2016 17:57:35 -0400
Subject: Flesh out key object access control.

This is more complicated than I'd have liked, because the PKCS #11
semantics are (much) more complicated than just "are you logged in?"

New code passes basic testing with libhal.py and the PKCS #11 unit
tests, but there are still unexplored corner cases to be checked.

Private token objects remain simple.  Code which does not need PKCS
HAL_KEY_FLAG_TOKEN and avoid HAL_KEY_FLAG_PUBLIC.
---
 hal.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'hal.h')

diff --git a/hal.h b/hal.h
index 194948a..db4038d 100644
--- a/hal.h
+++ b/hal.h
@@ -692,6 +692,7 @@ typedef uint32_t hal_key_flags_t;
 #define	HAL_KEY_FLAG_USAGE_KEYENCIPHERMENT      (1 << 1)
 #define	HAL_KEY_FLAG_USAGE_DATAENCIPHERMENT	(1 << 2)
 #define	HAL_KEY_FLAG_TOKEN                      (1 << 3)
+#define HAL_KEY_FLAG_PUBLIC                     (1 << 4)
 
 extern hal_error_t hal_rpc_pkey_load(const hal_client_handle_t client,
                                      const hal_session_handle_t session,
-- 
cgit v1.2.3