From 20e3836c9e4f9783f47c891938e8986938a3a480 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Tue, 25 Apr 2017 14:15:16 +0200 Subject: [PATCH] Restore the functionality of CAC usage flags deriving from X509 certificates --- src/libopensc/pkcs15-cac.c | 39 +++++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/src/libopensc/pkcs15-cac.c b/src/libopensc/pkcs15-cac.c index d82854df..bab79f4c 100644 --- a/src/libopensc/pkcs15-cac.c +++ b/src/libopensc/pkcs15-cac.c @@ -120,23 +120,32 @@ cac_alg_flags_from_algorithm(int algorithm) return 0; } +#define SC_X509_DIGITAL_SIGNATURE 0x0001UL +#define SC_X509_NON_REPUDIATION 0x0002UL +#define SC_X509_KEY_ENCIPHERMENT 0x0004UL +#define SC_X509_DATA_ENCIPHERMENT 0x0008UL +#define SC_X509_KEY_AGREEMENT 0x0010UL +#define SC_X509_KEY_CERT_SIGN 0x0020UL +#define SC_X509_CRL_SIGN 0x0040UL +#define SC_X509_SIGN_ONLY 0x0080UL +#define SC_X509_DECIPHER_ONLY 0x0100UL /* These are the cert key usage bits that map to various PKCS #11 (and thus PKCS #15) flags */ -#define CAC_X509_USAGE_SIGNATURE \ - (SC_PKCS15INIT_X509_DIGITAL_SIGNATURE | \ - SC_PKCS15INIT_X509_NON_REPUDIATION | \ - SC_PKCS15INIT_X509_KEY_CERT_SIGN | \ - SC_PKCS15INIT_X509_CRL_SIGN) -#define CAC_X509_USAGE_DERIVE \ - SC_PKCS15INIT_X509_KEY_AGREEMENT -#define CAC_X509_USAGE_UNWRAP \ - (SC_PKCS15INIT_X509_KEY_ENCIPHERMENT | \ - SC_PKCS15INIT_X509_KEY_AGREEMENT) -#define CAC_X509_USAGE_DECRYPT \ - (SC_PKCS15INIT_X509_DATA_ENCIPHERMENT \ - /* | encipher? */) -#define CAC_X509_USAGE_NONREPUDIATION \ - SC_PKCS15INIT_X509_NON_REPUDIATION +#define CAC_X509_USAGE_SIGNATURE \ + (SC_X509_DIGITAL_SIGNATURE | \ + SC_X509_NON_REPUDIATION | \ + SC_X509_KEY_CERT_SIGN | \ + SC_X509_CRL_SIGN) +#define CAC_X509_USAGE_DERIVE \ + SC_X509_KEY_AGREEMENT +#define CAC_X509_USAGE_UNWRAP \ + (SC_X509_KEY_ENCIPHERMENT | \ + SC_X509_KEY_AGREEMENT) +#define CAC_X509_USAGE_DECRYPT \ + (SC_X509_DATA_ENCIPHERMENT | \ + SC_X509_SIGN_ONLY) +#define CAC_X509_USAGE_NONREPUDIATION \ + SC_X509_NON_REPUDIATION /* map a cert usage and algorithm to public and private key usages */ static int