Restore the functionality of CAC usage flags deriving from X509 certificates

2017-04-25 14:15:16 +02:00 · 2017-04-25 14:15:16 +02:00 · 20e3836c9e
parent 35bae65f11
commit 20e3836c9e
1 changed files with 24 additions and 15 deletions
--- a/src/libopensc/pkcs15-cac.c
+++ b/src/libopensc/pkcs15-cac.c
@ -120,23 +120,32 @@ cac_alg_flags_from_algorithm(int algorithm)
 	return 0;
 }
 #define SC_X509_DIGITAL_SIGNATURE     0x0001UL
 #define SC_X509_NON_REPUDIATION       0x0002UL
 #define SC_X509_KEY_ENCIPHERMENT      0x0004UL
 #define SC_X509_DATA_ENCIPHERMENT     0x0008UL
 #define SC_X509_KEY_AGREEMENT         0x0010UL
 #define SC_X509_KEY_CERT_SIGN         0x0020UL
 #define SC_X509_CRL_SIGN              0x0040UL
 #define SC_X509_SIGN_ONLY             0x0080UL
 #define SC_X509_DECIPHER_ONLY         0x0100UL
 /* These are the cert key usage bits that map to various PKCS #11 (and thus PKCS #15) flags */
-#define CAC_X509_USAGE_SIGNATURE		\
+#define CAC_X509_USAGE_SIGNATURE \
-	(SC_PKCS15INIT_X509_DIGITAL_SIGNATURE	| \
+	(SC_X509_DIGITAL_SIGNATURE | \
-	SC_PKCS15INIT_X509_NON_REPUDIATION	| \
+	SC_X509_NON_REPUDIATION    | \
-	SC_PKCS15INIT_X509_KEY_CERT_SIGN 	| \
+	SC_X509_KEY_CERT_SIGN      | \
-	SC_PKCS15INIT_X509_CRL_SIGN)
+	SC_X509_CRL_SIGN)
-#define CAC_X509_USAGE_DERIVE			\
+#define CAC_X509_USAGE_DERIVE \
-	SC_PKCS15INIT_X509_KEY_AGREEMENT
+	SC_X509_KEY_AGREEMENT
-#define CAC_X509_USAGE_UNWRAP 			\
+#define CAC_X509_USAGE_UNWRAP \
-	(SC_PKCS15INIT_X509_KEY_ENCIPHERMENT	| \
+	(SC_X509_KEY_ENCIPHERMENT | \
-	SC_PKCS15INIT_X509_KEY_AGREEMENT)
+	SC_X509_KEY_AGREEMENT)
-#define CAC_X509_USAGE_DECRYPT			\
+#define CAC_X509_USAGE_DECRYPT \
-	(SC_PKCS15INIT_X509_DATA_ENCIPHERMENT 	\
+	(SC_X509_DATA_ENCIPHERMENT | \
-	/* | encipher? */)
+	SC_X509_SIGN_ONLY)
-#define CAC_X509_USAGE_NONREPUDIATION		\
+#define CAC_X509_USAGE_NONREPUDIATION \
-	SC_PKCS15INIT_X509_NON_REPUDIATION
+	SC_X509_NON_REPUDIATION
 /* map a cert usage and algorithm to public and private key usages */
 static int