cleanup key usage handling, cleanup
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2550 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
nils
parent
f9db170520
commit
d37315ec35
@ -102,7 +102,7 @@ struct pkcs15_pubkey_object {
|
||||
#define pub_p15obj base.p15_object
|
||||
#define pub_cert base.related_cert
|
||||
|
||||
#define __p15_type(obj) (((obj) && (obj)->p15_object)? ((obj)->p15_object->type) : -1)
|
||||
#define __p15_type(obj) (((obj) && (obj)->p15_object)? ((obj)->p15_object->type) : (unsigned int)-1)
|
||||
#define is_privkey(obj) (__p15_type(obj) == SC_PKCS15_TYPE_PRKEY_RSA)
|
||||
#define is_pubkey(obj) (__p15_type(obj) == SC_PKCS15_TYPE_PUBKEY_RSA)
|
||||
#define is_cert(obj) (__p15_type(obj) == SC_PKCS15_TYPE_CERT_X509)
|
||||
@ -673,7 +673,7 @@ static CK_RV pkcs15_create_tokens(struct sc_pkcs11_card *p11card)
|
||||
for (j=0; j < fw_data->num_objects; j++) {
|
||||
struct pkcs15_any_object *obj = fw_data->objects[j];
|
||||
|
||||
if (__p15_type(obj) == -1)
|
||||
if (__p15_type(obj) == (unsigned int)-1)
|
||||
continue;
|
||||
else if (!sc_pkcs15_compare_id(&pin_info->auth_id, &obj->p15_object->auth_id))
|
||||
continue;
|
||||
@ -1214,13 +1214,13 @@ get_X509_usage_privk(CK_ATTRIBUTE_PTR pTempl, CK_ULONG ulCount, unsigned long *x
|
||||
if (val == NULL)
|
||||
continue;
|
||||
if (typ == CKA_SIGN && *val)
|
||||
*x509_usage |= 1;
|
||||
*x509_usage |= SC_PKCS15INIT_X509_DIGITAL_SIGNATURE;
|
||||
if (typ == CKA_UNWRAP && *val)
|
||||
*x509_usage |= 4;
|
||||
*x509_usage |= SC_PKCS15INIT_X509_KEY_ENCIPHERMENT;
|
||||
if (typ == CKA_DECRYPT && *val)
|
||||
*x509_usage |= 8;
|
||||
*x509_usage |= SC_PKCS15INIT_X509_DATA_ENCIPHERMENT;
|
||||
if (typ == CKA_DERIVE && *val)
|
||||
*x509_usage |= 16;
|
||||
*x509_usage |= SC_PKCS15INIT_X509_KEY_AGREEMENT;
|
||||
if (typ == CKA_VERIFY || typ == CKA_WRAP || typ == CKA_ENCRYPT) {
|
||||
sc_debug(context, "get_X509_usage_privk(): invalid typ = 0x%0x\n", typ);
|
||||
return CKR_ATTRIBUTE_TYPE_INVALID;
|
||||
@ -1239,13 +1239,13 @@ get_X509_usage_pubk(CK_ATTRIBUTE_PTR pTempl, CK_ULONG ulCount, unsigned long *x5
|
||||
if (val == NULL)
|
||||
continue;
|
||||
if (typ == CKA_VERIFY && *val)
|
||||
*x509_usage |= 1;
|
||||
*x509_usage |= SC_PKCS15INIT_X509_DIGITAL_SIGNATURE;
|
||||
if (typ == CKA_WRAP && *val)
|
||||
*x509_usage |= 4;
|
||||
*x509_usage |= SC_PKCS15INIT_X509_KEY_ENCIPHERMENT;
|
||||
if (typ == CKA_ENCRYPT && *val)
|
||||
*x509_usage |= 8;
|
||||
*x509_usage |= SC_PKCS15INIT_X509_DATA_ENCIPHERMENT;
|
||||
if (typ == CKA_DERIVE && *val)
|
||||
*x509_usage |= 16;
|
||||
*x509_usage |= SC_PKCS15INIT_X509_KEY_AGREEMENT;
|
||||
if (typ == CKA_SIGN || typ == CKA_UNWRAP || typ == CKA_DECRYPT) {
|
||||
sc_debug(context, "get_X509_usage_pubk(): invalid typ = 0x%0x\n", typ);
|
||||
return CKR_ATTRIBUTE_TYPE_INVALID;
|
||||
@ -1649,6 +1649,8 @@ struct sc_pkcs11_object_ops pkcs15_cert_ops = {
|
||||
pkcs15_cert_cmp_attribute,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL
|
||||
};
|
||||
|
||||
@ -1933,13 +1935,13 @@ pkcs15_prkey_unwrap(struct sc_pkcs11_session *ses, void *obj,
|
||||
{
|
||||
u8 unwrapped_key[256];
|
||||
CK_ULONG key_len = sizeof(unwrapped_key);
|
||||
CK_RV rv;
|
||||
int r;
|
||||
|
||||
rv = pkcs15_prkey_decrypt(ses, obj, pMechanism, pData, ulDataLen,
|
||||
r = pkcs15_prkey_decrypt(ses, obj, pMechanism, pData, ulDataLen,
|
||||
unwrapped_key, &key_len);
|
||||
|
||||
if (rv < 0)
|
||||
return sc_to_cryptoki_error(rv, ses->slot->card->reader);
|
||||
if (r < 0)
|
||||
return sc_to_cryptoki_error(r, ses->slot->card->reader);
|
||||
return sc_pkcs11_create_secret_key(ses,
|
||||
unwrapped_key, key_len,
|
||||
pTemplate, ulAttributeCount,
|
||||
@ -2084,6 +2086,8 @@ struct sc_pkcs11_object_ops pkcs15_pubkey_ops = {
|
||||
sc_pkcs11_any_cmp_attribute,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL
|
||||
};
|
||||
|
||||
|
||||
@ -869,7 +869,8 @@ static struct sc_pkcs15init_operations sc_pkcs15init_cryptoflex_operations = {
|
||||
cryptoflex_encode_private_key,
|
||||
cryptoflex_encode_public_key,
|
||||
NULL, /* finalize_card */
|
||||
NULL, NULL, NULL, NULL, NULL /* old style api */
|
||||
NULL, NULL, NULL, NULL, NULL, /* old style api */
|
||||
NULL /* delete_object */
|
||||
};
|
||||
|
||||
static struct sc_pkcs15init_operations sc_pkcs15init_cyberflex_operations = {
|
||||
@ -887,7 +888,7 @@ static struct sc_pkcs15init_operations sc_pkcs15init_cyberflex_operations = {
|
||||
cyberflex_encode_public_key,
|
||||
NULL, /* finalize_card */
|
||||
NULL, NULL, NULL, NULL, NULL, /* old style api */
|
||||
NULL /* delete_object */
|
||||
NULL /* delete_object */
|
||||
};
|
||||
|
||||
struct sc_pkcs15init_operations *
|
||||
|
||||
@ -13,6 +13,14 @@ extern "C" {
|
||||
|
||||
#include <opensc/pkcs15.h>
|
||||
|
||||
#define SC_PKCS15INIT_X509_DIGITAL_SIGNATURE 0x0080UL
|
||||
#define SC_PKCS15INIT_X509_NON_REPUDIATION 0x0040UL
|
||||
#define SC_PKCS15INIT_X509_KEY_ENCIPHERMENT 0x0020UL
|
||||
#define SC_PKCS15INIT_X509_DATA_ENCIPHERMENT 0x0010UL
|
||||
#define SC_PKCS15INIT_X509_KEY_AGREEMENT 0x0008UL
|
||||
#define SC_PKCS15INIT_X509_KEY_CERT_SIGN 0x0004UL
|
||||
#define SC_PKCS15INIT_X509_CRL_SIGN 0x0002UL
|
||||
|
||||
typedef struct sc_profile sc_profile_t; /* opaque type */
|
||||
|
||||
struct sc_pkcs15init_operations {
|
||||
|
||||
@ -1679,42 +1679,48 @@ done: if (file)
|
||||
/*
|
||||
* Map X509 keyUsage extension bits to PKCS#15 keyUsage bits
|
||||
*/
|
||||
static unsigned int x509_to_pkcs15_private_key_usage[16] = {
|
||||
SC_PKCS15_PRKEY_USAGE_SIGN
|
||||
| SC_PKCS15_PRKEY_USAGE_SIGNRECOVER, /* digitalSignature */
|
||||
SC_PKCS15_PRKEY_USAGE_NONREPUDIATION, /* NonRepudiation */
|
||||
SC_PKCS15_PRKEY_USAGE_UNWRAP, /* keyEncipherment */
|
||||
SC_PKCS15_PRKEY_USAGE_DECRYPT, /* dataEncipherment */
|
||||
SC_PKCS15_PRKEY_USAGE_DERIVE, /* keyAgreement */
|
||||
SC_PKCS15_PRKEY_USAGE_SIGN
|
||||
| SC_PKCS15_PRKEY_USAGE_SIGNRECOVER, /* keyCertSign */
|
||||
SC_PKCS15_PRKEY_USAGE_SIGN
|
||||
| SC_PKCS15_PRKEY_USAGE_SIGNRECOVER, /* cRLSign */
|
||||
typedef struct {
|
||||
unsigned long x509_usage;
|
||||
unsigned int p15_usage;
|
||||
} sc_usage_map;
|
||||
|
||||
static sc_usage_map x509_to_pkcs15_private_key_usage[16] = {
|
||||
{ SC_PKCS15INIT_X509_DIGITAL_SIGNATURE,
|
||||
SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER },
|
||||
{ SC_PKCS15INIT_X509_NON_REPUDIATION, SC_PKCS15_PRKEY_USAGE_NONREPUDIATION },
|
||||
{ SC_PKCS15INIT_X509_KEY_ENCIPHERMENT, SC_PKCS15_PRKEY_USAGE_UNWRAP },
|
||||
{ SC_PKCS15INIT_X509_DATA_ENCIPHERMENT, SC_PKCS15_PRKEY_USAGE_DECRYPT },
|
||||
{ SC_PKCS15INIT_X509_KEY_AGREEMENT, SC_PKCS15_PRKEY_USAGE_DERIVE },
|
||||
{ SC_PKCS15INIT_X509_KEY_CERT_SIGN,
|
||||
SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER },
|
||||
{ SC_PKCS15INIT_X509_CRL_SIGN,
|
||||
SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER }
|
||||
};
|
||||
|
||||
static unsigned int x509_to_pkcs15_public_key_usage[16] = {
|
||||
SC_PKCS15_PRKEY_USAGE_VERIFY
|
||||
| SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER, /* digitalSignature */
|
||||
SC_PKCS15_PRKEY_USAGE_NONREPUDIATION, /* NonRepudiation */
|
||||
SC_PKCS15_PRKEY_USAGE_WRAP, /* keyEncipherment */
|
||||
SC_PKCS15_PRKEY_USAGE_ENCRYPT, /* dataEncipherment */
|
||||
SC_PKCS15_PRKEY_USAGE_DERIVE, /* keyAgreement */
|
||||
SC_PKCS15_PRKEY_USAGE_VERIFY
|
||||
| SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER, /* keyCertSign */
|
||||
SC_PKCS15_PRKEY_USAGE_VERIFY
|
||||
| SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER, /* cRLSign */
|
||||
static sc_usage_map x509_to_pkcs15_public_key_usage[16] = {
|
||||
{ SC_PKCS15INIT_X509_DIGITAL_SIGNATURE,
|
||||
SC_PKCS15_PRKEY_USAGE_VERIFY | SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER },
|
||||
{ SC_PKCS15INIT_X509_NON_REPUDIATION, SC_PKCS15_PRKEY_USAGE_NONREPUDIATION },
|
||||
{ SC_PKCS15INIT_X509_KEY_ENCIPHERMENT, SC_PKCS15_PRKEY_USAGE_WRAP },
|
||||
{ SC_PKCS15INIT_X509_DATA_ENCIPHERMENT, SC_PKCS15_PRKEY_USAGE_ENCRYPT },
|
||||
{ SC_PKCS15INIT_X509_KEY_AGREEMENT, SC_PKCS15_PRKEY_USAGE_DERIVE },
|
||||
{ SC_PKCS15INIT_X509_KEY_CERT_SIGN,
|
||||
SC_PKCS15_PRKEY_USAGE_VERIFY | SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER },
|
||||
{ SC_PKCS15INIT_X509_CRL_SIGN,
|
||||
SC_PKCS15_PRKEY_USAGE_VERIFY | SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER }
|
||||
};
|
||||
|
||||
static int
|
||||
sc_pkcs15init_map_usage(unsigned long x509_usage, int _private)
|
||||
{
|
||||
unsigned int p15_usage, n, *bits;
|
||||
unsigned int p15_usage = 0, n;
|
||||
sc_usage_map *map;
|
||||
|
||||
bits = _private? x509_to_pkcs15_private_key_usage
|
||||
map = _private ? x509_to_pkcs15_private_key_usage
|
||||
: x509_to_pkcs15_public_key_usage;
|
||||
for (n = p15_usage = 0; n < 16; n++) {
|
||||
if (x509_usage & ((0x80 >> (n % 8)) << (n / 8)))
|
||||
p15_usage |= bits[n];
|
||||
for (n = 0; n < 16; n++) {
|
||||
if (x509_usage & map[n].x509_usage)
|
||||
p15_usage |= map[n].p15_usage;
|
||||
}
|
||||
return p15_usage;
|
||||
}
|
||||
|
||||
@ -2047,13 +2047,13 @@ parse_x509_usage(const char *list, unsigned int *res)
|
||||
const char* name;
|
||||
unsigned int flag;
|
||||
} x509_usage_names[] = {
|
||||
{ "digitalSignature", 0x0080 },
|
||||
{ "nonRepudiation", 0x0040 },
|
||||
{ "keyEncipherment", 0x0020 },
|
||||
{ "dataEncipherment", 0x0010 },
|
||||
{ "keyAgreement", 0x0008 },
|
||||
{ "keyCertSign", 0x0004 },
|
||||
{ "cRLSign", 0x0002 },
|
||||
{ "digitalSignature", SC_PKCS15INIT_X509_DIGITAL_SIGNATURE },
|
||||
{ "nonRepudiation", SC_PKCS15INIT_X509_NON_REPUDIATION },
|
||||
{ "keyEncipherment", SC_PKCS15INIT_X509_KEY_ENCIPHERMENT },
|
||||
{ "dataEncipherment", SC_PKCS15INIT_X509_DATA_ENCIPHERMENT },
|
||||
{ "keyAgreement", SC_PKCS15INIT_X509_KEY_AGREEMENT },
|
||||
{ "keyCertSign", SC_PKCS15INIT_X509_KEY_CERT_SIGN },
|
||||
{ "cRLSign", SC_PKCS15INIT_X509_CRL_SIGN },
|
||||
{ NULL, 0 }
|
||||
};
|
||||
static struct {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user