[pkg-opensc-commit] [opensc] 248/295: Restore the functionality of CAC usage flags deriving from X509 certificates

[Eric Dorland]

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository opensc.

commit 20e3836c9e4f9783f47c891938e8986938a3a480
Author: Jakub Jelen <jjelen at redhat.com>
Date:   Tue Apr 25 14:15:16 2017 +0200

    Restore the functionality of CAC usage flags deriving from X509 certificates
---
 src/libopensc/pkcs15-cac.c | 39 ++++++++++++++++++++++++---------------
 1 file changed, 24 insertions(+), 15 deletions(-)

diff --git a/src/libopensc/pkcs15-cac.c b/src/libopensc/pkcs15-cac.c
index d82854d..bab79f4 100644
--- a/src/libopensc/pkcs15-cac.c
+++ b/src/libopensc/pkcs15-cac.c
@@ -120,23 +120,32 @@ cac_alg_flags_from_algorithm(int algorithm)
 	return 0;
 }
 
+#define SC_X509_DIGITAL_SIGNATURE     0x0001UL
+#define SC_X509_NON_REPUDIATION       0x0002UL
+#define SC_X509_KEY_ENCIPHERMENT      0x0004UL
+#define SC_X509_DATA_ENCIPHERMENT     0x0008UL
+#define SC_X509_KEY_AGREEMENT         0x0010UL
+#define SC_X509_KEY_CERT_SIGN         0x0020UL
+#define SC_X509_CRL_SIGN              0x0040UL
+#define SC_X509_SIGN_ONLY             0x0080UL
+#define SC_X509_DECIPHER_ONLY         0x0100UL
 
 /* These are the cert key usage bits that map to various PKCS #11 (and thus PKCS #15) flags */
-#define CAC_X509_USAGE_SIGNATURE		\
-	(SC_PKCS15INIT_X509_DIGITAL_SIGNATURE	| \
-	SC_PKCS15INIT_X509_NON_REPUDIATION	| \
-	SC_PKCS15INIT_X509_KEY_CERT_SIGN 	| \
-	SC_PKCS15INIT_X509_CRL_SIGN)
-#define CAC_X509_USAGE_DERIVE			\
-	SC_PKCS15INIT_X509_KEY_AGREEMENT
-#define CAC_X509_USAGE_UNWRAP 			\
-	(SC_PKCS15INIT_X509_KEY_ENCIPHERMENT	| \
-	SC_PKCS15INIT_X509_KEY_AGREEMENT)
-#define CAC_X509_USAGE_DECRYPT			\
-	(SC_PKCS15INIT_X509_DATA_ENCIPHERMENT 	\
-	/* | encipher? */)
-#define CAC_X509_USAGE_NONREPUDIATION		\
-	SC_PKCS15INIT_X509_NON_REPUDIATION
+#define CAC_X509_USAGE_SIGNATURE \
+	(SC_X509_DIGITAL_SIGNATURE | \
+	SC_X509_NON_REPUDIATION    | \
+	SC_X509_KEY_CERT_SIGN      | \
+	SC_X509_CRL_SIGN)
+#define CAC_X509_USAGE_DERIVE \
+	SC_X509_KEY_AGREEMENT
+#define CAC_X509_USAGE_UNWRAP \
+	(SC_X509_KEY_ENCIPHERMENT | \
+	SC_X509_KEY_AGREEMENT)
+#define CAC_X509_USAGE_DECRYPT \
+	(SC_X509_DATA_ENCIPHERMENT | \
+	SC_X509_SIGN_ONLY)
+#define CAC_X509_USAGE_NONREPUDIATION \
+	SC_X509_NON_REPUDIATION
 
 /* map a cert usage and algorithm to public and private key usages */
 static int

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git