{ MKACP_END() } },
/* Cert renewal request */
{ CRYPT_CERTACTION_REQUEST_RENEWAL,
ACTION_PERM_NONE, /* Cert dbx.use only */
{ MKACP_END() } },
/* Cert revocation request */
{ CRYPT_CERTACTION_REQUEST_REVOCATION,
ACTION_PERM_NONE, /* Cert dbx.use only */
{ MKACP_END() } },
/* Cert creation */
{ CRYPT_CERTACTION_CERT_CREATION,
ACTION_PERM_NONE_EXTERNAL, /* Cert mgmt.use only */
{ MKACP_O( ST_CTX_PKC, /* CA key w/cert (see below) */
ACL_FLAG_HIGH_STATE ),
MKACP_O( ST_CERT_CERTREQ | ST_CERT_REQ_CERT,/* Cert request */
ACL_FLAG_HIGH_STATE ) },
{ MKACP_O( ST_CERT_CERT | ST_CERT_CERTCHAIN, /* CA cert */
ACL_FLAG_HIGH_STATE ) } },
/* Confirmation of cert creation */
{ CRYPT_CERTACTION_CERT_CREATION_COMPLETE,
ACTION_PERM_NONE_EXTERNAL, /* Cert mgmt.use only */
{ MKACP_UNUSED(),
MKACP_O( ST_CERT_CERT, /* Completed cert */
ACL_FLAG_HIGH_STATE ) } },
/* Cancellation of cert creation */
{ CRYPT_CERTACTION_CERT_CREATION_DROP,
ACTION_PERM_NONE_EXTERNAL, /* Cert mgmt.use only */
/****************************************************************************
* *
* Mechanism ACLs *
* *
****************************************************************************/
/* The ACL tables for each mechanism class */
static const MECHANISM_ACL FAR_BSS mechanismWrapACL[] = {
/* PKCS #1 encrypt */
{ MECHANISM_ENC_PKCS1,
{ MKACP_S_OPT( MIN_PKCSIZE, /* Wrapped key */
MAX_PKCENCRYPTED_SIZE ),
MKACP_S_NONE(),
MKACP_O( ST_CTX_CONV | ST_CTX_MAC | ST_CTX_GENERIC,
ACL_FLAG_HIGH_STATE ), /* Ctx containing key */
MKACP_O( ST_CTX_PKC, /* Wrap PKC context */
ACL_FLAG_HIGH_STATE | ACL_FLAG_ROUTE_TO_CTX ),
MKACP_N_FIXED( CRYPT_UNUSED ),
MKACP_N_FIXED( CRYPT_UNUSED ) } },
/* PKCS #1 encrypt using PGP formatting */
#ifdef USE_PGP
{ MECHANISM_ENC_PKCS1_PGP,
{ MKACP_S_OPT( MIN_PKCSIZE, /* Wrapped key */
MAX_PKCENCRYPTED_SIZE ),
MKACP_S_NONE(),
MKACP_O( ST_CTX_CONV, /* Ctx containing key */
ACL_FLAG_HIGH_STATE ),
MKACP_O( ST_CTX_PKC, /* Wrap PKC context */
ACL_FLAG_HIGH_STATE | ACL_FLAG_ROUTE_TO_CTX ),