pkcs11ecdsa_link.c revision 12bf5d4796505b4c20680531da96a31e6c2c1144
/*
* Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
*
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id$ */
#include <config.h>
#if defined(PKCS11CRYPTO) && defined(HAVE_PKCS11_ECDSA)
#include <dns/keyvalues.h>
#include "dst_internal.h"
#include "dst_parse.h"
#include "dst_pkcs11.h"
#include <iscpk11/internal.h>
#define WANT_ECC_CURVES
#include <iscpk11/constants.h>
/*
* FIPS 186-3 ECDSA keys:
* mechanisms:
* CKM_ECDSA,
* CKM_EC_KEY_PAIR_GEN
* domain parameters:
* CKA_EC_PARAMS (choice with OID namedCurve)
* public keys:
* object class CKO_PUBLIC_KEY
* key type CKK_EC
* attribute CKA_EC_PARAMS (choice with OID namedCurve)
* attribute CKA_EC_POINT (point Q)
* private keys:
* object class CKO_PRIVATE_KEY
* key type CKK_EC
* attribute CKA_EC_PARAMS (choice with OID namedCurve)
* attribute CKA_VALUE (big int d)
* point format: 0x04 (octet-string) <2*size+1> 0x4 (uncompressed) <x> <y>
*/
#define TAG_OCTECT_STRING 0x04
#define UNCOMPRESSED 0x04
isc_buffer_t *data);
static isc_result_t
else
sizeof(*pk11_ctx));
return (ISC_R_NOMEMORY);
else
if (ret != ISC_R_SUCCESS)
goto err;
return (ISC_R_SUCCESS);
err:
return (ret);
}
static void
}
}
static isc_result_t
return (ret);
}
static isc_result_t
{
{ CKA_EC_PARAMS, NULL, 0 },
};
isc_region_t r;
unsigned int i;
} else {
}
goto token_key;
}
case CKA_EC_PARAMS:
attr->ulValueLen);
attr->ulValueLen);
break;
case CKA_VALUE:
attr->ulValueLen);
attr->ulValueLen);
break;
}
&hKey),
err:
if (hKey != CK_INVALID_HANDLE)
for (i = 5; i <= 6; i++)
keyTemplate[i].ulValueLen);
keyTemplate[i].pValue,
keyTemplate[i].ulValueLen);
}
return (ret);
}
static isc_result_t
{
{ CKA_EC_PARAMS, NULL, 0 },
{ CKA_EC_POINT, NULL, 0 }
};
unsigned int i;
else
case CKA_EC_PARAMS:
attr->ulValueLen);
attr->ulValueLen);
break;
case CKA_EC_POINT:
attr->ulValueLen);
attr->ulValueLen);
break;
}
&hKey),
err:
if (hKey != CK_INVALID_HANDLE)
for (i = 5; i <= 6; i++)
keyTemplate[i].ulValueLen);
keyTemplate[i].pValue,
keyTemplate[i].ulValueLen);
}
return (ret);
}
static isc_boolean_t
return (ISC_TRUE);
return (ISC_FALSE);
return (ISC_TRUE);
return (ISC_FALSE);
return (ISC_TRUE);
return (ISC_FALSE);
return (ISC_FALSE);
return (ISC_TRUE);
return (ISC_FALSE);
return (ISC_TRUE);
}
#define SETCURVE() \
sizeof(pk11_ecc_prime256v1)); \
pk11_ecc_prime256v1, sizeof(pk11_ecc_prime256v1)); \
} else { \
sizeof(pk11_ecc_secp384r1)); \
pk11_ecc_secp384r1, sizeof(pk11_ecc_secp384r1)); \
}
#define FREECURVE() \
}
static isc_result_t
{
{ CKA_EC_PARAMS, NULL, 0 }
};
{
};
sizeof(*pk11_ctx));
return (ISC_R_NOMEMORY);
if (ret != ISC_R_SUCCESS)
goto err;
SETCURVE();
FREECURVE();
SETCURVE();
attr++;
attr++;
return (ISC_R_SUCCESS);
err:
if (priv != CK_INVALID_HANDLE)
if (pub != CK_INVALID_HANDLE)
return (ret);
}
static isc_boolean_t
return (ISC_FALSE);
}
static void
return;
case CKA_LABEL:
case CKA_ID:
case CKA_EC_PARAMS:
case CKA_EC_POINT:
case CKA_VALUE:
FREECURVE();
break;
}
}
}
static isc_result_t
isc_region_t r;
unsigned int len;
else
return (ISC_R_FAILURE);
return (ISC_R_NOSPACE);
return (ISC_R_SUCCESS);
}
static isc_result_t
isc_region_t r;
unsigned int len;
else
if (r.length == 0)
return (ISC_R_SUCCESS);
return (DST_R_INVALIDPUBLICKEY);
return (ISC_R_NOMEMORY);
goto nomemory;
goto nomemory;
pk11_ecc_prime256v1, sizeof(pk11_ecc_prime256v1));
} else {
goto nomemory;
pk11_ecc_secp384r1, sizeof(pk11_ecc_secp384r1));
}
attr++;
goto nomemory;
return (ISC_R_SUCCESS);
case CKA_EC_PARAMS:
case CKA_EC_POINT:
FREECURVE();
break;
}
}
return (ISC_R_NOMEMORY);
}
static isc_result_t
unsigned int i = 0;
return (DST_R_NULLKEY);
}
return (ISC_R_NOMEMORY);
i++;
}
i++;
}
i++;
}
}
return (ret);
}
static isc_result_t
{
{
};
return (DST_R_NOENGINE);
return (ISC_R_NOMEMORY);
attr++;
if (ret != ISC_R_SUCCESS)
goto err;
sizeof(*pk11_ctx));
if (ret != ISC_R_SUCCESS)
goto err;
}
if (cnt == 0)
if (cnt > 1)
}
return (ISC_R_SUCCESS);
err:
}
return (ret);
}
static isc_result_t
unsigned int i;
/* read private key file */
if (ret != ISC_R_SUCCESS)
return (ret);
case TAG_ECDSA_ENGINE:
break;
case TAG_ECDSA_LABEL:
break;
default:
break;
}
}
/* Is this key is stored in a HSM? See if we can fetch it. */
if (ret != ISC_R_SUCCESS)
goto err;
return (ret);
}
attr++;
attr++;
return (ISC_R_SUCCESS);
err:
return (ret);
}
static isc_result_t
const char *pin)
{
{
};
unsigned int i;
return (ISC_R_NOMEMORY);
if (ret != ISC_R_SUCCESS)
goto err;
sizeof(*pk11_ctx));
if (ret != ISC_R_SUCCESS)
goto err;
}
if (cnt == 0)
if (cnt > 1)
for (i = 0; i <= 1; i++) {
}
if (cnt == 0)
if (cnt > 1)
}
return (ISC_R_SUCCESS);
err:
}
return (ret);
}
static dst_func_t pkcs11ecdsa_functions = {
NULL, /*%< createctx2 */
NULL, /*%< verify2 */
NULL, /*%< computesecret */
NULL, /*%< paramcompare */
NULL, /*%< cleanup */
NULL, /*%< dump */
NULL, /*%< restore */
};
return (ISC_R_SUCCESS);
}
#else /* PKCS11CRYPTO && HAVE_PKCS11_ECDSA */
#endif /* PKCS11CRYPTO && HAVE_PKCS11_ECDSA */
/*! \file */