/*
* Copyright (C) 2017 Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <config.h>
#if defined(PKCS11CRYPTO) && \
defined(HAVE_PKCS11_ED25519) || defined(HAVE_PKCS11_ED448)
#include <dns/keyvalues.h>
#include "dst_internal.h"
#include "dst_parse.h"
#include "dst_pkcs11.h"
#include <pk11/internal.h>
#define WANT_ECC_CURVES
#include <pk11/constants.h>
/*
* FIPS 186-3 EDDSA keys:
* mechanisms:
* CKM_EDDSA,
* CKM_EDDSA_KEY_PAIR_GEN
* domain parameters:
* CKA_EC_PARAMS (choice with OID namedCurve)
* public keys:
* object class CKO_PUBLIC_KEY
* key type CKK_EDDSA
* attribute CKA_EC_PARAMS (choice with OID namedCurve)
* attribute CKA_EC_POINT (big int A, CKA_VALUE on the token)
* private keys:
* object class CKO_PRIVATE_KEY
* key type CKK_EDDSA
* attribute CKA_EC_PARAMS (choice with OID namedCurve)
* attribute CKA_VALUE (big int k)
*/
isc_buffer_t *data);
static isc_result_t
return (result);
}
static void
}
static isc_result_t
isc_region_t r;
unsigned int length;
if (result == ISC_R_SUCCESS)
return (ISC_R_SUCCESS);
if (result != ISC_R_SUCCESS)
return (result);
isc_buffer_usedregion(buf, &r);
(void) isc_buffer_copyregion(nbuf, &r);
return (ISC_R_SUCCESS);
}
static isc_result_t
{
{ CKA_EC_PARAMS, NULL, 0 },
};
isc_region_t t;
isc_region_t r;
unsigned int i;
else
sizeof(*pk11_ctx));
return (ISC_R_NOMEMORY);
else
if (ret != ISC_R_SUCCESS)
goto err;
goto token_key;
}
case CKA_EC_PARAMS:
attr->ulValueLen);
attr->ulValueLen);
break;
case CKA_VALUE:
attr->ulValueLen);
attr->ulValueLen);
break;
}
&hKey),
isc_buffer_usedregion(buf, &t);
err:
if (hKey != CK_INVALID_HANDLE)
for (i = 5; i <= 6; i++)
keyTemplate[i].ulValueLen);
keyTemplate[i].pValue,
keyTemplate[i].ulValueLen);
}
return (ret);
}
static isc_result_t
{
{ CKA_EC_PARAMS, NULL, 0 },
};
isc_region_t t;
unsigned int i;
sizeof(*pk11_ctx));
return (ISC_R_NOMEMORY);
else
if (ret != ISC_R_SUCCESS)
goto err;
case CKA_EC_PARAMS:
attr->ulValueLen);
attr->ulValueLen);
break;
case CKA_EC_POINT:
/* keyTemplate[6].type is CKA_VALUE */
attr->ulValueLen);
attr->ulValueLen);
break;
}
&hKey),
isc_buffer_usedregion(buf, &t);
err:
if (hKey != CK_INVALID_HANDLE)
for (i = 5; i <= 6; i++)
keyTemplate[i].ulValueLen);
keyTemplate[i].pValue,
keyTemplate[i].ulValueLen);
}
return (ret);
}
static isc_boolean_t
return (ISC_TRUE);
return (ISC_FALSE);
return (ISC_TRUE);
attr1->ulValueLen))
return (ISC_FALSE);
return (ISC_TRUE);
attr1->ulValueLen))
return (ISC_FALSE);
attr1->ulValueLen)))
return (ISC_FALSE);
return (ISC_TRUE);
return (ISC_FALSE);
return (ISC_TRUE);
}
#define SETCURVE() \
sizeof(pk11_ecc_ed25519)); \
pk11_ecc_ed25519, sizeof(pk11_ecc_ed25519)); \
} else { \
sizeof(pk11_ecc_ed448)); \
pk11_ecc_ed448, sizeof(pk11_ecc_ed448)); \
}
#define FREECURVE() \
}
static isc_result_t
{
{ CKA_EC_PARAMS, NULL, 0 }
};
{
};
sizeof(*pk11_ctx));
return (ISC_R_NOMEMORY);
if (ret != ISC_R_SUCCESS)
goto err;
SETCURVE();
FREECURVE();
SETCURVE();
attr++;
attr++;
else
return (ISC_R_SUCCESS);
err:
if (priv != CK_INVALID_HANDLE)
if (pub != CK_INVALID_HANDLE)
return (ret);
}
static isc_boolean_t
return (ISC_FALSE);
}
static void
return;
case CKA_LABEL:
case CKA_ID:
case CKA_EC_PARAMS:
case CKA_EC_POINT:
case CKA_VALUE:
FREECURVE();
break;
}
}
}
static isc_result_t
isc_region_t r;
unsigned int len;
else
return (ISC_R_FAILURE);
return (ISC_R_NOSPACE);
return (ISC_R_SUCCESS);
}
static isc_result_t
isc_region_t r;
unsigned int len;
else
if (r.length == 0)
return (ISC_R_SUCCESS);
return (DST_R_INVALIDPUBLICKEY);
return (ISC_R_NOMEMORY);
goto nomemory;
goto nomemory;
pk11_ecc_ed25519, sizeof(pk11_ecc_ed25519));
} else {
goto nomemory;
pk11_ecc_ed448, sizeof(pk11_ecc_ed448));
}
attr++;
goto nomemory;
return (ISC_R_SUCCESS);
case CKA_EC_PARAMS:
case CKA_EC_POINT:
FREECURVE();
break;
}
}
return (ISC_R_NOMEMORY);
}
static isc_result_t
unsigned int i = 0;
return (DST_R_NULLKEY);
}
return (ISC_R_NOMEMORY);
i++;
}
i++;
}
i++;
}
}
return (ret);
}
static isc_result_t
{
{
};
return (DST_R_NOENGINE);
return (ISC_R_NOMEMORY);
attr++;
if (ret != ISC_R_SUCCESS)
goto err;
sizeof(*pk11_ctx));
if (ret != ISC_R_SUCCESS)
goto err;
}
if (cnt == 0)
if (cnt > 1)
}
return (ISC_R_SUCCESS);
err:
}
return (ret);
}
static isc_result_t
unsigned int i;
/* read private key file */
if (ret != ISC_R_SUCCESS)
return (ret);
return (ISC_R_SUCCESS);
}
case TAG_EDDSA_ENGINE:
break;
case TAG_EDDSA_LABEL:
break;
default:
break;
}
}
/* Is this key is stored in a HSM? See if we can fetch it. */
if (ret != ISC_R_SUCCESS)
goto err;
return (ret);
}
attr++;
attr++;
else
return (ISC_R_SUCCESS);
err:
return (ret);
}
static isc_result_t
const char *pin)
{
{
};
unsigned int i;
return (ISC_R_NOMEMORY);
if (ret != ISC_R_SUCCESS)
goto err;
sizeof(*pk11_ctx));
if (ret != ISC_R_SUCCESS)
goto err;
}
if (cnt == 0)
if (cnt > 1)
for (i = 0; i <= 1; i++) {
}
if (cnt == 0)
if (cnt > 1)
}
else
return (ISC_R_SUCCESS);
err:
}
return (ret);
}
NULL, /*%< createctx2 */
NULL, /*%< verify2 */
NULL, /*%< computesecret */
NULL, /*%< paramcompare */
NULL, /*%< cleanup */
NULL, /*%< dump */
NULL, /*%< restore */
};
return (ISC_R_SUCCESS);
}
#else /* PKCS11CRYPTO && HAVE_PKCS11_EDxxx */
#endif /* PKCS11CRYPTO && HAVE_PKCS11_EDxxx */
/*! \file */