Update to PKCS#11 v3.0 EdDSA macros.

2025-08-29 13:38:26 +00:00 · 2020-03-29 21:41:00 +00:00 · 2020-03-29 21:41:00 +00:00 · 3e685fe01a
commit 3e685fe01a
parent 2ef379d911
6 changed files with 13 additions and 59 deletions
--- a/bin/pkcs11/pkcs11-keygen.c
+++ b/bin/pkcs11/pkcs11-keygen.c
@ -72,7 +72,6 @@
 #include <pk11/constants.h>
 #include <pk11/pk11.h>
 #include <pk11/result.h>
 #include <pkcs11/eddsa.h>
 /* Define static key template values */
 static CK_BBOOL truevalue = TRUE;
@ -331,10 +330,6 @@ main(int argc, char *argv[]) {
 		break;
 	case key_ecx:
 #ifndef CKM_EDDSA_KEY_PAIR_GEN
 		fprintf(stderr, "CKM_EDDSA_KEY_PAIR_GEN is not defined\n");
 		usage();
 #else /* ifndef CKM_EDDSA_KEY_PAIR_GEN */
 		op_type = OP_EDDSA;
 		if (bits == 0) {
 			bits = 256;
@ -344,7 +339,7 @@ main(int argc, char *argv[]) {
 			exit(2);
 		}
-		mech.mechanism = CKM_EDDSA_KEY_PAIR_GEN;
+		mech.mechanism = CKM_EC_EDWARDS_KEY_PAIR_GEN;
 		mech.pParameter = NULL;
 		mech.ulParameterLen = 0;
@ -361,7 +356,6 @@ main(int argc, char *argv[]) {
 			public_template[4].ulValueLen = sizeof(pk11_ecx_ed448);
 		}
 #endif /* ifndef CKM_EDDSA_KEY_PAIR_GEN */
 		break;
 	case key_unknown:
 		usage();
--- a/lib/dns/pkcs11eddsa_link.c
+++ b/lib/dns/pkcs11eddsa_link.c
@ -24,7 +24,6 @@
 #include <pk11/constants.h>
 #include <pk11/internal.h>
 #include <pk11/pk11.h>
 #include <pkcs11/eddsa.h>
 #include <pkcs11/pkcs11.h>
 #include <dns/keyvalues.h>
@ -39,17 +38,17 @@
 * FIPS 186-3 EDDSA keys:
 *  mechanisms:
 *    CKM_EDDSA,
- *    CKM_EDDSA_KEY_PAIR_GEN
+ *    CKM_EC_EDWARDS_KEY_PAIR_GEN
 *  domain parameters:
 *    CKA_EC_PARAMS (choice with OID namedCurve)
 *  public keys:
 *    object class CKO_PUBLIC_KEY
- *    key type CKK_EDDSA
+ *    key type CKK_EC_EDWARDS
 *    attribute CKA_EC_PARAMS (choice with OID namedCurve)
 *    attribute CKA_EC_POINT (big int A, CKA_VALUE on the token)
 *  private keys:
 *    object class CKO_PRIVATE_KEY
- *    key type CKK_EDDSA
+ *    key type CKK_EC_EDWARDS
 *    attribute CKA_EC_PARAMS (choice with OID namedCurve)
 *    attribute CKA_VALUE (big int k)
 */
@ -114,7 +113,7 @@ pkcs11eddsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
 	CK_MECHANISM mech = { CKM_EDDSA, NULL, 0 };
 	CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
 	CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY;
-	CK_KEY_TYPE keyType = CKK_EDDSA;
+	CK_KEY_TYPE keyType = CKK_EC_EDWARDS;
 	CK_ATTRIBUTE keyTemplate[] = {
 		{ CKA_CLASS, &keyClass, (CK_ULONG)sizeof(keyClass) },
 		{ CKA_KEY_TYPE, &keyType, (CK_ULONG)sizeof(keyType) },
@ -242,7 +241,7 @@ pkcs11eddsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
 	CK_MECHANISM mech = { CKM_EDDSA, NULL, 0 };
 	CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
 	CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY;
-	CK_KEY_TYPE keyType = CKK_EDDSA;
+	CK_KEY_TYPE keyType = CKK_EC_EDWARDS;
 	CK_ATTRIBUTE keyTemplate[] = {
 		{ CKA_CLASS, &keyClass, (CK_ULONG)sizeof(keyClass) },
 		{ CKA_KEY_TYPE, &keyType, (CK_ULONG)sizeof(keyType) },
@ -422,10 +421,10 @@ pkcs11eddsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
 static isc_result_t
 pkcs11eddsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
 	CK_RV rv;
-	CK_MECHANISM mech = { CKM_EDDSA_KEY_PAIR_GEN, NULL, 0 };
+	CK_MECHANISM mech = { CKM_EC_EDWARDS_KEY_PAIR_GEN, NULL, 0 };
 	CK_OBJECT_HANDLE pub = CK_INVALID_HANDLE;
 	CK_OBJECT_CLASS pubClass = CKO_PUBLIC_KEY;
-	CK_KEY_TYPE keyType = CKK_EDDSA;
+	CK_KEY_TYPE keyType = CKK_EC_EDWARDS;
 	CK_ATTRIBUTE pubTemplate[] = {
 		{ CKA_CLASS, &pubClass, (CK_ULONG)sizeof(pubClass) },
 		{ CKA_KEY_TYPE, &keyType, (CK_ULONG)sizeof(keyType) },
@ -721,7 +720,7 @@ pkcs11eddsa_fetch(dst_key_t *key, const char *engine, const char *label,
 		  dst_key_t *pub) {
 	CK_RV rv;
 	CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY;
-	CK_KEY_TYPE keyType = CKK_EDDSA;
+	CK_KEY_TYPE keyType = CKK_EC_EDWARDS;
 	CK_ATTRIBUTE searchTemplate[] = {
 		{ CKA_CLASS, &keyClass, (CK_ULONG)sizeof(keyClass) },
 		{ CKA_KEY_TYPE, &keyType, (CK_ULONG)sizeof(keyType) },
@ -933,7 +932,7 @@ pkcs11eddsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
 	CK_RV rv;
 	CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
 	CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY;
-	CK_KEY_TYPE keyType = CKK_EDDSA;
+	CK_KEY_TYPE keyType = CKK_EC_EDWARDS;
 	CK_ATTRIBUTE searchTemplate[] = {
 		{ CKA_CLASS, &keyClass, (CK_ULONG)sizeof(keyClass) },
 		{ CKA_KEY_TYPE, &keyType, (CK_ULONG)sizeof(keyType) },
--- a/lib/isc/include/pkcs11/Makefile.in
+++ b/lib/isc/include/pkcs11/Makefile.in
@ -18,7 +18,7 @@ VERSION=@BIND9_VERSION@
 # machine generated.  The latter are handled specially in the
 # install target below.
 #
-HEADERS =	pkcs11.h eddsa.h
+HEADERS =	pkcs11.h
 SUBDIRS =
 TARGETS =
--- a/lib/isc/include/pkcs11/eddsa.h
+++ b/lib/isc/include/pkcs11/eddsa.h
@ -1,33 +0,0 @@
 /*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */
 #ifndef _EDDSA_H_
 #define _EDDSA_H_ 1
 #ifndef CKK_EDDSA
 #ifdef PK11_SOFTHSMV2_FLAVOR
 #define CKK_EDDSA 0x00008003UL
 #endif /* ifdef PK11_SOFTHSMV2_FLAVOR */
 #endif /* ifndef CKK_EDDSA */
 #ifndef CKM_EDDSA_KEY_PAIR_GEN
 #ifdef PK11_SOFTHSMV2_FLAVOR
 #define CKM_EDDSA_KEY_PAIR_GEN 0x00009040UL
 #endif /* ifdef PK11_SOFTHSMV2_FLAVOR */
 #endif /* ifndef CKM_EDDSA_KEY_PAIR_GEN */
 #ifndef CKM_EDDSA
 #ifdef PK11_SOFTHSMV2_FLAVOR
 #define CKM_EDDSA 0x00009041UL
 #endif /* ifdef PK11_SOFTHSMV2_FLAVOR */
 #endif /* ifndef CKM_EDDSA */
 #endif /* _EDDSA_H_ */
--- a/lib/isc/pk11.c
+++ b/lib/isc/pk11.c
@ -31,7 +31,6 @@
 #include <pk11/pk11.h>
 #include <pk11/result.h>
 #include <pk11/site.h>
 #include <pkcs11/eddsa.h>
 #include <pkcs11/pkcs11.h>
 /* was 32 octets, Petr Spacek suggested 1024, SoftHSMv2 uses 256... */
@ -601,16 +600,14 @@ scan_slots(void) {
 			}
 		}
 #if defined(CKM_EDDSA_KEY_PAIR_GEN) && defined(CKM_EDDSA) && defined(CKK_EDDSA)
 		/* Check for EDDSA support */
 		/* XXXOND: This was already broken */
 		bad = false;
-		rv = pkcs_C_GetMechanismInfo(slot, CKM_EDDSA_KEY_PAIR_GEN,
+		rv = pkcs_C_GetMechanismInfo(slot, CKM_EC_EDWARDS_KEY_PAIR_GEN,
 					     &mechInfo);
 		if ((rv != CKR_OK) ||
 		    ((mechInfo.flags & CKF_GENERATE_KEY_PAIR) == 0)) {
 			bad = true;
-			PK11_TRACEM(CKM_EDDSA_KEY_PAIR_GEN);
+			PK11_TRACEM(CKM_EC_EDWARDS_KEY_PAIR_GEN);
 		}
 		rv = pkcs_C_GetMechanismInfo(slot, CKM_EDDSA, &mechInfo);
 		if ((rv != CKR_OK) || ((mechInfo.flags & CKF_SIGN) == 0) ||
@ -625,8 +622,6 @@ scan_slots(void) {
 				best_eddsa_token = token;
 			}
 		}
 #endif /* if defined(CKM_EDDSA_KEY_PAIR_GEN) && defined(CKM_EDDSA) && \
 	* defined(CKK_EDDSA) */
 	}
 	if (slotList != NULL) {
--- a/util/copyrights
+++ b/util/copyrights
@ -2242,7 +2242,6 @@
 ./lib/isc/include/pk11/pk11.h			C	2014,2016,2018,2019,2020
 ./lib/isc/include/pk11/result.h			C	2014,2016,2018,2019,2020
 ./lib/isc/include/pk11/site.h			C	2016,2017,2018,2019,2020
 ./lib/isc/include/pkcs11/eddsa.h		C	2017,2018,2019,2020
 ./lib/isc/include/pkcs11/pkcs11.h		X	2019,2020
 ./lib/isc/iterated_hash.c			C	2006,2008,2009,2016,2018,2019,2020
 ./lib/isc/lex.c					C	1998,1999,2000,2001,2002,2003,2004,2005,2007,2013,2014,2015,2016,2017,2018,2019,2020