static isc_result_t
pkcs11rsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
CK_RV rv;
pk11_context_t *pk11_ctx = dctx->ctxdata.pk11_ctx;
isc_result_t ret = ISC_R_SUCCESS;
if (dctx->use == DO_SIGN)
PK11_CALL(pkcs_C_SignUpdate,
(pk11_ctx->session,
(CK_BYTE_PTR) data->base,
(CK_ULONG) data->length),
ISC_R_FAILURE);
else
PK11_CALL(pkcs_C_VerifyUpdate,
(pk11_ctx->session,
(CK_BYTE_PTR) data->base,
(CK_ULONG) data->length),
ISC_R_FAILURE);
return (ret);
}
isc_result_t
isc_gost_init(isc_gost_t *ctx) {
CK_RV rv;
CK_MECHANISM mech = { CKM_GOSTR3411, NULL, 0 };
int ret = ISC_R_SUCCESS;
ret = pk11_get_session(ctx, OP_GOST, ISC_FALSE, ISC_FALSE, NULL, 0);
if (ret != ISC_R_SUCCESS)
return (ret);
PK11_CALL(pkcs_C_DigestInit, (ctx->session, &mech), ISC_R_FAILURE);
return (ret);
}
isc_result_t
isc_gost_final(isc_gost_t *ctx, unsigned char *digest) {
CK_RV rv;
CK_ULONG len = ISC_GOST_DIGESTLENGTH;
int ret = ISC_R_SUCCESS;
PK11_CALL(pkcs_C_DigestFinal,
(ctx->session, (CK_BYTE_PTR) digest, &len),
ISC_R_FAILURE);
pk11_return_session(ctx);
return (ret);
}
isc_result_t
isc_gost_update(isc_gost_t *ctx, const unsigned char *buf, unsigned int len) {
CK_RV rv;
CK_BYTE_PTR pPart;
int ret = ISC_R_SUCCESS;
DE_CONST(buf, pPart);
PK11_CALL(pkcs_C_DigestUpdate,
(ctx->session, pPart, (CK_ULONG) len),
ISC_R_FAILURE);
return (ret);
}
static isc_result_t
pkcs11rsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
CK_RV rv;
pk11_context_t *pk11_ctx = dctx->ctxdata.pk11_ctx;
isc_result_t ret = ISC_R_SUCCESS;
PK11_CALL(pkcs_C_VerifyFinal,
(pk11_ctx->session,
(CK_BYTE_PTR) sig->base,
(CK_ULONG) sig->length),
DST_R_VERIFYFAILURE);
return (ret);
}
static isc_result_t
pkcs11ecdsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
CK_RV rv;
pk11_context_t *pk11_ctx = dctx->ctxdata.pk11_ctx;
isc_result_t ret = ISC_R_SUCCESS;
REQUIRE(dctx->key->key_alg == DST_ALG_ECDSA256 ||
dctx->key->key_alg == DST_ALG_ECDSA384);
PK11_CALL(pkcs_C_DigestUpdate,
(pk11_ctx->session,
(CK_BYTE_PTR) data->base,
(CK_ULONG) data->length),
ISC_R_FAILURE);
return (ret);
}
static isc_result_t
pkcs11dh_loadpriv(const dst_key_t *key,
CK_SESSION_HANDLE session,
CK_OBJECT_HANDLE *hKey)
{
CK_RV rv;
CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY;
CK_KEY_TYPE keyType = CKK_DH;
CK_ATTRIBUTE keyTemplate[] =
{
{ CKA_CLASS, &keyClass, (CK_ULONG) sizeof(keyClass) },
{ CKA_KEY_TYPE, &keyType, (CK_ULONG) sizeof(keyType) },
{ CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
{ CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
{ CKA_SENSITIVE, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
{ CKA_DERIVE, &truevalue, (CK_ULONG) sizeof(truevalue) },
{ CKA_PRIME, NULL, 0 },
{ CKA_BASE, NULL, 0 },
{ CKA_VALUE, NULL, 0 }
};
CK_ATTRIBUTE *attr;
const pk11_object_t *priv;
isc_result_t ret;
unsigned int i;
priv = key->keydata.pkey;
if ((priv->object != CK_INVALID_HANDLE) && priv->ontoken) {
*hKey = priv->object;
return (ISC_R_SUCCESS);
}
attr = pk11_attribute_bytype(priv, CKA_PRIME);
if (attr == NULL)
return (DST_R_INVALIDPRIVATEKEY);
keyTemplate[6].pValue = isc_mem_get(key->mctx, attr->ulValueLen);
if (keyTemplate[6].pValue == NULL)
DST_RET(ISC_R_NOMEMORY);
memmove(keyTemplate[6].pValue, attr->pValue, attr->ulValueLen);
keyTemplate[6].ulValueLen = attr->ulValueLen;
attr = pk11_attribute_bytype(priv, CKA_BASE);
if (attr == NULL)
DST_RET(DST_R_INVALIDPRIVATEKEY);
keyTemplate[7].pValue = isc_mem_get(key->mctx, attr->ulValueLen);
if (keyTemplate[7].pValue == NULL)
DST_RET(ISC_R_NOMEMORY);
memmove(keyTemplate[7].pValue, attr->pValue, attr->ulValueLen);
keyTemplate[7].ulValueLen = attr->ulValueLen;
attr = pk11_attribute_bytype(priv, CKA_VALUE2);
if (attr == NULL)
DST_RET(DST_R_INVALIDPRIVATEKEY);
keyTemplate[8].pValue = isc_mem_get(key->mctx, attr->ulValueLen);
if (keyTemplate[8].pValue == NULL)
DST_RET(ISC_R_NOMEMORY);
memmove(keyTemplate[8].pValue, attr->pValue, attr->ulValueLen);
keyTemplate[8].ulValueLen = attr->ulValueLen;
PK11_CALL(pkcs_C_CreateObject,
(session, keyTemplate, (CK_ULONG) 9, hKey),
DST_R_COMPUTESECRETFAILURE);
if (rv == CKR_OK)
ret = ISC_R_SUCCESS;
err:
for (i = 6; i <= 8; i++)
if (keyTemplate[i].pValue != NULL) {
memset(keyTemplate[i].pValue, 0,
keyTemplate[i].ulValueLen);
isc_mem_put(key->mctx,
keyTemplate[i].pValue,
keyTemplate[i].ulValueLen);
}
return (ret);
}
