Update to PKCS#11 v3.0 EdDSA macros.

(cherry picked from commit 3e685fe01a)

lib/dns/pkcs11eddsa_link.c

@@ -24,7 +24,6 @@
 #include <pk11/constants.h>
 #include <pk11/internal.h>
 #include <pk11/pk11.h>
-#include <pkcs11/eddsa.h>
 #include <pkcs11/pkcs11.h>
 
 #include <dns/keyvalues.h>
@@ -39,17 +38,17 @@
  * FIPS 186-3 EDDSA keys:
  *  mechanisms:
  *    CKM_EDDSA,
- *    CKM_EDDSA_KEY_PAIR_GEN
+ *    CKM_EC_EDWARDS_KEY_PAIR_GEN
  *  domain parameters:
  *    CKA_EC_PARAMS (choice with OID namedCurve)
  *  public keys:
  *    object class CKO_PUBLIC_KEY
- *    key type CKK_EDDSA
+ *    key type CKK_EC_EDWARDS
  *    attribute CKA_EC_PARAMS (choice with OID namedCurve)
  *    attribute CKA_EC_POINT (big int A, CKA_VALUE on the token)
  *  private keys:
  *    object class CKO_PRIVATE_KEY
- *    key type CKK_EDDSA
+ *    key type CKK_EC_EDWARDS
  *    attribute CKA_EC_PARAMS (choice with OID namedCurve)
  *    attribute CKA_VALUE (big int k)
  */
@@ -114,7 +113,7 @@ pkcs11eddsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
 	CK_MECHANISM mech = { CKM_EDDSA, NULL, 0 };
 	CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
 	CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY;
-	CK_KEY_TYPE keyType = CKK_EDDSA;
+	CK_KEY_TYPE keyType = CKK_EC_EDWARDS;
 	CK_ATTRIBUTE keyTemplate[] = {
 		{ CKA_CLASS, &keyClass, (CK_ULONG)sizeof(keyClass) },
 		{ CKA_KEY_TYPE, &keyType, (CK_ULONG)sizeof(keyType) },
@@ -242,7 +241,7 @@ pkcs11eddsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
 	CK_MECHANISM mech = { CKM_EDDSA, NULL, 0 };
 	CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
 	CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY;
-	CK_KEY_TYPE keyType = CKK_EDDSA;
+	CK_KEY_TYPE keyType = CKK_EC_EDWARDS;
 	CK_ATTRIBUTE keyTemplate[] = {
 		{ CKA_CLASS, &keyClass, (CK_ULONG)sizeof(keyClass) },
 		{ CKA_KEY_TYPE, &keyType, (CK_ULONG)sizeof(keyType) },
@@ -422,10 +421,10 @@ pkcs11eddsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
 static isc_result_t
 pkcs11eddsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
 	CK_RV rv;
-	CK_MECHANISM mech = { CKM_EDDSA_KEY_PAIR_GEN, NULL, 0 };
+	CK_MECHANISM mech = { CKM_EC_EDWARDS_KEY_PAIR_GEN, NULL, 0 };
 	CK_OBJECT_HANDLE pub = CK_INVALID_HANDLE;
 	CK_OBJECT_CLASS pubClass = CKO_PUBLIC_KEY;
-	CK_KEY_TYPE keyType = CKK_EDDSA;
+	CK_KEY_TYPE keyType = CKK_EC_EDWARDS;
 	CK_ATTRIBUTE pubTemplate[] = {
 		{ CKA_CLASS, &pubClass, (CK_ULONG)sizeof(pubClass) },
 		{ CKA_KEY_TYPE, &keyType, (CK_ULONG)sizeof(keyType) },
@@ -721,7 +720,7 @@ pkcs11eddsa_fetch(dst_key_t *key, const char *engine, const char *label,
 		  dst_key_t *pub) {
 	CK_RV rv;
 	CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY;
-	CK_KEY_TYPE keyType = CKK_EDDSA;
+	CK_KEY_TYPE keyType = CKK_EC_EDWARDS;
 	CK_ATTRIBUTE searchTemplate[] = {
 		{ CKA_CLASS, &keyClass, (CK_ULONG)sizeof(keyClass) },
 		{ CKA_KEY_TYPE, &keyType, (CK_ULONG)sizeof(keyType) },
@@ -933,7 +932,7 @@ pkcs11eddsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
 	CK_RV rv;
 	CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
 	CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY;
-	CK_KEY_TYPE keyType = CKK_EDDSA;
+	CK_KEY_TYPE keyType = CKK_EC_EDWARDS;
 	CK_ATTRIBUTE searchTemplate[] = {
 		{ CKA_CLASS, &keyClass, (CK_ULONG)sizeof(keyClass) },
 		{ CKA_KEY_TYPE, &keyType, (CK_ULONG)sizeof(keyType) },

lib/isc/include/pkcs11/Makefile.in

@@ -18,7 +18,7 @@ VERSION=@BIND9_VERSION@
 # machine generated.  The latter are handled specially in the
 # install target below.
 #
-HEADERS =	pkcs11.h eddsa.h
+HEADERS =	pkcs11.h
 SUBDIRS =
 TARGETS =
 

lib/isc/include/pkcs11/eddsa.h

@@ -1,33 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-#ifndef _EDDSA_H_
-#define _EDDSA_H_ 1
-
-#ifndef CKK_EDDSA
-#ifdef PK11_SOFTHSMV2_FLAVOR
-#define CKK_EDDSA 0x00008003UL
-#endif /* ifdef PK11_SOFTHSMV2_FLAVOR */
-#endif /* ifndef CKK_EDDSA */
-
-#ifndef CKM_EDDSA_KEY_PAIR_GEN
-#ifdef PK11_SOFTHSMV2_FLAVOR
-#define CKM_EDDSA_KEY_PAIR_GEN 0x00009040UL
-#endif /* ifdef PK11_SOFTHSMV2_FLAVOR */
-#endif /* ifndef CKM_EDDSA_KEY_PAIR_GEN */
-
-#ifndef CKM_EDDSA
-#ifdef PK11_SOFTHSMV2_FLAVOR
-#define CKM_EDDSA 0x00009041UL
-#endif /* ifdef PK11_SOFTHSMV2_FLAVOR */
-#endif /* ifndef CKM_EDDSA */
-
-#endif /* _EDDSA_H_ */

lib/isc/pk11.c

@@ -31,7 +31,6 @@
 #include <pk11/pk11.h>
 #include <pk11/result.h>
 #include <pk11/site.h>
-#include <pkcs11/eddsa.h>
 #include <pkcs11/pkcs11.h>
 
 #include <dst/result.h>
@@ -603,16 +602,14 @@ scan_slots(void) {
 			}
 		}
 
-#if defined(CKM_EDDSA_KEY_PAIR_GEN) && defined(CKM_EDDSA) && defined(CKK_EDDSA)
 		/* Check for EDDSA support */
-		/* XXXOND: This was already broken */
 		bad = false;
-		rv = pkcs_C_GetMechanismInfo(slot, CKM_EDDSA_KEY_PAIR_GEN,
+		rv = pkcs_C_GetMechanismInfo(slot, CKM_EC_EDWARDS_KEY_PAIR_GEN,
 					     &mechInfo);
 		if ((rv != CKR_OK) ||
 		    ((mechInfo.flags & CKF_GENERATE_KEY_PAIR) == 0)) {
 			bad = true;
-			PK11_TRACEM(CKM_EDDSA_KEY_PAIR_GEN);
+			PK11_TRACEM(CKM_EC_EDWARDS_KEY_PAIR_GEN);
 		}
 		rv = pkcs_C_GetMechanismInfo(slot, CKM_EDDSA, &mechInfo);
 		if ((rv != CKR_OK) || ((mechInfo.flags & CKF_SIGN) == 0) ||
@@ -627,8 +624,6 @@ scan_slots(void) {
 				best_eddsa_token = token;
 			}
 		}
-#endif /* if defined(CKM_EDDSA_KEY_PAIR_GEN) && defined(CKM_EDDSA) && \
-	* defined(CKK_EDDSA) */
 	}
 
 	if (slotList != NULL) {