Refactor the code using the pk11 ECC constants.

The pk11/constants.h header contained static CK_BYTE arrays and
we had to use #defines to pull only those we need.  This commit
changes the constants to only define byte arrays with the content
and either use them directly or define the CK_BYTE arrays locally
where used.

bin/pkcs11/pkcs11-keygen.c

@@ -67,8 +67,6 @@
 #include <isc/types.h>
 #include <isc/util.h>
 
-#define WANT_ECC_CURVES
-#define WANT_ECX_CURVES
 #include <pk11/constants.h>
 #include <pk11/pk11.h>
 #include <pk11/result.h>
@@ -77,6 +75,12 @@
 static CK_BBOOL truevalue = TRUE;
 static CK_BBOOL falsevalue = FALSE;
 
+/* Static arrays of data used for key template initialization */
+static CK_BYTE pk11_ecc_prime256v1[] = PK11_ECC_PRIME256V1;
+static CK_BYTE pk11_ecc_secp384r1[] = PK11_ECC_SECP384R1;
+static CK_BYTE pk11_ecx_ed25519[] = PK11_ECX_ED25519;
+static CK_BYTE pk11_ecx_ed448[] = PK11_ECX_ED448;
+
 /* Key class: RSA, ECC, ECX, or unknown */
 typedef enum { key_unknown, key_rsa, key_ecc, key_ecx } key_class_t;
 

lib/dns/pkcs11ecdsa_link.c

@@ -20,7 +20,6 @@
 #include <isc/string.h>
 #include <isc/util.h>
 
-#define WANT_ECC_CURVES
 #include <pk11/constants.h>
 #include <pk11/internal.h>
 #include <pk11/pk11.h>
@@ -422,18 +421,17 @@ pkcs11ecdsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
 #define SETCURVE()                                                       \
 	if (key->key_alg == DST_ALG_ECDSA256) {                          \
 		attr->pValue = isc_mem_get(key->mctx,                    \
-					   sizeof(pk11_ecc_prime256v1)); \
-                                                                         \
-		memmove(attr->pValue, pk11_ecc_prime256v1,               \
-			sizeof(pk11_ecc_prime256v1));                    \
-		attr->ulValueLen = sizeof(pk11_ecc_prime256v1);          \
+					   sizeof(PK11_ECC_PRIME256V1)); \
+		memmove(attr->pValue, PK11_ECC_PRIME256V1,               \
+			sizeof(PK11_ECC_PRIME256V1));                    \
+		attr->ulValueLen = sizeof(PK11_ECC_PRIME256V1);          \
 	} else {                                                         \
 		attr->pValue = isc_mem_get(key->mctx,                    \
-					   sizeof(pk11_ecc_secp384r1));  \
+					   sizeof(PK11_ECC_SECP384R1));  \
                                                                          \
-		memmove(attr->pValue, pk11_ecc_secp384r1,                \
-			sizeof(pk11_ecc_secp384r1));                     \
-		attr->ulValueLen = sizeof(pk11_ecc_secp384r1);           \
+		memmove(attr->pValue, PK11_ECC_SECP384R1,                \
+			sizeof(PK11_ECC_SECP384R1));                     \
+		attr->ulValueLen = sizeof(PK11_ECC_SECP384R1);           \
 	}
 
 #define FREECURVE()                                                     \
@@ -668,18 +666,18 @@ pkcs11ecdsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
 	attr->type = CKA_EC_PARAMS;
 	if (key->key_alg == DST_ALG_ECDSA256) {
 		attr->pValue = isc_mem_get(key->mctx,
-					   sizeof(pk11_ecc_prime256v1));
-		memmove(attr->pValue, pk11_ecc_prime256v1,
-			sizeof(pk11_ecc_prime256v1));
-		attr->ulValueLen = sizeof(pk11_ecc_prime256v1);
+					   sizeof(PK11_ECC_PRIME256V1));
+		memmove(attr->pValue, PK11_ECC_PRIME256V1,
+			sizeof(PK11_ECC_PRIME256V1));
+		attr->ulValueLen = sizeof(PK11_ECC_PRIME256V1);
 	} else {
 		attr->pValue = isc_mem_get(key->mctx,
-					   sizeof(pk11_ecc_secp384r1));
-		memmove(attr->pValue, pk11_ecc_secp384r1,
-			sizeof(pk11_ecc_secp384r1));
-		attr->ulValueLen = sizeof(pk11_ecc_secp384r1);
-	}
+					   sizeof(PK11_ECC_SECP384R1));
 
+		memmove(attr->pValue, PK11_ECC_SECP384R1,
+			sizeof(PK11_ECC_SECP384R1));
+		attr->ulValueLen = sizeof(PK11_ECC_SECP384R1);
+	}
 	attr++;
 	attr->type = CKA_EC_POINT;
 	attr->pValue = isc_mem_get(key->mctx, len + 3);

lib/dns/pkcs11eddsa_link.c

@@ -20,7 +20,6 @@
 #include <isc/string.h>
 #include <isc/util.h>
 
-#define WANT_ECX_CURVES
 #include <pk11/constants.h>
 #include <pk11/internal.h>
 #include <pk11/pk11.h>
@@ -399,16 +398,14 @@ pkcs11eddsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
 #define SETCURVE()                                                             \
 	if (key->key_alg == DST_ALG_ED25519) {                                 \
 		attr->pValue = isc_mem_get(key->mctx,                          \
-					   sizeof(pk11_ecx_ed25519));          \
-                                                                               \
-		memmove(attr->pValue, pk11_ecx_ed25519,                        \
-			sizeof(pk11_ecx_ed25519));                             \
-		attr->ulValueLen = sizeof(pk11_ecx_ed25519);                   \
+					   sizeof(PK11_ECX_ED25519));          \
+		memmove(attr->pValue, PK11_ECX_ED25519,                        \
+			sizeof(PK11_ECX_ED25519));                             \
+		attr->ulValueLen = sizeof(PK11_ECX_ED25519);                   \
 	} else {                                                               \
-		attr->pValue = isc_mem_get(key->mctx, sizeof(pk11_ecx_ed448)); \
-                                                                               \
-		memmove(attr->pValue, pk11_ecx_ed448, sizeof(pk11_ecx_ed448)); \
-		attr->ulValueLen = sizeof(pk11_ecx_ed448);                     \
+		attr->pValue = isc_mem_get(key->mctx, sizeof(PK11_ECX_ED448)); \
+		memmove(attr->pValue, PK11_ECX_ED448, sizeof(PK11_ECX_ED448)); \
+		attr->ulValueLen = sizeof(PK11_ECX_ED448);                     \
 	}
 
 #define FREECURVE()                                                     \
@@ -639,16 +636,15 @@ pkcs11eddsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
 	attr = ec->repr;
 	attr->type = CKA_EC_PARAMS;
 	if (key->key_alg == DST_ALG_ED25519) {
-		attr->pValue = isc_mem_get(key->mctx, sizeof(pk11_ecx_ed25519));
-		memmove(attr->pValue, pk11_ecx_ed25519,
-			sizeof(pk11_ecx_ed25519));
-		attr->ulValueLen = sizeof(pk11_ecx_ed25519);
+		attr->pValue = isc_mem_get(key->mctx, sizeof(PK11_ECX_ED25519));
+		memmove(attr->pValue, PK11_ECX_ED25519,
+			sizeof(PK11_ECX_ED25519));
+		attr->ulValueLen = sizeof(PK11_ECX_ED25519);
 	} else {
-		attr->pValue = isc_mem_get(key->mctx, sizeof(pk11_ecx_ed448));
-		memmove(attr->pValue, pk11_ecx_ed448, sizeof(pk11_ecx_ed448));
-		attr->ulValueLen = sizeof(pk11_ecx_ed448);
+		attr->pValue = isc_mem_get(key->mctx, sizeof(PK11_ECX_ED448));
+		memmove(attr->pValue, PK11_ECX_ED448, sizeof(PK11_ECX_ED448));
+		attr->ulValueLen = sizeof(PK11_ECX_ED448);
 	}
-
 	attr++;
 	attr->type = CKA_EC_POINT;
 	attr->pValue = isc_mem_get(key->mctx, len);

lib/isc/include/pk11/constants.h

@@ -9,27 +9,27 @@
  * information regarding copyright ownership.
  */
 
-#ifndef PK11_CONSTANTS_H
-#define PK11_CONSTANTS_H 1
+#pragma once
 
-#include <pk11/pk11.h>
+#include <inttypes.h>
 
 /*! \file pk11/constants.h */
 
 /*%
  * Static arrays of data used for key template initialization
  */
-#ifdef WANT_ECC_CURVES
-static CK_BYTE pk11_ecc_prime256v1[] = { 0x06, 0x08, 0x2a, 0x86, 0x48,
-					 0xce, 0x3d, 0x03, 0x01, 0x07 };
-static CK_BYTE pk11_ecc_secp384r1[] = {
-	0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22
-};
-#endif /* WANT_ECC_CURVES */
-
-#ifdef WANT_ECX_CURVES
-static CK_BYTE pk11_ecx_ed25519[] = { 0x06, 0x03, 0x2b, 0x65, 0x70 };
-static CK_BYTE pk11_ecx_ed448[] = { 0x06, 0x03, 0x2b, 0x65, 0x71 };
-#endif /* WANT_ECX_CURVES */
-
-#endif /* PK11_CONSTANTS_H */
+#define PK11_ECC_PRIME256V1                                                \
+	(uint8_t[]) {                                                      \
+		0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 \
+	}
+#define PK11_ECC_SECP384R1 \
+	(uint8_t[]) { 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22 }
+#define PK11_ECX_ED25519                                                     \
+	(uint8_t[]) {                                                        \
+		0x13, 0xc, 'e', 'd', 'w', 'a', 'r', 'd', 's', '2', '5', '5', \
+			'1', '9'                                             \
+	}
+#define PK11_ECX_ED448                                                      \
+	(uint8_t[]) {                                                       \
+		0x13, 0xa, 'e', 'd', 'w', 'a', 'r', 'd', 's', '4', '4', '8' \
+	}