diff --git a/bin/pkcs11/pkcs11-keygen.c b/bin/pkcs11/pkcs11-keygen.c index ae2c92c16d..ba004e1594 100644 --- a/bin/pkcs11/pkcs11-keygen.c +++ b/bin/pkcs11/pkcs11-keygen.c @@ -67,8 +67,6 @@ #include #include -#define WANT_ECC_CURVES -#define WANT_ECX_CURVES #include #include #include @@ -77,6 +75,12 @@ static CK_BBOOL truevalue = TRUE; static CK_BBOOL falsevalue = FALSE; +/* Static arrays of data used for key template initialization */ +static CK_BYTE pk11_ecc_prime256v1[] = PK11_ECC_PRIME256V1; +static CK_BYTE pk11_ecc_secp384r1[] = PK11_ECC_SECP384R1; +static CK_BYTE pk11_ecx_ed25519[] = PK11_ECX_ED25519; +static CK_BYTE pk11_ecx_ed448[] = PK11_ECX_ED448; + /* Key class: RSA, ECC, ECX, or unknown */ typedef enum { key_unknown, key_rsa, key_ecc, key_ecx } key_class_t; diff --git a/lib/dns/pkcs11ecdsa_link.c b/lib/dns/pkcs11ecdsa_link.c index ba833e3cfb..8e28a022d9 100644 --- a/lib/dns/pkcs11ecdsa_link.c +++ b/lib/dns/pkcs11ecdsa_link.c @@ -20,7 +20,6 @@ #include #include -#define WANT_ECC_CURVES #include #include #include @@ -422,18 +421,17 @@ pkcs11ecdsa_compare(const dst_key_t *key1, const dst_key_t *key2) { #define SETCURVE() \ if (key->key_alg == DST_ALG_ECDSA256) { \ attr->pValue = isc_mem_get(key->mctx, \ - sizeof(pk11_ecc_prime256v1)); \ - \ - memmove(attr->pValue, pk11_ecc_prime256v1, \ - sizeof(pk11_ecc_prime256v1)); \ - attr->ulValueLen = sizeof(pk11_ecc_prime256v1); \ + sizeof(PK11_ECC_PRIME256V1)); \ + memmove(attr->pValue, PK11_ECC_PRIME256V1, \ + sizeof(PK11_ECC_PRIME256V1)); \ + attr->ulValueLen = sizeof(PK11_ECC_PRIME256V1); \ } else { \ attr->pValue = isc_mem_get(key->mctx, \ - sizeof(pk11_ecc_secp384r1)); \ + sizeof(PK11_ECC_SECP384R1)); \ \ - memmove(attr->pValue, pk11_ecc_secp384r1, \ - sizeof(pk11_ecc_secp384r1)); \ - attr->ulValueLen = sizeof(pk11_ecc_secp384r1); \ + memmove(attr->pValue, PK11_ECC_SECP384R1, \ + sizeof(PK11_ECC_SECP384R1)); \ + attr->ulValueLen = sizeof(PK11_ECC_SECP384R1); \ } #define FREECURVE() \ @@ -668,18 +666,18 @@ pkcs11ecdsa_fromdns(dst_key_t *key, isc_buffer_t *data) { attr->type = CKA_EC_PARAMS; if (key->key_alg == DST_ALG_ECDSA256) { attr->pValue = isc_mem_get(key->mctx, - sizeof(pk11_ecc_prime256v1)); - memmove(attr->pValue, pk11_ecc_prime256v1, - sizeof(pk11_ecc_prime256v1)); - attr->ulValueLen = sizeof(pk11_ecc_prime256v1); + sizeof(PK11_ECC_PRIME256V1)); + memmove(attr->pValue, PK11_ECC_PRIME256V1, + sizeof(PK11_ECC_PRIME256V1)); + attr->ulValueLen = sizeof(PK11_ECC_PRIME256V1); } else { attr->pValue = isc_mem_get(key->mctx, - sizeof(pk11_ecc_secp384r1)); - memmove(attr->pValue, pk11_ecc_secp384r1, - sizeof(pk11_ecc_secp384r1)); - attr->ulValueLen = sizeof(pk11_ecc_secp384r1); - } + sizeof(PK11_ECC_SECP384R1)); + memmove(attr->pValue, PK11_ECC_SECP384R1, + sizeof(PK11_ECC_SECP384R1)); + attr->ulValueLen = sizeof(PK11_ECC_SECP384R1); + } attr++; attr->type = CKA_EC_POINT; attr->pValue = isc_mem_get(key->mctx, len + 3); diff --git a/lib/dns/pkcs11eddsa_link.c b/lib/dns/pkcs11eddsa_link.c index efd0d3b00c..4d3397ce74 100644 --- a/lib/dns/pkcs11eddsa_link.c +++ b/lib/dns/pkcs11eddsa_link.c @@ -20,7 +20,6 @@ #include #include -#define WANT_ECX_CURVES #include #include #include @@ -399,16 +398,14 @@ pkcs11eddsa_compare(const dst_key_t *key1, const dst_key_t *key2) { #define SETCURVE() \ if (key->key_alg == DST_ALG_ED25519) { \ attr->pValue = isc_mem_get(key->mctx, \ - sizeof(pk11_ecx_ed25519)); \ - \ - memmove(attr->pValue, pk11_ecx_ed25519, \ - sizeof(pk11_ecx_ed25519)); \ - attr->ulValueLen = sizeof(pk11_ecx_ed25519); \ + sizeof(PK11_ECX_ED25519)); \ + memmove(attr->pValue, PK11_ECX_ED25519, \ + sizeof(PK11_ECX_ED25519)); \ + attr->ulValueLen = sizeof(PK11_ECX_ED25519); \ } else { \ - attr->pValue = isc_mem_get(key->mctx, sizeof(pk11_ecx_ed448)); \ - \ - memmove(attr->pValue, pk11_ecx_ed448, sizeof(pk11_ecx_ed448)); \ - attr->ulValueLen = sizeof(pk11_ecx_ed448); \ + attr->pValue = isc_mem_get(key->mctx, sizeof(PK11_ECX_ED448)); \ + memmove(attr->pValue, PK11_ECX_ED448, sizeof(PK11_ECX_ED448)); \ + attr->ulValueLen = sizeof(PK11_ECX_ED448); \ } #define FREECURVE() \ @@ -639,16 +636,15 @@ pkcs11eddsa_fromdns(dst_key_t *key, isc_buffer_t *data) { attr = ec->repr; attr->type = CKA_EC_PARAMS; if (key->key_alg == DST_ALG_ED25519) { - attr->pValue = isc_mem_get(key->mctx, sizeof(pk11_ecx_ed25519)); - memmove(attr->pValue, pk11_ecx_ed25519, - sizeof(pk11_ecx_ed25519)); - attr->ulValueLen = sizeof(pk11_ecx_ed25519); + attr->pValue = isc_mem_get(key->mctx, sizeof(PK11_ECX_ED25519)); + memmove(attr->pValue, PK11_ECX_ED25519, + sizeof(PK11_ECX_ED25519)); + attr->ulValueLen = sizeof(PK11_ECX_ED25519); } else { - attr->pValue = isc_mem_get(key->mctx, sizeof(pk11_ecx_ed448)); - memmove(attr->pValue, pk11_ecx_ed448, sizeof(pk11_ecx_ed448)); - attr->ulValueLen = sizeof(pk11_ecx_ed448); + attr->pValue = isc_mem_get(key->mctx, sizeof(PK11_ECX_ED448)); + memmove(attr->pValue, PK11_ECX_ED448, sizeof(PK11_ECX_ED448)); + attr->ulValueLen = sizeof(PK11_ECX_ED448); } - attr++; attr->type = CKA_EC_POINT; attr->pValue = isc_mem_get(key->mctx, len); diff --git a/lib/isc/include/pk11/constants.h b/lib/isc/include/pk11/constants.h index 6102a9d618..c8bc47d490 100644 --- a/lib/isc/include/pk11/constants.h +++ b/lib/isc/include/pk11/constants.h @@ -9,27 +9,27 @@ * information regarding copyright ownership. */ -#ifndef PK11_CONSTANTS_H -#define PK11_CONSTANTS_H 1 +#pragma once -#include +#include /*! \file pk11/constants.h */ /*% * Static arrays of data used for key template initialization */ -#ifdef WANT_ECC_CURVES -static CK_BYTE pk11_ecc_prime256v1[] = { 0x06, 0x08, 0x2a, 0x86, 0x48, - 0xce, 0x3d, 0x03, 0x01, 0x07 }; -static CK_BYTE pk11_ecc_secp384r1[] = { - 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22 -}; -#endif /* WANT_ECC_CURVES */ - -#ifdef WANT_ECX_CURVES -static CK_BYTE pk11_ecx_ed25519[] = { 0x06, 0x03, 0x2b, 0x65, 0x70 }; -static CK_BYTE pk11_ecx_ed448[] = { 0x06, 0x03, 0x2b, 0x65, 0x71 }; -#endif /* WANT_ECX_CURVES */ - -#endif /* PK11_CONSTANTS_H */ +#define PK11_ECC_PRIME256V1 \ + (uint8_t[]) { \ + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 \ + } +#define PK11_ECC_SECP384R1 \ + (uint8_t[]) { 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22 } +#define PK11_ECX_ED25519 \ + (uint8_t[]) { \ + 0x13, 0xc, 'e', 'd', 'w', 'a', 'r', 'd', 's', '2', '5', '5', \ + '1', '9' \ + } +#define PK11_ECX_ED448 \ + (uint8_t[]) { \ + 0x13, 0xa, 'e', 'd', 'w', 'a', 'r', 'd', 's', '4', '4', '8' \ + }