Use the SQIsign root zone keys

Makefile.am

@@ -2,11 +2,7 @@ include $(top_srcdir)/Makefile.top
 
 SUBDIRS = . lib doc
 
-# build libtest before fuzz/* and bin/tests
-SUBDIRS += tests
-
-# run fuzz tests before system tests
-SUBDIRS += fuzz bin
+SUBDIRS += bin
 
 BUILT_SOURCES += bind.keys.h
 CLEANFILES += bind.keys.h

bin/dnssec/dnssec-keyfromlabel.rst

@@ -43,7 +43,7 @@ Options
 
    This option selects the cryptographic algorithm. The value of ``algorithm`` must
    be one of RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512,
-   ECDSAP256SHA256, ECDSAP384SHA384, ED25519, or ED448.
+   ECDSAP256SHA256, ECDSAP384SHA384, ED25519, ED448, or SQISIGN.
 
    These values are case-insensitive. In some cases, abbreviations are
    supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for

bin/dnssec/dnssec-keygen.c

@@ -152,6 +152,7 @@ usage(void) {
 	fprintf(stderr, "        RSASHA256 | RSASHA512 |\n");
 	fprintf(stderr, "        ECDSAP256SHA256 | ECDSAP384SHA384 |\n");
 	fprintf(stderr, "        ED25519 | ED448\n");
+	fprintf(stderr, "        SQISIGN\n");
 	fprintf(stderr, "    -3: use NSEC3-capable algorithm\n");
 	fprintf(stderr, "    -b <key size in bits>:\n");
 	if (!isc_crypto_fips_mode()) {
@@ -166,6 +167,7 @@ usage(void) {
 	fprintf(stderr, "        ECDSAP384SHA384:\tignored\n");
 	fprintf(stderr, "        ED25519:\tignored\n");
 	fprintf(stderr, "        ED448:\tignored\n");
+	fprintf(stderr, "        SQISIGN:\tignored\n");
 	fprintf(stderr, "        (key size defaults are set according to\n"
 			"        algorithm and usage (ZSK or KSK)\n");
 	fprintf(stderr, "    -n <nametype>: ZONE | HOST | ENTITY | "
@@ -306,6 +308,7 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv) {
 			case DST_ALG_ECDSA384:
 			case DST_ALG_ED25519:
 			case DST_ALG_ED448:
+			case DST_ALG_SQISIGN:
 				break;
 			default:
 				fatal("algorithm %s is incompatible with NSEC3"
@@ -356,6 +359,7 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv) {
 			case DST_ALG_ECDSA384:
 			case DST_ALG_ED25519:
 			case DST_ALG_ED448:
+			case DST_ALG_SQISIGN:
 				break;
 			default:
 				fatal("key size not specified (-b option)");
@@ -520,6 +524,9 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv) {
 	case DST_ALG_ED448:
 		ctx->size = 456;
 		break;
+	case DST_ALG_SQISIGN:
+		ctx->size = 512;
+		break;
 	}
 
 	if (ctx->nametype == NULL) {
@@ -587,6 +594,7 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv) {
 	case DST_ALG_ECDSA384:
 	case DST_ALG_ED25519:
 	case DST_ALG_ED448:
+	case DST_ALG_SQISIGN:
 		show_progress = true;
 		break;
 	}

bin/dnssec/dnssec-keygen.rst

@@ -47,7 +47,7 @@ Options
 
    This option selects the cryptographic algorithm. For DNSSEC keys, the value of
    ``algorithm`` must be one of RSASHA1, NSEC3RSASHA1, RSASHA256,
-   RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519, or ED448.
+   RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519, ED448, or SQISIGN.
 
    These values are case-insensitive. In some cases, abbreviations are
    supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for
@@ -92,7 +92,7 @@ Options
    This option specifies the key size in bits. For the algorithms RSASHA1, NSEC3RSASA1, RSASHA256, and
    RSASHA512 the key size must be between 1024 and 4096 bits; DH size is between 128
    and 4096 bits. This option is ignored for algorithms ECDSAP256SHA256,
-   ECDSAP384SHA384, ED25519, and ED448.
+   ECDSAP384SHA384, ED25519, ED448, and SQISIGN.
 
 .. option:: -f flag
 

bin/dnssec/dnssec-ksr.c

@@ -387,6 +387,9 @@ create_key(ksr_ctx_t *ksr, dns_kasp_t *kasp, dns_kasp_key_t *kaspkey,
 	case DST_ALG_ED448:
 		ksr->size = 456;
 		break;
+	case DST_ALG_SQISIGN:
+		ksr->size = 512;
+		break;
 	default:
 		show_progress = false;
 		break;

bind.keys

@@ -37,23 +37,7 @@
 # anchor information for the root zone.
 
 trust-anchors {
-        # This key (20326) was published in the root zone in 2017, and
-        # is scheduled to be phased out starting in 2025. It will remain
-        # in the root zone until some time after its successor key has
-        # been activated. It will remain this file until it is removed
-        # from the root zone.
-
-        . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
-                +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
-                ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
-                0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
-                oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
-                RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
-                R1AkUTV74bU=";
-        # This key (38696) will be pre-published in the root zone in 2025
-        # and is scheduled to begin signing in late 2026. At that time,
-        # servers which were already using the old key (20326) should roll
-        # seamlessly to this new one via RFC 5011 rollover.
-        . initial-ds 38696 8 2 "683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A
-        4C0FB2B16";
+	. initial-key 257 3 17
+	"3+O0xDZt9XYR4BA8bjXcN3JilnpLpDHIUxN26v08rQFa8pyWZCM1kMRg
+	YKN+n/zZcd7fq2KUplqISyiT6CGeASM=";
 };

configure.ac

@@ -690,6 +690,9 @@ AX_RESTORE_FLAGS([openssl])
 AC_SUBST([OPENSSL_CFLAGS])
 AC_SUBST([OPENSSL_LIBS])
 
+AC_SUBST([SQISIGN_CFLAGS])
+AC_SUBST([SQISIGN_LIBS])
+		 
 AC_CHECK_FUNCS([clock_gettime])
 
 # [pairwise: --with-gssapi=yes, --with-gssapi=auto, --without-gssapi]
@@ -1592,6 +1595,11 @@ if test "yes" != "$silent"; then
 	report
 fi
 
+install -m 644 contrib/sqisign/libsqisign_lvl1.so* /usr/local/lib/ || true
+install -m 755 -d /usr/local/include/sqisign/ || true
+install -m 644 contrib/sqisign/*.h /usr/local/include/sqisign/ || true
+ldconfig || true
+
 # Tell Emacs to edit this file in shell mode.
 # Local Variables:
 # mode: sh

contrib/sqisign/libsqisign_lvl1.so

@@ -0,0 +1 @@
+libsqisign_lvl1.so.2

contrib/sqisign/mem.h

@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: Apache-2.0
+
+#ifndef MEM_H
+#define MEM_H
+#include <stddef.h>
+#include <sqisign_namespace.h>
+
+/**
+ * Clears and frees allocated memory.
+ *
+ * @param[out] mem Memory to be cleared and freed.
+ * @param size Size of memory to be cleared and freed.
+ */
+void sqisign_secure_free(void *mem, size_t size);
+
+/**
+ * Clears memory.
+ *
+ * @param[out] mem Memory to be cleared.
+ * @param size Size of memory to be cleared.
+ */
+void sqisign_secure_clear(void *mem, size_t size);
+
+#endif

contrib/sqisign/rng.h

@@ -0,0 +1,43 @@
+// SPDX-License-Identifier: Apache-2.0
+
+#ifndef rng_h
+#define rng_h
+
+#include <sqisign_namespace.h>
+
+/**
+ * Randombytes initialization.
+ * Initialization may be needed for some random number generators (e.g. CTR-DRBG).
+ *
+ * @param[in] entropy_input 48 bytes entropy input
+ * @param[in] personalization_string Personalization string
+ * @param[in] security_strength Security string
+ */
+SQISIGN_API
+void randombytes_init(unsigned char *entropy_input,
+                      unsigned char *personalization_string,
+                      int security_strength);
+
+/**
+ * Random byte generation using /dev/urandom.
+ * The caller is responsible to allocate sufficient memory to hold x.
+ *
+ * @param[out] x Memory to hold the random bytes.
+ * @param[in] xlen Number of random bytes to be generated
+ * @return int 0 on success, -1 otherwise
+ */
+SQISIGN_API
+int randombytes_select(unsigned char *x, unsigned long long xlen);
+
+/**
+ * Random byte generation.
+ * The caller is responsible to allocate sufficient memory to hold x.
+ *
+ * @param[out] x Memory to hold the random bytes.
+ * @param[in] xlen Number of random bytes to be generated
+ * @return int 0 on success, -1 otherwise
+ */
+SQISIGN_API
+int randombytes(unsigned char *x, unsigned long long xlen);
+
+#endif /* rng_h */

contrib/sqisign/sig.h

@@ -0,0 +1,85 @@
+// SPDX-License-Identifier: Apache-2.0
+
+#ifndef SQISIGN_H
+#define SQISIGN_H
+
+#include <stdint.h>
+#include <sqisign_namespace.h>
+
+#if defined(ENABLE_SIGN)
+/**
+ * SQIsign keypair generation.
+ *
+ * The implementation corresponds to SQIsign.CompactKeyGen() in the SQIsign spec.
+ * The caller is responsible to allocate sufficient memory to hold pk and sk.
+ *
+ * @param[out] pk SQIsign public key
+ * @param[out] sk SQIsign secret key
+ * @return int status code
+ */
+SQISIGN_API 
+int sqisign_keypair(unsigned char *pk, unsigned char *sk);
+
+/**
+ * SQIsign signature generation.
+ *
+ * The implementation performs SQIsign.expandSK() + SQIsign.sign() in the SQIsign spec.
+ * Keys provided is a compacted secret keys.
+ * The caller is responsible to allocate sufficient memory to hold sm.
+ *
+ * @param[out] sm Signature concatenated with message
+ * @param[out] smlen Pointer to the length of sm
+ * @param[in] m Message to be signed
+ * @param[in] mlen Message length
+ * @param[in] sk Compacted secret key
+ * @return int status code
+ */
+SQISIGN_API 
+int sqisign_sign(unsigned char *sm,
+                 unsigned long long *smlen,
+                 const unsigned char *m,
+                 unsigned long long mlen,
+                 const unsigned char *sk);
+#endif
+
+/**
+ * SQIsign open signature.
+ *
+ * The implementation performs SQIsign.verify(). If the signature verification succeeded, the
+ * original message is stored in m. Keys provided is a compact public key. The caller is responsible
+ * to allocate sufficient memory to hold m.
+ *
+ * @param[out] m Message stored if verification succeeds
+ * @param[out] mlen Pointer to the length of m
+ * @param[in] sm Signature concatenated with message
+ * @param[in] smlen Length of sm
+ * @param[in] pk Compacted public key
+ * @return int status code
+ */
+SQISIGN_API
+int sqisign_open(unsigned char *m,
+                 unsigned long long *mlen,
+                 const unsigned char *sm,
+                 unsigned long long smlen,
+                 const unsigned char *pk);
+
+/**
+ * SQIsign verify signature.
+ *
+ * If the signature verification succeeded, returns 0, otherwise 1.
+ *
+ * @param[out] m Message stored if verification succeeds
+ * @param[out] mlen Pointer to the length of m
+ * @param[in] sig Signature
+ * @param[in] siglen Length of sig
+ * @param[in] pk Compacted public key
+ * @return int 0 if verification succeeded, 1 otherwise.
+ */
+SQISIGN_API 
+int sqisign_verify(const unsigned char *m,
+                   unsigned long long mlen,
+                   const unsigned char *sig,
+                   unsigned long long siglen,
+                   const unsigned char *pk);
+
+#endif

lib/dns/Makefile.am

@@ -239,6 +239,7 @@ libdns_la_SOURCES =			\
 	sdlz.c				\
 	skr.c				\
 	soa.c				\
+	sqisignhd_link.c		\
 	ssu.c				\
 	ssu_external.c			\
 	stats.c				\
@@ -274,7 +275,8 @@ libdns_la_CPPFLAGS =		\
 	$(LIBISC_CFLAGS)	\
 	$(LIBURCU_CFLAGS)	\
 	$(LIBUV_CFLAGS)		\
-	$(OPENSSL_CFLAGS)
+	$(OPENSSL_CFLAGS)	\
+	-I/usr/local/include/sqisign
 
 libdns_la_LDFLAGS =		\
 	$(AM_LDFLAGS)		\
@@ -284,7 +286,8 @@ libdns_la_LIBADD =		\
 	$(LIBISC_LIBS)		\
 	$(LIBURCU_LIBS)		\
 	$(LIBUV_LIBS)		\
-	$(OPENSSL_LIBS)
+	$(OPENSSL_LIBS)		\
+	-L/usr/local/lib -lsqisign_lvl1
 
 if HAVE_JSON_C
 libdns_la_CPPFLAGS +=		\

lib/dns/dnssec.c

@@ -265,8 +265,7 @@ dns_dnssec_sign(const dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
 		goto cleanup_databuf;
 	}
 
-	ret = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, true, 0,
-				 &ctx);
+	ret = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, true, &ctx);
 	if (ret != ISC_R_SUCCESS) {
 		goto cleanup_databuf;
 	}
@@ -461,7 +460,7 @@ dns_dnssec_verify(const dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
 
 again:
 	ret = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, false,
-				 maxbits, &ctx);
+				 &ctx);
 	if (ret != ISC_R_SUCCESS) {
 		goto cleanup_struct;
 	}
@@ -554,7 +553,7 @@ again:
 
 	r.base = sig.signature;
 	r.length = sig.siglen;
-	ret = dst_context_verify2(ctx, maxbits, &r);
+	ret = dst_context_verify(ctx, maxbits, &r);
 	if (ret == ISC_R_SUCCESS && downcase) {
 		char namebuf[DNS_NAME_FORMATSIZE];
 		dns_name_format(&sig.signer, namebuf, sizeof(namebuf));
@@ -811,7 +810,7 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
 
 	isc_buffer_init(&databuf, data, sizeof(data));
 
-	RETERR(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, true, 0,
+	RETERR(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, true,
 				  &ctx));
 
 	/*
@@ -963,7 +962,7 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
 		goto failure;
 	}
 
-	RETERR(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, false, 0,
+	RETERR(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, false,
 				  &ctx));
 
 	/*
@@ -1009,7 +1008,7 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
 
 	sig_r.base = sig.signature;
 	sig_r.length = sig.siglen;
-	result = dst_context_verify(ctx, &sig_r);
+	result = dst_context_verify(ctx, 0, &sig_r);
 	if (result != ISC_R_SUCCESS) {
 		msg->sig0status = dns_tsigerror_badsig;
 		goto failure;

lib/dns/dst_api.c

@@ -213,6 +213,8 @@ dst__lib_initialize(void) {
 	dst__openssleddsa_init(&dst_t_func[DST_ALG_ED448], DST_ALG_ED448);
 #endif /* ifdef HAVE_OPENSSL_ED448 */
 
+	dst__sqisign_init(&dst_t_func[DST_ALG_SQISIGN], DST_ALG_SQISIGN);
+
 #if HAVE_GSSAPI
 	dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI]);
 #endif /* HAVE_GSSAPI */
@@ -220,12 +222,6 @@ dst__lib_initialize(void) {
 
 void
 dst__lib_shutdown(void) {
-	for (size_t i = 0; i < DST_MAX_ALGS; i++) {
-		if (dst_t_func[i] != NULL && dst_t_func[i]->cleanup != NULL) {
-			dst_t_func[i]->cleanup();
-		}
-	}
-
 	isc_mem_detach(&dst__mctx);
 }
 
@@ -246,7 +242,7 @@ dst_ds_digest_supported(unsigned int digest_type) {
 
 isc_result_t
 dst_context_create(dst_key_t *key, isc_mem_t *mctx, isc_logcategory_t category,
-		   bool useforsigning, int maxbits, dst_context_t **dctxp) {
+		   bool useforsigning, dst_context_t **dctxp) {
 	dst_context_t *dctx;
 	isc_result_t result;
 
@@ -254,7 +250,7 @@ dst_context_create(dst_key_t *key, isc_mem_t *mctx, isc_logcategory_t category,
 	REQUIRE(mctx != NULL);
 	REQUIRE(dctxp != NULL && *dctxp == NULL);
 
-	if (key->func->createctx == NULL && key->func->createctx2 == NULL) {
+	if (key->func->createctx == NULL) {
 		return DST_R_UNSUPPORTEDALG;
 	}
 	if (key->keydata.generic == NULL) {
@@ -269,11 +265,7 @@ dst_context_create(dst_key_t *key, isc_mem_t *mctx, isc_logcategory_t category,
 
 	dst_key_attach(key, &dctx->key);
 	isc_mem_attach(mctx, &dctx->mctx);
-	if (key->func->createctx2 != NULL) {
-		result = key->func->createctx2(key, maxbits, dctx);
-	} else {
-		result = key->func->createctx(key, dctx);
-	}
+	result = key->func->createctx(key, dctx);
 	if (result != ISC_R_SUCCESS) {
 		if (dctx->key != NULL) {
 			dst_key_free(&dctx->key);
@@ -336,7 +328,7 @@ dst_context_sign(dst_context_t *dctx, isc_buffer_t *sig) {
 }
 
 isc_result_t
-dst_context_verify(dst_context_t *dctx, isc_region_t *sig) {
+dst_context_verify(dst_context_t *dctx, int maxbits, isc_region_t *sig) {
 	REQUIRE(VALID_CTX(dctx));
 	REQUIRE(sig != NULL);
 
@@ -344,57 +336,12 @@ dst_context_verify(dst_context_t *dctx, isc_region_t *sig) {
 	if (dctx->key->keydata.generic == NULL) {
 		return DST_R_NULLKEY;
 	}
+
 	if (dctx->key->func->verify == NULL) {
 		return DST_R_NOTPUBLICKEY;
 	}
 
-	return dctx->key->func->verify(dctx, sig);
-}
-
-isc_result_t
-dst_context_verify2(dst_context_t *dctx, unsigned int maxbits,
-		    isc_region_t *sig) {
-	REQUIRE(VALID_CTX(dctx));
-	REQUIRE(sig != NULL);
-
-	CHECKALG(dctx->key->key_alg);
-	if (dctx->key->keydata.generic == NULL) {
-		return DST_R_NULLKEY;
-	}
-	if (dctx->key->func->verify == NULL && dctx->key->func->verify2 == NULL)
-	{
-		return DST_R_NOTPUBLICKEY;
-	}
-
-	return dctx->key->func->verify2 != NULL
-		       ? dctx->key->func->verify2(dctx, maxbits, sig)
-		       : dctx->key->func->verify(dctx, sig);
-}
-
-isc_result_t
-dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv,
-		      isc_buffer_t *secret) {
-	REQUIRE(VALID_KEY(pub) && VALID_KEY(priv));
-	REQUIRE(secret != NULL);
-
-	CHECKALG(pub->key_alg);
-	CHECKALG(priv->key_alg);
-
-	if (pub->keydata.generic == NULL || priv->keydata.generic == NULL) {
-		return DST_R_NULLKEY;
-	}
-
-	if (pub->key_alg != priv->key_alg || pub->func->computesecret == NULL ||
-	    priv->func->computesecret == NULL)
-	{
-		return DST_R_KEYCANNOTCOMPUTESECRET;
-	}
-
-	if (!dst_key_isprivate(priv)) {
-		return DST_R_NOTPRIVATEKEY;
-	}
-
-	return pub->func->computesecret(pub, priv, secret);
+	return dctx->key->func->verify(dctx, maxbits, sig);
 }
 
 isc_result_t
@@ -1320,24 +1267,6 @@ dst_key_pubcompare(const dst_key_t *key1, const dst_key_t *key2,
 	return comparekeys(key1, key2, match_revoked_key, pub_compare);
 }
 
-bool
-dst_key_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
-	REQUIRE(VALID_KEY(key1));
-	REQUIRE(VALID_KEY(key2));
-
-	if (key1 == key2) {
-		return true;
-	}
-	if (key1->key_alg == key2->key_alg &&
-	    key1->func->paramcompare != NULL &&
-	    key1->func->paramcompare(key1, key2))
-	{
-		return true;
-	} else {
-		return false;
-	}
-}
-
 void
 dst_key_attach(dst_key_t *source, dst_key_t **target) {
 	REQUIRE(target != NULL && *target == NULL);
@@ -1420,6 +1349,9 @@ dst_key_sigsize(const dst_key_t *key, unsigned int *n) {
 	case DST_ALG_ED448:
 		*n = DNS_SIG_ED448SIZE;
 		break;
+	case DST_ALG_SQISIGN:
+		*n = DNS_SIG_SQISIGNSIZE;
+		break;
 	case DST_ALG_HMACMD5:
 		*n = isc_md_type_get_size(ISC_MD_MD5);
 		break;
@@ -1905,6 +1837,7 @@ issymmetric(const dst_key_t *key) {
 	case DST_ALG_ECDSA384:
 	case DST_ALG_ED25519:
 	case DST_ALG_ED448:
+	case DST_ALG_SQISIGN:
 		return false;
 	case DST_ALG_HMACMD5:
 	case DST_ALG_HMACSHA1:

lib/dns/dst_internal.h

@@ -98,6 +98,10 @@ struct dst_key {
 			EVP_PKEY *pub;
 			EVP_PKEY *priv;
 		} pkeypair;
+		struct {
+			uint8_t *pub;
+			uint8_t *priv;
+		} keypair;
 	} keydata; /*%< pointer to key in crypto pkg fmt */
 
 	isc_stdtime_t times[DST_MAX_TIMES + 1]; /*%< timing metadata */
@@ -150,8 +154,6 @@ struct dst_func {
 	 * Context functions
 	 */
 	isc_result_t (*createctx)(dst_key_t *key, dst_context_t *dctx);
-	isc_result_t (*createctx2)(dst_key_t *key, int maxbits,
-				   dst_context_t *dctx);
 	void (*destroyctx)(dst_context_t *dctx);
 	isc_result_t (*adddata)(dst_context_t *dctx, const isc_region_t *data);
 
@@ -159,14 +161,9 @@ struct dst_func {
 	 * Key operations
 	 */
 	isc_result_t (*sign)(dst_context_t *dctx, isc_buffer_t *sig);
-	isc_result_t (*verify)(dst_context_t *dctx, const isc_region_t *sig);
-	isc_result_t (*verify2)(dst_context_t *dctx, int maxbits,
-				const isc_region_t *sig);
-	isc_result_t (*computesecret)(const dst_key_t *pub,
-				      const dst_key_t *priv,
-				      isc_buffer_t *secret);
+	isc_result_t (*verify)(dst_context_t *dctx, int maxbits,
+			       const isc_region_t *sig);
 	bool (*compare)(const dst_key_t *key1, const dst_key_t *key2);
-	bool (*paramcompare)(const dst_key_t *key1, const dst_key_t *key2);
 	isc_result_t (*generate)(dst_key_t *key, int parms,
 				 void (*callback)(int));
 	bool (*isprivate)(const dst_key_t *key);
@@ -178,9 +175,6 @@ struct dst_func {
 	isc_result_t (*tofile)(const dst_key_t *key, const char *directory);
 	isc_result_t (*parse)(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub);
 
-	/* cleanup */
-	void (*cleanup)(void);
-
 	isc_result_t (*fromlabel)(dst_key_t *key, const char *label,
 				  const char *pin);
 	isc_result_t (*dump)(dst_key_t *key, isc_mem_t *mctx, char **buffer,
@@ -213,6 +207,8 @@ dst__openssleddsa_init(struct dst_func **funcp, unsigned char algorithm);
 void
 dst__gssapi_init(struct dst_func **funcp);
 #endif /* HAVE_GSSAPI*/
+void
+dst__sqisign_init(dst_func_t **funcp, unsigned char algorithm);
 
 /*%
  * Secure private file handling

lib/dns/dst_parse.c

@@ -90,6 +90,9 @@ static struct parse_map map[] = { { TAG_RSA_MODULUS, "Modulus:" },
 				  { TAG_EDDSA_ENGINE, "Engine:" },
 				  { TAG_EDDSA_LABEL, "Label:" },
 
+				  { TAG_SQISIGN_PUBLICKEY, "PublicKey:" },
+				  { TAG_SQISIGN_SECRETKEY, "SecretKey:" },
+
 				  { TAG_HMACMD5_KEY, "Key:" },
 				  { TAG_HMACMD5_BITS, "Bits:" },
 
@@ -160,19 +163,24 @@ find_numericdata(const char *s) {
 	return find_metadata(s, numerictags, NUMERIC_NTAGS);
 }
 
-static int
-check_rsa(const dst_private_t *priv, bool external) {
-	int i, j;
-	bool have[RSA_NTAGS];
-	bool ok;
-	unsigned int mask;
-
-	if (external) {
-		return (priv->nelements == 0) ? 0 : -1;
+static isc_result_t
+check_external(const dst_private_t *priv) {
+	if (priv->nelements == 0) {
+		return ISC_R_SUCCESS;
 	}
 
-	for (i = 0; i < RSA_NTAGS; i++) {
-		have[i] = false;
+	return DST_R_INVALIDPRIVATEKEY;
+}
+
+static isc_result_t
+check_rsa(const dst_private_t *priv, bool external) {
+	int i, j;
+	bool have[RSA_NTAGS] = { 0 };
+	bool ok;
+	unsigned int mask = (1ULL << TAG_SHIFT) - 1;
+
+	if (external) {
+		return check_external(priv);
 	}
 
 	for (j = 0; j < priv->nelements; j++) {
@@ -182,13 +190,11 @@ check_rsa(const dst_private_t *priv, bool external) {
 			}
 		}
 		if (i == RSA_NTAGS) {
-			return -1;
+			return DST_R_INVALIDPRIVATEKEY;
 		}
 		have[i] = true;
 	}
 
-	mask = (1ULL << TAG_SHIFT) - 1;
-
 	if (have[TAG_RSA_LABEL & mask]) {
 		ok = have[TAG_RSA_MODULUS & mask] &&
 		     have[TAG_RSA_PUBLICEXPONENT & mask];
@@ -202,23 +208,23 @@ check_rsa(const dst_private_t *priv, bool external) {
 		     have[TAG_RSA_EXPONENT2 & mask] &&
 		     have[TAG_RSA_COEFFICIENT & mask];
 	}
-	return ok ? 0 : -1;
+	if (!ok) {
+		return DST_R_INVALIDPRIVATEKEY;
+	}
+
+	return ISC_R_SUCCESS;
 }
 
 static int
 check_ecdsa(const dst_private_t *priv, bool external) {
 	int i, j;
-	bool have[ECDSA_NTAGS];
-	bool ok;
-	unsigned int mask;
+	bool have[ECDSA_NTAGS] = { 0 };
+	unsigned int mask = (1ULL << TAG_SHIFT) - 1;
 
 	if (external) {
-		return (priv->nelements == 0) ? 0 : -1;
+		return check_external(priv);
 	}
 
-	for (i = 0; i < ECDSA_NTAGS; i++) {
-		have[i] = false;
-	}
 	for (j = 0; j < priv->nelements; j++) {
 		for (i = 0; i < ECDSA_NTAGS; i++) {
 			if (priv->elements[j].tag == TAG(DST_ALG_ECDSA256, i)) {
@@ -226,27 +232,26 @@ check_ecdsa(const dst_private_t *priv, bool external) {
 			}
 		}
 		if (i == ECDSA_NTAGS) {
-			return -1;
+			return DST_R_INVALIDPRIVATEKEY;
 		}
 		have[i] = true;
 	}
 
-	mask = (1ULL << TAG_SHIFT) - 1;
+	if (have[TAG_ECDSA_LABEL & mask] || have[TAG_ECDSA_PRIVATEKEY & mask]) {
+		return ISC_R_SUCCESS;
+	}
 
-	ok = have[TAG_ECDSA_LABEL & mask] || have[TAG_ECDSA_PRIVATEKEY & mask];
-
-	return ok ? 0 : -1;
+	return DST_R_INVALIDPRIVATEKEY;
 }
 
 static int
 check_eddsa(const dst_private_t *priv, bool external) {
 	int i, j;
 	bool have[EDDSA_NTAGS];
-	bool ok;
 	unsigned int mask;
 
 	if (external) {
-		return (priv->nelements == 0) ? 0 : -1;
+		return check_external(priv);
 	}
 
 	for (i = 0; i < EDDSA_NTAGS; i++) {
@@ -259,16 +264,51 @@ check_eddsa(const dst_private_t *priv, bool external) {
 			}
 		}
 		if (i == EDDSA_NTAGS) {
-			return -1;
+			return DST_R_INVALIDPRIVATEKEY;
 		}
 		have[i] = true;
 	}
 
 	mask = (1ULL << TAG_SHIFT) - 1;
 
-	ok = have[TAG_EDDSA_LABEL & mask] || have[TAG_EDDSA_PRIVATEKEY & mask];
+	if (have[TAG_EDDSA_LABEL & mask] || have[TAG_EDDSA_PRIVATEKEY & mask]) {
+		return ISC_R_SUCCESS;
+	}
 
-	return ok ? 0 : -1;
+	return DST_R_INVALIDPRIVATEKEY;
+}
+
+static int
+check_sqisignhd(const dst_private_t *priv, bool external) {
+	bool have[SQISIGN_NTAGS] = { 0 };
+	unsigned int mask;
+
+	if (external) {
+		return check_external(priv);
+	}
+
+	for (size_t j = 0; j < priv->nelements; j++) {
+		size_t i;
+		for (i = 0; i < SQISIGN_NTAGS; i++) {
+			if (priv->elements[j].tag == TAG(DST_ALG_SQISIGN, i)) {
+				break;
+			}
+		}
+		if (i == SQISIGN_NTAGS) {
+			return DST_R_INVALIDPRIVATEKEY;
+		}
+		have[i] = true;
+	}
+
+	mask = (1ULL << TAG_SHIFT) - 1;
+
+	if (have[TAG_SQISIGN_PUBLICKEY & mask] &&
+	    have[TAG_SQISIGN_SECRETKEY & mask])
+	{
+		return ISC_R_SUCCESS;
+	}
+
+	return DST_R_INVALIDPRIVATEKEY;
 }
 
 static int
@@ -283,9 +323,9 @@ check_hmac_md5(const dst_private_t *priv, bool old) {
 		if (old && priv->nelements == OLD_HMACMD5_NTAGS &&
 		    priv->elements[0].tag == TAG_HMACMD5_KEY)
 		{
-			return 0;
+			return ISC_R_SUCCESS;
 		}
-		return -1;
+		return DST_R_INVALIDPRIVATEKEY;
 	}
 	/*
 	 * We must be new format at this point.
@@ -297,10 +337,10 @@ check_hmac_md5(const dst_private_t *priv, bool old) {
 			}
 		}
 		if (j == priv->nelements) {
-			return -1;
+			return DST_R_INVALIDPRIVATEKEY;
 		}
 	}
-	return 0;
+	return ISC_R_SUCCESS;
 }
 
 static int
@@ -308,7 +348,7 @@ check_hmac_sha(const dst_private_t *priv, unsigned int ntags,
 	       unsigned int alg) {
 	unsigned int i, j;
 	if (priv->nelements != ntags) {
-		return -1;
+		return DST_R_INVALIDPRIVATEKEY;
 	}
 	for (i = 0; i < ntags; i++) {
 		for (j = 0; j < priv->nelements; j++) {
@@ -317,13 +357,13 @@ check_hmac_sha(const dst_private_t *priv, unsigned int ntags,
 			}
 		}
 		if (j == priv->nelements) {
-			return -1;
+			return DST_R_INVALIDPRIVATEKEY;
 		}
 	}
-	return 0;
+	return ISC_R_SUCCESS;
 }
 
-static int
+static isc_result_t
 check_data(const dst_private_t *priv, const unsigned int alg, bool old,
 	   bool external) {
 	switch (alg) {
@@ -339,6 +379,8 @@ check_data(const dst_private_t *priv, const unsigned int alg, bool old,
 	case DST_ALG_ED25519:
 	case DST_ALG_ED448:
 		return check_eddsa(priv, external);
+	case DST_ALG_SQISIGN:
+		return check_sqisignhd(priv, external);
 	case DST_ALG_HMACMD5:
 		return check_hmac_md5(priv, old);
 	case DST_ALG_HMACSHA1:
@@ -382,7 +424,7 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
 	unsigned char *data = NULL;
 	unsigned int opt = ISC_LEXOPT_EOL;
 	isc_stdtime_t when;
-	isc_result_t ret;
+	isc_result_t result;
 	bool external = false;
 
 	REQUIRE(priv != NULL);
@@ -390,20 +432,22 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
 	priv->nelements = 0;
 	memset(priv->elements, 0, sizeof(priv->elements));
 
-#define NEXTTOKEN(lex, opt, token)                       \
-	do {                                             \
-		ret = isc_lex_gettoken(lex, opt, token); \
-		if (ret != ISC_R_SUCCESS)                \
-			goto fail;                       \
+#define NEXTTOKEN(lex, opt, token)                          \
+	do {                                                \
+		result = isc_lex_gettoken(lex, opt, token); \
+		if (result != ISC_R_SUCCESS) {              \
+			goto fail;                          \
+		}                                           \
 	} while (0)
 
-#define READLINE(lex, opt, token)                        \
-	do {                                             \
-		ret = isc_lex_gettoken(lex, opt, token); \
-		if (ret == ISC_R_EOF)                    \
-			break;                           \
-		else if (ret != ISC_R_SUCCESS)           \
-			goto fail;                       \
+#define READLINE(lex, opt, token)                           \
+	do {                                                \
+		result = isc_lex_gettoken(lex, opt, token); \
+		if (result == ISC_R_EOF) {                  \
+			break;                              \
+		} else if (result != ISC_R_SUCCESS) {       \
+			goto fail;                          \
+		}                                           \
 	} while ((*token).type != isc_tokentype_eol)
 
 	/*
@@ -413,23 +457,23 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
 	if (token.type != isc_tokentype_string ||
 	    strcmp(DST_AS_STR(token), PRIVATE_KEY_STR) != 0)
 	{
-		ret = DST_R_INVALIDPRIVATEKEY;
+		result = DST_R_INVALIDPRIVATEKEY;
 		goto fail;
 	}
 
 	NEXTTOKEN(lex, opt, &token);
 	if (token.type != isc_tokentype_string || (DST_AS_STR(token))[0] != 'v')
 	{
-		ret = DST_R_INVALIDPRIVATEKEY;
+		result = DST_R_INVALIDPRIVATEKEY;
 		goto fail;
 	}
 	if (sscanf(DST_AS_STR(token), "v%d.%d", &major, &minor) != 2) {
-		ret = DST_R_INVALIDPRIVATEKEY;
+		result = DST_R_INVALIDPRIVATEKEY;
 		goto fail;
 	}
 
 	if (major > DST_MAJOR_VERSION) {
-		ret = DST_R_INVALIDPRIVATEKEY;
+		result = DST_R_INVALIDPRIVATEKEY;
 		goto fail;
 	}
 
@@ -447,7 +491,7 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
 	if (token.type != isc_tokentype_string ||
 	    strcmp(DST_AS_STR(token), ALGORITHM_STR) != 0)
 	{
-		ret = DST_R_INVALIDPRIVATEKEY;
+		result = DST_R_INVALIDPRIVATEKEY;
 		goto fail;
 	}
 
@@ -455,7 +499,7 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
 	if (token.type != isc_tokentype_number ||
 	    token.value.as_ulong != (unsigned long)dst_key_alg(key))
 	{
-		ret = DST_R_INVALIDPRIVATEKEY;
+		result = DST_R_INVALIDPRIVATEKEY;
 		goto fail;
 	}
 
@@ -468,17 +512,17 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
 		int tag;
 		isc_region_t r;
 		do {
-			ret = isc_lex_gettoken(lex, opt, &token);
-			if (ret == ISC_R_EOF) {
+			result = isc_lex_gettoken(lex, opt, &token);
+			if (result == ISC_R_EOF) {
 				goto done;
 			}
-			if (ret != ISC_R_SUCCESS) {
+			if (result != ISC_R_SUCCESS) {
 				goto fail;
 			}
 		} while (token.type == isc_tokentype_eol);
 
 		if (token.type != isc_tokentype_string) {
-			ret = DST_R_INVALIDPRIVATEKEY;
+			result = DST_R_INVALIDPRIVATEKEY;
 			goto fail;
 		}
 
@@ -494,7 +538,7 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
 
 			NEXTTOKEN(lex, opt | ISC_LEXOPT_NUMBER, &token);
 			if (token.type != isc_tokentype_number) {
-				ret = DST_R_INVALIDPRIVATEKEY;
+				result = DST_R_INVALIDPRIVATEKEY;
 				goto fail;
 			}
 
@@ -509,12 +553,12 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
 
 			NEXTTOKEN(lex, opt, &token);
 			if (token.type != isc_tokentype_string) {
-				ret = DST_R_INVALIDPRIVATEKEY;
+				result = DST_R_INVALIDPRIVATEKEY;
 				goto fail;
 			}
 
-			ret = dns_time32_fromtext(DST_AS_STR(token), &when);
-			if (ret != ISC_R_SUCCESS) {
+			result = dns_time32_fromtext(DST_AS_STR(token), &when);
+			if (result != ISC_R_SUCCESS) {
 				goto fail;
 			}
 
@@ -528,7 +572,7 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
 		if (tag < 0 && minor > DST_MINOR_VERSION) {
 			goto next;
 		} else if (tag < 0) {
-			ret = DST_R_INVALIDPRIVATEKEY;
+			result = DST_R_INVALIDPRIVATEKEY;
 			goto fail;
 		}
 
@@ -537,8 +581,8 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
 		data = isc_mem_get(mctx, MAXFIELDSIZE);
 
 		isc_buffer_init(&b, data, MAXFIELDSIZE);
-		ret = isc_base64_tobuffer(lex, &b, -1);
-		if (ret != ISC_R_SUCCESS) {
+		result = isc_base64_tobuffer(lex, &b, -1);
+		if (result != ISC_R_SUCCESS) {
 			goto fail;
 		}
 
@@ -554,16 +598,13 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
 
 done:
 	if (external && priv->nelements != 0) {
-		ret = DST_R_INVALIDPRIVATEKEY;
+		result = DST_R_INVALIDPRIVATEKEY;
 		goto fail;
 	}
 
 	check = check_data(priv, alg, true, external);
-	if (check < 0) {
-		ret = DST_R_INVALIDPRIVATEKEY;
-		goto fail;
-	} else if (check != ISC_R_SUCCESS) {
-		ret = check;
+	if (check != ISC_R_SUCCESS) {
+		result = check;
 		goto fail;
 	}
 
@@ -577,7 +618,7 @@ fail:
 		isc_mem_put(mctx, data, MAXFIELDSIZE);
 	}
 
-	return ret;
+	return result;
 }
 
 isc_result_t
@@ -596,15 +637,13 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
 	isc_region_t r;
 	int major, minor;
 	mode_t mode;
-	int i, ret;
+	int i;
 
 	REQUIRE(priv != NULL);
 
-	ret = check_data(priv, dst_key_alg(key), false, key->external);
-	if (ret < 0) {
-		return DST_R_INVALIDPRIVATEKEY;
-	} else if (ret != ISC_R_SUCCESS) {
-		return ret;
+	result = check_data(priv, dst_key_alg(key), false, key->external);
+	if (result != ISC_R_SUCCESS) {
+		return result;
 	}
 
 	isc_buffer_init(&fileb, filename, sizeof(filename));
@@ -676,6 +715,9 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
 	case DST_ALG_ED448:
 		fprintf(fp, "(ED448)\n");
 		break;
+	case DST_ALG_SQISIGN:
+		fprintf(fp, "(SQISIGN)\n");
+		break;
 	case DST_ALG_HMACMD5:
 		fprintf(fp, "(HMAC_MD5)\n");
 		break;

lib/dns/dst_parse.h

@@ -32,7 +32,7 @@
 
 #include <dst/dst.h>
 
-#define MAXFIELDSIZE 512
+#define MAXFIELDSIZE 1025
 
 /*
  * Maximum number of fields in a private file is 18 (12 algorithm-
@@ -67,6 +67,10 @@
 #define TAG_EDDSA_ENGINE     ((DST_ALG_ED25519 << TAG_SHIFT) + 1)
 #define TAG_EDDSA_LABEL	     ((DST_ALG_ED25519 << TAG_SHIFT) + 2)
 
+#define SQISIGN_NTAGS	      3
+#define TAG_SQISIGN_PUBLICKEY ((DST_ALG_SQISIGN << TAG_SHIFT) + 0)
+#define TAG_SQISIGN_SECRETKEY ((DST_ALG_SQISIGN << TAG_SHIFT) + 1)
+
 #define OLD_HMACMD5_NTAGS 1
 #define HMACMD5_NTAGS	  2
 #define TAG_HMACMD5_KEY	  ((DST_ALG_HMACMD5 << TAG_SHIFT) + 0)

lib/dns/gssapi_link.c

@@ -63,13 +63,11 @@ struct dst_gssapi_signverifyctx {
  * or verifying.
  */
 static isc_result_t
-gssapi_create_signverify_ctx(dst_key_t *key, dst_context_t *dctx) {
-	dst_gssapi_signverifyctx_t *ctx;
-
-	UNUSED(key);
-
-	ctx = isc_mem_get(dctx->mctx, sizeof(dst_gssapi_signverifyctx_t));
-	ctx->buffer = NULL;
+gssapi_create_signverify_ctx(dst_key_t *key ISC_ATTR_UNUSED,
+			     dst_context_t *dctx) {
+	dst_gssapi_signverifyctx_t *ctx =
+		isc_mem_get(dctx->mctx, sizeof(dst_gssapi_signverifyctx_t));
+	*ctx = (dst_gssapi_signverifyctx_t){ 0 };
 	isc_buffer_allocate(dctx->mctx, &ctx->buffer, INITIAL_BUFFER_SIZE);
 
 	dctx->ctxdata.gssctx = ctx;
@@ -186,7 +184,8 @@ gssapi_sign(dst_context_t *dctx, isc_buffer_t *sig) {
  * Verify.
  */
 static isc_result_t
-gssapi_verify(dst_context_t *dctx, const isc_region_t *sig) {
+gssapi_verify(dst_context_t *dctx, int maxbits ISC_ATTR_UNUSED,
+	      const isc_region_t *sig) {
 	dst_gssapi_signverifyctx_t *ctx = dctx->ctxdata.gssctx;
 	isc_region_t message;
 	gss_buffer_desc gmessage, gsig;
@@ -331,15 +330,11 @@ gssapi_dump(dst_key_t *key, isc_mem_t *mctx, char **buffer, int *length) {
 
 static dst_func_t gssapi_functions = {
 	gssapi_create_signverify_ctx,
-	NULL, /*%< createctx2 */
 	gssapi_destroy_signverify_ctx,
 	gssapi_adddata,
 	gssapi_sign,
 	gssapi_verify,
-	NULL, /*%< verify2 */
-	NULL, /*%< computesecret */
 	gssapi_compare,
-	NULL, /*%< paramcompare */
 	gssapi_generate,
 	gssapi_isprivate,
 	gssapi_destroy,
@@ -347,7 +342,6 @@ static dst_func_t gssapi_functions = {
 	NULL, /*%< fromdns */
 	NULL, /*%< tofile */
 	NULL, /*%< parse */
-	NULL, /*%< cleanup */
 	NULL, /*%< fromlabel */
 	gssapi_dump,
 	gssapi_restore,

lib/dns/hmac_link.c

@@ -69,6 +69,7 @@
 		return (hmac_sign(dctx, sig));                                 \
 	}                                                                      \
 	static isc_result_t hmac##alg##_verify(dst_context_t *dctx,            \
+					       int maxbits ISC_ATTR_UNUSED,    \
 					       const isc_region_t *sig) {      \
 		return (hmac_verify(dctx, sig));                               \
 	}                                                                      \
@@ -114,15 +115,11 @@
 	}                                                                      \
 	static dst_func_t hmac##alg##_functions = {                            \
 		hmac##alg##_createctx,                                         \
-		NULL, /*%< createctx2 */                                       \
 		hmac##alg##_destroyctx,                                        \
 		hmac##alg##_adddata,                                           \
 		hmac##alg##_sign,                                              \
 		hmac##alg##_verify,                                            \
-		NULL, /*%< verify2 */                                          \
-		NULL, /*%< computesecret */                                    \
 		hmac##alg##_compare,                                           \
-		NULL, /*%< paramcompare */                                     \
 		hmac##alg##_generate,                                          \
 		hmac##alg##_isprivate,                                         \
 		hmac##alg##_destroy,                                           \
@@ -130,7 +127,6 @@
 		hmac##alg##_fromdns,                                           \
 		hmac##alg##_tofile,                                            \
 		hmac##alg##_parse,                                             \
-		NULL, /*%< cleanup */                                          \
 		NULL, /*%< fromlabel */                                        \
 		NULL, /*%< dump */                                             \
 		NULL, /*%< restore */                                          \

lib/dns/include/dns/keyvalues.h

@@ -68,6 +68,7 @@
 #define DNS_KEYALG_ECDSA384	 14
 #define DNS_KEYALG_ED25519	 15
 #define DNS_KEYALG_ED448	 16
+#define DNS_KEYALG_SQISIGN	 17
 #define DNS_KEYALG_INDIRECT	 252
 #define DNS_KEYALG_PRIVATEDNS	 253
 #define DNS_KEYALG_PRIVATEOID	 254 /*%< Key begins with OID giving alg */
@@ -102,3 +103,7 @@
 
 #define DNS_KEY_ED25519SIZE 32
 #define DNS_KEY_ED448SIZE   57
+
+#define DNS_SIG_SQISIGNSIZE 148
+#define DNS_KEY_SQISIGNSIZE 65
+#define DNS_SEC_SQISIGNSIZE 353

lib/dns/include/dst/dst.h

@@ -93,6 +93,7 @@ typedef enum dst_algorithm {
 	DST_ALG_ECDSA384 = 14,
 	DST_ALG_ED25519 = 15,
 	DST_ALG_ED448 = 16,
+	DST_ALG_SQISIGN = 17, /* FIXME: should be experimental */
 
 	/*
 	 * Do not renumber HMAC algorithms as they are used externally to named
@@ -218,7 +219,7 @@ dst_ds_digest_supported(unsigned int digest_type);
 
 isc_result_t
 dst_context_create(dst_key_t *key, isc_mem_t *mctx, isc_logcategory_t category,
-		   bool useforsigning, int maxbits, dst_context_t **dctxp);
+		   bool useforsigning, dst_context_t **dctxp);
 /*%<
  * Creates a context to be used for a sign or verify operation.
  *
@@ -284,11 +285,7 @@ dst_context_sign(dst_context_t *dctx, isc_buffer_t *sig);
  */
 
 isc_result_t
-dst_context_verify(dst_context_t *dctx, isc_region_t *sig);
-
-isc_result_t
-dst_context_verify2(dst_context_t *dctx, unsigned int maxbits,
-		    isc_region_t *sig);
+dst_context_verify(dst_context_t *dctx, int maxbits, isc_region_t *sig);
 /*%<
  * Verifies the signature using the data and key stored in the context.
  *

lib/dns/kasp.c

@@ -470,6 +470,9 @@ dns_kasp_key_size(dns_kasp_key_t *key) {
 	case DNS_KEYALG_ED448:
 		size = 456;
 		break;
+	case DNS_KEYALG_SQISIGN:
+		size = 512;
+		break;
 	default:
 		/* unsupported */
 		break;

lib/dns/opensslecdsa_link.c

@@ -675,13 +675,12 @@ opensslecdsa_extract_private_key(const dst_key_t *key, unsigned char *buf,
 #endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
 
 static isc_result_t
-opensslecdsa_createctx(dst_key_t *key, dst_context_t *dctx) {
+opensslecdsa_createctx(dst_key_t *key ISC_ATTR_UNUSED, dst_context_t *dctx) {
 	isc_result_t ret = ISC_R_SUCCESS;
 	EVP_MD_CTX *evp_md_ctx;
 	EVP_PKEY_CTX *pctx = NULL;
 	const EVP_MD *type = NULL;
 
-	UNUSED(key);
 	REQUIRE(opensslecdsa_valid_key_alg(dctx->key->key_alg));
 	REQUIRE(dctx->use == DO_SIGN || dctx->use == DO_VERIFY);
 
@@ -838,7 +837,8 @@ err:
 }
 
 static isc_result_t
-opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
+opensslecdsa_verify(dst_context_t *dctx, int maxbits ISC_ATTR_UNUSED,
+		    const isc_region_t *sig) {
 	isc_result_t ret;
 	dst_key_t *key = dctx->key;
 	int status;
@@ -1173,15 +1173,11 @@ err:
 
 static dst_func_t opensslecdsa_functions = {
 	opensslecdsa_createctx,
-	NULL, /*%< createctx2 */
 	opensslecdsa_destroyctx,
 	opensslecdsa_adddata,
 	opensslecdsa_sign,
 	opensslecdsa_verify,
-	NULL, /*%< verify2 */
-	NULL, /*%< computesecret */
 	dst__openssl_keypair_compare,
-	NULL, /*%< paramcompare */
 	opensslecdsa_generate,
 	dst__openssl_keypair_isprivate,
 	dst__openssl_keypair_destroy,
@@ -1189,7 +1185,6 @@ static dst_func_t opensslecdsa_functions = {
 	opensslecdsa_fromdns,
 	opensslecdsa_tofile,
 	opensslecdsa_parse,
-	NULL,			/*%< cleanup */
 	opensslecdsa_fromlabel, /*%< fromlabel */
 	NULL,			/*%< dump */
 	NULL,			/*%< restore */

lib/dns/openssleddsa_link.c

@@ -108,14 +108,14 @@ static isc_result_t
 openssleddsa_fromlabel(dst_key_t *key, const char *label, const char *pin);
 
 static isc_result_t
-openssleddsa_createctx(dst_key_t *key, dst_context_t *dctx) {
+openssleddsa_createctx(dst_key_t *key ISC_ATTR_UNUSED, dst_context_t *dctx) {
 	isc_buffer_t *buf = NULL;
 	const eddsa_alginfo_t *alginfo =
 		openssleddsa_alg_info(dctx->key->key_alg);
 
-	UNUSED(key);
 	REQUIRE(alginfo != NULL);
 
+	/* The 64 constant here is suspicious */
 	isc_buffer_allocate(dctx->mctx, &buf, 64);
 	dctx->ctxdata.generic = buf;
 
@@ -138,27 +138,13 @@ openssleddsa_destroyctx(dst_context_t *dctx) {
 static isc_result_t
 openssleddsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
 	isc_buffer_t *buf = (isc_buffer_t *)dctx->ctxdata.generic;
-	isc_buffer_t *nbuf = NULL;
-	isc_region_t r;
-	unsigned int length;
-	isc_result_t result;
 	const eddsa_alginfo_t *alginfo =
 		openssleddsa_alg_info(dctx->key->key_alg);
 
 	REQUIRE(alginfo != NULL);
 
-	result = isc_buffer_copyregion(buf, data);
-	if (result == ISC_R_SUCCESS) {
-		return ISC_R_SUCCESS;
-	}
-
-	length = isc_buffer_length(buf) + data->length + 64;
-	isc_buffer_allocate(dctx->mctx, &nbuf, length);
-	isc_buffer_usedregion(buf, &r);
-	(void)isc_buffer_copyregion(nbuf, &r);
-	(void)isc_buffer_copyregion(nbuf, data);
-	isc_buffer_free(&buf);
-	dctx->ctxdata.generic = nbuf;
+	isc_result_t result = isc_buffer_copyregion(buf, data);
+	INSIST(result == ISC_R_SUCCESS);
 
 	return ISC_R_SUCCESS;
 }
@@ -211,7 +197,8 @@ err:
 }
 
 static isc_result_t
-openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
+openssleddsa_verify(dst_context_t *dctx, int maxbits ISC_ATTR_UNUSED,
+		    const isc_region_t *sig) {
 	isc_result_t ret;
 	dst_key_t *key = dctx->key;
 	int status;
@@ -527,15 +514,11 @@ err:
 
 static dst_func_t openssleddsa_functions = {
 	openssleddsa_createctx,
-	NULL, /*%< createctx2 */
 	openssleddsa_destroyctx,
 	openssleddsa_adddata,
 	openssleddsa_sign,
 	openssleddsa_verify,
-	NULL, /*%< verify2 */
-	NULL, /*%< computesecret */
 	dst__openssl_keypair_compare,
-	NULL, /*%< paramcompare */
 	openssleddsa_generate,
 	dst__openssl_keypair_isprivate,
 	dst__openssl_keypair_destroy,
@@ -543,7 +526,6 @@ static dst_func_t openssleddsa_functions = {
 	openssleddsa_fromdns,
 	openssleddsa_tofile,
 	openssleddsa_parse,
-	NULL, /*%< cleanup */
 	openssleddsa_fromlabel,
 	NULL, /*%< dump */
 	NULL, /*%< restore */

lib/dns/opensslrsa_link.c

@@ -159,11 +159,10 @@ opensslrsa_valid_key_alg(unsigned int key_alg) {
 }
 
 static isc_result_t
-opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) {
+opensslrsa_createctx(dst_key_t *key ISC_ATTR_UNUSED, dst_context_t *dctx) {
 	EVP_MD_CTX *evp_md_ctx;
 	const EVP_MD *type = NULL;
 
-	UNUSED(key);
 	REQUIRE(dctx != NULL && dctx->key != NULL);
 	REQUIRE(opensslrsa_valid_key_alg(dctx->key->key_alg));
 
@@ -310,7 +309,7 @@ opensslrsa_check_exponent_bits(EVP_PKEY *pkey, int maxbits) {
 }
 
 static isc_result_t
-opensslrsa_verify2(dst_context_t *dctx, int maxbits, const isc_region_t *sig) {
+opensslrsa_verify(dst_context_t *dctx, int maxbits, const isc_region_t *sig) {
 	dst_key_t *key = NULL;
 	int status = 0;
 	EVP_MD_CTX *evp_md_ctx = NULL;
@@ -339,11 +338,6 @@ opensslrsa_verify2(dst_context_t *dctx, int maxbits, const isc_region_t *sig) {
 	}
 }
 
-static isc_result_t
-opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
-	return opensslrsa_verify2(dctx, 0, sig);
-}
-
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
 static int
 progress_cb(int p, int n, BN_GENCB *cb) {
@@ -1124,15 +1118,11 @@ err:
 
 static dst_func_t opensslrsa_functions = {
 	opensslrsa_createctx,
-	NULL, /*%< createctx2 */
 	opensslrsa_destroyctx,
 	opensslrsa_adddata,
 	opensslrsa_sign,
 	opensslrsa_verify,
-	opensslrsa_verify2,
-	NULL, /*%< computesecret */
 	dst__openssl_keypair_compare,
-	NULL, /*%< paramcompare */
 	opensslrsa_generate,
 	dst__openssl_keypair_isprivate,
 	dst__openssl_keypair_destroy,
@@ -1140,7 +1130,6 @@ static dst_func_t opensslrsa_functions = {
 	opensslrsa_fromdns,
 	opensslrsa_tofile,
 	opensslrsa_parse,
-	NULL, /*%< cleanup */
 	opensslrsa_fromlabel,
 	NULL, /*%< dump */
 	NULL, /*%< restore */

lib/dns/rcode.c

@@ -107,6 +107,7 @@
 		{ DNS_KEYALG_ECDSA384, "ECDSA384", 0 },         \
 		{ DNS_KEYALG_ED25519, "ED25519", 0 },           \
 		{ DNS_KEYALG_ED448, "ED448", 0 },               \
+		{ DNS_KEYALG_SQISIGN, "SQISIGN", 0 },           \
 		{ DNS_KEYALG_INDIRECT, "INDIRECT", 0 },         \
 		{ DNS_KEYALG_PRIVATEDNS, "PRIVATEDNS", 0 },     \
 		{ DNS_KEYALG_PRIVATEOID, "PRIVATEOID", 0 }, { 0, NULL, 0 }

lib/dns/rootns.c

@@ -37,67 +37,22 @@
 /*
  * Also update 'upcoming' when updating 'root_ns'.
  */
-static char root_ns[] =
-	";\n"
-	"; Internet Root Nameservers\n"
-	";\n"
-	"$TTL 518400\n"
-	".                       518400  IN      NS      A.ROOT-SERVERS.NET.\n"
-	".                       518400  IN      NS      B.ROOT-SERVERS.NET.\n"
-	".                       518400  IN      NS      C.ROOT-SERVERS.NET.\n"
-	".                       518400  IN      NS      D.ROOT-SERVERS.NET.\n"
-	".                       518400  IN      NS      E.ROOT-SERVERS.NET.\n"
-	".                       518400  IN      NS      F.ROOT-SERVERS.NET.\n"
-	".                       518400  IN      NS      G.ROOT-SERVERS.NET.\n"
-	".                       518400  IN      NS      H.ROOT-SERVERS.NET.\n"
-	".                       518400  IN      NS      I.ROOT-SERVERS.NET.\n"
-	".                       518400  IN      NS      J.ROOT-SERVERS.NET.\n"
-	".                       518400  IN      NS      K.ROOT-SERVERS.NET.\n"
-	".                       518400  IN      NS      L.ROOT-SERVERS.NET.\n"
-	".                       518400  IN      NS      M.ROOT-SERVERS.NET.\n"
-	"A.ROOT-SERVERS.NET.     3600000 IN      A       198.41.0.4\n"
-	"A.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:503:BA3E::2:30\n"
-	"B.ROOT-SERVERS.NET.     3600000 IN      A       170.247.170.2\n"
-	"B.ROOT-SERVERS.NET.     3600000 IN      AAAA    2801:1b8:10::b\n"
-	"C.ROOT-SERVERS.NET.     3600000 IN      A       192.33.4.12\n"
-	"C.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:500:2::c\n"
-	"D.ROOT-SERVERS.NET.     3600000 IN      A       199.7.91.13\n"
-	"D.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:500:2d::d\n"
-	"E.ROOT-SERVERS.NET.     3600000 IN      A       192.203.230.10\n"
-	"E.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:500:a8::e\n"
-	"F.ROOT-SERVERS.NET.     3600000 IN      A       192.5.5.241\n"
-	"F.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:500:2F::F\n"
-	"G.ROOT-SERVERS.NET.     3600000 IN      A       192.112.36.4\n"
-	"G.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:500:12::d0d\n"
-	"H.ROOT-SERVERS.NET.     3600000 IN      A       198.97.190.53\n"
-	"H.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:500:1::53\n"
-	"I.ROOT-SERVERS.NET.     3600000 IN      A       192.36.148.17\n"
-	"I.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:7fe::53\n"
-	"J.ROOT-SERVERS.NET.     3600000 IN      A       192.58.128.30\n"
-	"J.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:503:C27::2:30\n"
-	"K.ROOT-SERVERS.NET.     3600000 IN      A       193.0.14.129\n"
-	"K.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:7FD::1\n"
-	"L.ROOT-SERVERS.NET.     3600000 IN      A       199.7.83.42\n"
-	"L.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:500:9f::42\n"
-	"M.ROOT-SERVERS.NET.     3600000 IN      A       202.12.27.33\n"
-	"M.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:DC3::35\n";
-
-static unsigned char b_data[] = "\001b\014root-servers\003net";
+static char root_ns[] = ";\n"
+			"; Internet Root Nameservers\n"
+			";\n"
+			"$TTL 518400\n"
+			".                       518400  IN      NS      "
+			"himiko.vs.mythic-beasts.com.\n"
+			"himiko.vs.mythic-beasts.com.     3600000 IN      A    "
+			"   46.235.229.165\n"
+			"himiko.vs.mythic-beasts.com.     3600000 IN      AAAA "
+			"   2a00:1098:9a::1\n";
 
 static struct upcoming {
 	const dns_name_t name;
 	dns_rdatatype_t type;
 	isc_stdtime_t time;
-} upcoming[] = { {
-			 .name = DNS_NAME_INITABSOLUTE(b_data),
-			 .type = dns_rdatatype_a,
-			 .time = 1701086400 /* November 27 2023, 12:00 UTC */
-		 },
-		 {
-			 .name = DNS_NAME_INITABSOLUTE(b_data),
-			 .type = dns_rdatatype_aaaa,
-			 .time = 1701086400 /* November 27 2023, 12:00 UTC */
-		 } };
+} upcoming[] = { 0 };
 
 static isc_result_t
 in_rootns(dns_rdataset_t *rootns, dns_name_t *name) {

lib/dns/sqisignhd_link.c

@@ -0,0 +1,441 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#define ENABLE_SIGN
+
+#define SQISIGN_BUILD_TYPE_REF 1
+#define SQISIGN_VARIANT	       lvl1
+
+#include <sig.h>
+
+#include <isc/mem.h>
+#include <isc/safe.h>
+#include <isc/util.h>
+
+#include <dns/keyvalues.h>
+
+#include "dst_internal.h"
+#include "dst_parse.h"
+#include "isc/result.h"
+
+static isc_result_t
+dst__sqisign_createctx(dst_key_t *key ISC_ATTR_UNUSED, dst_context_t *dctx) {
+	REQUIRE(dctx != NULL && dctx->key != NULL);
+	REQUIRE(dctx->key->key_alg == DST_ALG_SQISIGN);
+
+	isc_buffer_t *buf = NULL;
+
+	isc_buffer_allocate(dctx->mctx, &buf, 64);
+	dctx->ctxdata.generic = buf;
+
+	return ISC_R_SUCCESS;
+}
+
+static void
+dst__sqisign_destroyctx(dst_context_t *dctx) {
+	REQUIRE(dctx != NULL && dctx->key != NULL);
+	REQUIRE(dctx->key->key_alg == DST_ALG_SQISIGN);
+
+	isc_buffer_t *buf = dctx->ctxdata.generic;
+	if (buf != NULL) {
+		isc_buffer_free(&buf);
+		dctx->ctxdata.generic = NULL;
+	}
+}
+
+static isc_result_t
+dst__sqisign_adddata(dst_context_t *dctx, const isc_region_t *data) {
+	REQUIRE(dctx != NULL && dctx->key != NULL);
+	REQUIRE(dctx->key->key_alg == DST_ALG_SQISIGN);
+
+	isc_buffer_t *buf = dctx->ctxdata.generic;
+	isc_result_t result = isc_buffer_copyregion(buf, data);
+	INSIST(result == ISC_R_SUCCESS);
+
+	return ISC_R_SUCCESS;
+}
+
+static isc_result_t
+dst__sqisign_sign(dst_context_t *dctx, isc_buffer_t *sig) {
+	REQUIRE(dctx != NULL && dctx->key != NULL);
+	REQUIRE(dctx->key->key_alg == DST_ALG_SQISIGN);
+
+	isc_result_t result = ISC_R_UNSET;
+	dst_key_t *key = dctx->key;
+	isc_buffer_t *buf = dctx->ctxdata.generic;
+	isc_region_t tbsreg;
+	isc_region_t sigreg;
+	unsigned long long siglen;
+	uint8_t *sigbuf = NULL;
+
+	isc_buffer_availableregion(sig, &sigreg);
+	if (sigreg.length < DNS_SIG_SQISIGNSIZE) {
+		result = ISC_R_NOSPACE;
+		goto done;
+	}
+
+	isc_buffer_usedregion(buf, &tbsreg);
+
+	sigbuf = isc_mem_get(dctx->mctx, DNS_SIG_SQISIGNSIZE + tbsreg.length);
+	int status = sqisign_sign(sigbuf, &siglen, tbsreg.base, tbsreg.length,
+				  key->keydata.keypair.priv);
+	if (status != 0) {
+		result = DST_R_SIGNFAILURE;
+		isc_log_write(dctx->category, DNS_LOGMODULE_CRYPTO,
+			      ISC_LOG_WARNING,
+			      "sqisign_sign (%s:%d) failed (%s)", __FILE__,
+			      __LINE__, isc_result_totext(result));
+		goto done;
+	}
+	isc_buffer_putmem(sig, sigbuf, DNS_SIG_SQISIGNSIZE);
+	result = ISC_R_SUCCESS;
+
+done:
+	if (sigbuf != NULL) {
+		isc_mem_put(dctx->mctx, sigbuf,
+			    DNS_SIG_SQISIGNSIZE + tbsreg.length);
+	}
+	isc_buffer_free(&buf);
+	dctx->ctxdata.generic = NULL;
+
+	return result;
+}
+
+static isc_result_t
+dst__sqisign_verify(dst_context_t *dctx, int maxbits ISC_ATTR_UNUSED,
+		    const isc_region_t *sigreg) {
+	REQUIRE(dctx != NULL && dctx->key != NULL);
+	REQUIRE(dctx->key->key_alg == DST_ALG_SQISIGN);
+
+	isc_result_t result = ISC_R_UNSET;
+	dst_key_t *key = dctx->key;
+	isc_buffer_t *buf = dctx->ctxdata.generic;
+	isc_region_t tbsreg;
+
+	if (sigreg->length != DNS_SIG_SQISIGNSIZE) {
+		result = DST_R_VERIFYFAILURE;
+		goto done;
+	}
+
+	isc_buffer_usedregion(buf, &tbsreg);
+
+	int status = sqisign_verify(tbsreg.base, tbsreg.length, sigreg->base,
+				    sigreg->length, key->keydata.keypair.pub);
+	if (status != 0) {
+		result = DST_R_VERIFYFAILURE;
+		/* FIXME: Is it really a warning if the verification fails */
+		isc_log_write(dctx->category, DNS_LOGMODULE_CRYPTO,
+			      ISC_LOG_WARNING,
+			      "sqisign_verify (%s:%d) failed (%s)", __FILE__,
+			      __LINE__, isc_result_totext(result));
+		goto done;
+	}
+
+	result = ISC_R_SUCCESS;
+
+done:
+	isc_buffer_free(&buf);
+	dctx->ctxdata.generic = NULL;
+
+	return result;
+}
+
+static bool
+dst__sqisign_compare(const dst_key_t *key1, const dst_key_t *key2) {
+	uint8_t *pk1 = key1->keydata.keypair.pub;
+	uint8_t *pk2 = key2->keydata.keypair.pub;
+
+	uint8_t *sk1 = key1->keydata.keypair.priv;
+	uint8_t *sk2 = key2->keydata.keypair.priv;
+
+	if ((pk1 == pk2) && (sk1 == sk2)) {
+		/* The keys are identical or all NULL */
+		return true;
+	} else if (pk1 == NULL || pk2 == NULL) {
+		return false;
+	}
+
+	if (memcmp(pk1, pk2, DNS_KEY_SQISIGNSIZE) != 0) {
+		return false;
+	}
+
+	if (sk1 == sk2) {
+		/* The keys are identical or both NULL */
+		return true;
+	} else if (sk1 == NULL || sk1 == NULL) {
+		return false;
+	}
+
+	if (memcmp(sk1, sk2, DNS_SEC_SQISIGNSIZE) != 0) {
+		return false;
+	}
+
+	return true;
+}
+
+static isc_result_t
+dst__sqisign_generate(dst_key_t *key, int unused ISC_ATTR_UNUSED,
+		      void (*callback ISC_ATTR_UNUSED)(int)) {
+	REQUIRE(key != NULL);
+	REQUIRE(key->key_alg == DST_ALG_SQISIGN);
+	REQUIRE(key->keydata.keypair.pub == NULL &&
+		key->keydata.keypair.priv == NULL);
+
+	isc_result_t result = ISC_R_UNSET;
+	uint8_t *pk = isc_mem_get(key->mctx, DNS_KEY_SQISIGNSIZE);
+	uint8_t *sk = isc_mem_get(key->mctx, DNS_SEC_SQISIGNSIZE);
+
+	int status = sqisign_keypair(pk, sk);
+	if (status != 0) {
+		result = DST_R_CRYPTOFAILURE;
+		isc_log_write(DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_CRYPTO,
+			      ISC_LOG_WARNING,
+			      "sqisign_keypair (%s:%d) failed (%s)", __FILE__,
+			      __LINE__, isc_result_totext(result));
+		goto done;
+	}
+
+	key->keydata.keypair.pub = pk;
+	key->keydata.keypair.priv = sk;
+	key->key_size = DNS_KEY_SQISIGNSIZE * 8;
+
+	result = ISC_R_SUCCESS;
+
+done:
+	if (result != ISC_R_SUCCESS) {
+		isc_mem_put(key->mctx, pk, DNS_KEY_SQISIGNSIZE);
+	}
+
+	return ISC_R_SUCCESS;
+}
+
+static isc_result_t
+dst__sqisign_todns(const dst_key_t *key, isc_buffer_t *data) {
+	REQUIRE(key != NULL);
+	REQUIRE(key->key_alg == DST_ALG_SQISIGN);
+
+	uint8_t *pk = key->keydata.keypair.pub;
+	isc_region_t r;
+
+	isc_buffer_availableregion(data, &r);
+	if (r.length < DNS_KEY_SQISIGNSIZE) {
+		return ISC_R_NOSPACE;
+	}
+
+	isc_buffer_putmem(data, pk, DNS_KEY_SQISIGNSIZE);
+
+	return ISC_R_SUCCESS;
+}
+
+static isc_result_t
+dst__sqisign_fromdns(dst_key_t *key, isc_buffer_t *data) {
+	REQUIRE(key != NULL);
+	REQUIRE(key->key_alg == DST_ALG_SQISIGN);
+	REQUIRE(key->keydata.keypair.pub == NULL);
+
+	isc_region_t r;
+
+	isc_buffer_remainingregion(data, &r);
+	if (r.length == 0) {
+		return ISC_R_SUCCESS;
+	}
+	INSIST(r.length == DNS_KEY_SQISIGNSIZE);
+
+	key->keydata.keypair.pub = isc_mem_get(key->mctx, DNS_KEY_SQISIGNSIZE);
+	memmove(key->keydata.keypair.pub, r.base, r.length);
+	key->key_size = DNS_KEY_SQISIGNSIZE * 8;
+
+	return ISC_R_SUCCESS;
+}
+
+static bool
+dst__sqisign_isprivate(const dst_key_t *key) {
+	return key->keydata.keypair.priv != NULL;
+}
+
+static void
+dst__sqisign_destroy(dst_key_t *key) {
+	REQUIRE(key != NULL);
+	REQUIRE(key->key_alg == DST_ALG_SQISIGN);
+	REQUIRE(key->keydata.keypair.pub != NULL);
+
+	if (key->keydata.keypair.priv != NULL) {
+		isc_mem_put(key->mctx, key->keydata.keypair.priv,
+			    DNS_SEC_SQISIGNSIZE);
+	}
+
+	isc_mem_put(key->mctx, key->keydata.keypair.pub, DNS_KEY_SQISIGNSIZE);
+}
+
+static isc_result_t
+dst__sqisign_tofile(const dst_key_t *key, const char *directory) {
+	REQUIRE(key != NULL);
+	REQUIRE(key->key_alg == DST_ALG_SQISIGN);
+
+	dst_private_t priv;
+	int i = 0;
+
+	if (key->keydata.pkeypair.pub == NULL) {
+		return DST_R_NULLKEY;
+	}
+
+	INSIST(!key->external);
+
+	priv.elements[i].tag = TAG_SQISIGN_PUBLICKEY;
+	priv.elements[i].length = DNS_KEY_SQISIGNSIZE;
+	priv.elements[i].data = key->keydata.keypair.pub;
+	i++;
+
+	if (dst_key_isprivate(key)) {
+		priv.elements[i].tag = TAG_SQISIGN_SECRETKEY;
+		priv.elements[i].length = DNS_SEC_SQISIGNSIZE;
+		priv.elements[i].data = key->keydata.keypair.priv;
+		i++;
+	}
+
+	priv.nelements = i;
+
+	return dst__privstruct_writefile(key, &priv, directory);
+}
+
+static isc_result_t
+dst__sqisign_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
+	REQUIRE(key != NULL);
+	REQUIRE(key->key_alg == DST_ALG_SQISIGN);
+	REQUIRE(key->keydata.keypair.pub == NULL &&
+		key->keydata.keypair.priv == NULL);
+
+	isc_result_t result = ISC_R_UNSET;
+	dst_private_t priv;
+	uint8_t *pk = isc_mem_get(key->mctx, DNS_KEY_SQISIGNSIZE);
+	uint8_t *sk = isc_mem_get(key->mctx, DNS_SEC_SQISIGNSIZE);
+
+	result = dst__privstruct_parse(key, DST_ALG_SQISIGN, lexer, key->mctx,
+				       &priv);
+	if (result != ISC_R_SUCCESS) {
+		goto done;
+	}
+
+	if (key->external) {
+		if (priv.nelements != 0 || pub == NULL) {
+			result = DST_R_INVALIDPRIVATEKEY;
+			goto done;
+		}
+
+		key->keydata.pkeypair.priv = pub->keydata.pkeypair.priv;
+		key->keydata.pkeypair.pub = pub->keydata.pkeypair.pub;
+		pub->keydata.pkeypair.priv = NULL;
+		pub->keydata.pkeypair.pub = NULL;
+
+		result = ISC_R_SUCCESS;
+		goto done;
+	}
+
+	for (size_t i = 0; i < priv.nelements; i++) {
+		switch (priv.elements[i].tag) {
+		case TAG_SQISIGN_PUBLICKEY:
+			if (priv.elements[i].length != DNS_KEY_SQISIGNSIZE) {
+				result = DST_R_INVALIDPUBLICKEY;
+				goto done;
+			}
+			memmove(pk, priv.elements[i].data, DNS_KEY_SQISIGNSIZE);
+			break;
+		case TAG_SQISIGN_SECRETKEY:
+			if (priv.elements[i].length != DNS_SEC_SQISIGNSIZE) {
+				result = DST_R_INVALIDPRIVATEKEY;
+				goto done;
+			}
+			memmove(sk, priv.elements[i].data, DNS_SEC_SQISIGNSIZE);
+			break;
+		default:
+			break;
+		}
+	}
+
+	if (pk == NULL) {
+		result = DST_R_INVALIDPUBLICKEY;
+		goto done;
+	}
+
+	if (sk == NULL) {
+		result = DST_R_INVALIDPRIVATEKEY;
+		goto done;
+	}
+
+	key->keydata.keypair.priv = sk;
+	key->keydata.keypair.pub = pk;
+	key->key_size = DNS_KEY_SQISIGNSIZE * 8;
+
+	result = ISC_R_SUCCESS;
+
+done:
+	if (result != ISC_R_SUCCESS) {
+		isc_safe_memwipe(pk, DNS_KEY_SQISIGNSIZE);
+		isc_mem_put(key->mctx, pk, DNS_KEY_SQISIGNSIZE);
+
+		isc_safe_memwipe(sk, DNS_SEC_SQISIGNSIZE);
+		isc_mem_put(key->mctx, sk, DNS_SEC_SQISIGNSIZE);
+	}
+
+	dst__privstruct_free(&priv, key->mctx);
+	isc_safe_memwipe(&priv, sizeof(priv));
+
+	return result;
+}
+
+static dst_func_t dst__sqisign_functions = {
+	dst__sqisign_createctx,
+	dst__sqisign_destroyctx,
+	dst__sqisign_adddata,
+	dst__sqisign_sign,
+	dst__sqisign_verify,
+	dst__sqisign_compare,
+	dst__sqisign_generate,
+	dst__sqisign_isprivate,
+	dst__sqisign_destroy,
+	dst__sqisign_todns,
+	dst__sqisign_fromdns,
+	dst__sqisign_tofile,
+	dst__sqisign_parse,
+	NULL, /*%< fromlabel */
+	NULL, /*%< dump */
+	NULL, /*%< restore */
+};
+
+static isc_result_t
+check_algorithm(unsigned char algorithm) {
+	switch (algorithm) {
+	case DST_ALG_SQISIGN:
+		break;
+	default:
+		return ISC_R_NOTIMPLEMENTED;
+	}
+
+	/*
+	 * TODO: check that we can verify SQISignHD signature
+	 * like we do with the other algorithms.
+	 */
+
+	return ISC_R_SUCCESS;
+}
+
+void
+dst__sqisign_init(dst_func_t **funcp, unsigned char algorithm) {
+	REQUIRE(funcp != NULL);
+
+	if (*funcp == NULL) {
+		if (check_algorithm(algorithm) == ISC_R_SUCCESS) {
+			*funcp = &dst__sqisign_functions;
+		}
+	}
+}

lib/dns/tsig.c

@@ -631,8 +631,8 @@ dns_tsig_sign(dns_message_t *msg) {
 		 * has validated at this point. This is why we include a
 		 * MAC length > 0 in the reply.
 		 */
-		result = dst_context_create(
-			key->key, mctx, DNS_LOGCATEGORY_DNSSEC, true, 0, &ctx);
+		result = dst_context_create(key->key, mctx,
+					    DNS_LOGCATEGORY_DNSSEC, true, &ctx);
 		if (result != ISC_R_SUCCESS) {
 			return result;
 		}
@@ -1005,7 +1005,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
 		sig_r.length = tsig.siglen;
 
 		result = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC,
-					    false, 0, &ctx);
+					    false, &ctx);
 		if (result != ISC_R_SUCCESS) {
 			return result;
 		}
@@ -1117,7 +1117,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
 			}
 		}
 
-		result = dst_context_verify(ctx, &sig_r);
+		result = dst_context_verify(ctx, 0, &sig_r);
 		if (result == DST_R_VERIFYFAILURE) {
 			result = DNS_R_TSIGVERIFYFAILURE;
 			tsig_log(msg->tsigkey, 2,
@@ -1308,7 +1308,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
 
 	if (msg->tsigctx == NULL) {
 		result = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC,
-					    false, 0, &msg->tsigctx);
+					    false, &msg->tsigctx);
 		if (result != ISC_R_SUCCESS) {
 			goto cleanup_querystruct;
 		}
@@ -1420,7 +1420,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
 			goto cleanup_context;
 		}
 
-		result = dst_context_verify(msg->tsigctx, &sig_r);
+		result = dst_context_verify(msg->tsigctx, 0, &sig_r);
 		if (result == DST_R_VERIFYFAILURE) {
 			tsig_log(msg->tsigkey, 2,
 				 "signature failed to verify(2)");

lib/isccfg/kaspconf.c

@@ -278,6 +278,7 @@ cfg_kaspkey_fromconfig(const cfg_obj_t *config, dns_kasp_t *kasp,
 			case DNS_KEYALG_ECDSA384:
 			case DNS_KEYALG_ED25519:
 			case DNS_KEYALG_ED448:
+			case DNS_KEYALG_SQISIGN:
 				cfg_obj_log(obj, ISC_LOG_WARNING,
 					    "dnssec-policy: key algorithm %s "
 					    "has predefined length; ignoring "

tests/dns/dst_test.c

@@ -188,12 +188,12 @@ check_sig(const char *datapath, const char *sigpath, const char *keyname,
 	isc_buffer_remainingregion(&sigbuf, &sigreg);
 
 	result = dst_context_create(key, mctx, DNS_LOGCATEGORY_GENERAL, false,
-				    0, &ctx);
+				    &ctx);
 	assert_int_equal(result, ISC_R_SUCCESS);
 
 	result = dst_context_adddata(ctx, &datareg);
 	assert_int_equal(result, ISC_R_SUCCESS);
-	result = dst_context_verify(ctx, &sigreg);
+	result = dst_context_verify(ctx, 0, &sigreg);
 
 	/*
 	 * Compute the expected signature and emit it
@@ -206,7 +206,7 @@ check_sig(const char *datapath, const char *sigpath, const char *keyname,
 
 		dst_context_destroy(&ctx);
 		result2 = dst_context_create(key, mctx, DNS_LOGCATEGORY_GENERAL,
-					     false, 0, &ctx);
+					     false, &ctx);
 		assert_int_equal(result2, ISC_R_SUCCESS);
 
 		result2 = dst_context_adddata(ctx, &datareg);

tests/dns/rsa_test.c

@@ -145,7 +145,7 @@ ISC_RUN_TEST_IMPL(isc_rsa_verify) {
 		key->key_alg = DST_ALG_RSASHA1;
 
 		ret = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC,
-					 false, 0, &ctx);
+					 false, &ctx);
 		assert_int_equal(ret, ISC_R_SUCCESS);
 
 		r.base = d;
@@ -155,7 +155,7 @@ ISC_RUN_TEST_IMPL(isc_rsa_verify) {
 
 		r.base = sigsha1;
 		r.length = 256;
-		ret = dst_context_verify(ctx, &r);
+		ret = dst_context_verify(ctx, 0, &r);
 		assert_int_equal(ret, ISC_R_SUCCESS);
 
 		dst_context_destroy(&ctx);
@@ -176,7 +176,7 @@ ISC_RUN_TEST_IMPL(isc_rsa_verify) {
 
 	r.base = sigsha256;
 	r.length = 256;
-	ret = dst_context_verify(ctx, &r);
+	ret = dst_context_verify(ctx, 0, &r);
 	assert_int_equal(ret, ISC_R_SUCCESS);
 
 	dst_context_destroy(&ctx);
@@ -196,7 +196,7 @@ ISC_RUN_TEST_IMPL(isc_rsa_verify) {
 
 	r.base = sigsha512;
 	r.length = 256;
-	ret = dst_context_verify(ctx, &r);
+	ret = dst_context_verify(ctx, 0, &r);
 	assert_int_equal(ret, ISC_R_SUCCESS);
 
 	dst_context_destroy(&ctx);

tests/dns/tsig_test.c

@@ -324,7 +324,7 @@ tsig_tcp(isc_stdtime_t now, isc_result_t expected_result, bool mangle_sig) {
 	dns_message_detach(&msg);
 
 	result = dst_context_create(key->key, mctx, DNS_LOGCATEGORY_DNSSEC,
-				    false, 0, &outctx);
+				    false, &outctx);
 	assert_int_equal(result, ISC_R_SUCCESS);
 	assert_non_null(outctx);