search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Remove building with NOCRYPTO option
[minix.git] / external / bsd / bind / dist / lib / dns / pkcs11dsa_link.c
blobe647474bb68d7e0be7033ea3491800f35ba87097
1 /* $NetBSD: pkcs11dsa_link.c,v 1.1.1.5 2015/09/03 07:21:36 christos Exp $ */
2
3 /*
4 * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
5 *
6 * Permission to use, copy, modify, and/or distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
11 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
12 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
13 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
14 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
16 * PERFORMANCE OF THIS SOFTWARE.
17 */
18
19 /* Id */
20
21 #ifdef PKCS11CRYPTO
22
23 #include <config.h>
24
25 #include <string.h>
26
27 #include <isc/entropy.h>
28 #include <isc/mem.h>
29 #include <isc/sha1.h>
30 #include <isc/util.h>
31
32 #include <dst/result.h>
33
34 #include "dst_internal.h"
35 #include "dst_parse.h"
36 #include "dst_pkcs11.h"
37
38 #include <pk11/internal.h>
39
40 /*
41 * FIPS 186-2 DSA keys:
42 * mechanisms:
43 * CKM_DSA_SHA1,
44 * CKM_DSA_KEY_PAIR_GEN,
45 * CKM_DSA_PARAMETER_GEN
46 * domain parameters:
47 * object class CKO_DOMAIN_PARAMETERS
48 * key type CKK_DSA
49 * attribute CKA_PRIME (prime p)
50 * attribute CKA_SUBPRIME (subprime q)
51 * attribute CKA_BASE (base g)
52 * optional attribute CKA_PRIME_BITS (p length in bits)
53 * public keys:
54 * object class CKO_PUBLIC_KEY
55 * key type CKK_DSA
56 * attribute CKA_PRIME (prime p)
57 * attribute CKA_SUBPRIME (subprime q)
58 * attribute CKA_BASE (base g)
59 * attribute CKA_VALUE (public value y)
60 * private keys:
61 * object class CKO_PRIVATE_KEY
62 * key type CKK_DSA
63 * attribute CKA_PRIME (prime p)
64 * attribute CKA_SUBPRIME (subprime q)
65 * attribute CKA_BASE (base g)
66 * attribute CKA_VALUE (private value x)
67 * reuse CKA_PRIVATE_EXPONENT for key pair private value
68 */
69
70 #define CKA_VALUE2 CKA_PRIVATE_EXPONENT
71
72 #define DST_RET(a) {ret = a; goto err;}
73
74 static CK_BBOOL truevalue = TRUE;
75 static CK_BBOOL falsevalue = FALSE;
76
77 static isc_result_t pkcs11dsa_todns(const dst_key_t *key, isc_buffer_t *data);
78 static void pkcs11dsa_destroy(dst_key_t *key);
79
80 static isc_result_t
81 pkcs11dsa_createctx_sign(dst_key_t *key, dst_context_t *dctx) {
82 CK_RV rv;
83 CK_MECHANISM mech = { CKM_DSA_SHA1, NULL, 0 };
84 CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY;
85 CK_KEY_TYPE keyType = CKK_DSA;
86 CK_ATTRIBUTE keyTemplate[] =
87 {
88 { CKA_CLASS, &keyClass, (CK_ULONG) sizeof(keyClass) },
89 { CKA_KEY_TYPE, &keyType, (CK_ULONG) sizeof(keyType) },
90 { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
91 { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
92 { CKA_SENSITIVE, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
93 { CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) },
94 { CKA_PRIME, NULL, 0 },
95 { CKA_SUBPRIME, NULL, 0 },
96 { CKA_BASE, NULL, 0 },
97 { CKA_VALUE, NULL, 0 }
98 };
99 CK_ATTRIBUTE *attr;
100 pk11_object_t *dsa;
101 pk11_context_t *pk11_ctx;
102 isc_result_t ret;
103 unsigned int i;
104
105 pk11_ctx = (pk11_context_t *) isc_mem_get(dctx->mctx,
106 sizeof(*pk11_ctx));
107 if (pk11_ctx == NULL)
108 return (ISC_R_NOMEMORY);
109 ret = pk11_get_session(pk11_ctx, OP_DSA, ISC_TRUE, ISC_FALSE,
110 ISC_FALSE, NULL, pk11_get_best_token(OP_DSA));
111 if (ret != ISC_R_SUCCESS)
112 goto err;
113
114 dsa = key->keydata.pkey;
115 if (dsa->ontoken && (dsa->object != CK_INVALID_HANDLE)) {
116 pk11_ctx->ontoken = dsa->ontoken;
117 pk11_ctx->object = dsa->object;
118 goto token_key;
119 }
120
121 for (attr = pk11_attribute_first(dsa);
122 attr != NULL;
123 attr = pk11_attribute_next(dsa, attr))
124 switch (attr->type) {
125 case CKA_PRIME:
126 INSIST(keyTemplate[6].type == attr->type);
127 keyTemplate[6].pValue = isc_mem_get(dctx->mctx,
128 attr->ulValueLen);
129 if (keyTemplate[6].pValue == NULL)
130 DST_RET(ISC_R_NOMEMORY);
131 memmove(keyTemplate[6].pValue, attr->pValue,
132 attr->ulValueLen);
133 keyTemplate[6].ulValueLen = attr->ulValueLen;
134 break;
135 case CKA_SUBPRIME:
136 INSIST(keyTemplate[7].type == attr->type);
137 keyTemplate[7].pValue = isc_mem_get(dctx->mctx,
138 attr->ulValueLen);
139 if (keyTemplate[7].pValue == NULL)
140 DST_RET(ISC_R_NOMEMORY);
141 memmove(keyTemplate[7].pValue, attr->pValue,
142 attr->ulValueLen);
143 keyTemplate[7].ulValueLen = attr->ulValueLen;
144 break;
145 case CKA_BASE:
146 INSIST(keyTemplate[8].type == attr->type);
147 keyTemplate[8].pValue = isc_mem_get(dctx->mctx,
148 attr->ulValueLen);
149 if (keyTemplate[8].pValue == NULL)
150 DST_RET(ISC_R_NOMEMORY);
151 memmove(keyTemplate[8].pValue, attr->pValue,
152 attr->ulValueLen);
153 keyTemplate[8].ulValueLen = attr->ulValueLen;
154 break;
155 case CKA_VALUE2:
156 INSIST(keyTemplate[9].type == CKA_VALUE);
157 keyTemplate[9].pValue = isc_mem_get(dctx->mctx,
158 attr->ulValueLen);
159 if (keyTemplate[9].pValue == NULL)
160 DST_RET(ISC_R_NOMEMORY);
161 memmove(keyTemplate[9].pValue, attr->pValue,
162 attr->ulValueLen);
163 keyTemplate[9].ulValueLen = attr->ulValueLen;
164 break;
165 }
166 pk11_ctx->object = CK_INVALID_HANDLE;
167 pk11_ctx->ontoken = ISC_FALSE;
168 PK11_RET(pkcs_C_CreateObject,
169 (pk11_ctx->session,
170 keyTemplate, (CK_ULONG) 10,
171 &pk11_ctx->object),
172 ISC_R_FAILURE);
173
174 token_key:
175
176 PK11_RET(pkcs_C_SignInit,
177 (pk11_ctx->session, &mech, pk11_ctx->object),
178 ISC_R_FAILURE);
179
180 dctx->ctxdata.pk11_ctx = pk11_ctx;
181
182 for (i = 6; i <= 9; i++)
183 if (keyTemplate[i].pValue != NULL) {
184 memset(keyTemplate[i].pValue, 0,
185 keyTemplate[i].ulValueLen);
186 isc_mem_put(dctx->mctx,
187 keyTemplate[i].pValue,
188 keyTemplate[i].ulValueLen);
189 }
190
191 return (ISC_R_SUCCESS);
192
193 err:
194 if (!pk11_ctx->ontoken && (pk11_ctx->object != CK_INVALID_HANDLE))
195 (void) pkcs_C_DestroyObject(pk11_ctx->session, pk11_ctx->object);
196 for (i = 6; i <= 9; i++)
197 if (keyTemplate[i].pValue != NULL) {
198 memset(keyTemplate[i].pValue, 0,
199 keyTemplate[i].ulValueLen);
200 isc_mem_put(dctx->mctx,
201 keyTemplate[i].pValue,
202 keyTemplate[i].ulValueLen);
203 }
204 pk11_return_session(pk11_ctx);
205 memset(pk11_ctx, 0, sizeof(*pk11_ctx));
206 isc_mem_put(dctx->mctx, pk11_ctx, sizeof(*pk11_ctx));
207
208 return (ret);
209 }
210
211 static isc_result_t
212 pkcs11dsa_createctx_verify(dst_key_t *key, dst_context_t *dctx) {
213 CK_RV rv;
214 CK_MECHANISM mech = { CKM_DSA_SHA1, NULL, 0 };
215 CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY;
216 CK_KEY_TYPE keyType = CKK_DSA;
217 CK_ATTRIBUTE keyTemplate[] =
218 {
219 { CKA_CLASS, &keyClass, (CK_ULONG) sizeof(keyClass) },
220 { CKA_KEY_TYPE, &keyType, (CK_ULONG) sizeof(keyType) },
221 { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
222 { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
223 { CKA_VERIFY, &truevalue, (CK_ULONG) sizeof(truevalue) },
224 { CKA_PRIME, NULL, 0 },
225 { CKA_SUBPRIME, NULL, 0 },
226 { CKA_BASE, NULL, 0 },
227 { CKA_VALUE, NULL, 0 }
228 };
229 CK_ATTRIBUTE *attr;
230 pk11_object_t *dsa;
231 pk11_context_t *pk11_ctx;
232 isc_result_t ret;
233 unsigned int i;
234
235 pk11_ctx = (pk11_context_t *) isc_mem_get(dctx->mctx,
236 sizeof(*pk11_ctx));
237 if (pk11_ctx == NULL)
238 return (ISC_R_NOMEMORY);
239 ret = pk11_get_session(pk11_ctx, OP_DSA, ISC_TRUE, ISC_FALSE,
240 ISC_FALSE, NULL, pk11_get_best_token(OP_DSA));
241 if (ret != ISC_R_SUCCESS)
242 goto err;
243
244 dsa = key->keydata.pkey;
245 if (dsa->ontoken && (dsa->object != CK_INVALID_HANDLE)) {
246 pk11_ctx->ontoken = dsa->ontoken;
247 pk11_ctx->object = dsa->object;
248 goto token_key;
249 }
250
251 for (attr = pk11_attribute_first(dsa);
252 attr != NULL;
253 attr = pk11_attribute_next(dsa, attr))
254 switch (attr->type) {
255 case CKA_PRIME:
256 INSIST(keyTemplate[5].type == attr->type);
257 keyTemplate[5].pValue = isc_mem_get(dctx->mctx,
258 attr->ulValueLen);
259 if (keyTemplate[5].pValue == NULL)
260 DST_RET(ISC_R_NOMEMORY);
261 memmove(keyTemplate[5].pValue, attr->pValue,
262 attr->ulValueLen);
263 keyTemplate[5].ulValueLen = attr->ulValueLen;
264 break;
265 case CKA_SUBPRIME:
266 INSIST(keyTemplate[6].type == attr->type);
267 keyTemplate[6].pValue = isc_mem_get(dctx->mctx,
268 attr->ulValueLen);
269 if (keyTemplate[6].pValue == NULL)
270 DST_RET(ISC_R_NOMEMORY);
271 memmove(keyTemplate[6].pValue, attr->pValue,
272 attr->ulValueLen);
273 keyTemplate[6].ulValueLen = attr->ulValueLen;
274 break;
275 case CKA_BASE:
276 INSIST(keyTemplate[7].type == attr->type);
277 keyTemplate[7].pValue = isc_mem_get(dctx->mctx,
278 attr->ulValueLen);
279 if (keyTemplate[7].pValue == NULL)
280 DST_RET(ISC_R_NOMEMORY);
281 memmove(keyTemplate[7].pValue, attr->pValue,
282 attr->ulValueLen);
283 keyTemplate[7].ulValueLen = attr->ulValueLen;
284 break;
285 case CKA_VALUE:
286 INSIST(keyTemplate[8].type == attr->type);
287 keyTemplate[8].pValue = isc_mem_get(dctx->mctx,
288 attr->ulValueLen);
289 if (keyTemplate[8].pValue == NULL)
290 DST_RET(ISC_R_NOMEMORY);
291 memmove(keyTemplate[8].pValue, attr->pValue,
292 attr->ulValueLen);
293 keyTemplate[8].ulValueLen = attr->ulValueLen;
294 break;
295 }
296 pk11_ctx->object = CK_INVALID_HANDLE;
297 pk11_ctx->ontoken = ISC_FALSE;
298 PK11_RET(pkcs_C_CreateObject,
299 (pk11_ctx->session,
300 keyTemplate, (CK_ULONG) 9,
301 &pk11_ctx->object),
302 ISC_R_FAILURE);
303
304 token_key:
305
306 PK11_RET(pkcs_C_VerifyInit,
307 (pk11_ctx->session, &mech, pk11_ctx->object),
308 ISC_R_FAILURE);
309
310 dctx->ctxdata.pk11_ctx = pk11_ctx;
311
312 for (i = 5; i <= 8; i++)
313 if (keyTemplate[i].pValue != NULL) {
314 memset(keyTemplate[i].pValue, 0,
315 keyTemplate[i].ulValueLen);
316 isc_mem_put(dctx->mctx,
317 keyTemplate[i].pValue,
318 keyTemplate[i].ulValueLen);
319 }
320
321 return (ISC_R_SUCCESS);
322
323 err:
324 if (!pk11_ctx->ontoken && (pk11_ctx->object != CK_INVALID_HANDLE))
325 (void) pkcs_C_DestroyObject(pk11_ctx->session, pk11_ctx->object);
326 for (i = 5; i <= 8; i++)
327 if (keyTemplate[i].pValue != NULL) {
328 memset(keyTemplate[i].pValue, 0,
329 keyTemplate[i].ulValueLen);
330 isc_mem_put(dctx->mctx,
331 keyTemplate[i].pValue,
332 keyTemplate[i].ulValueLen);
333 }
334 pk11_return_session(pk11_ctx);
335 memset(pk11_ctx, 0, sizeof(*pk11_ctx));
336 isc_mem_put(dctx->mctx, pk11_ctx, sizeof(*pk11_ctx));
337
338 return (ret);
339 }
340
341 static isc_result_t
342 pkcs11dsa_createctx(dst_key_t *key, dst_context_t *dctx) {
343 if (dctx->use == DO_SIGN)
344 return (pkcs11dsa_createctx_sign(key, dctx));
345 else
346 return (pkcs11dsa_createctx_verify(key, dctx));
347 }
348
349 static void
350 pkcs11dsa_destroyctx(dst_context_t *dctx) {
351 pk11_context_t *pk11_ctx = dctx->ctxdata.pk11_ctx;
352
353 if (pk11_ctx != NULL) {
354 if (!pk11_ctx->ontoken &&
355 (pk11_ctx->object != CK_INVALID_HANDLE))
356 (void) pkcs_C_DestroyObject(pk11_ctx->session,
357 pk11_ctx->object);
358 pk11_return_session(pk11_ctx);
359 memset(pk11_ctx, 0, sizeof(*pk11_ctx));
360 isc_mem_put(dctx->mctx, pk11_ctx, sizeof(*pk11_ctx));
361 dctx->ctxdata.pk11_ctx = NULL;
362 }
363 }
364
365 static isc_result_t
366 pkcs11dsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
367 CK_RV rv;
368 pk11_context_t *pk11_ctx = dctx->ctxdata.pk11_ctx;
369 isc_result_t ret = ISC_R_SUCCESS;
370
371 if (dctx->use == DO_SIGN)
372 PK11_CALL(pkcs_C_SignUpdate,
373 (pk11_ctx->session,
374 (CK_BYTE_PTR) data->base,
375 (CK_ULONG) data->length),
376 ISC_R_FAILURE);
377 else
378 PK11_CALL(pkcs_C_VerifyUpdate,
379 (pk11_ctx->session,
380 (CK_BYTE_PTR) data->base,
381 (CK_ULONG) data->length),
382 ISC_R_FAILURE);
383 return (ret);
384 }
385
386 static isc_result_t
387 pkcs11dsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
388 CK_RV rv;
389 CK_ULONG siglen = ISC_SHA1_DIGESTLENGTH * 2;
390 isc_region_t r;
391 pk11_context_t *pk11_ctx = dctx->ctxdata.pk11_ctx;
392 isc_result_t ret = ISC_R_SUCCESS;
393 unsigned int klen;
394
395 isc_buffer_availableregion(sig, &r);
396 if (r.length < ISC_SHA1_DIGESTLENGTH * 2 + 1)
397 return (ISC_R_NOSPACE);
398
399 PK11_RET(pkcs_C_SignFinal,
400 (pk11_ctx->session, (CK_BYTE_PTR) r.base + 1, &siglen),
401 DST_R_SIGNFAILURE);
402 if (siglen != ISC_SHA1_DIGESTLENGTH * 2)
403 return (DST_R_SIGNFAILURE);
404
405 klen = (dctx->key->key_size - 512)/64;
406 if (klen > 255)
407 return (ISC_R_FAILURE);
408 *r.base = klen;
409 isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1);
410
411 err:
412 return (ret);
413 }
414
415 static isc_result_t
416 pkcs11dsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
417 CK_RV rv;
418 pk11_context_t *pk11_ctx = dctx->ctxdata.pk11_ctx;
419 isc_result_t ret = ISC_R_SUCCESS;
420
421 PK11_CALL(pkcs_C_VerifyFinal,
422 (pk11_ctx->session,
423 (CK_BYTE_PTR) sig->base + 1,
424 (CK_ULONG) sig->length - 1),
425 DST_R_VERIFYFAILURE);
426 return (ret);
427 }
428
429 static isc_boolean_t
430 pkcs11dsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
431 pk11_object_t *dsa1, *dsa2;
432 CK_ATTRIBUTE *attr1, *attr2;
433
434 dsa1 = key1->keydata.pkey;
435 dsa2 = key2->keydata.pkey;
436
437 if ((dsa1 == NULL) && (dsa2 == NULL))
438 return (ISC_TRUE);
439 else if ((dsa1 == NULL) || (dsa2 == NULL))
440 return (ISC_FALSE);
441
442 attr1 = pk11_attribute_bytype(dsa1, CKA_PRIME);
443 attr2 = pk11_attribute_bytype(dsa2, CKA_PRIME);
444 if ((attr1 == NULL) && (attr2 == NULL))
445 return (ISC_TRUE);
446 else if ((attr1 == NULL) || (attr2 == NULL) ||
447 (attr1->ulValueLen != attr2->ulValueLen) ||
448 memcmp(attr1->pValue, attr2->pValue, attr1->ulValueLen))
449 return (ISC_FALSE);
450
451 attr1 = pk11_attribute_bytype(dsa1, CKA_SUBPRIME);
452 attr2 = pk11_attribute_bytype(dsa2, CKA_SUBPRIME);
453 if ((attr1 == NULL) && (attr2 == NULL))
454 return (ISC_TRUE);
455 else if ((attr1 == NULL) || (attr2 == NULL) ||
456 (attr1->ulValueLen != attr2->ulValueLen) ||
457 memcmp(attr1->pValue, attr2->pValue, attr1->ulValueLen))
458 return (ISC_FALSE);
459
460 attr1 = pk11_attribute_bytype(dsa1, CKA_BASE);
461 attr2 = pk11_attribute_bytype(dsa2, CKA_BASE);
462 if ((attr1 == NULL) && (attr2 == NULL))
463 return (ISC_TRUE);
464 else if ((attr1 == NULL) || (attr2 == NULL) ||
465 (attr1->ulValueLen != attr2->ulValueLen) ||
466 memcmp(attr1->pValue, attr2->pValue, attr1->ulValueLen))
467 return (ISC_FALSE);
468
469 attr1 = pk11_attribute_bytype(dsa1, CKA_VALUE);
470 attr2 = pk11_attribute_bytype(dsa2, CKA_VALUE);
471 if ((attr1 == NULL) && (attr2 == NULL))
472 return (ISC_TRUE);
473 else if ((attr1 == NULL) || (attr2 == NULL) ||
474 (attr1->ulValueLen != attr2->ulValueLen) ||
475 memcmp(attr1->pValue, attr2->pValue, attr1->ulValueLen))
476 return (ISC_FALSE);
477
478 attr1 = pk11_attribute_bytype(dsa1, CKA_VALUE2);
479 attr2 = pk11_attribute_bytype(dsa2, CKA_VALUE2);
480 if (((attr1 != NULL) || (attr2 != NULL)) &&
481 ((attr1 == NULL) || (attr2 == NULL) ||
482 (attr1->ulValueLen != attr2->ulValueLen) ||
483 memcmp(attr1->pValue, attr2->pValue, attr1->ulValueLen)))
484 return (ISC_FALSE);
485
486 if (!dsa1->ontoken && !dsa2->ontoken)
487 return (ISC_TRUE);
488 else if (dsa1->ontoken || dsa2->ontoken ||
489 (dsa1->object != dsa2->object))
490 return (ISC_FALSE);
491
492 return (ISC_TRUE);
493 }
494
495 static isc_result_t
496 pkcs11dsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
497 CK_RV rv;
498 CK_MECHANISM mech = { CKM_DSA_PARAMETER_GEN, NULL, 0 };
499 CK_OBJECT_HANDLE dp = CK_INVALID_HANDLE;
500 CK_OBJECT_CLASS dpClass = CKO_DOMAIN_PARAMETERS;
501 CK_KEY_TYPE keyType = CKK_DSA;
502 CK_ULONG bits = 0;
503 CK_ATTRIBUTE dpTemplate[] =
504 {
505 { CKA_CLASS, &dpClass, (CK_ULONG) sizeof(dpClass) },
506 { CKA_KEY_TYPE, &keyType, (CK_ULONG) sizeof(keyType) },
507 { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
508 { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
509 { CKA_PRIME_BITS, &bits, (CK_ULONG) sizeof(bits) },
510 };
511 CK_OBJECT_HANDLE pub = CK_INVALID_HANDLE;
512 CK_OBJECT_CLASS pubClass = CKO_PUBLIC_KEY;
513 CK_ATTRIBUTE pubTemplate[] =
514 {
515 { CKA_CLASS, &pubClass, (CK_ULONG) sizeof(pubClass) },
516 { CKA_KEY_TYPE, &keyType, (CK_ULONG) sizeof(keyType) },
517 { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
518 { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
519 { CKA_VERIFY, &truevalue, (CK_ULONG) sizeof(truevalue) },
520 { CKA_PRIME, NULL, 0 },
521 { CKA_SUBPRIME, NULL, 0 },
522 { CKA_BASE, NULL, 0 }
523 };
524 CK_OBJECT_HANDLE priv = CK_INVALID_HANDLE;
525 CK_OBJECT_HANDLE privClass = CKO_PRIVATE_KEY;
526 CK_ATTRIBUTE privTemplate[] =
527 {
528 { CKA_CLASS, &privClass, (CK_ULONG) sizeof(privClass) },
529 { CKA_KEY_TYPE, &keyType, (CK_ULONG) sizeof(keyType) },
530 { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
531 { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
532 { CKA_SENSITIVE, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
533 { CKA_EXTRACTABLE, &truevalue, (CK_ULONG) sizeof(truevalue) },
534 { CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) },
535 };
536 CK_ATTRIBUTE *attr;
537 pk11_object_t *dsa;
538 pk11_context_t *pk11_ctx;
539 isc_result_t ret;
540 unsigned int i;
541
542 UNUSED(unused);
543 UNUSED(callback);
544
545 pk11_ctx = (pk11_context_t *) isc_mem_get(key->mctx,
546 sizeof(*pk11_ctx));
547 if (pk11_ctx == NULL)
548 return (ISC_R_NOMEMORY);
549 ret = pk11_get_session(pk11_ctx, OP_DSA, ISC_TRUE, ISC_FALSE,
550 ISC_FALSE, NULL, pk11_get_best_token(OP_DSA));
551 if (ret != ISC_R_SUCCESS)
552 goto err;
553
554 bits = key->key_size;
555 PK11_RET(pkcs_C_GenerateKey,
556 (pk11_ctx->session, &mech, dpTemplate, (CK_ULONG) 5, &dp),
557 DST_R_CRYPTOFAILURE);
558
559 dsa = (pk11_object_t *) isc_mem_get(key->mctx, sizeof(*dsa));
560 if (dsa == NULL)
561 DST_RET(ISC_R_NOMEMORY);
562 memset(dsa, 0, sizeof(*dsa));
563 key->keydata.pkey = dsa;
564 dsa->repr = (CK_ATTRIBUTE *) isc_mem_get(key->mctx, sizeof(*attr) * 5);
565 if (dsa->repr == NULL)
566 DST_RET(ISC_R_NOMEMORY);
567 memset(dsa->repr, 0, sizeof(*attr) * 5);
568 dsa->attrcnt = 5;
569
570 attr = dsa->repr;
571 attr[0].type = CKA_PRIME;
572 attr[1].type = CKA_SUBPRIME;
573 attr[2].type = CKA_BASE;
574 attr[3].type = CKA_VALUE;
575 attr[4].type = CKA_VALUE2;
576
577 PK11_RET(pkcs_C_GetAttributeValue,
578 (pk11_ctx->session, dp, attr, 3),
579 DST_R_CRYPTOFAILURE);
580
581 for (i = 0; i <= 2; i++) {
582 attr[i].pValue = isc_mem_get(key->mctx, attr[i].ulValueLen);
583 if (attr[i].pValue == NULL)
584 DST_RET(ISC_R_NOMEMORY);
585 memset(attr[i].pValue, 0, attr[i].ulValueLen);
586 }
587 PK11_RET(pkcs_C_GetAttributeValue,
588 (pk11_ctx->session, dp, attr, 3),
589 DST_R_CRYPTOFAILURE);
590 pubTemplate[5].pValue = attr[0].pValue;
591 pubTemplate[5].ulValueLen = attr[0].ulValueLen;
592 pubTemplate[6].pValue = attr[1].pValue;
593 pubTemplate[6].ulValueLen = attr[1].ulValueLen;
594 pubTemplate[7].pValue = attr[2].pValue;
595 pubTemplate[7].ulValueLen = attr[2].ulValueLen;
596
597 mech.mechanism = CKM_DSA_KEY_PAIR_GEN;
598 PK11_RET(pkcs_C_GenerateKeyPair,
599 (pk11_ctx->session, &mech,
600 pubTemplate, (CK_ULONG) 8,
601 privTemplate, (CK_ULONG) 7,
602 &pub, &priv),
603 DST_R_CRYPTOFAILURE);
604
605 attr = dsa->repr;
606 attr += 3;
607 PK11_RET(pkcs_C_GetAttributeValue,
608 (pk11_ctx->session, pub, attr, 1),
609 DST_R_CRYPTOFAILURE);
610 attr->pValue = isc_mem_get(key->mctx, attr->ulValueLen);
611 if (attr->pValue == NULL)
612 DST_RET(ISC_R_NOMEMORY);
613 memset(attr->pValue, 0, attr->ulValueLen);
614 PK11_RET(pkcs_C_GetAttributeValue,
615 (pk11_ctx->session, pub, attr, 1),
616 DST_R_CRYPTOFAILURE);
617
618 attr++;
619 attr->type = CKA_VALUE;
620 PK11_RET(pkcs_C_GetAttributeValue,
621 (pk11_ctx->session, priv, attr, 1),
622 DST_R_CRYPTOFAILURE);
623 attr->pValue = isc_mem_get(key->mctx, attr->ulValueLen);
624 if (attr->pValue == NULL)
625 DST_RET(ISC_R_NOMEMORY);
626 memset(attr->pValue, 0, attr->ulValueLen);
627 PK11_RET(pkcs_C_GetAttributeValue,
628 (pk11_ctx->session, priv, attr, 1),
629 DST_R_CRYPTOFAILURE);
630 attr->type = CKA_VALUE2;
631
632 (void) pkcs_C_DestroyObject(pk11_ctx->session, priv);
633 (void) pkcs_C_DestroyObject(pk11_ctx->session, pub);
634 (void) pkcs_C_DestroyObject(pk11_ctx->session, dp);
635 pk11_return_session(pk11_ctx);
636 memset(pk11_ctx, 0, sizeof(*pk11_ctx));
637 isc_mem_put(key->mctx, pk11_ctx, sizeof(*pk11_ctx));
638
639 return (ISC_R_SUCCESS);
640
641 err:
642 pkcs11dsa_destroy(key);
643 if (priv != CK_INVALID_HANDLE)
644 (void) pkcs_C_DestroyObject(pk11_ctx->session, priv);
645 if (pub != CK_INVALID_HANDLE)
646 (void) pkcs_C_DestroyObject(pk11_ctx->session, pub);
647 if (dp != CK_INVALID_HANDLE)
648 (void) pkcs_C_DestroyObject(pk11_ctx->session, dp);
649 pk11_return_session(pk11_ctx);
650 memset(pk11_ctx, 0, sizeof(*pk11_ctx));
651 isc_mem_put(key->mctx, pk11_ctx, sizeof(*pk11_ctx));
652
653 return (ret);
654 }
655
656 static isc_boolean_t
657 pkcs11dsa_isprivate(const dst_key_t *key) {
658 pk11_object_t *dsa = key->keydata.pkey;
659 CK_ATTRIBUTE *attr;
660
661 if (dsa == NULL)
662 return (ISC_FALSE);
663 attr = pk11_attribute_bytype(dsa, CKA_VALUE2);
664 return (ISC_TF((attr != NULL) || dsa->ontoken));
665 }
666
667 static void
668 pkcs11dsa_destroy(dst_key_t *key) {
669 pk11_object_t *dsa = key->keydata.pkey;
670 CK_ATTRIBUTE *attr;
671
672 if (dsa == NULL)
673 return;
674
675 INSIST((dsa->object == CK_INVALID_HANDLE) || dsa->ontoken);
676
677 for (attr = pk11_attribute_first(dsa);
678 attr != NULL;
679 attr = pk11_attribute_next(dsa, attr))
680 switch (attr->type) {
681 case CKA_PRIME:
682 case CKA_SUBPRIME:
683 case CKA_BASE:
684 case CKA_VALUE:
685 case CKA_VALUE2:
686 if (attr->pValue != NULL) {
687 memset(attr->pValue, 0, attr->ulValueLen);
688 isc_mem_put(key->mctx,
689 attr->pValue,
690 attr->ulValueLen);
691 }
692 break;
693 }
694 if (dsa->repr != NULL) {
695 memset(dsa->repr, 0, dsa->attrcnt * sizeof(*attr));
696 isc_mem_put(key->mctx,
697 dsa->repr,
698 dsa->attrcnt * sizeof(*attr));
699 }
700 memset(dsa, 0, sizeof(*dsa));
701 isc_mem_put(key->mctx, dsa, sizeof(*dsa));
702 key->keydata.pkey = NULL;
703 }
704
705
706 static isc_result_t
707 pkcs11dsa_todns(const dst_key_t *key, isc_buffer_t *data) {
708 pk11_object_t *dsa;
709 CK_ATTRIBUTE *attr;
710 isc_region_t r;
711 int dnslen;
712 unsigned int t, p_bytes;
713 CK_ATTRIBUTE *prime = NULL, *subprime = NULL;
714 CK_ATTRIBUTE *base = NULL, *pub_key = NULL;
715 CK_BYTE *cp;
716
717 REQUIRE(key->keydata.pkey != NULL);
718
719 dsa = key->keydata.pkey;
720
721 for (attr = pk11_attribute_first(dsa);
722 attr != NULL;
723 attr = pk11_attribute_next(dsa, attr))
724 switch (attr->type) {
725 case CKA_PRIME:
726 prime = attr;
727 break;
728 case CKA_SUBPRIME:
729 subprime = attr;
730 break;
731 case CKA_BASE:
732 base = attr;
733 break;
734 case CKA_VALUE:
735 pub_key = attr;
736 break;
737 }
738 REQUIRE((prime != NULL) && (subprime != NULL) &&
739 (base != NULL) && (pub_key != NULL));
740
741 isc_buffer_availableregion(data, &r);
742
743 t = (prime->ulValueLen - 64) / 8;
744 if (t > 8)
745 return (DST_R_INVALIDPUBLICKEY);
746 p_bytes = 64 + 8 * t;
747
748 dnslen = 1 + (key->key_size * 3)/8 + ISC_SHA1_DIGESTLENGTH;
749 if (r.length < (unsigned int) dnslen)
750 return (ISC_R_NOSPACE);
751
752 memset(r.base, 0, dnslen);
753 *r.base = t;
754 isc_region_consume(&r, 1);
755
756 cp = (CK_BYTE *) subprime->pValue;
757 memmove(r.base + ISC_SHA1_DIGESTLENGTH - subprime->ulValueLen,
758 cp, subprime->ulValueLen);
759 isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
760 cp = (CK_BYTE *) prime->pValue;
761 memmove(r.base + key->key_size/8 - prime->ulValueLen,
762 cp, prime->ulValueLen);
763 isc_region_consume(&r, p_bytes);
764 cp = (CK_BYTE *) base->pValue;
765 memmove(r.base + key->key_size/8 - base->ulValueLen,
766 cp, base->ulValueLen);
767 isc_region_consume(&r, p_bytes);
768 cp = (CK_BYTE *) pub_key->pValue;
769 memmove(r.base + key->key_size/8 - pub_key->ulValueLen,
770 cp, pub_key->ulValueLen);
771 isc_region_consume(&r, p_bytes);
772
773 isc_buffer_add(data, dnslen);
774
775 return (ISC_R_SUCCESS);
776 }
777
778 static isc_result_t
779 pkcs11dsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
780 pk11_object_t *dsa;
781 isc_region_t r;
782 unsigned int t, p_bytes;
783 CK_BYTE *prime, *subprime, *base, *pub_key;
784 CK_ATTRIBUTE *attr;
785
786 isc_buffer_remainingregion(data, &r);
787 if (r.length == 0)
788 return (ISC_R_SUCCESS);
789
790 dsa = (pk11_object_t *) isc_mem_get(key->mctx, sizeof(*dsa));
791 if (dsa == NULL)
792 return (ISC_R_NOMEMORY);
793 memset(dsa, 0, sizeof(*dsa));
794
795 t = (unsigned int) *r.base;
796 isc_region_consume(&r, 1);
797 if (t > 8) {
798 memset(dsa, 0, sizeof(*dsa));
799 isc_mem_put(key->mctx, dsa, sizeof(*dsa));
800 return (DST_R_INVALIDPUBLICKEY);
801 }
802 p_bytes = 64 + 8 * t;
803
804 if (r.length < ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) {
805 memset(dsa, 0, sizeof(*dsa));
806 isc_mem_put(key->mctx, dsa, sizeof(*dsa));
807 return (DST_R_INVALIDPUBLICKEY);
808 }
809
810 subprime = r.base;
811 isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
812
813 prime = r.base;
814 isc_region_consume(&r, p_bytes);
815
816 base = r.base;
817 isc_region_consume(&r, p_bytes);
818
819 pub_key = r.base;
820 isc_region_consume(&r, p_bytes);
821
822 key->key_size = p_bytes * 8;
823
824 isc_buffer_forward(data, 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes);
825
826 dsa->repr = (CK_ATTRIBUTE *) isc_mem_get(key->mctx, sizeof(*attr) * 4);
827 if (dsa->repr == NULL)
828 goto nomemory;
829 memset(dsa->repr, 0, sizeof(*attr) * 4);
830 dsa->attrcnt = 4;
831
832 attr = dsa->repr;
833 attr[0].type = CKA_PRIME;
834 attr[0].pValue = isc_mem_get(key->mctx, p_bytes);
835 if (attr[0].pValue == NULL)
836 goto nomemory;
837 memmove(attr[0].pValue, prime, p_bytes);
838 attr[0].ulValueLen = p_bytes;
839
840 attr[1].type = CKA_SUBPRIME;
841 attr[1].pValue = isc_mem_get(key->mctx, ISC_SHA1_DIGESTLENGTH);
842 if (attr[1].pValue == NULL)
843 goto nomemory;
844 memmove(attr[1].pValue, subprime, ISC_SHA1_DIGESTLENGTH);
845 attr[1].ulValueLen = ISC_SHA1_DIGESTLENGTH;
846
847 attr[2].type = CKA_BASE;
848 attr[2].pValue = isc_mem_get(key->mctx, p_bytes);
849 if (attr[2].pValue == NULL)
850 goto nomemory;
851 memmove(attr[2].pValue, base, p_bytes);
852 attr[2].ulValueLen = p_bytes;
853
854 attr[3].type = CKA_VALUE;
855 attr[3].pValue = isc_mem_get(key->mctx, p_bytes);
856 if (attr[3].pValue == NULL)
857 goto nomemory;
858 memmove(attr[3].pValue, pub_key, p_bytes);
859 attr[3].ulValueLen = p_bytes;
860
861 key->keydata.pkey = dsa;
862
863 return (ISC_R_SUCCESS);
864
865 nomemory:
866 for (attr = pk11_attribute_first(dsa);
867 attr != NULL;
868 attr = pk11_attribute_next(dsa, attr))
869 switch (attr->type) {
870 case CKA_PRIME:
871 case CKA_SUBPRIME:
872 case CKA_BASE:
873 case CKA_VALUE:
874 if (attr->pValue != NULL) {
875 memset(attr->pValue, 0, attr->ulValueLen);
876 isc_mem_put(key->mctx,
877 attr->pValue,
878 attr->ulValueLen);
879 }
880 break;
881 }
882 if (dsa->repr != NULL) {
883 memset(dsa->repr, 0, dsa->attrcnt * sizeof(*attr));
884 isc_mem_put(key->mctx,
885 dsa->repr,
886 dsa->attrcnt * sizeof(*attr));
887 }
888 memset(dsa, 0, sizeof(*dsa));
889 isc_mem_put(key->mctx, dsa, sizeof(*dsa));
890 return (ISC_R_NOMEMORY);
891 }
892
893 static isc_result_t
894 pkcs11dsa_tofile(const dst_key_t *key, const char *directory) {
895 int cnt = 0;
896 pk11_object_t *dsa;
897 CK_ATTRIBUTE *attr;
898 CK_ATTRIBUTE *prime = NULL, *subprime = NULL, *base = NULL;
899 CK_ATTRIBUTE *pub_key = NULL, *priv_key = NULL;
900 dst_private_t priv;
901 unsigned char bufs[5][128];
902
903 if (key->keydata.pkey == NULL)
904 return (DST_R_NULLKEY);
905
906 if (key->external) {
907 priv.nelements = 0;
908 return (dst__privstruct_writefile(key, &priv, directory));
909 }
910
911 dsa = key->keydata.pkey;
912
913 for (attr = pk11_attribute_first(dsa);
914 attr != NULL;
915 attr = pk11_attribute_next(dsa, attr))
916 switch (attr->type) {
917 case CKA_PRIME:
918 prime = attr;
919 break;
920 case CKA_SUBPRIME:
921 subprime = attr;
922 break;
923 case CKA_BASE:
924 base = attr;
925 break;
926 case CKA_VALUE:
927 pub_key = attr;
928 break;
929 case CKA_VALUE2:
930 priv_key = attr;
931 break;
932 }
933 if ((prime == NULL) || (subprime == NULL) || (base == NULL) ||
934 (pub_key == NULL) || (priv_key ==NULL))
935 return (DST_R_NULLKEY);
936
937 priv.elements[cnt].tag = TAG_DSA_PRIME;
938 priv.elements[cnt].length = (unsigned short) prime->ulValueLen;
939 memmove(bufs[cnt], prime->pValue, prime->ulValueLen);
940 priv.elements[cnt].data = bufs[cnt];
941 cnt++;
942
943 priv.elements[cnt].tag = TAG_DSA_SUBPRIME;
944 priv.elements[cnt].length = (unsigned short) subprime->ulValueLen;
945 memmove(bufs[cnt], subprime->pValue, subprime->ulValueLen);
946 priv.elements[cnt].data = bufs[cnt];
947 cnt++;
948
949 priv.elements[cnt].tag = TAG_DSA_BASE;
950 priv.elements[cnt].length = (unsigned short) base->ulValueLen;
951 memmove(bufs[cnt], base->pValue, base->ulValueLen);
952 priv.elements[cnt].data = bufs[cnt];
953 cnt++;
954
955 priv.elements[cnt].tag = TAG_DSA_PRIVATE;
956 priv.elements[cnt].length = (unsigned short) priv_key->ulValueLen;
957 memmove(bufs[cnt], priv_key->pValue, priv_key->ulValueLen);
958 priv.elements[cnt].data = bufs[cnt];
959 cnt++;
960
961 priv.elements[cnt].tag = TAG_DSA_PUBLIC;
962 priv.elements[cnt].length = (unsigned short) pub_key->ulValueLen;
963 memmove(bufs[cnt], pub_key->pValue, pub_key->ulValueLen);
964 priv.elements[cnt].data = bufs[cnt];
965 cnt++;
966
967 priv.nelements = cnt;
968 return (dst__privstruct_writefile(key, &priv, directory));
969 }
970
971 static isc_result_t
972 pkcs11dsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
973 dst_private_t priv;
974 isc_result_t ret;
975 int i;
976 pk11_object_t *dsa = NULL;
977 CK_ATTRIBUTE *attr;
978 isc_mem_t *mctx = key->mctx;
979
980 /* read private key file */
981 ret = dst__privstruct_parse(key, DST_ALG_DSA, lexer, mctx, &priv);
982 if (ret != ISC_R_SUCCESS)
983 return (ret);
984
985 if (key->external) {
986 if (priv.nelements != 0)
987 DST_RET(DST_R_INVALIDPRIVATEKEY);
988 if (pub == NULL)
989 DST_RET(DST_R_INVALIDPRIVATEKEY);
990
991 key->keydata.pkey = pub->keydata.pkey;
992 pub->keydata.pkey = NULL;
993 key->key_size = pub->key_size;
994
995 dst__privstruct_free(&priv, mctx);
996 memset(&priv, 0, sizeof(priv));
997
998 return (ISC_R_SUCCESS);
999 }
1000
1001 dsa = (pk11_object_t *) isc_mem_get(key->mctx, sizeof(*dsa));
1002 if (dsa == NULL)
1003 DST_RET(ISC_R_NOMEMORY);
1004 memset(dsa, 0, sizeof(*dsa));
1005 key->keydata.pkey = dsa;
1006
1007 dsa->repr = (CK_ATTRIBUTE *) isc_mem_get(key->mctx, sizeof(*attr) * 5);
1008 if (dsa->repr == NULL)
1009 DST_RET(ISC_R_NOMEMORY);
1010 memset(dsa->repr, 0, sizeof(*attr) * 5);
1011 dsa->attrcnt = 5;
1012 attr = dsa->repr;
1013 attr[0].type = CKA_PRIME;
1014 attr[1].type = CKA_SUBPRIME;
1015 attr[2].type = CKA_BASE;
1016 attr[3].type = CKA_VALUE;
1017 attr[4].type = CKA_VALUE2;
1018
1019 for (i = 0; i < priv.nelements; i++) {
1020 CK_BYTE *bn;
1021
1022 bn = isc_mem_get(key->mctx, priv.elements[i].length);
1023 if (bn == NULL)
1024 DST_RET(ISC_R_NOMEMORY);
1025 memmove(bn, priv.elements[i].data, priv.elements[i].length);
1026
1027 switch (priv.elements[i].tag) {
1028 case TAG_DSA_PRIME:
1029 attr = pk11_attribute_bytype(dsa, CKA_PRIME);
1030 INSIST(attr != NULL);
1031 attr->pValue = bn;
1032 attr->ulValueLen = priv.elements[i].length;
1033 break;
1034 case TAG_DSA_SUBPRIME:
1035 attr = pk11_attribute_bytype(dsa,
1036 CKA_SUBPRIME);
1037 INSIST(attr != NULL);
1038 attr->pValue = bn;
1039 attr->ulValueLen = priv.elements[i].length;
1040 break;
1041 case TAG_DSA_BASE:
1042 attr = pk11_attribute_bytype(dsa, CKA_BASE);
1043 INSIST(attr != NULL);
1044 attr->pValue = bn;
1045 attr->ulValueLen = priv.elements[i].length;
1046 break;
1047 case TAG_DSA_PRIVATE:
1048 attr = pk11_attribute_bytype(dsa, CKA_VALUE2);
1049 INSIST(attr != NULL);
1050 attr->pValue = bn;
1051 attr->ulValueLen = priv.elements[i].length;
1052 break;
1053 case TAG_DSA_PUBLIC:
1054 attr = pk11_attribute_bytype(dsa, CKA_VALUE);
1055 INSIST(attr != NULL);
1056 attr->pValue = bn;
1057 attr->ulValueLen = priv.elements[i].length;
1058 break;
1059 }
1060 }
1061 dst__privstruct_free(&priv, mctx);
1062
1063 attr = pk11_attribute_bytype(dsa, CKA_PRIME);
1064 INSIST(attr != NULL);
1065 key->key_size = pk11_numbits(attr->pValue, attr->ulValueLen);
1066
1067 return (ISC_R_SUCCESS);
1068
1069 err:
1070 pkcs11dsa_destroy(key);
1071 dst__privstruct_free(&priv, mctx);
1072 memset(&priv, 0, sizeof(priv));
1073 return (ret);
1074 }
1075
1076 static dst_func_t pkcs11dsa_functions = {
1077 pkcs11dsa_createctx,
1078 NULL, /*%< createctx2 */
1079 pkcs11dsa_destroyctx,
1080 pkcs11dsa_adddata,
1081 pkcs11dsa_sign,
1082 pkcs11dsa_verify,
1083 NULL, /*%< verify2 */
1084 NULL, /*%< computesecret */
1085 pkcs11dsa_compare,
1086 NULL, /*%< paramcompare */
1087 pkcs11dsa_generate,
1088 pkcs11dsa_isprivate,
1089 pkcs11dsa_destroy,
1090 pkcs11dsa_todns,
1091 pkcs11dsa_fromdns,
1092 pkcs11dsa_tofile,
1093 pkcs11dsa_parse,
1094 NULL, /*%< cleanup */
1095 NULL, /*%< fromlabel */
1096 NULL, /*%< dump */
1097 NULL, /*%< restore */
1098 };
1099
1100 isc_result_t
1101 dst__pkcs11dsa_init(dst_func_t **funcp) {
1102 REQUIRE(funcp != NULL);
1103 if (*funcp == NULL)
1104 *funcp = &pkcs11dsa_functions;
1105 return (ISC_R_SUCCESS);
1106 }
1107
1108 #else /* PKCS11CRYPTO */
1109
1110 #include <isc/util.h>
1111
1112 EMPTY_TRANSLATION_UNIT
1113
1114 #endif /* PKCS11CRYPTO */
1115 /*! \file */
MINIX 3 (repo.or.cz mirror)