/src/openssl31/providers/implementations/signature/eddsa_sig.c

Source (jump to first uncovered line)
/*
 * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/crypto.h>
#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/err.h>
#include <openssl/params.h>
#include <openssl/evp.h>
#include <openssl/proverr.h>
#include "internal/nelem.h"
#include "internal/sizes.h"
#include "prov/providercommon.h"
#include "prov/implementations.h"
#include "prov/provider_ctx.h"
#include "prov/der_ecx.h"
#include "crypto/ecx.h"

#ifdef S390X_EC_ASM
# include "s390x_arch.h"

# define S390X_CAN_SIGN(edtype)                                                \
((OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_##edtype))    \
&& (OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_##edtype))      \
&& (OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_VERIFY_##edtype)))

static int s390x_ed25519_digestsign(const ECX_KEY *edkey, unsigned char *sig,
                                    const unsigned char *tbs, size_t tbslen);
static int s390x_ed448_digestsign(const ECX_KEY *edkey, unsigned char *sig,
                                  const unsigned char *tbs, size_t tbslen);
static int s390x_ed25519_digestverify(const ECX_KEY *edkey,
                                      const unsigned char *sig,
                                      const unsigned char *tbs, size_t tbslen);
static int s390x_ed448_digestverify(const ECX_KEY *edkey,
                                    const unsigned char *sig,
                                    const unsigned char *tbs, size_t tbslen);

#endif /* S390X_EC_ASM */

static OSSL_FUNC_signature_newctx_fn eddsa_newctx;
static OSSL_FUNC_signature_digest_sign_init_fn eddsa_digest_signverify_init;
static OSSL_FUNC_signature_digest_sign_fn ed25519_digest_sign;
static OSSL_FUNC_signature_digest_sign_fn ed448_digest_sign;
static OSSL_FUNC_signature_digest_verify_fn ed25519_digest_verify;
static OSSL_FUNC_signature_digest_verify_fn ed448_digest_verify;
static OSSL_FUNC_signature_freectx_fn eddsa_freectx;
static OSSL_FUNC_signature_dupctx_fn eddsa_dupctx;
static OSSL_FUNC_signature_get_ctx_params_fn eddsa_get_ctx_params;
static OSSL_FUNC_signature_gettable_ctx_params_fn eddsa_gettable_ctx_params;

typedef struct {
    OSSL_LIB_CTX *libctx;
    ECX_KEY *key;

    /* The Algorithm Identifier of the signature algorithm */
    unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE];
    unsigned char *aid;
    size_t  aid_len;
} PROV_EDDSA_CTX;

static void *eddsa_newctx(void *provctx, const char *propq_unused)
{
    PROV_EDDSA_CTX *peddsactx;

    if (!ossl_prov_is_running())
        return NULL;

    peddsactx = OPENSSL_zalloc(sizeof(PROV_EDDSA_CTX));
    if (peddsactx == NULL) {
        ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
        return NULL;
    }

    peddsactx->libctx = PROV_LIBCTX_OF(provctx);

    return peddsactx;
}

static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname,
                                        void *vedkey,
                                        ossl_unused const OSSL_PARAM params[])
{
    PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;
    ECX_KEY *edkey = (ECX_KEY *)vedkey;
    WPACKET pkt;
    int ret;

    if (!ossl_prov_is_running())
        return 0;

    if (mdname != NULL && mdname[0] != '\0') {
        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST);
        return 0;
    }

    if (edkey == NULL) {
        if (peddsactx->key != NULL)
            /* there is nothing to do on reinit */
            return 1;
        ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
        return 0;
    }

    if (!ossl_ecx_key_up_ref(edkey)) {
        ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
        return 0;
    }

    /*
     * We do not care about DER writing errors.
     * All it really means is that for some reason, there's no
     * AlgorithmIdentifier to be had, but the operation itself is
     * still valid, just as long as it's not used to construct
     * anything that needs an AlgorithmIdentifier.
     */
    peddsactx->aid_len = 0;
    ret = WPACKET_init_der(&pkt, peddsactx->aid_buf, sizeof(peddsactx->aid_buf));
    switch (edkey->type) {
    case ECX_KEY_TYPE_ED25519:
        ret = ret && ossl_DER_w_algorithmIdentifier_ED25519(&pkt, -1, edkey);
        break;
    case ECX_KEY_TYPE_ED448:
        ret = ret && ossl_DER_w_algorithmIdentifier_ED448(&pkt, -1, edkey);
        break;
    default:
        /* Should never happen */
        ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
        ossl_ecx_key_free(edkey);
        return 0;
    }
    if (ret && WPACKET_finish(&pkt)) {
        WPACKET_get_total_written(&pkt, &peddsactx->aid_len);
        peddsactx->aid = WPACKET_get_curr(&pkt);
    }
    WPACKET_cleanup(&pkt);

    peddsactx->key = edkey;

    return 1;
}

int ed25519_digest_sign(void *vpeddsactx, unsigned char *sigret,
                        size_t *siglen, size_t sigsize,
                        const unsigned char *tbs, size_t tbslen)
{
    PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;
    const ECX_KEY *edkey = peddsactx->key;

    if (!ossl_prov_is_running())
        return 0;

    if (sigret == NULL) {
        *siglen = ED25519_SIGSIZE;
        return 1;
    }
    if (sigsize < ED25519_SIGSIZE) {
        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
        return 0;
    }
    if (edkey->privkey == NULL) {
        ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY);
        return 0;
    }
#ifdef S390X_EC_ASM
    if (S390X_CAN_SIGN(ED25519)) {
      if (s390x_ed25519_digestsign(edkey, sigret, tbs, tbslen) == 0) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN);
        return 0;
      }
      *siglen = ED25519_SIGSIZE;
      return 1;
    }
#endif /* S390X_EC_ASM */
    if (ossl_ed25519_sign(sigret, tbs, tbslen, edkey->pubkey, edkey->privkey,
                          peddsactx->libctx, NULL) == 0) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN);
        return 0;
    }
    *siglen = ED25519_SIGSIZE;
    return 1;
}

int ed448_digest_sign(void *vpeddsactx, unsigned char *sigret,
                      size_t *siglen, size_t sigsize,
                      const unsigned char *tbs, size_t tbslen)
{
    PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;
    const ECX_KEY *edkey = peddsactx->key;

    if (!ossl_prov_is_running())
        return 0;

    if (sigret == NULL) {
        *siglen = ED448_SIGSIZE;
        return 1;
    }
    if (sigsize < ED448_SIGSIZE) {
        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
        return 0;
    }
    if (edkey->privkey == NULL) {
        ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY);
        return 0;
    }
#ifdef S390X_EC_ASM
    if (S390X_CAN_SIGN(ED448)) {
        if (s390x_ed448_digestsign(edkey, sigret, tbs, tbslen) == 0) {
    ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN);
    return 0;
  }
  *siglen = ED448_SIGSIZE;
  return 1;
    }
#endif /* S390X_EC_ASM */
    if (ossl_ed448_sign(peddsactx->libctx, sigret, tbs, tbslen, edkey->pubkey,
                        edkey->privkey, NULL, 0, edkey->propq) == 0) {
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN);
        return 0;
    }
    *siglen = ED448_SIGSIZE;
    return 1;
}

int ed25519_digest_verify(void *vpeddsactx, const unsigned char *sig,
                          size_t siglen, const unsigned char *tbs,
                          size_t tbslen)
{
    PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;
    const ECX_KEY *edkey = peddsactx->key;

    if (!ossl_prov_is_running() || siglen != ED25519_SIGSIZE)
        return 0;

#ifdef S390X_EC_ASM
    if (S390X_CAN_SIGN(ED25519))
        return s390x_ed25519_digestverify(edkey, sig, tbs, tbslen);
#endif /* S390X_EC_ASM */

    return ossl_ed25519_verify(tbs, tbslen, sig, edkey->pubkey,
                               peddsactx->libctx, edkey->propq);
}

int ed448_digest_verify(void *vpeddsactx, const unsigned char *sig,
                        size_t siglen, const unsigned char *tbs,
                        size_t tbslen)
{
    PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;
    const ECX_KEY *edkey = peddsactx->key;

    if (!ossl_prov_is_running() || siglen != ED448_SIGSIZE)
        return 0;

#ifdef S390X_EC_ASM
    if (S390X_CAN_SIGN(ED448))
        return s390x_ed448_digestverify(edkey, sig, tbs, tbslen);
#endif /* S390X_EC_ASM */

    return ossl_ed448_verify(peddsactx->libctx, tbs, tbslen, sig, edkey->pubkey,
                             NULL, 0, edkey->propq);
}

static void eddsa_freectx(void *vpeddsactx)
{
    PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;

    ossl_ecx_key_free(peddsactx->key);

    OPENSSL_free(peddsactx);
}

static void *eddsa_dupctx(void *vpeddsactx)
{
    PROV_EDDSA_CTX *srcctx = (PROV_EDDSA_CTX *)vpeddsactx;
    PROV_EDDSA_CTX *dstctx;

    if (!ossl_prov_is_running())
        return NULL;

    dstctx = OPENSSL_zalloc(sizeof(*srcctx));
    if (dstctx == NULL)
        return NULL;

    *dstctx = *srcctx;
    dstctx->key = NULL;

    if (srcctx->key != NULL && !ossl_ecx_key_up_ref(srcctx->key)) {
        ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
        goto err;
    }
    dstctx->key = srcctx->key;

    return dstctx;
 err:
    eddsa_freectx(dstctx);
    return NULL;
}

static int eddsa_get_ctx_params(void *vpeddsactx, OSSL_PARAM *params)
{
    PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;
    OSSL_PARAM *p;

    if (peddsactx == NULL)
        return 0;

    p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
    if (p != NULL && !OSSL_PARAM_set_octet_string(p, peddsactx->aid,
                                                  peddsactx->aid_len))
        return 0;

    return 1;
}

static const OSSL_PARAM known_gettable_ctx_params[] = {
    OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0),
    OSSL_PARAM_END
};

static const OSSL_PARAM *eddsa_gettable_ctx_params(ossl_unused void *vpeddsactx,
                                                   ossl_unused void *provctx)
{
    return known_gettable_ctx_params;
}

const OSSL_DISPATCH ossl_ed25519_signature_functions[] = {
    { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))eddsa_newctx },
    { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT,
      (void (*)(void))eddsa_digest_signverify_init },
    { OSSL_FUNC_SIGNATURE_DIGEST_SIGN,
      (void (*)(void))ed25519_digest_sign },
    { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT,
      (void (*)(void))eddsa_digest_signverify_init },
    { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY,
      (void (*)(void))ed25519_digest_verify },
    { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))eddsa_freectx },
    { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))eddsa_dupctx },
    { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))eddsa_get_ctx_params },
    { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS,
      (void (*)(void))eddsa_gettable_ctx_params },
    { 0, NULL }
};

const OSSL_DISPATCH ossl_ed448_signature_functions[] = {
    { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))eddsa_newctx },
    { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT,
      (void (*)(void))eddsa_digest_signverify_init },
    { OSSL_FUNC_SIGNATURE_DIGEST_SIGN,
      (void (*)(void))ed448_digest_sign },
    { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT,
      (void (*)(void))eddsa_digest_signverify_init },
    { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY,
      (void (*)(void))ed448_digest_verify },
    { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))eddsa_freectx },
    { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))eddsa_dupctx },
    { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))eddsa_get_ctx_params },
    { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS,
      (void (*)(void))eddsa_gettable_ctx_params },
    { 0, NULL }
};

#ifdef S390X_EC_ASM

static int s390x_ed25519_digestsign(const ECX_KEY *edkey, unsigned char *sig,
                                    const unsigned char *tbs, size_t tbslen)
{
    int rc;
    union {
        struct {
            unsigned char sig[64];
            unsigned char priv[32];
        } ed25519;
        unsigned long long buff[512];
    } param;

    memset(&param, 0, sizeof(param));
    memcpy(param.ed25519.priv, edkey->privkey, sizeof(param.ed25519.priv));

    rc = s390x_kdsa(S390X_EDDSA_SIGN_ED25519, &param.ed25519, tbs, tbslen);
    OPENSSL_cleanse(param.ed25519.priv, sizeof(param.ed25519.priv));
    if (rc != 0)
        return 0;

    s390x_flip_endian32(sig, param.ed25519.sig);
    s390x_flip_endian32(sig + 32, param.ed25519.sig + 32);
    return 1;
}

static int s390x_ed448_digestsign(const ECX_KEY *edkey, unsigned char *sig,
                                  const unsigned char *tbs, size_t tbslen)
{
    int rc;
    union {
        struct {
            unsigned char sig[128];
            unsigned char priv[64];
        } ed448;
        unsigned long long buff[512];
    } param;

    memset(&param, 0, sizeof(param));
    memcpy(param.ed448.priv + 64 - 57, edkey->privkey, 57);

    rc = s390x_kdsa(S390X_EDDSA_SIGN_ED448, &param.ed448, tbs, tbslen);
    OPENSSL_cleanse(param.ed448.priv, sizeof(param.ed448.priv));
    if (rc != 0)
        return 0;

    s390x_flip_endian64(param.ed448.sig, param.ed448.sig);
    s390x_flip_endian64(param.ed448.sig + 64, param.ed448.sig + 64);
    memcpy(sig, param.ed448.sig, 57);
    memcpy(sig + 57, param.ed448.sig + 64, 57);
    return 1;
}

static int s390x_ed25519_digestverify(const ECX_KEY *edkey,
                                      const unsigned char *sig,
                                      const unsigned char *tbs, size_t tbslen)
{
    union {
        struct {
            unsigned char sig[64];
            unsigned char pub[32];
        } ed25519;
        unsigned long long buff[512];
    } param;

    memset(&param, 0, sizeof(param));
    s390x_flip_endian32(param.ed25519.sig, sig);
    s390x_flip_endian32(param.ed25519.sig + 32, sig + 32);
    s390x_flip_endian32(param.ed25519.pub, edkey->pubkey);

    return s390x_kdsa(S390X_EDDSA_VERIFY_ED25519,
                      &param.ed25519, tbs, tbslen) == 0 ? 1 : 0;
}

static int s390x_ed448_digestverify(const ECX_KEY *edkey,
                                    const unsigned char *sig,
                                    const unsigned char *tbs,
                                    size_t tbslen)
{
    union {
        struct {
            unsigned char sig[128];
            unsigned char pub[64];
        } ed448;
        unsigned long long buff[512];
    } param;

    memset(&param, 0, sizeof(param));
    memcpy(param.ed448.sig, sig, 57);
    s390x_flip_endian64(param.ed448.sig, param.ed448.sig);
    memcpy(param.ed448.sig + 64, sig + 57, 57);
    s390x_flip_endian64(param.ed448.sig + 64, param.ed448.sig + 64);
    memcpy(param.ed448.pub, edkey->pubkey, 57);
    s390x_flip_endian64(param.ed448.pub, param.ed448.pub);

    return s390x_kdsa(S390X_EDDSA_VERIFY_ED448,
                      &param.ed448, tbs, tbslen) == 0 ? 1 : 0;
}

#endif /* S390X_EC_ASM */

Coverage Report

Created: 2024-07-27 06:39

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <openssl/crypto.h>
11		#include <openssl/core_dispatch.h>
12		#include <openssl/core_names.h>
13		#include <openssl/err.h>
14		#include <openssl/params.h>
15		#include <openssl/evp.h>
16		#include <openssl/proverr.h>
17		#include "internal/nelem.h"
18		#include "internal/sizes.h"
19		#include "prov/providercommon.h"
20		#include "prov/implementations.h"
21		#include "prov/provider_ctx.h"
22		#include "prov/der_ecx.h"
23		#include "crypto/ecx.h"
24
25		#ifdef S390X_EC_ASM
26		# include "s390x_arch.h"
27
28		# define S390X_CAN_SIGN(edtype) \
29		((OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_##edtype)) \
30		&& (OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_##edtype)) \
31		&& (OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_VERIFY_##edtype)))
32
33		static int s390x_ed25519_digestsign(const ECX_KEY edkey, unsigned char sig,
34		const unsigned char *tbs, size_t tbslen);
35		static int s390x_ed448_digestsign(const ECX_KEY edkey, unsigned char sig,
36		const unsigned char *tbs, size_t tbslen);
37		static int s390x_ed25519_digestverify(const ECX_KEY *edkey,
38		const unsigned char *sig,
39		const unsigned char *tbs, size_t tbslen);
40		static int s390x_ed448_digestverify(const ECX_KEY *edkey,
41		const unsigned char *sig,
42		const unsigned char *tbs, size_t tbslen);
43
44		#endif /* S390X_EC_ASM */
45
46		static OSSL_FUNC_signature_newctx_fn eddsa_newctx;
47		static OSSL_FUNC_signature_digest_sign_init_fn eddsa_digest_signverify_init;
48		static OSSL_FUNC_signature_digest_sign_fn ed25519_digest_sign;
49		static OSSL_FUNC_signature_digest_sign_fn ed448_digest_sign;
50		static OSSL_FUNC_signature_digest_verify_fn ed25519_digest_verify;
51		static OSSL_FUNC_signature_digest_verify_fn ed448_digest_verify;
52		static OSSL_FUNC_signature_freectx_fn eddsa_freectx;
53		static OSSL_FUNC_signature_dupctx_fn eddsa_dupctx;
54		static OSSL_FUNC_signature_get_ctx_params_fn eddsa_get_ctx_params;
55		static OSSL_FUNC_signature_gettable_ctx_params_fn eddsa_gettable_ctx_params;
56
57		typedef struct {
58		OSSL_LIB_CTX *libctx;
59		ECX_KEY *key;
60
61		/* The Algorithm Identifier of the signature algorithm */
62		unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE];
63		unsigned char *aid;
64		size_t aid_len;
65		} PROV_EDDSA_CTX;
66
67		static void eddsa_newctx(void provctx, const char *propq_unused)
68	4	{
69	4	PROV_EDDSA_CTX *peddsactx;
70
71	4	if (!ossl_prov_is_running())
72	0	return NULL;
73
74	4	peddsactx = OPENSSL_zalloc(sizeof(PROV_EDDSA_CTX));
75	4	if (peddsactx == NULL) {
76	0	ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
77	0	return NULL;
78	0	}
79
80	4	peddsactx->libctx = PROV_LIBCTX_OF(provctx);
81
82	4	return peddsactx;
83	4	}
84
85		static int eddsa_digest_signverify_init(void vpeddsactx, const char mdname,
86		void *vedkey,
87		ossl_unused const OSSL_PARAM params[])
88	4	{
89	4	PROV_EDDSA_CTX peddsactx = (PROV_EDDSA_CTX )vpeddsactx;
90	4	ECX_KEY edkey = (ECX_KEY )vedkey;
91	4	WPACKET pkt;
92	4	int ret;
93
94	4	if (!ossl_prov_is_running())
95	0	return 0;
96
97	4	if (mdname != NULL && mdname[0] != '\0') {
98	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST);
99	0	return 0;
100	0	}
101
102	4	if (edkey == NULL) {
103	0	if (peddsactx->key != NULL)
104		/* there is nothing to do on reinit */
105	0	return 1;
106	0	ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
107	0	return 0;
108	0	}
109
110	4	if (!ossl_ecx_key_up_ref(edkey)) {
111	0	ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
112	0	return 0;
113	0	}
114
115		/*
116		* We do not care about DER writing errors.
117		* All it really means is that for some reason, there's no
118		* AlgorithmIdentifier to be had, but the operation itself is
119		* still valid, just as long as it's not used to construct
120		* anything that needs an AlgorithmIdentifier.
121		*/
122	4	peddsactx->aid_len = 0;
123	4	ret = WPACKET_init_der(&pkt, peddsactx->aid_buf, sizeof(peddsactx->aid_buf));
124	4	switch (edkey->type) {
125	4	case ECX_KEY_TYPE_ED25519:
126	4	ret = ret && ossl_DER_w_algorithmIdentifier_ED25519(&pkt, -1, edkey);
127	4	break;
128	0	case ECX_KEY_TYPE_ED448:
129	0	ret = ret && ossl_DER_w_algorithmIdentifier_ED448(&pkt, -1, edkey);
130	0	break;
131	0	default:
132		/* Should never happen */
133	0	ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
134	0	ossl_ecx_key_free(edkey);
135	0	return 0;
136	4	}
137	4	if (ret && WPACKET_finish(&pkt)) {
138	4	WPACKET_get_total_written(&pkt, &peddsactx->aid_len);
139	4	peddsactx->aid = WPACKET_get_curr(&pkt);
140	4	}
141	4	WPACKET_cleanup(&pkt);
142
143	4	peddsactx->key = edkey;
144
145	4	return 1;
146	4	}
147
148		int ed25519_digest_sign(void vpeddsactx, unsigned char sigret,
149		size_t *siglen, size_t sigsize,
150		const unsigned char *tbs, size_t tbslen)
151	0	{
152	0	PROV_EDDSA_CTX peddsactx = (PROV_EDDSA_CTX )vpeddsactx;
153	0	const ECX_KEY *edkey = peddsactx->key;
154
155	0	if (!ossl_prov_is_running())
156	0	return 0;
157
158	0	if (sigret == NULL) {
159	0	*siglen = ED25519_SIGSIZE;
160	0	return 1;
161	0	}
162	0	if (sigsize < ED25519_SIGSIZE) {
163	0	ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
164	0	return 0;
165	0	}
166	0	if (edkey->privkey == NULL) {
167	0	ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY);
168	0	return 0;
169	0	}
170		#ifdef S390X_EC_ASM
171		if (S390X_CAN_SIGN(ED25519)) {
172		if (s390x_ed25519_digestsign(edkey, sigret, tbs, tbslen) == 0) {
173		ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN);
174		return 0;
175		}
176		*siglen = ED25519_SIGSIZE;
177		return 1;
178		}
179		#endif /* S390X_EC_ASM */
180	0	if (ossl_ed25519_sign(sigret, tbs, tbslen, edkey->pubkey, edkey->privkey,
181	0	peddsactx->libctx, NULL) == 0) {
182	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN);
183	0	return 0;
184	0	}
185	0	*siglen = ED25519_SIGSIZE;
186	0	return 1;
187	0	}
188
189		int ed448_digest_sign(void vpeddsactx, unsigned char sigret,
190		size_t *siglen, size_t sigsize,
191		const unsigned char *tbs, size_t tbslen)
192	0	{
193	0	PROV_EDDSA_CTX peddsactx = (PROV_EDDSA_CTX )vpeddsactx;
194	0	const ECX_KEY *edkey = peddsactx->key;
195
196	0	if (!ossl_prov_is_running())
197	0	return 0;
198
199	0	if (sigret == NULL) {
200	0	*siglen = ED448_SIGSIZE;
201	0	return 1;
202	0	}
203	0	if (sigsize < ED448_SIGSIZE) {
204	0	ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
205	0	return 0;
206	0	}
207	0	if (edkey->privkey == NULL) {
208	0	ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY);
209	0	return 0;
210	0	}
211		#ifdef S390X_EC_ASM
212		if (S390X_CAN_SIGN(ED448)) {
213		if (s390x_ed448_digestsign(edkey, sigret, tbs, tbslen) == 0) {
214		ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN);
215		return 0;
216		}
217		*siglen = ED448_SIGSIZE;
218		return 1;
219		}
220		#endif /* S390X_EC_ASM */
221	0	if (ossl_ed448_sign(peddsactx->libctx, sigret, tbs, tbslen, edkey->pubkey,
222	0	edkey->privkey, NULL, 0, edkey->propq) == 0) {
223	0	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN);
224	0	return 0;
225	0	}
226	0	*siglen = ED448_SIGSIZE;
227	0	return 1;
228	0	}
229
230		int ed25519_digest_verify(void vpeddsactx, const unsigned char sig,
231		size_t siglen, const unsigned char *tbs,
232		size_t tbslen)
233	4	{
234	4	PROV_EDDSA_CTX peddsactx = (PROV_EDDSA_CTX )vpeddsactx;
235	4	const ECX_KEY *edkey = peddsactx->key;
236
237	4	if (!ossl_prov_is_running() \|\| siglen != ED25519_SIGSIZE)
238	4	return 0;
239
240		#ifdef S390X_EC_ASM
241		if (S390X_CAN_SIGN(ED25519))
242		return s390x_ed25519_digestverify(edkey, sig, tbs, tbslen);
243		#endif /* S390X_EC_ASM */
244
245	0	return ossl_ed25519_verify(tbs, tbslen, sig, edkey->pubkey,
246	0	peddsactx->libctx, edkey->propq);
247	4	}
248
249		int ed448_digest_verify(void vpeddsactx, const unsigned char sig,
250		size_t siglen, const unsigned char *tbs,
251		size_t tbslen)
252	0	{
253	0	PROV_EDDSA_CTX peddsactx = (PROV_EDDSA_CTX )vpeddsactx;
254	0	const ECX_KEY *edkey = peddsactx->key;
255
256	0	if (!ossl_prov_is_running() \|\| siglen != ED448_SIGSIZE)
257	0	return 0;
258
259		#ifdef S390X_EC_ASM
260		if (S390X_CAN_SIGN(ED448))
261		return s390x_ed448_digestverify(edkey, sig, tbs, tbslen);
262		#endif /* S390X_EC_ASM */
263
264	0	return ossl_ed448_verify(peddsactx->libctx, tbs, tbslen, sig, edkey->pubkey,
265	0	NULL, 0, edkey->propq);
266	0	}
267
268		static void eddsa_freectx(void *vpeddsactx)
269	4	{
270	4	PROV_EDDSA_CTX peddsactx = (PROV_EDDSA_CTX )vpeddsactx;
271
272	4	ossl_ecx_key_free(peddsactx->key);
273
274	4	OPENSSL_free(peddsactx);
275	4	}
276
277		static void eddsa_dupctx(void vpeddsactx)
278	0	{
279	0	PROV_EDDSA_CTX srcctx = (PROV_EDDSA_CTX )vpeddsactx;
280	0	PROV_EDDSA_CTX *dstctx;
281
282	0	if (!ossl_prov_is_running())
283	0	return NULL;
284
285	0	dstctx = OPENSSL_zalloc(sizeof(*srcctx));
286	0	if (dstctx == NULL)
287	0	return NULL;
288
289	0	dstctx = srcctx;
290	0	dstctx->key = NULL;
291
292	0	if (srcctx->key != NULL && !ossl_ecx_key_up_ref(srcctx->key)) {
293	0	ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
294	0	goto err;
295	0	}
296	0	dstctx->key = srcctx->key;
297
298	0	return dstctx;
299	0	err:
300	0	eddsa_freectx(dstctx);
301	0	return NULL;
302	0	}
303
304		static int eddsa_get_ctx_params(void vpeddsactx, OSSL_PARAM params)
305	0	{
306	0	PROV_EDDSA_CTX peddsactx = (PROV_EDDSA_CTX )vpeddsactx;
307	0	OSSL_PARAM *p;
308
309	0	if (peddsactx == NULL)
310	0	return 0;
311
312	0	p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
313	0	if (p != NULL && !OSSL_PARAM_set_octet_string(p, peddsactx->aid,
314	0	peddsactx->aid_len))
315	0	return 0;
316
317	0	return 1;
318	0	}
319
320		static const OSSL_PARAM known_gettable_ctx_params[] = {
321		OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0),
322		OSSL_PARAM_END
323		};
324
325		static const OSSL_PARAM eddsa_gettable_ctx_params(ossl_unused void vpeddsactx,
326		ossl_unused void *provctx)
327	0	{
328	0	return known_gettable_ctx_params;
329	0	}
330
331		const OSSL_DISPATCH ossl_ed25519_signature_functions[] = {
332		{ OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))eddsa_newctx },
333		{ OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT,
334		(void (*)(void))eddsa_digest_signverify_init },
335		{ OSSL_FUNC_SIGNATURE_DIGEST_SIGN,
336		(void (*)(void))ed25519_digest_sign },
337		{ OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT,
338		(void (*)(void))eddsa_digest_signverify_init },
339		{ OSSL_FUNC_SIGNATURE_DIGEST_VERIFY,
340		(void (*)(void))ed25519_digest_verify },
341		{ OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))eddsa_freectx },
342		{ OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))eddsa_dupctx },
343		{ OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))eddsa_get_ctx_params },
344		{ OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS,
345		(void (*)(void))eddsa_gettable_ctx_params },
346		{ 0, NULL }
347		};
348
349		const OSSL_DISPATCH ossl_ed448_signature_functions[] = {
350		{ OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))eddsa_newctx },
351		{ OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT,
352		(void (*)(void))eddsa_digest_signverify_init },
353		{ OSSL_FUNC_SIGNATURE_DIGEST_SIGN,
354		(void (*)(void))ed448_digest_sign },
355		{ OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT,
356		(void (*)(void))eddsa_digest_signverify_init },
357		{ OSSL_FUNC_SIGNATURE_DIGEST_VERIFY,
358		(void (*)(void))ed448_digest_verify },
359		{ OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))eddsa_freectx },
360		{ OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))eddsa_dupctx },
361		{ OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))eddsa_get_ctx_params },
362		{ OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS,
363		(void (*)(void))eddsa_gettable_ctx_params },
364		{ 0, NULL }
365		};
366
367		#ifdef S390X_EC_ASM
368
369		static int s390x_ed25519_digestsign(const ECX_KEY edkey, unsigned char sig,
370		const unsigned char *tbs, size_t tbslen)
371		{
372		int rc;
373		union {
374		struct {
375		unsigned char sig[64];
376		unsigned char priv[32];
377		} ed25519;
378		unsigned long long buff[512];
379		} param;
380
381		memset(&param, 0, sizeof(param));
382		memcpy(param.ed25519.priv, edkey->privkey, sizeof(param.ed25519.priv));
383
384		rc = s390x_kdsa(S390X_EDDSA_SIGN_ED25519, &param.ed25519, tbs, tbslen);
385		OPENSSL_cleanse(param.ed25519.priv, sizeof(param.ed25519.priv));
386		if (rc != 0)
387		return 0;
388
389		s390x_flip_endian32(sig, param.ed25519.sig);
390		s390x_flip_endian32(sig + 32, param.ed25519.sig + 32);
391		return 1;
392		}
393
394		static int s390x_ed448_digestsign(const ECX_KEY edkey, unsigned char sig,
395		const unsigned char *tbs, size_t tbslen)
396		{
397		int rc;
398		union {
399		struct {
400		unsigned char sig[128];
401		unsigned char priv[64];
402		} ed448;
403		unsigned long long buff[512];
404		} param;
405
406		memset(&param, 0, sizeof(param));
407		memcpy(param.ed448.priv + 64 - 57, edkey->privkey, 57);
408
409		rc = s390x_kdsa(S390X_EDDSA_SIGN_ED448, &param.ed448, tbs, tbslen);
410		OPENSSL_cleanse(param.ed448.priv, sizeof(param.ed448.priv));
411		if (rc != 0)
412		return 0;
413
414		s390x_flip_endian64(param.ed448.sig, param.ed448.sig);
415		s390x_flip_endian64(param.ed448.sig + 64, param.ed448.sig + 64);
416		memcpy(sig, param.ed448.sig, 57);
417		memcpy(sig + 57, param.ed448.sig + 64, 57);
418		return 1;
419		}
420
421		static int s390x_ed25519_digestverify(const ECX_KEY *edkey,
422		const unsigned char *sig,
423		const unsigned char *tbs, size_t tbslen)
424		{
425		union {
426		struct {
427		unsigned char sig[64];
428		unsigned char pub[32];
429		} ed25519;
430		unsigned long long buff[512];
431		} param;
432
433		memset(&param, 0, sizeof(param));
434		s390x_flip_endian32(param.ed25519.sig, sig);
435		s390x_flip_endian32(param.ed25519.sig + 32, sig + 32);
436		s390x_flip_endian32(param.ed25519.pub, edkey->pubkey);
437
438		return s390x_kdsa(S390X_EDDSA_VERIFY_ED25519,
439		&param.ed25519, tbs, tbslen) == 0 ? 1 : 0;
440		}
441
442		static int s390x_ed448_digestverify(const ECX_KEY *edkey,
443		const unsigned char *sig,
444		const unsigned char *tbs,
445		size_t tbslen)
446		{
447		union {
448		struct {
449		unsigned char sig[128];
450		unsigned char pub[64];
451		} ed448;
452		unsigned long long buff[512];
453		} param;
454
455		memset(&param, 0, sizeof(param));
456		memcpy(param.ed448.sig, sig, 57);
457		s390x_flip_endian64(param.ed448.sig, param.ed448.sig);
458		memcpy(param.ed448.sig + 64, sig + 57, 57);
459		s390x_flip_endian64(param.ed448.sig + 64, param.ed448.sig + 64);
460		memcpy(param.ed448.pub, edkey->pubkey, 57);
461		s390x_flip_endian64(param.ed448.pub, param.ed448.pub);
462
463		return s390x_kdsa(S390X_EDDSA_VERIFY_ED448,
464		&param.ed448, tbs, tbslen) == 0 ? 1 : 0;
465		}
466
467		#endif /* S390X_EC_ASM */