2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include <openssl/core_numbers.h>
12 #include <openssl/core_names.h>
13 #include <openssl/params.h>
14 #include <openssl/err.h>
15 #include <openssl/evp.h>
16 #include <openssl/rand.h>
17 #include "internal/param_build_set.h"
18 #include "openssl/param_build.h"
19 #include "crypto/ecx.h"
20 #include "prov/implementations.h"
21 #include "prov/providercommon.h"
22 #include "prov/provider_ctx.h"
24 # include "s390x_arch.h"
25 # include <openssl/sha.h> /* For SHA512_DIGEST_LENGTH */
28 static OSSL_OP_keymgmt_new_fn x25519_new_key;
29 static OSSL_OP_keymgmt_new_fn x448_new_key;
30 static OSSL_OP_keymgmt_new_fn ed25519_new_key;
31 static OSSL_OP_keymgmt_new_fn ed448_new_key;
32 static OSSL_OP_keymgmt_gen_init_fn x25519_gen_init;
33 static OSSL_OP_keymgmt_gen_init_fn x448_gen_init;
34 static OSSL_OP_keymgmt_gen_init_fn ed25519_gen_init;
35 static OSSL_OP_keymgmt_gen_init_fn ed448_gen_init;
36 static OSSL_OP_keymgmt_gen_fn x25519_gen;
37 static OSSL_OP_keymgmt_gen_fn x448_gen;
38 static OSSL_OP_keymgmt_gen_fn ed25519_gen;
39 static OSSL_OP_keymgmt_gen_fn ed448_gen;
40 static OSSL_OP_keymgmt_gen_cleanup_fn ecx_gen_cleanup;
41 static OSSL_OP_keymgmt_get_params_fn x25519_get_params;
42 static OSSL_OP_keymgmt_get_params_fn x448_get_params;
43 static OSSL_OP_keymgmt_get_params_fn ed25519_get_params;
44 static OSSL_OP_keymgmt_get_params_fn ed448_get_params;
45 static OSSL_OP_keymgmt_gettable_params_fn x25519_gettable_params;
46 static OSSL_OP_keymgmt_gettable_params_fn x448_gettable_params;
47 static OSSL_OP_keymgmt_gettable_params_fn ed25519_gettable_params;
48 static OSSL_OP_keymgmt_gettable_params_fn ed448_gettable_params;
49 static OSSL_OP_keymgmt_has_fn ecx_has;
50 static OSSL_OP_keymgmt_import_fn ecx_import;
51 static OSSL_OP_keymgmt_import_types_fn ecx_imexport_types;
52 static OSSL_OP_keymgmt_export_fn ecx_export;
53 static OSSL_OP_keymgmt_export_types_fn ecx_imexport_types;
55 #define ECX_POSSIBLE_SELECTIONS (OSSL_KEYMGMT_SELECT_KEYPAIR)
63 static void *s390x_ecx_keygen25519(struct ecx_gen_ctx *gctx);
64 static void *s390x_ecx_keygen448(struct ecx_gen_ctx *gctx);
65 static void *s390x_ecd_keygen25519(struct ecx_gen_ctx *gctx);
66 static void *s390x_ecd_keygen448(struct ecx_gen_ctx *gctx);
69 static void *x25519_new_key(void *provctx)
71 return ecx_key_new(ECX_KEY_TYPE_X25519, 0);
74 static void *x448_new_key(void *provctx)
76 return ecx_key_new(ECX_KEY_TYPE_X448, 0);
79 static void *ed25519_new_key(void *provctx)
81 return ecx_key_new(ECX_KEY_TYPE_ED25519, 0);
84 static void *ed448_new_key(void *provctx)
86 return ecx_key_new(ECX_KEY_TYPE_ED448, 0);
89 static int ecx_has(void *keydata, int selection)
91 ECX_KEY *key = keydata;
95 if ((selection & ECX_POSSIBLE_SELECTIONS) != 0)
98 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
99 ok = ok && key->haspubkey;
101 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
102 ok = ok && key->privkey != NULL;
107 static int ecx_import(void *keydata, int selection, const OSSL_PARAM params[])
109 ECX_KEY *key = keydata;
111 int include_private = 0;
116 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
119 include_private = ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0);
120 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
121 ok = ok && ecx_key_fromdata(key, params, include_private);
126 static int key_to_params(ECX_KEY *key, OSSL_PARAM_BLD *tmpl,
132 if (!ossl_param_build_set_octet_string(tmpl, params,
133 OSSL_PKEY_PARAM_PUB_KEY,
134 key->pubkey, key->keylen))
137 if (key->privkey != NULL
138 && !ossl_param_build_set_octet_string(tmpl, params,
139 OSSL_PKEY_PARAM_PRIV_KEY,
140 key->privkey, key->keylen))
146 static int ecx_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
149 ECX_KEY *key = keydata;
150 OSSL_PARAM_BLD *tmpl;
151 OSSL_PARAM *params = NULL;
157 tmpl = OSSL_PARAM_BLD_new();
161 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0
162 && !key_to_params(key, tmpl, NULL))
165 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0
166 && !key_to_params(key, tmpl, NULL))
169 params = OSSL_PARAM_BLD_to_param(tmpl);
173 ret = param_cb(params, cbarg);
174 OSSL_PARAM_BLD_free_params(params);
176 OSSL_PARAM_BLD_free(tmpl);
180 #define ECX_KEY_TYPES() \
181 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0), \
182 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
184 static const OSSL_PARAM ecx_key_types[] = {
188 static const OSSL_PARAM *ecx_imexport_types(int selection)
190 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
191 return ecx_key_types;
195 static int ecx_get_params(void *key, OSSL_PARAM params[], int bits, int secbits,
201 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
202 && !OSSL_PARAM_set_int(p, bits))
204 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
205 && !OSSL_PARAM_set_int(p, secbits))
207 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
208 && !OSSL_PARAM_set_int(p, size))
210 return key_to_params(ecx, NULL, params);
213 static int ed_get_params(void *key, OSSL_PARAM params[])
217 if ((p = OSSL_PARAM_locate(params,
218 OSSL_PKEY_PARAM_MANDATORY_DIGEST)) != NULL
219 && !OSSL_PARAM_set_utf8_string(p, ""))
224 static int x25519_get_params(void *key, OSSL_PARAM params[])
226 return ecx_get_params(key, params, X25519_BITS, X25519_SECURITY_BITS,
230 static int x448_get_params(void *key, OSSL_PARAM params[])
232 return ecx_get_params(key, params, X448_BITS, X448_SECURITY_BITS,
236 static int ed25519_get_params(void *key, OSSL_PARAM params[])
238 return ecx_get_params(key, params, ED25519_BITS, ED25519_SECURITY_BITS,
240 && ed_get_params(key, params);
243 static int ed448_get_params(void *key, OSSL_PARAM params[])
245 return ecx_get_params(key, params, ED448_BITS, ED448_SECURITY_BITS,
247 && ed_get_params(key, params);
250 static const OSSL_PARAM ecx_params[] = {
251 OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
252 OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
253 OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
254 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, NULL, 0),
259 static const OSSL_PARAM ed_params[] = {
260 OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
261 OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
262 OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
267 static const OSSL_PARAM *x25519_gettable_params(void)
272 static const OSSL_PARAM *x448_gettable_params(void)
277 static const OSSL_PARAM *ed25519_gettable_params(void)
282 static const OSSL_PARAM *ed448_gettable_params(void)
287 static void *ecx_gen_init(void *provctx, int selection, ECX_KEY_TYPE type)
289 OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
290 struct ecx_gen_ctx *gctx = NULL;
292 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
295 if ((gctx = OPENSSL_malloc(sizeof(*gctx))) != NULL) {
296 gctx->libctx = libctx;
302 static void *x25519_gen_init(void *provctx, int selection)
304 return ecx_gen_init(provctx, selection, ECX_KEY_TYPE_X25519);
307 static void *x448_gen_init(void *provctx, int selection)
309 return ecx_gen_init(provctx, selection, ECX_KEY_TYPE_X448);
312 static void *ed25519_gen_init(void *provctx, int selection)
314 return ecx_gen_init(provctx, selection, ECX_KEY_TYPE_ED25519);
317 static void *ed448_gen_init(void *provctx, int selection)
319 return ecx_gen_init(provctx, selection, ECX_KEY_TYPE_ED448);
322 static void *ecx_gen(struct ecx_gen_ctx *gctx)
325 unsigned char *privkey;
329 if ((key = ecx_key_new(gctx->type, 0)) == NULL) {
330 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
333 if ((privkey = ecx_key_allocate_privkey(key)) == NULL) {
334 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
337 if (RAND_priv_bytes_ex(gctx->libctx, privkey, key->keylen) <= 0)
339 switch (gctx->type) {
340 case ECX_KEY_TYPE_X25519:
342 privkey[X25519_KEYLEN - 1] &= 127;
343 privkey[X25519_KEYLEN - 1] |= 64;
344 X25519_public_from_private(key->pubkey, privkey);
346 case ECX_KEY_TYPE_X448:
348 privkey[X448_KEYLEN - 1] |= 128;
349 X448_public_from_private(key->pubkey, privkey);
351 case ECX_KEY_TYPE_ED25519:
352 if (!ED25519_public_from_private(gctx->libctx, key->pubkey, privkey))
355 case ECX_KEY_TYPE_ED448:
356 if (!ED448_public_from_private(gctx->libctx, key->pubkey, privkey))
366 static void *x25519_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
368 struct ecx_gen_ctx *gctx = genctx;
371 if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X25519))
372 return s390x_ecx_keygen25519(gctx);
374 return ecx_gen(gctx);
377 static void *x448_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
379 struct ecx_gen_ctx *gctx = genctx;
382 if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X448))
383 return s390x_ecx_keygen448(gctx);
385 return ecx_gen(gctx);
388 static void *ed25519_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
390 struct ecx_gen_ctx *gctx = genctx;
392 if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED25519)
393 && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_ED25519)
394 && OPENSSL_s390xcap_P.kdsa[0]
395 & S390X_CAPBIT(S390X_EDDSA_VERIFY_ED25519))
396 return s390x_ecd_keygen25519(gctx);
398 return ecx_gen(gctx);
401 static void *ed448_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
403 struct ecx_gen_ctx *gctx = genctx;
406 if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED448)
407 && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_ED448)
408 && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_VERIFY_ED448))
409 return s390x_ecd_keygen448(gctx);
411 return ecx_gen(gctx);
414 static void ecx_gen_cleanup(void *genctx)
416 struct ecx_gen_ctx *gctx = genctx;
421 #define MAKE_KEYMGMT_FUNCTIONS(alg) \
422 const OSSL_DISPATCH alg##_keymgmt_functions[] = { \
423 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))alg##_new_key }, \
424 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ecx_key_free }, \
425 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))alg##_get_params }, \
426 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))alg##_gettable_params }, \
427 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ecx_has }, \
428 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ecx_import }, \
429 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ecx_imexport_types }, \
430 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ecx_export }, \
431 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ecx_imexport_types }, \
432 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))alg##_gen_init }, \
433 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))alg##_gen }, \
434 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))ecx_gen_cleanup }, \
438 MAKE_KEYMGMT_FUNCTIONS(x25519)
439 MAKE_KEYMGMT_FUNCTIONS(x448)
440 MAKE_KEYMGMT_FUNCTIONS(ed25519)
441 MAKE_KEYMGMT_FUNCTIONS(ed448)
444 # include "s390x_arch.h"
446 static void *s390x_ecx_keygen25519(struct ecx_gen_ctx *gctx)
448 static const unsigned char generator[] = {
449 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
450 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
451 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
453 ECX_KEY *key = ecx_key_new(ECX_KEY_TYPE_X25519, 1);
454 unsigned char *privkey = NULL, *pubkey;
457 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
461 pubkey = key->pubkey;
463 privkey = ecx_key_allocate_privkey(key);
464 if (privkey == NULL) {
465 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
469 if (RAND_priv_bytes_ex(gctx->libctx, privkey, X25519_KEYLEN) <= 0)
476 if (s390x_x25519_mul(pubkey, generator, privkey) != 1)
484 static void *s390x_ecx_keygen448(struct ecx_gen_ctx *gctx)
486 static const unsigned char generator[] = {
487 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
488 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
489 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
490 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
491 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
493 ECX_KEY *key = ecx_key_new(ECX_KEY_TYPE_X448, 1);
494 unsigned char *privkey = NULL, *pubkey;
497 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
501 pubkey = key->pubkey;
503 privkey = ecx_key_allocate_privkey(key);
504 if (privkey == NULL) {
505 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
509 if (RAND_priv_bytes_ex(gctx->libctx, privkey, X448_KEYLEN) <= 0)
515 if (s390x_x448_mul(pubkey, generator, privkey) != 1)
523 static void *s390x_ecd_keygen25519(struct ecx_gen_ctx *gctx)
525 static const unsigned char generator_x[] = {
526 0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95,
527 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0,
528 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21
530 static const unsigned char generator_y[] = {
531 0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
532 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
533 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
535 unsigned char x_dst[32], buff[SHA512_DIGEST_LENGTH];
536 ECX_KEY *key = ecx_key_new(ECX_KEY_TYPE_ED25519, 1);
537 unsigned char *privkey = NULL, *pubkey;
543 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
547 pubkey = key->pubkey;
549 privkey = ecx_key_allocate_privkey(key);
550 if (privkey == NULL) {
551 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
555 if (RAND_priv_bytes_ex(gctx->libctx, privkey, ED25519_KEYLEN) <= 0)
558 sha = EVP_MD_fetch(gctx->libctx, "SHA512", NULL);
561 j = EVP_Digest(privkey, 32, buff, &sz, sha, NULL);
570 if (s390x_ed25519_mul(x_dst, pubkey,
571 generator_x, generator_y, buff) != 1)
574 pubkey[31] |= ((x_dst[0] & 0x01) << 7);
581 static void *s390x_ecd_keygen448(struct ecx_gen_ctx *gctx)
583 static const unsigned char generator_x[] = {
584 0x5e, 0xc0, 0x0c, 0xc7, 0x2b, 0xa8, 0x26, 0x26, 0x8e, 0x93, 0x00, 0x8b,
585 0xe1, 0x80, 0x3b, 0x43, 0x11, 0x65, 0xb6, 0x2a, 0xf7, 0x1a, 0xae, 0x12,
586 0x64, 0xa4, 0xd3, 0xa3, 0x24, 0xe3, 0x6d, 0xea, 0x67, 0x17, 0x0f, 0x47,
587 0x70, 0x65, 0x14, 0x9e, 0xda, 0x36, 0xbf, 0x22, 0xa6, 0x15, 0x1d, 0x22,
588 0xed, 0x0d, 0xed, 0x6b, 0xc6, 0x70, 0x19, 0x4f, 0x00
590 static const unsigned char generator_y[] = {
591 0x14, 0xfa, 0x30, 0xf2, 0x5b, 0x79, 0x08, 0x98, 0xad, 0xc8, 0xd7, 0x4e,
592 0x2c, 0x13, 0xbd, 0xfd, 0xc4, 0x39, 0x7c, 0xe6, 0x1c, 0xff, 0xd3, 0x3a,
593 0xd7, 0xc2, 0xa0, 0x05, 0x1e, 0x9c, 0x78, 0x87, 0x40, 0x98, 0xa3, 0x6c,
594 0x73, 0x73, 0xea, 0x4b, 0x62, 0xc7, 0xc9, 0x56, 0x37, 0x20, 0x76, 0x88,
595 0x24, 0xbc, 0xb6, 0x6e, 0x71, 0x46, 0x3f, 0x69, 0x00
597 unsigned char x_dst[57], buff[114];
598 ECX_KEY *key = ecx_key_new(ECX_KEY_TYPE_ED448, 1);
599 unsigned char *privkey = NULL, *pubkey;
600 EVP_MD_CTX *hashctx = NULL;
601 EVP_MD *shake = NULL;
604 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
608 pubkey = key->pubkey;
610 privkey = ecx_key_allocate_privkey(key);
611 if (privkey == NULL) {
612 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
616 shake = EVP_MD_fetch(gctx->libctx, "SHAKE256", NULL);
619 if (RAND_priv_bytes_ex(gctx->libctx, privkey, ED448_KEYLEN) <= 0)
622 hashctx = EVP_MD_CTX_new();
625 if (EVP_DigestInit_ex(hashctx, shake, NULL) != 1)
627 if (EVP_DigestUpdate(hashctx, privkey, 57) != 1)
629 if (EVP_DigestFinalXOF(hashctx, buff, sizeof(buff)) != 1)
636 if (s390x_ed448_mul(x_dst, pubkey,
637 generator_x, generator_y, buff) != 1)
640 pubkey[56] |= ((x_dst[0] & 0x01) << 7);
641 EVP_MD_CTX_free(hashctx);
646 EVP_MD_CTX_free(hashctx);