From af6d8dd30ff48046f5af7d84095f30356c33264a Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 17 Feb 2020 16:37:24 +0000
Subject: [PATCH] Add Key Management support for EdDSA keys

Support added for Ed25519 and Ed448

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11261)
---
 include/crypto/ecx.h                          | 27 +++++---
 providers/defltprov.c                         |  2 +
 .../include/prov/implementations.h            |  2 +
 providers/implementations/keymgmt/ecx_kmgmt.c | 67 ++++++++++++-------
 4 files changed, 62 insertions(+), 36 deletions(-)

diff --git a/include/crypto/ecx.h b/include/crypto/ecx.h
index e179db1b53..6753e14cb2 100644
--- a/include/crypto/ecx.h
+++ b/include/crypto/ecx.h
@@ -19,23 +19,28 @@
 #  include <openssl/crypto.h>
 #  include "internal/refcount.h"
 
-#  define X25519_KEYLEN        32
-#  define X448_KEYLEN          56
-#  define ED25519_KEYLEN       32
-#  define ED448_KEYLEN         57
+#  define X25519_KEYLEN         32
+#  define X448_KEYLEN           56
+#  define ED25519_KEYLEN        32
+#  define ED448_KEYLEN          57
 
 #  define MAX_KEYLEN  ED448_KEYLEN
 
-#  define X25519_BITS          253
-#  define X25519_SECURITY_BITS 128
+#  define X25519_BITS           253
+#  define X25519_SECURITY_BITS  128
 
-#  define ED25519_SIGSIZE      64
+#  define X448_BITS             448
+#  define X448_SECURITY_BITS    224
 
-#  define X448_BITS            448
-#  define ED448_BITS           456
-#  define X448_SECURITY_BITS   224
+#  define ED25519_BITS          256
+/* RFC8032 Section 8.5 */
+#  define ED25519_SECURITY_BITS 128
+#  define ED25519_SIGSIZE       64
 
-#  define ED448_SIGSIZE        114
+#  define ED448_BITS            456
+/* RFC8032 Section 8.5 */
+#  define ED448_SECURITY_BITS   224
+#  define ED448_SIGSIZE         114
 
 struct ecx_key_st {
     unsigned int haspubkey:1;
diff --git a/providers/defltprov.c b/providers/defltprov.c
index 0f66aa2b71..a410eea13d 100644
--- a/providers/defltprov.c
+++ b/providers/defltprov.c
@@ -405,6 +405,8 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = {
     { "EC:id-ecPublicKey", "provider=default", ec_keymgmt_functions },
     { "X25519", "provider=default", x25519_keymgmt_functions },
     { "X448", "provider=default", x448_keymgmt_functions },
+    { "ED25519", "provider=default", ed25519_keymgmt_functions },
+    { "ED448", "provider=default", ed448_keymgmt_functions },
 #endif
     { NULL, NULL, NULL }
 };
diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h
index ea33bedfd8..e3afa987d6 100644
--- a/providers/implementations/include/prov/implementations.h
+++ b/providers/implementations/include/prov/implementations.h
@@ -259,6 +259,8 @@ extern const OSSL_DISPATCH dsa_keymgmt_functions[];
 extern const OSSL_DISPATCH rsa_keymgmt_functions[];
 extern const OSSL_DISPATCH x25519_keymgmt_functions[];
 extern const OSSL_DISPATCH x448_keymgmt_functions[];
+extern const OSSL_DISPATCH ed25519_keymgmt_functions[];
+extern const OSSL_DISPATCH ed448_keymgmt_functions[];
 extern const OSSL_DISPATCH ec_keymgmt_functions[];
 
 /* Key Exchange */
diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c
index d3aa9ba1f9..b078c6de58 100644
--- a/providers/implementations/keymgmt/ecx_kmgmt.c
+++ b/providers/implementations/keymgmt/ecx_kmgmt.c
@@ -18,8 +18,12 @@
 
 static OSSL_OP_keymgmt_new_fn x25519_new_key;
 static OSSL_OP_keymgmt_new_fn x448_new_key;
+static OSSL_OP_keymgmt_new_fn ed25519_new_key;
+static OSSL_OP_keymgmt_new_fn ed448_new_key;
 static OSSL_OP_keymgmt_get_params_fn x25519_get_params;
 static OSSL_OP_keymgmt_get_params_fn x448_get_params;
+static OSSL_OP_keymgmt_get_params_fn ed25519_get_params;
+static OSSL_OP_keymgmt_get_params_fn ed448_get_params;
 static OSSL_OP_keymgmt_gettable_params_fn ecx_gettable_params;
 static OSSL_OP_keymgmt_has_fn ecx_has;
 static OSSL_OP_keymgmt_import_fn ecx_import;
@@ -39,6 +43,16 @@ static void *x448_new_key(void *provctx)
     return ecx_key_new(X448_KEYLEN, 0);
 }
 
+static void *ed25519_new_key(void *provctx)
+{
+    return ecx_key_new(ED25519_KEYLEN, 0);
+}
+
+static void *ed448_new_key(void *provctx)
+{
+    return ecx_key_new(ED448_KEYLEN, 0);
+}
+
 static int ecx_has(void *keydata, int selection)
 {
     ECX_KEY *key = keydata;
@@ -186,6 +200,16 @@ static int x448_get_params(void *key, OSSL_PARAM params[])
     return ecx_get_params(params, X448_BITS, X448_SECURITY_BITS, X448_KEYLEN);
 }
 
+static int ed25519_get_params(void *key, OSSL_PARAM params[])
+{
+    return ecx_get_params(params, ED25519_BITS, ED25519_SECURITY_BITS, ED25519_KEYLEN);
+}
+
+static int ed448_get_params(void *key, OSSL_PARAM params[])
+{
+    return ecx_get_params(params, ED448_BITS, ED448_SECURITY_BITS, ED448_KEYLEN);
+}
+
 static const OSSL_PARAM ecx_params[] = {
     OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
     OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
@@ -198,28 +222,21 @@ static const OSSL_PARAM *ecx_gettable_params(void)
     return ecx_params;
 }
 
-const OSSL_DISPATCH x25519_keymgmt_functions[] = {
-    { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))x25519_new_key },
-    { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ecx_key_free },
-    { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))x25519_get_params },
-    { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))ecx_gettable_params },
-    { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ecx_has },
-    { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ecx_import },
-    { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ecx_imexport_types },
-    { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ecx_export },
-    { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ecx_imexport_types },
-    { 0, NULL }
-};
-
-const OSSL_DISPATCH x448_keymgmt_functions[] = {
-    { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))x448_new_key },
-    { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ecx_key_free },
-    { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))x448_get_params },
-    { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))ecx_gettable_params },
-    { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ecx_has },
-    { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ecx_import },
-    { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ecx_imexport_types },
-    { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ecx_export },
-    { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ecx_imexport_types },
-    { 0, NULL }
-};
+#define MAKE_KEYMGMT_FUNCTIONS(alg) \
+    const OSSL_DISPATCH alg##_keymgmt_functions[] = { \
+        { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))alg##_new_key }, \
+        { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ecx_key_free }, \
+        { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))alg##_get_params }, \
+        { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))ecx_gettable_params }, \
+        { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ecx_has }, \
+        { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ecx_import }, \
+        { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ecx_imexport_types }, \
+        { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ecx_export }, \
+        { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ecx_imexport_types }, \
+        { 0, NULL } \
+    };
+
+MAKE_KEYMGMT_FUNCTIONS(x25519)
+MAKE_KEYMGMT_FUNCTIONS(x448)
+MAKE_KEYMGMT_FUNCTIONS(ed25519)
+MAKE_KEYMGMT_FUNCTIONS(ed448)
-- 
2.34.1