Support EVP_PKEY_sign() and EVP_PKEY_verify() for EdDSA

Adding support for these operations for the EdDSA implementations
makes pkeyutl usable for signing/verifying for these algorithms.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5880)

crypto/ec/ec_err.c

@@ -249,6 +249,8 @@ static const ERR_STRING_DATA EC_str_functs[] = {
      "pkey_ecd_digestsign25519"},
     {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN448, 0),
      "pkey_ecd_digestsign448"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_SIGN25519, 0), "pkey_ecd_sign25519"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_SIGN448, 0), "pkey_ecd_sign448"},
     {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECX_DERIVE, 0), "pkey_ecx_derive"},
     {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL, 0), "pkey_ec_ctrl"},
     {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL_STR, 0), "pkey_ec_ctrl_str"},

crypto/ec/ecx_meth.c

@@ -675,18 +675,18 @@ const EVP_PKEY_METHOD ecx448_pkey_meth = {
     0
 };
 
-static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig,
-                                    size_t *siglen, const unsigned char *tbs,
-                                    size_t tbslen)
+static int pkey_ecd_sign25519(EVP_PKEY_CTX *ctx, unsigned char *sig,
+                              size_t *siglen, const unsigned char *tbs,
+                              size_t tbslen)
 {
-    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+    const ECX_KEY *edkey = ctx->pkey->pkey.ecx;
 
     if (sig == NULL) {
         *siglen = ED25519_SIGSIZE;
         return 1;
     }
     if (*siglen < ED25519_SIGSIZE) {
-        ECerr(EC_F_PKEY_ECD_DIGESTSIGN25519, EC_R_BUFFER_TOO_SMALL);
+        ECerr(EC_F_PKEY_ECD_SIGN25519, EC_R_BUFFER_TOO_SMALL);
         return 0;
     }
 
@@ -696,18 +696,26 @@ static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig,
     return 1;
 }
 
-static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig,
-                                  size_t *siglen, const unsigned char *tbs,
-                                  size_t tbslen)
+static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig,
+                                    size_t *siglen, const unsigned char *tbs,
+                                    size_t tbslen)
+{
+    return pkey_ecd_sign25519(EVP_MD_CTX_pkey_ctx(ctx), sig, siglen, tbs,
+                              tbslen);
+}
+
+static int pkey_ecd_sign448(EVP_PKEY_CTX *ctx, unsigned char *sig,
+                            size_t *siglen, const unsigned char *tbs,
+                            size_t tbslen)
 {
-    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+    const ECX_KEY *edkey = ctx->pkey->pkey.ecx;
 
     if (sig == NULL) {
         *siglen = ED448_SIGSIZE;
         return 1;
     }
     if (*siglen < ED448_SIGSIZE) {
-        ECerr(EC_F_PKEY_ECD_DIGESTSIGN448, EC_R_BUFFER_TOO_SMALL);
+        ECerr(EC_F_PKEY_ECD_SIGN448, EC_R_BUFFER_TOO_SMALL);
         return 0;
     }
 
@@ -718,11 +726,18 @@ static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig,
     return 1;
 }
 
-static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig,
-                                      size_t siglen, const unsigned char *tbs,
-                                      size_t tbslen)
+static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig,
+                                  size_t *siglen, const unsigned char *tbs,
+                                  size_t tbslen)
+{
+    return pkey_ecd_sign448(EVP_MD_CTX_pkey_ctx(ctx), sig, siglen, tbs, tbslen);
+}
+
+static int pkey_ecd_verify25519(EVP_PKEY_CTX *ctx, const unsigned char *sig,
+                                size_t siglen, const unsigned char *tbs,
+                                size_t tbslen)
 {
-    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+    const ECX_KEY *edkey = ctx->pkey->pkey.ecx;
 
     if (siglen != ED25519_SIGSIZE)
         return 0;
@@ -730,11 +745,19 @@ static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig,
     return ED25519_verify(tbs, tbslen, sig, edkey->pubkey);
 }
 
-static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig,
-                                    size_t siglen, const unsigned char *tbs,
-                                    size_t tbslen)
+static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig,
+                                      size_t siglen, const unsigned char *tbs,
+                                      size_t tbslen)
+{
+    return pkey_ecd_verify25519(EVP_MD_CTX_pkey_ctx(ctx), sig, siglen, tbs,
+                                tbslen);
+}
+
+static int pkey_ecd_verify448(EVP_PKEY_CTX *ctx, const unsigned char *sig,
+                              size_t siglen, const unsigned char *tbs,
+                              size_t tbslen)
 {
-    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+    const ECX_KEY *edkey = ctx->pkey->pkey.ecx;
 
     if (siglen != ED448_SIGSIZE)
         return 0;
@@ -742,6 +765,14 @@ static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig,
     return ED448_verify(tbs, tbslen, sig, edkey->pubkey, NULL, 0);
 }
 
+static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig,
+                                    size_t siglen, const unsigned char *tbs,
+                                    size_t tbslen)
+{
+    return pkey_ecd_verify448(EVP_MD_CTX_pkey_ctx(ctx), sig, siglen, tbs,
+                              tbslen);
+}
+
 static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 {
     switch (type) {
@@ -762,7 +793,11 @@ const EVP_PKEY_METHOD ed25519_pkey_meth = {
     EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
     0, 0, 0, 0, 0, 0,
     pkey_ecx_keygen,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0,
+    pkey_ecd_sign25519,
+    0,
+    pkey_ecd_verify25519,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
     pkey_ecd_ctrl,
     0,
     pkey_ecd_digestsign25519,
@@ -773,7 +808,11 @@ const EVP_PKEY_METHOD ed448_pkey_meth = {
     EVP_PKEY_ED448, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
     0, 0, 0, 0, 0, 0,
     pkey_ecx_keygen,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0,
+    pkey_ecd_sign448,
+    0,
+    pkey_ecd_verify448,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
     pkey_ecd_ctrl,
     0,
     pkey_ecd_digestsign448,

crypto/err/openssl.txt

@@ -634,6 +634,8 @@ EC_F_PKEY_ECD_CTRL:271:pkey_ecd_ctrl
 EC_F_PKEY_ECD_DIGESTSIGN:272:pkey_ecd_digestsign
 EC_F_PKEY_ECD_DIGESTSIGN25519:276:pkey_ecd_digestsign25519
 EC_F_PKEY_ECD_DIGESTSIGN448:277:pkey_ecd_digestsign448
+EC_F_PKEY_ECD_SIGN25519:284:pkey_ecd_sign25519
+EC_F_PKEY_ECD_SIGN448:285:pkey_ecd_sign448
 EC_F_PKEY_ECX_DERIVE:269:pkey_ecx_derive
 EC_F_PKEY_EC_CTRL:197:pkey_ec_ctrl
 EC_F_PKEY_EC_CTRL_STR:198:pkey_ec_ctrl_str

include/openssl/ecerr.h

@@ -172,6 +172,8 @@ int ERR_load_EC_strings(void);
 #  define EC_F_PKEY_ECD_DIGESTSIGN                         272
 #  define EC_F_PKEY_ECD_DIGESTSIGN25519                    276
 #  define EC_F_PKEY_ECD_DIGESTSIGN448                      277
+#  define EC_F_PKEY_ECD_SIGN25519                          284
+#  define EC_F_PKEY_ECD_SIGN448                            285
 #  define EC_F_PKEY_ECX_DERIVE                             269
 #  define EC_F_PKEY_EC_CTRL                                197
 #  define EC_F_PKEY_EC_CTRL_STR                            198