From d3e395c4e1903574d2c306f821dab3fdba545635 Mon Sep 17 00:00:00 2001
From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com>
Date: Fri, 27 Oct 2023 16:28:30 -0700
Subject: [PATCH] Refactor ED25519_sign into hw and nohw backend

---
 crypto/curve25519/curve25519.c      | 23 ++++++++++++++++++-----
 crypto/curve25519/curve25519_nohw.c |  7 +++++++
 crypto/curve25519/internal.h        |  3 +++
 3 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/crypto/curve25519/curve25519.c b/crypto/curve25519/curve25519.c
index b87d1fe4252..b1a43b5af15 100644
--- a/crypto/curve25519/curve25519.c
+++ b/crypto/curve25519/curve25519.c
@@ -51,6 +51,11 @@ OPENSSL_INLINE int x25519_s2n_bignum_capable(void) {
 #endif
 }
 
+// Return 0 until ED25519 lands in s2n-bignum
+OPENSSL_INLINE int ed25519_s2n_bignum_capable(void) {
+  return 0;
+}
+
 // Stub functions if implementations are not compiled.
 // These functions have to abort, otherwise we risk applications assuming they
 // did work without actually doing anything.
@@ -234,10 +239,15 @@ static void x25519_s2n_bignum_public_from_private(
 #endif
 }
 
+// Stub function until ED25519 lands in s2n-bignum
+static void ed25519_keypair_from_seed_s2n_bignum(uint8_t out_public_key[32],
+  uint8_t az[SHA512_DIGEST_LENGTH]) {
+  abort();
+}
 
 void ED25519_keypair_from_seed(uint8_t out_public_key[32],
-                               uint8_t out_private_key[64],
-                               const uint8_t seed[ED25519_SEED_LEN]) {
+  uint8_t out_private_key[64], const uint8_t seed[ED25519_SEED_LEN]) {
+
   uint8_t az[SHA512_DIGEST_LENGTH];
   SHA512(seed, ED25519_SEED_LEN, az);
 
@@ -245,10 +255,13 @@ void ED25519_keypair_from_seed(uint8_t out_public_key[32],
   az[31] &= 127;
   az[31] |= 64;
 
-  ge_p3 A;
-  x25519_ge_scalarmult_base(&A, az);
-  ge_p3_tobytes(out_public_key, &A);
+  if (ed25519_s2n_bignum_capable() == 1) {
+    ed25519_keypair_from_seed_s2n_bignum(out_public_key, az);
+  } else {
+    ed25519_keypair_from_seed_nohw(out_public_key, az);
+  }
 
+  OPENSSL_STATIC_ASSERT(64 == (ED25519_SEED_LEN + 32), ed25519_parameter_length_mismatch)
   OPENSSL_memcpy(out_private_key, seed, ED25519_SEED_LEN);
   OPENSSL_memcpy(out_private_key + ED25519_SEED_LEN, out_public_key, 32);
 }
diff --git a/crypto/curve25519/curve25519_nohw.c b/crypto/curve25519/curve25519_nohw.c
index 3776c49c519..a5b12607c44 100644
--- a/crypto/curve25519/curve25519_nohw.c
+++ b/crypto/curve25519/curve25519_nohw.c
@@ -1968,3 +1968,10 @@ void x25519_public_from_private_nohw(uint8_t out_public_value[32],
   fe_tobytes(out_public_value, &zminusy_inv);
   CONSTTIME_DECLASSIFY(out_public_value, 32);
 }
+
+void ed25519_keypair_from_seed_nohw(uint8_t out_public_key[32],
+    uint8_t az[SHA512_DIGEST_LENGTH]) {
+  ge_p3 A;
+  x25519_ge_scalarmult_base(&A, az);
+  ge_p3_tobytes(out_public_key, &A);
+}
diff --git a/crypto/curve25519/internal.h b/crypto/curve25519/internal.h
index 3458c3eb3d2..f3f060bc8b0 100644
--- a/crypto/curve25519/internal.h
+++ b/crypto/curve25519/internal.h
@@ -20,6 +20,7 @@ extern "C" {
 #endif
 
 #include <openssl/base.h>
+#include <openssl/curve25519.h>
 
 #include "../internal.h"
 
@@ -114,6 +115,8 @@ void x25519_scalar_mult_generic_nohw(uint8_t out[32],
                                       const uint8_t point[32]);
 void x25519_public_from_private_nohw(uint8_t out_public_value[32],
                                       const uint8_t private_key[32]);
+void ed25519_keypair_from_seed_nohw(uint8_t out_public_key[32],
+                               uint8_t az[SHA512_DIGEST_LENGTH]);
 
 // Port to internal linkage in curve25519_nohw.c when adding implementation
 // from s2n-bignum ed25519