Implement Ed25519 #2297
Implement Ed25519 #2297
Conversation
|
I note that this includes a 256 bit int implementation. Is it possible to perhaps use the BigInt implementation already in std::math? |
lib/std/crypto/ed25519/c25519.c3
Outdated
| 0x56, 0xb1, 0x83, 0x82, 0x9a, 0x14, 0xe0, 0x00, | ||
| 0x30, 0xd1, 0xf3, 0xee, 0xf2, 0x80, 0x8e, 0x19, | ||
| 0xe7, 0xfc, 0xdf, 0x56, 0xdc, 0xd9, 0x06, 0x24 | ||
| }; |
There was a problem hiding this comment.
Something like this can use the hex literals:
const Int DD = x"59f1b226949bd6eb"
"56b183829a14e000"
"30d1f3eef2808e19"
"e7fcdf56dcd90624";
lib/std/crypto/ed25519.c3
Outdated
| @require public_key.len == PublicKey.len | ||
| *> | ||
| fn bool verify(char[] message, char[] signature, char[] public_key) { | ||
| char ok = 1; |
There was a problem hiding this comment.
As a general guide, stick to the coding style in the rest of the standard library (Allman braces, tabs for indentation)
lib/std/crypto/ed25519.c3
Outdated
| fbase::Int z = fbase::from_bytes(&&sha.final()); | ||
| fbase::Int e = fbase::from_bytes(exp[:fbase::Int.len]); | ||
|
|
||
| r[f25519::Int.len..] = z.mul(&e).add(&k)[..]; |
There was a problem hiding this comment.
Following the general code style, type names are made unique on their own. They are not made unique through module namespacing, so F25519Int would be fine, f25519::Int would not be. In this case, rather than making it long, make c25519 module part of the std::crypto::ed25519, just with private visibility.
No, since :
Thank you for the feedback. I'll see to address the style issues. |
|
See if you can try to make it self contained in a single file, unless there are more that will share the same implementation. |
| @param [&in] a | ||
| @param [&in] b | ||
| *> | ||
| fn char eq(F25519Int* a, F25519Int* b) |
There was a problem hiding this comment.
This is std::crypto::safe_compare but constant-time. Unsure why safe_compare use == to return a boolean since this operator is most likely not constant-time.
| @param [&in] zero : "selected if condition is 0" | ||
| @param [&in] one : "selected if condition is 1" | ||
| *> | ||
| fn F25519Int f25519_select(F25519Int* zero, F25519Int* one, char condition) |
There was a problem hiding this comment.
Maybe this should be abstracted in std::crypto alongside safe_compare.
Update ed25519 with operator overloading. Added @addr macro.
|
So, operator overloading not working on pointers was indeed a bug 😬 |
|
Thank you! |
Implementation of the Ed25519 Digital Signature Algorithm.
1 main module :
std::crypto::ed255193 internal submodules :
std::crypto::ed25519::c25519,std::crypto::ed25519::f25519andstd::crypto::ed25519::fbaseAPI :
alias PrivateKey = char[32]alias PublicKey = char[PrivateKey.len]alias Signature = char[2 * PublicKey.len]fn void public_keygen(char[] private_key)fn Signature sign(char[] message, char[] private_key, char[] public_key)fn bool verify(char[] message, char[] signature, char[] public_key)Exemple usage :