1use crate::{Array, BatchVerifier, PrivateKeyExt};
2use bytes::{Buf, BufMut};
3use commonware_codec::{Error as CodecError, FixedSize, Read, ReadExt, Write};
4use commonware_utils::{hex, union_unique};
5use ed25519_consensus::{self, VerificationKey};
6use rand::{CryptoRng, Rng, RngCore};
7use std::borrow::Cow;
8use std::fmt::{Debug, Display};
9use std::hash::{Hash, Hasher};
10use std::ops::Deref;
11use zeroize::{Zeroize, ZeroizeOnDrop};
12
13const CURVE_NAME: &str = "ed25519";
14const PRIVATE_KEY_LENGTH: usize = 32;
15const PUBLIC_KEY_LENGTH: usize = 32;
16const SIGNATURE_LENGTH: usize = 64;
17
18#[derive(Clone, Zeroize, ZeroizeOnDrop)]
20pub struct PrivateKey {
21 raw: [u8; PRIVATE_KEY_LENGTH],
22 key: ed25519_consensus::SigningKey,
23}
24
25impl crate::PrivateKey for PrivateKey {}
26
27impl crate::Signer for PrivateKey {
28 type Signature = Signature;
29 type PublicKey = PublicKey;
30
31 fn sign(&self, namespace: Option<&[u8]>, msg: &[u8]) -> Self::Signature {
32 let sig = match namespace {
33 Some(namespace) => self.key.sign(&union_unique(namespace, msg)),
34 None => self.key.sign(msg),
35 };
36 Signature::from(sig)
37 }
38
39 fn public_key(&self) -> Self::PublicKey {
40 let raw = self.key.verification_key().to_bytes();
41 Self::PublicKey {
42 raw,
43 key: self.key.verification_key().to_owned(),
44 }
45 }
46}
47
48impl PrivateKeyExt for PrivateKey {
49 fn from_rng<R: Rng + CryptoRng>(rng: &mut R) -> Self {
50 let key = ed25519_consensus::SigningKey::new(rng);
51 let raw = key.to_bytes();
52 Self { raw, key }
53 }
54}
55
56impl Write for PrivateKey {
57 fn write(&self, buf: &mut impl BufMut) {
58 self.raw.write(buf);
59 }
60}
61
62impl Read for PrivateKey {
63 type Cfg = ();
64
65 fn read_cfg(buf: &mut impl Buf, _: &()) -> Result<Self, CodecError> {
66 let raw = <[u8; Self::SIZE]>::read(buf)?;
67 let key = ed25519_consensus::SigningKey::from(raw);
68 Ok(Self { raw, key })
69 }
70}
71
72impl FixedSize for PrivateKey {
73 const SIZE: usize = PRIVATE_KEY_LENGTH;
74}
75
76impl Array for PrivateKey {}
77
78impl Eq for PrivateKey {}
79
80impl Hash for PrivateKey {
81 fn hash<H: Hasher>(&self, state: &mut H) {
82 self.raw.hash(state);
83 }
84}
85
86impl PartialEq for PrivateKey {
87 fn eq(&self, other: &Self) -> bool {
88 self.raw == other.raw
89 }
90}
91
92impl Ord for PrivateKey {
93 fn cmp(&self, other: &Self) -> std::cmp::Ordering {
94 self.raw.cmp(&other.raw)
95 }
96}
97
98impl PartialOrd for PrivateKey {
99 fn partial_cmp(&self, other: &Self) -> Option<std::cmp::Ordering> {
100 Some(self.cmp(other))
101 }
102}
103
104impl AsRef<[u8]> for PrivateKey {
105 fn as_ref(&self) -> &[u8] {
106 &self.raw
107 }
108}
109
110impl Deref for PrivateKey {
111 type Target = [u8];
112 fn deref(&self) -> &[u8] {
113 &self.raw
114 }
115}
116
117impl From<ed25519_consensus::SigningKey> for PrivateKey {
118 fn from(key: ed25519_consensus::SigningKey) -> Self {
119 let raw = key.to_bytes();
120 Self { raw, key }
121 }
122}
123
124impl Debug for PrivateKey {
125 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
126 write!(f, "{}", hex(&self.raw))
127 }
128}
129
130impl Display for PrivateKey {
131 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
132 write!(f, "{}", hex(&self.raw))
133 }
134}
135
136#[derive(Clone, Eq, PartialEq, Ord, PartialOrd, Hash)]
138pub struct PublicKey {
139 raw: [u8; PUBLIC_KEY_LENGTH],
140 key: ed25519_consensus::VerificationKey,
141}
142
143impl From<PrivateKey> for PublicKey {
144 fn from(value: PrivateKey) -> Self {
145 let raw = value.key.verification_key().to_bytes();
146 Self {
147 raw,
148 key: value.key.verification_key(),
149 }
150 }
151}
152
153impl crate::PublicKey for PublicKey {}
154
155impl crate::Verifier for PublicKey {
156 type Signature = Signature;
157
158 fn verify(&self, namespace: Option<&[u8]>, msg: &[u8], sig: &Self::Signature) -> bool {
159 match namespace {
160 Some(namespace) => {
161 let payload = union_unique(namespace, msg);
162 self.key.verify(&sig.signature, &payload).is_ok()
163 }
164 None => self.key.verify(&sig.signature, msg).is_ok(),
165 }
166 }
167}
168
169impl Write for PublicKey {
170 fn write(&self, buf: &mut impl BufMut) {
171 self.raw.write(buf);
172 }
173}
174
175impl Read for PublicKey {
176 type Cfg = ();
177
178 fn read_cfg(buf: &mut impl Buf, _: &()) -> Result<Self, CodecError> {
179 let raw = <[u8; Self::SIZE]>::read(buf)?;
180 let key = VerificationKey::try_from(raw)
181 .map_err(|e| CodecError::Wrapped(CURVE_NAME, e.into()))?;
182 Ok(Self { raw, key })
183 }
184}
185
186impl FixedSize for PublicKey {
187 const SIZE: usize = PUBLIC_KEY_LENGTH;
188}
189
190impl Array for PublicKey {}
191
192impl AsRef<[u8]> for PublicKey {
193 fn as_ref(&self) -> &[u8] {
194 &self.raw
195 }
196}
197
198impl Deref for PublicKey {
199 type Target = [u8];
200 fn deref(&self) -> &[u8] {
201 &self.raw
202 }
203}
204
205impl From<VerificationKey> for PublicKey {
206 fn from(key: VerificationKey) -> Self {
207 let raw = key.to_bytes();
208 Self { raw, key }
209 }
210}
211
212impl Debug for PublicKey {
213 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
214 write!(f, "{}", hex(&self.raw))
215 }
216}
217
218impl Display for PublicKey {
219 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
220 write!(f, "{}", hex(&self.raw))
221 }
222}
223
224#[derive(Clone, Eq, PartialEq)]
226pub struct Signature {
227 raw: [u8; SIGNATURE_LENGTH],
228 signature: ed25519_consensus::Signature,
229}
230
231impl crate::Signature for Signature {}
232
233impl Write for Signature {
234 fn write(&self, buf: &mut impl BufMut) {
235 self.raw.write(buf);
236 }
237}
238
239impl Read for Signature {
240 type Cfg = ();
241
242 fn read_cfg(buf: &mut impl Buf, _: &()) -> Result<Self, CodecError> {
243 let raw = <[u8; Self::SIZE]>::read(buf)?;
244 let signature = ed25519_consensus::Signature::from(raw);
245 Ok(Self { raw, signature })
246 }
247}
248
249impl FixedSize for Signature {
250 const SIZE: usize = SIGNATURE_LENGTH;
251}
252
253impl Array for Signature {}
254
255impl Hash for Signature {
256 fn hash<H: Hasher>(&self, state: &mut H) {
257 self.raw.hash(state);
258 }
259}
260
261impl Ord for Signature {
262 fn cmp(&self, other: &Self) -> std::cmp::Ordering {
263 self.raw.cmp(&other.raw)
264 }
265}
266
267impl PartialOrd for Signature {
268 fn partial_cmp(&self, other: &Self) -> Option<std::cmp::Ordering> {
269 Some(self.cmp(other))
270 }
271}
272
273impl AsRef<[u8]> for Signature {
274 fn as_ref(&self) -> &[u8] {
275 &self.raw
276 }
277}
278
279impl Deref for Signature {
280 type Target = [u8];
281 fn deref(&self) -> &[u8] {
282 &self.raw
283 }
284}
285
286impl From<ed25519_consensus::Signature> for Signature {
287 fn from(value: ed25519_consensus::Signature) -> Self {
288 let raw = value.to_bytes();
289 Self {
290 raw,
291 signature: value,
292 }
293 }
294}
295
296impl Debug for Signature {
297 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
298 write!(f, "{}", hex(&self.raw))
299 }
300}
301
302impl Display for Signature {
303 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
304 write!(f, "{}", hex(&self.raw))
305 }
306}
307
308pub struct Batch {
310 verifier: ed25519_consensus::batch::Verifier,
311}
312
313impl BatchVerifier<PublicKey> for Batch {
314 fn new() -> Self {
315 Batch {
316 verifier: ed25519_consensus::batch::Verifier::new(),
317 }
318 }
319
320 fn add(
321 &mut self,
322 namespace: Option<&[u8]>,
323 message: &[u8],
324 public_key: &PublicKey,
325 signature: &Signature,
326 ) -> bool {
327 let payload = match namespace {
328 Some(namespace) => Cow::Owned(union_unique(namespace, message)),
329 None => Cow::Borrowed(message),
330 };
331 let item = ed25519_consensus::batch::Item::from((
332 public_key.key.into(),
333 signature.signature,
334 &payload,
335 ));
336 self.verifier.queue(item);
337 true
338 }
339
340 fn verify<R: RngCore + CryptoRng>(self, rng: &mut R) -> bool {
341 self.verifier.verify(rng).is_ok()
342 }
343}
344
345#[cfg(test)]
347mod tests {
348 use super::*;
349 use crate::{ed25519, Signer as _, Verifier as _};
350 use commonware_codec::{DecodeExt, Encode};
351 use rand::rngs::OsRng;
352
353 fn test_sign_and_verify(
354 private_key: PrivateKey,
355 public_key: PublicKey,
356 message: &[u8],
357 signature: Signature,
358 ) {
359 let computed_signature = private_key.sign(None, message);
360 assert_eq!(computed_signature, signature);
361 assert!(public_key.verify(None, message, &computed_signature));
362 }
363
364 fn parse_private_key(private_key: &str) -> PrivateKey {
365 PrivateKey::decode(
366 commonware_utils::from_hex_formatted(private_key)
367 .unwrap()
368 .as_ref(),
369 )
370 .unwrap()
371 }
372
373 fn parse_public_key(public_key: &str) -> PublicKey {
374 PublicKey::decode(
375 commonware_utils::from_hex_formatted(public_key)
376 .unwrap()
377 .as_ref(),
378 )
379 .unwrap()
380 }
381
382 fn parse_signature(signature: &str) -> Signature {
383 Signature::decode(
384 commonware_utils::from_hex_formatted(signature)
385 .unwrap()
386 .as_ref(),
387 )
388 .unwrap()
389 }
390
391 fn vector_1() -> (PrivateKey, PublicKey, Vec<u8>, Signature) {
392 (
393 parse_private_key(
395 "
396 9d61b19deffd5a60ba844af492ec2cc4
397 4449c5697b326919703bac031cae7f60
398 ",
399 ),
400 parse_public_key(
402 "
403 d75a980182b10ab7d54bfed3c964073a
404 0ee172f3daa62325af021a68f707511a
405 ",
406 ),
407 b"".to_vec(),
409 parse_signature(
411 "
412 e5564300c360ac729086e2cc806e828a
413 84877f1eb8e5d974d873e06522490155
414 5fb8821590a33bacc61e39701cf9b46b
415 d25bf5f0595bbe24655141438e7a100b
416 ",
417 ),
418 )
419 }
420
421 fn vector_2() -> (PrivateKey, PublicKey, Vec<u8>, Signature) {
422 (
423 parse_private_key(
425 "
426 4ccd089b28ff96da9db6c346ec114e0f
427 5b8a319f35aba624da8cf6ed4fb8a6fb
428 ",
429 ),
430 parse_public_key(
432 "
433 3d4017c3e843895a92b70aa74d1b7ebc
434 9c982ccf2ec4968cc0cd55f12af4660c
435 ",
436 ),
437 [0x72].to_vec(),
439 parse_signature(
441 "
442 92a009a9f0d4cab8720e820b5f642540
443 a2b27b5416503f8fb3762223ebdb69da
444 085ac1e43e15996e458f3613d0f11d8c
445 387b2eaeb4302aeeb00d291612bb0c00
446 ",
447 ),
448 )
449 }
450
451 #[test]
452 fn test_codec_private_key() {
453 let private_key = parse_private_key(
454 "
455 9d61b19deffd5a60ba844af492ec2cc4
456 4449c5697b326919703bac031cae7f60
457 ",
458 );
459 let encoded = private_key.encode();
460 assert_eq!(encoded.len(), PRIVATE_KEY_LENGTH);
461 let decoded = PrivateKey::decode(encoded).unwrap();
462 assert_eq!(private_key, decoded);
463 }
464
465 #[test]
466 fn test_codec_public_key() {
467 let public_key = parse_public_key(
468 "
469 d75a980182b10ab7d54bfed3c964073a
470 0ee172f3daa62325af021a68f707511a
471 ",
472 );
473 let encoded = public_key.encode();
474 assert_eq!(encoded.len(), PUBLIC_KEY_LENGTH);
475 let decoded = PublicKey::decode(encoded).unwrap();
476 assert_eq!(public_key, decoded);
477 }
478
479 #[test]
480 fn test_codec_signature() {
481 let signature = parse_signature(
482 "
483 e5564300c360ac729086e2cc806e828a
484 84877f1eb8e5d974d873e06522490155
485 5fb8821590a33bacc61e39701cf9b46b
486 d25bf5f0595bbe24655141438e7a100b
487 ",
488 );
489 let encoded = signature.encode();
490 assert_eq!(encoded.len(), SIGNATURE_LENGTH);
491 let decoded = Signature::decode(encoded).unwrap();
492 assert_eq!(signature, decoded);
493 }
494
495 #[test]
496 fn rfc8032_test_vector_1() {
497 let (private_key, public_key, message, signature) = vector_1();
498 test_sign_and_verify(private_key, public_key, &message, signature)
499 }
500
501 #[test]
503 #[should_panic]
504 fn bad_signature() {
505 let (private_key, public_key, message, _) = vector_1();
506 let private_key_2 = PrivateKey::from_rng(&mut OsRng);
507 let bad_signature = private_key_2.sign(None, message.as_ref());
508 test_sign_and_verify(private_key, public_key, &message, bad_signature);
509 }
510
511 #[test]
513 #[should_panic]
514 fn different_message() {
515 let (private_key, public_key, _, signature) = vector_1();
516 let different_message = b"this is a different message".to_vec();
517 test_sign_and_verify(private_key, public_key, &different_message, signature);
518 }
519
520 #[test]
521 fn rfc8032_test_vector_2() {
522 let (private_key, public_key, message, signature) = vector_2();
523 test_sign_and_verify(private_key, public_key, &message, signature)
524 }
525
526 #[test]
527 fn rfc8032_test_vector_3() {
528 let private_key = parse_private_key(
529 "
530 c5aa8df43f9f837bedb7442f31dcb7b1
531 66d38535076f094b85ce3a2e0b4458f7
532 ",
533 );
534 let public_key = parse_public_key(
535 "
536 fc51cd8e6218a1a38da47ed00230f058
537 0816ed13ba3303ac5deb911548908025
538 ",
539 );
540 let message: [u8; 2] = [0xaf, 0x82];
541 let signature = parse_signature(
542 "
543 6291d657deec24024827e69c3abe01a3
544 0ce548a284743a445e3680d7db5ac3ac
545 18ff9b538d16f290ae67f760984dc659
546 4a7c15e9716ed28dc027beceea1ec40a
547 ",
548 );
549 test_sign_and_verify(private_key, public_key, &message, signature)
550 }
551
552 #[test]
553 fn rfc8032_test_vector_1024() {
554 let private_key = parse_private_key(
555 "
556 f5e5767cf153319517630f226876b86c
557 8160cc583bc013744c6bf255f5cc0ee5
558 ",
559 );
560 let public_key = parse_public_key(
561 "
562 278117fc144c72340f67d0f2316e8386
563 ceffbf2b2428c9c51fef7c597f1d426e
564 ",
565 );
566 let message = commonware_utils::from_hex_formatted(
567 "
568 08b8b2b733424243760fe426a4b54908
569 632110a66c2f6591eabd3345e3e4eb98
570 fa6e264bf09efe12ee50f8f54e9f77b1
571 e355f6c50544e23fb1433ddf73be84d8
572 79de7c0046dc4996d9e773f4bc9efe57
573 38829adb26c81b37c93a1b270b20329d
574 658675fc6ea534e0810a4432826bf58c
575 941efb65d57a338bbd2e26640f89ffbc
576 1a858efcb8550ee3a5e1998bd177e93a
577 7363c344fe6b199ee5d02e82d522c4fe
578 ba15452f80288a821a579116ec6dad2b
579 3b310da903401aa62100ab5d1a36553e
580 06203b33890cc9b832f79ef80560ccb9
581 a39ce767967ed628c6ad573cb116dbef
582 efd75499da96bd68a8a97b928a8bbc10
583 3b6621fcde2beca1231d206be6cd9ec7
584 aff6f6c94fcd7204ed3455c68c83f4a4
585 1da4af2b74ef5c53f1d8ac70bdcb7ed1
586 85ce81bd84359d44254d95629e9855a9
587 4a7c1958d1f8ada5d0532ed8a5aa3fb2
588 d17ba70eb6248e594e1a2297acbbb39d
589 502f1a8c6eb6f1ce22b3de1a1f40cc24
590 554119a831a9aad6079cad88425de6bd
591 e1a9187ebb6092cf67bf2b13fd65f270
592 88d78b7e883c8759d2c4f5c65adb7553
593 878ad575f9fad878e80a0c9ba63bcbcc
594 2732e69485bbc9c90bfbd62481d9089b
595 eccf80cfe2df16a2cf65bd92dd597b07
596 07e0917af48bbb75fed413d238f5555a
597 7a569d80c3414a8d0859dc65a46128ba
598 b27af87a71314f318c782b23ebfe808b
599 82b0ce26401d2e22f04d83d1255dc51a
600 ddd3b75a2b1ae0784504df543af8969b
601 e3ea7082ff7fc9888c144da2af58429e
602 c96031dbcad3dad9af0dcbaaaf268cb8
603 fcffead94f3c7ca495e056a9b47acdb7
604 51fb73e666c6c655ade8297297d07ad1
605 ba5e43f1bca32301651339e22904cc8c
606 42f58c30c04aafdb038dda0847dd988d
607 cda6f3bfd15c4b4c4525004aa06eeff8
608 ca61783aacec57fb3d1f92b0fe2fd1a8
609 5f6724517b65e614ad6808d6f6ee34df
610 f7310fdc82aebfd904b01e1dc54b2927
611 094b2db68d6f903b68401adebf5a7e08
612 d78ff4ef5d63653a65040cf9bfd4aca7
613 984a74d37145986780fc0b16ac451649
614 de6188a7dbdf191f64b5fc5e2ab47b57
615 f7f7276cd419c17a3ca8e1b939ae49e4
616 88acba6b965610b5480109c8b17b80e1
617 b7b750dfc7598d5d5011fd2dcc5600a3
618 2ef5b52a1ecc820e308aa342721aac09
619 43bf6686b64b2579376504ccc493d97e
620 6aed3fb0f9cd71a43dd497f01f17c0e2
621 cb3797aa2a2f256656168e6c496afc5f
622 b93246f6b1116398a346f1a641f3b041
623 e989f7914f90cc2c7fff357876e506b5
624 0d334ba77c225bc307ba537152f3f161
625 0e4eafe595f6d9d90d11faa933a15ef1
626 369546868a7f3a45a96768d40fd9d034
627 12c091c6315cf4fde7cb68606937380d
628 b2eaaa707b4c4185c32eddcdd306705e
629 4dc1ffc872eeee475a64dfac86aba41c
630 0618983f8741c5ef68d3a101e8a3b8ca
631 c60c905c15fc910840b94c00a0b9d0
632 ",
633 )
634 .unwrap();
635 let signature = parse_signature(
636 "
637 0aab4c900501b3e24d7cdf4663326a3a
638 87df5e4843b2cbdb67cbf6e460fec350
639 aa5371b1508f9f4528ecea23c436d94b
640 5e8fcd4f681e30a6ac00a9704a188a03
641 ",
642 );
643 test_sign_and_verify(private_key, public_key, &message, signature)
644 }
645
646 #[test]
647 fn rfc8032_test_vector_sha() {
648 let private_key = commonware_utils::from_hex_formatted(
649 "
650 833fe62409237b9d62ec77587520911e
651 9a759cec1d19755b7da901b96dca3d42
652 ",
653 )
654 .unwrap();
655 let public_key = commonware_utils::from_hex_formatted(
656 "
657 ec172b93ad5e563bf4932c70e1245034
658 c35467ef2efd4d64ebf819683467e2bf
659 ",
660 )
661 .unwrap();
662 let message = commonware_utils::from_hex_formatted(
663 "
664 ddaf35a193617abacc417349ae204131
665 12e6fa4e89a97ea20a9eeee64b55d39a
666 2192992a274fc1a836ba3c23a3feebbd
667 454d4423643ce80e2a9ac94fa54ca49f
668 ",
669 )
670 .unwrap();
671 let signature = commonware_utils::from_hex_formatted(
672 "
673 dc2a4459e7369633a52b1bf277839a00
674 201009a3efbf3ecb69bea2186c26b589
675 09351fc9ac90b3ecfdfbc7c66431e030
676 3dca179c138ac17ad9bef1177331a704
677 ",
678 )
679 .unwrap();
680 test_sign_and_verify(
681 PrivateKey::decode(private_key.as_ref()).unwrap(),
682 PublicKey::decode(public_key.as_ref()).unwrap(),
683 &message,
684 Signature::decode(signature.as_ref()).unwrap(),
685 )
686 }
687
688 #[test]
689 fn batch_verify_valid() {
690 let v1 = vector_1();
691 let v2 = vector_2();
692 let mut batch = ed25519::Batch::new();
693 assert!(batch.add(None, &v1.2, &v1.1, &v1.3));
694 assert!(batch.add(None, &v2.2, &v2.1, &v2.3));
695 assert!(batch.verify(&mut rand::thread_rng()));
696 }
697
698 #[test]
699 fn batch_verify_invalid() {
700 let v1 = vector_1();
701 let v2 = vector_2();
702 let mut bad_signature = v2.3.to_vec();
703 bad_signature[3] = 0xff;
704
705 let mut batch = Batch::new();
706 assert!(batch.add(None, &v1.2, &v1.1, &v1.3));
707 assert!(batch.add(
708 None,
709 &v2.2,
710 &v2.1,
711 &Signature::decode(bad_signature.as_ref()).unwrap()
712 ));
713 assert!(!batch.verify(&mut rand::thread_rng()));
714 }
715
716 #[test]
717 fn test_zero_signature_fails() {
718 let (_, public_key, message, _) = vector_1();
719 let zero_sig = Signature::decode(vec![0u8; Signature::SIZE].as_ref()).unwrap();
720 assert!(!public_key.verify(None, &message, &zero_sig));
721 }
722
723 #[test]
724 fn test_high_s_fails() {
725 let (_, public_key, message, signature) = vector_1();
726 let mut bad_signature = signature.to_vec();
727 bad_signature[63] |= 0x80; let bad_signature = Signature::decode(bad_signature.as_ref()).unwrap();
729 assert!(!public_key.verify(None, &message, &bad_signature));
730 }
731
732 #[test]
733 fn test_invalid_r_fails() {
734 let (_, public_key, message, signature) = vector_1();
735 let mut bad_signature = signature.to_vec();
736 for b in bad_signature.iter_mut().take(32) {
737 *b = 0xff; }
739 let bad_signature = Signature::decode(bad_signature.as_ref()).unwrap();
740 assert!(!public_key.verify(None, &message, &bad_signature));
741 }
742}