seq_runtime/crypto/
ed25519.rs

1//! Ed25519 signature operations: keypair generation, sign, verify.
2
3use crate::seqstring::global_string;
4use crate::stack::{Stack, pop, push};
5use crate::value::Value;
6
7use ed25519_dalek::{Signature, Signer, SigningKey, Verifier, VerifyingKey};
8// Ed25519's `SigningKey::generate` requires a `CryptoRngCore` from
9// `rand_core` 0.6. The runtime already depends on `aes_gcm`, which
10// re-exports a 0.6-compatible `OsRng` — reuse it rather than pull a
11// duplicate `rand_core` version.
12use aes_gcm::aead::OsRng;
13
14// ============================================================================
15// Ed25519 Digital Signatures
16// ============================================================================
17
18/// Generate an Ed25519 keypair
19///
20/// Stack effect: ( -- public-key private-key )
21///
22/// Returns:
23/// - public-key: Hex-encoded 32-byte public key (64 hex characters)
24/// - private-key: Hex-encoded 32-byte private key (64 hex characters)
25///
26/// # Safety
27/// Stack must be valid
28#[unsafe(no_mangle)]
29pub unsafe extern "C" fn patch_seq_crypto_ed25519_keypair(stack: Stack) -> Stack {
30    assert!(!stack.is_null(), "crypto.ed25519-keypair: stack is null");
31
32    let signing_key = SigningKey::generate(&mut OsRng);
33    let verifying_key = signing_key.verifying_key();
34
35    let private_hex = hex::encode(signing_key.to_bytes());
36    let public_hex = hex::encode(verifying_key.to_bytes());
37
38    let stack = unsafe { push(stack, Value::String(global_string(public_hex))) };
39    unsafe { push(stack, Value::String(global_string(private_hex))) }
40}
41
42/// Sign a message with an Ed25519 private key
43///
44/// Stack effect: ( message private-key -- signature success )
45///
46/// Parameters:
47/// - message: The message to sign (any string)
48/// - private-key: Hex-encoded 32-byte private key (64 hex characters)
49///
50/// Returns:
51/// - signature: Hex-encoded 64-byte signature (128 hex characters)
52/// - success: Bool indicating success
53///
54/// # Safety
55/// Stack must have String, String values on top
56#[unsafe(no_mangle)]
57pub unsafe extern "C" fn patch_seq_crypto_ed25519_sign(stack: Stack) -> Stack {
58    assert!(!stack.is_null(), "crypto.ed25519-sign: stack is null");
59
60    let (stack, key_val) = unsafe { pop(stack) };
61    let (stack, msg_val) = unsafe { pop(stack) };
62
63    match (msg_val, key_val) {
64        (Value::String(message), Value::String(private_key_hex)) => {
65            match ed25519_sign(message.as_str(), private_key_hex.as_str()) {
66                Some(signature) => {
67                    let stack = unsafe { push(stack, Value::String(global_string(signature))) };
68                    unsafe { push(stack, Value::Bool(true)) }
69                }
70                None => {
71                    let stack = unsafe { push(stack, Value::String(global_string(String::new()))) };
72                    unsafe { push(stack, Value::Bool(false)) }
73                }
74            }
75        }
76        _ => panic!("crypto.ed25519-sign: expected String, String on stack"),
77    }
78}
79
80/// Verify an Ed25519 signature
81///
82/// Stack effect: ( message signature public-key -- valid )
83///
84/// Parameters:
85/// - message: The original message
86/// - signature: Hex-encoded 64-byte signature (128 hex characters)
87/// - public-key: Hex-encoded 32-byte public key (64 hex characters)
88///
89/// Returns:
90/// - valid: Bool indicating whether the signature is valid
91///
92/// # Safety
93/// Stack must have String, String, String values on top
94#[unsafe(no_mangle)]
95pub unsafe extern "C" fn patch_seq_crypto_ed25519_verify(stack: Stack) -> Stack {
96    assert!(!stack.is_null(), "crypto.ed25519-verify: stack is null");
97
98    let (stack, pubkey_val) = unsafe { pop(stack) };
99    let (stack, sig_val) = unsafe { pop(stack) };
100    let (stack, msg_val) = unsafe { pop(stack) };
101
102    match (msg_val, sig_val, pubkey_val) {
103        (Value::String(message), Value::String(signature_hex), Value::String(public_key_hex)) => {
104            let valid = ed25519_verify(
105                message.as_str(),
106                signature_hex.as_str(),
107                public_key_hex.as_str(),
108            );
109            unsafe { push(stack, Value::Bool(valid)) }
110        }
111        _ => panic!("crypto.ed25519-verify: expected String, String, String on stack"),
112    }
113}
114
115// Helper functions for Ed25519
116
117pub(super) fn ed25519_sign(message: &str, private_key_hex: &str) -> Option<String> {
118    let key_bytes = hex::decode(private_key_hex).ok()?;
119    if key_bytes.len() != 32 {
120        return None;
121    }
122
123    let key_array: [u8; 32] = key_bytes.try_into().ok()?;
124    let signing_key = SigningKey::from_bytes(&key_array);
125    let signature = signing_key.sign(message.as_bytes());
126
127    Some(hex::encode(signature.to_bytes()))
128}
129
130pub(super) fn ed25519_verify(message: &str, signature_hex: &str, public_key_hex: &str) -> bool {
131    let verify_inner = || -> Option<bool> {
132        let sig_bytes = hex::decode(signature_hex).ok()?;
133        if sig_bytes.len() != 64 {
134            return Some(false);
135        }
136
137        let pubkey_bytes = hex::decode(public_key_hex).ok()?;
138        if pubkey_bytes.len() != 32 {
139            return Some(false);
140        }
141
142        let sig_array: [u8; 64] = sig_bytes.try_into().ok()?;
143        let pubkey_array: [u8; 32] = pubkey_bytes.try_into().ok()?;
144
145        let signature = Signature::from_bytes(&sig_array);
146        let verifying_key = VerifyingKey::from_bytes(&pubkey_array).ok()?;
147
148        Some(verifying_key.verify(message.as_bytes(), &signature).is_ok())
149    };
150
151    verify_inner().unwrap_or(false)
152}
seq_runtime/crypto/ed25519.rs

seq_runtime/crypto/
ed25519.rs
