/src/serenity/Userland/Libraries/LibCrypto/Curves/Ed25519.h

Source (jump to first uncovered line)
/*
 * Copyright (c) 2022, stelar7 <dudedbz@gmail.com>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 */

#pragma once

#include <AK/ByteBuffer.h>
#include <LibCrypto/Curves/EllipticCurve.h>

namespace Crypto::Curves {

struct Ed25519Point {
    u32 x[8] {};
    u32 y[8] {};
    u32 z[8] {};
    u32 t[8] {};
};

class Ed25519 {
public:
    static constexpr Ed25519Point BASE_POINT = {
        { 0x8F25D51A, 0xC9562D60, 0x9525A7B2, 0x692CC760, 0xFDD6DC5C, 0xC0A4E231, 0xCD6E53FE, 0x216936D3 },
        { 0x66666658, 0x66666666, 0x66666666, 0x66666666, 0x66666666, 0x66666666, 0x66666666, 0x66666666 },
        { 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000 },
        { 0xA5B7DDA3, 0x6DDE8AB3, 0x775152F5, 0x20F09F80, 0x64ABE37D, 0x66EA4E8E, 0xD78B7665, 0x67875F0F }
    };

    size_t key_size() { return 32; }
    size_t signature_size() { return 64; }
    ErrorOr<ByteBuffer> generate_private_key();
    ErrorOr<ByteBuffer> generate_public_key(ReadonlyBytes private_key);

    ErrorOr<ByteBuffer> sign(ReadonlyBytes public_key, ReadonlyBytes private_key, ReadonlyBytes message);
    bool verify(ReadonlyBytes public_key, ReadonlyBytes signature, ReadonlyBytes message);

private:
    void encode_point(Ed25519Point* point, u8* data);
    u32 decode_point(Ed25519Point* point, u8 const* data);

    void point_add(Ed25519Point* result, Ed25519Point const* p, Ed25519Point const* q);
    void point_double(Ed25519Point* result, Ed25519Point const* point);
    void point_multiply_scalar(Ed25519Point* result, u8 const* scalar, Ed25519Point const* point);

    void barrett_reduce(u8* result, u8 const* input);

    void add(u8* result, u8 const* a, u8 const* b, u8 n);
    u8 subtract(u8* result, u8 const* a, u8 const* b, u8 n);
    void multiply(u8* result_low, u8* result_high, u8 const* a, u8 const* b, u8 n);

    void select(u8* result, u8 const* a, u8 const* b, u8 c, u8 n);
    u8 compare(u8 const* a, u8 const* b, u8 n);
    void copy(u8* a, u8 const* b, u32 n);

    u8 k[64] {};
    u8 p[32] {};
    u8 r[32] {};
    u8 s[32] {};
    Ed25519Point ka {};
    Ed25519Point rb {};
    Ed25519Point sb {};
    Ed25519Point u {};
    Ed25519Point v {};
    u32 a[8] {};
    u32 b[8] {};
    u32 c[8] {};
    u32 d[8] {};
    u32 e[8] {};
    u32 f[8] {};
    u32 g[8] {};
    u32 h[8] {};
};

}

Coverage Report

Created: 2025-03-04 07:22

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright (c) 2022, stelar7 <dudedbz@gmail.com>
3		*
4		* SPDX-License-Identifier: BSD-2-Clause
5		*/
6
7		#pragma once
8
9		#include <AK/ByteBuffer.h>
10		#include <LibCrypto/Curves/EllipticCurve.h>
11
12		namespace Crypto::Curves {
13
14		struct Ed25519Point {
15		u32 x[8] {};
16		u32 y[8] {};
17		u32 z[8] {};
18		u32 t[8] {};
19		};
20
21		class Ed25519 {
22		public:
23		static constexpr Ed25519Point BASE_POINT = {
24		{ 0x8F25D51A, 0xC9562D60, 0x9525A7B2, 0x692CC760, 0xFDD6DC5C, 0xC0A4E231, 0xCD6E53FE, 0x216936D3 },
25		{ 0x66666658, 0x66666666, 0x66666666, 0x66666666, 0x66666666, 0x66666666, 0x66666666, 0x66666666 },
26		{ 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000 },
27		{ 0xA5B7DDA3, 0x6DDE8AB3, 0x775152F5, 0x20F09F80, 0x64ABE37D, 0x66EA4E8E, 0xD78B7665, 0x67875F0F }
28		};
29
30	0	size_t key_size() { return 32; }
31	0	size_t signature_size() { return 64; }
32		ErrorOr<ByteBuffer> generate_private_key();
33		ErrorOr<ByteBuffer> generate_public_key(ReadonlyBytes private_key);
34
35		ErrorOr<ByteBuffer> sign(ReadonlyBytes public_key, ReadonlyBytes private_key, ReadonlyBytes message);
36		bool verify(ReadonlyBytes public_key, ReadonlyBytes signature, ReadonlyBytes message);
37
38		private:
39		void encode_point(Ed25519Point* point, u8* data);
40		u32 decode_point(Ed25519Point* point, u8 const* data);
41
42		void point_add(Ed25519Point* result, Ed25519Point const* p, Ed25519Point const* q);
43		void point_double(Ed25519Point* result, Ed25519Point const* point);
44		void point_multiply_scalar(Ed25519Point* result, u8 const* scalar, Ed25519Point const* point);
45
46		void barrett_reduce(u8* result, u8 const* input);
47
48		void add(u8* result, u8 const* a, u8 const* b, u8 n);
49		u8 subtract(u8* result, u8 const* a, u8 const* b, u8 n);
50		void multiply(u8* result_low, u8* result_high, u8 const* a, u8 const* b, u8 n);
51
52		void select(u8* result, u8 const* a, u8 const* b, u8 c, u8 n);
53		u8 compare(u8 const* a, u8 const* b, u8 n);
54		void copy(u8* a, u8 const* b, u32 n);
55
56		u8 k[64] {};
57		u8 p[32] {};
58		u8 r[32] {};
59		u8 s[32] {};
60		Ed25519Point ka {};
61		Ed25519Point rb {};
62		Ed25519Point sb {};
63		Ed25519Point u {};
64		Ed25519Point v {};
65		u32 a[8] {};
66		u32 b[8] {};
67		u32 c[8] {};
68		u32 d[8] {};
69		u32 e[8] {};
70		u32 f[8] {};
71		u32 g[8] {};
72		u32 h[8] {};
73		};
74
75		}