Add full primitives for ED25519

This change adds exported `ed25519.New{Signer,Verifier}` functions which are kept internal using `internalapi.Token`. PiperOrigin-RevId: 698137108 Change-Id: I16edf1fb6bd586c6d98e52a4b620032675ce8c15
tink-crypto · Nov 19, 2024 · 272c810 · 272c810
1 parent 34699eb
commit 272c810
Show file tree

Hide file tree

Showing 4 changed files with 467 additions and 4 deletions.
diff --git a/signature/ed25519/key_test.go b/signature/ed25519/key_test.go
@@ -408,10 +408,9 @@ func TestPublicKeyKeyBytes(t *testing.T) {
 }
 
 const (
-	// Taken from
-	// https://github.com/google/boringssl/blob/f10c1dc37174843c504a80e94c252e35b7b1eb61/crypto/evp/evp_tests.txt#L178
-	privKeyHex = "9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"
-	pubKeyHex  = "d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a"
+	// Taken from https://datatracker.ietf.org/doc/html/rfc8032#appendix-A - TEST 3.
+	privKeyHex = "c5aa8df43f9f837bedb7442f31dcb7b166d38535076f094b85ce3a2e0b4458f7"
+	pubKeyHex  = "fc51cd8e6218a1a38da47ed00230f0580816ed13ba3303ac5deb911548908025"
 )
 
 var testCases = []struct {

diff --git a/signature/ed25519/signer.go b/signature/ed25519/signer.go
@@ -0,0 +1,61 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package ed25519
+
+import (
+	"crypto/ed25519"
+	"fmt"
+	"slices"
+
+	"github.com/tink-crypto/tink-go/v2/insecuresecretdataaccess"
+	"github.com/tink-crypto/tink-go/v2/internal/internalapi"
+	"github.com/tink-crypto/tink-go/v2/tink"
+)
+
+// signer is an implementation of [tink.Signer] for ED25519.
+type signer struct {
+	privateKey ed25519.PrivateKey
+	prefix     []byte
+	variant    Variant
+}
+
+var _ tink.Signer = (*signer)(nil)
+
+// NewSigner creates a new [tink.Signer] for ED25519.
+//
+// This is an internal API.
+func NewSigner(privateKey *PrivateKey, _ internalapi.Token) (tink.Signer, error) {
+	return &signer{
+		privateKey: ed25519.NewKeyFromSeed(privateKey.PrivateKeyBytes().Data(insecuresecretdataaccess.Token{})),
+		prefix:     privateKey.OutputPrefix(),
+		variant:    privateKey.publicKey.params.Variant(),
+	}, nil
+}
+
+// Sign computes a signature for the given data.
+//
+// If the key has prefix, the signature will be prefixed with the output
+// prefix.
+func (e *signer) Sign(data []byte) ([]byte, error) {
+	messageToSign := data
+	if e.variant == VariantLegacy {
+		messageToSign = slices.Concat(data, []byte{0})
+	}
+	r := ed25519.Sign(e.privateKey, messageToSign)
+	if len(r) != ed25519.SignatureSize {
+		return nil, fmt.Errorf("ed25519: invalid signature")
+	}
+	return slices.Concat(e.prefix, r), nil
+}