feat(OCLT-31): add Ed25519 wrapper

occult-app · Apr 27, 2024 · cf8480c · cf8480c
1 parent f9b5eba
commit cf8480c
Show file tree

Hide file tree

Showing 6 changed files with 99 additions and 0 deletions.
diff --git a/build/exports.js b/build/exports.js
@@ -4,3 +4,4 @@ export { sha256, sha512 } from "@occult-app/crypto/sha2";
 export { kdf } from "@occult-app/crypto/kdf";
 export { ppf } from "@occult-app/crypto/ppf";
 export { hmac } from "@occult-app/crypto/hmac";
+export { generateKeyPair, sign, verify } from "@occult-app/crypto/ed25519";
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -25,6 +25,7 @@
     "license": "GPL-3.0-or-later",
     "homepage": "https://github.com/occult-app/crypto#readme",
     "dependencies": {
+        "@noble/curves": "1.4.0",
         "@noble/hashes": "1.4.0"
     },
     "devDependencies": {

diff --git a/src/ed25519.ts b/src/ed25519.ts
@@ -0,0 +1,45 @@
+import { ByteArray } from "./types";
+import { ed25519 } from "@noble/curves/ed25519";
+
+interface KeyPair {
+    pub: ByteArray;
+    secret: ByteArray;
+}
+
+/**
+ * Generates a pair of Ed25519 keys.
+ *
+ * @returns A Ed25519 key pair.
+ */
+function generateKeyPair(): KeyPair {
+    const secret: ByteArray = ed25519.utils.randomPrivateKey();
+    return {
+        pub: ed25519.getPublicKey(secret),
+        secret: secret
+    };
+}
+
+/**
+ * Signs the provided data using the given secret key.
+ *
+ * @param secret The secret key used for signing.
+ * @param data The data to be signed.
+ * @returns The signature of the data.
+ */
+function sign(secret: ByteArray, data: ByteArray): ByteArray {
+    return ed25519.sign(data, secret);
+}
+
+/**
+ * Verifies the signature of the provided data using the given public key.
+ *
+ * @param pub The public key used for verification.
+ * @param signature The signature to be verified.
+ * @param data The data whose signature is to be verified.
+ * @returns A boolean indicating whether the signature is valid.
+ */
+function verify(pub: ByteArray, signature: ByteArray, data: ByteArray): boolean {
+    return ed25519.verify(signature, data, pub);
+}
+
+export { generateKeyPair, sign, verify };
diff --git a/src/index.ts b/src/index.ts
@@ -15,3 +15,4 @@ import { sha256, sha512 } from "./sha2";
 import { kdf } from "./kdf";
 import { ppf } from "./ppf";
 import { hmac } from "./hmac";
+import { generateKeyPair, sign, verify } from "./ed25519";
diff --git a/tests/ed25519.spec.ts b/tests/ed25519.spec.ts
@@ -0,0 +1,39 @@
+import { ByteArray, hexToBytes } from "../src/types";
+import { generateKeyPair, sign, verify } from "../src/ed25519";
+
+describe("Ed25519", () => {
+    const secret: ByteArray = hexToBytes(
+        "c08e255aa6b1db4e5e01880f92d06ffe31b15eb2158ff1cc2586584a9865fbe8"
+    );
+    const pub: ByteArray = hexToBytes(
+        "f40777b2df4430947af2d5670cbffe00ab566a223021e80b9f7cd3eb05f1c499"
+    );
+    const data: ByteArray = hexToBytes("deadbeef");
+    const signature: ByteArray = hexToBytes(
+        "7aa9ffe8f5381004fa274fc2fd790573428f7b2c3730450378beb834fdfda4bceacc4a17347a9c11920378e96c7de26771cab71ab662e4af1ba4e8dae924ec0a"
+    );
+
+    it("should generate a key pair", () => {
+        const keyPair = generateKeyPair();
+
+        expect(keyPair.secret.length).toBe(32);
+        expect(keyPair.pub.length).toBe(32);
+    });
+
+    it("should sign data", () => {
+        const computedSig = sign(secret, data);
+
+        expect(computedSig).toEqual(signature);
+    });
+
+    it("should verify the signature", () => {
+        expect(verify(pub, signature, data)).toBe(true);
+    });
+
+    it("should not verify the signature", () => {
+        const fakeSignature: ByteArray = hexToBytes(
+            "7aa9ffe8f5381004fa274fc2fd790573428f7b2c3730450378beb834fdfda4bceacc4a17347a9c11920378e96c7de26771cab71ab662e4af1ba4e8dae924ec0b"
+        );
+        expect(verify(pub, fakeSignature, data)).toBe(false);
+    });
+});