cheat/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed25519.go

// Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA.
package ecc

import (
	"crypto/subtle"
	"io"

	"github.com/ProtonMail/go-crypto/openpgp/errors"
	ed25519lib "github.com/cloudflare/circl/sign/ed25519"
)

const ed25519Size = 32

type ed25519 struct{}

func NewEd25519() *ed25519 {
	return &ed25519{}
}

func (c *ed25519) GetCurveName() string {
	return "ed25519"
}

// MarshalBytePoint encodes the public point from native format, adding the prefix.
// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5
func (c *ed25519) MarshalBytePoint(x []byte) []byte {
	return append([]byte{0x40}, x...)
}

// UnmarshalBytePoint decodes a point from prefixed format to native.
// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5
func (c *ed25519) UnmarshalBytePoint(point []byte) (x []byte) {
	if len(point) != ed25519lib.PublicKeySize+1 {
		return nil
	}

	// Return unprefixed
	return point[1:]
}

// MarshalByteSecret encodes a scalar in native format.
// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5
func (c *ed25519) MarshalByteSecret(d []byte) []byte {
	return d
}

// UnmarshalByteSecret decodes a scalar in native format and re-adds the stripped leading zeroes
// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5
func (c *ed25519) UnmarshalByteSecret(s []byte) (d []byte) {
	if len(s) > ed25519lib.SeedSize {
		return nil
	}

	// Handle stripped leading zeroes
	d = make([]byte, ed25519lib.SeedSize)
	copy(d[ed25519lib.SeedSize-len(s):], s)
	return
}

// MarshalSignature splits a signature in R and S.
// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.2.3.3.1
func (c *ed25519) MarshalSignature(sig []byte) (r, s []byte) {
	return sig[:ed25519Size], sig[ed25519Size:]
}

// UnmarshalSignature decodes R and S in the native format, re-adding the stripped leading zeroes
// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.2.3.3.1
func (c *ed25519) UnmarshalSignature(r, s []byte) (sig []byte) {
	// Check size
	if len(r) > 32 || len(s) > 32 {
		return nil
	}

	sig = make([]byte, ed25519lib.SignatureSize)

	// Handle stripped leading zeroes
	copy(sig[ed25519Size-len(r):ed25519Size], r)
	copy(sig[ed25519lib.SignatureSize-len(s):], s)
	return sig
}

func (c *ed25519) GenerateEdDSA(rand io.Reader) (pub, priv []byte, err error) {
	pk, sk, err := ed25519lib.GenerateKey(rand)

	if err != nil {
		return nil, nil, err
	}

	return pk, sk[:ed25519lib.SeedSize], nil
}

func getEd25519Sk(publicKey, privateKey []byte) ed25519lib.PrivateKey {
	return append(privateKey, publicKey...)
}

func (c *ed25519) Sign(publicKey, privateKey, message []byte) (sig []byte, err error) {
	sig = ed25519lib.Sign(getEd25519Sk(publicKey, privateKey), message)
	return sig, nil
}

func (c *ed25519) Verify(publicKey, message, sig []byte) bool {
	return ed25519lib.Verify(publicKey, message, sig)
}

func (c *ed25519) ValidateEdDSA(publicKey, privateKey []byte) (err error) {
	priv := getEd25519Sk(publicKey, privateKey)
	expectedPriv := ed25519lib.NewKeyFromSeed(priv.Seed())
	if subtle.ConstantTimeCompare(priv, expectedPriv) == 0 {
		return errors.KeyInvalidError("ecc: invalid ed25519 secret")
	}
	return nil
}
feat(installer): use `go-git` to clone Integrate `go-git` into the application, and use it to `git clone` cheatsheets when the installer runs. Previously, the installer required that `git` be installed on the system `PATH`, so this change has to big advantages: 1. It removes that system dependency on `git` 2. It paves the way for implementing the `--update` command Additionally, `cheat` now performs a `--depth=1` clone when installing cheatsheets, which should at least somewhat improve installation times (especially on slow network connections). 2022-08-26 22:26:53 +02:00			`// Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA.`
			`package ecc`

			`import (`
			`"crypto/subtle"`
			`"io"`

			`"github.com/ProtonMail/go-crypto/openpgp/errors"`
			`ed25519lib "github.com/cloudflare/circl/sign/ed25519"`
			`)`

			`const ed25519Size = 32`
chore(deps): upgrade dependencies Upgrade all dependencies to newest versions. 2023-12-13 14:29:02 +01:00
			`type ed25519 struct{}`
feat(installer): use `go-git` to clone Integrate `go-git` into the application, and use it to `git clone` cheatsheets when the installer runs. Previously, the installer required that `git` be installed on the system `PATH`, so this change has to big advantages: 1. It removes that system dependency on `git` 2. It paves the way for implementing the `--update` command Additionally, `cheat` now performs a `--depth=1` clone when installing cheatsheets, which should at least somewhat improve installation times (especially on slow network connections). 2022-08-26 22:26:53 +02:00
			`func NewEd25519() *ed25519 {`
			`return &ed25519{}`
			`}`

			`func (c *ed25519) GetCurveName() string {`
			`return "ed25519"`
			`}`

			`// MarshalBytePoint encodes the public point from native format, adding the prefix.`
			`// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5`
			`func (c *ed25519) MarshalBytePoint(x []byte) []byte {`
			`return append([]byte{0x40}, x...)`
			`}`

			`// UnmarshalBytePoint decodes a point from prefixed format to native.`
			`// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5`
			`func (c *ed25519) UnmarshalBytePoint(point []byte) (x []byte) {`
chore(deps): upgrade dependencies Upgrade all dependencies to newest versions. 2023-12-13 14:29:02 +01:00			`if len(point) != ed25519lib.PublicKeySize+1 {`
feat(installer): use `go-git` to clone Integrate `go-git` into the application, and use it to `git clone` cheatsheets when the installer runs. Previously, the installer required that `git` be installed on the system `PATH`, so this change has to big advantages: 1. It removes that system dependency on `git` 2. It paves the way for implementing the `--update` command Additionally, `cheat` now performs a `--depth=1` clone when installing cheatsheets, which should at least somewhat improve installation times (especially on slow network connections). 2022-08-26 22:26:53 +02:00			`return nil`
			`}`

			`// Return unprefixed`
			`return point[1:]`
			`}`

			`// MarshalByteSecret encodes a scalar in native format.`
			`// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5`
			`func (c *ed25519) MarshalByteSecret(d []byte) []byte {`
			`return d`
			`}`

			`// UnmarshalByteSecret decodes a scalar in native format and re-adds the stripped leading zeroes`
			`// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5`
			`func (c *ed25519) UnmarshalByteSecret(s []byte) (d []byte) {`
			`if len(s) > ed25519lib.SeedSize {`
			`return nil`
			`}`

			`// Handle stripped leading zeroes`
			`d = make([]byte, ed25519lib.SeedSize)`
chore(deps): upgrade dependencies Upgrade all dependencies to newest versions. 2023-12-13 14:29:02 +01:00			`copy(d[ed25519lib.SeedSize-len(s):], s)`
feat(installer): use `go-git` to clone Integrate `go-git` into the application, and use it to `git clone` cheatsheets when the installer runs. Previously, the installer required that `git` be installed on the system `PATH`, so this change has to big advantages: 1. It removes that system dependency on `git` 2. It paves the way for implementing the `--update` command Additionally, `cheat` now performs a `--depth=1` clone when installing cheatsheets, which should at least somewhat improve installation times (especially on slow network connections). 2022-08-26 22:26:53 +02:00			`return`
			`}`

			`// MarshalSignature splits a signature in R and S.`
			`// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.2.3.3.1`
			`func (c *ed25519) MarshalSignature(sig []byte) (r, s []byte) {`
			`return sig[:ed25519Size], sig[ed25519Size:]`
			`}`

			`// UnmarshalSignature decodes R and S in the native format, re-adding the stripped leading zeroes`
			`// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.2.3.3.1`
			`func (c *ed25519) UnmarshalSignature(r, s []byte) (sig []byte) {`
			`// Check size`
			`if len(r) > 32 \|\| len(s) > 32 {`
			`return nil`
			`}`

			`sig = make([]byte, ed25519lib.SignatureSize)`

			`// Handle stripped leading zeroes`
			`copy(sig[ed25519Size-len(r):ed25519Size], r)`
			`copy(sig[ed25519lib.SignatureSize-len(s):], s)`
			`return sig`
			`}`

			`func (c *ed25519) GenerateEdDSA(rand io.Reader) (pub, priv []byte, err error) {`
			`pk, sk, err := ed25519lib.GenerateKey(rand)`

			`if err != nil {`
			`return nil, nil, err`
			`}`

			`return pk, sk[:ed25519lib.SeedSize], nil`
			`}`

			`func getEd25519Sk(publicKey, privateKey []byte) ed25519lib.PrivateKey {`
			`return append(privateKey, publicKey...)`
			`}`

			`func (c *ed25519) Sign(publicKey, privateKey, message []byte) (sig []byte, err error) {`
			`sig = ed25519lib.Sign(getEd25519Sk(publicKey, privateKey), message)`
			`return sig, nil`
			`}`

			`func (c *ed25519) Verify(publicKey, message, sig []byte) bool {`
			`return ed25519lib.Verify(publicKey, message, sig)`
			`}`

			`func (c *ed25519) ValidateEdDSA(publicKey, privateKey []byte) (err error) {`
			`priv := getEd25519Sk(publicKey, privateKey)`
			`expectedPriv := ed25519lib.NewKeyFromSeed(priv.Seed())`
			`if subtle.ConstantTimeCompare(priv, expectedPriv) == 0 {`
			`return errors.KeyInvalidError("ecc: invalid ed25519 secret")`
			`}`
			`return nil`
			`}`