firedancer-io
diff --git a/‎contrib/codegen/gen_wycheproofs.py
+153 b/‎contrib/codegen/gen_wycheproofs.py
+153
diff --git a/‎contrib/ed25519/dalek_target/Cargo.toml
+11 b/‎contrib/ed25519/dalek_target/Cargo.toml
+11
diff --git a/‎contrib/ed25519/dalek_target/Makefile
+19 b/‎contrib/ed25519/dalek_target/Makefile
+19
diff --git a/‎contrib/ed25519/dalek_target/src/lib.rs
+76 b/‎contrib/ed25519/dalek_target/src/lib.rs
+76
diff --git a/‎src/ballet/ed25519/Local.mk
+8-2 b/‎src/ballet/ed25519/Local.mk
+8-2
@@ -95,11 +95,164 @@ def _gen_ed25519():
     print(r"};")
 
 
+@dataclass
+class XDHVerify:
+    tcId: int
+    comment: str
+    shared: bytes
+    prv: bytes
+    pub: bytes
+    ok: bool
+
+def _gen_x25519():
+    req = requests.get(
+        "https://raw.githubusercontent.com/google/wycheproof/master/testvectors/x25519_test.json"
+    )
+    assert req.status_code == 200
+    file = req.json()
+    assert file["algorithm"] == "XDH"
+    assert file["schema"] == "xdh_comp_schema.json"
+    verify_tests = []
+    for group in file["testGroups"]:
+        if group["type"] != "XdhComp":
+            print(f"Skipping {group['type']} test", file=sys.stderr)
+            continue
+        for test in group["tests"]:
+            verify_tests.append(
+                XDHVerify(
+                    tcId=test["tcId"],
+                    comment=test["comment"],
+                    shared=bytes.fromhex(test["shared"]),
+                    prv=bytes.fromhex(test["private"]),
+                    pub=bytes.fromhex(test["public"]),
+                    ok="ZeroSharedSecret" not in set(test["flags"]),
+                )
+            )
+
+    print("/* Code generated by gen_wycheproofs.py. DO NOT EDIT. */")
+    print(
+        f"/* Generated at {datetime.datetime.now(datetime.timezone.utc).isoformat()} */"
+    )
+    print(
+        """
+#include "../fd_ballet_base.h"
+
+struct fd_x25519_verify_wycheproof {
+  char const *  comment;
+  uchar         shared[32];
+  uchar         prv[32];
+  uchar         pub[32];
+  uint          tc_id;
+  int           ok;
+};
+
+typedef struct fd_x25519_verify_wycheproof fd_x25519_verify_wycheproof_t;
+
+static fd_x25519_verify_wycheproof_t const x25519_verify_wycheproofs[] = {"""
+    )
+
+    for test in verify_tests:
+        print(f"  {{ .tc_id   = {test.tcId},")
+        print(f'    .comment = "{test.comment}",')
+        print(
+            r'    .shared  = "' + "".join([r"\x%02x" % (x) for x in test.shared]) + r'",'
+        )
+        print(
+            r'    .prv     = "' + "".join([r"\x%02x" % (x) for x in test.prv]) + r'",'
+        )
+        print(
+            r'    .pub     = "' + "".join([r"\x%02x" % (x) for x in test.pub]) + r'",'
+        )
+        print(f"    .ok      = {1 if test.ok else 0} }},")
+
+    print(r"  {0}")
+    print(r"};")
+
+
+def _gen_cctv_ed25519():
+    req = requests.get(
+        "https://raw.githubusercontent.com/C2SP/CCTV/main/ed25519/ed25519vectors.json"
+    )
+    assert req.status_code == 200
+    file = req.json()
+    verify_tests = []
+    for test in file:
+        flags = test["flags"]
+        if flags:
+            set_flags = set(flags)
+            ok = not(flags) or set_flags == set(["low_order_component_A"]) or set_flags == set(["low_order_component_A", "low_order_component_R"])
+            if "non_canonical_R" in set_flags and "low_order_R" not in set_flags:
+                raise Exception(test["number"])
+        else:
+            ok = True
+        verify_tests.append(
+            EddsaVerify(
+                tcId=test["number"],
+                comment=test["msg"],
+                msg=bytes(test["msg"], 'utf-8'),
+                sig=bytes.fromhex(test["sig"]),
+                pub=bytes.fromhex(test["key"]),
+                ok=ok,  # we implement dalek verify_strict, so all these should fail
+            )
+        )
+
+    print("/* Code generated by gen_wycheproofs.py. DO NOT EDIT. */")
+    print(
+        f"/* Generated at {datetime.datetime.now(datetime.timezone.utc).isoformat()} */"
+    )
+    print(
+        """
+#include "../fd_ballet_base.h"
+
+struct fd_ed25519_verify_cctv {
+  char const *  comment;
+  uchar const * msg;
+  ulong         msg_sz;
+  uchar         pub[32];
+  uchar         sig[64];
+  uint          tc_id;
+  int           ok;
+};
+
+typedef struct fd_ed25519_verify_cctv fd_ed25519_verify_cctv_t;
+
+static fd_ed25519_verify_cctv_t const ed25519_verify_cctvs[] = {"""
+    )
+
+    for test in verify_tests:
+        if len(test.sig) != 64:
+            continue
+        print(f"  {{ .tc_id   = {test.tcId},")
+        print(f'    .comment = "{test.comment}",')
+        print(
+            r'    .msg     = (uchar const *)"'
+            + "".join([r"\x%02x" % (x) for x in test.msg])
+            + r'",'
+        )
+        print(f"    .msg_sz  = {len(test.msg)}UL,")
+        print(
+            r'    .sig     = "' + "".join([r"\x%02x" % (x) for x in test.sig]) + r'",'
+        )
+        print(
+            r'    .pub     = "' + "".join([r"\x%02x" % (x) for x in test.pub]) + r'",'
+        )
+        print(f"    .ok      = {1 if test.ok else 0} }},")
+
+    print(r"  {0}")
+    print(r"};")
+
 def main():
     with open("src/ballet/ed25519/test_ed25519_wycheproof.c", "w") as out:
         with redirect_stdout(out):
             _gen_ed25519()
 
+    with open("src/ballet/ed25519/test_x25519_wycheproof.c", "w") as out:
+        with redirect_stdout(out):
+            _gen_x25519()
+
+    with open("src/ballet/ed25519/test_ed25519_cctv.c", "w") as out:
+        with redirect_stdout(out):
+            _gen_cctv_ed25519()
 
 if __name__ == "__main__":
     root = Path(__file__).parents[2]
 
@@ -0,0 +1,11 @@
+[package]
+name = "dalek_target"
+version = "0.1.0"
+edition = "2021"
+publish = false
+
+[lib]
+crate-type = ["cdylib"]
+
+[dependencies]
+ed25519-dalek = "=1.0.1"
@@ -0,0 +1,19 @@
+RUSTFLAGS:=
+RUSTFLAGS+=-Cpasses=sancov-module
+RUSTFLAGS+=-Cllvm-args=-sanitizer-coverage-inline-8bit-counters
+RUSTFLAGS+=-Cllvm-args=-sanitizer-coverage-level=4
+RUSTFLAGS+=-Cllvm-args=-sanitizer-coverage-pc-table
+RUSTFLAGS+=-Clink-dead-code
+RUSTFLAGS+=-Cforce-frame-pointers=yes
+
+RUST_VERSION:=1.76.0
+
+CARGO?=cargo
+
+.PHONY: clean build
+
+build:
+	RUSTFLAGS="$(RUSTFLAGS)" $(CARGO) +$(RUST_VERSION) build --target x86_64-unknown-linux-gnu --release
+
+clean:
+	$(CARGO) clean
@@ -0,0 +1,76 @@
+use ed25519_dalek::{Keypair, PublicKey, SecretKey, Signature, Signer};
+use std::ffi::c_int;
+
+#[no_mangle]
+pub extern "C" fn ed25519_dalek_sign(
+    sig: *mut u8,
+    msg: *const u8,
+    sz: u64,
+    public_key: *const u8,
+    private_key: *const u8,
+) -> c_int {
+    let secret = match SecretKey::from_bytes(unsafe {
+        std::slice::from_raw_parts(private_key, 32)
+            .try_into()
+            .unwrap()
+    }) {
+        Ok(sk) => sk,
+        Err(_) => return -1,
+    };
+
+    let public = match PublicKey::from_bytes(unsafe {
+        std::slice::from_raw_parts(public_key, 32)
+            .try_into()
+            .unwrap()
+    }) {
+        Ok(pk) => pk,
+        Err(_) => return -1,
+    };
+
+    let keypair = Keypair {
+        secret: secret,
+        public: public,
+    };
+
+    let signature = keypair.sign(unsafe { std::slice::from_raw_parts(msg, sz as usize) });
+
+    unsafe {
+        std::ptr::copy_nonoverlapping(&signature.to_bytes() as *const u8, sig, 64);
+    }
+    return 0; // success
+}
+
+#[no_mangle]
+pub extern "C" fn ed25519_dalek_verify(
+    msg: *const u8,
+    sz: u64,
+    sig: *const u8,
+    public_key: *const u8,
+) -> c_int {
+    let signature = match Signature::from_bytes(unsafe {
+        std::slice::from_raw_parts(sig, 64)
+            .try_into()
+            .unwrap()
+    }) {
+        Ok(s) => s,
+        Err(_) => return -1,
+    };
+
+    let public = match PublicKey::from_bytes(unsafe {
+        std::slice::from_raw_parts(public_key, 32)
+            .try_into()
+            .unwrap()
+    }) {
+        Ok(pk) => pk,
+        Err(_) => return -1,
+    };
+
+    let ok = public
+        .verify_strict(
+            unsafe { std::slice::from_raw_parts(msg, sz as usize) },
+            &signature,
+        )
+        .is_ok();
+
+    return if ok { 0 } else { -1 };
+}
@@ -1,11 +1,17 @@
-$(call add-hdrs,fd_ed25519.h fd_x25519.h)
-$(call add-objs,fd_ed25519_fe fd_ed25519_ge fd_ed25519_user fd_x25519,fd_ballet)
+$(call add-hdrs,fd_ed25519.h fd_x25519.h fd_f25519.h fd_curve25519.h fd_curve25519_scalar.h)
+$(call add-objs,fd_f25519 fd_curve25519 fd_curve25519_scalar fd_ed25519_user fd_x25519,fd_ballet)
+$(call add-objs,fd_ristretto255,fd_ballet)
 $(call make-unit-test,test_ed25519,test_ed25519,fd_ballet fd_util)
 $(call make-unit-test,test_ed25519_signature_malleability,test_ed25519_signature_malleability,fd_ballet fd_util)
 $(call make-unit-test,test_x25519,test_x25519,fd_ballet fd_util)
+$(call make-unit-test,test_ristretto255,test_ristretto255,fd_ballet fd_util)
 $(call make-fuzz-test,fuzz_ed25519_verify,fuzz_ed25519_verify,fd_ballet fd_util)
 $(call make-fuzz-test,fuzz_ed25519_sigverify,fuzz_ed25519_sigverify,fd_ballet fd_util)
+$(call make-fuzz-test,fuzz_ed25519_sigverify_diff,fuzz_ed25519_sigverify_diff,fd_ballet fd_util)
 
 $(call run-unit-test,test_ed25519)
 $(call run-unit-test,test_ed25519_signature_malleability)
 $(call run-unit-test,test_x25519)
+$(call run-unit-test,test_ristretto255)
+
+#$(call make-unit-test,fd_curve25519_tables,fd_curve25519_tables,fd_ballet fd_util)