Initial commit

.gitignore

@@ -0,0 +1,9 @@
+# Compiled files
+*.o
+*.bc
+*.so
+
+# Tests
+results
+regression.diffs
+regression.out

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 dmitrystas
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,19 @@
+SRCS = \
+    src/fe.c \
+    src/ge.c \
+    src/sc.c \
+    src/sha512.c \
+    src/sign.c \
+    src/verify.c \
+    src/seed.c \
+    src/keypair.c \
+    pg_ed25519.c
+
+EXTENSION = ed25519
+MODULE_big = ed25519
+DATA = ed25519--1.0.sql
+OBJS = $(SRCS:.c=.o)
+REGRESS = ed25519-test
+PG_CONFIG = pg_config
+PGXS := $(shell $(PG_CONFIG) --pgxs)
+include $(PGXS)

README.md

@@ -0,0 +1,101 @@
+# pg_ed25519
+PostgreSQL extension for a modern and secure digital signature algorithm based on performance-optimized elliptic curves
+
+## About
+The extension provides Ed25519 public-key signature system for [PostgreSQL](https://www.postgresql.org/) using portable C implementations of [Ed25519](https://github.com/orlp/ed25519) based on the SUPERCOP "ref10" implementation
+
+## Install
+
+Before you begin the install, you may also need to install the '-dev' PostgreSQL packages to build the extension:
+
+```
+sudo apt update
+sudo apt install postgresql-server-dev-all
+```
+
+Build and install pg_ed25519:
+
+```
+cd /path/to/pg_ed25519
+make
+sudo make install
+```
+
+Run tests:
+
+```
+make installcheck
+```
+
+Enable extension:
+
+```
+CREATE EXTENSION ed25519;
+```
+
+## Uninstall
+
+Disable extension:
+
+```
+DROP EXTENSION ed25519;
+```
+
+Uninstall pg_ed25519:
+
+```
+cd /path/to/pg_ed25519
+sudo make uninstall
+```
+## Usage
+
+Extension has 3 methods. The message parameter can have text or bytea type, the signing_key/verification_key parameters are 32 bytes long bytea, the signature parameter is 64 bytes long bytea:
+
+```
+ed25519_create_keypair()
+
+ed25519_sign(
+    message bytea,
+    signing_key bytea
+)
+
+ed25519_sign(
+    message text,
+    signing_key bytea
+)
+
+ed25519_verify(
+    message bytea,
+    verification_key bytea,
+    signature bytea
+)
+
+ed25519_verify(
+    message text,
+    verification_key bytea,
+    signature bytea
+)
+```
+
+Example:
+
+```
+SELECT * from ed25519_create_keypair();
+                            signing_key                             |                          verification_key
+--------------------------------------------------------------------+--------------------------------------------------------------------
+ \x3b9eb76590e309eb69e7eee23101327b14fe68e87e1e11823437a5020958756f | \xeabf67797723cccf93981098031b920200c9096030be071a5a17344f871a388e
+(1 row)
+
+SELECT ed25519_sign('Test message', '\x3b9eb76590e309eb69e7eee23101327b14fe68e87e1e11823437a5020958756f'::bytea);
+                                                            ed25519_sign
+------------------------------------------------------------------------------------------------------------------------------------
+ \xbf50f623b6e423e04fb1014222ab37caf954917e861f59ac55fd00f27a7c9e2d0eebeb250cbdae75f4458c7b69a4d49836727b3140d9afa0832a2de7b57c3e07
+(1 row)
+
+SELECT ed25519_verify('Test message', '\xeabf67797723cccf93981098031b920200c9096030be071a5a17344f871a388e'::bytea, '\xbf50f623b6e423e04fb1014222ab37caf954917e861f59ac55fd00f27a7c9e2d0eebeb250cbdae75f4458c7b69a4d49836727b3140d9afa0832a2de7b57c3e07'::bytea);
+ ed25519_verify
+----------------
+ t
+(1 row)
+```
+

ed25519--1.0.sql

@@ -0,0 +1,27 @@
+-- complain if script is sourced in psql, rather than via CREATE EXTENSION
+\echo Use "CREATE EXTENSION ed25519" to load this file. \quit
+
+CREATE FUNCTION ed25519_sign(message bytea, signing_key bytea)
+RETURNS bytea
+AS 'MODULE_PATHNAME', 'pg_sign'
+LANGUAGE C IMMUTABLE STRICT PARALLEL SAFE;
+
+CREATE FUNCTION ed25519_sign(message text, signing_key bytea)
+RETURNS bytea
+AS 'MODULE_PATHNAME', 'pg_sign'
+LANGUAGE C IMMUTABLE STRICT PARALLEL SAFE;
+
+CREATE FUNCTION ed25519_verify(message bytea, verification_key bytea, signature bytea)
+RETURNS boolean
+AS 'MODULE_PATHNAME', 'pg_verify'
+LANGUAGE C IMMUTABLE STRICT PARALLEL SAFE;
+
+CREATE FUNCTION ed25519_verify(message text, verification_key bytea, signature bytea)
+RETURNS boolean
+AS 'MODULE_PATHNAME', 'pg_verify'
+LANGUAGE C IMMUTABLE STRICT PARALLEL SAFE;
+
+CREATE FUNCTION ed25519_create_keypair()
+RETURNS TABLE(signing_key bytea, verification_key bytea)
+AS 'MODULE_PATHNAME', 'pg_create_keypair'
+LANGUAGE C VOLATILE;

ed25519.control

@@ -0,0 +1,4 @@
+comment = 'Ed25519'
+default_version = '1.0'
+module_pathname = '$libdir/ed25519'
+relocatable = true

expected/ed25519-test.out

@@ -0,0 +1,59 @@
+--
+-- Ed25519
+--
+CREATE EXTENSION ed25519;
+-- sign
+SELECT ed25519_sign('\x1234567890'::bytea, '\x3328f55b26464930804140710a4a7f0e7825f25b7313e2fcd99e7e7c1f4f5332'::bytea);
+                                                            ed25519_sign                                                            
+------------------------------------------------------------------------------------------------------------------------------------
+ \xddfd1e8b8c4d8f0b62060e9dbc992a0118ea51b3793e593116f6fb668c7ec0e5f5a1b314e13462cd0289248d399232e970809d214238e507b3b9dfb2930b2b0f
+(1 row)
+
+-- verify successful
+SELECT ed25519_verify('\x1234567890'::bytea, '\x258cf6f4b4c2ae09b7c4bd351af0a86a3346983fce8fe107e030309fc3641c44'::bytea, '\xddfd1e8b8c4d8f0b62060e9dbc992a0118ea51b3793e593116f6fb668c7ec0e5f5a1b314e13462cd0289248d399232e970809d214238e507b3b9dfb2930b2b0f'::bytea);
+ ed25519_verify 
+----------------
+ t
+(1 row)
+
+-- verify failed since the messages are different
+SELECT ed25519_verify('\x0987654321'::bytea, '\x258cf6f4b4c2ae09b7c4bd351af0a86a3346983fce8fe107e030309fc3641c44'::bytea, '\xddfd1e8b8c4d8f0b62060e9dbc992a0118ea51b3793e593116f6fb668c7ec0e5f5a1b314e13462cd0289248d399232e970809d214238e507b3b9dfb2930b2b0f'::bytea);
+ ed25519_verify 
+----------------
+ f
+(1 row)
+
+-- verify failed since the verification key is wrong
+SELECT ed25519_verify('\x1234567890'::bytea, '\xeabf67797723cccf93981098031b920200c9096030be071a5a17344f871a388e'::bytea, '\xddfd1e8b8c4d8f0b62060e9dbc992a0118ea51b3793e593116f6fb668c7ec0e5f5a1b314e13462cd0289248d399232e970809d214238e507b3b9dfb2930b2b0f'::bytea);
+ ed25519_verify 
+----------------
+ f
+(1 row)
+
+-- verify failed since the signature is wrong
+SELECT ed25519_verify('\x1234567890'::bytea, '\x258cf6f4b4c2ae09b7c4bd351af0a86a3346983fce8fe107e030309fc3641c44'::bytea, '\x2ad1ef33653457c19e5abbfa96bd0bde2a24e0b24fb51bc45b6ae3f7f13fc9907000550aa3386a5726624acb1bb98fc1b1c2b8a5c2d7e7dbee4e91a6cea90203'::bytea);
+ ed25519_verify 
+----------------
+ f
+(1 row)
+
+-- create_keypair, sign and verify successful
+WITH keys AS (
+    SELECT * FROM ed25519_create_keypair()
+)
+SELECT ed25519_verify('Test message', (SELECT verification_key FROM keys), (SELECT ed25519_sign('Test message', (SELECT signing_key FROM keys))));
+ ed25519_verify 
+----------------
+ t
+(1 row)
+
+-- create_keypair, sign and verify failed
+WITH keys AS (
+    SELECT * FROM ed25519_create_keypair()
+)
+SELECT ed25519_verify('Message B', (SELECT verification_key FROM keys), (SELECT ed25519_sign('Message A', (SELECT signing_key FROM keys))));
+ ed25519_verify 
+----------------
+ f
+(1 row)
+

pg_ed25519.c

@@ -0,0 +1,136 @@
+#include "postgres.h"
+#include <string.h>
+#include "fmgr.h"
+#include "funcapi.h"
+#include "src/ed25519.h"
+#include "src/sha512.h"
+#include "src/ge.h"
+#include "src/sc.h"
+
+#define ED25519_KEY_LENGTH 32
+#define ED25519_SEED_LENGTH 32
+#define ED25519_DIGEST_LENGTH 64
+
+PG_MODULE_MAGIC;
+
+PG_FUNCTION_INFO_V1(pg_sign);
+
+Datum pg_sign(PG_FUNCTION_ARGS)
+{
+    unsigned char   skey[ED25519_KEY_LENGTH*2];
+    unsigned char   vkey[ED25519_KEY_LENGTH];
+
+    bytea   *message = PG_GETARG_BYTEA_PP(0);
+    bytea   *signing_key = PG_GETARG_BYTEA_PP(1);
+    bytea   *signature;
+
+    size_t  data_len = VARSIZE_ANY_EXHDR(message);
+
+    if (VARSIZE_ANY_EXHDR(signing_key) != ED25519_KEY_LENGTH)
+    {
+        ereport(
+            ERROR,
+            (
+                errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+                errmsg("Signing key must have 32 bytes length")
+            )
+        );
+    }
+
+    ed25519_create_keypair(vkey, skey, (unsigned char *) VARDATA_ANY(signing_key));
+
+    signature = (bytea *) palloc(ED25519_DIGEST_LENGTH + VARHDRSZ);
+    SET_VARSIZE(signature, ED25519_DIGEST_LENGTH + VARHDRSZ);
+
+    ed25519_sign((unsigned char *) VARDATA_ANY(signature),
+                 (const unsigned char *) VARDATA_ANY(message),
+                 data_len,
+                 vkey,
+                 skey);
+
+    PG_FREE_IF_COPY(message, 0);
+    PG_FREE_IF_COPY(signing_key, 1);
+
+    PG_RETURN_BYTEA_P(signature);
+}
+
+PG_FUNCTION_INFO_V1(pg_verify);
+
+Datum pg_verify(PG_FUNCTION_ARGS)
+{
+    bytea   *message = PG_GETARG_BYTEA_PP(0);
+    bytea   *verification_key = PG_GETARG_BYTEA_PP(1);
+    bytea   *signature = PG_GETARG_BYTEA_PP(2);
+
+    size_t  data_len = VARSIZE_ANY_EXHDR(message);
+    int16   res;
+
+    if (VARSIZE_ANY_EXHDR(signature) != ED25519_DIGEST_LENGTH)
+    {
+        ereport(
+            ERROR,
+            (
+                errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+                errmsg("Signature must have 64 bytes length")
+            )
+        );
+    }
+
+    if (VARSIZE_ANY_EXHDR(verification_key) != ED25519_KEY_LENGTH)
+    {
+        ereport(
+            ERROR,
+            (
+                errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+                errmsg("Verification key must have 32 bytes length")
+            )
+        );
+    }
+
+    res = ed25519_verify((const unsigned char *) VARDATA_ANY(signature), (const unsigned char *) VARDATA_ANY(message), data_len, (const unsigned char *) VARDATA_ANY(verification_key));
+
+    PG_FREE_IF_COPY(message, 0);
+    PG_FREE_IF_COPY(verification_key, 1);
+    PG_FREE_IF_COPY(signature, 2);
+
+    PG_RETURN_BOOL(res == 1);
+}
+
+PG_FUNCTION_INFO_V1(pg_create_keypair);
+
+Datum pg_create_keypair(PG_FUNCTION_ARGS)
+{
+    unsigned char   seed[ED25519_SEED_LENGTH];
+    unsigned char   skey[ED25519_KEY_LENGTH];
+    unsigned char   vkey[ED25519_KEY_LENGTH];
+
+    TupleDesc   tupdesc = CreateTemplateTupleDesc(2);
+    HeapTuple   tuple;
+    bool        nulls[2] = { false, false };
+    Datum       values[2];
+
+    bytea   *signing_key;
+    bytea   *verification_key;
+
+    ed25519_create_seed(seed);
+    ed25519_create_keypair(vkey, skey, seed);
+
+    signing_key = palloc(VARHDRSZ + ED25519_KEY_LENGTH);
+    SET_VARSIZE(signing_key, VARHDRSZ + ED25519_KEY_LENGTH);
+    memcpy(VARDATA(signing_key), seed, ED25519_KEY_LENGTH);
+
+    verification_key = palloc(VARHDRSZ + ED25519_KEY_LENGTH);
+    SET_VARSIZE(verification_key, VARHDRSZ + ED25519_KEY_LENGTH);
+    memcpy(VARDATA(verification_key), vkey, ED25519_KEY_LENGTH);
+
+    TupleDescInitEntry(tupdesc, (AttrNumber) 1, "signing_key", BYTEAOID, -1, 0);
+    TupleDescInitEntry(tupdesc, (AttrNumber) 2, "verification_key", BYTEAOID, -1, 0);
+    tupdesc = BlessTupleDesc(tupdesc);
+
+    values[0] = PointerGetDatum (signing_key);
+    values[1] = PointerGetDatum (verification_key);
+
+    tuple = heap_form_tuple(tupdesc, values, nulls);
+
+    PG_RETURN_DATUM(HeapTupleGetDatum(tuple));
+}