sys/psa_crypto: add monocypher as ed25519 software backend

mguetschow · mguetschow · commit 06f564594445 · 2025-10-27T18:40:13.000+01:00
switch from c25519 to monocypher as default
diff --git a/pkg/monocypher/Makefile.include b/pkg/monocypher/Makefile.include
@@ -1,2 +1,8 @@
 INCLUDES += -I$(PKGDIRBASE)/monocypher/src
 INCLUDES += -I$(PKGDIRBASE)/monocypher/src/optional
+
+ifneq (,$(filter psa_monocypher_%, $(USEMODULE)))
+  PSEUDOMODULES += psa_monocypher_ed25519
+  DIRS += $(RIOTPKG)/monocypher/psa_monocypher
+  INCLUDES += -I$(RIOTBASE)/sys/psa_crypto/include
+endif
diff --git a/pkg/monocypher/psa_monocypher/Makefile b/pkg/monocypher/psa_monocypher/Makefile
@@ -0,0 +1,4 @@
+BASE_MODULE := psa_monocypher
+SUBMODULES := 1
+
+include $(RIOTBASE)/Makefile.base
diff --git a/pkg/monocypher/psa_monocypher/Makefile.dep b/pkg/monocypher/psa_monocypher/Makefile.dep
@@ -0,0 +1 @@
+USEMODULE += random
diff --git a/pkg/monocypher/psa_monocypher/ed25519.c b/pkg/monocypher/psa_monocypher/ed25519.c
@@ -0,0 +1,75 @@
+/*
+ * SPDX-FileCopyrightText: 2025 TU Dresden
+ * SPDX-License-Identifier: LGPL-2.1-only
+ */
+
+/**
+ * @ingroup     sys_psa_crypto pkg_monocypher
+ * @{
+ *
+ * @brief       Glue code translating between PSA Crypto and the Monocypher EdDSA APIs
+ *
+ * @author      Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
+ *
+ * @}
+ */
+
+#include "string_utils.h"
+
+#include "psa/crypto.h"
+#include "monocypher-ed25519.h"
+#include "random.h"
+
+psa_status_t psa_generate_ecc_ed25519_key_pair( uint8_t *priv_key_buffer,
+                                                uint8_t *pub_key_buffer)
+{
+    uint8_t priv_and_pub_key[64] = { 0 };
+
+    // todo: maybe this should usa psa_random instead
+    random_bytes(priv_key_buffer, 32);
+    crypto_ed25519_key_pair(priv_and_pub_key, pub_key_buffer, priv_key_buffer);
+
+    explicit_bzero(priv_and_pub_key, 64);
+
+    return PSA_SUCCESS;
+}
+
+psa_status_t psa_derive_ecc_ed25519_public_key( const uint8_t *priv_key_buffer,
+                                                uint8_t *pub_key_buffer)
+{
+    uint8_t priv_and_pub_key[64] = { 0 };
+
+    memcpy(&priv_and_pub_key[0], priv_key_buffer, 32);
+    crypto_ed25519_key_pair(priv_and_pub_key, pub_key_buffer, priv_and_pub_key);
+
+    explicit_bzero(priv_and_pub_key, 64);
+
+    return PSA_SUCCESS;
+}
+
+psa_status_t psa_ecc_ed25519_sign_message(const uint8_t *priv_key_buffer,
+                                        const uint8_t *pub_key_buffer,
+                                        const uint8_t *input, size_t input_length,
+                                        uint8_t *signature)
+{
+    uint8_t priv_and_pub_key[64];
+    memcpy(&priv_and_pub_key[0], priv_key_buffer, 32);
+    memcpy(&priv_and_pub_key[32], pub_key_buffer, 32);
+
+    crypto_ed25519_sign(signature, priv_and_pub_key, input, input_length);
+
+    explicit_bzero(priv_and_pub_key, 64);
+
+    return PSA_SUCCESS;
+}
+
+psa_status_t psa_ecc_ed25519_verify_message(const uint8_t *pub_key_buffer,
+                                            const uint8_t *input, size_t input_length,
+                                            const uint8_t *signature)
+{
+    if (!crypto_ed25519_check(signature, pub_key_buffer, input, input_length)) {
+        return PSA_ERROR_INVALID_SIGNATURE;
+    }
+
+    return PSA_SUCCESS;
+}
diff --git a/sys/psa_crypto/Makefile.dep b/sys/psa_crypto/Makefile.dep
@@ -74,7 +74,7 @@ ifneq (,$(filter psa_asymmetric_ecc_ed25519,$(USEMODULE)))
     ifneq (,$(filter periph_ecc_ed25519,$(FEATURES_USED)))
       USEMODULE += psa_asymmetric_ecc_ed25519_backend_periph
     else
-      USEMODULE += psa_asymmetric_ecc_ed25519_backend_c25519
+      USEMODULE += psa_asymmetric_ecc_ed25519_backend_monocypher
     endif
   endif
 endif
@@ -85,6 +85,12 @@ ifneq (,$(filter psa_asymmetric_ecc_ed25519_backend_c25519,$(USEMODULE)))
   USEMODULE += psa_c25519_edsign
 endif
 
+ifneq (,$(filter psa_asymmetric_ecc_ed25519_backend_monocypher,$(USEMODULE)))
+  USEPKG += monocypher
+  USEMODULE += psa_monocypher
+  USEMODULE += psa_monocypher_ed25519
+endif
+
 ifneq (,$(filter psa_asymmetric_ecc_ed25519_backend_periph,$(USEMODULE)))
   FEATURES_REQUIRED += periph_ecc_ed25519
 endif
diff --git a/sys/psa_crypto/Makefile.include b/sys/psa_crypto/Makefile.include
@@ -37,6 +37,7 @@ endif
 PSEUDOMODULES += psa_asymmetric_ecc_ed25519
 PSEUDOMODULES += psa_asymmetric_ecc_ed25519_backend_periph
 PSEUDOMODULES += psa_asymmetric_ecc_ed25519_backend_c25519
+PSEUDOMODULES += psa_asymmetric_ecc_ed25519_backend_monocypher
 PSEUDOMODULES += psa_asymmetric_ecc_ed25519_custom_backend
 
 # check that one and only one backend has been selected
