fix: ed25519 verify uses public key, not private (#690)

Author: boorad

.github/dependabot.yml

@@ -17,6 +17,8 @@ updates:
       - "@react-native-community/cli-platform-android"
       - "@react-native-community/cli-platform-ios"
       - "@types/react"
+      - "chai"
+      - "@types/chai"
   - package-ecosystem: "bun"
     target-branch: "0.x"
     directory: "/"

.rules

@@ -27,6 +27,7 @@ Every time you choose to apply a rule(s), explicitly state the rule(s) in the ou
 - Use modern C++ features.
 - Attempt to reduce the amount of code rather than add more.
 - Prefer iteration and modularization over code duplication.
+- Do not add comments unless explicitly told to do so.
 
 ## TypeScript Best Practices
 

bun.lock

@@ -27,7 +27,7 @@
     "@react-navigation/native": "6.1.18",
     "@react-navigation/native-stack": "6.11.0",
     "buffer": "6.0.3",
-    "chai": "5.2.0",
+    "chai": "<5.0.0",
     "crypto-browserify": "^3.12.0",
     "event-target-polyfill": "^0.0.4",
     "events": "3.3.0",
@@ -58,7 +58,7 @@
     "@react-native/metro-config": "0.76.1",
     "@react-native/typescript-config": "0.76.1",
     "@tsconfig/react-native": "^3.0.5",
-    "@types/chai": "5.2.1",
+    "@types/chai": "<5.0.0",
     "@types/react": "18.3.3",
     "@types/react-native-vector-icons": "^6.4.18",
     "@types/react-test-renderer": "18.3.0",

docs/test_suite_results_android.png

@@ -1,13 +1,6 @@
 /* eslint-disable @typescript-eslint/no-unused-expressions */
 import { Ed, randomBytes, ab2str } from 'react-native-quick-crypto';
 import { Buffer } from '@craftzdog/react-native-buffer';
-// import type {
-//   // KeyObject,
-//   // CFRGKeyPairType,
-//   // GenerateKeyPairCallback,
-//   GenerateKeyPairOptions,
-//   // KeyPairKey,
-// } from 'react-native-quick-crypto';
 import { expect } from 'chai';
 import { test } from '../util';
 
@@ -90,20 +83,39 @@ test(SUITE, 'sign/verify - switched args does not verify', async () => {
 });
 
 test(SUITE, 'sign/verify - non-internally generated private key', async () => {
+  const pub = Buffer.from(
+    'e106bf015ad54a64022295c7af2c35f9511eb37264a7722a9642eaac6c59a494',
+    'hex',
+  );
+  const priv = Buffer.from(
+    '5f27e170afc5091c4933d980c5fe86af997b91375115c6ee2c0fe4ea12400ed0',
+    'hex',
+  );
+
+  const ed2 = new Ed('ed25519', {});
+  const signature = await ed2.sign(data1.buffer, priv);
+  const verified = await ed2.verify(signature, data1.buffer, pub);
+  expect(verified).to.be.true;
+});
+
+test(SUITE, 'sign/verify - bad signature', async () => {
   let ed1: Ed | null = new Ed('ed25519', {});
   await ed1.generateKeyPair();
+  const pub = ed1.getPublicKey();
   const priv = ed1.getPrivateKey();
   ed1 = null;
 
   const ed2 = new Ed('ed25519', {});
   const signature = await ed2.sign(data1.buffer, priv);
-  const verified = await ed2.verify(signature, data1.buffer, priv);
-  expect(verified).to.be.true;
+  const signature2 = randomBytes(64).buffer;
+  expect(ab2str(signature2)).not.to.equal(ab2str(signature));
+  const verified = await ed2.verify(signature2, data1.buffer, pub);
+  expect(verified).to.be.false;
 });
 
 test(
   SUITE,
-  'sign/verify - bad non-internally generated private key',
+  'sign/verify - bad verify with private key, not public',
   async () => {
     let ed1: Ed | null = new Ed('ed25519', {});
     await ed1.generateKeyPair();
@@ -112,9 +124,7 @@ test(
 
     const ed2 = new Ed('ed25519', {});
     const signature = await ed2.sign(data1.buffer, priv);
-    const signature2 = randomBytes(64).buffer;
-    expect(ab2str(signature2)).not.to.equal(ab2str(signature));
-    const verified = await ed2.verify(signature2, data1.buffer, priv);
+    const verified = await ed2.verify(signature, data1.buffer, priv);
     expect(verified).to.be.false;
   },
 );
@@ -124,10 +134,11 @@ test(SUITE, 'sign/verify - Uint8Arrays', () => {
 
   const ed1 = new Ed('ed25519', {});
   ed1.generateKeyPairSync();
+  const pub = new Uint8Array(ed1.getPublicKey());
   const priv = new Uint8Array(ed1.getPrivateKey());
 
   const ed2 = new Ed('ed25519', {});
   const signature = new Uint8Array(ed2.signSync(encode(data), priv));
-  const verified = ed2.verifySync(signature, encode(data), priv);
+  const verified = ed2.verifySync(signature, encode(data), pub);
   expect(verified).to.be.true;
 });

docs/test_suite_results_ios.png

@@ -4,7 +4,7 @@ import { expect } from 'chai';
 import { test } from '../util';
 import { fixtures, type Fixture } from './fixtures';
 
-import crypto, { ab2str } from 'react-native-quick-crypto';
+import crypto from 'react-native-quick-crypto';
 import type { BinaryLike, HashAlgorithm } from 'react-native-quick-crypto';
 
 type TestFixture = [string, string, number, number, string];
@@ -36,7 +36,7 @@ const SUITE = 'pbkdf2';
       function (err, result) {
         expect(err).to.be.null;
         expect(result).not.to.be.null;
-        expect(ab2str(result as ArrayBuffer)).to.equal(expected);
+        expect(result?.toString('hex')).to.equal(expected);
       },
     );
   };
@@ -76,7 +76,7 @@ const SUITE = 'pbkdf2';
 
 test(SUITE, 'handles buffers', () => {
   const resultSync = crypto.pbkdf2Sync('password', 'salt', 1, 32);
-  expect(ab2str(resultSync)).to.equal(
+  expect(resultSync?.toString('hex')).to.equal(
     '0c60c80f961f0e71f3a9b524af6012062fe037a6e0f0eb94fe8fc46bdc637164',
   );
 
@@ -186,7 +186,7 @@ algos.forEach(function (algorithm) {
         function (err, result) {
           expect(err).to.be.null;
           expect(result).not.to.be.null;
-          expect(ab2str(result as ArrayBuffer)).to.equal(expected);
+          expect(result?.toString('hex')).to.equal(expected);
         },
       );
     });
@@ -199,7 +199,7 @@ algos.forEach(function (algorithm) {
         f.dkLen as number,
         algorithm as HashAlgorithm,
       );
-      expect(ab2str(result)).to.equal(expected);
+      expect(result?.toString('hex')).to.equal(expected);
     });
   });
 

example/package.json

@@ -7,8 +7,9 @@
     "index.ts",
     "app.json",
     "src",
-    "**.*.ts",
-    "**.*.tsx",
+    "./**/*.ts",
+    "./**/*.tsx",
+    "../packages/react-native-quick-crypto/src/**/*.ts"
   ],
   "compilerOptions": {
     "jsx": "react",