erix/lib-ed25519
1
0
Fork 0
generated from erix/meta
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Minimal no_std Ed25519 verification crate for EriX secure boot and related validation paths.
22 commits 1 branch 0 tags 132 KiB
  • Rust 100%
Find a file
Exact
Erik Inkinen d377fc074c
All checks were successful
CI / test (push) Successful in 8s
Details
CI / security (push) Successful in 1m27s
Details
CI / minimal-versions (push) Successful in 11s
Details
lib-ed25519: drop unstable rustfmt options for stable toolchains
2026-03-23 10:19:54 +02:00
.github Refactor milestone terminology to "Component Milestone Tracking" across templates and documentation for consistency 2026-03-05 11:54:27 +02:00
src Add constant-time operations for field and point arithmetic; enhance signature verification tests 2026-02-26 17:25:01 +02:00
.editorconfig Initial commit 2026-02-26 15:21:49 +01:00
.gitignore Initial commit 2026-02-26 15:21:49 +01:00
ARCHITECTURE.md Initialize lib-ed25519 2026-02-26 16:24:24 +02:00
Cargo.toml Add constant-time operations for field and point arithmetic; enhance signature verification tests 2026-02-26 17:25:01 +02:00
CODE_OF_CONDUCT.md Initial commit 2026-02-26 15:21:49 +01:00
CONTRIBUTING.md Refactor milestone terminology to "Component Milestone Tracking" across templates and documentation for consistency 2026-03-05 11:54:27 +02:00
LICENSE Initial commit 2026-02-26 15:21:49 +01:00
README.md Refactor milestone terminology to "Component Milestone Tracking" across templates and documentation for consistency 2026-03-05 11:54:27 +02:00
ROADMAP.md Update README and ROADMAP with current implementation status and milestones 2026-02-28 04:53:55 +02:00
rustfmt.toml lib-ed25519: drop unstable rustfmt options for stable toolchains 2026-03-23 10:19:54 +02:00
SECURITY.md docs: align security policy phase numbering 2026-03-11 05:28:12 +02:00

README.md

lib-ed25519

Minimal no_std Ed25519 verification crate for EriX secure boot and related validation paths.

This crate is verification-focused. It provides signature verification primitives for public-key validation in boot-critical code.

UEFI + x86_64 are current primary targets, but this crate is explicitly portable and architecture-neutral.

Scope

This crate provides:

  • Ed25519 public key and signature types
  • strict decode/validation helpers for key/signature inputs
  • Ed25519 signature verification for message bytes

This crate does not provide:

  • private-key operations or signing
  • key generation
  • random number generation
  • certificate chain parsing

Why this crate exists

EriX boot verification requires a small, auditable implementation for Ed25519 verification with no external dependencies.

Keeping this functionality in a dedicated crate improves:

  • auditability of TCB code
  • reuse across lib-bootimg, bootloader, and kernel-side validators
  • deterministic behavior across supported targets

Design constraints

  • #![no_std]
  • zero external dependencies
  • deterministic, explicit error handling
  • constant-time treatment in security-relevant comparisons
  • minimal and documented unsafe (ideally none)

Security notes

This crate is part of a security boundary when used in secure boot.

Invalid encodings or malformed inputs must be rejected strictly. Verification must be fail-closed.

Intended consumers

  • lib-bootimg verification flow
  • bootloader signature verification path
  • future kernel/user-space signature checks

Status

Implemented baseline.

Strict parsing/validation and verification APIs are implemented with unit coverage. Remaining work is hardening and broader integration fixture coverage.

See ARCHITECTURE.md and ROADMAP.md.