X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/catacomb/blobdiff_plain/e830bb692041c75eb29b8c511db21af81b3aae2d..a7aa36f2e3359a9d5cc164cc418352b629451e7c:/progs/cc-sig.c

diff --git a/progs/cc-sig.c b/progs/cc-sig.c
index 7303c563..fb5e1c3d 100644
--- a/progs/cc-sig.c
+++ b/progs/cc-sig.c
@@ -577,33 +577,48 @@ static const sigops eckcdsa_vrf = {
 /* --- EdDSA --- */
 
 #define EDDSAS(_)							\
-  _(ed25519, ED25519, "Ed25519", sha512)
+  _(ed25519, ed25519ctx, ED25519, "Ed25519", sha512)
+
+typedef struct eddsa_sigctx {
+  sig s;
+  const char *perso;
+} eddsa_sigctx;
 
 static sig *eddsa_siginit(key *k, void *kd, const gchash *hc)
 {
-  sig *s = CREATE(sig);
-  s->h = 0;
-  return (s);
+  eddsa_sigctx *es = CREATE(eddsa_sigctx);
+  es->s.h = 0;
+  es->perso = key_getattr(0, k, "perso");
+  if (es->perso && strlen(es->perso) > ED25519_MAXPERSOSZ) {
+    die(1, "EdDSA personalization string too long (max length %d)",
+	ED25519_MAXPERSOSZ);
+  }
+  return (&es->s);
 }
 
-static void eddsa_sigdestroy(sig *s) { DESTROY(s); }
+static void eddsa_sigdestroy(sig *s)
+  { eddsa_sigctx *es = (eddsa_sigctx *)s; DESTROY(es); }
 
-#define EDDSADEF(ed, ED, name, hash)					\
+#define EDDSADEF(ed, sigver, ED, name, hash)				\
 									\
   static int ed##_sigdoit(sig *s, dstr *d)				\
   {									\
-    ed##_priv *k = s->kd;						\
+    eddsa_sigctx *es = (eddsa_sigctx *)s;				\
+    ed##_priv *k = es->s.kd;						\
 									\
     dstr_ensure(d, ED##_SIGSZ);						\
-    ed##_sign((octet *)d->buf, k->priv.k, k->priv.sz, k->pub.k,		\
-	      GH_DONE(s->h, 0), GH_CLASS(s->h)->hashsz);		\
+    sigver##_sign((octet *)d->buf, k->priv.k, k->priv.sz, k->pub.k,	\
+		  es->perso ? 1 : -1, es->perso,			\
+		  es->perso ? strlen(es->perso) : 0,			\
+		  GH_DONE(es->s.h, 0), GH_CLASS(es->s.h)->hashsz);	\
     d->len += ED##_SIGSZ;						\
     return (0);								\
   }									\
 									\
   static const char *ed##_sigcheck(sig *s)				\
   {									\
-    ed##_priv *k = s->kd;						\
+    eddsa_sigctx *es = (eddsa_sigctx *)s;				\
+    ed##_priv *k = es->s.kd;						\
 									\
     if (k->pub.sz != ED##_PUBSZ)					\
       return ("incorrect " #name " public key length");			\
@@ -617,12 +632,15 @@ static void eddsa_sigdestroy(sig *s) { DESTROY(s); }
 									\
   static int ed##_vrfdoit(sig *s, dstr *d)				\
   {									\
-    ed##_pub *k = s->kd;						\
+    eddsa_sigctx *es = (eddsa_sigctx *)s;				\
+    ed##_pub *k = es->s.kd;						\
 									\
     if (d->len != ED##_SIGSZ) return (-1);				\
-    return (ed##_verify(k->pub.k,					\
-			GH_DONE(s->h, 0), GH_CLASS(s->h)->hashsz,	\
-			(const octet *)d->buf));			\
+    return (sigver##_verify(k->pub.k,					\
+			    es->perso ? 1 : -1, es->perso,		\
+			    es->perso ? strlen(es->perso) : 0,		\
+			    GH_DONE(s->h, 0), GH_CLASS(s->h)->hashsz,	\
+			    (const octet *)d->buf));			\
   }									\
 									\
   static const char *ed##_vrfcheck(sig *s)				\
@@ -740,7 +758,7 @@ const struct sigtab sigtab[] = {
   { "kcdsa",	&kcdsa_sig,	&kcdsa_vrf,	&has160 },
   { "binkcdsa",	&binkcdsa_sig,	&binkcdsa_vrf,	&has160 },
   { "eckcdsa",	&eckcdsa_sig,	&eckcdsa_vrf,	&has160 },
-#define EDDSATAB(ed, ED, name, hash)					\
+#define EDDSATAB(ed, sigver, ED, name, hash)				\
   { #ed,	&ed##_sig,	&ed##_vrf,	&hash },
   EDDSAS(EDDSATAB)
 #undef EDDSATAB