From b3a9eabc2c8fa3ab603b1bf37636ee18c2855e50f9c38f9cd6358f78acd303fe Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Wed, 4 Dec 2024 15:26:23 +0300
Subject: [PATCH] Monocypher-based cyac ed25519-blake2b cer-verify

---
 cyac/cmd/cer-verify/cer-verify.c              |  2 ++
 cyac/cmd/cer-verify/cer-verify.do             |  9 +++---
 cyac/cmd/cer-verify/clean                     |  2 +-
 cyac/cmd/cer-verify/conf/.gitignore           |  1 +
 cyac/cmd/cer-verify/conf/monocypher.rc.do     | 12 +++++++
 .../cmd/cer-verify/verifier-ed25519-blake2b.c | 31 +++++++++++++++++++
 .../cmd/cer-verify/verifier-ed25519-blake2b.h | 19 ++++++++++++
 .../cer-verify/verifier-ed25519-blake2b.o.do  |  5 +++
 8 files changed, 76 insertions(+), 5 deletions(-)
 create mode 100644 cyac/cmd/cer-verify/conf/monocypher.rc.do
 create mode 100644 cyac/cmd/cer-verify/verifier-ed25519-blake2b.c
 create mode 100644 cyac/cmd/cer-verify/verifier-ed25519-blake2b.h
 create mode 100644 cyac/cmd/cer-verify/verifier-ed25519-blake2b.o.do

diff --git a/cyac/cmd/cer-verify/cer-verify.c b/cyac/cmd/cer-verify/cer-verify.c
index e31e3df..22bf26e 100644
--- a/cyac/cmd/cer-verify/cer-verify.c
+++ b/cyac/cmd/cer-verify/cer-verify.c
@@ -27,6 +27,7 @@
 #include "../lib/mmap.h"
 #include "../lib/uuid.h"
 
+#include "verifier-ed25519-blake2b.h"
 #include "verifier-gost3410.h"
 
 int
@@ -72,6 +73,7 @@ main(int argc, char **argv)
     }
 
     struct YACCerSigVerifier sigVerifiers[] = {
+        {.algo = "ed25519-blake2b", .func = ed25519blake2bSignatureVerifier},
         {.algo = "gost3410-256A", .func = gost3410SignatureVerifier},
         {.algo = "gost3410-512C", .func = gost3410SignatureVerifier},
         {.algo = NULL},
diff --git a/cyac/cmd/cer-verify/cer-verify.do b/cyac/cmd/cer-verify/cer-verify.do
index ad75159..8f431f1 100644
--- a/cyac/cmd/cer-verify/cer-verify.do
+++ b/cyac/cmd/cer-verify/cer-verify.do
@@ -1,13 +1,14 @@
-deps="../lib/mmap.o ../lib/uuid.o verifier-gost3410.o"
-redo-ifchange $1.c $deps conf/gcl3.rc \
+deps="../lib/mmap.o ../lib/uuid.o verifier-ed25519-blake2b.o verifier-gost3410.o"
+redo-ifchange $1.c $deps conf/gcl3.rc conf/monocypher.rc \
     ../../conf/cc ../../conf/cflags ../../conf/ldflags ../../conf/prefix
 read CC <../../conf/cc
 CFLAGS=$(cat ../../conf/cflags)
 LDFLAGS=$(cat ../../conf/ldflags)
 . conf/gcl3.rc
+. conf/monocypher.rc
 read PREFIX <../../conf/prefix
 $CC \
     $CFLAGS -I$PREFIX/include \
     -o $3 $2.c $deps \
-    $LDFLAGS $GCL3_LDFLAGS -L$PREFIX/lib \
-    -lyac -lyacpki $GCL3_LDLIBS
+    $LDFLAGS $GCL3_LDFLAGS $MONOCYPHER_LDFLAGS -L$PREFIX/lib \
+    -lyac -lyacpki $GCL3_LDLIBS $MONOCYPHER_LDLIBS -static
diff --git a/cyac/cmd/cer-verify/clean b/cyac/cmd/cer-verify/clean
index cdb7ffb..0a413ac 100755
--- a/cyac/cmd/cer-verify/clean
+++ b/cyac/cmd/cer-verify/clean
@@ -1,3 +1,3 @@
 #!/bin/sh -e
 
-exec rm -f cer-verify compile_flags.txt conf/gcl3.rc
+exec rm -f cer-verify compile_flags.txt conf/gcl3.rc conf/monocypher.rc *.o
diff --git a/cyac/cmd/cer-verify/conf/.gitignore b/cyac/cmd/cer-verify/conf/.gitignore
index 0f57c2c..6d4233f 100644
--- a/cyac/cmd/cer-verify/conf/.gitignore
+++ b/cyac/cmd/cer-verify/conf/.gitignore
@@ -1 +1,2 @@
 /gcl3.rc
+/monocypher.rc
diff --git a/cyac/cmd/cer-verify/conf/monocypher.rc.do b/cyac/cmd/cer-verify/conf/monocypher.rc.do
new file mode 100644
index 0000000..a848036
--- /dev/null
+++ b/cyac/cmd/cer-verify/conf/monocypher.rc.do
@@ -0,0 +1,12 @@
+PKGCONF=${PKGCONF:-`command -v pkgconf || command -v pkg-config`}
+cat <<EOF
+{
+    read MONOCYPHER_CFLAGS
+    read MONOCYPHER_LDFLAGS
+    read MONOCYPHER_LDLIBS
+} <<EOF
+EOF
+$PKGCONF --cflags monocypher
+$PKGCONF --libs-only-L monocypher
+$PKGCONF --libs-only-l monocypher
+echo EOF
diff --git a/cyac/cmd/cer-verify/verifier-ed25519-blake2b.c b/cyac/cmd/cer-verify/verifier-ed25519-blake2b.c
new file mode 100644
index 0000000..0ecadd9
--- /dev/null
+++ b/cyac/cmd/cer-verify/verifier-ed25519-blake2b.c
@@ -0,0 +1,31 @@
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
+
+#include <monocypher.h>
+
+#include "verifier-ed25519-blake2b.h"
+
+bool
+ed25519blake2bSignatureVerifier(
+    char **failReason,
+    const unsigned char *ai,
+    const size_t aiLen,
+    const unsigned char *sig,
+    const size_t sigLen,
+    const unsigned char *pub,
+    const size_t pubLen,
+    const unsigned char *data,
+    const size_t dataLen)
+{
+    if (pubLen != 32) {
+        (*failReason) = "invalid pubkey len";
+        return false;
+    }
+    if (sigLen != 64) {
+        (*failReason) = "invalid signature len";
+        return false;
+    }
+    return crypto_eddsa_check(sig, pub, data, dataLen) == 0;
+}
diff --git a/cyac/cmd/cer-verify/verifier-ed25519-blake2b.h b/cyac/cmd/cer-verify/verifier-ed25519-blake2b.h
new file mode 100644
index 0000000..4050260
--- /dev/null
+++ b/cyac/cmd/cer-verify/verifier-ed25519-blake2b.h
@@ -0,0 +1,19 @@
+#ifndef YAC_VERIFIER_ED25519_BLAKE2B_H
+#define YAC_VERIFIER_ED25519_BLAKE2B_H
+
+#include <stdbool.h>
+#include <stdlib.h>
+
+bool
+ed25519blake2bSignatureVerifier(
+    char **failReason,
+    const unsigned char *ai,
+    const size_t aiLen,
+    const unsigned char *sig,
+    const size_t sigLen,
+    const unsigned char *pub,
+    const size_t pubLen,
+    const unsigned char *data,
+    const size_t dataLen);
+
+#endif // YAC_VERIFIER_ED25519_BLAKE2B_H
diff --git a/cyac/cmd/cer-verify/verifier-ed25519-blake2b.o.do b/cyac/cmd/cer-verify/verifier-ed25519-blake2b.o.do
new file mode 100644
index 0000000..59c0009
--- /dev/null
+++ b/cyac/cmd/cer-verify/verifier-ed25519-blake2b.o.do
@@ -0,0 +1,5 @@
+redo-ifchange ${1%.o}.c conf/monocypher.rc ../../conf/cc ../../conf/cflags
+read CC <../../conf/cc
+CFLAGS=$(cat ../../conf/cflags)
+. conf/monocypher.rc
+$CC $CFLAGS $MONOCYPHER_CFLAGS -c -o $3 ${1%.o}.c
-- 
2.48.1