mirror of
https://github.com/PurpleI2P/i2pd.git
synced 2025-01-22 13:27:17 +01:00
enable GOST R 34.10 signatures from netid!=2
This commit is contained in:
parent
1cb89ce20d
commit
83b9b3bf4a
|
@ -837,6 +837,7 @@ namespace crypto
|
|||
g_Gost3411 = ENGINE_get_digest(g_GostEngine, NID_id_GostR3411_94);
|
||||
|
||||
auto ctx = EVP_PKEY_CTX_new_id(NID_id_GostR3410_2001, g_GostEngine);
|
||||
if (!ctx) return false;
|
||||
EVP_PKEY_keygen_init (ctx);
|
||||
EVP_PKEY_CTX_ctrl_str (ctx, "paramset", "A"); // possible values 'A', 'B', 'C', 'XA', 'XB'
|
||||
EVP_PKEY_keygen (ctx, &g_GostPKEY); // it seems only way to fill with correct params
|
||||
|
|
|
@ -122,6 +122,7 @@ namespace i2p
|
|||
i2p::crypto::InitCrypto (precomputation);
|
||||
|
||||
int netID; i2p::config::GetOption("netid", netID);
|
||||
if (netID != 2) i2p::crypto::InitGost () // init GOST for own darknet
|
||||
i2p::context.SetNetID (netID);
|
||||
i2p::context.Init ();
|
||||
|
||||
|
@ -349,6 +350,7 @@ namespace i2p
|
|||
d.m_WebsocketServer = nullptr;
|
||||
}
|
||||
#endif
|
||||
if (i2p::context.GetNetID () != 2) i2p::crypto::TerminateGost ();
|
||||
i2p::crypto::TerminateCrypto ();
|
||||
i2p::log::Logger().Stop();
|
||||
|
||||
|
|
19
Identity.cpp
19
Identity.cpp
|
@ -102,6 +102,13 @@ namespace data
|
|||
memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH);
|
||||
break;
|
||||
}
|
||||
case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411:
|
||||
{
|
||||
size_t padding = 128 - i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH; // 64 = 128 - 64
|
||||
RAND_bytes (m_StandardIdentity.signingKey, padding);
|
||||
memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH);
|
||||
break;
|
||||
}
|
||||
default:
|
||||
LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported");
|
||||
}
|
||||
|
@ -370,6 +377,12 @@ namespace data
|
|||
UpdateVerifier (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding));
|
||||
break;
|
||||
}
|
||||
case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411:
|
||||
{
|
||||
size_t padding = 128 - i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH; // 64 = 128 - 64
|
||||
UpdateVerifier (new i2p::crypto::GOSTR3410Verifier (m_StandardIdentity.signingKey + padding));
|
||||
break;
|
||||
}
|
||||
default:
|
||||
LogPrint (eLogError, "Identity: Signing key type ", (int)keyType, " is not supported");
|
||||
}
|
||||
|
@ -511,6 +524,9 @@ namespace data
|
|||
case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
|
||||
m_Signer.reset (new i2p::crypto::EDDSA25519Signer (m_SigningPrivateKey, m_Public->GetStandardIdentity ().certificate - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH));
|
||||
break;
|
||||
case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411:
|
||||
m_Signer.reset (new i2p::crypto::GOSTR3410Signer (m_SigningPrivateKey));
|
||||
break;
|
||||
default:
|
||||
LogPrint (eLogError, "Identity: Signing key type ", (int)m_Public->GetSigningKeyType (), " is not supported");
|
||||
}
|
||||
|
@ -546,6 +562,9 @@ namespace data
|
|||
case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
|
||||
i2p::crypto::CreateEDDSA25519RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);
|
||||
break;
|
||||
case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411:
|
||||
i2p::crypto::CreateGOSTR3410RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);
|
||||
break;
|
||||
default:
|
||||
LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported. Create DSA-SHA1");
|
||||
return PrivateKeys (i2p::data::CreateRandomKeys ()); // DSA-SHA1
|
||||
|
|
|
@ -60,6 +60,9 @@ namespace data
|
|||
const uint16_t SIGNING_KEY_TYPE_RSA_SHA384_3072 = 5;
|
||||
const uint16_t SIGNING_KEY_TYPE_RSA_SHA512_4096 = 6;
|
||||
const uint16_t SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519 = 7;
|
||||
// following signature type should never appear in netid=2
|
||||
const uint16_t SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411 = 65280; // approved by FSB
|
||||
|
||||
typedef uint16_t SigningKeyType;
|
||||
typedef uint16_t CryptoKeyType;
|
||||
|
||||
|
|
Loading…
Reference in a new issue