mirror of
				https://github.com/PurpleI2P/i2pd.git
				synced 2025-10-20 18:50:20 +01:00 
			
		
		
		
	enable GOST R 34.10 signatures from netid!=2
This commit is contained in:
		
							parent
							
								
									1cb89ce20d
								
							
						
					
					
						commit
						83b9b3bf4a
					
				
					 4 changed files with 25 additions and 0 deletions
				
			
		|  | @ -837,6 +837,7 @@ namespace crypto | ||||||
| 		g_Gost3411 = ENGINE_get_digest(g_GostEngine, NID_id_GostR3411_94); | 		g_Gost3411 = ENGINE_get_digest(g_GostEngine, NID_id_GostR3411_94); | ||||||
| 
 | 
 | ||||||
| 		auto ctx = EVP_PKEY_CTX_new_id(NID_id_GostR3410_2001, g_GostEngine); | 		auto ctx = EVP_PKEY_CTX_new_id(NID_id_GostR3410_2001, g_GostEngine); | ||||||
|  | 		if (!ctx) return false; | ||||||
| 		EVP_PKEY_keygen_init (ctx); | 		EVP_PKEY_keygen_init (ctx); | ||||||
| 		EVP_PKEY_CTX_ctrl_str (ctx, "paramset", "A"); // possible values 'A', 'B', 'C', 'XA', 'XB'
 | 		EVP_PKEY_CTX_ctrl_str (ctx, "paramset", "A"); // possible values 'A', 'B', 'C', 'XA', 'XB'
 | ||||||
| 		EVP_PKEY_keygen (ctx, &g_GostPKEY);	// it seems only way to fill with correct params
 | 		EVP_PKEY_keygen (ctx, &g_GostPKEY);	// it seems only way to fill with correct params
 | ||||||
|  |  | ||||||
|  | @ -122,6 +122,7 @@ namespace i2p | ||||||
| 			i2p::crypto::InitCrypto (precomputation); | 			i2p::crypto::InitCrypto (precomputation); | ||||||
| 
 | 
 | ||||||
| 			int netID; i2p::config::GetOption("netid", netID); | 			int netID; i2p::config::GetOption("netid", netID); | ||||||
|  | 			if (netID != 2)	i2p::crypto::InitGost () // init GOST for own darknet
 | ||||||
| 			i2p::context.SetNetID (netID); | 			i2p::context.SetNetID (netID); | ||||||
| 			i2p::context.Init (); | 			i2p::context.Init (); | ||||||
| 
 | 
 | ||||||
|  | @ -349,6 +350,7 @@ namespace i2p | ||||||
| 				d.m_WebsocketServer = nullptr; | 				d.m_WebsocketServer = nullptr; | ||||||
| 			} | 			} | ||||||
| #endif | #endif | ||||||
|  | 			if (i2p::context.GetNetID () != 2) i2p::crypto::TerminateGost (); | ||||||
| 			i2p::crypto::TerminateCrypto (); | 			i2p::crypto::TerminateCrypto (); | ||||||
| 			i2p::log::Logger().Stop(); | 			i2p::log::Logger().Stop(); | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
							
								
								
									
										19
									
								
								Identity.cpp
									
										
									
									
									
								
							
							
						
						
									
										19
									
								
								Identity.cpp
									
										
									
									
									
								
							|  | @ -102,6 +102,13 @@ namespace data | ||||||
| 					memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH); | 					memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH); | ||||||
| 					break; | 					break; | ||||||
| 				}	 | 				}	 | ||||||
|  | 				case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411: | ||||||
|  | 				{	 | ||||||
|  | 					size_t padding =  128 - i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH; // 64 = 128 - 64
 | ||||||
|  | 					RAND_bytes (m_StandardIdentity.signingKey, padding); | ||||||
|  | 					memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH); | ||||||
|  | 					break; | ||||||
|  | 				}	 | ||||||
| 				default: | 				default: | ||||||
| 					LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported"); | 					LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported"); | ||||||
| 			}	 | 			}	 | ||||||
|  | @ -370,6 +377,12 @@ namespace data | ||||||
| 				UpdateVerifier (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding)); | 				UpdateVerifier (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding)); | ||||||
| 				break; | 				break; | ||||||
| 			}	 | 			}	 | ||||||
|  | 			case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411: | ||||||
|  | 			{	 | ||||||
|  | 				size_t padding =  128 - i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH; // 64 = 128 - 64
 | ||||||
|  | 				UpdateVerifier (new i2p::crypto::GOSTR3410Verifier (m_StandardIdentity.signingKey + padding)); | ||||||
|  | 				break; | ||||||
|  | 			}		 | ||||||
| 			default: | 			default: | ||||||
| 				LogPrint (eLogError, "Identity: Signing key type ", (int)keyType, " is not supported"); | 				LogPrint (eLogError, "Identity: Signing key type ", (int)keyType, " is not supported"); | ||||||
| 		}			 | 		}			 | ||||||
|  | @ -511,6 +524,9 @@ namespace data | ||||||
| 			case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: | 			case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: | ||||||
| 				m_Signer.reset (new i2p::crypto::EDDSA25519Signer (m_SigningPrivateKey, m_Public->GetStandardIdentity ().certificate - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH)); | 				m_Signer.reset (new i2p::crypto::EDDSA25519Signer (m_SigningPrivateKey, m_Public->GetStandardIdentity ().certificate - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH)); | ||||||
| 			break; | 			break; | ||||||
|  | 			case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411: | ||||||
|  | 				m_Signer.reset (new i2p::crypto::GOSTR3410Signer (m_SigningPrivateKey)); | ||||||
|  | 			break;	 | ||||||
| 			default: | 			default: | ||||||
| 				LogPrint (eLogError, "Identity: Signing key type ", (int)m_Public->GetSigningKeyType (), " is not supported"); | 				LogPrint (eLogError, "Identity: Signing key type ", (int)m_Public->GetSigningKeyType (), " is not supported"); | ||||||
| 		} | 		} | ||||||
|  | @ -546,6 +562,9 @@ namespace data | ||||||
| 				case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: | 				case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: | ||||||
| 					i2p::crypto::CreateEDDSA25519RandomKeys (keys.m_SigningPrivateKey, signingPublicKey); | 					i2p::crypto::CreateEDDSA25519RandomKeys (keys.m_SigningPrivateKey, signingPublicKey); | ||||||
| 				break; | 				break; | ||||||
|  | 				case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411: | ||||||
|  | 					i2p::crypto::CreateGOSTR3410RandomKeys (keys.m_SigningPrivateKey, signingPublicKey); | ||||||
|  | 				break;	 | ||||||
| 				default: | 				default: | ||||||
| 					LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported. Create DSA-SHA1"); | 					LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported. Create DSA-SHA1"); | ||||||
| 					return PrivateKeys (i2p::data::CreateRandomKeys ()); // DSA-SHA1
 | 					return PrivateKeys (i2p::data::CreateRandomKeys ()); // DSA-SHA1
 | ||||||
|  |  | ||||||
|  | @ -60,6 +60,9 @@ namespace data | ||||||
| 	const uint16_t SIGNING_KEY_TYPE_RSA_SHA384_3072 = 5; | 	const uint16_t SIGNING_KEY_TYPE_RSA_SHA384_3072 = 5; | ||||||
| 	const uint16_t SIGNING_KEY_TYPE_RSA_SHA512_4096 = 6; | 	const uint16_t SIGNING_KEY_TYPE_RSA_SHA512_4096 = 6; | ||||||
| 	const uint16_t SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519 = 7; | 	const uint16_t SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519 = 7; | ||||||
|  | 	// following signature type should never appear in netid=2
 | ||||||
|  | 	const uint16_t SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411 = 65280; // approved by FSB
 | ||||||
|  | 	 | ||||||
| 	typedef uint16_t SigningKeyType; | 	typedef uint16_t SigningKeyType; | ||||||
| 	typedef uint16_t CryptoKeyType;	 | 	typedef uint16_t CryptoKeyType;	 | ||||||
| 	 | 	 | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue