From 83b9b3bf4a3c7b03534054bd9d9f725eb15e4b71 Mon Sep 17 00:00:00 2001 From: orignal Date: Sun, 19 Feb 2017 18:08:10 -0500 Subject: [PATCH] enable GOST R 34.10 signatures from netid!=2 --- Crypto.cpp | 1 + Daemon.cpp | 2 ++ Identity.cpp | 19 +++++++++++++++++++ Identity.h | 3 +++ 4 files changed, 25 insertions(+) diff --git a/Crypto.cpp b/Crypto.cpp index 4aa6b82d..fec930ac 100644 --- a/Crypto.cpp +++ b/Crypto.cpp @@ -837,6 +837,7 @@ namespace crypto g_Gost3411 = ENGINE_get_digest(g_GostEngine, NID_id_GostR3411_94); auto ctx = EVP_PKEY_CTX_new_id(NID_id_GostR3410_2001, g_GostEngine); + if (!ctx) return false; EVP_PKEY_keygen_init (ctx); EVP_PKEY_CTX_ctrl_str (ctx, "paramset", "A"); // possible values 'A', 'B', 'C', 'XA', 'XB' EVP_PKEY_keygen (ctx, &g_GostPKEY); // it seems only way to fill with correct params diff --git a/Daemon.cpp b/Daemon.cpp index c7aaa279..5abadcb8 100644 --- a/Daemon.cpp +++ b/Daemon.cpp @@ -122,6 +122,7 @@ namespace i2p i2p::crypto::InitCrypto (precomputation); int netID; i2p::config::GetOption("netid", netID); + if (netID != 2) i2p::crypto::InitGost () // init GOST for own darknet i2p::context.SetNetID (netID); i2p::context.Init (); @@ -349,6 +350,7 @@ namespace i2p d.m_WebsocketServer = nullptr; } #endif + if (i2p::context.GetNetID () != 2) i2p::crypto::TerminateGost (); i2p::crypto::TerminateCrypto (); i2p::log::Logger().Stop(); diff --git a/Identity.cpp b/Identity.cpp index 4e9bee63..68659e2b 100644 --- a/Identity.cpp +++ b/Identity.cpp @@ -102,6 +102,13 @@ namespace data memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH); break; } + case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411: + { + size_t padding = 128 - i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH; // 64 = 128 - 64 + RAND_bytes (m_StandardIdentity.signingKey, padding); + memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH); + break; + } default: LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported"); } @@ -370,6 +377,12 @@ namespace data UpdateVerifier (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding)); break; } + case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411: + { + size_t padding = 128 - i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH; // 64 = 128 - 64 + UpdateVerifier (new i2p::crypto::GOSTR3410Verifier (m_StandardIdentity.signingKey + padding)); + break; + } default: LogPrint (eLogError, "Identity: Signing key type ", (int)keyType, " is not supported"); } @@ -511,6 +524,9 @@ namespace data case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: m_Signer.reset (new i2p::crypto::EDDSA25519Signer (m_SigningPrivateKey, m_Public->GetStandardIdentity ().certificate - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH)); break; + case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411: + m_Signer.reset (new i2p::crypto::GOSTR3410Signer (m_SigningPrivateKey)); + break; default: LogPrint (eLogError, "Identity: Signing key type ", (int)m_Public->GetSigningKeyType (), " is not supported"); } @@ -546,6 +562,9 @@ namespace data case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: i2p::crypto::CreateEDDSA25519RandomKeys (keys.m_SigningPrivateKey, signingPublicKey); break; + case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411: + i2p::crypto::CreateGOSTR3410RandomKeys (keys.m_SigningPrivateKey, signingPublicKey); + break; default: LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported. Create DSA-SHA1"); return PrivateKeys (i2p::data::CreateRandomKeys ()); // DSA-SHA1 diff --git a/Identity.h b/Identity.h index 49dada48..5fbf1675 100644 --- a/Identity.h +++ b/Identity.h @@ -60,6 +60,9 @@ namespace data const uint16_t SIGNING_KEY_TYPE_RSA_SHA384_3072 = 5; const uint16_t SIGNING_KEY_TYPE_RSA_SHA512_4096 = 6; const uint16_t SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519 = 7; + // following signature type should never appear in netid=2 + const uint16_t SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411 = 65280; // approved by FSB + typedef uint16_t SigningKeyType; typedef uint16_t CryptoKeyType;