enable GOST R 34.10 signatures from netid!=2

7 years ago · 83b9b3bf4a
parent 1cb89ce20d
commit 83b9b3bf4a
4 changed files with 25 additions and 0 deletions
--- a/Crypto.cpp
+++ b/Crypto.cpp
@ -837,6 +837,7 @@ namespace crypto
 		g_Gost3411 = ENGINE_get_digest(g_GostEngine, NID_id_GostR3411_94);

 		auto ctx = EVP_PKEY_CTX_new_id(NID_id_GostR3410_2001, g_GostEngine);
+		if (!ctx) return false;
 		EVP_PKEY_keygen_init (ctx);
 		EVP_PKEY_CTX_ctrl_str (ctx, "paramset", "A"); // possible values 'A', 'B', 'C', 'XA', 'XB'
 		EVP_PKEY_keygen (ctx, &g_GostPKEY);	// it seems only way to fill with correct params
--- a/Daemon.cpp
+++ b/Daemon.cpp
@ -122,6 +122,7 @@ namespace i2p
 			i2p::crypto::InitCrypto (precomputation);

 			int netID; i2p::config::GetOption("netid", netID);
+			if (netID != 2)	i2p::crypto::InitGost () // init GOST for own darknet
 			i2p::context.SetNetID (netID);
 			i2p::context.Init ();

@ -349,6 +350,7 @@ namespace i2p
 				d.m_WebsocketServer = nullptr;
 			}
 #endif
+			if (i2p::context.GetNetID () != 2) i2p::crypto::TerminateGost ();
 			i2p::crypto::TerminateCrypto ();
 			i2p::log::Logger().Stop();

--- a/Identity.cpp
+++ b/Identity.cpp
@ -102,6 +102,13 @@ namespace data
 					memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH);
 					break;
 				}	
+				case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411:
+				{	
+					size_t padding =  128 - i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH; // 64 = 128 - 64
+					RAND_bytes (m_StandardIdentity.signingKey, padding);
+					memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH);
+					break;
+				}	
 				default:
 					LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported");
 			}	
@ -370,6 +377,12 @@ namespace data
 				UpdateVerifier (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding));
 				break;
 			}	
+			case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411:
+			{	
+				size_t padding =  128 - i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH; // 64 = 128 - 64
+				UpdateVerifier (new i2p::crypto::GOSTR3410Verifier (m_StandardIdentity.signingKey + padding));
+				break;
+			}		
 			default:
 				LogPrint (eLogError, "Identity: Signing key type ", (int)keyType, " is not supported");
 		}			
@ -511,6 +524,9 @@ namespace data
 			case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
 				m_Signer.reset (new i2p::crypto::EDDSA25519Signer (m_SigningPrivateKey, m_Public->GetStandardIdentity ().certificate - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH));
 			break;
+			case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411:
+				m_Signer.reset (new i2p::crypto::GOSTR3410Signer (m_SigningPrivateKey));
+			break;	
 			default:
 				LogPrint (eLogError, "Identity: Signing key type ", (int)m_Public->GetSigningKeyType (), " is not supported");
 		}
@ -546,6 +562,9 @@ namespace data
 				case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
 					i2p::crypto::CreateEDDSA25519RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);
 				break;
+				case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411:
+					i2p::crypto::CreateGOSTR3410RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);
+				break;	
 				default:
 					LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported. Create DSA-SHA1");
 					return PrivateKeys (i2p::data::CreateRandomKeys ()); // DSA-SHA1
--- a/Identity.h
+++ b/Identity.h
@ -60,6 +60,9 @@ namespace data
 	const uint16_t SIGNING_KEY_TYPE_RSA_SHA384_3072 = 5;
 	const uint16_t SIGNING_KEY_TYPE_RSA_SHA512_4096 = 6;
 	const uint16_t SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519 = 7;
+	// following signature type should never appear in netid=2
+	const uint16_t SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411 = 65280; // approved by FSB
+	
 	typedef uint16_t SigningKeyType;
 	typedef uint16_t CryptoKeyType;