mirror of
https://github.com/PurpleI2P/i2pd.git
synced 2024-11-13 13:10:28 +00:00
enable GOST R 34.10 signatures from netid!=2
This commit is contained in:
parent
1cb89ce20d
commit
83b9b3bf4a
@ -837,6 +837,7 @@ namespace crypto
|
|||||||
g_Gost3411 = ENGINE_get_digest(g_GostEngine, NID_id_GostR3411_94);
|
g_Gost3411 = ENGINE_get_digest(g_GostEngine, NID_id_GostR3411_94);
|
||||||
|
|
||||||
auto ctx = EVP_PKEY_CTX_new_id(NID_id_GostR3410_2001, g_GostEngine);
|
auto ctx = EVP_PKEY_CTX_new_id(NID_id_GostR3410_2001, g_GostEngine);
|
||||||
|
if (!ctx) return false;
|
||||||
EVP_PKEY_keygen_init (ctx);
|
EVP_PKEY_keygen_init (ctx);
|
||||||
EVP_PKEY_CTX_ctrl_str (ctx, "paramset", "A"); // possible values 'A', 'B', 'C', 'XA', 'XB'
|
EVP_PKEY_CTX_ctrl_str (ctx, "paramset", "A"); // possible values 'A', 'B', 'C', 'XA', 'XB'
|
||||||
EVP_PKEY_keygen (ctx, &g_GostPKEY); // it seems only way to fill with correct params
|
EVP_PKEY_keygen (ctx, &g_GostPKEY); // it seems only way to fill with correct params
|
||||||
|
@ -122,6 +122,7 @@ namespace i2p
|
|||||||
i2p::crypto::InitCrypto (precomputation);
|
i2p::crypto::InitCrypto (precomputation);
|
||||||
|
|
||||||
int netID; i2p::config::GetOption("netid", netID);
|
int netID; i2p::config::GetOption("netid", netID);
|
||||||
|
if (netID != 2) i2p::crypto::InitGost () // init GOST for own darknet
|
||||||
i2p::context.SetNetID (netID);
|
i2p::context.SetNetID (netID);
|
||||||
i2p::context.Init ();
|
i2p::context.Init ();
|
||||||
|
|
||||||
@ -349,6 +350,7 @@ namespace i2p
|
|||||||
d.m_WebsocketServer = nullptr;
|
d.m_WebsocketServer = nullptr;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
if (i2p::context.GetNetID () != 2) i2p::crypto::TerminateGost ();
|
||||||
i2p::crypto::TerminateCrypto ();
|
i2p::crypto::TerminateCrypto ();
|
||||||
i2p::log::Logger().Stop();
|
i2p::log::Logger().Stop();
|
||||||
|
|
||||||
|
19
Identity.cpp
19
Identity.cpp
@ -102,6 +102,13 @@ namespace data
|
|||||||
memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH);
|
memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411:
|
||||||
|
{
|
||||||
|
size_t padding = 128 - i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH; // 64 = 128 - 64
|
||||||
|
RAND_bytes (m_StandardIdentity.signingKey, padding);
|
||||||
|
memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH);
|
||||||
|
break;
|
||||||
|
}
|
||||||
default:
|
default:
|
||||||
LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported");
|
LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported");
|
||||||
}
|
}
|
||||||
@ -370,6 +377,12 @@ namespace data
|
|||||||
UpdateVerifier (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding));
|
UpdateVerifier (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding));
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411:
|
||||||
|
{
|
||||||
|
size_t padding = 128 - i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH; // 64 = 128 - 64
|
||||||
|
UpdateVerifier (new i2p::crypto::GOSTR3410Verifier (m_StandardIdentity.signingKey + padding));
|
||||||
|
break;
|
||||||
|
}
|
||||||
default:
|
default:
|
||||||
LogPrint (eLogError, "Identity: Signing key type ", (int)keyType, " is not supported");
|
LogPrint (eLogError, "Identity: Signing key type ", (int)keyType, " is not supported");
|
||||||
}
|
}
|
||||||
@ -511,6 +524,9 @@ namespace data
|
|||||||
case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
|
case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
|
||||||
m_Signer.reset (new i2p::crypto::EDDSA25519Signer (m_SigningPrivateKey, m_Public->GetStandardIdentity ().certificate - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH));
|
m_Signer.reset (new i2p::crypto::EDDSA25519Signer (m_SigningPrivateKey, m_Public->GetStandardIdentity ().certificate - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH));
|
||||||
break;
|
break;
|
||||||
|
case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411:
|
||||||
|
m_Signer.reset (new i2p::crypto::GOSTR3410Signer (m_SigningPrivateKey));
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
LogPrint (eLogError, "Identity: Signing key type ", (int)m_Public->GetSigningKeyType (), " is not supported");
|
LogPrint (eLogError, "Identity: Signing key type ", (int)m_Public->GetSigningKeyType (), " is not supported");
|
||||||
}
|
}
|
||||||
@ -546,6 +562,9 @@ namespace data
|
|||||||
case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
|
case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
|
||||||
i2p::crypto::CreateEDDSA25519RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);
|
i2p::crypto::CreateEDDSA25519RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);
|
||||||
break;
|
break;
|
||||||
|
case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411:
|
||||||
|
i2p::crypto::CreateGOSTR3410RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported. Create DSA-SHA1");
|
LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported. Create DSA-SHA1");
|
||||||
return PrivateKeys (i2p::data::CreateRandomKeys ()); // DSA-SHA1
|
return PrivateKeys (i2p::data::CreateRandomKeys ()); // DSA-SHA1
|
||||||
|
@ -60,6 +60,9 @@ namespace data
|
|||||||
const uint16_t SIGNING_KEY_TYPE_RSA_SHA384_3072 = 5;
|
const uint16_t SIGNING_KEY_TYPE_RSA_SHA384_3072 = 5;
|
||||||
const uint16_t SIGNING_KEY_TYPE_RSA_SHA512_4096 = 6;
|
const uint16_t SIGNING_KEY_TYPE_RSA_SHA512_4096 = 6;
|
||||||
const uint16_t SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519 = 7;
|
const uint16_t SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519 = 7;
|
||||||
|
// following signature type should never appear in netid=2
|
||||||
|
const uint16_t SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411 = 65280; // approved by FSB
|
||||||
|
|
||||||
typedef uint16_t SigningKeyType;
|
typedef uint16_t SigningKeyType;
|
||||||
typedef uint16_t CryptoKeyType;
|
typedef uint16_t CryptoKeyType;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user