enable GOST R 34.10 signatures from netid!=2

This commit is contained in:
orignal 2017-02-19 18:08:10 -05:00
parent 1cb89ce20d
commit 83b9b3bf4a
4 changed files with 25 additions and 0 deletions

View File

@ -837,6 +837,7 @@ namespace crypto
g_Gost3411 = ENGINE_get_digest(g_GostEngine, NID_id_GostR3411_94); g_Gost3411 = ENGINE_get_digest(g_GostEngine, NID_id_GostR3411_94);
auto ctx = EVP_PKEY_CTX_new_id(NID_id_GostR3410_2001, g_GostEngine); auto ctx = EVP_PKEY_CTX_new_id(NID_id_GostR3410_2001, g_GostEngine);
if (!ctx) return false;
EVP_PKEY_keygen_init (ctx); EVP_PKEY_keygen_init (ctx);
EVP_PKEY_CTX_ctrl_str (ctx, "paramset", "A"); // possible values 'A', 'B', 'C', 'XA', 'XB' EVP_PKEY_CTX_ctrl_str (ctx, "paramset", "A"); // possible values 'A', 'B', 'C', 'XA', 'XB'
EVP_PKEY_keygen (ctx, &g_GostPKEY); // it seems only way to fill with correct params EVP_PKEY_keygen (ctx, &g_GostPKEY); // it seems only way to fill with correct params

View File

@ -122,6 +122,7 @@ namespace i2p
i2p::crypto::InitCrypto (precomputation); i2p::crypto::InitCrypto (precomputation);
int netID; i2p::config::GetOption("netid", netID); int netID; i2p::config::GetOption("netid", netID);
if (netID != 2) i2p::crypto::InitGost () // init GOST for own darknet
i2p::context.SetNetID (netID); i2p::context.SetNetID (netID);
i2p::context.Init (); i2p::context.Init ();
@ -349,6 +350,7 @@ namespace i2p
d.m_WebsocketServer = nullptr; d.m_WebsocketServer = nullptr;
} }
#endif #endif
if (i2p::context.GetNetID () != 2) i2p::crypto::TerminateGost ();
i2p::crypto::TerminateCrypto (); i2p::crypto::TerminateCrypto ();
i2p::log::Logger().Stop(); i2p::log::Logger().Stop();

View File

@ -102,6 +102,13 @@ namespace data
memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH); memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH);
break; break;
} }
case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411:
{
size_t padding = 128 - i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH; // 64 = 128 - 64
RAND_bytes (m_StandardIdentity.signingKey, padding);
memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH);
break;
}
default: default:
LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported"); LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported");
} }
@ -370,6 +377,12 @@ namespace data
UpdateVerifier (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding)); UpdateVerifier (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding));
break; break;
} }
case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411:
{
size_t padding = 128 - i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH; // 64 = 128 - 64
UpdateVerifier (new i2p::crypto::GOSTR3410Verifier (m_StandardIdentity.signingKey + padding));
break;
}
default: default:
LogPrint (eLogError, "Identity: Signing key type ", (int)keyType, " is not supported"); LogPrint (eLogError, "Identity: Signing key type ", (int)keyType, " is not supported");
} }
@ -511,6 +524,9 @@ namespace data
case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
m_Signer.reset (new i2p::crypto::EDDSA25519Signer (m_SigningPrivateKey, m_Public->GetStandardIdentity ().certificate - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH)); m_Signer.reset (new i2p::crypto::EDDSA25519Signer (m_SigningPrivateKey, m_Public->GetStandardIdentity ().certificate - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH));
break; break;
case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411:
m_Signer.reset (new i2p::crypto::GOSTR3410Signer (m_SigningPrivateKey));
break;
default: default:
LogPrint (eLogError, "Identity: Signing key type ", (int)m_Public->GetSigningKeyType (), " is not supported"); LogPrint (eLogError, "Identity: Signing key type ", (int)m_Public->GetSigningKeyType (), " is not supported");
} }
@ -546,6 +562,9 @@ namespace data
case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
i2p::crypto::CreateEDDSA25519RandomKeys (keys.m_SigningPrivateKey, signingPublicKey); i2p::crypto::CreateEDDSA25519RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);
break; break;
case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411:
i2p::crypto::CreateGOSTR3410RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);
break;
default: default:
LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported. Create DSA-SHA1"); LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported. Create DSA-SHA1");
return PrivateKeys (i2p::data::CreateRandomKeys ()); // DSA-SHA1 return PrivateKeys (i2p::data::CreateRandomKeys ()); // DSA-SHA1

View File

@ -60,6 +60,9 @@ namespace data
const uint16_t SIGNING_KEY_TYPE_RSA_SHA384_3072 = 5; const uint16_t SIGNING_KEY_TYPE_RSA_SHA384_3072 = 5;
const uint16_t SIGNING_KEY_TYPE_RSA_SHA512_4096 = 6; const uint16_t SIGNING_KEY_TYPE_RSA_SHA512_4096 = 6;
const uint16_t SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519 = 7; const uint16_t SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519 = 7;
// following signature type should never appear in netid=2
const uint16_t SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411 = 65280; // approved by FSB
typedef uint16_t SigningKeyType; typedef uint16_t SigningKeyType;
typedef uint16_t CryptoKeyType; typedef uint16_t CryptoKeyType;