From: Sergey Matveev Date: Mon, 14 Oct 2024 17:26:19 +0000 (+0300) Subject: Proper 34.10 signature is R||S X-Git-Tag: v0.0.0~344 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=0cf662c8f6a1a64a40de257e93a70adf37f3e27306ed5eaf460cb403cde5250f;p=keks.git Proper 34.10 signature is R||S --- diff --git a/gyac/yacpki/cer.go b/gyac/yacpki/cer.go index c3675c8..1c83c08 100644 --- a/gyac/yacpki/cer.go +++ b/gyac/yacpki/cer.go @@ -141,8 +141,10 @@ func (cer *CerLoad) CheckSignature(signed, signature []byte) (err error) { } hasher := HasherByKeyAlgo(pub.A) utils.MustWrite(hasher, signed) + hsh := hasher.Sum(nil) var valid bool - valid, err = pk.VerifyDigest(hasher.Sum(nil), signature) + valid, err = pk.VerifyDigest(hsh, + append(signature[len(signature)/2:], signature[:len(signature)/2]...)) if !valid { err = ErrSigInvalid } diff --git a/gyac/yacpki/signed-data.go b/gyac/yacpki/signed-data.go index 7a69ff5..ce6f7f8 100644 --- a/gyac/yacpki/signed-data.go +++ b/gyac/yacpki/signed-data.go @@ -133,8 +133,8 @@ func (sd *SignedData) SignWith(parent *CerLoad, prv crypto.Signer, sigTBS SigTBS hasher := HasherByKeyAlgo(parent.Pub[0].A) utils.MustWrite(hasher, gyac.EncodeItem(nil, gyac.ItemFromGo(sdTBS))) sig.Sign.A = parent.Pub[0].A - var err error - sig.Sign.V, err = prv.Sign(rand.Reader, hasher.Sum(nil), nil) + s, err := prv.Sign(rand.Reader, hasher.Sum(nil), nil) + sig.Sign.V = append(s[len(s)/2:], s[:len(s)/2]...) if err != nil { return err } diff --git a/spec/format/signed-data.texi b/spec/format/signed-data.texi index e5de446..f9f52d9 100644 --- a/spec/format/signed-data.texi +++ b/spec/format/signed-data.texi @@ -35,7 +35,7 @@ help creating the whole verification chain. They are placed outside GOST R 34.10-2012 must be used with Streebog (GOST R 34.11-2012) hash function. Its digest must be big-endian serialised. Public key must be -in @code{BE(X)||BE(Y)} format. Signature is in @code{BE(S)||BE(R)} +in @code{BE(X)||BE(Y)} format. Signature is in @code{BE(R)||BE(S)} format. Following algorithm identifiers are acceptable for the hash: