From 0cf662c8f6a1a64a40de257e93a70adf37f3e27306ed5eaf460cb403cde5250f Mon Sep 17 00:00:00 2001 From: Sergey Matveev Date: Mon, 14 Oct 2024 20:26:19 +0300 Subject: [PATCH] Proper 34.10 signature is R||S --- gyac/yacpki/cer.go | 4 +++- gyac/yacpki/signed-data.go | 4 ++-- spec/format/signed-data.texi | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/gyac/yacpki/cer.go b/gyac/yacpki/cer.go index c3675c8..1c83c08 100644 --- a/gyac/yacpki/cer.go +++ b/gyac/yacpki/cer.go @@ -141,8 +141,10 @@ func (cer *CerLoad) CheckSignature(signed, signature []byte) (err error) { } hasher := HasherByKeyAlgo(pub.A) utils.MustWrite(hasher, signed) + hsh := hasher.Sum(nil) var valid bool - valid, err = pk.VerifyDigest(hasher.Sum(nil), signature) + valid, err = pk.VerifyDigest(hsh, + append(signature[len(signature)/2:], signature[:len(signature)/2]...)) if !valid { err = ErrSigInvalid } diff --git a/gyac/yacpki/signed-data.go b/gyac/yacpki/signed-data.go index 7a69ff5..ce6f7f8 100644 --- a/gyac/yacpki/signed-data.go +++ b/gyac/yacpki/signed-data.go @@ -133,8 +133,8 @@ func (sd *SignedData) SignWith(parent *CerLoad, prv crypto.Signer, sigTBS SigTBS hasher := HasherByKeyAlgo(parent.Pub[0].A) utils.MustWrite(hasher, gyac.EncodeItem(nil, gyac.ItemFromGo(sdTBS))) sig.Sign.A = parent.Pub[0].A - var err error - sig.Sign.V, err = prv.Sign(rand.Reader, hasher.Sum(nil), nil) + s, err := prv.Sign(rand.Reader, hasher.Sum(nil), nil) + sig.Sign.V = append(s[len(s)/2:], s[:len(s)/2]...) if err != nil { return err } diff --git a/spec/format/signed-data.texi b/spec/format/signed-data.texi index e5de446..f9f52d9 100644 --- a/spec/format/signed-data.texi +++ b/spec/format/signed-data.texi @@ -35,7 +35,7 @@ help creating the whole verification chain. They are placed outside GOST R 34.10-2012 must be used with Streebog (GOST R 34.11-2012) hash function. Its digest must be big-endian serialised. Public key must be -in @code{BE(X)||BE(Y)} format. Signature is in @code{BE(S)||BE(R)} +in @code{BE(X)||BE(Y)} format. Signature is in @code{BE(R)||BE(S)} format. Following algorithm identifiers are acceptable for the hash: -- 2.50.0