Fix GOST signature algorithms for DNSSEC validation.

Use CryptoPro version of the hash function. Handle the little-endian wire format of key data. Get the wire order of S and R correct. Note that Nettle version 3.6 or later is required for GOST support. Signed-off-by: DL6ER <[email protected]>
pi-hole · Nov 16, 2022 · b6e61c2 · b6e61c2
1 parent c030b2d
commit b6e61c2
Showing 1 changed file with 9 additions and 7 deletions.
diff --git a/src/dnsmasq/crypto.c b/src/dnsmasq/crypto.c
@@ -309,14 +309,14 @@ static int dnsmasq_gostdsa_verify(struct blockdata *key_data, unsigned int key_l
       mpz_init(y);
     }
 
-  mpz_import(x, 32 , 1, 1, 0, 0, p);
-  mpz_import(y, 32 , 1, 1, 0, 0, p + 32);
+  mpz_import(x, 32, -1, 1, 0, 0, p);
+  mpz_import(y, 32, -1, 1, 0, 0, p + 32);
 
   if (!ecc_point_set(gost_key, x, y))
-    return 0;
+    return 0; 
 
-  mpz_import(sig_struct->r, 32, 1, 1, 0, 0, sig);
-  mpz_import(sig_struct->s, 32, 1, 1, 0, 0, sig + 32);
+  mpz_import(sig_struct->s, 32, 1, 1, 0, 0, sig);
+  mpz_import(sig_struct->r, 32, 1, 1, 0, 0, sig + 32);
 
   return nettle_gostdsa_verify(gost_key, digest_len, digest, sig_struct);
 }
@@ -430,7 +430,9 @@ char *ds_digest_name(int digest)
     {
     case 1: return "sha1";
     case 2: return "sha256";
-    case 3: return "gosthash94";
+#if MIN_VERSION(3, 6)
+    case 3: return "gosthash94cp";
+#endif
     case 4: return "sha384";
     default: return NULL;
     }
@@ -450,7 +452,7 @@ char *algo_digest_name(int algo)
     case 8: return "sha256";      /* RSA/SHA-256 */
     case 10: return "sha512";     /* RSA/SHA-512 */
 #if MIN_VERSION(3, 6)
-    case 12: return "gosthash94"; /* ECC-GOST */
+    case 12: return "gosthash94cp"; /* ECC-GOST */
 #endif
     case 13: return "sha256";     /* ECDSAP256SHA256 */
     case 14: return "sha384";     /* ECDSAP384SHA384 */