2.50.2

Signed-off-by: r4sas <r4sas@i2pmail.org>

ChangeLog

@@ -1,6 +1,15 @@
 # for this file format description,
 # see https://github.com/olivierlacan/keep-a-changelog
 
+## [2.50.2] - 2024-01-06
+###Fixed
+- Crash with OpenSSL 3.2.0
+- False positive clock skew detection
+
+## [2.50.1] - 2023-12-23
+###Fixed
+- Support for new EdDSA usage behavior in OpenSSL 3.2.0
+
 ## [2.50.0] - 2023-12-18
 ### Added
 - Support of concurrent ACCEPTs on SAM 3.1

contrib/rpm/i2pd-git.spec

@@ -1,7 +1,7 @@
 %define git_hash %(git rev-parse HEAD | cut -c -7)
 
 Name:          i2pd-git
-Version:       2.50.0
+Version:       2.50.2
 Release:       git%{git_hash}%{?dist}
 Summary:       I2P router written in C++
 Conflicts:     i2pd
@@ -144,6 +144,12 @@ getent passwd i2pd >/dev/null || \
 
 
 %changelog
+* Sat Jan 06 2024 orignal <orignal@i2pmail.org> - 2.50.2
+- update to 2.50.2
+
+* Sat Dec 23 2023 r4sas <r4sas@i2pmail.org> - 2.50.1
+- update to 2.50.1
+
 * Mon Dec 18 2023 orignal <orignal@i2pmail.org> - 2.50.0
 - update to 2.50.0
 

contrib/rpm/i2pd.spec

@@ -1,5 +1,5 @@
 Name:          i2pd
-Version:       2.50.0
+Version:       2.50.2
 Release:       1%{?dist}
 Summary:       I2P router written in C++
 Conflicts:     i2pd-git
@@ -142,6 +142,12 @@ getent passwd i2pd >/dev/null || \
 
 
 %changelog
+* Sat Jan 06 2024 orignal <orignal@i2pmail.org> - 2.50.2
+- update to 2.50.2
+
+* Sat Dec 23 2023 r4sas <r4sas@i2pmail.org> - 2.50.1
+- update to 2.50.1
+
 * Mon Dec 18 2023 orignal <orignal@i2pmail.org> - 2.50.0
 - update to 2.50.0
 

debian/changelog

@@ -1,3 +1,15 @@
+i2pd (2.50.2) unstable; urgency=medium
+
+  * updated to version 2.50.2/0.9.61
+
+-- orignal <orignal@i2pmail.org>  Sat, 06 Jan 2024 16:00:00 +0000
+
+i2pd (2.50.1-1) unstable; urgency=medium
+
+  * updated to version 2.50.1/0.9.61
+
+ -- r4sas <r4sas@i2pmail.org>  Sat, 23 Dec 2023 18:30:00 +0000
+
 i2pd (2.50.0-1) unstable; urgency=medium
 
   * updated to version 2.50.0/0.9.61

libi2pd/NetDb.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -247,9 +247,10 @@ namespace data
 						m_Requests.RequestComplete (ident, r);
 						return r;
 					}
-					if (r->IsUnreachable ())
+					if (r->IsUnreachable () ||
+					    i2p::util::GetMillisecondsSinceEpoch () + NETDB_EXPIRATION_TIMEOUT_THRESHOLD*1000LL < r->GetTimestamp ())
 					{
-						// delete router as invalid after update
+						// delete router as invalid or from future after update
 						m_RouterInfos.erase (ident);
 						if (wasFloodfill)
 						{
@@ -1019,6 +1020,11 @@ namespace data
 		std::shared_ptr<I2NPMessage> replyMsg;
 		if (lookupType == DATABASE_LOOKUP_TYPE_EXPLORATORY_LOOKUP)
 		{
+			if (!context.IsFloodfill ())
+			{
+				LogPrint (eLogWarning, "NetDb: Exploratory lookup to non-floodfill dropped");
+				return;
+			}	
 			LogPrint (eLogInfo, "NetDb: Exploratory close to ", key, " ", numExcluded, " excluded");
 			std::set<IdentHash> excludedRouters;
 			const uint8_t * excluded_ident = excluded;
@@ -1044,6 +1050,7 @@ namespace data
 			if (lookupType == DATABASE_LOOKUP_TYPE_ROUTERINFO_LOOKUP ||
 				lookupType == DATABASE_LOOKUP_TYPE_NORMAL_LOOKUP)
 			{
+				// try to find router
 				auto router = FindRouter (ident);
 				if (router && !router->IsUnreachable ())
 				{
@@ -1056,17 +1063,26 @@ namespace data
 			if (!replyMsg && (lookupType == DATABASE_LOOKUP_TYPE_LEASESET_LOOKUP ||
 				lookupType == DATABASE_LOOKUP_TYPE_NORMAL_LOOKUP))
 			{
-				auto leaseSet = FindLeaseSet (ident);
-				if (!leaseSet)
+				// try to find leaseset
+				if (context.IsFloodfill ())
+				{	
+					auto leaseSet = FindLeaseSet (ident);
+					if (!leaseSet)
+					{
+						// no leaseset found
+						LogPrint(eLogDebug, "NetDb: Requested LeaseSet not found for ", ident.ToBase32());
+					}
+					else if (!leaseSet->IsExpired ()) // we don't send back expired leasesets
+					{
+						LogPrint (eLogDebug, "NetDb: Requested LeaseSet ", key, " found");
+						replyMsg = CreateDatabaseStoreMsg (ident, leaseSet);
+					}
+				}	
+				else if (lookupType == DATABASE_LOOKUP_TYPE_LEASESET_LOOKUP)
 				{
-					// no lease set found
-					LogPrint(eLogDebug, "NetDb: Requested LeaseSet not found for ", ident.ToBase32());
-				}
-				else if (!leaseSet->IsExpired ()) // we don't send back our LeaseSets
-				{
-					LogPrint (eLogDebug, "NetDb: Requested LeaseSet ", key, " found");
-					replyMsg = CreateDatabaseStoreMsg (ident, leaseSet);
-				}
+					LogPrint (eLogWarning, "NetDb: Explicit LeaseSet lookup to non-floodfill dropped");
+					return;
+				}	
 			}
 
 			if (!replyMsg)

libi2pd/SSU2.cpp

@@ -24,7 +24,8 @@ namespace transport
 		m_AddressV4 (boost::asio::ip::address_v4()), m_AddressV6 (boost::asio::ip::address_v6()),
 		m_TerminationTimer (GetService ()), m_CleanupTimer (GetService ()), m_ResendTimer (GetService ()),
 		m_IntroducersUpdateTimer (GetService ()), m_IntroducersUpdateTimerV6 (GetService ()),
-		m_IsPublished (true), m_IsSyncClockFromPeers (true), m_IsThroughProxy (false)
+		m_IsPublished (true), m_IsSyncClockFromPeers (true), m_PendingTimeOffset (0),
+		m_IsThroughProxy (false)
 	{
 	}
 
@@ -209,6 +210,29 @@ namespace transport
 		return ep.port ();
 	}
 
+	void SSU2Server::AdjustTimeOffset (int64_t offset)
+	{
+		if (offset)
+		{	
+			if (m_PendingTimeOffset) // one more
+			{	
+				if (std::abs (m_PendingTimeOffset - offset) < SSU2_CLOCK_SKEW)
+				{	
+					offset = (m_PendingTimeOffset + offset)/2; // average
+					LogPrint (eLogWarning, "SSU2: Clock adjusted by ", offset, " seconds");
+					i2p::util::AdjustTimeOffset (offset);
+				}	
+				else
+					LogPrint (eLogWarning, "SSU2: Time offsets are too different. Clock not adjusted");
+				m_PendingTimeOffset = 0;
+			}
+			else
+				m_PendingTimeOffset = offset; // first 
+		}	
+		else
+			m_PendingTimeOffset = 0; // reset
+	}	
+		
 	boost::asio::ip::udp::socket& SSU2Server::OpenSocket (const boost::asio::ip::udp::endpoint& localEndpoint)
 	{
 		boost::asio::ip::udp::socket& socket = localEndpoint.address ().is_v6 () ? m_SocketV6 : m_SocketV4;

libi2pd/SSU2.h

@@ -66,6 +66,7 @@ namespace transport
 			bool IsSupported (const boost::asio::ip::address& addr) const;
 			uint16_t GetPort (bool v4) const;
 			bool IsSyncClockFromPeers () const { return m_IsSyncClockFromPeers; };
+			void AdjustTimeOffset (int64_t offset);
 
 			void AddSession (std::shared_ptr<SSU2Session> session);
 			void RemoveSession (uint64_t connID);
@@ -161,6 +162,7 @@ namespace transport
 			std::shared_ptr<SSU2Session> m_LastSession;
 			bool m_IsPublished; // if we maintain introducers
 			bool m_IsSyncClockFromPeers;
+			int64_t m_PendingTimeOffset; // during peer test
 
 			// proxy
 			bool m_IsThroughProxy;

libi2pd/SSU2Session.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2022-2023, The PurpleI2P Project
+* Copyright (c) 2022-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -1668,10 +1668,12 @@ namespace transport
 					if (m_Server.IsSyncClockFromPeers ())
 					{
 						if (std::abs (offset) > SSU2_CLOCK_THRESHOLD)
-						{
-							LogPrint (eLogWarning, "SSU2: Clock adjusted by ", -offset, " seconds");
-							i2p::util::AdjustTimeOffset (-offset);
-						}
+						{	
+							LogPrint (eLogWarning, "SSU2: Time offset ", offset, " from ", m_RemoteEndpoint);
+							m_Server.AdjustTimeOffset (-offset);
+						}	
+						else
+							m_Server.AdjustTimeOffset (0);
 					}
 					else if (std::abs (offset) > SSU2_CLOCK_SKEW)
 					{
@@ -2481,6 +2483,8 @@ namespace transport
 			else if (m_Address->IsV6 ())
 				i2p::context.SetTestingV6 (testing);
 		}
+		if (!testing)
+			m_Server.AdjustTimeOffset (0); // reset time offset when testing is over
 	}
 
 	size_t SSU2Session::CreateAddressBlock (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& ep)

libi2pd/Signature.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2021, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -15,26 +15,35 @@ namespace i2p
 namespace crypto
 {
 #if OPENSSL_EDDSA
-	EDDSA25519Verifier::EDDSA25519Verifier ()
+	EDDSA25519Verifier::EDDSA25519Verifier ():
+		m_Pkey (nullptr)
 	{
-		m_MDCtx = EVP_MD_CTX_create ();
 	}
 
 	EDDSA25519Verifier::~EDDSA25519Verifier ()
 	{
-		EVP_MD_CTX_destroy (m_MDCtx);
+		EVP_PKEY_free (m_Pkey);
 	}
 
 	void EDDSA25519Verifier::SetPublicKey (const uint8_t * signingKey)
 	{
-		EVP_PKEY * pkey = EVP_PKEY_new_raw_public_key (EVP_PKEY_ED25519, NULL, signingKey, 32);
-		EVP_DigestVerifyInit (m_MDCtx, NULL, NULL, NULL, pkey);
-		EVP_PKEY_free (pkey);
+		if (m_Pkey) EVP_PKEY_free (m_Pkey);
+		m_Pkey = EVP_PKEY_new_raw_public_key (EVP_PKEY_ED25519, NULL, signingKey, 32);
 	}
 
 	bool EDDSA25519Verifier::Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const
 	{
-		return EVP_DigestVerify (m_MDCtx, signature, 64, buf, len);
+		if (m_Pkey)
+		{	
+			EVP_MD_CTX * ctx = EVP_MD_CTX_create ();
+			EVP_DigestVerifyInit (ctx, NULL, NULL, NULL, m_Pkey);
+			auto ret = EVP_DigestVerify (ctx, signature, 64, buf, len);
+			EVP_MD_CTX_destroy (ctx);	
+			return ret;	
+		}	
+		else
+			LogPrint (eLogError, "EdDSA verification key is not set");
+		return false;
 	}
 
 #else
@@ -99,41 +108,45 @@ namespace crypto
 
 #if OPENSSL_EDDSA
 	EDDSA25519Signer::EDDSA25519Signer (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey):
-		m_MDCtx (nullptr), m_Fallback (nullptr)
+		m_Pkey (nullptr), m_Fallback (nullptr)
 	{
-		EVP_PKEY * pkey = EVP_PKEY_new_raw_private_key (EVP_PKEY_ED25519, NULL, signingPrivateKey, 32);
+		m_Pkey = EVP_PKEY_new_raw_private_key (EVP_PKEY_ED25519, NULL, signingPrivateKey, 32);
 		uint8_t publicKey[EDDSA25519_PUBLIC_KEY_LENGTH];
 		size_t len = EDDSA25519_PUBLIC_KEY_LENGTH;
-		EVP_PKEY_get_raw_public_key (pkey, publicKey, &len);
+		EVP_PKEY_get_raw_public_key (m_Pkey, publicKey, &len);
 		if (signingPublicKey && memcmp (publicKey, signingPublicKey, EDDSA25519_PUBLIC_KEY_LENGTH))
 		{
 			LogPrint (eLogWarning, "EdDSA public key mismatch. Fallback");
 			m_Fallback = new EDDSA25519SignerCompat (signingPrivateKey, signingPublicKey);
+			EVP_PKEY_free (m_Pkey);
+			m_Pkey = nullptr;
 		}
-		else
-		{
-			m_MDCtx = EVP_MD_CTX_create ();
-			EVP_DigestSignInit (m_MDCtx, NULL, NULL, NULL, pkey);
-		}
-		EVP_PKEY_free (pkey);
 	}
 
 	EDDSA25519Signer::~EDDSA25519Signer ()
 	{
 		if (m_Fallback) delete m_Fallback;
-		EVP_MD_CTX_destroy (m_MDCtx);
+		if (m_Pkey) EVP_PKEY_free (m_Pkey);
 	}
 
 	void EDDSA25519Signer::Sign (const uint8_t * buf, int len, uint8_t * signature) const
 	{
-		if (m_Fallback) return m_Fallback->Sign (buf, len, signature);
-		else
+		if (m_Fallback) 
+			return m_Fallback->Sign (buf, len, signature);
+		else if (m_Pkey)
 		{
+				
+			EVP_MD_CTX * ctx = EVP_MD_CTX_create ();
 			size_t l = 64;
 			uint8_t sig[64]; // temporary buffer for signature. openssl issue #7232
-			EVP_DigestSign (m_MDCtx, sig, &l, buf, len);
+			EVP_DigestSignInit (ctx, NULL, NULL, NULL, m_Pkey);
+			if (!EVP_DigestSign (ctx, sig, &l, buf, len))
+				LogPrint (eLogError, "EdDSA signing failed");
 			memcpy (signature, sig, 64);
+			EVP_MD_CTX_destroy (ctx);
 		}
+		else
+			LogPrint (eLogError, "EdDSA signing key is not set");
 	}
 #endif
 }

libi2pd/Signature.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2021, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -304,7 +304,7 @@ namespace crypto
 		private:
 
 #if OPENSSL_EDDSA
-			EVP_MD_CTX * m_MDCtx;
+			EVP_PKEY * m_Pkey;
 #else
 			EDDSAPoint m_PublicKey;
 			uint8_t m_PublicKeyEncoded[EDDSA25519_PUBLIC_KEY_LENGTH];
@@ -341,7 +341,7 @@ namespace crypto
 
 		private:
 
-			EVP_MD_CTX * m_MDCtx;
+			EVP_PKEY * m_Pkey;
 			EDDSA25519SignerCompat * m_Fallback;
 	};
 #else

libi2pd/version.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -19,7 +19,7 @@
 
 #define I2PD_VERSION_MAJOR 2
 #define I2PD_VERSION_MINOR 50
-#define I2PD_VERSION_MICRO 0
+#define I2PD_VERSION_MICRO 2
 #define I2PD_VERSION_PATCH 0
 #ifdef GITVER
 	#define I2PD_VERSION XSTRINGIZE(GITVER)

tests/CMakeLists.txt

@@ -65,6 +65,10 @@ SET(test-elligator_SRCS
   test-elligator.cpp
 )
 
+set(test-eddsa_SRCS
+  test-eddsa.cpp
+)
+
 add_executable(test-http-merge_chunked ${test-http-merge_chunked_SRCS})
 add_executable(test-http-req ${test-http-req_SRCS})
 add_executable(test-http-res ${test-http-res_SRCS})
@@ -77,6 +81,7 @@ add_executable(test-x25519 ${test-x25519_SRCS})
 add_executable(test-aeadchacha20poly1305 ${test-aeadchacha20poly1305_SRCS})
 add_executable(test-blinding ${test-blinding_SRCS})
 add_executable(test-elligator ${test-elligator_SRCS})
+add_executable(test-eddsa ${test-eddsa_SRCS})
 
 set(LIBS
   libi2pd
@@ -101,6 +106,7 @@ target_link_libraries(test-x25519 ${LIBS})
 target_link_libraries(test-aeadchacha20poly1305 ${LIBS})
 target_link_libraries(test-blinding ${LIBS})
 target_link_libraries(test-elligator ${LIBS})
+target_link_libraries(test-eddsa ${LIBS})
 
 add_test(test-http-merge_chunked ${TEST_PATH}/test-http-merge_chunked)
 add_test(test-http-req ${TEST_PATH}/test-http-req)
@@ -114,3 +120,4 @@ add_test(test-x25519 ${TEST_PATH}/test-x25519)
 add_test(test-aeadchacha20poly1305 ${TEST_PATH}/test-aeadchacha20poly1305)
 add_test(test-blinding ${TEST_PATH}/test-blinding)
 add_test(test-elligator ${TEST_PATH}/test-elligator)
+add_test(test-eddsa ${TEST_PATH}/test-eddsa)

tests/Makefile

@@ -7,7 +7,8 @@ LIBI2PD = ../libi2pd.a
 
 TESTS = \
 	test-http-merge_chunked test-http-req test-http-res test-http-url test-http-url_decode \
-	test-gost test-gost-sig test-base-64 test-x25519 test-aeadchacha20poly1305 test-blinding test-elligator
+	test-gost test-gost-sig test-base-64 test-x25519 test-aeadchacha20poly1305 test-blinding \
+	test-elligator test-eddsa 
 
 ifneq (, $(findstring mingw, $(SYS))$(findstring windows-gnu, $(SYS))$(findstring cygwin, $(SYS)))
 	CXXFLAGS += -DWIN32_LEAN_AND_MEAN
@@ -55,6 +56,9 @@ test-blinding: test-blinding.cpp $(LIBI2PD)
 test-elligator: test-elligator.cpp $(LIBI2PD)
 	 $(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) $(LDFLAGS) -o $@ $^ $(LDLIBS)
 
+test-eddsa: test-eddsa.cpp $(LIBI2PD)
+	$(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) $(LDFLAGS) -o $@ $^ $(LDLIBS)
+
 run: $(TESTS)
 	@for TEST in $(TESTS); do echo Running $$TEST; ./$$TEST ; done
 

tests/test-eddsa.cpp

@@ -0,0 +1,68 @@
+#include <cassert>
+#include <inttypes.h>
+#include <string.h>
+
+#include "Signature.h"
+
+// TEST 1024 from RFC-8032
+
+int main ()
+{
+	uint8_t key[32], pub[32], msg[1024], sig[64];
+	BIGNUM * input = BN_new();
+	BN_hex2bn(&input, "f5e5767cf153319517630f226876b86c8160cc583bc013744c6bf255f5cc0ee5");
+	BN_bn2bin(input, key);
+	BN_hex2bn(&input, 
+	"08b8b2b733424243760fe426a4b54908632110a66c2f6591eabd3345e3e4eb98"
+    "fa6e264bf09efe12ee50f8f54e9f77b1e355f6c50544e23fb1433ddf73be84d8"
+    "79de7c0046dc4996d9e773f4bc9efe5738829adb26c81b37c93a1b270b20329d"
+    "658675fc6ea534e0810a4432826bf58c941efb65d57a338bbd2e26640f89ffbc"
+    "1a858efcb8550ee3a5e1998bd177e93a7363c344fe6b199ee5d02e82d522c4fe"
+    "ba15452f80288a821a579116ec6dad2b3b310da903401aa62100ab5d1a36553e"
+	"06203b33890cc9b832f79ef80560ccb9a39ce767967ed628c6ad573cb116dbef"
+    "efd75499da96bd68a8a97b928a8bbc103b6621fcde2beca1231d206be6cd9ec7"
+    "aff6f6c94fcd7204ed3455c68c83f4a41da4af2b74ef5c53f1d8ac70bdcb7ed1"
+    "85ce81bd84359d44254d95629e9855a94a7c1958d1f8ada5d0532ed8a5aa3fb2"
+    "d17ba70eb6248e594e1a2297acbbb39d502f1a8c6eb6f1ce22b3de1a1f40cc24"
+    "554119a831a9aad6079cad88425de6bde1a9187ebb6092cf67bf2b13fd65f270"
+    "88d78b7e883c8759d2c4f5c65adb7553878ad575f9fad878e80a0c9ba63bcbcc"
+    "2732e69485bbc9c90bfbd62481d9089beccf80cfe2df16a2cf65bd92dd597b07"
+    "07e0917af48bbb75fed413d238f5555a7a569d80c3414a8d0859dc65a46128ba"
+    "b27af87a71314f318c782b23ebfe808b82b0ce26401d2e22f04d83d1255dc51a"
+    "ddd3b75a2b1ae0784504df543af8969be3ea7082ff7fc9888c144da2af58429e"
+    "c96031dbcad3dad9af0dcbaaaf268cb8fcffead94f3c7ca495e056a9b47acdb7"
+    "51fb73e666c6c655ade8297297d07ad1ba5e43f1bca32301651339e22904cc8c"
+    "42f58c30c04aafdb038dda0847dd988dcda6f3bfd15c4b4c4525004aa06eeff8"
+    "ca61783aacec57fb3d1f92b0fe2fd1a85f6724517b65e614ad6808d6f6ee34df"
+    "f7310fdc82aebfd904b01e1dc54b2927094b2db68d6f903b68401adebf5a7e08"
+    "d78ff4ef5d63653a65040cf9bfd4aca7984a74d37145986780fc0b16ac451649"
+    "de6188a7dbdf191f64b5fc5e2ab47b57f7f7276cd419c17a3ca8e1b939ae49e4"
+    "88acba6b965610b5480109c8b17b80e1b7b750dfc7598d5d5011fd2dcc5600a3"
+    "2ef5b52a1ecc820e308aa342721aac0943bf6686b64b2579376504ccc493d97e"
+    "6aed3fb0f9cd71a43dd497f01f17c0e2cb3797aa2a2f256656168e6c496afc5f"
+    "b93246f6b1116398a346f1a641f3b041e989f7914f90cc2c7fff357876e506b5"
+    "0d334ba77c225bc307ba537152f3f1610e4eafe595f6d9d90d11faa933a15ef1"
+    "369546868a7f3a45a96768d40fd9d03412c091c6315cf4fde7cb68606937380d"
+	"b2eaaa707b4c4185c32eddcdd306705e4dc1ffc872eeee475a64dfac86aba41c"
+    "0618983f8741c5ef68d3a101e8a3b8cac60c905c15fc910840b94c00a0b9d0"
+	);
+	BN_bn2bin(input, msg);
+	BN_hex2bn(&input, 
+	"0aab4c900501b3e24d7cdf4663326a3a87df5e4843b2cbdb67cbf6e460fec350"
+   	"aa5371b1508f9f4528ecea23c436d94b5e8fcd4f681e30a6ac00a9704a188a03");
+	BN_bn2bin(input, sig);
+	BN_hex2bn(&input, 
+	"278117fc144c72340f67d0f2316e8386ceffbf2b2428c9c51fef7c597f1d426e");
+	BN_bn2bin(input, pub);
+	
+	uint8_t s[64];	
+	i2p::crypto::EDDSA25519Signer signer (key);
+	signer.Sign (msg, 1023, s);
+#if OPENSSL_EDDSA
+    assert(memcmp (s, sig, 64) == 0);
+#endif
+	
+	i2p::crypto::EDDSA25519Verifier verifier;
+	verifier.SetPublicKey (pub);
+	assert(verifier.Verify (msg, 1023, s));
+}