some

Author: Anton-Dodonov

CHANGELOG.md

@@ -0,0 +1,51 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+### Added
+- Comprehensive samples directory with organized examples
+- Certificate generation scripts for GOST, SM2, and standard algorithms
+- Protocol configuration examples for VMess and VLESS
+- Server startup scripts for different certificate types
+- Detailed README.md with usage examples and troubleshooting
+
+### Changed
+- Simplified samples directory structure to single level
+- Consolidated all files into main samples directory
+- Removed excessive subdirectories and redundant README files
+- Streamlined documentation with single comprehensive README.md
+
+### Removed
+- Complex nested directory structure
+- Multiple redundant README files
+- Empty subdirectories
+- Over-engineered organization
+
+## File Structure
+
+### Simplified Organization
+```
+samples/
+├── README.md                    # Comprehensive documentation
+├── make_cert_*.sh              # Certificate generation scripts
+├── vmess_*.json                # VMess protocol configurations
+├── vless_*.json                # VLESS protocol configurations
+└── run_*.sh                    # Server startup scripts
+```
+
+### Features
+- **Certificate Generation**: Scripts for SM2, GOST2012_256, and GOST2012_512 certificates
+- **Protocol Examples**: Complete VMess and VLESS configurations with various certificate types
+- **Server Scripts**: Ready-to-use startup scripts for different configurations
+- **Documentation**: Single comprehensive README with examples and troubleshooting
+
+### Security Improvements
+- Proper file permissions for certificate scripts
+- Secure certificate generation practices
+- Best practices documentation for production use
+- Clear security warnings and guidelines 

common/crypto/gost/gost_x509.go

@@ -12,14 +12,8 @@ import (
 	"github.com/pedroalbanese/gogost/gost3410"
 )
 
-// GOST signature algorithm constants
-const (
-	GOST256 = 0x0601 // GOST R 34.10-2012 256-bit
-	GOST512 = 0x0602 // GOST R 34.10-2012 512-bit
-)
-
 // GenerateGOSTSelfSignedCert создает самоподписанный X.509 сертификат GOST2012 (256 или 512)
-func GenerateGOSTSelfSignedCert(curve *gost3410.Curve, sigAlg x509.SignatureAlgorithm, cn string, expireDays int) ([]byte, []byte, error) {
+func GenerateGOSTSelfSignedCert(curve *gost3410.Curve, cn string, expireDays int) ([]byte, []byte, error) {
 	fmt.Printf("DEBUG: Starting GenerateGOSTSelfSignedCert\n")
 
 	prvRaw := make([]byte, curve.PointSize())
@@ -43,34 +37,26 @@ func GenerateGOSTSelfSignedCert(curve *gost3410.Curve, sigAlg x509.SignatureAlgo
 	notAfter := notBefore.Add(time.Duration(expireDays) * 24 * time.Hour)
 	serial := big.NewInt(time.Now().UnixNano())
 
-	// Create certificate template with proper GOST structure
+	// Determine the correct signature algorithm based on curve size
+	var signatureAlgorithm x509.SignatureAlgorithm
+	if curve.PointSize() == 32 {
+		signatureAlgorithm = x509.GOST256
+	} else {
+		signatureAlgorithm = x509.GOST512
+	}
+	
 	template := x509.Certificate{
 		SerialNumber:       serial,
 		NotBefore:          notBefore,
 		NotAfter:           notAfter,
-		SignatureAlgorithm: sigAlg,
-		Subject:            pkix.Name{
-			Country:      []string{"RU"},
-			Province:     []string{"Krasnoyarsk"},
-			Locality:     []string{"Krasnoyarsk"},
-			Organization: []string{"Dolboyob Research"},
-			OrganizationalUnit: []string{"testing"},
-			CommonName:   cn,
-		},
-		Issuer: pkix.Name{
-			Country:      []string{"RU"},
-			Province:     []string{"Krasnoyarsk"},
-			Locality:     []string{"Krasnoyarsk"},
-			Organization: []string{"Dolboyob Research"},
-			OrganizationalUnit: []string{"testing"},
-			CommonName:   cn,
-		},
+		SignatureAlgorithm: signatureAlgorithm,
+		Subject:            pkix.Name{CommonName: cn},
 		KeyUsage:           x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
 		BasicConstraintsValid: true,
 		IsCA: false,
 	}
 
-	fmt.Printf("DEBUG: About to call CreateCertificate\n")
+	fmt.Printf("DEBUG: About to call CreateCertificate with signature algorithm: %d\n", signatureAlgorithm)
 	certDER, err := x509.CreateCertificate(
 		rand.Reader,
 		&template, &template, pub,
@@ -111,11 +97,20 @@ func GenerateGOSTCAChildCert(curve *gost3410.Curve, sigAlg x509.SignatureAlgorit
 	notBefore := time.Now()
 	notAfter := notBefore.Add(time.Duration(expireDays) * 24 * time.Hour)
 	serial := big.NewInt(time.Now().UnixNano())
+	
+	// Determine the correct signature algorithm based on curve size
+	var signatureAlgorithm x509.SignatureAlgorithm
+	if curve.PointSize() == 32 {
+		signatureAlgorithm = x509.GOST256
+	} else {
+		signatureAlgorithm = x509.GOST512
+	}
+	
 	template := x509.Certificate{
 		SerialNumber:       serial,
 		NotBefore:          notBefore,
 		NotAfter:           notAfter,
-		SignatureAlgorithm: sigAlg,
+		SignatureAlgorithm: signatureAlgorithm,
 		Subject:            pkix.Name{CommonName: cn},
 		KeyUsage:           x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
 		BasicConstraintsValid: true,

common/crypto/sm2/sm2.go

@@ -64,10 +64,15 @@ func GenerateCertificate(privKey *sm2.PrivateKey, domain string, isCA bool, expi
 		Bytes: certDER,
 	})
 
-	// Encode private key
+	// Encode private key in PKCS8 format for better compatibility
+	privKeyBytes, err := sm2x509.MarshalSm2UnecryptedPrivateKey(privKey)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to marshal SM2 private key: %w", err)
+	}
+
 	privKeyPEM := pem.EncodeToMemory(&pem.Block{
 		Type:  "PRIVATE KEY",
-		Bytes: privKey.D.Bytes(),
+		Bytes: privKeyBytes,
 	})
 
 	return certPEM, privKeyPEM, nil