DragonX/hush3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ECDSA certificate generation

Browse Source
This commit is contained in:
miodragpop
2020-10-27 13:45:55 +01:00
parent eaed7355c6
commit 6aac6ed3d7
2 changed files with 25 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
src/hush/utiltls.cpp
View File

@@ -105,35 +105,27 @@ static EVP_PKEY* GenerateRsaKey(int bits, BN_ULONG uPublicKey)
// Generates EC keypair
//
static EVP_PKEY* GenerateEcKey(int bits, BN_ULONG uPublicKey)
static EVP_PKEY* GenerateEcKey(int nid = NID_X9_62_prime256v1)
{
EVP_PKEY *evpPrivKey = NULL;
BIGNUM *pubKey = BN_new();
if (pubKey)
EC_KEY *privKey = EC_KEY_new_by_curve_name(nid);
if (privKey)
{
if (BN_set_word(pubKey, uPublicKey))
EC_KEY_set_asn1_flag(privKey, OPENSSL_EC_NAMED_CURVE);
if (EC_KEY_generate_key(privKey))
{
EC_KEY *privKey = EC_KEY_new_by_curve_name(NID_secp256k1);
if (privKey)
if ((evpPrivKey = EVP_PKEY_new()))
{
if (EC_KEY_generate_key(privKey))
if (!EVP_PKEY_assign_EC_KEY(evpPrivKey, privKey))
{
if ((evpPrivKey = EVP_PKEY_new()))
{
if (!EVP_PKEY_assign_EC_KEY(evpPrivKey, privKey))
{
EVP_PKEY_free(evpPrivKey);
evpPrivKey = NULL;
}
}
EVP_PKEY_free(evpPrivKey);
evpPrivKey = NULL;
}
if(!evpPrivKey)
EC_KEY_free(privKey);
}
}
BN_free(pubKey);
if(!evpPrivKey)
EC_KEY_free(privKey);
}
return evpPrivKey;
@@ -349,6 +341,7 @@ static bool CheckCredentials(EVP_PKEY *key, X509 *cert)
bIsOk = (EC_KEY_check_key(eccKey) == 1);
EC_KEY_free(eccKey);
}
break;
}
// Currently only RSA & EC keys are supported.
// Other key types can be added here in further.
@@ -408,7 +401,9 @@ bool GenerateCredentials(
// Generating RSA key and the self-signed certificate for it
//
key = GenerateRsaKey(TLS_RSA_KEY_SIZE, RSA_F4);
//key = GenerateRsaKey(TLS_RSA_KEY_SIZE, RSA_F4);
//key = GenerateEcKey(NID_secp256k1);
key = GenerateEcKey();
if (key)
{
cert = GenerateCertificate(key);

16
src/net.cpp
View File

@@ -70,10 +70,10 @@ using namespace hush;
#define USE_TLS
#if defined(USE_TLS) && !defined(TLS1_2_VERSION)
// minimum secure protocol is 1.2
// TLS1_2_VERSION is defined in openssl/tls1.h
#error "ERROR: Your OpenSSL version does not support TLS v1.2"
#if defined(USE_TLS) && !defined(TLS1_3_VERSION)
// minimum secure protocol is 1.3
// TLS1_3_VERSION is defined in openssl/tls1.h
#error "ERROR: Your OpenSSL version does not support TLS v1.3"
#endif
@@ -456,7 +456,8 @@ CNode* ConnectNode(CAddress addrConnect, const char *pszDest)
NODE_ADDR nodeAddr(addrConnect.ToStringIP());
bool bUseTLS = (find(vNonTLSNodesOutbound.begin(),
bool bUseTLS = ((GetBoolArg("-tls", true) || GetArg("-tls", "") == "only")
&& find(vNonTLSNodesOutbound.begin(),
vNonTLSNodesOutbound.end(),
nodeAddr) == vNonTLSNodesOutbound.end());
unsigned long err_code = 0;
@@ -1208,7 +1209,8 @@ static void AcceptConnection(const ListenSocket& hListenSocket) {
NODE_ADDR nodeAddr(addr.ToStringIP());
bool bUseTLS = (find(vNonTLSNodesInbound.begin(),
bool bUseTLS = ((GetBoolArg("-tls", true) || GetArg("-tls", "") == "only")
&& find(vNonTLSNodesInbound.begin(),
vNonTLSNodesInbound.end(),
nodeAddr) == vNonTLSNodesInbound.end());
unsigned long err_code = 0;
@@ -2450,7 +2452,7 @@ bool CNode::GetTlsFallbackNonTls()
if (tlsFallbackNonTls == eTlsOption::FALLBACK_UNSET)
{
// one time only setting of static class attribute
if ( GetBoolArg("-tlsfallbacknontls", true))
if ( GetArg("-tls", "") != "only" )
{
LogPrint("tls", "%s():%d - Non-TLS connections will be used in case of failure of TLS\n",
__func__, __LINE__);