hush3/src/hush/utiltls.cpp


								// Copyright (c) 2017 The Zen Core developers

								// Copyright (c) 2016-2020 The Hush developers

								// Distributed under the GPLv3 software license, see the accompanying

								// file COPYING or https://www.gnu.org/licenses/gpl-3.0.en.html


								#include <stdio.h>

								#include <vector>


								#include <wolfssl/options.h>

								#include <wolfssl/ssl.h>

								#include "../util.h"

								#include "utiltls.h"


								namespace hush {


								// Generates EC keypair

								//

								WOLFSSL_EVP_PKEY* GenerateEcKey(int nid)

								{

								    WOLFSSL_EVP_PKEY *evpPrivKey = NULL;

								    WOLFSSL_EC_KEY *privKey = wolfSSL_EC_KEY_new_by_curve_name(nid);

								    if (privKey) {

								        wolfSSL_EC_KEY_set_asn1_flag(privKey, OPENSSL_EC_NAMED_CURVE);

								        if (wolfSSL_EC_KEY_generate_key(privKey)) {

								            if ((evpPrivKey = wolfSSL_EVP_PKEY_new())) {

								                if (!wolfSSL_EVP_PKEY_assign_EC_KEY(evpPrivKey, privKey)) {

								                    wolfSSL_EVP_PKEY_free(evpPrivKey);

								                    evpPrivKey = NULL;

								                }

								            }

								        }


								        if(!evpPrivKey) {

								            wolfSSL_EC_KEY_free(privKey);

								            evpPrivKey = NULL;

								        }

								    }


								    return evpPrivKey;

								}


								// Generates certificate for a specified public key using a corresponding private key (both of them should be specified in the 'keypair').

								//

								WOLFSSL_X509* GenerateCertificate(WOLFSSL_EVP_PKEY *keypair)

								{

								    if (!keypair) {

								        return NULL;

								    }


								    WOLFSSL_X509 *cert = wolfSSL_X509_new();

								    if (cert) {

								        bool bCertSigned = false;

								        long sn = 0;


								        if (wolfSSL_RAND_bytes((unsigned char*)&sn, sizeof(sn)) &&wolfSSL_ASN1_INTEGER_set(wolfSSL_X509_get_serialNumber(cert), sn)) {

								            wolfSSL_X509_gmtime_adj(wolfSSL_X509_get_notBefore(cert), 0);

								            wolfSSL_X509_gmtime_adj(wolfSSL_X509_get_notAfter(cert), (60 * 60 * 24 * CERT_VALIDITY_DAYS));


								            // setting a public key from the keypair

								            if (wolfSSL_X509_set_pubkey(cert, keypair)) {

								                // private key from keypair is used; signature will be set inside of the cert

								                bCertSigned = wolfSSL_X509_sign(cert, keypair, wolfSSL_EVP_sha512());

								            }

								        }


								        if (!bCertSigned) {

								            wolfSSL_X509_free(cert);

								            cert = NULL;

								        }

								    }


								    return cert;

								}


								}