oDinZu
/
hush3
forked from hush/hush3
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

ECDSA certificate generation

danger
miodragpop 4 years ago
parent
eaed7355c6
commit
6aac6ed3d7
2 changed files with 25 additions and 28 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 37
      src/hush/utiltls.cpp
  2. 16
      src/net.cpp

37
src/hush/utiltls.cpp
View File

@ -105,35 +105,27 @@ static EVP_PKEY* GenerateRsaKey(int bits, BN_ULONG uPublicKey)
// Generates EC keypair
//
static EVP_PKEY* GenerateEcKey(int bits, BN_ULONG uPublicKey)
static EVP_PKEY* GenerateEcKey(int nid = NID_X9_62_prime256v1)
{
EVP_PKEY *evpPrivKey = NULL;
BIGNUM *pubKey = BN_new();
if (pubKey)
EC_KEY *privKey = EC_KEY_new_by_curve_name(nid);
if (privKey)
{
if (BN_set_word(pubKey, uPublicKey))
EC_KEY_set_asn1_flag(privKey, OPENSSL_EC_NAMED_CURVE);
if (EC_KEY_generate_key(privKey))
{
EC_KEY *privKey = EC_KEY_new_by_curve_name(NID_secp256k1);
if (privKey)
if ((evpPrivKey = EVP_PKEY_new()))
{
if (EC_KEY_generate_key(privKey))
if (!EVP_PKEY_assign_EC_KEY(evpPrivKey, privKey))
{
if ((evpPrivKey = EVP_PKEY_new()))
{
if (!EVP_PKEY_assign_EC_KEY(evpPrivKey, privKey))
{
EVP_PKEY_free(evpPrivKey);
evpPrivKey = NULL;
}
}
EVP_PKEY_free(evpPrivKey);
evpPrivKey = NULL;
}
if(!evpPrivKey)
EC_KEY_free(privKey);
}
}
BN_free(pubKey);
if(!evpPrivKey)
EC_KEY_free(privKey);
}
return evpPrivKey;
@ -349,6 +341,7 @@ static bool CheckCredentials(EVP_PKEY *key, X509 *cert)
bIsOk = (EC_KEY_check_key(eccKey) == 1);
EC_KEY_free(eccKey);
}
break;
}
// Currently only RSA & EC keys are supported.
// Other key types can be added here in further.
@ -408,7 +401,9 @@ bool GenerateCredentials(
// Generating RSA key and the self-signed certificate for it
//
key = GenerateRsaKey(TLS_RSA_KEY_SIZE, RSA_F4);
//key = GenerateRsaKey(TLS_RSA_KEY_SIZE, RSA_F4);
//key = GenerateEcKey(NID_secp256k1);
key = GenerateEcKey();
if (key)
{
cert = GenerateCertificate(key);

16
src/net.cpp
View File

@ -70,10 +70,10 @@ using namespace hush;
#define USE_TLS
#if defined(USE_TLS) && !defined(TLS1_2_VERSION)
// minimum secure protocol is 1.2
// TLS1_2_VERSION is defined in openssl/tls1.h
#error "ERROR: Your OpenSSL version does not support TLS v1.2"
#if defined(USE_TLS) && !defined(TLS1_3_VERSION)
// minimum secure protocol is 1.3
// TLS1_3_VERSION is defined in openssl/tls1.h
#error "ERROR: Your OpenSSL version does not support TLS v1.3"
#endif
@ -456,7 +456,8 @@ CNode* ConnectNode(CAddress addrConnect, const char *pszDest)
NODE_ADDR nodeAddr(addrConnect.ToStringIP());
bool bUseTLS = (find(vNonTLSNodesOutbound.begin(),
bool bUseTLS = ((GetBoolArg("-tls", true) || GetArg("-tls", "") == "only")
&& find(vNonTLSNodesOutbound.begin(),
vNonTLSNodesOutbound.end(),
nodeAddr) == vNonTLSNodesOutbound.end());
unsigned long err_code = 0;
@ -1208,7 +1209,8 @@ static void AcceptConnection(const ListenSocket& hListenSocket) {
NODE_ADDR nodeAddr(addr.ToStringIP());
bool bUseTLS = (find(vNonTLSNodesInbound.begin(),
bool bUseTLS = ((GetBoolArg("-tls", true) || GetArg("-tls", "") == "only")
&& find(vNonTLSNodesInbound.begin(),
vNonTLSNodesInbound.end(),
nodeAddr) == vNonTLSNodesInbound.end());
unsigned long err_code = 0;
@ -2450,7 +2452,7 @@ bool CNode::GetTlsFallbackNonTls()
if (tlsFallbackNonTls == eTlsOption::FALLBACK_UNSET)
{
// one time only setting of static class attribute
if ( GetBoolArg("-tlsfallbacknontls", true))
if ( GetArg("-tls", "") != "only" )
{
LogPrint("tls", "%s():%d - Non-TLS connections will be used in case of failure of TLS\n",
__func__, __LINE__);

Write Preview
Loading…
Cancel
Save