From 13edf48fdf182050ab58b802a008b8ca8047705c Mon Sep 17 00:00:00 2001
From: mcfreis <mcfreis@gmx.net>
Date: Mon, 20 Mar 2017 16:08:11 +0100
Subject: [PATCH] Added certificate creation using ECDSA

* dtls/test/makecerts_ec.bat: creates ca-cert_ec.pem, keycert_ec.pem and server-cert_ec.pem
* dtls/test/openssl_ca.cnf and openssl_server.cnf: Added HOME to be able to use the conf file under windows
---
 ChangeLog                          |  9 ++++++++-
 dtls/test/certs/ca-cert_ec.pem     | 11 +++++++++++
 dtls/test/certs/keycert_ec.pem     | 19 +++++++++++++++++++
 dtls/test/certs/server-cert_ec.pem | 11 +++++++++++
 dtls/test/makecerts_ec.bat         | 24 ++++++++++++++++++++++++
 dtls/test/openssl_ca.cnf           |  7 ++++---
 dtls/test/openssl_server.cnf       |  7 ++++---
 7 files changed, 81 insertions(+), 7 deletions(-)
 create mode 100644 dtls/test/certs/ca-cert_ec.pem
 create mode 100644 dtls/test/certs/keycert_ec.pem
 create mode 100644 dtls/test/certs/server-cert_ec.pem
 create mode 100644 dtls/test/makecerts_ec.bat

diff --git a/ChangeLog b/ChangeLog
index af90f0f..549f76f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,9 +1,16 @@
+2017-03-17  Björn Freise  <mcfreis@gmx.net>
+
+	Added certificate creation using ECDSA
+
+	* dtls/test/makecerts_ec.bat: creates ca-cert_ec.pem, keycert_ec.pem and server-cert_ec.pem
+	* dtls/test/openssl_ca.cnf and openssl_server.cnf: Added HOME to be able to use the conf file under windows
+
 2017-03-17  Björn Freise  <mcfreis@gmx.net>
 
 	Added an interface in SSLConnection() to access SSLContext() and SSL() for manipulating settings during creation
 
 	* dtls/openssl.py:
-		- Added utility fucntions EC_curve_nist2nid() and EC_curve_nid2nist()
+		- Added utility functions EC_curve_nist2nid() and EC_curve_nid2nist()
 	* dtls/patch.py:
 		- Extended wrap_socket() arguments with callbacks for user config functions of ssl context and ssl session values
 		- Extended SSLSocket() arguments with callbacks for user config functions of ssl context and ssl session values
diff --git a/dtls/test/certs/ca-cert_ec.pem b/dtls/test/certs/ca-cert_ec.pem
new file mode 100644
index 0000000..5dee05c
--- /dev/null
+++ b/dtls/test/certs/ca-cert_ec.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBgzCCASoCCQDdMwvUA/R3lzAKBggqhkjOPQQDAzBKMQswCQYDVQQGEwJVUzET
+MBEGA1UECAwKV2FzaGluZ3RvbjETMBEGA1UECgwKUmF5IENBIEluYzERMA8GA1UE
+AwwIUmF5Q0FJbmMwHhcNMTcwMzA3MDgzNjU3WhcNMjcwMzA1MDgzNjU3WjBKMQsw
+CQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjETMBEGA1UECgwKUmF5IENB
+IEluYzERMA8GA1UEAwwIUmF5Q0FJbmMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
+AASD4xiQkPryjEwUl/GYeGu1CSA3UC6BUY3TiGED3zrC5Bn/POaVVn9GGOQMZUFi
+rCkuTgfg/qeIzTrTFndiR5C/MAoGCCqGSM49BAMDA0cAMEQCIHpd9qMvZZV6iaB5
+HrmlyfmhIuLBxDQra20Uxl2Y8N64AiAmPKqwPPp7z6IT2AzAXyHCPoVxwWA0NfGx
+nmXoYpDFlw==
+-----END CERTIFICATE-----
diff --git a/dtls/test/certs/keycert_ec.pem b/dtls/test/certs/keycert_ec.pem
new file mode 100644
index 0000000..d0ebe5a
--- /dev/null
+++ b/dtls/test/certs/keycert_ec.pem
@@ -0,0 +1,19 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIEMWCku4TqKwrQdeECm5LQPCBnr7+cqE4InlRYeObLOxoAoGCCqGSM49
+AwEHoUQDQgAEgroFe2fym1V7E3zr/zjuJixpyAjwfig+UTsxxm/04IvXzk2jQCQC
+TgbDVohJ8dgh4iEENZv2axWye7XCBzbftQ==
+-----END EC PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIBhjCCASwCCQCZ3L2TA/e93zAKBggqhkjOPQQDAzBKMQswCQYDVQQGEwJVUzET
+MBEGA1UECAwKV2FzaGluZ3RvbjETMBEGA1UECgwKUmF5IENBIEluYzERMA8GA1UE
+AwwIUmF5Q0FJbmMwHhcNMTcwMzA3MDgzNjU4WhcNMjcwMzA1MDgzNjU4WjBMMQsw
+CQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEUMBIGA1UECgwLUmF5IFNy
+diBJbmMxEjAQBgNVBAMMCVJheVNydkluYzBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABIK6BXtn8ptVexN86/847iYsacgI8H4oPlE7McZv9OCL185No0AkAk4Gw1aI
+SfHYIeIhBDWb9msVsnu1wgc237UwCgYIKoZIzj0EAwMDSAAwRQIhAK4caAt0QSTz
+A1WYlrEAA2AH181P7USiXkqQ5qRyoWQNAiBm3vKaoB+0p4B98HeI+h5V/7loomQg
+sW3uB0zEuJyqIQ==
+-----END CERTIFICATE-----
diff --git a/dtls/test/certs/server-cert_ec.pem b/dtls/test/certs/server-cert_ec.pem
new file mode 100644
index 0000000..62b97fe
--- /dev/null
+++ b/dtls/test/certs/server-cert_ec.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBhjCCASwCCQCZ3L2TA/e93zAKBggqhkjOPQQDAzBKMQswCQYDVQQGEwJVUzET
+MBEGA1UECAwKV2FzaGluZ3RvbjETMBEGA1UECgwKUmF5IENBIEluYzERMA8GA1UE
+AwwIUmF5Q0FJbmMwHhcNMTcwMzA3MDgzNjU4WhcNMjcwMzA1MDgzNjU4WjBMMQsw
+CQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEUMBIGA1UECgwLUmF5IFNy
+diBJbmMxEjAQBgNVBAMMCVJheVNydkluYzBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABIK6BXtn8ptVexN86/847iYsacgI8H4oPlE7McZv9OCL185No0AkAk4Gw1aI
+SfHYIeIhBDWb9msVsnu1wgc237UwCgYIKoZIzj0EAwMDSAAwRQIhAK4caAt0QSTz
+A1WYlrEAA2AH181P7USiXkqQ5qRyoWQNAiBm3vKaoB+0p4B98HeI+h5V/7loomQg
+sW3uB0zEuJyqIQ==
+-----END CERTIFICATE-----
diff --git a/dtls/test/makecerts_ec.bat b/dtls/test/makecerts_ec.bat
new file mode 100644
index 0000000..5d5eb8b
--- /dev/null
+++ b/dtls/test/makecerts_ec.bat
@@ -0,0 +1,24 @@
+@echo off
+set RANDFILE=.rnd
+
+
+rem # Generate self-signed certificate for the certificate authority
+echo Generating CA...
+openssl ecparam -name prime256v1 -genkey -out tmp_ca_ec.key
+openssl req -config "openssl_ca.cnf" -x509 -new -SHA384 -nodes -key tmp_ca_ec.key -days 3650 -out ca-cert_ec.pem
+
+rem # Generate a certificate request
+echo Generating certificate request...
+openssl ecparam -name prime256v1 -genkey -out tmp_server_ec.key
+openssl req -config "openssl_server.cnf" -new -SHA384 -nodes -key tmp_server_ec.key -out tmp_server_ec.req
+
+rem # Sign the request with the certificate authority's certificate created above
+echo Signing certificate request...
+openssl req -in tmp_server_ec.req -noout -text
+openssl x509 -req -SHA384 -days 3650 -in tmp_server_ec.req -CA ca-cert_ec.pem -CAkey tmp_ca_ec.key -CAcreateserial -out server-cert_ec.pem
+
+rem # Build pem file with private and public keys, ready for unprompted server use
+cat tmp_server_ec.key server-cert_ec.pem > keycert_ec.pem
+
+rem # Clean up
+rm tmp_ca_ec.key tmp_server_ec.key tmp_server_ec.req ca-cert_ec.srl
diff --git a/dtls/test/openssl_ca.cnf b/dtls/test/openssl_ca.cnf
index 365ab27..77d9dda 100644
--- a/dtls/test/openssl_ca.cnf
+++ b/dtls/test/openssl_ca.cnf
@@ -1,6 +1,7 @@
-RANDFILE               = $ENV::HOME/.rnd
-
-[ req ]
+HOME                   = .
+RANDFILE               = $ENV::HOME/.rnd
+
+[ req ]
 distinguished_name     = req_distinguished_name
 prompt                 = no
 
diff --git a/dtls/test/openssl_server.cnf b/dtls/test/openssl_server.cnf
index 2d2e749..3370303 100644
--- a/dtls/test/openssl_server.cnf
+++ b/dtls/test/openssl_server.cnf
@@ -1,6 +1,7 @@
-RANDFILE               = $ENV::HOME/.rnd
-
-[ req ]
+HOME                   = .
+RANDFILE               = $ENV::HOME/.rnd
+
+[ req ]
 distinguished_name     = req_distinguished_name
 prompt                 = no