Added certificate creation using ECDSA

* dtls/test/makecerts_ec.bat: creates ca-cert_ec.pem, keycert_ec.pem and server-cert_ec.pem
* dtls/test/openssl_ca.cnf and openssl_server.cnf: Added HOME to be able to use the conf file under windows

ChangeLog

@@ -1,9 +1,16 @@
+2017-03-17  Björn Freise  <mcfreis@gmx.net>
+
+	Added certificate creation using ECDSA
+
+	* dtls/test/makecerts_ec.bat: creates ca-cert_ec.pem, keycert_ec.pem and server-cert_ec.pem
+	* dtls/test/openssl_ca.cnf and openssl_server.cnf: Added HOME to be able to use the conf file under windows
+
 2017-03-17  Björn Freise  <mcfreis@gmx.net>
 
 	Added an interface in SSLConnection() to access SSLContext() and SSL() for manipulating settings during creation
 
 	* dtls/openssl.py:
-		- Added utility fucntions EC_curve_nist2nid() and EC_curve_nid2nist()
+		- Added utility functions EC_curve_nist2nid() and EC_curve_nid2nist()
 	* dtls/patch.py:
 		- Extended wrap_socket() arguments with callbacks for user config functions of ssl context and ssl session values
 		- Extended SSLSocket() arguments with callbacks for user config functions of ssl context and ssl session values

dtls/test/certs/ca-cert_ec.pem

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBgzCCASoCCQDdMwvUA/R3lzAKBggqhkjOPQQDAzBKMQswCQYDVQQGEwJVUzET
+MBEGA1UECAwKV2FzaGluZ3RvbjETMBEGA1UECgwKUmF5IENBIEluYzERMA8GA1UE
+AwwIUmF5Q0FJbmMwHhcNMTcwMzA3MDgzNjU3WhcNMjcwMzA1MDgzNjU3WjBKMQsw
+CQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjETMBEGA1UECgwKUmF5IENB
+IEluYzERMA8GA1UEAwwIUmF5Q0FJbmMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
+AASD4xiQkPryjEwUl/GYeGu1CSA3UC6BUY3TiGED3zrC5Bn/POaVVn9GGOQMZUFi
+rCkuTgfg/qeIzTrTFndiR5C/MAoGCCqGSM49BAMDA0cAMEQCIHpd9qMvZZV6iaB5
+HrmlyfmhIuLBxDQra20Uxl2Y8N64AiAmPKqwPPp7z6IT2AzAXyHCPoVxwWA0NfGx
+nmXoYpDFlw==
+-----END CERTIFICATE-----

dtls/test/certs/keycert_ec.pem

@@ -0,0 +1,19 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIEMWCku4TqKwrQdeECm5LQPCBnr7+cqE4InlRYeObLOxoAoGCCqGSM49
+AwEHoUQDQgAEgroFe2fym1V7E3zr/zjuJixpyAjwfig+UTsxxm/04IvXzk2jQCQC
+TgbDVohJ8dgh4iEENZv2axWye7XCBzbftQ==
+-----END EC PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIBhjCCASwCCQCZ3L2TA/e93zAKBggqhkjOPQQDAzBKMQswCQYDVQQGEwJVUzET
+MBEGA1UECAwKV2FzaGluZ3RvbjETMBEGA1UECgwKUmF5IENBIEluYzERMA8GA1UE
+AwwIUmF5Q0FJbmMwHhcNMTcwMzA3MDgzNjU4WhcNMjcwMzA1MDgzNjU4WjBMMQsw
+CQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEUMBIGA1UECgwLUmF5IFNy
+diBJbmMxEjAQBgNVBAMMCVJheVNydkluYzBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABIK6BXtn8ptVexN86/847iYsacgI8H4oPlE7McZv9OCL185No0AkAk4Gw1aI
+SfHYIeIhBDWb9msVsnu1wgc237UwCgYIKoZIzj0EAwMDSAAwRQIhAK4caAt0QSTz
+A1WYlrEAA2AH181P7USiXkqQ5qRyoWQNAiBm3vKaoB+0p4B98HeI+h5V/7loomQg
+sW3uB0zEuJyqIQ==
+-----END CERTIFICATE-----

dtls/test/certs/server-cert_ec.pem

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBhjCCASwCCQCZ3L2TA/e93zAKBggqhkjOPQQDAzBKMQswCQYDVQQGEwJVUzET
+MBEGA1UECAwKV2FzaGluZ3RvbjETMBEGA1UECgwKUmF5IENBIEluYzERMA8GA1UE
+AwwIUmF5Q0FJbmMwHhcNMTcwMzA3MDgzNjU4WhcNMjcwMzA1MDgzNjU4WjBMMQsw
+CQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEUMBIGA1UECgwLUmF5IFNy
+diBJbmMxEjAQBgNVBAMMCVJheVNydkluYzBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABIK6BXtn8ptVexN86/847iYsacgI8H4oPlE7McZv9OCL185No0AkAk4Gw1aI
+SfHYIeIhBDWb9msVsnu1wgc237UwCgYIKoZIzj0EAwMDSAAwRQIhAK4caAt0QSTz
+A1WYlrEAA2AH181P7USiXkqQ5qRyoWQNAiBm3vKaoB+0p4B98HeI+h5V/7loomQg
+sW3uB0zEuJyqIQ==
+-----END CERTIFICATE-----

dtls/test/makecerts_ec.bat

@@ -0,0 +1,24 @@
+@echo off
+set RANDFILE=.rnd
+
+
+rem # Generate self-signed certificate for the certificate authority
+echo Generating CA...
+openssl ecparam -name prime256v1 -genkey -out tmp_ca_ec.key
+openssl req -config "openssl_ca.cnf" -x509 -new -SHA384 -nodes -key tmp_ca_ec.key -days 3650 -out ca-cert_ec.pem
+
+rem # Generate a certificate request
+echo Generating certificate request...
+openssl ecparam -name prime256v1 -genkey -out tmp_server_ec.key
+openssl req -config "openssl_server.cnf" -new -SHA384 -nodes -key tmp_server_ec.key -out tmp_server_ec.req
+
+rem # Sign the request with the certificate authority's certificate created above
+echo Signing certificate request...
+openssl req -in tmp_server_ec.req -noout -text
+openssl x509 -req -SHA384 -days 3650 -in tmp_server_ec.req -CA ca-cert_ec.pem -CAkey tmp_ca_ec.key -CAcreateserial -out server-cert_ec.pem
+
+rem # Build pem file with private and public keys, ready for unprompted server use
+cat tmp_server_ec.key server-cert_ec.pem > keycert_ec.pem
+
+rem # Clean up
+rm tmp_ca_ec.key tmp_server_ec.key tmp_server_ec.req ca-cert_ec.srl

dtls/test/openssl_ca.cnf

@@ -1,6 +1,7 @@
-RANDFILE               = $ENV::HOME/.rnd
+HOME                   = .
-
+RANDFILE               = $ENV::HOME/.rnd
-[ req ]
+
+[ req ]
 distinguished_name     = req_distinguished_name
 prompt                 = no
 

dtls/test/openssl_server.cnf

@@ -1,6 +1,7 @@
-RANDFILE               = $ENV::HOME/.rnd
+HOME                   = .
-
+RANDFILE               = $ENV::HOME/.rnd
-[ req ]
+
+[ req ]
 distinguished_name     = req_distinguished_name
 prompt                 = no