Merge pull request #1483 from domosekai/ecc

Support ECDSA certificates on server side and show parameters in dialog

src/Cedar/Admin.c

@@ -7777,11 +7777,6 @@ UINT StAddCa(ADMIN *a, RPC_HUB_ADD_CA *t)
 		return ERR_INVALID_PARAMETER;
 	}
 
-	if (t->Cert->is_compatible_bit == false)
-	{
-		return ERR_NOT_RSA_1024;
-	}
-
 	CHECK_RIGHT;
 
 	LockHubList(c);
@@ -9446,11 +9441,6 @@ UINT StSetServerCert(ADMIN *a, RPC_KEY_PAIR *t)
 		return ERR_PROTOCOL_ERROR;
 	}
 
-	if (t->Cert->is_compatible_bit == false)
-	{
-		return ERR_NOT_RSA_1024;
-	}
-
 	if (CheckXandK(t->Cert, t->Key) == false)
 	{
 		return ERR_PROTOCOL_ERROR;

src/Cedar/Client.c

@@ -7109,14 +7109,6 @@ bool CtSetAccount(CLIENT *c, RPC_CLIENT_CREATE_ACCOUNT *a, bool inner)
 			}
 		}
 
-		if (a->ServerCert != NULL && a->ServerCert->is_compatible_bit == false)
-		{
-			// Server certificate is invalid
-			UnlockList(c->AccountList);
-			CiSetError(c, ERR_NOT_RSA_1024);
-			return false;
-		}
-
 		Lock(ret->lock);
 		{
 
@@ -7236,14 +7228,6 @@ bool CtCreateAccount(CLIENT *c, RPC_CLIENT_CREATE_ACCOUNT *a, bool inner)
 			}
 		}
 
-		if (a->ServerCert != NULL && a->ServerCert->is_compatible_bit == false)
-		{
-			// The server certificate is invalid
-			UnlockList(c->AccountList);
-			CiSetError(c, ERR_NOT_RSA_1024);
-			return false;
-		}
-
 		// Add a new account
 		new_account = ZeroMalloc(sizeof(ACCOUNT));
 		new_account->lock = NewLock();
@@ -8536,12 +8520,6 @@ bool CtAddCa(CLIENT *c, RPC_CERT *cert)
 		return false;
 	}
 
-	if (cert->x->is_compatible_bit == false)
-	{
-		CiSetError(c, ERR_NOT_RSA_1024);
-		return false;
-	}
-
 	AddCa(c->Cedar, cert->x);
 
 	CiSaveConfigurationFile(c);

src/Cedar/WinUi.c

@@ -35,6 +35,9 @@
 #include <shellapi.h>
 #include <shlobj.h>
 
+#include <openssl/evp.h>
+#include <openssl/ec.h>
+
 // Process name list of incompatible anti-virus software
 static BAD_PROCESS bad_processes[] =
 {
@@ -5566,17 +5569,58 @@ void PrintCertInfo(HWND hWnd, CERT_DLG *p)
 	GetDateTimeStrEx64(tmp, sizeof(tmp), SystemToLocal64(x->notAfter), NULL);
 	LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_NOT_AFTER"), tmp);
 
-	// Number of bits
-	if (x->is_compatible_bit)
-	{
-		UniFormat(tmp, sizeof(tmp), _UU("CERT_BITS_FORMAT"), x->bits);
-		LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_BITS"), tmp);
-	}
-
 	// Public key
 	k = GetKFromX(x);
 	if (k != NULL)
 	{
+		UINT type = EVP_PKEY_base_id(k->pkey);
+		switch (type)
+		{
+		case EVP_PKEY_RSA:
+			LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_KEY_ALGORITHM"), L"RSA");
+			UniFormat(tmp, sizeof(tmp), _UU("CERT_BITS_FORMAT"), x->bits);
+			LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_BITS"), tmp);
+			break;
+		case EVP_PKEY_EC:
+			LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_KEY_ALGORITHM"), L"ECDSA");
+			UniFormat(tmp, sizeof(tmp), _UU("CERT_BITS_FORMAT"), x->bits);
+			LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_BITS"), tmp);
+
+# ifndef OPENSSL_NO_EC
+			EC_KEY *key = EVP_PKEY_get0_EC_KEY(k->pkey);
+			if (key == NULL)
+			{
+				break;
+			}
+
+			EC_GROUP *group = EC_KEY_get0_group(key);
+			if (group == NULL)
+			{
+				break;
+			}
+
+			int nid = EC_GROUP_get_curve_name(group);
+			if (nid == 0)
+			{
+				break;
+			}
+
+			if (StrToUni(tmp, sizeof(tmp), OBJ_nid2sn(nid)) > 0)
+			{
+				wchar_t *nname = CopyStrToUni(EC_curve_nid2nist(nid));
+				if (nname)
+				{
+					UniFormat(tmp, sizeof(tmp), L"%s (%s)", tmp, nname);
+				}
+				LvInsert(hWnd, L_CERTINFO, ICO_CERT, NULL, 2, _UU("CERT_KEY_PARAMETER"), tmp);
+				Free(nname);
+			}
+# endif
+			break;
+		default:
+			break;
+		}
+
 		BUF *b = KToBuf(k, false, NULL);
 		s_tmp = CopyBinToStrEx(b->Buf, b->Size);
 		StrToUni(tmp, sizeof(tmp), s_tmp);

src/bin/hamcore/strtable_cn.stb

@@ -428,12 +428,14 @@ CERT_ISSUER					发行者
 CERT_SUBJECT				主题
 CERT_NOT_BEFORE				有效期自
 CERT_NOT_AFTER				有效期至
-CERT_BITS					数位
+CERT_BITS					位数
 CERT_PUBLIC_KEY				公钥
 CERT_DIGEST_MD5				摘要 (MD5)
 CERT_DIGEST_SHA1			摘要 (SHA-1)
 CERT_NO_SERIAL				没有序列号
 CERT_BITS_FORMAT			%u bits
+CERT_KEY_ALGORITHM			公钥算法
+CERT_KEY_PARAMETER			参数
 
 
 #关于证书认证对话框

src/bin/hamcore/strtable_en.stb

@@ -432,6 +432,8 @@ CERT_DIGEST_MD5			Digest (MD5)
 CERT_DIGEST_SHA1		Digest (SHA-1)
 CERT_NO_SERIAL			There is no serial number
 CERT_BITS_FORMAT		%u bits
+CERT_KEY_ALGORITHM		Public Key Algorithm
+CERT_KEY_PARAMETER		Parameters
 
 
 # Concerning certificate confirmation dialogs

src/bin/hamcore/strtable_ja.stb

@@ -434,6 +434,8 @@ CERT_DIGEST_MD5			ダイジェスト (MD5)
 CERT_DIGEST_SHA1		ダイジェスト (SHA-1)
 CERT_NO_SERIAL			シリアル番号はありません
 CERT_BITS_FORMAT		%u bits
+CERT_KEY_ALGORITHM		公開鍵アルゴリズム
+CERT_KEY_PARAMETER		パラメータ
 
 
 # 証明書確認ダイアログ関係

src/bin/hamcore/strtable_ko.stb

@@ -438,6 +438,8 @@ CERT_DIGEST_MD5 다이제스트 (MD5)
 CERT_DIGEST_SHA1 다이제스트 (SHA-1)
 CERT_NO_SERIAL 일련 번호가 없습니다
 CERT_BITS_FORMAT %u bits
+CERT_KEY_ALGORITHM		공개 키 알고리즘
+CERT_KEY_PARAMETER		매개변수
 
 
 # 인증서 확인 대화 관계

src/bin/hamcore/strtable_pt_br.stb

@@ -448,6 +448,8 @@ CERT_DIGEST_MD5	Resumo (MD5)
 CERT_DIGEST_SHA1	Resumo (SHA-1)
 CERT_NO_SERIAL	There is no serial number
 CERT_BITS_FORMAT	%u bits
+CERT_KEY_ALGORITHM		Public Key Algorithm
+CERT_KEY_PARAMETER		Parameters
 
 
 # Concerning certificate confirmation dialogs

src/bin/hamcore/strtable_ru.stb

@@ -432,6 +432,8 @@ CERT_DIGEST_MD5			Digest (MD5)
 CERT_DIGEST_SHA1		Digest (SHA-1)
 CERT_NO_SERIAL			There is no serial number
 CERT_BITS_FORMAT		%u bits
+CERT_KEY_ALGORITHM		Public Key Algorithm
+CERT_KEY_PARAMETER		Parameters
 
 
 # Concerning certificate confirmation dialogs

src/bin/hamcore/strtable_tw.stb

@@ -438,6 +438,8 @@ CERT_DIGEST_MD5			摘要 (MD5)
 CERT_DIGEST_SHA1		摘要 (SHA-1)
 CERT_NO_SERIAL			沒有序號
 CERT_BITS_FORMAT		%u bits
+CERT_KEY_ALGORITHM		公開金鑰演算法
+CERT_KEY_PARAMETER		參數
 
 
 #關於證書認證對話方塊