3 files changed, 364 insertions, 4 deletions

diff --git a/contrib/epee/include/net/net_ssl.h b/contrib/epee/include/net/net_ssl.h
index 5ef2ff59d..3a97dfdaf 100644
--- a/contrib/epee/include/net/net_ssl.h
+++ b/contrib/epee/include/net/net_ssl.h
@@ -135,6 +135,9 @@ namespace net_utils
 	constexpr size_t get_ssl_magic_size() { return 9; }
 	bool is_ssl(const unsigned char *data, size_t len);
 	bool ssl_support_from_string(ssl_support_t &ssl, boost::string_ref s);
+
+	bool create_ec_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert);
+	bool create_rsa_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert);
 }
 }
 
diff --git a/contrib/epee/include/rolling_median.h b/contrib/epee/include/rolling_median.h
new file mode 100644
index 000000000..8b5a82a84
--- /dev/null
+++ b/contrib/epee/include/rolling_median.h
@@ -0,0 +1,236 @@
+// Copyright (c) 2019, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Adapted from source by AShelly:
+// Copyright (c) 2011 ashelly.myopenid.com, licenced under the MIT licence
+// https://stackoverflow.com/questions/5527437/rolling-median-in-c-turlach-implementation
+// https://stackoverflow.com/questions/1309263/rolling-median-algorithm-in-c
+// https://ideone.com/XPbl6
+
+#pragma once
+
+#include <stdlib.h>
+#include <stdint.h>
+
+namespace epee
+{
+namespace misc_utils
+{
+
+template<typename Item>
+struct rolling_median_t
+{
+private:
+  Item* data;  //circular queue of values
+  int*  pos;   //index into `heap` for each value
+  int*  heap;  //max/median/min heap holding indexes into `data`.
+  int   N;     //allocated size.
+  int   idx;   //position in circular queue
+  int   minCt; //count of items in min heap
+  int   maxCt; //count of items in max heap
+  int   sz;    //count of items in heap
+
+private:
+
+  //returns true if heap[i] < heap[j]
+  bool mmless(int i, int j) const
+  {
+    return data[heap[i]] < data[heap[j]];
+  }
+
+  //swaps items i&j in heap, maintains indexes
+  bool mmexchange(int i, int j)
+  {
+    const int t = heap[i];
+    heap[i] = heap[j];
+    heap[j] = t;
+    pos[heap[i]] = i;
+    pos[heap[j]] = j;
+    return 1;
+  }
+
+  //swaps items i&j if i<j;  returns true if swapped
+  bool mmCmpExch(int i, int j)
+  {
+     return mmless(i, j) && mmexchange(i, j);
+  }
+
+  //maintains minheap property for all items below i.
+  void minSortDown(int i)
+  {
+    for (i *= 2; i <= minCt; i *= 2)
+    {
+       if (i < minCt && mmless(i + 1, i))
+         ++i;
+       if (!mmCmpExch(i, i / 2))
+         break;
+    }
+  }
+
+  //maintains maxheap property for all items below i. (negative indexes)
+  void maxSortDown(int i)
+  {
+    for (i *= 2; i >= -maxCt; i *= 2)
+    {
+      if (i > -maxCt && mmless(i, i - 1))
+        --i;
+      if (!mmCmpExch(i / 2, i))
+        break;
+    }
+  }
+
+  //maintains minheap property for all items above i, including median
+  //returns true if median changed
+  bool minSortUp(int i)
+  {
+    while (i > 0 && mmCmpExch(i, i / 2))
+      i /= 2;
+    return i == 0;
+  }
+
+  //maintains maxheap property for all items above i, including median
+  //returns true if median changed
+  bool maxSortUp(int i)
+  {
+     while (i < 0 && mmCmpExch(i / 2, i))
+       i /= 2;
+     return i == 0;
+  }
+
+protected:
+  rolling_median_t &operator=(const rolling_median_t&) = delete;
+  rolling_median_t(const rolling_median_t&) = delete;
+
+public:
+  //creates new rolling_median_t: to calculate `nItems` running median. 
+  rolling_median_t(size_t N): N(N)
+  {
+    int size = N * (sizeof(Item) + sizeof(int) * 2);
+    data = (Item*)malloc(size);
+    pos = (int*) (data + N);
+    heap = pos + N + (N / 2); //points to middle of storage.
+    clear();
+  }
+
+  rolling_median_t(rolling_median_t &&m)
+  {
+    free(data);
+    memcpy(this, &m, sizeof(rolling_median_t));
+    m.data = NULL;
+  }
+  rolling_median_t &operator=(rolling_median_t &&m)
+  {
+    free(data);
+    memcpy(this, &m, sizeof(rolling_median_t));
+    m.data = NULL;
+    return *this;
+  }
+
+  ~rolling_median_t()
+  {
+    free(data);
+  }
+
+  void clear()
+  {
+    idx = 0;
+    minCt = 0;
+    maxCt = 0;
+    sz = 0;
+    int nItems = N;
+    while (nItems--)  //set up initial heap fill pattern: median,max,min,max,...
+    {
+      pos[nItems] = ((nItems + 1) / 2) * ((nItems & 1) ? -1 : 1);
+      heap[pos[nItems]] = nItems;
+    }
+  }
+
+  int size() const
+  {
+    return sz;
+  }
+
+  //Inserts item, maintains median in O(lg nItems)
+  void insert(Item v)
+  {
+    int p = pos[idx];
+    Item old = data[idx];
+    data[idx] = v;
+    idx = (idx + 1) % N;
+    sz = std::min<int>(sz + 1, N);
+    if (p > 0)         //new item is in minHeap
+    {
+      if (minCt < (N - 1) / 2)
+      {
+        ++minCt;
+      }
+      else if (v > old)
+      {
+        minSortDown(p);
+        return;
+      }
+      if (minSortUp(p) && mmCmpExch(0, -1))
+        maxSortDown(-1);
+    }
+    else if (p < 0)   //new item is in maxheap
+    {
+      if (maxCt < N / 2)
+      {
+        ++maxCt;
+      }
+      else if (v < old)
+      {
+        maxSortDown(p);
+        return;
+      }
+      if (maxSortUp(p) && minCt && mmCmpExch(1, 0))
+        minSortDown(1);
+    }
+    else //new item is at median
+    {
+      if (maxCt && maxSortUp(-1))
+        maxSortDown(-1);
+      if (minCt && minSortUp(1))
+        minSortDown(1);
+    }
+  }
+
+  //returns median item (or average of 2 when item count is even)
+  Item median() const
+  {
+    Item v = data[heap[0]];
+    if (minCt < maxCt)
+    {
+      v = (v + data[heap[-1]]) / 2;
+    }
+    return v;
+  }
+};
+
+}
+}
diff --git a/contrib/epee/src/net_ssl.cpp b/contrib/epee/src/net_ssl.cpp
index c17d86eca..ba0bef0c7 100644
--- a/contrib/epee/src/net_ssl.cpp
+++ b/contrib/epee/src/net_ssl.cpp
@@ -78,6 +78,24 @@ namespace
   };
   using openssl_bignum = std::unique_ptr<BIGNUM, openssl_bignum_free>;
 
+  struct openssl_ec_key_free
+  {
+    void operator()(EC_KEY* ptr) const noexcept
+    {
+      EC_KEY_free(ptr);
+    }
+  };
+  using openssl_ec_key = std::unique_ptr<EC_KEY, openssl_ec_key_free>;
+
+  struct openssl_group_free
+  {
+    void operator()(EC_GROUP* ptr) const noexcept
+    {
+      EC_GROUP_free(ptr);
+    }
+  };
+  using openssl_group = std::unique_ptr<EC_GROUP, openssl_group_free>;
+
   boost::system::error_code load_ca_file(boost::asio::ssl::context& ctx, const std::string& path)
   {
     SSL_CTX* const ssl_ctx = ctx.native_handle(); // could be moved from context
@@ -101,7 +119,7 @@ namespace net_utils
 
 
 // https://stackoverflow.com/questions/256405/programmatically-create-x509-certificate-using-openssl
-bool create_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert)
+bool create_rsa_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert)
 {
   MGINFO("Generating SSL certificate");
   pkey = EVP_PKEY_new();
@@ -171,6 +189,87 @@ bool create_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert)
   return true;
 }
 
+bool create_ec_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert, int type)
+{
+  MGINFO("Generating SSL certificate");
+  pkey = EVP_PKEY_new();
+  if (!pkey)
+  {
+    MERROR("Failed to create new private key");
+    return false;
+  }
+
+  openssl_pkey pkey_deleter{pkey};
+  openssl_ec_key ec_key{EC_KEY_new()};
+  if (!ec_key)
+  {
+    MERROR("Error allocating EC private key");
+    return false;
+  }
+
+  EC_GROUP *group = EC_GROUP_new_by_curve_name(type);
+  if (!group)
+  {
+    MERROR("Error getting EC group " << type);
+    return false;
+  }
+  openssl_group group_deleter{group};
+
+  EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); 
+  EC_GROUP_set_point_conversion_form(group, POINT_CONVERSION_UNCOMPRESSED);
+
+  if (!EC_GROUP_check(group, NULL))
+  {
+    MERROR("Group failed check: " << ERR_reason_error_string(ERR_get_error()));
+    return false;
+  }
+  if (EC_KEY_set_group(ec_key.get(), group) != 1)
+  {
+    MERROR("Error setting EC group");
+    return false;
+  }
+  if (EC_KEY_generate_key(ec_key.get()) != 1)
+  {
+    MERROR("Error generating EC private key");
+    return false;
+  }
+  if (EVP_PKEY_assign_EC_KEY(pkey, ec_key.get()) <= 0)
+  {
+    MERROR("Error assigning EC private key");
+    return false;
+  }
+
+  // the key is now managed by the EVP_PKEY structure
+  (void)ec_key.release();
+
+  cert = X509_new();
+  if (!cert)
+  {
+    MERROR("Failed to create new X509 certificate");
+    return false;
+  }
+  ASN1_INTEGER_set(X509_get_serialNumber(cert), 1);
+  X509_gmtime_adj(X509_get_notBefore(cert), 0);
+  X509_gmtime_adj(X509_get_notAfter(cert), 3600 * 24 * 182); // half a year
+  if (!X509_set_pubkey(cert, pkey))
+  {
+    MERROR("Error setting pubkey on certificate");
+    X509_free(cert);
+    return false;
+  }
+  X509_NAME *name = X509_get_subject_name(cert);
+  X509_set_issuer_name(cert, name);
+
+  if (X509_sign(cert, pkey, EVP_sha256()) == 0)
+  {
+    MERROR("Error signing certificate");
+    X509_free(cert);
+    return false;
+  }
+  (void)pkey_deleter.release();
+  return true;
+}
+
 ssl_options_t::ssl_options_t(std::vector<std::vector<std::uint8_t>> fingerprints, std::string ca_path)
   : fingerprints_(std::move(fingerprints)),
     ca_path(std::move(ca_path)),
@@ -195,7 +294,7 @@ boost::asio::ssl::context ssl_options_t::create_context() const
   ssl_context.set_options(boost::asio::ssl::context::no_tlsv1_1);
 
   // only allow a select handful of tls v1.3 and v1.2 ciphers to be used
-  SSL_CTX_set_cipher_list(ssl_context.native_handle(), "ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305");
+  SSL_CTX_set_cipher_list(ssl_context.native_handle(), "ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256");
 
   // set options on the SSL context for added security
   SSL_CTX *ctx = ssl_context.native_handle();
@@ -214,6 +313,10 @@ boost::asio::ssl::context ssl_options_t::create_context() const
 #ifdef SSL_OP_NO_COMPRESSION
   SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
 #endif
+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
+  SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+#endif
+  SSL_CTX_set_ecdh_auto(ctx, 1);
 
   switch (verification)
   {
@@ -240,11 +343,29 @@ boost::asio::ssl::context ssl_options_t::create_context() const
   {
     EVP_PKEY *pkey;
     X509 *cert;
-    CHECK_AND_ASSERT_THROW_MES(create_ssl_certificate(pkey, cert), "Failed to create certificate");
+    bool ok = false;
+
+#ifdef USE_EXTRA_EC_CERT
+    CHECK_AND_ASSERT_THROW_MES(create_ec_ssl_certificate(pkey, cert, NID_secp256k1), "Failed to create certificate");
     CHECK_AND_ASSERT_THROW_MES(SSL_CTX_use_certificate(ctx, cert), "Failed to use generated certificate");
+    if (!SSL_CTX_use_PrivateKey(ctx, pkey))
+      MERROR("Failed to use generated EC private key for " << NID_secp256k1);
+    else
+      ok = true;
     // don't free the cert, the CTX owns it now
-    CHECK_AND_ASSERT_THROW_MES(SSL_CTX_use_PrivateKey(ctx, pkey), "Failed to use generated private key");
     EVP_PKEY_free(pkey);
+#endif
+
+    CHECK_AND_ASSERT_THROW_MES(create_rsa_ssl_certificate(pkey, cert), "Failed to create certificate");
+    CHECK_AND_ASSERT_THROW_MES(SSL_CTX_use_certificate(ctx, cert), "Failed to use generated certificate");
+    if (!SSL_CTX_use_PrivateKey(ctx, pkey))
+      MERROR("Failed to use generated RSA private key for RSA");
+    else
+      ok = true;
+    // don't free the cert, the CTX owns it now
+    EVP_PKEY_free(pkey);
+
+    CHECK_AND_ASSERT_THROW_MES(ok, "Failed to use any generated certificate");
   }
   else
     auth.use_ssl_certificate(ssl_context);