diff options
| author | fengweihao <[email protected]> | 2020-02-27 14:49:34 +0800 |
|---|---|---|
| committer | fengweihao <[email protected]> | 2020-02-27 14:49:34 +0800 |
| commit | 821ff22eeb32f165287b661f910769d1d6d6d3b0 (patch) | |
| tree | bffc7cafce4f58d0a68f6654abdbce635860dc2c | |
| parent | 1511bb1a4b8894db784c68019a3ebedb142f60d6 (diff) | |
新增支持ECDHE公钥算法secp256r1、secp384r1
新增支持DH公钥算法dh1024
| -rw-r--r-- | program/src/cert_session.cpp | 59 |
1 files changed, 56 insertions, 3 deletions
diff --git a/program/src/cert_session.cpp b/program/src/cert_session.cpp index 625286b..6c54347 100644 --- a/program/src/cert_session.cpp +++ b/program/src/cert_session.cpp @@ -126,6 +126,7 @@ finish: #define R_RSA_ALGO_1024 1024 #define R_RSA_ALGO_2048 2048 #define R_RSA_ALGO_4096 4096 +#define R_DH_ALGO_1024 1 typedef struct { const char *name; /* NIST Name of curve */ @@ -136,19 +137,24 @@ static x509_algo_name algo_name[] = { {"rsa1024", R_RSA_ALGO_1024}, {"rsa2048", R_RSA_ALGO_2048}, {"rsa4096", R_RSA_ALGO_4096}, - {"secp192r1", NID_X9_62_prime192v1}, {"secp256r1", NID_X9_62_prime256v1}, + {"secp384r1",NID_secp384r1} }; static size_t x509_algo_str2idx(const char *public_algo) { - size_t i = 0; + size_t i = 0; int nid = 0; if(public_algo == NULL) { goto finish; } + if (0 == strcasecmp(public_algo, "dh1024")) + { + return R_DH_ALGO_1024; + } + for (i = 0; i < sizeof(algo_name) / sizeof(x509_algo_name); i++) { if (0 == strcasecmp(public_algo, algo_name[i].name)) @@ -156,6 +162,7 @@ static size_t x509_algo_str2idx(const char *public_algo) return algo_name[i].nid; } } + finish: return R_RSA_ALGO_2048; } @@ -183,6 +190,50 @@ err: return 0; } +int ssl_key_gen_dh(EVP_PKEY** pkey, int nid) +{ + EVP_PKEY *pk = NULL; + + DH *dh = DH_new(); + if(dh == NULL) + { + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "create dh key faild"); + goto error; + } +#if 0 + dh = DH_generate_parameters(nid, DH_GENERATOR_2, NULL, NULL); + if (dh == NULL) + { + return 0; + } + DH_generate_key(dh); +#endif + if (!DH_generate_parameters_ex(dh, nid, DH_GENERATOR_2, NULL)) + { + goto error; + } + if (!DH_generate_key(dh)) + { + goto error; + } + + if((pk = EVP_PKEY_new()) == NULL){ + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "ssl_key_gen_ecc, gen new key failed!"); + goto error; + } + if(!EVP_PKEY_assign_DH(pk, dh)){ + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "ssl_key_gen_ecc, assign key failed!"); + EVP_PKEY_free(pk); + goto error; + } + *pkey = pk; + return 1; +error: + if(dh!=NULL) + DH_free(dh); + return 0; +} + int ssl_key_gen_ecc(EVP_PKEY** pkey, int nid) { EC_GROUP *group = NULL; @@ -243,10 +294,12 @@ static int ssl_key_gen(EVP_PKEY** pkey, char *pubkey, char *public_algo) case R_RSA_ALGO_4096: ret = ssl_key_gen_rsa(pkey, nid); break; - case NID_X9_62_prime192v1: case NID_X9_62_prime256v1: + case NID_secp384r1: ret = ssl_key_gen_ecc(pkey, nid); break; + case R_DH_ALGO_1024: + ret = ssl_key_gen_dh(pkey, 1024); default: break; } |