domenico/openwrt_NSS_ACW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

uhttpd: add support to generate EC keys

Browse Source 
This adds the key_type and ec_curve options to enable the generation of
EC keys during initialization, using openssl or the new options added to
px5g.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7f2b230b3b)
This commit is contained in:
Eneas U de Queiroz
2019-08-05 15:34:39 -03:00
committed by Jo-Philipp Wich
parent ad4af2b8df
commit 882052caae
3 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
package/network/services/uhttpd/Makefile
View File

@@ -8,7 +8,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=uhttpd PKG_NAME:=uhttpd
PKG_RELEASE:=3 PKG_RELEASE:=4
PKG_SOURCE_PROTO:=git PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(PROJECT_GIT)/project/uhttpd.git PKG_SOURCE_URL=$(PROJECT_GIT)/project/uhttpd.git

8
package/network/services/uhttpd/files/uhttpd.config
View File

@@ -118,9 +118,17 @@ config cert defaults
# Validity time # Validity time
option days 730 option days 730
# key type: rsa or ec
option key_type rsa
# RSA key size # RSA key size
option bits 2048 option bits 2048
# EC curve name
# Curve names vary between mbedtls/px5g and openssl
# P-256 or P-384 are guaranteed to work
option ec_curve P-256
# Location # Location
option country ZZ option country ZZ
option state Somewhere option state Somewhere

6
package/network/services/uhttpd/files/uhttpd.init
View File

@@ -43,15 +43,19 @@ generate_keys() {
config_get state "$cfg" state config_get state "$cfg" state
config_get location "$cfg" location config_get location "$cfg" location
config_get commonname "$cfg" commonname config_get commonname "$cfg" commonname
config_get key_type "$cfg" key_type
config_get ec_curve "$cfg" ec_curve
# Prefer px5g for certificate generation (existence evaluated last) # Prefer px5g for certificate generation (existence evaluated last)
local GENKEY_CMD="" local GENKEY_CMD=""
local KEY_OPTS="rsa:${bits:-2048}"
local UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"') local UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"')
[ "$key_type" = "ec" ] && KEY_OPTS="ec -pkeyopt ec_paramgen_curve:${ec_curve:-P-256}"
[ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -sha256 -outform der -nodes" [ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -sha256 -outform der -nodes"
[ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -der" [ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -der"
[ -n "$GENKEY_CMD" ] && { [ -n "$GENKEY_CMD" ] && {
$GENKEY_CMD \ $GENKEY_CMD \
-days ${days:-730} -newkey rsa:${bits:-2048} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \ -days ${days:-730} -newkey ${KEY_OPTS} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
-subj /C="${country:-ZZ}"/ST="${state:-Somewhere}"/L="${location:-Unknown}"/O="${commonname:-OpenWrt}$UNIQUEID"/CN="${commonname:-OpenWrt}" -subj /C="${country:-ZZ}"/ST="${state:-Somewhere}"/L="${location:-Unknown}"/O="${commonname:-OpenWrt}$UNIQUEID"/CN="${commonname:-OpenWrt}"
sync sync
mv "${UHTTPD_KEY}.new" "${UHTTPD_KEY}" mv "${UHTTPD_KEY}.new" "${UHTTPD_KEY}"