uhttpd: add support to generate EC keys

This adds the key_type and ec_curve options to enable the generation of
EC keys during initialization, using openssl or the new options added to
px5g.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7f2b230b3b9d0a7fb758db3a9b1958845506a5a3)

diff --git a/package/network/services/uhttpd/Makefile b/package/network/services/uhttpd/Makefile
index 34666c11f4b5ec14539e10b7012753de03862143..e67b87803097162953c125c1b5d416d0c5b74703 100644 (file)
--- a/package/network/services/uhttpd/Makefile
+++ b/package/network/services/uhttpd/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=uhttpd
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/uhttpd.git

diff --git a/package/network/services/uhttpd/files/uhttpd.config b/package/network/services/uhttpd/files/uhttpd.config
index ee21cebc7144c44e1c306d601ec3f0a7059a081e..44e3986a0f84c76132f7b0092dcf2f2caed160df 100644 (file)
--- a/package/network/services/uhttpd/files/uhttpd.config
+++ b/package/network/services/uhttpd/files/uhttpd.config
@@ -118,9 +118,17 @@ config cert defaults
        # Validity time
        option days             730
 
+       # key type: rsa or ec
+       option key_type         rsa
+
        # RSA key size
        option bits             2048
 
+       # EC curve name
+       # Curve names vary between mbedtls/px5g and openssl
+       # P-256 or P-384 are guaranteed to work
+       option ec_curve         P-256
+
        # Location
        option country          ZZ
        option state            Somewhere

diff --git a/package/network/services/uhttpd/files/uhttpd.init b/package/network/services/uhttpd/files/uhttpd.init
index 75301e0282adeb07704bf40b991fd47edd763206..be487e3806dad4a8f714e37b8de58912a8f016e0 100755 (executable)
--- a/package/network/services/uhttpd/files/uhttpd.init
+++ b/package/network/services/uhttpd/files/uhttpd.init
@@ -43,15 +43,19 @@ generate_keys() {
        config_get state      "$cfg" state
        config_get location   "$cfg" location
        config_get commonname "$cfg" commonname
+       config_get key_type   "$cfg" key_type
+       config_get ec_curve   "$cfg" ec_curve
 
        # Prefer px5g for certificate generation (existence evaluated last)
        local GENKEY_CMD=""
+       local KEY_OPTS="rsa:${bits:-2048}"
        local UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"')
+       [ "$key_type" = "ec" ] && KEY_OPTS="ec -pkeyopt ec_paramgen_curve:${ec_curve:-P-256}"
        [ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -sha256 -outform der -nodes"
        [ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -der"
        [ -n "$GENKEY_CMD" ] && {
                $GENKEY_CMD \
-                       -days ${days:-730} -newkey rsa:${bits:-2048} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
+                       -days ${days:-730} -newkey ${KEY_OPTS} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
                        -subj /C="${country:-ZZ}"/ST="${state:-Somewhere}"/L="${location:-Unknown}"/O="${commonname:-libreCMC}$UNIQUEID"/CN="${commonname:-libreCMC}"
                sync
                mv "${UHTTPD_KEY}.new" "${UHTTPD_KEY}"