支持显示证书的公钥算法

支持签名算法和公钥匹配检查

src/x509.c

@@ -478,6 +478,7 @@ finish:
 #define R_RSA_ALGO_1024 1024
 #define R_RSA_ALGO_2048 2048
 #define R_RSA_ALGO_4096 4096
+#define R_DH_ALGO_1024 1
 
 typedef struct {
     const char *name;           /* NIST Name of curve */
@@ -501,6 +502,11 @@ static size_t x509_algo_str2idx(const char *public_algo)
 		goto finish;
 	}
 
+    if (0 == strcasecmp(public_algo, "dh1024"))
+	{
+		return R_DH_ALGO_1024;
+	}
+
 	for (i = 0; i < sizeof(algo_name) / sizeof(x509_algo_name); i++)
 	{
 		if (0 == strcasecmp(public_algo, algo_name[i].name))
@@ -528,16 +534,25 @@ int x509_check_pubKeytype(X509 *x509, const char *algo)
             xret = 1;
             break;
         case EVP_PKEY_EC:
+            nid = x509_algo_str2idx(algo);
+            switch(nid)
+            {
+                case NID_X9_62_prime256v1:
+                case NID_secp384r1:
+                    xret = 1;
+                    break;
+                default:
+                    xret = 0;
+                    break;
+            }
+            break;
+        case EVP_PKEY_DH:
             nid = x509_algo_str2idx(algo);
             switch(nid)
             {
                 case R_RSA_ALGO_1024:
                 case R_RSA_ALGO_2048:
                 case R_RSA_ALGO_4096:
-                    xret = 0;
-                    break;
-                case NID_X9_62_prime256v1:
-                case NID_secp384r1:
                     xret = 1;
                     break;
                 default:
@@ -1157,6 +1172,44 @@ finish:
 	return 0;
 }
 
+int x509_check_pubKeytype2(X509 *x509, const char *algo)
+{
+    const char *signature = NULL;
+    int sig_nid = 0, nid = 0, xret = 0;
+
+    sig_nid = OBJ_obj2nid(x509->sig_alg->algorithm);
+    if (sig_nid == NID_undef)
+    {
+        printf("get signature algorithm failed\n");
+    }
+    signature = OBJ_nid2ln(sig_nid);
+    if (signature == NULL)
+    {
+        goto error;
+    }
+    printf("Signature Algorithm  : %s\n", signature);
+    if (strcasestr(signature, "ecdsa"))
+    {
+        nid = x509_algo_str2idx(algo);
+        switch(nid)
+        {
+            case NID_X9_62_prime256v1:
+            case NID_secp384r1:
+                xret = 1;
+                break;
+            default:
+                xret = 0;
+                break;
+        }
+    }
+    if (strcasestr(signature, "RSAEncryption"))
+    {
+        xret = 1;
+    }
+error:
+   return xret;
+}
+
 int x509_check_algo(char *certfile, const char *algo)
 {
     X509 *x509 = NULL;
@@ -1165,7 +1218,7 @@ int x509_check_algo(char *certfile, const char *algo)
 
     if (certfile == NULL || algo == NULL)
     {
-            goto help;
+        goto help;
     }
 
     x509 = cert_load_x509(certfile, &informat, &stack_ca);
@@ -1173,7 +1226,7 @@ int x509_check_algo(char *certfile, const char *algo)
         printf("unable to load certificate\n");
         goto finish;
     }
-    xret = x509_check_pubKeytype(x509, algo);
+    xret = x509_check_pubKeytype2(x509, algo);
     if(xret == 0)
     {
         printf("Matching failure\n");