Algorithm negotiation method, message processing method, electronic device and readable storage medium
By negotiating algorithms between terminal devices and using adaptive algorithm processing, the message processing obstacles caused by different algorithm identifiers from different manufacturers have been resolved, achieving cross-vendor message processing compatibility and effectiveness.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- BEIJING TOPSEC NETWORK SECURITY TECH
- Filing Date
- 2022-10-14
- Publication Date
- 2026-06-30
AI Technical Summary
Different manufacturers have different algorithm identifiers, which causes obstacles in message processing and makes it impossible to transmit messages effectively.
Through algorithmic negotiation, terminal devices negotiate target negotiation identifiers to ensure successful message processing even if the algorithm identifiers are different. Adaptive algorithms are used to adapt to different identifiers, build communication tunnels, and configure negotiation identifiers.
It achieves message processing compatibility between terminal devices from different manufacturers, improving the effectiveness and applicability of message processing.
Smart Images

Figure CN115643073B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of communication technology, and more specifically, to an algorithm negotiation method, a message processing method, an electronic device, and a readable storage medium. Background Technology
[0002] Before being deployed, algorithms typically register their own unique algorithm identifiers to identify them. Inevitably, different vendors may register different algorithm identifiers for the same algorithm. This can lead to communication barriers between vendors, even when using the same algorithm, due to the different registered identifiers. Summary of the Invention
[0003] The purpose of this application is to provide an algorithm negotiation method, a message processing method, an electronic device, and a readable storage medium to improve the problem of message processing barriers caused by differences in algorithm identifiers between different manufacturers.
[0004] In a first aspect, the present invention provides an algorithm negotiation method applied to a first terminal. The algorithm negotiation method includes: sending a first negotiation request for a target algorithm to a second terminal, the first negotiation request carrying a first negotiation identifier of the target algorithm; determining whether the second terminal accepts the first negotiation identifier; if the second terminal does not accept the first negotiation identifier, using a second negotiation identifier of the target algorithm, sending a second negotiation request for the target algorithm to the second terminal until an acceptance feedback message is received from the second terminal, then using the negotiation identifier at the time of receiving the acceptance feedback message as the target negotiation identifier; wherein, when the first terminal receives a message from the second terminal carrying the first negotiation identifier and the second negotiation identifier, it processes the message using the target algorithm.
[0005] In an optional implementation, determining whether the second terminal accepts the first negotiation identifier includes: determining whether the second terminal accepts the first negotiation identifier by receiving a feedback message sent by the second terminal; wherein, if the feedback message carries a specified field for indicating that the message is invalid, it is determined that the second terminal has not accepted the first negotiation identifier.
[0006] In an optional implementation, determining whether the second terminal accepts the first negotiation identifier includes: determining whether the time difference between the current time and the sending time of sending the first negotiation request exceeds a time threshold; wherein, if the time difference exceeds the time threshold, it is determined that the second terminal has not accepted the first negotiation identifier.
[0007] In the above implementation, the decision on whether the second terminal accepts the negotiation is determined by the feedback from the second terminal, thus achieving the negotiation objective with a relatively small amount of computation.
[0008] In an optional implementation, the method further includes: obtaining a third negotiation request sent by the second terminal, the third negotiation request carrying a third negotiation identifier; and determining the third negotiation identifier as a target negotiation identifier.
[0009] In the above embodiments, an active negotiation request sent by a second terminal can also be received, and a target negotiation identifier can be determined based on the third negotiation identifier of the second terminal, which can better adapt to the processing needs of the second terminal.
[0010] In an optional implementation, determining the third negotiation identifier as the target negotiation identifier includes: if the algorithm identifier of the target algorithm of the first terminal is the same as the third negotiation identifier, then the third negotiation identifier is determined as the target negotiation identifier; if the algorithm identifier of the target algorithm of the first terminal is not the same as the third negotiation identifier, then an adaptive algorithm is started to determine the third negotiation identifier as the target negotiation identifier.
[0011] In the above implementation, regardless of whether the target algorithm identifier of the first terminal is the same as the third negotiation identifier of the second terminal, the processing requirements of the second terminal can be adapted. By providing an adaptive algorithm, regardless of the algorithm identifiers configured by both parties or whether the second terminal supports adaptive algorithm negotiation, the configuration difficulty is reduced and the ease of use is improved.
[0012] In an optional implementation, sending the first negotiation request for the target algorithm to the second terminal includes: sending the first negotiation request for the target algorithm to the second terminal at a set time; or,
[0013] The step of obtaining the third negotiation request sent by the second terminal includes: obtaining the third negotiation request sent by the second terminal according to a set time.
[0014] In the above implementation, algorithm negotiation can be performed every certain period of time, which can adapt to changes in the first terminal and the second terminal and improve the applicability of the target algorithm.
[0015] In an optional implementation, the method further includes: constructing a communication tunnel between the first terminal and the second terminal, and configuring the communication tunnel with the first negotiation identifier and the target negotiation identifier; wherein, when the communication tunnel receives a message carrying the first negotiation identifier and the target negotiation identifier, it calls the target algorithm to process it.
[0016] In the above implementation, by configuring multiple negotiation identifiers in the communication tunnel, different algorithm identifiers can be used to process messages using the required algorithms.
[0017] Secondly, the present invention provides a message processing method, comprising:
[0018] Receive pending messages sent by the second terminal;
[0019] Obtain the algorithm identifier at a specified position in the message to be processed;
[0020] If the algorithm identifier is the target negotiation identifier determined by the method described in any of the foregoing embodiments, then the target algorithm is invoked to process the message to be processed.
[0021] Thirdly, the present invention provides an algorithm negotiation device applied to a first terminal, the algorithm negotiation device comprising:
[0022] The first sending module is used to send a first negotiation request for the target algorithm to the second terminal, wherein the first negotiation request carries a first negotiation identifier of the target algorithm;
[0023] The judgment module is used to determine whether the second terminal accepts the first negotiation identifier;
[0024] The second sending module is configured to, if the second terminal does not accept the first negotiation identifier, send a second negotiation request for the target algorithm to the second terminal using the second negotiation identifier of the target algorithm, until an acceptance feedback message is received from the second terminal, and then use the negotiation identifier at the time of receiving the acceptance feedback message as the target negotiation identifier.
[0025] Fourthly, the present invention provides a message processing apparatus, comprising:
[0026] The first receiving module is used to receive messages to be processed sent by the second terminal;
[0027] The acquisition module is used to acquire the algorithm identifier at a specified position of the message to be processed;
[0028] The first determining module is used to call the target algorithm to process the message to be processed if the algorithm identifier is the target negotiation identifier determined by the algorithm negotiation method.
[0029] Fifthly, the present invention provides an electronic device, comprising: a processor and a memory, wherein the memory stores machine-readable instructions executable by the processor, and when the electronic device is running, the machine-readable instructions are executed by the processor to perform the steps of the method described in any of the foregoing embodiments.
[0030] In a sixth aspect, the present invention provides a computer-readable storage medium storing a computer program that, when executed by a processor, performs the steps of the method described in any of the foregoing embodiments.
[0031] The beneficial effects of this application's embodiments include: by negotiating the algorithm with the second terminal that needs to communicate in advance, the situation where different terminals register different algorithm identifiers for the same algorithm and cannot process messages due to different algorithm identifiers is avoided, thereby adapting to more usage scenarios and improving the effectiveness of message processing. Attached Figure Description
[0032] To more clearly illustrate the technical solutions of the embodiments of this application, the accompanying drawings used in the embodiments will be briefly introduced below. It should be understood that the following drawings only show some embodiments of this application and should not be regarded as a limitation of the scope. For those skilled in the art, other related drawings can be obtained based on these drawings without creative effort.
[0033] Figure 1 A schematic diagram illustrating the interaction between multiple terminals provided in the embodiments of this application;
[0034] Figure 2 A block diagram illustrating an electronic device provided in an embodiment of this application;
[0035] Figure 3 A flowchart of the algorithm negotiation method provided in the embodiments of this application;
[0036] Figure 4 This is a schematic diagram of the functional modules of the algorithm negotiation device provided in the embodiments of this application;
[0037] Figure 5 A flowchart of the message processing method provided in the embodiments of this application;
[0038] Figure 6 This is a schematic diagram of the functional modules of the message processing device provided in the embodiments of this application. Detailed Implementation
[0039] The technical solutions in the embodiments of this application will now be described with reference to the accompanying drawings.
[0040] It should be noted that similar reference numerals and letters in the following figures indicate similar items; therefore, once an item is defined in one figure, it does not need to be further defined and explained in subsequent figures. Furthermore, in the description of this application, terms such as "first," "second," etc., are used only to distinguish descriptions and should not be construed as indicating or implying relative importance.
[0041] The inventors of this application have learned that in communication between two terminals, if different terminals use the same algorithm but have different algorithm identifiers, it may result in different terminals being unable to process each other's messages. For example, in the configuration parameters of the Network Key Exchange Protocol (IKE) of the current Internet Protocol Security (IPSec), most major manufacturers support configuring the encryption algorithm of ESP (Encapsulating Security Payload) messages as SM4. However, different manufacturers use different algorithm identifiers for the SM4 algorithm. For example, in some terminal devices, the SM4 algorithm is represented as 129, while in most manufacturers' devices, the SM4 algorithm is represented as 127. Therefore, in the transmission of messages between two types of terminals with different algorithm identifiers, because the algorithm identifiers they carry are different, when any one type of terminal receives a message from the other type of terminal, it cannot call the SM4 algorithm for processing due to the different algorithm identifiers it carries.
[0042] Based on this, the algorithm negotiation method, message processing method, electronic device, and readable storage medium provided in this application enable successful interoperability between terminals using different algorithm identifiers, thereby improving the compatibility of message processing. Furthermore, by using an adaptive algorithm, interoperability can be achieved as long as the same algorithm is used, regardless of the algorithm identifier.
[0043] To facilitate understanding of this embodiment, the operating environment for executing the algorithm negotiation method or message processing method disclosed in this application embodiment will first be described in detail.
[0044] like Figure 1 The diagram illustrates the interaction between different terminal devices according to an embodiment of this application. A first terminal 110 establishes a communication connection with one or more second terminals 120 via a network for data communication or interaction. The first terminal 110 and the second terminal 120 can be a web server, database server, personal computer (PC), tablet computer, smartphone, personal digital assistant (PDA), etc.
[0045] For example, the first terminal 110 may also be a computer system consisting of multiple electronic devices or servers.
[0046] A communication tunnel can be established between the first terminal 110 and the second terminal 120 for message transmission. Both the first terminal 110 and the second terminal 120 can run the target algorithm. The algorithm identifier of the target algorithm in the first terminal 110 can be the same as or different from the algorithm identifier in the second terminal 120.
[0047] like Figure 2 The diagram shown is a block illustration of an electronic device 200. The electronic device 200 may include a memory 111 and a processor 113. Those skilled in the art will understand that... Figure 2 The structure shown is for illustrative purposes only and does not limit the structure of the electronic device 200. For example, the electronic device 200 may also include components that are more... Figure 2 The more or fewer components shown, or having the same Figure 2 The different configurations shown.
[0048] The memory 211 and processor 213 described above are electrically connected directly or indirectly to enable data transmission or interaction. For example, these components can be electrically connected to each other via one or more communication buses or signal lines. The processor 213 described above is used to execute executable modules stored in the memory.
[0049] The memory 211 can be, but is not limited to, Random Access Memory (RAM), Read Only Memory (ROM), Programmable Read-Only Memory (PROM), Erasable Programmable Read-Only Memory (EPROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), etc. The memory 211 stores programs, and the processor 213 executes these programs upon receiving execution instructions. The methods executed by the electronic device 200, as defined in any embodiment of this application, can be applied to or implemented by the processor 213.
[0050] The aforementioned processor 213 may be an integrated circuit chip with signal processing capabilities. The processor 213 may be a general-purpose processor, including a Central Processing Unit (CPU), a Network Processor (NP), etc.; it may also be a digital signal processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field-Programmable Gate Array (FPGA), or other programmable logic devices, discrete gate or transistor logic devices, or discrete hardware components. It can implement or execute the methods, steps, and logic block diagrams disclosed in the embodiments of this application. The general-purpose processor may be a microprocessor or any conventional processor.
[0051] The above Figure 1 The first terminal 110 and the second terminal 120 shown may include Figure 2 The components of the electronic device 200 shown, of course, the first terminal 110 and the second terminal 120 may also include more than Figure 2 The electronic device shown has 200 or more or fewer components.
[0052] The electronic device 200 in this embodiment can be used to execute various steps in the various methods provided in the embodiments of this application. The implementation process of the algorithm negotiation method and the message processing method is described in detail below through several embodiments.
[0053] Please see Figure 3 This is a flowchart of the algorithm negotiation method provided in this application embodiment. The steps in the algorithm negotiation algorithm in this embodiment are... Figure 1 The first terminal shown is executed. The following will discuss... Figure 3 The specific process shown will be explained in detail.
[0054] Step 310: Send a first negotiation request for the target algorithm to the second terminal.
[0055] The first negotiation request carries the first negotiation identifier of the target algorithm.
[0056] The target algorithm can be an algorithm that has been registered with multiple algorithm identifiers by different vendors. For example, the target algorithm can be the SM4 algorithm, which has been registered with different vendors using algorithm identifiers including 127 and 129. The target algorithm can also be other algorithms in the ESP (Encapsulating Security Payload) encryption algorithm.
[0057] The first negotiation identifier is used to mark the target algorithm. This first negotiation identifier can be the identity document (ID) of the target algorithm. One algorithm can correspond to one or more identifiers, but one identifier can only refer to one algorithm.
[0058] Of course, the target algorithm can also be any other algorithm that may include two or more algorithm identifiers.
[0059] Optionally, the algorithm negotiation process can be initiated according to a set time. For example, a first negotiation request for the target algorithm is sent to the second terminal according to the set time.
[0060] The set time can be configured on demand, for example, starting the algorithm negotiation process every eight hours or every forty-eight hours. Alternatively, the algorithm negotiation process can be started at a specified time each day. Or, it can be started upon receiving a negotiation command triggered by a user.
[0061] Step 320: Determine whether the second terminal accepts the first negotiation identifier.
[0062] If the second terminal does not accept the first negotiation identifier, then proceed to step 330.
[0063] In one implementation, the system determines whether the second terminal accepts the first negotiation identifier by receiving a feedback message sent by the second terminal.
[0064] If the feedback message carries a specified field to indicate that the message is invalid, then it is determined that the second terminal has not accepted the first negotiation identifier.
[0065] For example, the specified field used to indicate that a message is invalid can be an invalid message.
[0066] In another implementation, it is determined whether the time difference between the current time and the time when the first negotiation request was sent exceeds a time threshold.
[0067] If the time difference exceeds the time threshold, it is determined that the second terminal has not accepted the first negotiation identifier.
[0068] Step 330: Using the second negotiation identifier of the target algorithm, a second negotiation request for the target algorithm is sent to the second terminal.
[0069] Steps 310 to 330 can be repeated until the acceptance feedback message from the second terminal is received. The negotiation identifier at the time the acceptance feedback message is received is then used as the target negotiation identifier.
[0070] When the first terminal receives a message from the second terminal carrying the first negotiation identifier and the second negotiation identifier, it processes it using the target algorithm.
[0071] After step 330, a communication tunnel between the first terminal and the second terminal can be constructed, and a target negotiation identifier can be configured for the communication tunnel.
[0072] If the target negotiation identifier is the same as the first negotiation identifier of the first terminal, then the target negotiation identifier can be configured only for the communication tunnel; if the target negotiation identifier is different from the first negotiation identifier of the first terminal, then both the target negotiation identifier and the first negotiation identifier can be configured for the communication tunnel.
[0073] When the communication tunnel receives a message carrying the first negotiation identifier and the target negotiation identifier, it calls the target algorithm to process it.
[0074] Through the above negotiation process, even if the algorithm identifier of the target algorithm used by the first terminal is different from that of the target algorithm used by the second terminal, it is still possible to achieve message communication between them and to process the target algorithm.
[0075] In another scenario, the second terminal may proactively initiate a negotiation request, and the first terminal can adaptively adjust the target negotiation identifier based on the negotiation request from the second terminal. Therefore, before step 310 or after step 330, the algorithm negotiation method of this embodiment may further include:
[0076] Step 340: Obtain the third negotiation request sent by the second terminal.
[0077] The third negotiation request should include the third negotiation identifier.
[0078] The third negotiation identifier can be the algorithm identifier corresponding to the target algorithm in the second terminal. That is, when the second terminal sends a message, the algorithm identifier carried in the message is the third negotiation identifier.
[0079] Optionally, the algorithm negotiation process can be initiated according to a set time. For example, the third negotiation request sent by the second terminal can be obtained according to the set time.
[0080] The set time can be configured on demand, for example, starting the algorithm negotiation process every eight hours or every forty-eight hours. Alternatively, the algorithm negotiation process can be started at a specified time each day. Or, it can be started upon receiving a negotiation command triggered by a user.
[0081] Step 350: Determine that the third negotiation identifier is the target negotiation identifier.
[0082] If the algorithm identifier of the target algorithm of the first terminal is the same as the third negotiation identifier, then the third negotiation identifier is determined to be the target negotiation identifier.
[0083] If the algorithm identifier of the target algorithm of the first terminal is different from the third negotiation identifier, then the adaptive algorithm is started to determine the third negotiation identifier as the target negotiation identifier.
[0084] This adaptive algorithm is used when the same algorithm is used at both ends but different algorithm identifiers are applied. For example, after activating the adaptive algorithm, it can accept the algorithm identifier provided by the second terminal. Therefore, upon receiving a message carrying the third negotiation identifier from the second terminal, the target algorithm can be invoked for further processing.
[0085] After step 350, a communication tunnel between the first terminal and the second terminal can be constructed, and a target negotiation identifier can be configured for the communication tunnel.
[0086] If the target negotiation identifier is the same as the first negotiation identifier of the first terminal, then the target negotiation identifier can be configured only for the communication tunnel; if the target negotiation identifier is different from the first negotiation identifier of the first terminal, then both the target negotiation identifier and the first negotiation identifier can be configured for the communication tunnel.
[0087] When the communication tunnel receives a message carrying the first negotiation identifier and the target negotiation identifier, it calls the target algorithm to process it.
[0088] In this embodiment, after determining the target negotiation identifier, an algorithm instance with the target negotiation identifier can be set for the target algorithm. For example, the algorithm instance can be configured using common configuration methods found in open-source code. When constructing a communication tunnel between the first terminal and the second terminal, the sm4id129 algorithm can be registered for this communication tunnel.
[0089] Taking the target algorithm as SM4 as an example, the algorithm identifier of the SM4 algorithm in the first terminal is 127, so the algorithm instance with the algorithm identifier 127 can be named sm4; while the target negotiation identifier is 129, so the algorithm instance with the algorithm identifier 129 can be named sm4id129. The algorithm configured for both algorithm instance sm4 and algorithm instance sm4id129 is the SM4 algorithm.
[0090] When constructing a communication tunnel between the first terminal and the second terminal, the sm4id129 algorithm can be registered for the communication tunnel.
[0091] In the above example, algorithm instance sm4id129 and algorithm instance sm4 are identical except for the algorithm identifier. For example, the other information may include the same block cipher encryption algorithm registered by the instance.
[0092] Optionally, the communication tunnel may also be configured with a flag bit to determine whether the adaptive algorithm is enabled. If the adaptive algorithm is enabled, the algorithm in steps 310 to 350 can be used to achieve successful negotiation regardless of whether the algorithm identifiers of the first terminal and the second terminal are the same, thus enabling message exchange between the first terminal and the second terminal.
[0093] For example, if the flag bit is a first value, it indicates that the adaptive algorithm can be enabled; if the flag bit is a second value, it indicates that the adaptive algorithm can be disabled. The specific values of the first and second values can be set as needed. For example, the first value can be 1 and the second value can be 0; or, for another example, the first value can be on and the second value can be off.
[0094] In the above steps, the algorithm can be negotiated with the second terminal that needs to communicate in advance to avoid the situation where different terminals register different algorithm identifiers for the same algorithm, which would prevent processing due to different algorithm identifiers. This can adapt to more use cases and improve the effectiveness of message processing.
[0095] The following uses the SM4 algorithm as an example to describe the flow of the algorithm negotiation method provided in the embodiments of this application:
[0096] In one scenario, the second terminal initiates the negotiation:
[0097] If the adaptive algorithm is not enabled, the two terminals will fail to negotiate if their SM4 algorithm identifiers are different. Only packets with the same algorithm identifier can negotiate successfully.
[0098] If the adaptive algorithm is enabled, two terminals with different SM4 algorithm identifiers can successfully negotiate with each other. In this case, if the two terminals have different SM4 algorithm identifiers, the negotiated target algorithm identifier will be the algorithm identifier proposed by the second terminal. That is, if the SM4 algorithm identifier of the second terminal is 129 and the SM4 algorithm identifier of the first terminal is 127, the negotiated target algorithm identifier will be 129; if the SM4 algorithm identifier of the second terminal is 127 and the SM4 algorithm identifier of the first terminal is 129, the negotiated target algorithm identifier will be 127.
[0099] If the first terminal initiates negotiation:
[0100] If the adaptive algorithm is not enabled, the negotiation will fail if the SM4 algorithm identifiers of the two terminals are different. Negotiation will only succeed if the SM4 algorithm identifiers of the two terminals are the same.
[0101] If the adaptive algorithm is enabled, the two terminals can successfully negotiate even if their SM4 algorithm identifiers are different. The basis for determining that the second terminal does not support the first terminal's SM4 algorithm identifier is: the second terminal returns an invalid message or fails to receive a response message after a timeout. This confirms that the second terminal does not support the first terminal's SM4 algorithm identifier, and the negotiation has failed. In this case, the first terminal device can use a message with a different SM4 algorithm identifier to renegotiate and wait for the second terminal's response message. If the second terminal device is compatible, a maximum of two negotiation attempts are needed for successful negotiation.
[0102] After successful negotiation, the IPSEC kernel protocol stack will add a secure connection configured with the ESP encryption algorithm. When the second terminal sends a data packet into the IPSEC protocol stack for encryption and decryption, it can use the encryption and decryption algorithm corresponding to the SM4 algorithm identifier negotiated above for encryption and decryption.
[0103] In the above example, by supporting the configuration of SM4 algorithm identifiers, device compatibility between different devices is expanded. Furthermore, an adaptive algorithm is provided, enabling interface communication with the other end regardless of the algorithm identifiers configured on the multiple devices or whether the other end supports adaptive algorithm negotiation, thus facilitating interaction between the two ends.
[0104] Based on the same application concept, this application also provides an algorithm negotiation device corresponding to the algorithm negotiation method. Since the principle of the device in this application is similar to that of the aforementioned algorithm negotiation method embodiment, the implementation of the device in this application can refer to the description in the above method embodiment, and the repeated parts will not be repeated.
[0105] Please see Figure 4 This is a functional module diagram of the algorithm negotiation device provided in this application embodiment. Each module in the algorithm negotiation device in this embodiment is used to execute the steps in the above method embodiments. The algorithm negotiation device includes: a first sending module 410, a judging module 420, and a second sending module 430; the contents of each module are as follows:
[0106] The first sending module 410 is used to send a first negotiation request for the target algorithm to the second terminal, the first negotiation request carrying a first negotiation identifier of the target algorithm;
[0107] The judgment module 420 is used to determine whether the second terminal accepts the first negotiation identifier;
[0108] The second sending module 430 is configured to, if the second terminal does not accept the first negotiation identifier, use the second negotiation identifier of the target algorithm to send a second negotiation request for the target algorithm to the second terminal until an acceptance feedback message is received from the second terminal, and then use the negotiation identifier at the time of receiving the acceptance feedback message as the target negotiation identifier.
[0109] In one possible implementation, the determination module 420 is used to determine whether the second terminal accepts the first negotiation identifier by receiving a feedback message sent by the second terminal; wherein, if the feedback message carries a specified field for indicating that the message is invalid, it is determined that the second terminal has not accepted the first negotiation identifier.
[0110] In one possible implementation, the determination module 420 is used to determine whether the time difference between the current time and the sending time of sending the first negotiation request exceeds a time threshold; wherein, if the time difference exceeds the time threshold, it is determined that the second terminal has not accepted the first negotiation identifier.
[0111] In one possible implementation, the algorithm negotiation device of this embodiment may further include:
[0112] The second receiving module is used to obtain the third negotiation request sent by the second terminal, the third negotiation request carrying a third negotiation identifier;
[0113] The second determining module is used to determine that the third negotiation identifier is the target negotiation identifier.
[0114] In one possible implementation, the second determining module is configured to determine the third negotiation identifier as the target negotiation identifier if the algorithm identifier of the target algorithm of the first terminal is the same as the third negotiation identifier; and to activate an adaptive algorithm to determine the third negotiation identifier as the target negotiation identifier if the algorithm identifier of the target algorithm of the first terminal is different from the third negotiation identifier.
[0115] In one possible implementation, the first sending module 410 is configured to send a first negotiation request for the target algorithm to the second terminal at a set time; or,
[0116] The second receiving module is used to acquire the third negotiation request sent by the second terminal according to a set time.
[0117] In one possible implementation, the algorithm negotiation device of this embodiment may further include: a construction module, configured to construct a communication tunnel between the first terminal and the second terminal, and configure the first negotiation identifier and the target negotiation identifier for the communication tunnel; wherein, when the communication tunnel receives a message carrying the first negotiation identifier and the target negotiation identifier, it calls the target algorithm to process it.
[0118] Please see Figure 5 This is a flowchart of the message processing method provided in the embodiments of this application. The following will describe... Figure 5 The specific process shown will be explained in detail.
[0119] Step 510: Receive the message to be processed sent by the second terminal.
[0120] For example, the message to be processed may be an encrypted message, which may be encrypted using the SM4 algorithm.
[0121] Step 520: Obtain the algorithm identifier at a specified location of the message to be processed.
[0122] This algorithm identifier is used to mark the algorithm that processes the message to be processed. For example, the algorithm identifier could be the SM4 algorithm identifier. The algorithm identifier could be 127 or 129.
[0123] Step 530: If the algorithm identifier is the target negotiation identifier determined by the algorithm negotiation method, then the target algorithm is invoked to process the message to be processed.
[0124] The algorithm negotiation method involved in step 530 of this embodiment can be the same as the algorithm negotiation method in the above embodiments. For other details about the algorithm negotiation algorithm in this embodiment, please refer to the description in the previous embodiments, which will not be repeated here.
[0125] In this embodiment, when the first terminal sends a message to the second terminal, the target negotiation identifier determined through steps 310 to 350 can be written to the designated location. This target negotiation identifier can be the algorithm identifier corresponding to the target algorithm in the first terminal; alternatively, it can be a different algorithm identifier than the one corresponding to the target algorithm in the first terminal, but rather the algorithm identifier corresponding to the target algorithm in the second terminal.
[0126] Based on the same application concept, this application also provides a message processing device corresponding to the message processing method. Since the principle of the device in this application is similar to that of the aforementioned message processing method embodiment, the implementation of the device in this application can refer to the description in the above method embodiment, and the repeated parts will not be repeated.
[0127] Please see Figure 6 This is a functional module diagram of the message processing apparatus provided in this application embodiment. Each module in the message processing apparatus of this embodiment is used to execute the steps in the above method embodiments. The message processing apparatus includes: a first receiving module 610, an acquiring module 620, and a first determining module 630; wherein the contents of each module are as follows:
[0128] The first receiving module 610 is used to receive the message to be processed sent by the second terminal;
[0129] The acquisition module 620 is used to acquire the algorithm identifier at a specified position of the message to be processed;
[0130] The first determining module 630 is used to call the target algorithm to process the message to be processed if the algorithm identifier is the target negotiation identifier determined by the algorithm negotiation method.
[0131] The algorithm negotiation method involved in the first determining module 630 in this embodiment can be the same as the algorithm negotiation method in the above embodiment. Other details about the algorithm negotiation algorithm in this embodiment can be found in the description in the previous embodiment, and will not be repeated here.
[0132] Furthermore, embodiments of this application also provide a computer-readable storage medium storing a computer program, which, when run by a processor, executes the steps of the algorithm negotiation method or message processing method described in the above method embodiments.
[0133] The computer program product of the algorithm negotiation method and message processing method provided in the embodiments of this application includes a computer-readable storage medium storing program code. The instructions included in the program code can be used to execute the steps of the algorithm negotiation method or message processing method described in the above method embodiments. For details, please refer to the above method embodiments, which will not be repeated here.
[0134] In the several embodiments provided in this application, it should be understood that the disclosed apparatus and methods can also be implemented in other ways. The apparatus embodiments described above are merely illustrative. For example, the flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods, and computer program products according to various embodiments of this application. In this regard, each block in a flowchart or block diagram may represent a module, segment, or portion of code containing one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, the functions marked in the blocks may occur in a different order than those marked in the drawings. For example, two consecutive blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in a block diagram and / or flowchart, and combinations of blocks in block diagrams and / or flowcharts, can be implemented using a dedicated hardware-based system that performs the specified function or action, or using a combination of dedicated hardware and computer instructions.
[0135] In addition, the functional modules in the various embodiments of this application can be integrated together to form an independent part, or each module can exist independently, or two or more modules can be integrated to form an independent part.
[0136] If the aforementioned functions are implemented as software functional modules and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or a part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks. It should be noted that in this document, relational terms such as "first" and "second" are used only to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element.
[0137] The above description is merely a preferred embodiment of this application and is not intended to limit this application. Various modifications and variations can be made to this application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this application should be included within the protection scope of this application. It should be noted that similar reference numerals and letters in the following figures indicate similar items; therefore, once an item is defined in one figure, it does not need to be further defined and explained in subsequent figures.
[0138] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the technical scope disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.
Claims
1. An algorithm negotiation method, characterized by, Applied to the first terminal, the algorithm negotiation method includes: Send a first negotiation request for the target algorithm to the second terminal, wherein the first negotiation request carries a first negotiation identifier of the target algorithm; Determine whether the second terminal accepts the first negotiation identifier; If the second terminal does not accept the first negotiation identifier, the second negotiation identifier of the target algorithm is used to send a second negotiation request for the target algorithm to the second terminal until the acceptance feedback message of the second terminal is received. Then, the negotiation identifier when the acceptance feedback message is received is used as the target negotiation identifier. If a third negotiation request sent by the second terminal is obtained, and the third negotiation request carries a third negotiation identifier; the third negotiation identifier is determined to be a target negotiation identifier; Specifically, when the first terminal receives a message from the second terminal carrying the first negotiation identifier and the second negotiation identifier, it processes it using the target algorithm.
2. The method of claim 1, wherein, The step of determining whether the second terminal accepts the first negotiation identifier includes: By receiving the feedback message sent by the second terminal, it is determined whether the second terminal accepts the first negotiation identifier; If the feedback message carries a specified field indicating that the message is invalid, then it is determined that the second terminal has not accepted the first negotiation identifier.
3. The method of claim 1, wherein, The step of determining whether the second terminal accepts the first negotiation identifier includes: Determine whether the time difference between the current time and the time when the first negotiation request was sent exceeds a time threshold; If the time difference exceeds a time threshold, it is determined that the second terminal has not accepted the first negotiation identifier.
4. The method according to claim 1, characterized in that, The step of determining the third negotiation identifier as the target negotiation identifier includes: If the algorithm identifier of the target algorithm of the first terminal is the same as the third negotiation identifier, then the third negotiation identifier is determined to be the target negotiation identifier; If the algorithm identifier of the target algorithm of the first terminal is different from the third negotiation identifier, then the adaptive algorithm is started to determine the third negotiation identifier as the target negotiation identifier.
5. The method according to claim 1, characterized in that, Sending the first negotiation request for the target algorithm to the second terminal includes: sending the first negotiation request for the target algorithm to the second terminal at a set time; or... The step of obtaining the third negotiation request sent by the second terminal includes: obtaining the third negotiation request sent by the second terminal according to a set time.
6. The method according to claim 1, characterized in that, The method further includes: Construct a communication tunnel between the first terminal and the second terminal, and configure the first negotiation identifier and the target negotiation identifier for the communication tunnel; When the communication tunnel receives a message carrying the first negotiation identifier and the target negotiation identifier, it invokes the target algorithm to process it.
7. A message processing method, characterized in that, include: Receive pending messages sent by the second terminal; Obtain the algorithm identifier at a specified position in the message to be processed; If the algorithm identifier is the target negotiation identifier determined by the method described in any one of claims 1-6, then the target algorithm is invoked to process the message to be processed.
8. An algorithm negotiation device, characterized in that, Applied to the first terminal, the algorithm negotiation device includes: The first sending module is used to send a first negotiation request for the target algorithm to the second terminal, wherein the first negotiation request carries a first negotiation identifier of the target algorithm; The judgment module is used to determine whether the second terminal accepts the first negotiation identifier; The second sending module is configured to send a second negotiation request for the target algorithm to the second terminal using the second negotiation identifier of the target algorithm if the second terminal does not accept the first negotiation identifier, until an acceptance feedback message is received from the second terminal, and then use the negotiation identifier at the time of receiving the acceptance feedback message as the target negotiation identifier. The second receiving module is used to obtain the third negotiation request sent by the second terminal, the third negotiation request carrying a third negotiation identifier; The second determining module is used to determine that the third negotiation identifier is the target negotiation identifier.
9. A message processing apparatus, characterized in that, include: The first receiving module is used to receive messages to be processed sent by the second terminal; The acquisition module is used to acquire the algorithm identifier at a specified position of the message to be processed; The first determining module is used to call the target algorithm to process the message to be processed if the algorithm identifier is the target negotiation identifier determined by the method of any one of claims 1-6.
10. An electronic device, characterized in that, include: The processor and memory, wherein the memory stores machine-readable instructions executable by the processor, wherein when the electronic device is running, the machine-readable instructions are executed by the processor to perform the steps of the method as described in any one of claims 1 to 7.
11. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program that, when executed by a processor, performs the steps of the method as described in any one of claims 1 to 7.