Project homepage Mailing List  Warmcat.com  API Docs  Github Mirror 
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1713909143, "reponame":"libwebsockets", "desc":"libwebsockets lightweight C networking library", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://libwebsockets.org/repo/libwebsockets", "f":3, "items": [ {"schema":"libjg2-1", "cid":"4c46e4b4e9cbb950b74b070b6f798b4c", "oid":{ "oid": "f28a45246e7ea479718ddba5e80deb355b23f5f3", "alias": [ "refs/heads/main"]},"blobname": "include/libwebsockets/lws-jwe.h", "blob": " /*\n * libwebsockets - small server side websockets and web server implementation\n *\n * Copyright (C) 2010 - 2019 Andy Green \u003candy@warmcat.com\u003e\n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \u0022Software\u0022), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \u0022AS IS\u0022, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n *\n * JWE Compact Serialization consists of\n *\n * BASE64URL(UTF8(JWE Protected Header)) || '.' ||\n * BASE64URL(JWE Encrypted Key)\t || '.' ||\n * BASE64URL(JWE Initialization Vector) || '.' ||\n * BASE64URL(JWE Ciphertext)\t || '.' ||\n * BASE64URL(JWE Authentication Tag)\n */\n\n#define LWS_JWE_RFC3394_OVERHEAD_BYTES 8\n#define LWS_JWE_AES_IV_BYTES 16\n\n#define LWS_JWE_LIMIT_RSA_KEY_BITS 4096\n#define LWS_JWE_LIMIT_AES_KEY_BITS (512 + 64) /* RFC3394 Key Wrap adds 64b */\n#define LWS_JWE_LIMIT_EC_KEY_BITS 528 /* 521 rounded to byte boundary */\n#define LWS_JWE_LIMIT_HASH_BITS (LWS_GENHASH_LARGEST * 8)\n\n/* the largest key element for any cipher */\n#define LWS_JWE_LIMIT_KEY_ELEMENT_BYTES (LWS_JWE_LIMIT_RSA_KEY_BITS / 8)\n\n\nstruct lws_jwe {\n\tstruct lws_jose jose;\n\tstruct lws_jws jws;\n\tstruct lws_jwk jwk;\n\n\t/*\n\t * We have to keep a copy of the CEK so we can reuse it with later\n\t * key encryptions for the multiple recipient case.\n\t */\n\tuint8_t cek[LWS_JWE_LIMIT_KEY_ELEMENT_BYTES];\n\tunsigned int cek_valid:1;\n\n\tint recip;\n};\n\nLWS_VISIBLE LWS_EXTERN void\nlws_jwe_init(struct lws_jwe *jwe, struct lws_context *context);\n\nLWS_VISIBLE LWS_EXTERN void\nlws_jwe_destroy(struct lws_jwe *jwe);\n\nLWS_VISIBLE LWS_EXTERN void\nlws_jwe_be64(uint64_t c, uint8_t *p8);\n\n/*\n * JWE Compact Serialization consists of\n *\n * BASE64URL(UTF8(JWE Protected Header)) || '.' ||\n * BASE64URL(JWE Encrypted Key)\t || '.' ||\n * BASE64URL(JWE Initialization Vector) || '.' ||\n * BASE64URL(JWE Ciphertext)\t || '.' ||\n * BASE64URL(JWE Authentication Tag)\n */\n\nLWS_VISIBLE LWS_EXTERN int\nlws_jwe_render_compact(struct lws_jwe *jwe, char *out, size_t out_len);\n\nLWS_VISIBLE int\nlws_jwe_render_flattened(struct lws_jwe *jwe, char *out, size_t out_len);\n\nLWS_VISIBLE LWS_EXTERN int\nlws_jwe_json_parse(struct lws_jwe *jwe, const uint8_t *buf, int len,\n\t\t char *temp, int *temp_len);\n\n/**\n * lws_jwe_auth_and_decrypt() - confirm and decrypt JWE\n *\n * \u005cparam jose: jose context\n * \u005cparam jws: jws / jwe context... .map and .map_b64 must be filled already\n *\n * This is a high level JWE decrypt api that takes a jws with the maps\n * already processed, and if the authentication passes, returns the decrypted\n * plaintext in jws.map.buf[LJWE_CTXT] and its length in jws.map.len[LJWE_CTXT].\n *\n * In the jws, the following fields must have been set by the caller\n *\n * .context\n * .jwk (the key encryption key)\n * .map\n * .map_b64\n *\n * Having the b64 and decoded maps filled externally makes it flexible where\n * the data was picked from, eg, from a Complete JWE JSON serialization, a\n * flattened one, or a Compact Serialization.\n *\n * Returns decrypt length, or -1 for failure.\n */\nLWS_VISIBLE LWS_EXTERN int\nlws_jwe_auth_and_decrypt(struct lws_jwe *jwe, char *temp, int *temp_len);\n\n/**\n * lws_jwe_encrypt() - perform JWE encryption\n *\n * \u005cparam jose: the JOSE header information (encryption types, etc)\n * \u005cparam jws: the JWE elements, pointer to jwk etc\n * \u005cparam temp: parent-owned buffer to \u0022allocate\u0022 elements into\n * \u005cparam temp_len: amount of space available in temp\n *\n * May be called up to LWS_JWS_MAX_RECIPIENTS times to encrypt the same CEK\n * multiple ways on the same JWE payload.\n *\n * returns the amount of temp used, or -1 for error.\n */\nLWS_VISIBLE LWS_EXTERN int\nlws_jwe_encrypt(struct lws_jwe *jwe, char *temp, int *temp_len);\n\n/**\n * lws_jwe_create_packet() - add b64 sig to b64 hdr + payload\n *\n * \u005cparam jwe: the struct lws_jwe we are trying to render\n * \u005cparam payload: unencoded payload JSON\n * \u005cparam len: length of unencoded payload JSON\n * \u005cparam nonce: Nonse string to include in protected header\n * \u005cparam out: buffer to take signed packet\n * \u005cparam out_len: size of \u005cp out buffer\n * \u005cparam conext: lws_context to get random from\n *\n * This creates a \u0022flattened\u0022 JWS packet from the jwk and the plaintext\n * payload, and signs it. The packet is written into \u005cp out.\n *\n * This does the whole packet assembly and signing, calling through to\n * lws_jws_sign_from_b64() as part of the process.\n *\n * Returns the length written to \u005cp out, or -1.\n */\nLWS_VISIBLE LWS_EXTERN int\nlws_jwe_create_packet(struct lws_jwe *jwe,\n\t\t const char *payload, size_t len, const char *nonce,\n\t\t char *out, size_t out_len, struct lws_context *context);\n\n\n/* only exposed because we have test vectors that need it */\nLWS_VISIBLE LWS_EXTERN int\nlws_jwe_auth_and_decrypt_cbc_hs(struct lws_jwe *jwe, uint8_t *enc_cek,\n\t\t\t\t\tuint8_t *aad, int aad_len);\n\n/* only exposed because we have test vectors that need it */\nLWS_VISIBLE LWS_EXTERN int\nlws_jwa_concat_kdf(struct lws_jwe *jwe, int direct,\n\t\t uint8_t *out, const uint8_t *shared_secret, int sslen);\n","s":{"c":1713812802,"u": 277}} ],"g": 9673,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "7d0a"}