Go to the source code of this file.
|
| LWS_VISIBLE int | lws_genecdh_create (struct lws_genec_ctx *ctx, struct lws_context *context, const struct lws_ec_curves *curve_table) |
| |
| LWS_VISIBLE LWS_EXTERN int | lws_genecdh_set_key (struct lws_genec_ctx *ctx, struct lws_gencrypto_keyelem *el, enum enum_lws_dh_side side) |
| |
| LWS_VISIBLE LWS_EXTERN int | lws_genecdh_new_keypair (struct lws_genec_ctx *ctx, enum enum_lws_dh_side side, const char *curve_name, struct lws_gencrypto_keyelem *el) |
| |
| LWS_VISIBLE LWS_EXTERN int | lws_genecdh_compute_shared_secret (struct lws_genec_ctx *ctx, uint8_t *ss, int *ss_len) |
| |
| LWS_VISIBLE int | lws_genecdsa_create (struct lws_genec_ctx *ctx, struct lws_context *context, const struct lws_ec_curves *curve_table) |
| |
| LWS_VISIBLE LWS_EXTERN int | lws_genecdsa_new_keypair (struct lws_genec_ctx *ctx, const char *curve_name, struct lws_gencrypto_keyelem *el) |
| |
| LWS_VISIBLE LWS_EXTERN int | lws_genecdsa_set_key (struct lws_genec_ctx *ctx, const struct lws_gencrypto_keyelem *el) |
| |
| LWS_VISIBLE LWS_EXTERN int | lws_genecdsa_hash_sig_verify_jws (struct lws_genec_ctx *ctx, const uint8_t *in, enum lws_genhash_types hash_type, int keybits, const uint8_t *sig, size_t sig_len) |
| |
| LWS_VISIBLE LWS_EXTERN int | lws_genecdsa_hash_sign_jws (struct lws_genec_ctx *ctx, const uint8_t *in, enum lws_genhash_types hash_type, int keybits, uint8_t *sig, size_t sig_len) |
| |
| LWS_VISIBLE LWS_EXTERN void | lws_genec_destroy (struct lws_genec_ctx *ctx) |
| |
| LWS_VISIBLE LWS_EXTERN void | lws_genec_destroy_elements (struct lws_gencrypto_keyelem *el) |
| |
| LWS_VISIBLE LWS_EXTERN int | lws_genec_dump (struct lws_gencrypto_keyelem *el) |
| |
◆ lws_genec_ctx
◆ lws_ec_curves
Definition at line 60 of file lws-genec.h.
| Data Fields |
|---|
|
const char * |
name |
|
|
int |
tls_lib_nid |
|
|
uint16_t |
key_bytes |
|
◆ enum_genec_alg
| Enumerator |
|---|
| LEGENEC_UNKNOWN | |
| LEGENEC_ECDH | |
| LEGENEC_ECDSA | |
Definition at line 25 of file lws-genec.h.
◆ enum_lws_dh_side
| Enumerator |
|---|
| LDHS_OURS | |
| LDHS_THEIRS | |
Definition at line 54 of file lws-genec.h.
◆ lws_genecdh_create()
lws_genecdh_create() - Create a genecdh
- Parameters
-
| ctx | your genec context |
| context | your lws_context (for RNG access) |
| curve_table | NULL, enabling P-256, P-384 and P-521, or a replacement struct lws_ec_curves array, terminated by an entry with .name = NULL, of curves you want to allow |
Initializes a genecdh
◆ lws_genecdh_set_key()
lws_genecdh_set_key() - Apply an EC key to our or theirs side
- Parameters
-
| ctx | your genecdh context |
| el | your key elements |
| side | LDHS_OURS or LDHS_THEIRS |
Applies an EC key to one side or the other of an ECDH ctx
◆ lws_genecdh_new_keypair()
lws_genecdh_new_keypair() - Create a genec with a new public / private key
- Parameters
-
| ctx | your genec context |
| side | LDHS_OURS or LDHS_THEIRS |
| curve_name | an EC curve name, like "P-256" |
| el | array pf LWS_GENCRYPTO_EC_KEYEL_COUNT key elems to take the new key |
Creates a genecdh with a newly minted EC public / private key
◆ lws_genecdh_compute_shared_secret()
◆ lws_genecdsa_create()
lws_genecdsa_create() - Create a genecdsa and
- Parameters
-
| ctx | your genec context |
| context | your lws_context (for RNG access) |
| curve_table | NULL, enabling P-256, P-384 and P-521, or a replacement struct lws_ec_curves array, terminated by an entry with .name = NULL, of curves you want to allow |
Initializes a genecdh
◆ lws_genecdsa_new_keypair()
lws_genecdsa_new_keypair() - Create a genecdsa with a new public / private key
- Parameters
-
| ctx | your genec context |
| curve_name | an EC curve name, like "P-256" |
| el | array pf LWS_GENCRYPTO_EC_KEYEL_COUNT key elements to take the new key |
Creates a genecdsa with a newly minted EC public / private key
◆ lws_genecdsa_set_key()
lws_genecdsa_set_key() - Apply an EC key to an ecdsa context
- Parameters
-
| ctx | your genecdsa context |
| el | your key elements |
Applies an EC key to an ecdsa context
◆ lws_genecdsa_hash_sig_verify_jws()
lws_genecdsa_hash_sig_verify_jws() - Verifies a JWS ECDSA signature on a given hash
- Parameters
-
| ctx | your struct lws_genrsa_ctx |
| in | unencrypted payload (usually a recomputed hash) |
| hash_type | one of LWS_GENHASH_TYPE_ |
| keybits | number of bits in the crypto key |
| sig | pointer to the signature we received with the payload |
| sig_len | length of the signature we are checking in bytes |
This just looks at the signed hash... that's why there's no input length parameter, it's decided by the choice of hash. It's up to you to confirm separately the actual payload matches the hash that was confirmed by this to be validly signed.
Returns <0 for error, or 0 if signature matches the hash + key..
The JWS ECDSA signature verification algorithm differs to generic ECDSA signatures and they're not interoperable.
This and related APIs operate identically with OpenSSL or mbedTLS backends.
◆ lws_genecdsa_hash_sign_jws()
lws_genecdsa_hash_sign_jws() - Creates a JWS ECDSA signature for a hash you provide
- Parameters
-
| ctx | your struct lws_genrsa_ctx |
| in | precomputed hash |
| hash_type | one of LWS_GENHASH_TYPE_ |
| keybits | number of bits in the crypto key |
| sig | pointer to buffer to take signature |
| sig_len | length of the buffer (must be >= length of key N) |
Returns <0 for error, or >=0 for success.
This creates a JWS ECDSA signature for a hash you already computed and provide.
The JWS ECDSA signature generation algorithm differs to generic ECDSA signatures and they're not interoperable.
This and related APIs operate identically with OpenSSL or mbedTLS backends.
◆ lws_genec_destroy()
◆ lws_genec_destroy_elements()
◆ lws_genec_dump()
Collaboration diagram for lws_genec_ctx:
1.9.1 
