libwebsockets
Lightweight C library for HTML5 websockets
lws-genec.h File Reference

Go to the source code of this file.

Data Structures

struct  lws_genec_ctx
 
struct  lws_ec_curves
 

Enumerations

enum  enum_genec_alg { LEGENEC_UNKNOWN , LEGENEC_ECDH , LEGENEC_ECDSA }
 
enum  enum_lws_dh_side { LDHS_OURS , LDHS_THEIRS }
 

Functions

LWS_VISIBLE int lws_genecdh_create (struct lws_genec_ctx *ctx, struct lws_context *context, const struct lws_ec_curves *curve_table)
 
LWS_VISIBLE LWS_EXTERN int lws_genecdh_set_key (struct lws_genec_ctx *ctx, struct lws_gencrypto_keyelem *el, enum enum_lws_dh_side side)
 
LWS_VISIBLE LWS_EXTERN int lws_genecdh_new_keypair (struct lws_genec_ctx *ctx, enum enum_lws_dh_side side, const char *curve_name, struct lws_gencrypto_keyelem *el)
 
LWS_VISIBLE LWS_EXTERN int lws_genecdh_compute_shared_secret (struct lws_genec_ctx *ctx, uint8_t *ss, int *ss_len)
 
LWS_VISIBLE int lws_genecdsa_create (struct lws_genec_ctx *ctx, struct lws_context *context, const struct lws_ec_curves *curve_table)
 
LWS_VISIBLE LWS_EXTERN int lws_genecdsa_new_keypair (struct lws_genec_ctx *ctx, const char *curve_name, struct lws_gencrypto_keyelem *el)
 
LWS_VISIBLE LWS_EXTERN int lws_genecdsa_set_key (struct lws_genec_ctx *ctx, const struct lws_gencrypto_keyelem *el)
 
LWS_VISIBLE LWS_EXTERN int lws_genecdsa_hash_sig_verify_jws (struct lws_genec_ctx *ctx, const uint8_t *in, enum lws_genhash_types hash_type, int keybits, const uint8_t *sig, size_t sig_len)
 
LWS_VISIBLE LWS_EXTERN int lws_genecdsa_hash_sign_jws (struct lws_genec_ctx *ctx, const uint8_t *in, enum lws_genhash_types hash_type, int keybits, uint8_t *sig, size_t sig_len)
 
LWS_VISIBLE LWS_EXTERN void lws_genec_destroy (struct lws_genec_ctx *ctx)
 
LWS_VISIBLE LWS_EXTERN void lws_genec_destroy_elements (struct lws_gencrypto_keyelem *el)
 
LWS_VISIBLE LWS_EXTERN int lws_genec_dump (struct lws_gencrypto_keyelem *el)
 

Data Structure Documentation

◆ lws_genec_ctx

struct lws_genec_ctx

Definition at line 32 of file lws-genec.h.

+ Collaboration diagram for lws_genec_ctx:
Data Fields
EVP_PKEY_CTX * ctx[2]
struct lws_context * context
const struct lws_ec_curves * curve_table
enum enum_genec_alg genec_alg
char has_private

◆ lws_ec_curves

struct lws_ec_curves

Definition at line 60 of file lws-genec.h.

+ Collaboration diagram for lws_ec_curves:
Data Fields
const char * name
int tls_lib_nid
uint16_t key_bytes

Enumeration Type Documentation

◆ enum_genec_alg

Enumerator
LEGENEC_UNKNOWN 
LEGENEC_ECDH 
LEGENEC_ECDSA 

Definition at line 25 of file lws-genec.h.

25 {
27
30};
@ LEGENEC_ECDH
Definition: lws-genec.h:28
@ LEGENEC_ECDSA
Definition: lws-genec.h:29
@ LEGENEC_UNKNOWN
Definition: lws-genec.h:26

◆ enum_lws_dh_side

Enumerator
LDHS_OURS 
LDHS_THEIRS 

Definition at line 54 of file lws-genec.h.

54 {
57};
@ LDHS_OURS
Definition: lws-genec.h:55
@ LDHS_THEIRS
Definition: lws-genec.h:56

Function Documentation

◆ lws_genecdh_create()

LWS_VISIBLE int lws_genecdh_create ( struct lws_genec_ctx ctx,
struct lws_context *  context,
const struct lws_ec_curves curve_table 
)

lws_genecdh_create() - Create a genecdh

Parameters
ctxyour genec context
contextyour lws_context (for RNG access)
curve_tableNULL, enabling P-256, P-384 and P-521, or a replacement struct lws_ec_curves array, terminated by an entry with .name = NULL, of curves you want to allow

Initializes a genecdh

◆ lws_genecdh_set_key()

LWS_VISIBLE LWS_EXTERN int lws_genecdh_set_key ( struct lws_genec_ctx ctx,
struct lws_gencrypto_keyelem el,
enum enum_lws_dh_side  side 
)

lws_genecdh_set_key() - Apply an EC key to our or theirs side

Parameters
ctxyour genecdh context
elyour key elements
sideLDHS_OURS or LDHS_THEIRS

Applies an EC key to one side or the other of an ECDH ctx

◆ lws_genecdh_new_keypair()

LWS_VISIBLE LWS_EXTERN int lws_genecdh_new_keypair ( struct lws_genec_ctx ctx,
enum enum_lws_dh_side  side,
const char *  curve_name,
struct lws_gencrypto_keyelem el 
)

lws_genecdh_new_keypair() - Create a genec with a new public / private key

Parameters
ctxyour genec context
sideLDHS_OURS or LDHS_THEIRS
curve_namean EC curve name, like "P-256"
elarray pf LWS_GENCRYPTO_EC_KEYEL_COUNT key elems to take the new key

Creates a genecdh with a newly minted EC public / private key

◆ lws_genecdh_compute_shared_secret()

LWS_VISIBLE LWS_EXTERN int lws_genecdh_compute_shared_secret ( struct lws_genec_ctx ctx,
uint8_t *  ss,
int *  ss_len 
)

◆ lws_genecdsa_create()

LWS_VISIBLE int lws_genecdsa_create ( struct lws_genec_ctx ctx,
struct lws_context *  context,
const struct lws_ec_curves curve_table 
)

lws_genecdsa_create() - Create a genecdsa and

Parameters
ctxyour genec context
contextyour lws_context (for RNG access)
curve_tableNULL, enabling P-256, P-384 and P-521, or a replacement struct lws_ec_curves array, terminated by an entry with .name = NULL, of curves you want to allow

Initializes a genecdh

◆ lws_genecdsa_new_keypair()

LWS_VISIBLE LWS_EXTERN int lws_genecdsa_new_keypair ( struct lws_genec_ctx ctx,
const char *  curve_name,
struct lws_gencrypto_keyelem el 
)

lws_genecdsa_new_keypair() - Create a genecdsa with a new public / private key

Parameters
ctxyour genec context
curve_namean EC curve name, like "P-256"
elarray pf LWS_GENCRYPTO_EC_KEYEL_COUNT key elements to take the new key

Creates a genecdsa with a newly minted EC public / private key

◆ lws_genecdsa_set_key()

LWS_VISIBLE LWS_EXTERN int lws_genecdsa_set_key ( struct lws_genec_ctx ctx,
const struct lws_gencrypto_keyelem el 
)

lws_genecdsa_set_key() - Apply an EC key to an ecdsa context

Parameters
ctxyour genecdsa context
elyour key elements

Applies an EC key to an ecdsa context

◆ lws_genecdsa_hash_sig_verify_jws()

LWS_VISIBLE LWS_EXTERN int lws_genecdsa_hash_sig_verify_jws ( struct lws_genec_ctx ctx,
const uint8_t *  in,
enum lws_genhash_types  hash_type,
int  keybits,
const uint8_t *  sig,
size_t  sig_len 
)

lws_genecdsa_hash_sig_verify_jws() - Verifies a JWS ECDSA signature on a given hash

Parameters
ctxyour struct lws_genrsa_ctx
inunencrypted payload (usually a recomputed hash)
hash_typeone of LWS_GENHASH_TYPE_
keybitsnumber of bits in the crypto key
sigpointer to the signature we received with the payload
sig_lenlength of the signature we are checking in bytes

This just looks at the signed hash... that's why there's no input length parameter, it's decided by the choice of hash. It's up to you to confirm separately the actual payload matches the hash that was confirmed by this to be validly signed.

Returns <0 for error, or 0 if signature matches the hash + key..

The JWS ECDSA signature verification algorithm differs to generic ECDSA signatures and they're not interoperable.

This and related APIs operate identically with OpenSSL or mbedTLS backends.

◆ lws_genecdsa_hash_sign_jws()

LWS_VISIBLE LWS_EXTERN int lws_genecdsa_hash_sign_jws ( struct lws_genec_ctx ctx,
const uint8_t *  in,
enum lws_genhash_types  hash_type,
int  keybits,
uint8_t *  sig,
size_t  sig_len 
)

lws_genecdsa_hash_sign_jws() - Creates a JWS ECDSA signature for a hash you provide

Parameters
ctxyour struct lws_genrsa_ctx
inprecomputed hash
hash_typeone of LWS_GENHASH_TYPE_
keybitsnumber of bits in the crypto key
sigpointer to buffer to take signature
sig_lenlength of the buffer (must be >= length of key N)

Returns <0 for error, or >=0 for success.

This creates a JWS ECDSA signature for a hash you already computed and provide.

The JWS ECDSA signature generation algorithm differs to generic ECDSA signatures and they're not interoperable.

This and related APIs operate identically with OpenSSL or mbedTLS backends.

◆ lws_genec_destroy()

LWS_VISIBLE LWS_EXTERN void lws_genec_destroy ( struct lws_genec_ctx ctx)

◆ lws_genec_destroy_elements()

LWS_VISIBLE LWS_EXTERN void lws_genec_destroy_elements ( struct lws_gencrypto_keyelem el)

◆ lws_genec_dump()

LWS_VISIBLE LWS_EXTERN int lws_genec_dump ( struct lws_gencrypto_keyelem el)