Lightweight C library for HTML5 websockets
lws-jwe.h File Reference

Go to the source code of this file.

Data Structures

struct  lws_jwe


#define LWS_JWE_AES_IV_BYTES   16
#define LWS_JWE_LIMIT_AES_KEY_BITS   (512 + 64) /* RFC3394 Key Wrap adds 64b */
#define LWS_JWE_LIMIT_EC_KEY_BITS   528 /* 521 rounded to byte boundary */


LWS_VISIBLE LWS_EXTERN void lws_jwe_init (struct lws_jwe *jwe, struct lws_context *context)
LWS_VISIBLE LWS_EXTERN void lws_jwe_destroy (struct lws_jwe *jwe)
LWS_VISIBLE LWS_EXTERN void lws_jwe_be64 (uint64_t c, uint8_t *p8)
LWS_VISIBLE LWS_EXTERN int lws_jwe_render_compact (struct lws_jwe *jwe, char *out, size_t out_len)
LWS_VISIBLE int lws_jwe_render_flattened (struct lws_jwe *jwe, char *out, size_t out_len)
LWS_VISIBLE LWS_EXTERN int lws_jwe_json_parse (struct lws_jwe *jwe, const uint8_t *buf, int len, char *temp, int *temp_len)
LWS_VISIBLE LWS_EXTERN int lws_jwe_auth_and_decrypt (struct lws_jwe *jwe, char *temp, int *temp_len)
LWS_VISIBLE LWS_EXTERN int lws_jwe_encrypt (struct lws_jwe *jwe, char *temp, int *temp_len)
LWS_VISIBLE LWS_EXTERN int lws_jwe_create_packet (struct lws_jwe *jwe, const char *payload, size_t len, const char *nonce, char *out, size_t out_len, struct lws_context *context)
LWS_VISIBLE LWS_EXTERN int lws_jwe_auth_and_decrypt_cbc_hs (struct lws_jwe *jwe, uint8_t *enc_cek, uint8_t *aad, int aad_len)
LWS_VISIBLE LWS_EXTERN int lws_jwa_concat_kdf (struct lws_jwe *jwe, int direct, uint8_t *out, const uint8_t *shared_secret, int sslen)

Data Structure Documentation

◆ lws_jwe

struct lws_jwe

Definition at line 45 of file lws-jwe.h.

+ Collaboration diagram for lws_jwe:
Data Fields
struct lws_jose jose
struct lws_jws jws
struct lws_jwk jwk
unsigned int cek_valid:1
int recip

Macro Definition Documentation



Definition at line 33 of file lws-jwe.h.


#define LWS_JWE_AES_IV_BYTES   16

Definition at line 34 of file lws-jwe.h.



Definition at line 36 of file lws-jwe.h.


#define LWS_JWE_LIMIT_AES_KEY_BITS   (512 + 64) /* RFC3394 Key Wrap adds 64b */

Definition at line 37 of file lws-jwe.h.


#define LWS_JWE_LIMIT_EC_KEY_BITS   528 /* 521 rounded to byte boundary */

Definition at line 38 of file lws-jwe.h.



Definition at line 39 of file lws-jwe.h.



Definition at line 42 of file lws-jwe.h.

Function Documentation

◆ lws_jwe_init()

LWS_VISIBLE LWS_EXTERN void lws_jwe_init ( struct lws_jwe jwe,
struct lws_context *  context 

◆ lws_jwe_destroy()

LWS_VISIBLE LWS_EXTERN void lws_jwe_destroy ( struct lws_jwe jwe)

◆ lws_jwe_be64()

LWS_VISIBLE LWS_EXTERN void lws_jwe_be64 ( uint64_t  c,
uint8_t *  p8 

◆ lws_jwe_render_compact()

LWS_VISIBLE LWS_EXTERN int lws_jwe_render_compact ( struct lws_jwe jwe,
char *  out,
size_t  out_len 

◆ lws_jwe_render_flattened()

LWS_VISIBLE int lws_jwe_render_flattened ( struct lws_jwe jwe,
char *  out,
size_t  out_len 

◆ lws_jwe_json_parse()

LWS_VISIBLE LWS_EXTERN int lws_jwe_json_parse ( struct lws_jwe jwe,
const uint8_t *  buf,
int  len,
char *  temp,
int *  temp_len 

◆ lws_jwe_auth_and_decrypt()

LWS_VISIBLE LWS_EXTERN int lws_jwe_auth_and_decrypt ( struct lws_jwe jwe,
char *  temp,
int *  temp_len 

lws_jwe_auth_and_decrypt() - confirm and decrypt JWE

josejose context
jwsjws / jwe context... .map and .map_b64 must be filled already

This is a high level JWE decrypt api that takes a jws with the maps already processed, and if the authentication passes, returns the decrypted plaintext in[LJWE_CTXT] and its length in[LJWE_CTXT].

In the jws, the following fields must have been set by the caller

.context .jwk (the key encryption key) .map .map_b64

Having the b64 and decoded maps filled externally makes it flexible where the data was picked from, eg, from a Complete JWE JSON serialization, a flattened one, or a Compact Serialization.

Returns decrypt length, or -1 for failure.

◆ lws_jwe_encrypt()

LWS_VISIBLE LWS_EXTERN int lws_jwe_encrypt ( struct lws_jwe jwe,
char *  temp,
int *  temp_len 

lws_jwe_encrypt() - perform JWE encryption

josethe JOSE header information (encryption types, etc)
jwsthe JWE elements, pointer to jwk etc
tempparent-owned buffer to "allocate" elements into
temp_lenamount of space available in temp

May be called up to LWS_JWS_MAX_RECIPIENTS times to encrypt the same CEK multiple ways on the same JWE payload.

returns the amount of temp used, or -1 for error.

◆ lws_jwe_create_packet()

LWS_VISIBLE LWS_EXTERN int lws_jwe_create_packet ( struct lws_jwe jwe,
const char *  payload,
size_t  len,
const char *  nonce,
char *  out,
size_t  out_len,
struct lws_context *  context 

lws_jwe_create_packet() - add b64 sig to b64 hdr + payload

jwethe struct lws_jwe we are trying to render
payloadunencoded payload JSON
lenlength of unencoded payload JSON
nonceNonse string to include in protected header
outbuffer to take signed packet
out_lensize of out buffer
conextlws_context to get random from

This creates a "flattened" JWS packet from the jwk and the plaintext payload, and signs it. The packet is written into out.

This does the whole packet assembly and signing, calling through to lws_jws_sign_from_b64() as part of the process.

Returns the length written to out, or -1.

◆ lws_jwe_auth_and_decrypt_cbc_hs()

LWS_VISIBLE LWS_EXTERN int lws_jwe_auth_and_decrypt_cbc_hs ( struct lws_jwe jwe,
uint8_t *  enc_cek,
uint8_t *  aad,
int  aad_len 

◆ lws_jwa_concat_kdf()

LWS_VISIBLE LWS_EXTERN int lws_jwa_concat_kdf ( struct lws_jwe jwe,
int  direct,
uint8_t *  out,
const uint8_t *  shared_secret,
int  sslen