 |
libwebsockets
Lightweight C library for HTML5 websockets
|
|
libwebsockets
Lightweight C library for HTML5 websockets
|
Go to the source code of this file.
Data Structures | |
| struct | lws_jwe |
Macros | |
| #define | LWS_JWE_RFC3394_OVERHEAD_BYTES 8 |
| #define | LWS_JWE_AES_IV_BYTES 16 |
| #define | LWS_JWE_LIMIT_RSA_KEY_BITS 4096 |
| #define | LWS_JWE_LIMIT_AES_KEY_BITS (512 + 64) /* RFC3394 Key Wrap adds 64b */ |
| #define | LWS_JWE_LIMIT_EC_KEY_BITS 528 /* 521 rounded to byte boundary */ |
| #define | LWS_JWE_LIMIT_HASH_BITS (LWS_GENHASH_LARGEST * 8) |
| #define | LWS_JWE_LIMIT_KEY_ELEMENT_BYTES (LWS_JWE_LIMIT_RSA_KEY_BITS / 8) |
Functions | |
| LWS_VISIBLE LWS_EXTERN void | lws_jwe_init (struct lws_jwe *jwe, struct lws_context *context) |
| LWS_VISIBLE LWS_EXTERN void | lws_jwe_destroy (struct lws_jwe *jwe) |
| LWS_VISIBLE LWS_EXTERN void | lws_jwe_be64 (uint64_t c, uint8_t *p8) |
| LWS_VISIBLE LWS_EXTERN int | lws_jwe_render_compact (struct lws_jwe *jwe, char *out, size_t out_len) |
| LWS_VISIBLE int | lws_jwe_render_flattened (struct lws_jwe *jwe, char *out, size_t out_len) |
| LWS_VISIBLE LWS_EXTERN int | lws_jwe_json_parse (struct lws_jwe *jwe, const uint8_t *buf, int len, char *temp, int *temp_len) |
| LWS_VISIBLE LWS_EXTERN int | lws_jwe_auth_and_decrypt (struct lws_jwe *jwe, char *temp, int *temp_len) |
| LWS_VISIBLE LWS_EXTERN int | lws_jwe_encrypt (struct lws_jwe *jwe, char *temp, int *temp_len) |
| LWS_VISIBLE LWS_EXTERN int | lws_jwe_create_packet (struct lws_jwe *jwe, const char *payload, size_t len, const char *nonce, char *out, size_t out_len, struct lws_context *context) |
| LWS_VISIBLE LWS_EXTERN int | lws_jwe_auth_and_decrypt_cbc_hs (struct lws_jwe *jwe, uint8_t *enc_cek, uint8_t *aad, int aad_len) |
| LWS_VISIBLE LWS_EXTERN int | lws_jwa_concat_kdf (struct lws_jwe *jwe, int direct, uint8_t *out, const uint8_t *shared_secret, int sslen) |
| struct lws_jwe |
| #define LWS_JWE_LIMIT_AES_KEY_BITS (512 + 64) /* RFC3394 Key Wrap adds 64b */ |
| #define LWS_JWE_LIMIT_EC_KEY_BITS 528 /* 521 rounded to byte boundary */ |
| #define LWS_JWE_LIMIT_HASH_BITS (LWS_GENHASH_LARGEST * 8) |
| #define LWS_JWE_LIMIT_KEY_ELEMENT_BYTES (LWS_JWE_LIMIT_RSA_KEY_BITS / 8) |
| LWS_VISIBLE LWS_EXTERN void lws_jwe_init | ( | struct lws_jwe * | jwe, |
| struct lws_context * | context | ||
| ) |
| LWS_VISIBLE LWS_EXTERN void lws_jwe_destroy | ( | struct lws_jwe * | jwe | ) |
| LWS_VISIBLE LWS_EXTERN void lws_jwe_be64 | ( | uint64_t | c, |
| uint8_t * | p8 | ||
| ) |
| LWS_VISIBLE LWS_EXTERN int lws_jwe_render_compact | ( | struct lws_jwe * | jwe, |
| char * | out, | ||
| size_t | out_len | ||
| ) |
| LWS_VISIBLE int lws_jwe_render_flattened | ( | struct lws_jwe * | jwe, |
| char * | out, | ||
| size_t | out_len | ||
| ) |
| LWS_VISIBLE LWS_EXTERN int lws_jwe_json_parse | ( | struct lws_jwe * | jwe, |
| const uint8_t * | buf, | ||
| int | len, | ||
| char * | temp, | ||
| int * | temp_len | ||
| ) |
| LWS_VISIBLE LWS_EXTERN int lws_jwe_auth_and_decrypt | ( | struct lws_jwe * | jwe, |
| char * | temp, | ||
| int * | temp_len | ||
| ) |
lws_jwe_auth_and_decrypt() - confirm and decrypt JWE
| jose | jose context |
| jws | jws / jwe context... .map and .map_b64 must be filled already |
This is a high level JWE decrypt api that takes a jws with the maps already processed, and if the authentication passes, returns the decrypted plaintext in jws.map.buf[LJWE_CTXT] and its length in jws.map.len[LJWE_CTXT].
In the jws, the following fields must have been set by the caller
.context .jwk (the key encryption key) .map .map_b64
Having the b64 and decoded maps filled externally makes it flexible where the data was picked from, eg, from a Complete JWE JSON serialization, a flattened one, or a Compact Serialization.
Returns decrypt length, or -1 for failure.
| LWS_VISIBLE LWS_EXTERN int lws_jwe_encrypt | ( | struct lws_jwe * | jwe, |
| char * | temp, | ||
| int * | temp_len | ||
| ) |
lws_jwe_encrypt() - perform JWE encryption
| jose | the JOSE header information (encryption types, etc) |
| jws | the JWE elements, pointer to jwk etc |
| temp | parent-owned buffer to "allocate" elements into |
| temp_len | amount of space available in temp |
May be called up to LWS_JWS_MAX_RECIPIENTS times to encrypt the same CEK multiple ways on the same JWE payload.
returns the amount of temp used, or -1 for error.
| LWS_VISIBLE LWS_EXTERN int lws_jwe_create_packet | ( | struct lws_jwe * | jwe, |
| const char * | payload, | ||
| size_t | len, | ||
| const char * | nonce, | ||
| char * | out, | ||
| size_t | out_len, | ||
| struct lws_context * | context | ||
| ) |
lws_jwe_create_packet() - add b64 sig to b64 hdr + payload
| jwe | the struct lws_jwe we are trying to render |
| payload | unencoded payload JSON |
| len | length of unencoded payload JSON |
| nonce | Nonse string to include in protected header |
| out | buffer to take signed packet |
| out_len | size of out buffer |
| conext | lws_context to get random from |
This creates a "flattened" JWS packet from the jwk and the plaintext payload, and signs it. The packet is written into out.
This does the whole packet assembly and signing, calling through to lws_jws_sign_from_b64() as part of the process.
Returns the length written to out, or -1.
| LWS_VISIBLE LWS_EXTERN int lws_jwe_auth_and_decrypt_cbc_hs | ( | struct lws_jwe * | jwe, |
| uint8_t * | enc_cek, | ||
| uint8_t * | aad, | ||
| int | aad_len | ||
| ) |
| LWS_VISIBLE LWS_EXTERN int lws_jwa_concat_kdf | ( | struct lws_jwe * | jwe, |
| int | direct, | ||
| uint8_t * | out, | ||
| const uint8_t * | shared_secret, | ||
| int | sslen | ||
| ) |
1.9.1 
Collaboration diagram for lws_jwe: