libwebsockets
Lightweight C library for HTML5 websockets
Loading...
Searching...
No Matches
lws-jwe.h
Go to the documentation of this file.
1 /*
2 * libwebsockets - small server side websockets and web server implementation
3 *
4 * Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to
8 * deal in the Software without restriction, including without limitation the
9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 * sell copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22 * IN THE SOFTWARE.
23 *
24 * JWE Compact Serialization consists of
25 *
26 * BASE64URL(UTF8(JWE Protected Header)) || '.' ||
27 * BASE64URL(JWE Encrypted Key) || '.' ||
28 * BASE64URL(JWE Initialization Vector) || '.' ||
29 * BASE64URL(JWE Ciphertext) || '.' ||
30 * BASE64URL(JWE Authentication Tag)
31 */
32
33#define LWS_JWE_RFC3394_OVERHEAD_BYTES 8
34#define LWS_JWE_AES_IV_BYTES 16
35
36#define LWS_JWE_LIMIT_RSA_KEY_BITS 4096
37#define LWS_JWE_LIMIT_AES_KEY_BITS (512 + 64) /* RFC3394 Key Wrap adds 64b */
38#define LWS_JWE_LIMIT_EC_KEY_BITS 528 /* 521 rounded to byte boundary */
39#define LWS_JWE_LIMIT_HASH_BITS (LWS_GENHASH_LARGEST * 8)
40
41/* the largest key element for any cipher */
42#define LWS_JWE_LIMIT_KEY_ELEMENT_BYTES (LWS_JWE_LIMIT_RSA_KEY_BITS / 8)
43
44
45struct lws_jwe {
46 struct lws_jose jose;
47 struct lws_jws jws;
48 struct lws_jwk jwk;
49
50 /*
51 * We have to keep a copy of the CEK so we can reuse it with later
52 * key encryptions for the multiple recipient case.
53 */
54 uint8_t cek[LWS_JWE_LIMIT_KEY_ELEMENT_BYTES];
55 unsigned int cek_valid:1;
56
57 int recip;
58};
59
60LWS_VISIBLE LWS_EXTERN void
61lws_jwe_init(struct lws_jwe *jwe, struct lws_context *context);
62
63LWS_VISIBLE LWS_EXTERN void
64lws_jwe_destroy(struct lws_jwe *jwe);
65
66LWS_VISIBLE LWS_EXTERN void
67lws_jwe_be64(uint64_t c, uint8_t *p8);
68
69/*
70 * JWE Compact Serialization consists of
71 *
72 * BASE64URL(UTF8(JWE Protected Header)) || '.' ||
73 * BASE64URL(JWE Encrypted Key) || '.' ||
74 * BASE64URL(JWE Initialization Vector) || '.' ||
75 * BASE64URL(JWE Ciphertext) || '.' ||
76 * BASE64URL(JWE Authentication Tag)
77 */
78
79LWS_VISIBLE LWS_EXTERN int
80lws_jwe_render_compact(struct lws_jwe *jwe, char *out, size_t out_len);
81
82LWS_VISIBLE LWS_EXTERN int
83lws_jwe_render_flattened(struct lws_jwe *jwe, char *out, size_t out_len);
84
85LWS_VISIBLE LWS_EXTERN int
86lws_jwe_json_parse(struct lws_jwe *jwe, const uint8_t *buf, int len,
87 char *temp, int *temp_len);
88
112LWS_VISIBLE LWS_EXTERN int
113lws_jwe_auth_and_decrypt(struct lws_jwe *jwe, char *temp, int *temp_len);
114
128LWS_VISIBLE LWS_EXTERN int
129lws_jwe_encrypt(struct lws_jwe *jwe, char *temp, int *temp_len);
130
150LWS_VISIBLE LWS_EXTERN int
151lws_jwe_create_packet(struct lws_jwe *jwe,
152 const char *payload, size_t len, const char *nonce,
153 char *out, size_t out_len, struct lws_context *context);
154
155
156/* only exposed because we have test vectors that need it */
157LWS_VISIBLE LWS_EXTERN int
158lws_jwe_auth_and_decrypt_cbc_hs(struct lws_jwe *jwe, uint8_t *enc_cek,
159 uint8_t *aad, int aad_len);
160
161/* only exposed because we have test vectors that need it */
162LWS_VISIBLE LWS_EXTERN int
163lws_jwa_concat_kdf(struct lws_jwe *jwe, int direct,
164 uint8_t *out, const uint8_t *shared_secret, int sslen);
lws_jwk
Definition lws-jwk.h:50
lws_jws
Definition lws-jws.h:68
LWS_EXTERN
#define LWS_EXTERN
Definition libwebsockets.h:296
uint8_t
unsigned char uint8_t
Definition libwebsockets.h:706
LWS_VISIBLE
#define LWS_VISIBLE
Definition libwebsockets.h:291
lws_jose
Definition lws-jose.h:118
lws_jwe_render_compact
LWS_VISIBLE LWS_EXTERN int lws_jwe_render_compact(struct lws_jwe *jwe, char *out, size_t out_len)
lws_jwe_be64
LWS_VISIBLE LWS_EXTERN void lws_jwe_be64(uint64_t c, uint8_t *p8)
lws_jwe_render_flattened
LWS_VISIBLE LWS_EXTERN int lws_jwe_render_flattened(struct lws_jwe *jwe, char *out, size_t out_len)
lws_jwe::cek
uint8_t cek[LWS_JWE_LIMIT_KEY_ELEMENT_BYTES]
Definition lws-jwe.h:54
LWS_JWE_LIMIT_KEY_ELEMENT_BYTES
#define LWS_JWE_LIMIT_KEY_ELEMENT_BYTES
Definition lws-jwe.h:42
lws_jwe_auth_and_decrypt_cbc_hs
LWS_VISIBLE LWS_EXTERN int lws_jwe_auth_and_decrypt_cbc_hs(struct lws_jwe *jwe, uint8_t *enc_cek, uint8_t *aad, int aad_len)
lws_jwe_auth_and_decrypt
LWS_VISIBLE LWS_EXTERN int lws_jwe_auth_and_decrypt(struct lws_jwe *jwe, char *temp, int *temp_len)
lws_jwe::jose
struct lws_jose jose
Definition lws-jwe.h:46
lws_jwe::cek_valid
unsigned int cek_valid
Definition lws-jwe.h:55
lws_jwe::jwk
struct lws_jwk jwk
Definition lws-jwe.h:48
lws_jwe_encrypt
LWS_VISIBLE LWS_EXTERN int lws_jwe_encrypt(struct lws_jwe *jwe, char *temp, int *temp_len)
lws_jwe_json_parse
LWS_VISIBLE LWS_EXTERN int lws_jwe_json_parse(struct lws_jwe *jwe, const uint8_t *buf, int len, char *temp, int *temp_len)
lws_jwa_concat_kdf
LWS_VISIBLE LWS_EXTERN int lws_jwa_concat_kdf(struct lws_jwe *jwe, int direct, uint8_t *out, const uint8_t *shared_secret, int sslen)
lws_jwe_destroy
LWS_VISIBLE LWS_EXTERN void lws_jwe_destroy(struct lws_jwe *jwe)
lws_jwe_create_packet
LWS_VISIBLE LWS_EXTERN int lws_jwe_create_packet(struct lws_jwe *jwe, const char *payload, size_t len, const char *nonce, char *out, size_t out_len, struct lws_context *context)
lws_jwe::jws
struct lws_jws jws
Definition lws-jwe.h:47
lws_jwe_init
LWS_VISIBLE LWS_EXTERN void lws_jwe_init(struct lws_jwe *jwe, struct lws_context *context)
lws_jwe::recip
int recip
Definition lws-jwe.h:57
lws_jwe
Definition lws-jwe.h:45