libwebsockets
Lightweight C library for HTML5 websockets
lws-jws.h
1 /*
2  * libwebsockets - small server side websockets and web server implementation
3  *
4  * Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to
8  * deal in the Software without restriction, including without limitation the
9  * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10  * sell copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22  * IN THE SOFTWARE.
23  */
24 
36 
37 /*
38  * The maps are built to work with both JWS (LJWS_) and JWE (LJWE_), and are
39  * sized to the slightly larger JWE case.
40  */
41 
42 enum enum_jws_sig_elements {
43 
44  /* JWS block namespace */
45  LJWS_JOSE,
46  LJWS_PYLD,
47  LJWS_SIG,
48  LJWS_UHDR,
49 
50  /* JWE block namespace */
51  LJWE_JOSE = 0,
52  LJWE_EKEY,
53  LJWE_IV,
54  LJWE_CTXT,
55  LJWE_ATAG,
56  LJWE_AAD,
57 
58  LWS_JWS_MAX_COMPACT_BLOCKS
59 };
60 
61 struct lws_jws_map {
62  const char *buf[LWS_JWS_MAX_COMPACT_BLOCKS];
63  uint32_t len[LWS_JWS_MAX_COMPACT_BLOCKS];
64 };
65 
66 #define LWS_JWS_MAX_SIGS 3
67 
68 struct lws_jws {
69  struct lws_jwk *jwk; /* the struct lws_jwk containing the signing key */
70  struct lws_context *context; /* the lws context (used to get random) */
71  struct lws_jws_map map, map_b64;
72 };
73 
74 /* jws EC signatures do not have ASN.1 in them, meaning they're incompatible
75  * with generic signatures.
76  */
77 
85 LWS_VISIBLE LWS_EXTERN void
86 lws_jws_init(struct lws_jws *jws, struct lws_jwk *jwk,
87  struct lws_context *context);
88 
98 LWS_VISIBLE LWS_EXTERN void
99 lws_jws_destroy(struct lws_jws *jws);
100 
116 LWS_VISIBLE LWS_EXTERN int
118  struct lws_context *context,
119  char *temp, int *temp_len);
120 
121 LWS_VISIBLE LWS_EXTERN int
122 lws_jws_sig_confirm_compact_b64_map(struct lws_jws_map *map_b64,
123  struct lws_jwk *jwk,
124  struct lws_context *context,
125  char *temp, int *temp_len);
126 
144 LWS_VISIBLE LWS_EXTERN int
145 lws_jws_sig_confirm_compact_b64(const char *in, size_t len,
146  struct lws_jws_map *map,
147  struct lws_jwk *jwk,
148  struct lws_context *context,
149  char *temp, int *temp_len);
150 
168 LWS_VISIBLE LWS_EXTERN int
169 lws_jws_sig_confirm(struct lws_jws_map *map_b64, /* b64-encoded */
170  struct lws_jws_map *map, /* non-b64 */
171  struct lws_jwk *jwk, struct lws_context *context);
172 
192 LWS_VISIBLE LWS_EXTERN int
193 lws_jws_sign_from_b64(struct lws_jose *jose, struct lws_jws *jws, char *b64_sig,
194  size_t sig_len);
195 
213 LWS_VISIBLE LWS_EXTERN int
214 lws_jws_compact_decode(const char *in, int len, struct lws_jws_map *map,
215  struct lws_jws_map *map_b64, char *out, int *out_len);
216 
217 LWS_VISIBLE LWS_EXTERN int
218 lws_jws_compact_encode(struct lws_jws_map *map_b64, /* b64-encoded */
219  const struct lws_jws_map *map, /* non-b64 */
220  char *buf, int *out_len);
221 
222 LWS_VISIBLE LWS_EXTERN int
223 lws_jws_sig_confirm_json(const char *in, size_t len,
224  struct lws_jws *jws, struct lws_jwk *jwk,
225  struct lws_context *context,
226  char *temp, int *temp_len);
227 
236 LWS_VISIBLE LWS_EXTERN int
237 lws_jws_write_flattened_json(struct lws_jws *jws, char *flattened, size_t len);
238 
247 LWS_VISIBLE LWS_EXTERN int
248 lws_jws_write_compact(struct lws_jws *jws, char *compact, size_t len);
249 
250 
251 
252 /*
253  * below apis are not normally needed if dealing with whole JWS... they're
254  * useful for creating from scratch
255  */
256 
257 
278 LWS_VISIBLE LWS_EXTERN int
279 lws_jws_dup_element(struct lws_jws_map *map, int idx,
280  char *temp, int *temp_len, const void *in, size_t in_len,
281  size_t actual_alloc);
282 
303 LWS_VISIBLE LWS_EXTERN int
304 lws_jws_randomize_element(struct lws_context *context,
305  struct lws_jws_map *map,
306  int idx, char *temp, int *temp_len, size_t random_len,
307  size_t actual_alloc);
308 
328 LWS_VISIBLE LWS_EXTERN int
329 lws_jws_alloc_element(struct lws_jws_map *map, int idx, char *temp,
330  int *temp_len, size_t len, size_t actual_alloc);
331 
351 LWS_VISIBLE LWS_EXTERN int
353  char *temp, int *temp_len, const void *in,
354  size_t in_len);
355 
356 
371 LWS_VISIBLE LWS_EXTERN int
372 lws_jws_b64_compact_map(const char *in, int len, struct lws_jws_map *map);
373 
374 
385 LWS_VISIBLE LWS_EXTERN int
386 lws_jws_base64_enc(const char *in, size_t in_len, char *out, size_t out_max);
387 
401 LWS_VISIBLE LWS_EXTERN int
402 lws_jws_encode_section(const char *in, size_t in_len, int first, char **p,
403  char *end);
404 
428 LWS_VISIBLE LWS_EXTERN int
429 lws_jwt_signed_validate(struct lws_context *ctx, struct lws_jwk *jwk,
430  const char *alg_list, const char *com, size_t len,
431  char *temp, int tl, char *out, size_t *out_len);
432 
453 LWS_VISIBLE LWS_EXTERN int
454 lws_jwt_sign_compact(struct lws_context *ctx, struct lws_jwk *jwk,
455  const char *alg, char *out, size_t *out_len, char *temp,
456  int tl, const char *format, ...) LWS_FORMAT(8);
457 
459  const char *alg;
461  const char *jose_hdr;
464  size_t jose_hdr_len;
466  char *out;
468  size_t *out_len;
470  char *temp;
473  int tl;
475 };
476 
494 LWS_VISIBLE LWS_EXTERN int
495 lws_jwt_sign_via_info(struct lws_context *ctx, struct lws_jwk *jwk,
496  const struct lws_jwt_sign_info *info, const char *format, ...) LWS_FORMAT(4);
497 
524 LWS_VISIBLE LWS_EXTERN int
525 lws_jwt_token_sanity(const char *in, size_t in_len,
526  const char *iss, const char *aud, const char *csrf_in,
527  char *sub, size_t sub_len, unsigned long *exp_unix_time);
528 
529 #if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2)
530 
531 struct lws_jwt_sign_set_cookie {
532  struct lws_jwk *jwk;
534  const char *alg;
536  const char *iss;
538  const char *aud;
540  const char *cookie_name;
542  char sub[33];
544  const char *extra_json;
547  size_t extra_json_len;
550  const char *csrf_in;
553  unsigned long expiry_unix_time;
556 };
557 
589 LWS_VISIBLE LWS_EXTERN int
590 lws_jwt_sign_token_set_http_cookie(struct lws *wsi,
591  const struct lws_jwt_sign_set_cookie *i,
592  uint8_t **p, uint8_t *end);
593 LWS_VISIBLE LWS_EXTERN int
594 lws_jwt_get_http_cookie_validate_jwt(struct lws *wsi,
595  struct lws_jwt_sign_set_cookie *i,
596  char *out, size_t *out_len);
597 #endif
598 
LWS_VISIBLE LWS_EXTERN int lws_jws_encode_section(const char *in, size_t in_len, int first, char **p, char *end)
LWS_VISIBLE LWS_EXTERN int lws_jws_sign_from_b64(struct lws_jose *jose, struct lws_jws *jws, char *b64_sig, size_t sig_len)
LWS_VISIBLE LWS_EXTERN int lws_jws_randomize_element(struct lws_context *context, struct lws_jws_map *map, int idx, char *temp, int *temp_len, size_t random_len, size_t actual_alloc)
LWS_VISIBLE LWS_EXTERN int lws_jws_sig_confirm_compact_b64(const char *in, size_t len, struct lws_jws_map *map, struct lws_jwk *jwk, struct lws_context *context, char *temp, int *temp_len)
LWS_VISIBLE LWS_EXTERN int lws_jws_write_compact(struct lws_jws *jws, char *compact, size_t len)
LWS_VISIBLE LWS_EXTERN int lws_jwt_sign_compact(struct lws_context *ctx, struct lws_jwk *jwk, const char *alg, char *out, size_t *out_len, char *temp, int tl, const char *format,...) LWS_FORMAT(8)
LWS_VISIBLE LWS_EXTERN void lws_jws_destroy(struct lws_jws *jws)
LWS_VISIBLE LWS_EXTERN int lws_jws_sig_confirm(struct lws_jws_map *map_b64, struct lws_jws_map *map, struct lws_jwk *jwk, struct lws_context *context)
LWS_VISIBLE LWS_EXTERN int lws_jws_encode_b64_element(struct lws_jws_map *map, int idx, char *temp, int *temp_len, const void *in, size_t in_len)
LWS_VISIBLE LWS_EXTERN int lws_jws_sig_confirm_compact(struct lws_jws_map *map, struct lws_jwk *jwk, struct lws_context *context, char *temp, int *temp_len)
LWS_VISIBLE LWS_EXTERN int lws_jws_alloc_element(struct lws_jws_map *map, int idx, char *temp, int *temp_len, size_t len, size_t actual_alloc)
LWS_VISIBLE LWS_EXTERN int lws_jwt_sign_via_info(struct lws_context *ctx, struct lws_jwk *jwk, const struct lws_jwt_sign_info *info, const char *format,...) LWS_FORMAT(4)
LWS_VISIBLE LWS_EXTERN int lws_jws_dup_element(struct lws_jws_map *map, int idx, char *temp, int *temp_len, const void *in, size_t in_len, size_t actual_alloc)
LWS_VISIBLE LWS_EXTERN int lws_jws_write_flattened_json(struct lws_jws *jws, char *flattened, size_t len)
LWS_VISIBLE LWS_EXTERN int lws_jwt_signed_validate(struct lws_context *ctx, struct lws_jwk *jwk, const char *alg_list, const char *com, size_t len, char *temp, int tl, char *out, size_t *out_len)
LWS_VISIBLE LWS_EXTERN int lws_jws_base64_enc(const char *in, size_t in_len, char *out, size_t out_max)
LWS_VISIBLE LWS_EXTERN int lws_jwt_token_sanity(const char *in, size_t in_len, const char *iss, const char *aud, const char *csrf_in, char *sub, size_t sub_len, unsigned long *exp_unix_time)
LWS_VISIBLE LWS_EXTERN int lws_jws_b64_compact_map(const char *in, int len, struct lws_jws_map *map)
LWS_VISIBLE LWS_EXTERN int lws_jws_compact_decode(const char *in, int len, struct lws_jws_map *map, struct lws_jws_map *map_b64, char *out, int *out_len)
LWS_VISIBLE LWS_EXTERN void lws_jws_init(struct lws_jws *jws, struct lws_jwk *jwk, struct lws_context *context)
Definition: lws-jose.h:116
Definition: lws-jwk.h:50
Definition: lws-jws.h:61
Definition: lws-jws.h:68
Definition: lws-jws.h:458
const char * alg
Definition: lws-jws.h:459
size_t jose_hdr_len
Definition: lws-jws.h:464
char * temp
Definition: lws-jws.h:470
size_t * out_len
Definition: lws-jws.h:468
const char * jose_hdr
Definition: lws-jws.h:461
char * out
Definition: lws-jws.h:466
int tl
Definition: lws-jws.h:473