lws-jws.h

/*
 * libwebsockets - small server side websockets and web server implementation
 *
 * Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to
 * deal in the Software without restriction, including without limitation the
 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
 * sell copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 * IN THE SOFTWARE.
 */
 
 
/*
 * The maps are built to work with both JWS (LJWS_) and JWE (LJWE_), and are
 * sized to the slightly larger JWE case.
 */
 
enum enum_jws_sig_elements {
 
        /* JWS block namespace */
        LJWS_JOSE,
        LJWS_PYLD,
        LJWS_SIG,
        LJWS_UHDR,
 
        /* JWE block namespace */
        LJWE_JOSE = 0,
        LJWE_EKEY,
        LJWE_IV,
        LJWE_CTXT,
        LJWE_ATAG,
        LJWE_AAD,
 
        LWS_JWS_MAX_COMPACT_BLOCKS
};
 
struct lws_jws_map {
        const char *buf[LWS_JWS_MAX_COMPACT_BLOCKS];
        uint32_t len[LWS_JWS_MAX_COMPACT_BLOCKS];
};
 
#define LWS_JWS_MAX_SIGS 3
 
struct lws_jws {
        struct lws_jwk *jwk; /* the struct lws_jwk containing the signing key */
        struct lws_context *context; /* the lws context (used to get random) */
        struct lws_jws_map map, map_b64;
};
 
/* jws EC signatures do not have ASN.1 in them, meaning they're incompatible
 * with generic signatures.
 */
 
LWS_VISIBLE LWS_EXTERN void
lws_jws_init(struct lws_jws *jws, struct lws_jwk *jwk,
             struct lws_context *context);
 
LWS_VISIBLE LWS_EXTERN void
lws_jws_destroy(struct lws_jws *jws);
 
LWS_VISIBLE LWS_EXTERN int
lws_jws_sig_confirm_compact(struct lws_jws_map *map, struct lws_jwk *jwk,
                            struct lws_context *context,
                            char *temp, int *temp_len);
 
LWS_VISIBLE LWS_EXTERN int
lws_jws_sig_confirm_compact_b64_map(struct lws_jws_map *map_b64,
                                    struct lws_jwk *jwk,
                                    struct lws_context *context,
                                    char *temp, int *temp_len);
 
LWS_VISIBLE LWS_EXTERN int
lws_jws_sig_confirm_compact_b64(const char *in, size_t len,
                                struct lws_jws_map *map,
                                struct lws_jwk *jwk,
                                struct lws_context *context,
                                char *temp, int *temp_len);
 
LWS_VISIBLE LWS_EXTERN int
lws_jws_sig_confirm(struct lws_jws_map *map_b64, /* b64-encoded */
                    struct lws_jws_map *map,    /* non-b64 */
                    struct lws_jwk *jwk, struct lws_context *context);
 
LWS_VISIBLE LWS_EXTERN int
lws_jws_sign_from_b64(struct lws_jose *jose, struct lws_jws *jws, char *b64_sig,
                        size_t sig_len);
 
LWS_VISIBLE LWS_EXTERN int
lws_jws_compact_decode(const char *in, int len, struct lws_jws_map *map,
                struct lws_jws_map *map_b64, char *out, int *out_len);
 
LWS_VISIBLE LWS_EXTERN int
lws_jws_compact_encode(struct lws_jws_map *map_b64, /* b64-encoded */
                       const struct lws_jws_map *map,   /* non-b64 */
                       char *buf, int *out_len);
 
LWS_VISIBLE LWS_EXTERN int
lws_jws_sig_confirm_json(const char *in, size_t len,
                         struct lws_jws *jws, struct lws_jwk *jwk,
                         struct lws_context *context,
                         char *temp, int *temp_len);
 
LWS_VISIBLE LWS_EXTERN int
lws_jws_write_flattened_json(struct lws_jws *jws, char *flattened, size_t len);
 
LWS_VISIBLE LWS_EXTERN int
lws_jws_write_compact(struct lws_jws *jws, char *compact, size_t len);
 
 
 
/*
 * below apis are not normally needed if dealing with whole JWS... they're
 * useful for creating from scratch
 */
 
 
LWS_VISIBLE LWS_EXTERN int
lws_jws_dup_element(struct lws_jws_map *map, int idx,
                    char *temp, int *temp_len, const void *in, size_t in_len,
                    size_t actual_alloc);
 
LWS_VISIBLE LWS_EXTERN int
lws_jws_randomize_element(struct lws_context *context,
                          struct lws_jws_map *map,
                          int idx, char *temp, int *temp_len, size_t random_len,
                          size_t actual_alloc);
 
LWS_VISIBLE LWS_EXTERN int
lws_jws_alloc_element(struct lws_jws_map *map, int idx, char *temp,
                      int *temp_len, size_t len, size_t actual_alloc);
 
LWS_VISIBLE LWS_EXTERN int
lws_jws_encode_b64_element(struct lws_jws_map *map, int idx,
                           char *temp, int *temp_len, const void *in,
                           size_t in_len);
 
 
LWS_VISIBLE LWS_EXTERN int
lws_jws_b64_compact_map(const char *in, int len, struct lws_jws_map *map);
 
 
LWS_VISIBLE LWS_EXTERN int
lws_jws_base64_enc(const char *in, size_t in_len, char *out, size_t out_max);
 
LWS_VISIBLE LWS_EXTERN int
lws_jws_encode_section(const char *in, size_t in_len, int first, char **p,
                       char *end);
 
LWS_VISIBLE LWS_EXTERN int
lws_jwt_signed_validate(struct lws_context *ctx, struct lws_jwk *jwk,
                        const char *alg_list, const char *com, size_t len,
                        char *temp, int tl, char *out, size_t *out_len);
 
LWS_VISIBLE LWS_EXTERN int
lws_jwt_sign_compact(struct lws_context *ctx, struct lws_jwk *jwk,
                     const char *alg, char *out, size_t *out_len, char *temp,
                     int tl, const char *format, ...) LWS_FORMAT(8);
 
struct lws_jwt_sign_info {
        const char *alg;
        const char *jose_hdr;
        size_t jose_hdr_len;
        char *out;
        size_t *out_len;
        char *temp;
        int tl;
};
 
LWS_VISIBLE LWS_EXTERN int
lws_jwt_sign_via_info(struct lws_context *ctx, struct lws_jwk *jwk,
         const struct lws_jwt_sign_info *info, const char *format, ...) LWS_FORMAT(4);
 
LWS_VISIBLE LWS_EXTERN int
lws_jwt_token_sanity(const char *in, size_t in_len,
                     const char *iss, const char *aud, const char *csrf_in,
                     char *sub, size_t sub_len, unsigned long *exp_unix_time);
 
#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2)
 
struct lws_jwt_sign_set_cookie {
        struct lws_jwk                  *jwk;
        const char                      *alg;
        const char                      *iss;
        const char                      *aud;
        const char                      *cookie_name;
        char                            sub[33];
        const char                      *extra_json;
        size_t                          extra_json_len;
        const char                      *csrf_in;
        unsigned long                   expiry_unix_time;
};
 
LWS_VISIBLE LWS_EXTERN int
lws_jwt_sign_token_set_http_cookie(struct lws *wsi,
                                   const struct lws_jwt_sign_set_cookie *i,
                                   uint8_t **p, uint8_t *end);
LWS_VISIBLE LWS_EXTERN int
lws_jwt_get_http_cookie_validate_jwt(struct lws *wsi,
                                     struct lws_jwt_sign_set_cookie *i,
                                     char *out, size_t *out_len);
#endif