libwebsockets
Lightweight C library for HTML5 websockets
lws-jws.h
1/*
2 * libwebsockets - small server side websockets and web server implementation
3 *
4 * Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to
8 * deal in the Software without restriction, including without limitation the
9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 * sell copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22 * IN THE SOFTWARE.
23 */
24
36
37/*
38 * The maps are built to work with both JWS (LJWS_) and JWE (LJWE_), and are
39 * sized to the slightly larger JWE case.
40 */
41
42enum enum_jws_sig_elements {
43
44 /* JWS block namespace */
45 LJWS_JOSE,
46 LJWS_PYLD,
47 LJWS_SIG,
48 LJWS_UHDR,
49
50 /* JWE block namespace */
51 LJWE_JOSE = 0,
52 LJWE_EKEY,
53 LJWE_IV,
54 LJWE_CTXT,
55 LJWE_ATAG,
56 LJWE_AAD,
57
58 LWS_JWS_MAX_COMPACT_BLOCKS
59};
60
62 const char *buf[LWS_JWS_MAX_COMPACT_BLOCKS];
63 uint32_t len[LWS_JWS_MAX_COMPACT_BLOCKS];
64};
65
66#define LWS_JWS_MAX_SIGS 3
67
68struct lws_jws {
69 struct lws_jwk *jwk; /* the struct lws_jwk containing the signing key */
70 struct lws_context *context; /* the lws context (used to get random) */
71 struct lws_jws_map map, map_b64;
72};
73
74/* jws EC signatures do not have ASN.1 in them, meaning they're incompatible
75 * with generic signatures.
76 */
77
85LWS_VISIBLE LWS_EXTERN void
86lws_jws_init(struct lws_jws *jws, struct lws_jwk *jwk,
87 struct lws_context *context);
88
98LWS_VISIBLE LWS_EXTERN void
100
116LWS_VISIBLE LWS_EXTERN int
118 struct lws_context *context,
119 char *temp, int *temp_len);
120
121LWS_VISIBLE LWS_EXTERN int
122lws_jws_sig_confirm_compact_b64_map(struct lws_jws_map *map_b64,
123 struct lws_jwk *jwk,
124 struct lws_context *context,
125 char *temp, int *temp_len);
126
144LWS_VISIBLE LWS_EXTERN int
145lws_jws_sig_confirm_compact_b64(const char *in, size_t len,
146 struct lws_jws_map *map,
147 struct lws_jwk *jwk,
148 struct lws_context *context,
149 char *temp, int *temp_len);
150
168LWS_VISIBLE LWS_EXTERN int
169lws_jws_sig_confirm(struct lws_jws_map *map_b64, /* b64-encoded */
170 struct lws_jws_map *map, /* non-b64 */
171 struct lws_jwk *jwk, struct lws_context *context);
172
194LWS_VISIBLE LWS_EXTERN int
195lws_jws_sign_from_b64(struct lws_jose *jose, struct lws_jws *jws, char *b64_sig,
196 size_t sig_len);
197
215LWS_VISIBLE LWS_EXTERN int
216lws_jws_compact_decode(const char *in, int len, struct lws_jws_map *map,
217 struct lws_jws_map *map_b64, char *out, int *out_len);
218
219LWS_VISIBLE LWS_EXTERN int
220lws_jws_compact_encode(struct lws_jws_map *map_b64, /* b64-encoded */
221 const struct lws_jws_map *map, /* non-b64 */
222 char *buf, int *out_len);
223
224LWS_VISIBLE LWS_EXTERN int
225lws_jws_sig_confirm_json(const char *in, size_t len,
226 struct lws_jws *jws, struct lws_jwk *jwk,
227 struct lws_context *context,
228 char *temp, int *temp_len);
229
238LWS_VISIBLE LWS_EXTERN int
239lws_jws_write_flattened_json(struct lws_jws *jws, char *flattened, size_t len);
240
249LWS_VISIBLE LWS_EXTERN int
250lws_jws_write_compact(struct lws_jws *jws, char *compact, size_t len);
251
252
253
254/*
255 * below apis are not normally needed if dealing with whole JWS... they're
256 * useful for creating from scratch
257 */
258
259
280LWS_VISIBLE LWS_EXTERN int
281lws_jws_dup_element(struct lws_jws_map *map, int idx,
282 char *temp, int *temp_len, const void *in, size_t in_len,
283 size_t actual_alloc);
284
305LWS_VISIBLE LWS_EXTERN int
306lws_jws_randomize_element(struct lws_context *context,
307 struct lws_jws_map *map,
308 int idx, char *temp, int *temp_len, size_t random_len,
309 size_t actual_alloc);
310
330LWS_VISIBLE LWS_EXTERN int
331lws_jws_alloc_element(struct lws_jws_map *map, int idx, char *temp,
332 int *temp_len, size_t len, size_t actual_alloc);
333
353LWS_VISIBLE LWS_EXTERN int
355 char *temp, int *temp_len, const void *in,
356 size_t in_len);
357
358
373LWS_VISIBLE LWS_EXTERN int
374lws_jws_b64_compact_map(const char *in, int len, struct lws_jws_map *map);
375
376
387LWS_VISIBLE LWS_EXTERN int
388lws_jws_base64_enc(const char *in, size_t in_len, char *out, size_t out_max);
389
403LWS_VISIBLE LWS_EXTERN int
404lws_jws_encode_section(const char *in, size_t in_len, int first, char **p,
405 char *end);
406
430LWS_VISIBLE LWS_EXTERN int
431lws_jwt_signed_validate(struct lws_context *ctx, struct lws_jwk *jwk,
432 const char *alg_list, const char *com, size_t len,
433 char *temp, int tl, char *out, size_t *out_len);
434
455LWS_VISIBLE LWS_EXTERN int
456lws_jwt_sign_compact(struct lws_context *ctx, struct lws_jwk *jwk,
457 const char *alg, char *out, size_t *out_len, char *temp,
458 int tl, const char *format, ...) LWS_FORMAT(8);
459
461 const char *alg;
463 const char *jose_hdr;
468 char *out;
470 size_t *out_len;
472 char *temp;
475 int tl;
477};
478
496LWS_VISIBLE LWS_EXTERN int
497lws_jwt_sign_via_info(struct lws_context *ctx, struct lws_jwk *jwk,
498 const struct lws_jwt_sign_info *info, const char *format, ...) LWS_FORMAT(4);
499
526LWS_VISIBLE LWS_EXTERN int
527lws_jwt_token_sanity(const char *in, size_t in_len,
528 const char *iss, const char *aud, const char *csrf_in,
529 char *sub, size_t sub_len, unsigned long *exp_unix_time);
530
531#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2)
532
533struct lws_jwt_sign_set_cookie {
534 struct lws_jwk *jwk;
536 const char *alg;
538 const char *iss;
540 const char *aud;
542 const char *cookie_name;
544 char sub[33];
546 const char *extra_json;
549 size_t extra_json_len;
552 const char *csrf_in;
555 unsigned long expiry_unix_time;
558};
559
591LWS_VISIBLE LWS_EXTERN int
592lws_jwt_sign_token_set_http_cookie(struct lws *wsi,
593 const struct lws_jwt_sign_set_cookie *i,
594 uint8_t **p, uint8_t *end);
595LWS_VISIBLE LWS_EXTERN int
596lws_jwt_get_http_cookie_validate_jwt(struct lws *wsi,
597 struct lws_jwt_sign_set_cookie *i,
598 char *out, size_t *out_len);
599#endif
600
LWS_VISIBLE LWS_EXTERN int lws_jws_encode_section(const char *in, size_t in_len, int first, char **p, char *end)
LWS_VISIBLE LWS_EXTERN int lws_jws_sign_from_b64(struct lws_jose *jose, struct lws_jws *jws, char *b64_sig, size_t sig_len)
LWS_VISIBLE LWS_EXTERN int lws_jws_randomize_element(struct lws_context *context, struct lws_jws_map *map, int idx, char *temp, int *temp_len, size_t random_len, size_t actual_alloc)
LWS_VISIBLE LWS_EXTERN int lws_jws_sig_confirm_compact_b64(const char *in, size_t len, struct lws_jws_map *map, struct lws_jwk *jwk, struct lws_context *context, char *temp, int *temp_len)
LWS_VISIBLE LWS_EXTERN int lws_jws_write_compact(struct lws_jws *jws, char *compact, size_t len)
LWS_VISIBLE LWS_EXTERN int lws_jwt_sign_compact(struct lws_context *ctx, struct lws_jwk *jwk, const char *alg, char *out, size_t *out_len, char *temp, int tl, const char *format,...) LWS_FORMAT(8)
LWS_VISIBLE LWS_EXTERN void lws_jws_destroy(struct lws_jws *jws)
LWS_VISIBLE LWS_EXTERN int lws_jws_sig_confirm(struct lws_jws_map *map_b64, struct lws_jws_map *map, struct lws_jwk *jwk, struct lws_context *context)
LWS_VISIBLE LWS_EXTERN int lws_jws_encode_b64_element(struct lws_jws_map *map, int idx, char *temp, int *temp_len, const void *in, size_t in_len)
LWS_VISIBLE LWS_EXTERN int lws_jws_sig_confirm_compact(struct lws_jws_map *map, struct lws_jwk *jwk, struct lws_context *context, char *temp, int *temp_len)
LWS_VISIBLE LWS_EXTERN int lws_jws_alloc_element(struct lws_jws_map *map, int idx, char *temp, int *temp_len, size_t len, size_t actual_alloc)
LWS_VISIBLE LWS_EXTERN int lws_jwt_sign_via_info(struct lws_context *ctx, struct lws_jwk *jwk, const struct lws_jwt_sign_info *info, const char *format,...) LWS_FORMAT(4)
LWS_VISIBLE LWS_EXTERN int lws_jws_dup_element(struct lws_jws_map *map, int idx, char *temp, int *temp_len, const void *in, size_t in_len, size_t actual_alloc)
LWS_VISIBLE LWS_EXTERN int lws_jws_write_flattened_json(struct lws_jws *jws, char *flattened, size_t len)
LWS_VISIBLE LWS_EXTERN int lws_jwt_signed_validate(struct lws_context *ctx, struct lws_jwk *jwk, const char *alg_list, const char *com, size_t len, char *temp, int tl, char *out, size_t *out_len)
LWS_VISIBLE LWS_EXTERN int lws_jws_base64_enc(const char *in, size_t in_len, char *out, size_t out_max)
LWS_VISIBLE LWS_EXTERN int lws_jwt_token_sanity(const char *in, size_t in_len, const char *iss, const char *aud, const char *csrf_in, char *sub, size_t sub_len, unsigned long *exp_unix_time)
LWS_VISIBLE LWS_EXTERN int lws_jws_b64_compact_map(const char *in, int len, struct lws_jws_map *map)
LWS_VISIBLE LWS_EXTERN int lws_jws_compact_decode(const char *in, int len, struct lws_jws_map *map, struct lws_jws_map *map_b64, char *out, int *out_len)
LWS_VISIBLE LWS_EXTERN void lws_jws_init(struct lws_jws *jws, struct lws_jwk *jwk, struct lws_context *context)
Definition: lws-jose.h:116
Definition: lws-jwk.h:50
Definition: lws-jws.h:61
Definition: lws-jws.h:68
Definition: lws-jws.h:460
const char * alg
Definition: lws-jws.h:461
size_t jose_hdr_len
Definition: lws-jws.h:466
char * temp
Definition: lws-jws.h:472
size_t * out_len
Definition: lws-jws.h:470
const char * jose_hdr
Definition: lws-jws.h:463
char * out
Definition: lws-jws.h:468
int tl
Definition: lws-jws.h:475