| 1 | /* |
|---|---|
| 2 | * libwebsockets - small server side websockets and web server implementation |
| 3 | * |
| 4 | * Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com> |
| 5 | * |
| 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy |
| 7 | * of this software and associated documentation files (the "Software"), to |
| 8 | * deal in the Software without restriction, including without limitation the |
| 9 | * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
| 10 | * sell copies of the Software, and to permit persons to whom the Software is |
| 11 | * furnished to do so, subject to the following conditions: |
| 12 | * |
| 13 | * The above copyright notice and this permission notice shall be included in |
| 14 | * all copies or substantial portions of the Software. |
| 15 | * |
| 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
| 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
| 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
| 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
| 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING |
| 21 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS |
| 22 | * IN THE SOFTWARE. |
| 23 | * |
| 24 | * JWE Compact Serialization consists of |
| 25 | * |
| 26 | * BASE64URL(UTF8(JWE Protected Header)) || '.' || |
| 27 | * BASE64URL(JWE Encrypted Key) || '.' || |
| 28 | * BASE64URL(JWE Initialization Vector) || '.' || |
| 29 | * BASE64URL(JWE Ciphertext) || '.' || |
| 30 | * BASE64URL(JWE Authentication Tag) |
| 31 | */ |
| 32 | |
| 33 | #define LWS_JWE_RFC3394_OVERHEAD_BYTES 8 |
| 34 | #define LWS_JWE_AES_IV_BYTES 16 |
| 35 | |
| 36 | #define LWS_JWE_LIMIT_RSA_KEY_BITS 4096 |
| 37 | #define LWS_JWE_LIMIT_AES_KEY_BITS (512 + 64) /* RFC3394 Key Wrap adds 64b */ |
| 38 | #define LWS_JWE_LIMIT_EC_KEY_BITS 528 /* 521 rounded to byte boundary */ |
| 39 | #define LWS_JWE_LIMIT_HASH_BITS (LWS_GENHASH_LARGEST * 8) |
| 40 | |
| 41 | /* the largest key element for any cipher */ |
| 42 | #define LWS_JWE_LIMIT_KEY_ELEMENT_BYTES (LWS_JWE_LIMIT_RSA_KEY_BITS / 8) |
| 43 | |
| 44 | |
| 45 | struct lws_jwe { |
| 46 | struct lws_jose jose; |
| 47 | struct lws_jws jws; |
| 48 | struct lws_jwk jwk; |
| 49 | |
| 50 | /* |
| 51 | * We have to keep a copy of the CEK so we can reuse it with later |
| 52 | * key encryptions for the multiple recipient case. |
| 53 | */ |
| 54 | uint8_t cek[LWS_JWE_LIMIT_KEY_ELEMENT_BYTES]; |
| 55 | unsigned int cek_valid:1; |
| 56 | |
| 57 | int recip; |
| 58 | }; |
| 59 | |
| 60 | LWS_VISIBLE LWS_EXTERN void |
| 61 | lws_jwe_init(struct lws_jwe *jwe, struct lws_context *context); |
| 62 | |
| 63 | LWS_VISIBLE LWS_EXTERN void |
| 64 | lws_jwe_destroy(struct lws_jwe *jwe); |
| 65 | |
| 66 | LWS_VISIBLE LWS_EXTERN void |
| 67 | lws_jwe_be64(uint64_t c, uint8_t *p8); |
| 68 | |
| 69 | /* |
| 70 | * JWE Compact Serialization consists of |
| 71 | * |
| 72 | * BASE64URL(UTF8(JWE Protected Header)) || '.' || |
| 73 | * BASE64URL(JWE Encrypted Key) || '.' || |
| 74 | * BASE64URL(JWE Initialization Vector) || '.' || |
| 75 | * BASE64URL(JWE Ciphertext) || '.' || |
| 76 | * BASE64URL(JWE Authentication Tag) |
| 77 | */ |
| 78 | |
| 79 | LWS_VISIBLE LWS_EXTERN int |
| 80 | lws_jwe_render_compact(struct lws_jwe *jwe, char *out, size_t out_len); |
| 81 | |
| 82 | LWS_VISIBLE int |
| 83 | lws_jwe_render_flattened(struct lws_jwe *jwe, char *out, size_t out_len); |
| 84 | |
| 85 | LWS_VISIBLE LWS_EXTERN int |
| 86 | lws_jwe_json_parse(struct lws_jwe *jwe, const uint8_t *buf, int len, |
| 87 | char *temp, int *temp_len); |
| 88 | |
| 89 | /** |
| 90 | * lws_jwe_auth_and_decrypt() - confirm and decrypt JWE |
| 91 | * |
| 92 | * \param jose: jose context |
| 93 | * \param jws: jws / jwe context... .map and .map_b64 must be filled already |
| 94 | * |
| 95 | * This is a high level JWE decrypt api that takes a jws with the maps |
| 96 | * already processed, and if the authentication passes, returns the decrypted |
| 97 | * plaintext in jws.map.buf[LJWE_CTXT] and its length in jws.map.len[LJWE_CTXT]. |
| 98 | * |
| 99 | * In the jws, the following fields must have been set by the caller |
| 100 | * |
| 101 | * .context |
| 102 | * .jwk (the key encryption key) |
| 103 | * .map |
| 104 | * .map_b64 |
| 105 | * |
| 106 | * Having the b64 and decoded maps filled externally makes it flexible where |
| 107 | * the data was picked from, eg, from a Complete JWE JSON serialization, a |
| 108 | * flattened one, or a Compact Serialization. |
| 109 | * |
| 110 | * Returns decrypt length, or -1 for failure. |
| 111 | */ |
| 112 | LWS_VISIBLE LWS_EXTERN int |
| 113 | lws_jwe_auth_and_decrypt(struct lws_jwe *jwe, char *temp, int *temp_len); |
| 114 | |
| 115 | /** |
| 116 | * lws_jwe_encrypt() - perform JWE encryption |
| 117 | * |
| 118 | * \param jose: the JOSE header information (encryption types, etc) |
| 119 | * \param jws: the JWE elements, pointer to jwk etc |
| 120 | * \param temp: parent-owned buffer to "allocate" elements into |
| 121 | * \param temp_len: amount of space available in temp |
| 122 | * |
| 123 | * May be called up to LWS_JWS_MAX_RECIPIENTS times to encrypt the same CEK |
| 124 | * multiple ways on the same JWE payload. |
| 125 | * |
| 126 | * returns the amount of temp used, or -1 for error. |
| 127 | */ |
| 128 | LWS_VISIBLE LWS_EXTERN int |
| 129 | lws_jwe_encrypt(struct lws_jwe *jwe, char *temp, int *temp_len); |
| 130 | |
| 131 | /** |
| 132 | * lws_jwe_create_packet() - add b64 sig to b64 hdr + payload |
| 133 | * |
| 134 | * \param jwe: the struct lws_jwe we are trying to render |
| 135 | * \param payload: unencoded payload JSON |
| 136 | * \param len: length of unencoded payload JSON |
| 137 | * \param nonce: Nonse string to include in protected header |
| 138 | * \param out: buffer to take signed packet |
| 139 | * \param out_len: size of \p out buffer |
| 140 | * \param conext: lws_context to get random from |
| 141 | * |
| 142 | * This creates a "flattened" JWS packet from the jwk and the plaintext |
| 143 | * payload, and signs it. The packet is written into \p out. |
| 144 | * |
| 145 | * This does the whole packet assembly and signing, calling through to |
| 146 | * lws_jws_sign_from_b64() as part of the process. |
| 147 | * |
| 148 | * Returns the length written to \p out, or -1. |
| 149 | */ |
| 150 | LWS_VISIBLE LWS_EXTERN int |
| 151 | lws_jwe_create_packet(struct lws_jwe *jwe, |
| 152 | const char *payload, size_t len, const char *nonce, |
| 153 | char *out, size_t out_len, struct lws_context *context); |
| 154 | |
| 155 | |
| 156 | /* only exposed because we have test vectors that need it */ |
| 157 | LWS_VISIBLE LWS_EXTERN int |
| 158 | lws_jwe_auth_and_decrypt_cbc_hs(struct lws_jwe *jwe, uint8_t *enc_cek, |
| 159 | uint8_t *aad, int aad_len); |
| 160 | |
| 161 | /* only exposed because we have test vectors that need it */ |
| 162 | LWS_VISIBLE LWS_EXTERN int |
| 163 | lws_jwa_concat_kdf(struct lws_jwe *jwe, int direct, |
| 164 | uint8_t *out, const uint8_t *shared_secret, int sslen); |
| 165 |
Generated while processing DDNet/engine/shared/websockets.cpp
Generated on 2024-Jul-05 from project include
Powered by 
Code Browser 2.1
Generator usage only permitted with license.