Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00
Code Issues Releases Wiki Activity

JWK + JWS: JSON Web Keys RFC7517 + Signatures support RFC7515

Browse source 
This adds some optional apis around JSON Web Keys and JSON Web Signatures.

HMAC SHA256/384/512 and RSA + SHA256/384/512 are supported.

This also add a new "LWS_WITH_SELFTESTS" that enables the selftests.
This commit is contained in:
Andy Green 2017-10-18 19:27:38 +08:00
parent c32a22c20b
commit 278e520479
7 changed files with 1112 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
CMakeLists.txt
View file

@ -126,6 +126,8 @@ option(LWS_AVOID_SIGPIPE_IGN "Android 7+ seems to need this" OFF)
option(LWS_WITH_STATS "Keep statistics of lws internal operations" OFF)
option(LWS_WITH_SOCKS5 "Allow use of SOCKS5 proxy on client connections" OFF)
option(LWS_WITH_PEER_LIMITS "Track peers and restrict resources a single peer can allocate" OFF)
option(LWS_WITH_JWS "JSON Web Signature (RFC7515) API" OFF)
option(LWS_WITH_SELFTESTS "Selftests run at context creation" OFF)
macro(confirm_command CMD NOCMD)
find_program (HAVE_CMD_${CMD} ${CMD} )
@ -146,6 +148,10 @@ if (LWS_WITH_LWSWS)
set(LWS_WITH_PEER_LIMITS 1)
endif()
if (LWS_WITH_JWS)
set(LWS_WITH_LEJP 1)
endif()
if (LWS_WITH_PLUGINS AND NOT LWS_WITH_LIBUV)
message(STATUS "LWS_WITH_PLUGINS --> Enabling LWS_WITH_LIBUV")
set(LWS_WITH_LIBUV 1)
@ -837,6 +843,12 @@ if (LWS_WITH_ZIP_FOPS)
endif()
endif()
if (LWS_WITH_JWS)
list(APPEND SOURCES
lib/jws/jwk.c
lib/jws/jws.c)
endif()
# Add helper files for Windows.
if (WIN32)
set(WIN32_HELPERS_PATH win32port/win32helpers)

3
cmake/lws_config.h.in
View file

@ -145,6 +145,9 @@
#cmakedefine LWS_HAVE__ATOI64
#cmakedefine LWS_HAVE__STAT32I64
#cmakedefine LWS_WITH_JWS
#cmakedefine LWS_WITH_SELFTESTS
/* OpenSSL various APIs */
#cmakedefine LWS_HAVE_TLS_CLIENT_METHOD

4
lib/context.c
View file

@ -1177,6 +1177,10 @@ lws_create_context(struct lws_context_creation_info *info)
LWS_EXT_CB_CLIENT_CONTEXT_CONSTRUCT, NULL, 0) < 0)
goto bail;
#if defined(LWS_WITH_SELFTESTS)
lws_jws_selftest();
#endif
return context;
bail:

288
lib/jws/jwk.c Normal file
View file

@ -0,0 +1,288 @@
/*
* libwebsockets - JSON Web Key support
*
* Copyright (C) 2017 Andy Green <andy@warmcat.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation:
* version 2.1 of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
#include "private-libwebsockets.h"
#include <fcntl.h>
#include <unistd.h>
static const char * const jwk_tok[] = {
"e", "n", "d", "p", "q", "dp", "dq", "qi", "kty", "k",
};
static int
_lws_jwk_set_element(struct lws_genrsa_element *e, char *in, int len)
{
int dec_size = ((len * 3) / 4) + 4, n;
e->buf = lws_malloc(dec_size, "jwk");
if (!e->buf)
return -1;
n = lws_b64_decode_string_len(in, len, (char *)e->buf, dec_size - 1);
if (n < 0)
return -1;
e->len = n;
return 0;
}
struct cb_lws_jwk {
struct lws_jwk *s;
char *b64;
int b64max;
int pos;
};
static signed char
cb_jwk(struct lejp_ctx *ctx, char reason)
{
struct cb_lws_jwk *cbs = (struct cb_lws_jwk *)ctx->user;
struct lws_jwk *s = cbs->s;
int idx;
if (reason == LEJPCB_VAL_STR_START)
cbs->pos = 0;
if (!(reason & LEJP_FLAG_CB_IS_VALUE) || !ctx->path_match)
return 0;
switch (ctx->path_match - 1) {
case JWK_KTY:
strncpy(s->keytype, ctx->buf, sizeof(s->keytype) - 1);
s->keytype[sizeof(s->keytype) - 1] = '\0';
if (!strcmp(ctx->buf, "oct")) {
break;
}
if (!strcmp(ctx->buf, "RSA")) {
break;
}
return -1;
case JWK_KEY:
if (strcmp(s->keytype, "oct"))
return -1;
idx = JWK_KEY_E;
goto read_element1;
case JWK_KEY_N:
case JWK_KEY_E:
case JWK_KEY_D:
case JWK_KEY_P:
case JWK_KEY_Q:
case JWK_KEY_DP:
case JWK_KEY_DQ:
case JWK_KEY_QI:
idx = ctx->path_match - 1;
goto read_element;
}
return 0;
read_element:
if (strcmp(s->keytype, "RSA"))
return -1;
read_element1:
if (cbs->pos + ctx->npos >= cbs->b64max)
return -1;
memcpy(cbs->b64 + cbs->pos, ctx->buf, ctx->npos);
cbs->pos += ctx->npos;
if (reason == LEJPCB_VAL_STR_CHUNK)
return 0;
if (_lws_jwk_set_element(&s->el.e[idx], cbs->b64, cbs->pos) < 0) {
lws_jwk_destroy_genrsa_elements(&s->el);
return -1;
}
return 0;
}
LWS_VISIBLE int
lws_jwk_import(struct lws_jwk *s, const char *in, size_t len)
{
struct lejp_ctx jctx;
struct cb_lws_jwk cbs;
const int b64max = (((8192 / 8) * 4) / 3) + 1; /* enough for 8K key */
char b64[b64max];
int m;
memset(s, 0, sizeof(*s));
cbs.s = s;
cbs.b64 = b64;
cbs.b64max = b64max;
cbs.pos = 0;
lejp_construct(&jctx, cb_jwk, &cbs, jwk_tok, ARRAY_SIZE(jwk_tok));
m = (int)(signed char)lejp_parse(&jctx, (uint8_t *)in, len);
lejp_destruct(&jctx);
if (m < 0) {
lwsl_notice("%s: parse got %d\n", __func__, m);
return -1;
}
return 0;
}
LWS_VISIBLE void
lws_jwk_destroy(struct lws_jwk *s)
{
lws_jwk_destroy_genrsa_elements(&s->el);
}
LWS_VISIBLE int
lws_jwk_export(struct lws_jwk *s, int private, char *p, size_t len)
{
char *start = p, *end = &p[len - 1];
int n, m, limit = LWS_COUNT_RSA_ELEMENTS;
p += lws_snprintf(p, end - p, "{\"kty\":\"%s\",", s->keytype);
if (!strcmp(s->keytype, "oct")) {
if (!s->el.e[JWK_KEY_E].buf)
return -1;
p += lws_snprintf(p, end - p, "\"k\":\"");
n = lws_jws_base64_enc((const char *)s->el.e[JWK_KEY_E].buf,
s->el.e[JWK_KEY_E].len, p,
end - p - 4);
if (n < 0) {
lwsl_notice("%s: enc failed\n", __func__);
return -1;
}
p += n;
p += lws_snprintf(p, end - p, "\"}");
return p - start;
}
if (!strcmp(s->keytype, "RSA")) {
if (!s->el.e[JWK_KEY_E].buf ||
!s->el.e[JWK_KEY_N].buf ||
(private && (!s->el.e[JWK_KEY_D].buf ||
!s->el.e[JWK_KEY_P].buf ||
!s->el.e[JWK_KEY_Q].buf))
) {
lwsl_notice("%s: not enough elements filled\n", __func__);
return -1;
}
if (!private)
limit = JWK_KEY_N + 1;
for (n = 0; n < limit; n++) {
if (!s->el.e[n].buf)
continue;
lwsl_info("%d: len %d\n", n, s->el.e[n].len);
if (n)
p += lws_snprintf(p, end - p, ",");
p += lws_snprintf(p, end - p, "\"%s\":\"", jwk_tok[n]);
m = lws_jws_base64_enc((const char *)s->el.e[n].buf,
s->el.e[n].len, p,
end - p - 4);
if (m < 0) {
lwsl_notice("%s: enc2 failed inlen %d outlen %d\n", __func__, (int)s->el.e[n].len, (int)(end-p-4));
return -1;
}
p += m;
*p++ = '\"';
}
p += lws_snprintf(p, end - p, "}");
return p - start;
}
lwsl_err("%s: unknown key type %s\n", __func__, s->keytype);
return -1;
}
LWS_VISIBLE int
lws_jwk_load(struct lws_jwk *s, const char *filename)
{
int buflen = 4096;
char *buf = lws_malloc(buflen, "jwk-load");
int fd, n;
if (!buf)
return -1;
fd = open(filename, O_RDONLY);
if (fd == -1)
goto bail;
n = read(fd, buf, buflen);
close(fd);
if (n < 0)
goto bail;
n = lws_jwk_import(s, buf, n);
lws_free(buf);
return n;
bail:
lws_free(buf);
return -1;
}
LWS_VISIBLE int
lws_jwk_save(struct lws_jwk *s, const char *filename)
{
int buflen = 4096;
char *buf = lws_malloc(buflen, "jwk-save");
int fd, n, m;
if (!buf)
return -1;
fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
if (fd == -1)
goto bail;
n = lws_jwk_export(s, 1, buf, buflen);
if (n < 0) {
close(fd);
goto bail;
}
m = write(fd, buf, n);
close(fd);
lws_free(buf);
if (m < 0 || m != n)
return -1;
return 0;
bail:
lws_free(buf);
return -1;
}

643
lib/jws/jws.c Normal file
View file

@ -0,0 +1,643 @@
/*
* libwebsockets - JSON Web Signature support
*
* Copyright (C) 2017 Andy Green <andy@warmcat.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation:
* version 2.1 of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
#include "private-libwebsockets.h"
/*
* JSON Web Signature is defined in RFC7515
*
* https://tools.ietf.org/html/rfc7515
*
* It's basically a way to wrap some JSON with a JSON "header" describing the
* crypto, and a signature, all in a BASE64 wrapper with elided terminating '='.
*
* The signature stays with the content, it serves a different purpose than eg
* a TLS tunnel to transfer it.
*
* RFC7518 (JSON Web Algorithms) says for the "alg" names
*
* | HS256 | HMAC using SHA-256 | Required |
* | HS384 | HMAC using SHA-384 | Optional |
* | HS512 | HMAC using SHA-512 | Optional |
* | RS256 | RSASSA-PKCS1-v1_5 using | Recommended |
* | RS384 | RSASSA-PKCS1-v1_5 using | Optional |
* | | SHA-384 | |
* | RS512 | RSASSA-PKCS1-v1_5 using | Optional |
* | | SHA-512 | |
* | ES256 | ECDSA using P-256 and SHA-256 | Recommended+ |
* | ES384 | ECDSA using P-384 and SHA-384 | Optional |
* | ES512 | ECDSA using P-521 and SHA-512 | Optional |
*
* Boulder (FOSS ACME provider) supports RS256, ES256, ES384 and ES512
* currently. The "Recommended+" just means it is recommended but will likely
* be "very recommended" soon.
*
* We support HS256/384/512 for symmetric crypto, but the choice for the
* asymmetric crypto isn't as easy to make.
*
* Normally you'd choose the EC option but these are defined to use the
* "NIST curves" (RFC7518 3.4) which are believed to be insecure.
*
* https://safecurves.cr.yp.to/
*
* For that reason we implement RS256/384/512 for asymmetric.
*/
#if defined(LWS_WITH_SELFTESTS)
static const char
*test1 = "{\"typ\":\"JWT\",\r\n \"alg\":\"HS256\"}",
*test1_enc = "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9",
*test2 = "{\"iss\":\"joe\",\r\n \"exp\":1300819380,\r\n"
" \"http://example.com/is_root\":true}",
*test2_enc = "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQ"
"ogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ",
*key_jwk = "{\"kty\":\"oct\",\r\n"
" \"k\":\"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQ"
"Lr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow\"}",
*hash_enc = "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk",
/* the key from worked example in RFC7515 A-1, as a JWK */
*rfc7515_rsa_key =
"{\"kty\":\"RSA\","
" \"n\":\"ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx"
"HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs"
"D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH"
"SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV"
"MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8"
"NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ\","
"\"e\":\"AQAB\","
"\"d\":\"Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97I"
"jlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0"
"BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn"
"439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYT"
"CBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLh"
"BOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ\","
"\"p\":\"4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH_5IB3jw3bcxGn6QLvnEtfdUdi"
"YrqBdss1l58BQ3KhooKeQTa9AB0Hw_Py5PJdTJNPY8cQn7ouZ2KKDcmnPG"
"BY5t7yLc1QlQ5xHdwW1VhvKn-nXqhJTBgIPgtldC-KDV5z-y2XDwGUc\","
"\"q\":\"uQPEfgmVtjL0Uyyx88GZFF1fOunH3-7cepKmtH4pxhtCoHqpWmT8YAmZxa"
"ewHgHAjLYsp1ZSe7zFYHj7C6ul7TjeLQeZD_YwD66t62wDmpe_HlB-TnBA"
"-njbglfIsRLtXlnDzQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdc\","
"\"dp\":\"BwKfV3Akq5_MFZDFZCnW-wzl-CCo83WoZvnLQwCTeDv8uzluRSnm71I3Q"
"CLdhrqE2e9YkxvuxdBfpT_PI7Yz-FOKnu1R6HsJeDCjn12Sk3vmAktV2zb"
"34MCdy7cpdTh_YVr7tss2u6vneTwrA86rZtu5Mbr1C1XsmvkxHQAdYo0\","
"\"dq\":\"h_96-mK1R_7glhsum81dZxjTnYynPbZpHziZjeeHcXYsXaaMwkOlODsWa"
"7I9xXDoRwbKgB719rrmI2oKr6N3Do9U0ajaHF-NKJnwgjMd2w9cjz3_-ky"
"NlxAr2v4IKhGNpmM5iIgOS1VZnOZ68m6_pbLBSp3nssTdlqvd0tIiTHU\","
"\"qi\":\"IYd7DHOhrWvxkwPQsRM2tOgrjbcrfvtQJipd-DlcxyVuuM9sQLdgjVk2o"
"y26F0EmpScGLq2MowX7fhd_QJQ3ydy5cY7YIBi87w93IKLEdfnbJtoOPLU"
"W0ITrJReOgo1cq9SbsxYawBgfp_gh6A5603k2-ZQwVK0JKSHuLFkuQ3U\""
"}",
*rfc7515_rsa_a1 = /* the signed worked example in RFC7515 A-1 */
"eyJhbGciOiJSUzI1NiJ9"
".eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt"
"cGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
".cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7"
"AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4"
"BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K"
"0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv"
"hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB"
"p0igcN_IoypGlUPQGe77Rw";
#endif
LWS_VISIBLE int
lws_jws_base64_enc(const char *in, size_t in_len, char *out, size_t out_max)
{
int n;
n = lws_b64_encode_string_url(in, in_len, out, out_max - 1);
if (n < 0)
return n; /* too large for output buffer */
/* trim the terminal = */
while (n && out[n - 1] == '=')
n--;
out[n] = '\0';
return n;
}
LWS_VISIBLE int
lws_jws_encode_section(const char *in, size_t in_len, int first, char **p,
char *end)
{
int n, len = (end - *p) - 1;
char *p_entry = *p;
if (len < 3)
return -1;
if (!first)
*(*p)++ = '.';
n = lws_jws_base64_enc(in, in_len, *p, len - 1);
if (n < 0)
return -1;
*p += n;
return (*p) - p_entry;
}
static int
lws_jws_find_sig(const char *in, size_t len)
{
const char *p = in + len - 1;
while (len--)
if (*p == '.')
return (p + 1) - in;
else
p--;
lwsl_notice("%s failed\n", __func__);
return -1;
}
static const char * const jhdr_tok[] = {
"typ",
"alg",
};
enum enum_jhdr_tok {
JHP_TYP,
JHP_ALG
};
struct cb_hdr_s {
enum lws_genhash_types hash_type;
enum lws_genhmac_types hmac_type;
char alg[10];
int is_rsa:1;
};
static signed char
cb_hdr(struct lejp_ctx *ctx, char reason)
{
struct cb_hdr_s *s = (struct cb_hdr_s *)ctx->user;
if (!(reason & LEJP_FLAG_CB_IS_VALUE) || !ctx->path_match)
return 0;
switch (ctx->path_match - 1) {
case JHP_TYP: /* it is optional */
if (strcmp(ctx->buf, "JWT"))
return -1;
break;
case JHP_ALG:
strncpy(s->alg, ctx->buf, sizeof(s->alg) - 1);
s->alg[sizeof(s->alg) - 1] = '\0';
if (!strcmp(ctx->buf, "HS256")) {
s->hmac_type = LWS_GENHMAC_TYPE_SHA256;
break;
}
if (!strcmp(ctx->buf, "HS384")) {
s->hmac_type = LWS_GENHMAC_TYPE_SHA384;
break;
}
if (!strcmp(ctx->buf, "HS512")) {
s->hmac_type = LWS_GENHMAC_TYPE_SHA512;
break;
}
if (!strcmp(ctx->buf, "RS256")) {
s->hash_type = LWS_GENHASH_TYPE_SHA256;
s->is_rsa = 1;
break;
}
if (!strcmp(ctx->buf, "RS384")) {
s->hash_type = LWS_GENHASH_TYPE_SHA384;
s->is_rsa = 1;
break;
}
if (!strcmp(ctx->buf, "RS512")) {
s->hash_type = LWS_GENHASH_TYPE_SHA512;
s->is_rsa = 1;
break;
}
return -1;
}
return 0;
}
LWS_VISIBLE int
lws_jws_confirm_sig(const char *in, size_t len, struct lws_jwk *jwk)
{
int sig_pos = lws_jws_find_sig(in, len), pos = 0, n, m, h_len;
uint8_t digest[LWS_GENHASH_LARGEST];
struct lws_genhash_ctx hash_ctx;
struct lws_genrsa_ctx rsactx;
struct lws_genhmac_ctx ctx;
struct cb_hdr_s args;
struct lejp_ctx jctx;
char buf[2048];
/* 1) there has to be a signature */
if (sig_pos < 0)
return -1;
/* 2) find length of first, hdr, block */
while (in[pos] != '.' && pos < (int)len)
pos++;
if (pos == (int)len)
return -1;
/* 3) Decode the header block */
n = lws_b64_decode_string_len(in, pos, buf, sizeof(buf) - 1);
if (n < 0)
return -1;
/* 4) Require either:
* typ: JWT (if present) and alg: HS256/384/512
* typ: JWT (if present) and alg: RS256/384/512
*/
args.alg[0] = '\0';
args.is_rsa = 0;
lejp_construct(&jctx, cb_hdr, &args, jhdr_tok, ARRAY_SIZE(jhdr_tok));
m = (int)(signed char)lejp_parse(&jctx, (uint8_t *)buf, n);
lejp_destruct(&jctx);
if (m < 0) {
lwsl_notice("parse got %d: alg %s\n", m, args.alg);
return -1;
}
/* 5) decode the B64URL signature part into buf / m */
m = lws_b64_decode_string_len(in + sig_pos, len - sig_pos,
buf, sizeof(buf) - 1);
if (args.is_rsa) {
/* RSASSA-PKCS1-v1_5 using SHA-256/384/512 */
/* 6(RSA): compute the hash of the payload into "digest" */
if (lws_genhash_init(&hash_ctx, args.hash_type))
return -1;
if (lws_genhash_update(&hash_ctx, (uint8_t *)in, sig_pos - 1)) {
lws_genhash_destroy(&hash_ctx, NULL);
return -1;
}
if (lws_genhash_destroy(&hash_ctx, digest))
return -1;
h_len = lws_genhash_size(args.hash_type);
if (lws_genrsa_create(&rsactx, &jwk->el)) {
lwsl_notice("%s: lws_genrsa_public_decrypt_create\n",
__func__);
return -1;
}
n = lws_genrsa_public_verify(&rsactx, digest, args.hash_type,
(uint8_t *)buf, m);
lws_genrsa_destroy(&rsactx);
if (n < 0) {
lwsl_notice("decrypt fail\n");
return -1;
}
return 0;
}
/* SHA256/384/512 HMAC */
h_len = lws_genhmac_size(args.hmac_type);
if (m < 0 || m != h_len)
return -1;
/* 6) compute HMAC over payload */
if (lws_genhmac_init(&ctx, args.hmac_type, jwk->el.e[JWK_KEY_E].buf,
jwk->el.e[JWK_KEY_E].len))
return -1;
if (lws_genhmac_update(&ctx, (uint8_t *)in, sig_pos - 1)) {
lws_genhmac_destroy(&ctx, NULL);
return -1;
}
if (lws_genhmac_destroy(&ctx, digest))
return -1;
/* 7) Compare the computed and decoded hashes */
if (memcmp(digest, buf, h_len)) {
lwsl_notice("digest mismatch\n");
return -1;
}
return 0;
}
LWS_VISIBLE int
lws_jws_sign_from_b64(const char *b64_hdr, size_t hdr_len, const char *b64_pay,
size_t pay_len, char *b64_sig, size_t sig_len,
enum lws_genhash_types hash_type, struct lws_jwk *jwk)
{
uint8_t digest[LWS_GENHASH_LARGEST];
struct lws_genhash_ctx hash_ctx;
struct lws_genrsa_ctx rsactx;
uint8_t *buf;
int n;
if (lws_genhash_init(&hash_ctx, hash_type))
return -1;
if (b64_hdr) {
if (lws_genhash_update(&hash_ctx, (uint8_t *)b64_hdr, hdr_len))
goto hash_fail;
if (lws_genhash_update(&hash_ctx, (uint8_t *)".", 1))
goto hash_fail;
}
if (lws_genhash_update(&hash_ctx, (uint8_t *)b64_pay, pay_len))
goto hash_fail;
if (lws_genhash_destroy(&hash_ctx, digest))
return -1;
if (!strcmp(jwk->keytype, "RSA")) {
if (lws_genrsa_create(&rsactx, &jwk->el)) {
lwsl_notice("%s: lws_genrsa_public_decrypt_create\n",
__func__);
return -1;
}
n = jwk->el.e[JWK_KEY_N].len;
buf = lws_malloc(n, "jws sign");
if (!buf)
return -1;
n = lws_genrsa_public_sign(&rsactx, digest, hash_type, buf, n);
lws_genrsa_destroy(&rsactx);
if (n < 0) {
lws_free(buf);
return -1;
}
n = lws_jws_base64_enc((char *)buf, n, b64_sig, sig_len);
lws_free(buf);
return n;
}
if (!strcmp(jwk->keytype, "oct"))
return lws_jws_base64_enc((char *)digest,
lws_genhash_size(hash_type),
b64_sig, sig_len);
/* unknown key type */
return -1;
hash_fail:
lws_genhash_destroy(&hash_ctx, NULL);
return -1;
}
LWS_VISIBLE int
lws_jws_create_packet(struct lws_jwk *jwk, const char *payload, size_t len,
const char *nonce, char *out, size_t out_len)
{
char *buf, *start, *p, *end, *p1, *end1, *b64_hdr, *b64_pay;
int n, b64_hdr_len, b64_pay_len;
/*
* This buffer is local to the function, the actual output
* is prepared into vhd->buf. Only the plaintext protected header
* (which contains the public key, 512 bytes for 4096b) goes in
* here temporarily.
*/
n = LWS_PRE + 2048;
buf = malloc(n);
if (!buf) {
lwsl_notice("%s: malloc %d failed\n", __func__, n);
return -1;
}
p = start = buf + LWS_PRE;
end = buf + n - LWS_PRE - 1;
/*
* temporary JWS protected header plaintext
*/
p += lws_snprintf(p, end - p, "{\"alg\":\"RS256\",\"jwk\":");
n = lws_jwk_export(jwk, 0, p, end - p);
if (n < 0) {
lwsl_notice("failed to export jwk\n");
goto bail;
}
p += n;
p += lws_snprintf(p, end - p, ",\"nonce\":\"%s\"}", nonce);
/*
* prepare the signed outer JSON with all the parts in
*/
p1 = out;
end1 = out + out_len - 1;
p1 += lws_snprintf(p1, end1 - p1, "{\"protected\":\"");
b64_hdr = p1;
n = lws_jws_base64_enc(start, p - start, p1, end1 - p1);
if (n < 0) {
lwsl_notice("%s: failed to encode protected\n", __func__);
goto bail;
}
b64_hdr_len = n;
p1 += n;
p1 += lws_snprintf(p1, end1 - p1, "\",\"payload\":\"");
b64_pay = p1;
n = lws_jws_base64_enc(payload, len, p1, end1 - p1);
if (n < 0) {
lwsl_notice("%s: failed to encode payload\n", __func__);
goto bail;
}
b64_pay_len = n;
p1 += n;
p1 += lws_snprintf(p1, end1 - p1, "\",\"signature\":\"");
/*
* taking the b64 protected header and the b64 payload, sign them
* and place the signature into the packet
*/
n = lws_jws_sign_from_b64(b64_hdr, b64_hdr_len, b64_pay, b64_pay_len,
p1, end1 - p1, LWS_GENHASH_TYPE_SHA256, jwk);
if (n < 0) {
lwsl_notice("sig gen failed\n");
goto bail;
}
p1 += n;
p1 += lws_snprintf(p1, end1 - p1, "\"}");
free(buf);
return p1 - out;
bail:
free(buf);
return -1;
}
#if defined(LWS_WITH_SELFTESTS)
/*
* These are the inputs and outputs from the worked example in RFC7515
* Appendix A.1.
*
* 1) has a fixed header + payload, and a fixed SHA256 HMAC key, and must give
* a fixed BASE64URL result.
*
* 2) has a fixed header + payload and is signed with a key given in JWK format
*/
int
lws_jws_selftest(void)
{
struct lws_genhmac_ctx ctx;
struct lws_jwk jwk;
char buf[2048], *p = buf, *end = buf + sizeof(buf) - 1, *enc_ptr, *p1;
uint8_t digest[LWS_GENHASH_LARGEST];
int n;
/* Test 1: SHA256 on RFC7515 worked example */
/* 1.1: decode the JWK oct key */
if (lws_jwk_import(&jwk, key_jwk, strlen(key_jwk)) < 0) {
lwsl_notice("Failed to decode JWK test key\n");
return -1;
}
/* 1.2: create JWS known hdr + known payload */
n = lws_jws_encode_section(test1, strlen(test1), 1, &p, end);
if (n < 0)
goto bail;
if (strcmp(buf, test1_enc))
goto bail;
enc_ptr = p + 1; /* + 1 skips the . */
n = lws_jws_encode_section(test2, strlen(test2), 0, &p, end);
if (n < 0)
goto bail;
if (strcmp(enc_ptr, test2_enc))
goto bail;
/* 1.3: use HMAC SHA-256 with known key on the hdr . payload */
if (lws_genhmac_init(&ctx, LWS_GENHMAC_TYPE_SHA256,
jwk.el.e[JWK_KEY_E].buf, jwk.el.e[JWK_KEY_E].len))
goto bail;
if (lws_genhmac_update(&ctx, (uint8_t *)buf, p - buf))
goto bail_destroy_hmac;
lws_genhmac_destroy(&ctx, digest);
/* 1.4: append a base64 encode of the computed HMAC digest */
enc_ptr = p + 1; /* + 1 skips the . */
n = lws_jws_encode_section((const char *)digest, 32, 0, &p, end);
if (n < 0)
goto bail;
if (strcmp(enc_ptr, hash_enc)) /* check against known B64URL hash */
goto bail;
/* 1.5: Check we can agree the signature matches the payload */
if (lws_jws_confirm_sig(buf, p - buf, &jwk) < 0) {
lwsl_notice("confirm sig failed\n");
goto bail;
}
lws_jwk_destroy(&jwk); /* finished with the key from the first test */
/* Test 2: RSA256 on RFC7515 worked example */
/* 2.1: turn the known JWK key for the RSA test into a lws_jwk */
if (lws_jwk_import(&jwk, rfc7515_rsa_key, strlen(rfc7515_rsa_key))) {
lwsl_notice("Failed to read JWK key\n");
goto bail2;
}
/* 2.2: check the signature on the test packet from RFC7515 A-1 */
if (lws_jws_confirm_sig(rfc7515_rsa_a1, strlen(rfc7515_rsa_a1),
&jwk) < 0) {
lwsl_notice("confirm rsa sig failed\n");
goto bail;
}
/* 2.3: generate our own signature for a copy of the test packet */
memcpy(buf, rfc7515_rsa_a1, strlen(rfc7515_rsa_a1));
/* set p to second . */
p = strchr(buf + 1, '.');
p1 = strchr(p + 1, '.');
n = lws_jws_sign_from_b64(buf, p - buf, p + 1, p1 - (p + 1),
p1 + 1, sizeof(buf) - (p1 - buf) - 1,
LWS_GENHASH_TYPE_SHA256, &jwk);
if (n < 0)
goto bail;
puts(buf);
/* 2.4: confirm our signature can be verified */
if (lws_jws_confirm_sig(buf, (p1 + 1 + n) - buf, &jwk) < 0) {
lwsl_notice("confirm rsa sig 2 failed\n");
goto bail;
}
lws_jwk_destroy(&jwk);
/* end */
lwsl_notice("%s: selftest OK\n", __func__);
return 0;
bail_destroy_hmac:
lws_genhmac_destroy(&ctx, NULL);
bail:
lws_jwk_destroy(&jwk);
bail2:
lwsl_err("%s: selftest failed ++++++++++++++++++++\n", __func__);
return 1;
}
#endif

158
lib/libwebsockets.h
View file

@ -1774,8 +1774,164 @@ LWS_VISIBLE LWS_EXTERN int
lws_genrsa_render_pkey_asn1(struct lws_genrsa_ctx *ctx, int _private,
uint8_t *pkey_asn1, size_t pkey_asn1_len);
///@}
#endif
/*! \defgroup jwk JSON Web Keys
* ## JSON Web Keys API
*
* Lws provides an API to parse JSON Web Keys into a struct lws_genrsa_elements.
*
* "oct" and "RSA" type keys are supported. For "oct" keys, they are held in
* the "e" member of the struct lws_genrsa_elements.
*
* Keys elements are allocated on the heap. You must destroy the allocations
* in the struct lws_genrsa_elements by calling
* lws_jwk_destroy_genrsa_elements() when you are finished with it.
*/
///@{
struct lws_jwk {
char keytype[5]; /**< "oct" or "RSA" */
struct lws_genrsa_elements el; /**< OCTet key is in el.e */
};
/** lws_jwk_import() - Create a JSON Web key from the textual representation
*
* \param s: the JWK object to create
* \param in: a single JWK JSON stanza in utf-8
* \param len: the length of the JWK JSON stanza in bytes
*
* Creates an lws_jwk struct filled with data from the JSON representation.
* "oct" and "rsa" key types are supported.
*
* For "oct" type keys, it is loaded into el.e.
*/
LWS_VISIBLE LWS_EXTERN int
lws_jwk_import(struct lws_jwk *s, const char *in, size_t len);
/** lws_jwk_destroy() - Destroy a JSON Web key
*
* \param s: the JWK object to destroy
*
* All allocations in the lws_jwk are destroyed
*/
LWS_VISIBLE LWS_EXTERN void
lws_jwk_destroy(struct lws_jwk *s);
/** lws_jwk_export() - Export a JSON Web key to a textual representation
*
* \param s: the JWK object to export
* \param _private: 0 = just export public parts, 1 = export everything
* \param p: the buffer to write the exported JWK to
* \param len: the length of the buffer \p p in bytes
*
* Returns length of the used part of the buffer if OK, or -1 for error.
*
* Serializes the content of the JWK into a char buffer.
*/
LWS_VISIBLE LWS_EXTERN int
lws_jwk_export(struct lws_jwk *s, int _private, char *p, size_t len);
/** lws_jwk_load() - Import a JSON Web key from a file
*
* \param s: the JWK object to load into
* \param filename: filename to load from
*
* Returns 0 for OK or -1 for failure
*/
LWS_VISIBLE int
lws_jwk_load(struct lws_jwk *s, const char *filename);
/** lws_jwk_save() - Export a JSON Web key to a file
*
* \param s: the JWK object to save from
* \param filename: filename to save to
*
* Returns 0 for OK or -1 for failure
*/
LWS_VISIBLE int
lws_jwk_save(struct lws_jwk *s, const char *filename);
///@}
/*! \defgroup jws JSON Web Signature
* ## JSON Web Signature API
*
* Lws provides an API to check and create RFC7515 JSON Web Signatures
*
* SHA256/384/512 HMAC, and RSA 256/384/512 are supported.
*
* The API uses your TLS library crypto, but works exactly the same no matter
* what you TLS backend is.
*/
///@{
LWS_VISIBLE LWS_EXTERN int
lws_jws_confirm_sig(const char *in, size_t len, struct lws_jwk *jwk);
/**
* lws_jws_sign_from_b64() - add b64 sig to b64 hdr + payload
*
* \param b64_hdr: protected header encoded in b64, may be NULL
* \param hdr_len: bytes in b64 coding of protected header
* \param b64_pay: payload encoded in b64
* \param pay_len: bytes in b64 coding of payload
* \param b64_sig: buffer to write the b64 encoded signature into
* \param sig_len: max bytes we can write at b64_sig
* \param hash_type: one of LWS_GENHASH_TYPE_SHA[256|384|512]
* \param jwk: the struct lws_jwk containing the signing key
*
* This adds a b64-coded JWS signature of the b64-encoded protected header
* and b64-encoded payload, at \p b64_sig. The signature will be as large
* as the N element of the RSA key when the RSA key is used, eg, 512 bytes for
* a 4096-bit key, and then b64-encoding on top.
*
* In some special cases, there is only payload to sign and no header, in that
* case \p b64_hdr may be NULL, and only the payload will be hashed before
* signing.
*
* Returns the length of the encoded signature written to \p b64_sig, or -1.
*/
LWS_VISIBLE LWS_EXTERN int
lws_jws_sign_from_b64(const char *b64_hdr, size_t hdr_len, const char *b64_pay,
size_t pay_len, char *b64_sig, size_t sig_len,
enum lws_genhash_types hash_type, struct lws_jwk *jwk);
/**
* lws_jws_create_packet() - add b64 sig to b64 hdr + payload
*
* \param jwk: the struct lws_jwk containing the signing key
* \param payload: unencoded payload JSON
* \param len: length of unencoded payload JSON
* \param nonce: Nonse string to include in protected header
* \param out: buffer to take signed packet
* \param out_len: size of \p out buffer
*
* This creates a "flattened" JWS packet from the jwk and the plaintext
* payload, and signs it. The packet is written into \p out.
*
* This does the whole packet assembly and signing, calling through to
* lws_jws_sign_from_b64() as part of the process.
*
* Returns the length written to \p out, or -1.
*/
LWS_VISIBLE LWS_EXTERN int
lws_jws_create_packet(struct lws_jwk *jwk, const char *payload, size_t len,
const char *nonce, char *out, size_t out_len);
/**
* lws_jws_base64_enc() - encode input data into b64url data
*
* \param in: the incoming plaintext
* \param in_len: the length of the incoming plaintext in bytes
* \param out: the buffer to store the b64url encoded data to
* \param out_max: the length of \p out in bytes
*
* Returns either -1 if problems, or the number of bytes written to \p out.
*/
LWS_VISIBLE LWS_EXTERN int
lws_jws_base64_enc(const char *in, size_t in_len, char *out, size_t out_max);
///@}
#endif
/*! \defgroup extensions Extension related functions
* ##Extension releated functions

5
lib/private-libwebsockets.h
View file

@ -1221,6 +1221,9 @@ lws_restart_ws_ping_pong_timer(struct lws *wsi);
struct lws *
lws_adopt_socket_vhost(struct lws_vhost *vh, lws_sockfd_type accept_fd);
int
lws_jws_base64_enc(const char *in, size_t in_len, char *out, size_t out_max);
enum {
LWS_EV_READ = (1 << 0),
@ -2500,6 +2503,8 @@ lws_ssl_capable_write_no_ssl(struct lws *wsi, unsigned char *buf, int len);
LWS_EXTERN int LWS_WARN_UNUSED_RESULT
lws_ssl_pending_no_ssl(struct lws *wsi);
int lws_jws_selftest(void);
#ifdef LWS_WITH_HTTP_PROXY
struct lws_rewrite {
hubbub_parser *parser;