1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Commit graph

19 commits

Author SHA1 Message Date
Andy Green
4db2ff872b cose: keys and signing + validation
Support for COSE keys and signing / validation

 - lws_cose_key_t and import / export / generation apis for EC / RSA / SYMMETRIC

 - cose_sign1 ES256/384/512,RS256/384/512 sign + validate, passes RFC8152 WG tests sign1-tests
 - cose_sign  ES256/384/512,RS256/384/512 sign + validate, passes RFC8152 WG tests sign-tests
 - cose_mac0  HS256/HS256_64/384/512      sign + validate, passes RFC8152 WG tests hmac-examples
 - cose_mac   HS256/HS256_64/384/512             validate, passes RFC8152 WG tests hmac-examples

 - lws-crypto-cose-key commandline tool for key / key set dumping and
   creation
 - lws-crypro-cose-sign commandline tool for signing / validation

 - lws-api-test-cose - large number of test vectors and tests from RFC8152
2021-08-31 05:45:35 +01:00
Andy Green
4b089788bc tls: mbedtls-3
Adapt mbedtls support for compatibility with v3, while maintaining
compatibility with v2.

Notice v3 has removed the ability to encrypt with pubkey and
decrypt with privkey.  Openssl still has it, atm with v3 these
fall back to encrypt with privkey and decrypt with pubkey.

> The RSA module no longer supports private-key operations with the
> public key or vice versa. As a consequence, RSA operation functions
> no longer have a mode parameter. If you were calling RSA operations
> with the normal mode (public key for verification or encryption,
> private key for signature or decryption), remove the
> MBEDTLS_MODE_PUBLIC or MBEDTLS_MODE_PRIVATE argument. If you were
> calling RSA operations with the wrong mode, which rarely makes sense
>from a security perspective, this is no longer supported.
2021-07-13 13:22:50 +01:00
Andy Green
c9731c5f17 type comparisons: fixes
This is a huge patch that should be a global NOP.

For unix type platforms it enables -Wconversion to issue warnings (-> error)
for all automatic casts that seem less than ideal but are normally concealed
by the toolchain.

This is things like passing an int to a size_t argument.  Once enabled, I
went through all args on my default build (which build most things) and
tried to make the removed default cast explicit.

With that approach it neither change nor bloat the code, since it compiles
to whatever it was doing before, just with the casts made explicit... in a
few cases I changed some length args from int to size_t but largely left
the causes alone.

From now on, new code that is relying on less than ideal casting
will complain and nudge me to improve it by warnings.
2021-01-05 10:56:38 +00:00
Andy Green
1d8be99cff cmake: latest cmake shows dep warnings for scripts < 2.8.12 2020-12-06 19:44:54 +00:00
Andy Green
2bcae2b3b6 context: refactor destroy flow 2020-11-28 10:58:38 +00:00
Andy Green
1ebe27e38f cmake: mark all the subprojects as explicitly C
We don't need a C++ compiler but if we don't spell it out, cmake
assumes it C + C++ compiler needed.
2020-08-31 16:51:36 +01:00
Andy Green
b324f0e43b cmake: provide LIBWEBSOCKETS_DEP_LIBS in CONFIG 2020-06-16 19:45:35 +01:00
Andy Green
b3131fdfdd cmakelist: Augean Stables refactor
Establish a new distributed CMake architecture with CMake code related to
a source directory moving to be in the subdir in its own CMakeLists.txt.
In particular, there's now one in ./lib which calls through to ones
further down the directory tree like ./lib/plat/xxx, ./lib/roles/xxx etc.

This cuts the main CMakelists.txt from 98KB -> 33KB, about a 66% reduction,
and it's much easier to maintain sub-CMakeLists.txt that are in the same
directory as the sources they manage, and conceal all the details that that
level.

Child CMakelists.txt become responsible for:

 - include_directories() definition (this is not supported by CMake
   directly, it passes it back up via PARENT_SCOPE vars in helper
   macros)

 - Addition child CMakeLists.txt inclusion, for example toplevel ->
   role -> role subdir

 - Source file addition to the build

 - Dependent library path resolution... this is now a private thing
   in the child CMakeLists.txt, it just passes back any adaptations
   to include_directories() and the LIB_LIST without filling the
   parent namespace with the details
2020-05-27 08:40:12 +01:00
Andy Green
e3d780dac6 gencrypto: windows: warnings
Coming out of increasing number of build variants on windows via Sai
2020-04-12 08:39:27 +01:00
dzakarias
3d8fbdd3ac Added missing PKCS#7 padding/unpadding from AES-CBC in JWE 2020-02-21 17:32:41 +00:00
Andy Green
0bfd39135e cleaning 2020-01-05 22:17:58 +00:00
Andy Green
e1cf534775 jwk: add export option to suppress final CRLF
https://github.com/warmcat/libwebsockets/issues/1746

Adding the final CRLF is a NOP at JSON level, but can disrupt hashing the
JSON if it isn't expecting it.

Add flags to the jwk export so it can be controlled... operation remains
unchanged for old values 0 and 1 but a second flag can be OR-ed to control
issue of final CRLF.
2019-11-04 13:49:13 +00:00
Andy Green
f7149e90c2 cc0: align dedication to CC0 FAQ recommended format
https://libwebsockets.org/pipermail/libwebsockets/2019-April/007937.html

thanks to Bruce Perens for noting it.

This doesn't change the intention or status of the CC0 files, they were
pure CC0 before (ie, public domain) and they are pure CC0 now.  It just
gets rid of the (C) part at the top of the dedication which may be read
to be a bit contradictory since the purpose is to make it public domain.
2019-05-02 09:29:01 +01:00
Andy Green
849b20e594 crypto: openssl: use EVP hmac objects directly 2019-01-29 13:11:17 +08:00
Andy Green
075b59ecaa x509: crypto tool: add alg 2019-01-27 16:25:07 +08:00
Andy Green
ed4db457c9 jwk: crypto tool: add --alg commandline arg 2019-01-27 16:08:34 +08:00
Andy Green
0adc845507 lws-x509: validation functions 2018-12-31 20:35:54 +08:00
Andy Green
21889b53f7 ecdh-es
Mainly JWE support for ecdh-es and initial refactor to support multiple
recipients / signatures.
2018-12-27 06:45:32 +08:00
Andy Green
eda102e397 jwe 2018-12-27 06:45:32 +08:00