1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00
libwebsockets/lib/jose
Andy Green 4db2ff872b cose: keys and signing + validation
Support for COSE keys and signing / validation

 - lws_cose_key_t and import / export / generation apis for EC / RSA / SYMMETRIC

 - cose_sign1 ES256/384/512,RS256/384/512 sign + validate, passes RFC8152 WG tests sign1-tests
 - cose_sign  ES256/384/512,RS256/384/512 sign + validate, passes RFC8152 WG tests sign-tests
 - cose_mac0  HS256/HS256_64/384/512      sign + validate, passes RFC8152 WG tests hmac-examples
 - cose_mac   HS256/HS256_64/384/512             validate, passes RFC8152 WG tests hmac-examples

 - lws-crypto-cose-key commandline tool for key / key set dumping and
   creation
 - lws-crypro-cose-sign commandline tool for signing / validation

 - lws-api-test-cose - large number of test vectors and tests from RFC8152
2021-08-31 05:45:35 +01:00
..
jwe type comparisons: fixes 2021-01-05 10:56:38 +00:00
jwk cose: keys and signing + validation 2021-08-31 05:45:35 +01:00
jws cose: keys and signing + validation 2021-08-31 05:45:35 +01:00
CMakeLists.txt cose: keys and signing + validation 2021-08-31 05:45:35 +01:00
private-lib-jose.h cose: keys and signing + validation 2021-08-31 05:45:35 +01:00
README.md jwe 2018-12-27 06:45:32 +08:00

JOSE support

JOSE is a set of web standards aimed at encapsulating crypto operations flexibly inside JSON objects.

Lws provides lightweight apis to performs operations on JWK, JWS and JWE independent of the tls backend in use. The JSON parsing is handled by the lws lejp stream parser.

Part RFC Function
JWS RFC7515 JSON Web Signatures
JWE RFC7516 JSON Web Encryption
JWK RFC7517 JSON Web Keys
JWA RFC7518 JSON Web Algorithms

JWA is a set of recommendations for which combinations of algorithms are deemed desirable and secure, which implies what must be done for useful implementations of JWS, JWE and JWK.

Supported algorithms

Supported keys

  • All RFC7517 / JWK forms: octet, RSA and EC

  • singleton and keys[] arrays of keys supported

Symmetric ciphers

  • All common AES varaiants: CBC, CFB128, CFB8, CTR, EVB, OFB, KW and XTS

Asymmetric ciphers

  • RSA

  • EC (P-256, P-384 and P-521 JWA curves)

Payload auth and crypt

  • AES_128_CBC_HMAC_SHA_256
  • AES_192_CBC_HMAC_SHA_384
  • AES_256_CBC_HMAC_SHA_512
  • AES_128_GCM

For the required and recommended asymmetric algorithms, support currently looks like this

JWK kty JWA lws
EC Recommended+ yes
RSA Required yes
oct Required yes
JWE alg JWA lws
RSA1_5 Recommended- yes
RSA-OAEP Recommended+ no
ECDH-ES Recommended+ no
JWS alg JWA lws
HS256 Required yes
RS256 Recommended+ yes
ES256 Recommended yes

Minimal Example tools

JWK

JWS

JWE

API tests

See ./minimal-examples/api-tests/api-test-jose/ for example test code. The tests are built and confirmed during CI.