RFC7638: JWK thumbprint

This commit is contained in:
Andy Green 2017-10-28 12:50:39 +08:00
parent 278e520479
commit dbb6c34cf2
2 changed files with 65 additions and 8 deletions

View file

@ -78,8 +78,8 @@ cb_jwk(struct lejp_ctx *ctx, char reason)
return -1;
case JWK_KEY:
if (strcmp(s->keytype, "oct"))
return -1;
// if (strcmp(s->keytype, "oct"))
// return -1;
idx = JWK_KEY_E;
goto read_element1;
@ -98,8 +98,9 @@ cb_jwk(struct lejp_ctx *ctx, char reason)
return 0;
read_element:
if (strcmp(s->keytype, "RSA"))
return -1;
/* kty is no longer first in lex order */
// if (strcmp(s->keytype, "RSA"))
// return -1;
read_element1:
@ -160,7 +161,12 @@ lws_jwk_export(struct lws_jwk *s, int private, char *p, size_t len)
char *start = p, *end = &p[len - 1];
int n, m, limit = LWS_COUNT_RSA_ELEMENTS;
p += lws_snprintf(p, end - p, "{\"kty\":\"%s\",", s->keytype);
/* RFC7638 lexicographic order requires
* RSA: e -> kty -> n
* oct: k -> kty
*/
p += lws_snprintf(p, end - p, "{");
if (!strcmp(s->keytype, "oct")) {
if (!s->el.e[JWK_KEY_E].buf)
@ -176,7 +182,7 @@ lws_jwk_export(struct lws_jwk *s, int private, char *p, size_t len)
}
p += n;
p += lws_snprintf(p, end - p, "\"}");
p += lws_snprintf(p, end - p, "\",\"kty\":\"%s\"}", s->keytype);
return p - start;
}
@ -188,7 +194,8 @@ lws_jwk_export(struct lws_jwk *s, int private, char *p, size_t len)
!s->el.e[JWK_KEY_P].buf ||
!s->el.e[JWK_KEY_Q].buf))
) {
lwsl_notice("%s: not enough elements filled\n", __func__);
lwsl_notice("%s: not enough elements filled\n",
__func__);
return -1;
}
@ -207,11 +214,17 @@ lws_jwk_export(struct lws_jwk *s, int private, char *p, size_t len)
s->el.e[n].len, p,
end - p - 4);
if (m < 0) {
lwsl_notice("%s: enc2 failed inlen %d outlen %d\n", __func__, (int)s->el.e[n].len, (int)(end-p-4));
lwsl_notice("%s: enc fail inlen %d outlen %d\n",
__func__, (int)s->el.e[n].len,
lws_ptr_diff(end, p) - 4);
return -1;
}
p += m;
*p++ = '\"';
if (!n) /* RFC7638 lexicographic order */
p += lws_snprintf(p, end - p, ",\"kty\":\"%s\"",
s->keytype);
}
p += lws_snprintf(p, end - p, "}");
@ -224,6 +237,40 @@ lws_jwk_export(struct lws_jwk *s, int private, char *p, size_t len)
return -1;
}
LWS_VISIBLE int
lws_jwk_rfc7638_fingerprint(struct lws_jwk *s, char *digest32)
{
struct lws_genhash_ctx hash_ctx;
int tmpsize = 2536, n;
char *tmp;
tmp = lws_malloc(tmpsize, "rfc7638 tmp");
n = lws_jwk_export(s, 0, tmp, tmpsize);
if (n < 0)
goto bail;
if (lws_genhash_init(&hash_ctx, LWS_GENHASH_TYPE_SHA256))
goto bail;
if (lws_genhash_update(&hash_ctx, tmp, n)) {
lws_genhash_destroy(&hash_ctx, NULL);
goto bail;
}
lws_free(tmp);
if (lws_genhash_destroy(&hash_ctx, digest32))
return -1;
return 0;
bail:
lws_free(tmp);
return -1;
}
LWS_VISIBLE int
lws_jwk_load(struct lws_jwk *s, const char *filename)
{

View file

@ -1850,6 +1850,16 @@ lws_jwk_load(struct lws_jwk *s, const char *filename);
*/
LWS_VISIBLE int
lws_jwk_save(struct lws_jwk *s, const char *filename);
/** lws_jwk_rfc7638_fingerprint() - jwk to RFC7638 compliant fingerprint
*
* \param s: the JWK object to fingerprint
* \param digest32: buffer to take 32-byte digest
*
* Returns 0 for OK or -1 for failure
*/
LWS_VISIBLE int
lws_jwk_rfc7638_fingerprint(struct lws_jwk *s, char *digest32);
///@}