1d4afb5ceSopenharmony_ci/* 2d4afb5ceSopenharmony_ci * libwebsockets - small server side websockets and web server implementation 3d4afb5ceSopenharmony_ci * 4d4afb5ceSopenharmony_ci * Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com> 5d4afb5ceSopenharmony_ci * 6d4afb5ceSopenharmony_ci * Permission is hereby granted, free of charge, to any person obtaining a copy 7d4afb5ceSopenharmony_ci * of this software and associated documentation files (the "Software"), to 8d4afb5ceSopenharmony_ci * deal in the Software without restriction, including without limitation the 9d4afb5ceSopenharmony_ci * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 10d4afb5ceSopenharmony_ci * sell copies of the Software, and to permit persons to whom the Software is 11d4afb5ceSopenharmony_ci * furnished to do so, subject to the following conditions: 12d4afb5ceSopenharmony_ci * 13d4afb5ceSopenharmony_ci * The above copyright notice and this permission notice shall be included in 14d4afb5ceSopenharmony_ci * all copies or substantial portions of the Software. 15d4afb5ceSopenharmony_ci * 16d4afb5ceSopenharmony_ci * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17d4afb5ceSopenharmony_ci * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18d4afb5ceSopenharmony_ci * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19d4afb5ceSopenharmony_ci * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20d4afb5ceSopenharmony_ci * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 21d4afb5ceSopenharmony_ci * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 22d4afb5ceSopenharmony_ci * IN THE SOFTWARE. 23d4afb5ceSopenharmony_ci */ 24d4afb5ceSopenharmony_ci 25d4afb5ceSopenharmony_ci#include "private-lib-core.h" 26d4afb5ceSopenharmony_ci 27d4afb5ceSopenharmony_ci/* 28d4afb5ceSopenharmony_ci * These came from RFC7518 (JSON Web Algorithms) Section 3 29d4afb5ceSopenharmony_ci * 30d4afb5ceSopenharmony_ci * Cryptographic Algorithms for Digital Signatures and MACs 31d4afb5ceSopenharmony_ci */ 32d4afb5ceSopenharmony_ci 33d4afb5ceSopenharmony_cistatic const struct lws_jose_jwe_alg lws_gencrypto_jws_alg_map[] = { 34d4afb5ceSopenharmony_ci 35d4afb5ceSopenharmony_ci /* 36d4afb5ceSopenharmony_ci * JWSs MAY also be created that do not provide integrity protection. 37d4afb5ceSopenharmony_ci * Such a JWS is called an Unsecured JWS. An Unsecured JWS uses the 38d4afb5ceSopenharmony_ci * "alg" value "none" and is formatted identically to other JWSs, but 39d4afb5ceSopenharmony_ci * MUST use the empty octet sequence as its JWS Signature value. 40d4afb5ceSopenharmony_ci * Recipients MUST verify that the JWS Signature value is the empty 41d4afb5ceSopenharmony_ci * octet sequence. 42d4afb5ceSopenharmony_ci * 43d4afb5ceSopenharmony_ci * Implementations that support Unsecured JWSs MUST NOT accept such 44d4afb5ceSopenharmony_ci * objects as valid unless the application specifies that it is 45d4afb5ceSopenharmony_ci * acceptable for a specific object to not be integrity protected. 46d4afb5ceSopenharmony_ci * Implementations MUST NOT accept Unsecured JWSs by default. In order 47d4afb5ceSopenharmony_ci * to mitigate downgrade attacks, applications MUST NOT signal 48d4afb5ceSopenharmony_ci * acceptance of Unsecured JWSs at a global level, and SHOULD signal 49d4afb5ceSopenharmony_ci * acceptance on a per-object basis. See Section 8.5 for security 50d4afb5ceSopenharmony_ci * considerations associated with using this algorithm. 51d4afb5ceSopenharmony_ci */ 52d4afb5ceSopenharmony_ci { /* optional */ 53d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_UNKNOWN, 54d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 55d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 56d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 57d4afb5ceSopenharmony_ci "none", NULL, 0, 0, 0 58d4afb5ceSopenharmony_ci }, 59d4afb5ceSopenharmony_ci 60d4afb5ceSopenharmony_ci /* 61d4afb5ceSopenharmony_ci * HMAC with SHA-2 Functions 62d4afb5ceSopenharmony_ci * 63d4afb5ceSopenharmony_ci * The HMAC SHA-256 MAC for a JWS is validated by computing an HMAC 64d4afb5ceSopenharmony_ci * value per RFC 2104, using SHA-256 as the hash algorithm "H", using 65d4afb5ceSopenharmony_ci * the received JWS Signing Input as the "text" value, and using the 66d4afb5ceSopenharmony_ci * shared key. This computed HMAC value is then compared to the result 67d4afb5ceSopenharmony_ci * of base64url decoding the received encoded JWS Signature value. The 68d4afb5ceSopenharmony_ci * comparison of the computed HMAC value to the JWS Signature value MUST 69d4afb5ceSopenharmony_ci * be done in a constant-time manner to thwart timing attacks. 70d4afb5ceSopenharmony_ci * 71d4afb5ceSopenharmony_ci * Alternatively, the computed HMAC value can be base64url encoded and 72d4afb5ceSopenharmony_ci * compared to the received encoded JWS Signature value (also in a 73d4afb5ceSopenharmony_ci * constant-time manner), as this comparison produces the same result as 74d4afb5ceSopenharmony_ci * comparing the unencoded values. In either case, if the values match, 75d4afb5ceSopenharmony_ci * the HMAC has been validated. 76d4afb5ceSopenharmony_ci */ 77d4afb5ceSopenharmony_ci 78d4afb5ceSopenharmony_ci { /* required: HMAC using SHA-256 */ 79d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_UNKNOWN, 80d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_SHA256, 81d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 82d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 83d4afb5ceSopenharmony_ci "HS256", NULL, 0, 0, 0 84d4afb5ceSopenharmony_ci }, 85d4afb5ceSopenharmony_ci { /* optional: HMAC using SHA-384 */ 86d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_UNKNOWN, 87d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_SHA384, 88d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 89d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 90d4afb5ceSopenharmony_ci "HS384", NULL, 0, 0, 0 91d4afb5ceSopenharmony_ci }, 92d4afb5ceSopenharmony_ci { /* optional: HMAC using SHA-512 */ 93d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_UNKNOWN, 94d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_SHA512, 95d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 96d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 97d4afb5ceSopenharmony_ci "HS512", NULL, 0, 0, 0 98d4afb5ceSopenharmony_ci }, 99d4afb5ceSopenharmony_ci 100d4afb5ceSopenharmony_ci /* 101d4afb5ceSopenharmony_ci * Digital Signature with RSASSA-PKCS1-v1_5 102d4afb5ceSopenharmony_ci * 103d4afb5ceSopenharmony_ci * This section defines the use of the RSASSA-PKCS1-v1_5 digital 104d4afb5ceSopenharmony_ci * signature algorithm as defined in Section 8.2 of RFC 3447 [RFC3447] 105d4afb5ceSopenharmony_ci * (commonly known as PKCS #1), using SHA-2 [SHS] hash functions. 106d4afb5ceSopenharmony_ci * 107d4afb5ceSopenharmony_ci * A key of size 2048 bits or larger MUST be used with these algorithms. 108d4afb5ceSopenharmony_ci * 109d4afb5ceSopenharmony_ci * The RSASSA-PKCS1-v1_5 SHA-256 digital signature is generated as 110d4afb5ceSopenharmony_ci * follows: generate a digital signature of the JWS Signing Input using 111d4afb5ceSopenharmony_ci * RSASSA-PKCS1-v1_5-SIGN and the SHA-256 hash function with the desired 112d4afb5ceSopenharmony_ci * private key. This is the JWS Signature value. 113d4afb5ceSopenharmony_ci * 114d4afb5ceSopenharmony_ci * The RSASSA-PKCS1-v1_5 SHA-256 digital signature for a JWS is 115d4afb5ceSopenharmony_ci * validated as follows: submit the JWS Signing Input, the JWS 116d4afb5ceSopenharmony_ci * Signature, and the public key corresponding to the private key used 117d4afb5ceSopenharmony_ci * by the signer to the RSASSA-PKCS1-v1_5-VERIFY algorithm using SHA-256 118d4afb5ceSopenharmony_ci * as the hash function. 119d4afb5ceSopenharmony_ci */ 120d4afb5ceSopenharmony_ci 121d4afb5ceSopenharmony_ci { /* recommended: RSASSA-PKCS1-v1_5 using SHA-256 */ 122d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_SHA256, 123d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 124d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_RSASSA_PKCS1_1_5, 125d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 126d4afb5ceSopenharmony_ci "RS256", NULL, 2048, 4096, 0 127d4afb5ceSopenharmony_ci }, 128d4afb5ceSopenharmony_ci { /* optional: RSASSA-PKCS1-v1_5 using SHA-384 */ 129d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_SHA384, 130d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 131d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_RSASSA_PKCS1_1_5, 132d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 133d4afb5ceSopenharmony_ci "RS384", NULL, 2048, 4096, 0 134d4afb5ceSopenharmony_ci }, 135d4afb5ceSopenharmony_ci { /* optional: RSASSA-PKCS1-v1_5 using SHA-512 */ 136d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_SHA512, 137d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 138d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_RSASSA_PKCS1_1_5, 139d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 140d4afb5ceSopenharmony_ci "RS512", NULL, 2048, 4096, 0 141d4afb5ceSopenharmony_ci }, 142d4afb5ceSopenharmony_ci 143d4afb5ceSopenharmony_ci /* 144d4afb5ceSopenharmony_ci * Digital Signature with ECDSA 145d4afb5ceSopenharmony_ci * 146d4afb5ceSopenharmony_ci * The ECDSA P-256 SHA-256 digital signature is generated as follows: 147d4afb5ceSopenharmony_ci * 148d4afb5ceSopenharmony_ci * 1. Generate a digital signature of the JWS Signing Input using ECDSA 149d4afb5ceSopenharmony_ci * P-256 SHA-256 with the desired private key. The output will be 150d4afb5ceSopenharmony_ci * the pair (R, S), where R and S are 256-bit unsigned integers. 151d4afb5ceSopenharmony_ci * 2. Turn R and S into octet sequences in big-endian order, with each 152d4afb5ceSopenharmony_ci * array being be 32 octets long. The octet sequence 153d4afb5ceSopenharmony_ci * representations MUST NOT be shortened to omit any leading zero 154d4afb5ceSopenharmony_ci * octets contained in the values. 155d4afb5ceSopenharmony_ci * 156d4afb5ceSopenharmony_ci * 3. Concatenate the two octet sequences in the order R and then S. 157d4afb5ceSopenharmony_ci * (Note that many ECDSA implementations will directly produce this 158d4afb5ceSopenharmony_ci * concatenation as their output.) 159d4afb5ceSopenharmony_ci * 160d4afb5ceSopenharmony_ci * 4. The resulting 64-octet sequence is the JWS Signature value. 161d4afb5ceSopenharmony_ci * 162d4afb5ceSopenharmony_ci * The ECDSA P-256 SHA-256 digital signature for a JWS is validated as 163d4afb5ceSopenharmony_ci * follows: 164d4afb5ceSopenharmony_ci * 165d4afb5ceSopenharmony_ci * 1. The JWS Signature value MUST be a 64-octet sequence. If it is 166d4afb5ceSopenharmony_ci * not a 64-octet sequence, the validation has failed. 167d4afb5ceSopenharmony_ci * 168d4afb5ceSopenharmony_ci * 2. Split the 64-octet sequence into two 32-octet sequences. The 169d4afb5ceSopenharmony_ci * first octet sequence represents R and the second S. The values R 170d4afb5ceSopenharmony_ci * and S are represented as octet sequences using the Integer-to- 171d4afb5ceSopenharmony_ci * OctetString Conversion defined in Section 2.3.7 of SEC1 [SEC1] 172d4afb5ceSopenharmony_ci * (in big-endian octet order). 173d4afb5ceSopenharmony_ci * 3. Submit the JWS Signing Input, R, S, and the public key (x, y) to 174d4afb5ceSopenharmony_ci * the ECDSA P-256 SHA-256 validator. 175d4afb5ceSopenharmony_ci */ 176d4afb5ceSopenharmony_ci 177d4afb5ceSopenharmony_ci { /* Recommended+: ECDSA using P-256 and SHA-256 */ 178d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_SHA256, 179d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 180d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_ECDSA, 181d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 182d4afb5ceSopenharmony_ci "ES256", "P-256", 256, 256, 0 183d4afb5ceSopenharmony_ci }, 184d4afb5ceSopenharmony_ci { /* optional: ECDSA using P-384 and SHA-384 */ 185d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_SHA384, 186d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 187d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_ECDSA, 188d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 189d4afb5ceSopenharmony_ci "ES384", "P-384", 384, 384, 0 190d4afb5ceSopenharmony_ci }, 191d4afb5ceSopenharmony_ci { /* optional: ECDSA using P-521 and SHA-512 */ 192d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_SHA512, 193d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 194d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_ECDSA, 195d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 196d4afb5ceSopenharmony_ci "ES512", "P-521", 521, 521, 0 197d4afb5ceSopenharmony_ci }, 198d4afb5ceSopenharmony_ci#if 0 199d4afb5ceSopenharmony_ci Not yet supported 200d4afb5ceSopenharmony_ci 201d4afb5ceSopenharmony_ci /* 202d4afb5ceSopenharmony_ci * Digital Signature with RSASSA-PSS 203d4afb5ceSopenharmony_ci * 204d4afb5ceSopenharmony_ci * A key of size 2048 bits or larger MUST be used with this algorithm. 205d4afb5ceSopenharmony_ci * 206d4afb5ceSopenharmony_ci * The RSASSA-PSS SHA-256 digital signature is generated as follows: 207d4afb5ceSopenharmony_ci * generate a digital signature of the JWS Signing Input using RSASSA- 208d4afb5ceSopenharmony_ci * PSS-SIGN, the SHA-256 hash function, and the MGF1 mask generation 209d4afb5ceSopenharmony_ci * function with SHA-256 with the desired private key. This is the JWS 210d4afb5ceSopenharmony_ci * Signature value. 211d4afb5ceSopenharmony_ci * 212d4afb5ceSopenharmony_ci * The RSASSA-PSS SHA-256 digital signature for a JWS is validated as 213d4afb5ceSopenharmony_ci * follows: submit the JWS Signing Input, the JWS Signature, and the 214d4afb5ceSopenharmony_ci * public key corresponding to the private key used by the signer to the 215d4afb5ceSopenharmony_ci * RSASSA-PSS-VERIFY algorithm using SHA-256 as the hash function and 216d4afb5ceSopenharmony_ci * using MGF1 as the mask generation function with SHA-256. 217d4afb5ceSopenharmony_ci * 218d4afb5ceSopenharmony_ci */ 219d4afb5ceSopenharmony_ci { /* optional: RSASSA-PSS using SHA-256 and MGF1 with SHA-256 */ 220d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_SHA256, 221d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 222d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_RSASSA_PKCS1_PSS, 223d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 224d4afb5ceSopenharmony_ci "PS256", NULL, 2048, 4096, 0 225d4afb5ceSopenharmony_ci }, 226d4afb5ceSopenharmony_ci { /* optional: RSASSA-PSS using SHA-384 and MGF1 with SHA-384 */ 227d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_SHA384, 228d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 229d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_RSASSA_PKCS1_PSS, 230d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 231d4afb5ceSopenharmony_ci "PS384", NULL, 2048, 4096, 0 232d4afb5ceSopenharmony_ci }, 233d4afb5ceSopenharmony_ci { /* optional: RSASSA-PSS using SHA-512 and MGF1 with SHA-512*/ 234d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_SHA512, 235d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 236d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_RSASSA_PKCS1_PSS, 237d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 238d4afb5ceSopenharmony_ci "PS512", NULL, 2048, 4096, 0 239d4afb5ceSopenharmony_ci }, 240d4afb5ceSopenharmony_ci#endif 241d4afb5ceSopenharmony_ci /* list terminator */ 242d4afb5ceSopenharmony_ci { 0, 0, 0, 0, NULL, NULL, 0, 0, 0} 243d4afb5ceSopenharmony_ci}; 244d4afb5ceSopenharmony_ci 245d4afb5ceSopenharmony_ci/* 246d4afb5ceSopenharmony_ci * These came from RFC7518 (JSON Web Algorithms) Section 4 247d4afb5ceSopenharmony_ci * 248d4afb5ceSopenharmony_ci * Cryptographic Algorithms for Key Management 249d4afb5ceSopenharmony_ci * 250d4afb5ceSopenharmony_ci * JWE uses cryptographic algorithms to encrypt or determine the Content 251d4afb5ceSopenharmony_ci * Encryption Key (CEK). 252d4afb5ceSopenharmony_ci */ 253d4afb5ceSopenharmony_ci 254d4afb5ceSopenharmony_cistatic const struct lws_jose_jwe_alg lws_gencrypto_jwe_alg_map[] = { 255d4afb5ceSopenharmony_ci 256d4afb5ceSopenharmony_ci /* 257d4afb5ceSopenharmony_ci * This section defines the specifics of encrypting a JWE CEK with 258d4afb5ceSopenharmony_ci * RSAES-PKCS1-v1_5 [RFC3447]. The "alg" (algorithm) Header Parameter 259d4afb5ceSopenharmony_ci * value "RSA1_5" is used for this algorithm. 260d4afb5ceSopenharmony_ci * 261d4afb5ceSopenharmony_ci * A key of size 2048 bits or larger MUST be used with this algorithm. 262d4afb5ceSopenharmony_ci */ 263d4afb5ceSopenharmony_ci 264d4afb5ceSopenharmony_ci { /* recommended-: RSAES-PKCS1-v1_5 */ 265d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_SHA256, 266d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 267d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_RSASSA_PKCS1_1_5, 268d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 269d4afb5ceSopenharmony_ci "RSA1_5", NULL, 2048, 4096, 0 270d4afb5ceSopenharmony_ci }, 271d4afb5ceSopenharmony_ci { /* recommended+: RSAES OAEP using default parameters */ 272d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_SHA1, 273d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 274d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_RSASSA_PKCS1_OAEP, 275d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 276d4afb5ceSopenharmony_ci "RSA-OAEP", NULL, 2048, 4096, 0 277d4afb5ceSopenharmony_ci }, 278d4afb5ceSopenharmony_ci { /* recommended+: RSAES OAEP using SHA-256 and MGF1 SHA-256 */ 279d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_SHA256, 280d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 281d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_RSASSA_PKCS1_OAEP, 282d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 283d4afb5ceSopenharmony_ci "RSA-OAEP-256", NULL, 2048, 4096, 0 284d4afb5ceSopenharmony_ci }, 285d4afb5ceSopenharmony_ci 286d4afb5ceSopenharmony_ci /* 287d4afb5ceSopenharmony_ci * Key Wrapping with AES Key Wrap 288d4afb5ceSopenharmony_ci * 289d4afb5ceSopenharmony_ci * This section defines the specifics of encrypting a JWE CEK with the 290d4afb5ceSopenharmony_ci * Advanced Encryption Standard (AES) Key Wrap Algorithm [RFC3394] using 291d4afb5ceSopenharmony_ci * the default initial value specified in Section 2.2.3.1 of that 292d4afb5ceSopenharmony_ci * document. 293d4afb5ceSopenharmony_ci * 294d4afb5ceSopenharmony_ci * 295d4afb5ceSopenharmony_ci */ 296d4afb5ceSopenharmony_ci { /* recommended: AES Key Wrap with AES Key Wrap with defaults 297d4afb5ceSopenharmony_ci using 128-bit key */ 298d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_UNKNOWN, 299d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 300d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_AES_ECB, 301d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 302d4afb5ceSopenharmony_ci "A128KW", NULL, 128, 128, 64 303d4afb5ceSopenharmony_ci }, 304d4afb5ceSopenharmony_ci 305d4afb5ceSopenharmony_ci { /* optional: AES Key Wrap with AES Key Wrap with defaults 306d4afb5ceSopenharmony_ci using 192-bit key */ 307d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_UNKNOWN, 308d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 309d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_AES_ECB, 310d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 311d4afb5ceSopenharmony_ci "A192KW", NULL, 192, 192, 64 312d4afb5ceSopenharmony_ci }, 313d4afb5ceSopenharmony_ci 314d4afb5ceSopenharmony_ci { /* recommended: AES Key Wrap with AES Key Wrap with defaults 315d4afb5ceSopenharmony_ci using 256-bit key */ 316d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_UNKNOWN, 317d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 318d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_AES_ECB, 319d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 320d4afb5ceSopenharmony_ci "A256KW", NULL, 256, 256, 64 321d4afb5ceSopenharmony_ci }, 322d4afb5ceSopenharmony_ci 323d4afb5ceSopenharmony_ci /* 324d4afb5ceSopenharmony_ci * This section defines the specifics of directly performing symmetric 325d4afb5ceSopenharmony_ci * key encryption without performing a key wrapping step. In this case, 326d4afb5ceSopenharmony_ci * the shared symmetric key is used directly as the Content Encryption 327d4afb5ceSopenharmony_ci * Key (CEK) value for the "enc" algorithm. An empty octet sequence is 328d4afb5ceSopenharmony_ci * used as the JWE Encrypted Key value. The "alg" (algorithm) Header 329d4afb5ceSopenharmony_ci * Parameter value "dir" is used in this case. 330d4afb5ceSopenharmony_ci */ 331d4afb5ceSopenharmony_ci { /* recommended */ 332d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_UNKNOWN, 333d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 334d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 335d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 336d4afb5ceSopenharmony_ci "dir", NULL, 0, 0, 0 337d4afb5ceSopenharmony_ci }, 338d4afb5ceSopenharmony_ci 339d4afb5ceSopenharmony_ci /* 340d4afb5ceSopenharmony_ci * Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static 341d4afb5ceSopenharmony_ci * (ECDH-ES) 342d4afb5ceSopenharmony_ci * 343d4afb5ceSopenharmony_ci * This section defines the specifics of key agreement with Elliptic 344d4afb5ceSopenharmony_ci * Curve Diffie-Hellman Ephemeral Static [RFC6090], in combination with 345d4afb5ceSopenharmony_ci * the Concat KDF, as defined in Section 5.8.1 of [NIST.800-56A]. The 346d4afb5ceSopenharmony_ci * key agreement result can be used in one of two ways: 347d4afb5ceSopenharmony_ci * 348d4afb5ceSopenharmony_ci * 1. directly as the Content Encryption Key (CEK) for the "enc" 349d4afb5ceSopenharmony_ci * algorithm, in the Direct Key Agreement mode, or 350d4afb5ceSopenharmony_ci * 351d4afb5ceSopenharmony_ci * 2. as a symmetric key used to wrap the CEK with the "A128KW", 352d4afb5ceSopenharmony_ci * "A192KW", or "A256KW" algorithms, in the Key Agreement with Key 353d4afb5ceSopenharmony_ci * Wrapping mode. 354d4afb5ceSopenharmony_ci * 355d4afb5ceSopenharmony_ci * A new ephemeral public key value MUST be generated for each key 356d4afb5ceSopenharmony_ci * agreement operation. 357d4afb5ceSopenharmony_ci * 358d4afb5ceSopenharmony_ci * In Direct Key Agreement mode, the output of the Concat KDF MUST be a 359d4afb5ceSopenharmony_ci * key of the same length as that used by the "enc" algorithm. In this 360d4afb5ceSopenharmony_ci * case, the empty octet sequence is used as the JWE Encrypted Key 361d4afb5ceSopenharmony_ci * value. The "alg" (algorithm) Header Parameter value "ECDH-ES" is 362d4afb5ceSopenharmony_ci * used in the Direct Key Agreement mode. 363d4afb5ceSopenharmony_ci * 364d4afb5ceSopenharmony_ci * In Key Agreement with Key Wrapping mode, the output of the Concat KDF 365d4afb5ceSopenharmony_ci * MUST be a key of the length needed for the specified key wrapping 366d4afb5ceSopenharmony_ci * algorithm. In this case, the JWE Encrypted Key is the CEK wrapped 367d4afb5ceSopenharmony_ci * with the agreed-upon key. 368d4afb5ceSopenharmony_ci */ 369d4afb5ceSopenharmony_ci 370d4afb5ceSopenharmony_ci { /* recommended+: ECDH Ephemeral Static Key agreement Concat KDF */ 371d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_SHA256, 372d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 373d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_ECDHES, 374d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 375d4afb5ceSopenharmony_ci "ECDH-ES", NULL, 128, 128, 0 376d4afb5ceSopenharmony_ci }, 377d4afb5ceSopenharmony_ci { /* recommended: ECDH-ES + Concat KDF + wrapped by AES128KW */ 378d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_SHA256, 379d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 380d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_ECDHES, 381d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_AES_ECB, 382d4afb5ceSopenharmony_ci "ECDH-ES+A128KW", NULL, 128, 128, 0 383d4afb5ceSopenharmony_ci }, 384d4afb5ceSopenharmony_ci { /* optional: ECDH-ES + Concat KDF + wrapped by AES192KW */ 385d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_SHA256, 386d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 387d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_ECDHES, 388d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_AES_ECB, 389d4afb5ceSopenharmony_ci "ECDH-ES+A192KW", NULL, 192, 192, 0 390d4afb5ceSopenharmony_ci }, 391d4afb5ceSopenharmony_ci { /* recommended: ECDH-ES + Concat KDF + wrapped by AES256KW */ 392d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_SHA256, 393d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 394d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_ECDHES, 395d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_AES_ECB, 396d4afb5ceSopenharmony_ci "ECDH-ES+A256KW", NULL, 256, 256, 0 397d4afb5ceSopenharmony_ci }, 398d4afb5ceSopenharmony_ci 399d4afb5ceSopenharmony_ci /* 400d4afb5ceSopenharmony_ci * Key Encryption with AES GCM 401d4afb5ceSopenharmony_ci * 402d4afb5ceSopenharmony_ci * This section defines the specifics of encrypting a JWE Content 403d4afb5ceSopenharmony_ci * Encryption Key (CEK) with Advanced Encryption Standard (AES) in 404d4afb5ceSopenharmony_ci * Galois/Counter Mode (GCM) ([AES] and [NIST.800-38D]). 405d4afb5ceSopenharmony_ci * 406d4afb5ceSopenharmony_ci * Use of an Initialization Vector (IV) of size 96 bits is REQUIRED with 407d4afb5ceSopenharmony_ci * this algorithm. The IV is represented in base64url-encoded form as 408d4afb5ceSopenharmony_ci * the "iv" (initialization vector) Header Parameter value. 409d4afb5ceSopenharmony_ci * 410d4afb5ceSopenharmony_ci * The Additional Authenticated Data value used is the empty octet 411d4afb5ceSopenharmony_ci * string. 412d4afb5ceSopenharmony_ci * 413d4afb5ceSopenharmony_ci * The requested size of the Authentication Tag output MUST be 128 bits, 414d4afb5ceSopenharmony_ci * regardless of the key size. 415d4afb5ceSopenharmony_ci * 416d4afb5ceSopenharmony_ci * The JWE Encrypted Key value is the ciphertext output. 417d4afb5ceSopenharmony_ci * 418d4afb5ceSopenharmony_ci * The Authentication Tag output is represented in base64url-encoded 419d4afb5ceSopenharmony_ci * form as the "tag" (authentication tag) Header Parameter value. 420d4afb5ceSopenharmony_ci * 421d4afb5ceSopenharmony_ci * 422d4afb5ceSopenharmony_ci * "iv" (Initialization Vector) Header Parameter 423d4afb5ceSopenharmony_ci * 424d4afb5ceSopenharmony_ci * The "iv" (initialization vector) Header Parameter value is the 425d4afb5ceSopenharmony_ci * base64url-encoded representation of the 96-bit IV value used for the 426d4afb5ceSopenharmony_ci * key encryption operation. This Header Parameter MUST be present and 427d4afb5ceSopenharmony_ci * MUST be understood and processed by implementations when these 428d4afb5ceSopenharmony_ci * algorithms are used. 429d4afb5ceSopenharmony_ci * 430d4afb5ceSopenharmony_ci * "tag" (Authentication Tag) Header Parameter 431d4afb5ceSopenharmony_ci * 432d4afb5ceSopenharmony_ci * The "tag" (authentication tag) Header Parameter value is the 433d4afb5ceSopenharmony_ci * base64url-encoded representation of the 128-bit Authentication Tag 434d4afb5ceSopenharmony_ci * value resulting from the key encryption operation. This Header 435d4afb5ceSopenharmony_ci * Parameter MUST be present and MUST be understood and processed by 436d4afb5ceSopenharmony_ci * implementations when these algorithms are used. 437d4afb5ceSopenharmony_ci */ 438d4afb5ceSopenharmony_ci { /* optional: Key wrapping with AES GCM using 128-bit key */ 439d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_UNKNOWN, 440d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 441d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_AES_ECB, 442d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 443d4afb5ceSopenharmony_ci "A128GCMKW", NULL, 128, 128, 96 444d4afb5ceSopenharmony_ci }, 445d4afb5ceSopenharmony_ci 446d4afb5ceSopenharmony_ci { /* optional: Key wrapping with AES GCM using 192-bit key */ 447d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_UNKNOWN, 448d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 449d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_AES_ECB, 450d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 451d4afb5ceSopenharmony_ci "A192GCMKW", NULL, 192, 192, 96 452d4afb5ceSopenharmony_ci }, 453d4afb5ceSopenharmony_ci 454d4afb5ceSopenharmony_ci { /* optional: Key wrapping with AES GCM using 256-bit key */ 455d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_UNKNOWN, 456d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 457d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_AES_ECB, 458d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 459d4afb5ceSopenharmony_ci "A256GCMKW", NULL, 256, 256, 96 460d4afb5ceSopenharmony_ci }, 461d4afb5ceSopenharmony_ci 462d4afb5ceSopenharmony_ci /* list terminator */ 463d4afb5ceSopenharmony_ci { 0, 0, 0, 0, NULL, NULL, 0, 0, 0 } 464d4afb5ceSopenharmony_ci}; 465d4afb5ceSopenharmony_ci 466d4afb5ceSopenharmony_ci/* 467d4afb5ceSopenharmony_ci * The "enc" (encryption algorithm) Header Parameter identifies the 468d4afb5ceSopenharmony_ci * content encryption algorithm used to perform authenticated encryption 469d4afb5ceSopenharmony_ci * on the plaintext to produce the ciphertext and the Authentication 470d4afb5ceSopenharmony_ci * Tag. This algorithm MUST be an AEAD algorithm with a specified key 471d4afb5ceSopenharmony_ci * length. The encrypted content is not usable if the "enc" value does 472d4afb5ceSopenharmony_ci * not represent a supported algorithm. "enc" values should either be 473d4afb5ceSopenharmony_ci * registered in the IANA "JSON Web Signature and Encryption Algorithms" 474d4afb5ceSopenharmony_ci * registry established by [JWA] or be a value that contains a 475d4afb5ceSopenharmony_ci * Collision-Resistant Name. The "enc" value is a case-sensitive ASCII 476d4afb5ceSopenharmony_ci * string containing a StringOrURI value. This Header Parameter MUST be 477d4afb5ceSopenharmony_ci * present and MUST be understood and processed by implementations. 478d4afb5ceSopenharmony_ci */ 479d4afb5ceSopenharmony_ci 480d4afb5ceSopenharmony_cistatic const struct lws_jose_jwe_alg lws_gencrypto_jwe_enc_map[] = { 481d4afb5ceSopenharmony_ci /* 482d4afb5ceSopenharmony_ci * AES_128_CBC_HMAC_SHA_256 / 512 483d4afb5ceSopenharmony_ci * 484d4afb5ceSopenharmony_ci * It uses the HMAC message authentication code [RFC2104] with the 485d4afb5ceSopenharmony_ci * SHA-256 hash function [SHS] to provide message authentication, with 486d4afb5ceSopenharmony_ci * the HMAC output truncated to 128 bits, corresponding to the 487d4afb5ceSopenharmony_ci * HMAC-SHA-256-128 algorithm defined in [RFC4868]. For encryption, it 488d4afb5ceSopenharmony_ci * uses AES in the CBC mode of operation as defined in Section 6.2 of 489d4afb5ceSopenharmony_ci * [NIST.800-38A], with PKCS #7 padding and a 128-bit IV value. 490d4afb5ceSopenharmony_ci * 491d4afb5ceSopenharmony_ci * The AES_CBC_HMAC_SHA2 parameters specific to AES_128_CBC_HMAC_SHA_256 492d4afb5ceSopenharmony_ci * are: 493d4afb5ceSopenharmony_ci * 494d4afb5ceSopenharmony_ci * The input key K is 32 octets long. 495d4afb5ceSopenharmony_ci * ENC_KEY_LEN is 16 octets. 496d4afb5ceSopenharmony_ci * MAC_KEY_LEN is 16 octets. 497d4afb5ceSopenharmony_ci * The SHA-256 hash algorithm is used for the HMAC. 498d4afb5ceSopenharmony_ci * The HMAC-SHA-256 output is truncated to T_LEN=16 octets, by 499d4afb5ceSopenharmony_ci * stripping off the final 16 octets. 500d4afb5ceSopenharmony_ci */ 501d4afb5ceSopenharmony_ci { /* required */ 502d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_UNKNOWN, 503d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_SHA256, 504d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 505d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_AES_CBC, 506d4afb5ceSopenharmony_ci "A128CBC-HS256", NULL, 256, 256, 128 507d4afb5ceSopenharmony_ci }, 508d4afb5ceSopenharmony_ci /* 509d4afb5ceSopenharmony_ci * AES_192_CBC_HMAC_SHA_384 is based on AES_128_CBC_HMAC_SHA_256, but 510d4afb5ceSopenharmony_ci * with the following differences: 511d4afb5ceSopenharmony_ci * 512d4afb5ceSopenharmony_ci * The input key K is 48 octets long instead of 32. 513d4afb5ceSopenharmony_ci * ENC_KEY_LEN is 24 octets instead of 16. 514d4afb5ceSopenharmony_ci * MAC_KEY_LEN is 24 octets instead of 16. 515d4afb5ceSopenharmony_ci * SHA-384 is used for the HMAC instead of SHA-256. 516d4afb5ceSopenharmony_ci * The HMAC SHA-384 value is truncated to T_LEN=24 octets instead of 16. 517d4afb5ceSopenharmony_ci */ 518d4afb5ceSopenharmony_ci { /* required */ 519d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_UNKNOWN, 520d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_SHA384, 521d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 522d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_AES_CBC, 523d4afb5ceSopenharmony_ci "A192CBC-HS384", NULL, 384, 384, 192 524d4afb5ceSopenharmony_ci }, 525d4afb5ceSopenharmony_ci /* 526d4afb5ceSopenharmony_ci * AES_256_CBC_HMAC_SHA_512 is based on AES_128_CBC_HMAC_SHA_256, but 527d4afb5ceSopenharmony_ci * with the following differences: 528d4afb5ceSopenharmony_ci * 529d4afb5ceSopenharmony_ci * The input key K is 64 octets long instead of 32. 530d4afb5ceSopenharmony_ci * ENC_KEY_LEN is 32 octets instead of 16. 531d4afb5ceSopenharmony_ci * MAC_KEY_LEN is 32 octets instead of 16. 532d4afb5ceSopenharmony_ci * SHA-512 is used for the HMAC instead of SHA-256. 533d4afb5ceSopenharmony_ci * The HMAC SHA-512 value is truncated to T_LEN=32 octets instead of 16. 534d4afb5ceSopenharmony_ci */ 535d4afb5ceSopenharmony_ci { /* required */ 536d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_UNKNOWN, 537d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_SHA512, 538d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 539d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_AES_CBC, 540d4afb5ceSopenharmony_ci "A256CBC-HS512", NULL, 512, 512, 256 541d4afb5ceSopenharmony_ci }, 542d4afb5ceSopenharmony_ci 543d4afb5ceSopenharmony_ci /* 544d4afb5ceSopenharmony_ci * The CEK is used as the encryption key. 545d4afb5ceSopenharmony_ci * 546d4afb5ceSopenharmony_ci * Use of an IV of size 96 bits is REQUIRED with this algorithm. 547d4afb5ceSopenharmony_ci * 548d4afb5ceSopenharmony_ci * The requested size of the Authentication Tag output MUST be 128 bits, 549d4afb5ceSopenharmony_ci * regardless of the key size. 550d4afb5ceSopenharmony_ci */ 551d4afb5ceSopenharmony_ci { /* recommended: AES GCM using 128-bit key */ 552d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_UNKNOWN, 553d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 554d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 555d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_AES_GCM, 556d4afb5ceSopenharmony_ci "A128GCM", NULL, 128, 128, 96 557d4afb5ceSopenharmony_ci }, 558d4afb5ceSopenharmony_ci { /* optional: AES GCM using 192-bit key */ 559d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_UNKNOWN, 560d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 561d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 562d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_AES_GCM, 563d4afb5ceSopenharmony_ci "A192GCM", NULL, 192, 192, 96 564d4afb5ceSopenharmony_ci }, 565d4afb5ceSopenharmony_ci { /* recommended: AES GCM using 256-bit key */ 566d4afb5ceSopenharmony_ci LWS_GENHASH_TYPE_UNKNOWN, 567d4afb5ceSopenharmony_ci LWS_GENHMAC_TYPE_UNKNOWN, 568d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_NONE, 569d4afb5ceSopenharmony_ci LWS_JOSE_ENCTYPE_AES_GCM, 570d4afb5ceSopenharmony_ci "A256GCM", NULL, 256, 256, 96 571d4afb5ceSopenharmony_ci }, 572d4afb5ceSopenharmony_ci { 0, 0, 0, 0, NULL, NULL, 0, 0, 0 } /* sentinel */ 573d4afb5ceSopenharmony_ci}; 574d4afb5ceSopenharmony_ci 575d4afb5ceSopenharmony_ciint 576d4afb5ceSopenharmony_cilws_gencrypto_jws_alg_to_definition(const char *alg, 577d4afb5ceSopenharmony_ci const struct lws_jose_jwe_alg **jose) 578d4afb5ceSopenharmony_ci{ 579d4afb5ceSopenharmony_ci const struct lws_jose_jwe_alg *a = lws_gencrypto_jws_alg_map; 580d4afb5ceSopenharmony_ci 581d4afb5ceSopenharmony_ci while (a->alg) { 582d4afb5ceSopenharmony_ci if (!strcmp(alg, a->alg)) { 583d4afb5ceSopenharmony_ci *jose = a; 584d4afb5ceSopenharmony_ci 585d4afb5ceSopenharmony_ci return 0; 586d4afb5ceSopenharmony_ci } 587d4afb5ceSopenharmony_ci a++; 588d4afb5ceSopenharmony_ci } 589d4afb5ceSopenharmony_ci 590d4afb5ceSopenharmony_ci return 1; 591d4afb5ceSopenharmony_ci} 592d4afb5ceSopenharmony_ci 593d4afb5ceSopenharmony_ciint 594d4afb5ceSopenharmony_cilws_gencrypto_jwe_alg_to_definition(const char *alg, 595d4afb5ceSopenharmony_ci const struct lws_jose_jwe_alg **jose) 596d4afb5ceSopenharmony_ci{ 597d4afb5ceSopenharmony_ci const struct lws_jose_jwe_alg *a = lws_gencrypto_jwe_alg_map; 598d4afb5ceSopenharmony_ci 599d4afb5ceSopenharmony_ci while (a->alg) { 600d4afb5ceSopenharmony_ci if (!strcmp(alg, a->alg)) { 601d4afb5ceSopenharmony_ci *jose = a; 602d4afb5ceSopenharmony_ci 603d4afb5ceSopenharmony_ci return 0; 604d4afb5ceSopenharmony_ci } 605d4afb5ceSopenharmony_ci a++; 606d4afb5ceSopenharmony_ci } 607d4afb5ceSopenharmony_ci 608d4afb5ceSopenharmony_ci return 1; 609d4afb5ceSopenharmony_ci} 610d4afb5ceSopenharmony_ci 611d4afb5ceSopenharmony_ciint 612d4afb5ceSopenharmony_cilws_gencrypto_jwe_enc_to_definition(const char *enc, 613d4afb5ceSopenharmony_ci const struct lws_jose_jwe_alg **jose) 614d4afb5ceSopenharmony_ci{ 615d4afb5ceSopenharmony_ci const struct lws_jose_jwe_alg *e = lws_gencrypto_jwe_enc_map; 616d4afb5ceSopenharmony_ci 617d4afb5ceSopenharmony_ci while (e->alg) { 618d4afb5ceSopenharmony_ci if (!strcmp(enc, e->alg)) { 619d4afb5ceSopenharmony_ci *jose = e; 620d4afb5ceSopenharmony_ci 621d4afb5ceSopenharmony_ci return 0; 622d4afb5ceSopenharmony_ci } 623d4afb5ceSopenharmony_ci e++; 624d4afb5ceSopenharmony_ci } 625d4afb5ceSopenharmony_ci 626d4afb5ceSopenharmony_ci return 1; 627d4afb5ceSopenharmony_ci} 628d4afb5ceSopenharmony_ci 629d4afb5ceSopenharmony_cisize_t 630d4afb5ceSopenharmony_cilws_genhash_size(enum lws_genhash_types type) 631d4afb5ceSopenharmony_ci{ 632d4afb5ceSopenharmony_ci switch(type) { 633d4afb5ceSopenharmony_ci case LWS_GENHASH_TYPE_UNKNOWN: 634d4afb5ceSopenharmony_ci return 0; 635d4afb5ceSopenharmony_ci case LWS_GENHASH_TYPE_MD5: 636d4afb5ceSopenharmony_ci return 16; 637d4afb5ceSopenharmony_ci case LWS_GENHASH_TYPE_SHA1: 638d4afb5ceSopenharmony_ci return 20; 639d4afb5ceSopenharmony_ci case LWS_GENHASH_TYPE_SHA256: 640d4afb5ceSopenharmony_ci return 32; 641d4afb5ceSopenharmony_ci case LWS_GENHASH_TYPE_SHA384: 642d4afb5ceSopenharmony_ci return 48; 643d4afb5ceSopenharmony_ci case LWS_GENHASH_TYPE_SHA512: 644d4afb5ceSopenharmony_ci return 64; 645d4afb5ceSopenharmony_ci } 646d4afb5ceSopenharmony_ci 647d4afb5ceSopenharmony_ci return 0; 648d4afb5ceSopenharmony_ci} 649d4afb5ceSopenharmony_ci 650d4afb5ceSopenharmony_cisize_t 651d4afb5ceSopenharmony_cilws_genhmac_size(enum lws_genhmac_types type) 652d4afb5ceSopenharmony_ci{ 653d4afb5ceSopenharmony_ci switch(type) { 654d4afb5ceSopenharmony_ci case LWS_GENHMAC_TYPE_UNKNOWN: 655d4afb5ceSopenharmony_ci return 0; 656d4afb5ceSopenharmony_ci case LWS_GENHMAC_TYPE_SHA256: 657d4afb5ceSopenharmony_ci return 32; 658d4afb5ceSopenharmony_ci case LWS_GENHMAC_TYPE_SHA384: 659d4afb5ceSopenharmony_ci return 48; 660d4afb5ceSopenharmony_ci case LWS_GENHMAC_TYPE_SHA512: 661d4afb5ceSopenharmony_ci return 64; 662d4afb5ceSopenharmony_ci } 663d4afb5ceSopenharmony_ci 664d4afb5ceSopenharmony_ci return 0; 665d4afb5ceSopenharmony_ci} 666d4afb5ceSopenharmony_ci 667d4afb5ceSopenharmony_ciint 668d4afb5ceSopenharmony_cilws_gencrypto_bits_to_bytes(int bits) 669d4afb5ceSopenharmony_ci{ 670d4afb5ceSopenharmony_ci if (bits & 7) 671d4afb5ceSopenharmony_ci return (bits / 8) + 1; 672d4afb5ceSopenharmony_ci 673d4afb5ceSopenharmony_ci return bits / 8; 674d4afb5ceSopenharmony_ci} 675d4afb5ceSopenharmony_ci 676d4afb5ceSopenharmony_ciint 677d4afb5ceSopenharmony_cilws_base64_size(int bytes) 678d4afb5ceSopenharmony_ci{ 679d4afb5ceSopenharmony_ci return ((bytes * 4) / 3) + 6; 680d4afb5ceSopenharmony_ci} 681d4afb5ceSopenharmony_ci 682d4afb5ceSopenharmony_civoid 683d4afb5ceSopenharmony_cilws_gencrypto_destroy_elements(struct lws_gencrypto_keyelem *el, int m) 684d4afb5ceSopenharmony_ci{ 685d4afb5ceSopenharmony_ci int n; 686d4afb5ceSopenharmony_ci 687d4afb5ceSopenharmony_ci for (n = 0; n < m; n++) 688d4afb5ceSopenharmony_ci if (el[n].buf) 689d4afb5ceSopenharmony_ci lws_free_set_NULL(el[n].buf); 690d4afb5ceSopenharmony_ci} 691d4afb5ceSopenharmony_ci 692d4afb5ceSopenharmony_cisize_t lws_gencrypto_padded_length(size_t pad_block_size, size_t len) 693d4afb5ceSopenharmony_ci{ 694d4afb5ceSopenharmony_ci return (len / pad_block_size + 1) * pad_block_size; 695d4afb5ceSopenharmony_ci} 696