Google Git
Sign in
android / platform / external / libwebsockets / refs/heads/android13-d1-s3-release / . / minimal-examples / api-tests / api-test-jose / jwe.c
blob: e403b2d37acadef57b491457b5167f83d2a69f46 [file] [log] [blame] [edit]
/*
* lws-api-test-jose - RFC7516 jwe tests
*
* Written in 2010-2020 by Andy Green <[email protected]>
*
* This file is made available under the Creative Commons CC0 1.0
* Universal Public Domain Dedication.
*/
#include <libwebsockets.h>
/*
* These are the inputs and outputs from the worked example in RFC7516
* Appendix A.1 {"alg":"RSA-OAEP","enc":"A256GCM"}
*/
static char
*ex_a1_ptext =
"The true sign of intelligence is not knowledge but imagination.",
*ex_a1_compact =
"eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ."
"OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe"
"ipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDb"
"Sv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaV"
"mqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je8"
"1860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi"
"6UklfCpIMfIjf7iGdXKHzg."
"48V1_ALb6US04U3b."
"5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6ji"
"SdiwkIr3ajwQzaBtQD_A."
"XFBoMYUZodetZdvTiFvSkQ",
*ex_a1_jwk_json =
"{\"kty\":\"RSA\","
"\"n\":\"oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW"
"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S"
"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a"
"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS"
"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj"
"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw\","
"\"e\":\"AQAB\","
"\"d\":\"kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N"
"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9"
"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk"
"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl"
"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd"
"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ\","
"\"p\":\"1r52Xk46c-LsfB5P442p7atdPUrxQSy4mti_tZI3Mgf2EuFVbUoDBvaRQ-"
"SWxkbkmoEzL7JXroSBjSrK3YIQgYdMgyAEPTPjXv_hI2_1eTSPVZfzL0lf"
"fNn03IXqWF5MDFuoUYE0hzb2vhrlN_rKrbfDIwUbTrjjgieRbwC6Cl0\","
"\"q\":\"wLb35x7hmQWZsWJmB_vle87ihgZ19S8lBEROLIsZG4ayZVe9Hi9gDVCOBm"
"UDdaDYVTSNx_8Fyw1YYa9XGrGnDew00J28cRUoeBB_jKI1oma0Orv1T9aX"
"IWxKwd4gvxFImOWr3QRL9KEBRzk2RatUBnmDZJTIAfwTs0g68UZHvtc\","
"\"dp\":\"ZK-YwE7diUh0qR1tR7w8WHtolDx3MZ_OTowiFvgfeQ3SiresXjm9gZ5KL"
"hMXvo-uz-KUJWDxS5pFQ_M0evdo1dKiRTjVw_x4NyqyXPM5nULPkcpU827"
"rnpZzAJKpdhWAgqrXGKAECQH0Xt4taznjnd_zVpAmZZq60WPMBMfKcuE\","
"\"dq\":\"Dq0gfgJ1DdFGXiLvQEZnuKEN0UUmsJBxkjydc3j4ZYdBiMRAy86x0vHCj"
"ywcMlYYg4yoC4YZa9hNVcsjqA3FeiL19rk8g6Qn29Tt0cj8qqyFpz9vNDB"
"UfCAiJVeESOjJDZPYHdHY8v1b-o-Z2X5tvLx-TCekf7oxyeKDUqKWjis\","
"\"qi\":\"VIMpMYbPf47dT1w_zDUXfPimsSegnMOA1zTaX7aGk_8urY6R8-ZW1FxU7"
"AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3"
"eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY\""
"}"
;
static int
test_jwe_a1(struct lws_context *context)
{
struct lws_jwe jwe;
char temp[2048], compact[2048];
int n, ret = -1, temp_len = sizeof(temp);
lws_jwe_init(&jwe, context);
if (lws_jwk_import(&jwe.jwk, NULL, NULL, ex_a1_jwk_json,
strlen(ex_a1_jwk_json)) < 0) {
lwsl_notice("%s: Failed to decode JWK test key\n", __func__);
goto bail;
}
/* converts a compact serialization to jws b64 + decoded maps */
if (lws_jws_compact_decode(ex_a1_compact, (int)strlen(ex_a1_compact),
&jwe.jws.map, &jwe.jws.map_b64, temp,
&temp_len) != 5) {
lwsl_err("%s: lws_jws_compact_decode failed\n", __func__);
goto bail;
}
n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len),
&temp_len);
if (n < 0) {
lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n",
__func__);
goto bail;
}
/* allowing for trailing padding, confirm the plaintext */
if (jwe.jws.map.len[LJWE_CTXT] < strlen(ex_a1_ptext) ||
lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT], ex_a1_ptext,
(uint32_t)strlen(ex_a1_ptext))) {
lwsl_err("%s: plaintext AES decrypt wrong\n", __func__);
lwsl_hexdump_notice(ex_a1_ptext, strlen(ex_a1_ptext));
lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT],
jwe.jws.map.len[LJWE_CTXT]);
goto bail;
}
/*
* Canned decrypt worked properly... let's also try encoding the
* plaintext ourselves and decoding that...
*/
lws_jwe_destroy(&jwe);
temp_len = sizeof(temp);
lws_jwe_init(&jwe, context);
if (lws_jwk_import(&jwe.jwk, NULL, NULL, ex_a1_jwk_json,
strlen(ex_a1_jwk_json)) < 0) {
lwsl_notice("%s: Failed to decode JWK test key\n", __func__);
goto bail;
}
if (lws_gencrypto_jwe_alg_to_definition("RSA-OAEP", &jwe.jose.alg)) {
lwsl_err("Unknown cipher alg \"RSA-OAEP\"\n");
goto bail;
}
if (lws_gencrypto_jwe_enc_to_definition("A256GCM", &jwe.jose.enc_alg)) {
lwsl_err("Unknown payload enc alg \"A256GCM\"\n");
goto bail;
}
/* we require a JOSE-formatted header to do the encryption */
jwe.jws.map.buf[LJWS_JOSE] = temp;
jwe.jws.map.len[LJWS_JOSE] = (uint32_t)lws_snprintf(temp, (unsigned int)temp_len,
"{\"alg\":\"%s\",\"enc\":\"%s\"}", "RSA-OAEP", "A256GCM");
temp_len -= (int)jwe.jws.map.len[LJWS_JOSE];
/*
* dup the plaintext into the ciphertext element, it will be
* encrypted in-place to a ciphertext of the same length
*/
if (lws_jws_dup_element(&jwe.jws.map, LJWE_CTXT,
lws_concat_temp(temp, temp_len), &temp_len,
ex_a1_ptext, strlen(ex_a1_ptext), 0)) {
lwsl_notice("%s: Not enough temp space for ptext\n", __func__);
goto bail;
}
/* CEK size is determined by hash / hmac size */
n = lws_gencrypto_bits_to_bytes(jwe.jose.enc_alg->keybits_fixed);
if (lws_jws_randomize_element(context, &jwe.jws.map, LJWE_EKEY,
lws_concat_temp(temp, temp_len),
&temp_len, (unsigned int)n,
LWS_JWE_LIMIT_KEY_ELEMENT_BYTES)) {
lwsl_err("Problem getting random\n");
goto bail;
}
n = lws_jwe_encrypt(&jwe, lws_concat_temp(temp, temp_len),
&temp_len);
if (n < 0) {
lwsl_err("%s: lws_jwe_encrypt failed\n", __func__);
goto bail;
}
n = lws_jwe_render_compact(&jwe, compact, sizeof(compact));
if (n < 0) {
lwsl_err("%s: lws_jwe_render_compact failed: %d\n",
__func__, n);
goto bail;
}
// puts(compact);
/*
* Okay... what happens when we try to decode what we created?
*/
lws_jwe_destroy(&jwe);
lws_jwe_init(&jwe, context);
temp_len = sizeof(temp);
/* converts a compact serialization to jws b64 + decoded maps */
if (lws_jws_compact_decode(compact, (int)strlen(compact), &jwe.jws.map,
&jwe.jws.map_b64, temp, &temp_len) != 5) {
lwsl_err("%s: lws_jws_compact_decode failed\n", __func__);
goto bail;
}
if (lws_jwk_import(&jwe.jwk, NULL, NULL, ex_a1_jwk_json,
strlen(ex_a1_jwk_json)) < 0) {
lwsl_notice("%s: Failed to decode JWK test key\n", __func__);
goto bail;
}
n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len),
&temp_len);
if (n < 0) {
lwsl_err("%s: generated lws_jwe_auth_and_decrypt failed\n",
__func__);
goto bail;
}
ret = 0;
bail:
lws_jwe_destroy(&jwe);
if (ret)
lwsl_err("%s: selftest failed +++++++++++++++++++\n", __func__);
else
lwsl_notice("%s: selftest OK\n", __func__);
return ret;
}
/* A.2. Example JWE using RSAES-PKCS1-v1_5 and AES_128_CBC_HMAC_SHA_256
*
* This example encrypts the plaintext "Live long and prosper." to the
* recipient using RSAES-PKCS1-v1_5 for key encryption and
* AES_128_CBC_HMAC_SHA_256 for content encryption.
*/
/* "Live long and prosper." */
static uint8_t
ex_a2_ptext[] = {
76, 105, 118, 101, 32, 108, 111, 110,
103, 32, 97, 110, 100, 32, 112, 114,
111, 115, 112, 101, 114, 46
}, *lws_jwe_ex_a2_jwk_json = (uint8_t *)
"{"
"\"kty\":\"RSA\","
"\"n\":\"sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1Wl"
"UzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDpre"
"cbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_"
"7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBI"
"Y2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU"
"7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw\","
"\"e\":\"AQAB\","
"\"d\":\"VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq"
"1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-ry"
"nq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_"
"0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj"
"-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-Kyvj"
"T1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ\","
"\"p\":\"9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68"
"ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEP"
"krdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM\","
"\"q\":\"uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-y"
"BhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN"
"-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0\","
"\"dp\":\"w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuv"
"ngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcra"
"Hawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs\","
"\"dq\":\"o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff"
"7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_"
"odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU\","
"\"qi\":\"eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlC"
"tUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZ"
"B9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo\""
"}",
*ex_a2_compact = (uint8_t *)
"eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0"
"."
"UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm"
"1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7Pc"
"HALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIF"
"NPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8"
"rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv"
"-B3oWh2TbqmScqXMR4gp_A"
"."
"AxY8DCtDaGlsbGljb3RoZQ"
"."
"KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY"
"."
"9hH0vgRfYgPnAHOd8stkvw"
;
static int
test_jwe_a2(struct lws_context *context)
{
struct lws_jwe jwe;
char temp[2048];
int n, ret = -1, temp_len = sizeof(temp);
lws_jwe_init(&jwe, context);
if (lws_jwk_import(&jwe.jwk, NULL, NULL, (char *)lws_jwe_ex_a2_jwk_json,
strlen((char *)lws_jwe_ex_a2_jwk_json)) < 0) {
lwsl_notice("%s: Failed to decode JWK test key\n", __func__);
goto bail;
}
/* converts a compact serialization to jws b64 + decoded maps */
if (lws_jws_compact_decode((const char *)ex_a2_compact,
(int)strlen((char *)ex_a2_compact),
&jwe.jws.map, &jwe.jws.map_b64,
(char *)temp, &temp_len) != 5) {
lwsl_err("%s: lws_jws_compact_decode failed\n", __func__);
goto bail;
}
n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len),
&temp_len);
if (n < 0) {
lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n",
__func__);
goto bail;
}
/* allowing for trailing padding, confirm the plaintext */
if (jwe.jws.map.len[LJWE_CTXT] < sizeof(ex_a2_ptext) ||
lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT], ex_a2_ptext,
sizeof(ex_a2_ptext))) {
lwsl_err("%s: plaintext AES decrypt wrong\n", __func__);
lwsl_hexdump_notice(ex_a2_ptext, sizeof(ex_a2_ptext));
lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT],
jwe.jws.map.len[LJWE_CTXT]);
goto bail;
}
ret = 0;
bail:
lws_jwe_destroy(&jwe);
if (ret)
lwsl_err("%s: selftest failed +++++++++++++++++++\n", __func__);
else
lwsl_notice("%s: selftest OK\n", __func__);
return ret;
}
/* JWE creation using RSAES-PKCS1-v1_5 and AES_128_CBC_HMAC_SHA_256
*
* This example encrypts a different, larger plaintext using the jwk key from
* the test above, and AES_128_CBC_HMAC_SHA_256 for content encryption.
*/
static const char *rsa256a128_jose =
"{ \"alg\":\"RSA1_5\",\"enc\":\"A128CBC-HS256\"}";
static uint8_t
/* plaintext is 1024 bytes from /dev/urandom */
ra_ptext_1024[] = {
0xfe, 0xc6, 0x4f, 0x3e, 0x4a, 0x19, 0xe9, 0xd7,
0xc2, 0x13, 0xe7, 0xc5, 0x78, 0x6e, 0x71, 0xf6,
0x6e, 0xdd, 0x04, 0xaf, 0xaa, 0x4e, 0xa8, 0xad,
0xd8, 0xe0, 0xb3, 0x32, 0x97, 0x43, 0x7c, 0xd8,
0xd1, 0x5f, 0x56, 0xac, 0x70, 0xaf, 0x7d, 0x0b,
0x40, 0xa1, 0x96, 0x71, 0x7c, 0xc4, 0x4a, 0x37,
0x0b, 0xa6, 0x06, 0xb3, 0x8c, 0x87, 0xee, 0xb6,
0x15, 0xfe, 0xaa, 0x60, 0x7e, 0x7f, 0xdc, 0xb0,
0xff, 0x96, 0x4b, 0x30, 0x60, 0xcf, 0xc6, 0x5d,
0x09, 0x6a, 0x6f, 0x66, 0x0c, 0x5f, 0xb0, 0x6f,
0x61, 0xa6, 0x26, 0x02, 0xbd, 0x46, 0xda, 0xa3,
0x73, 0x19, 0x17, 0xff, 0xe0, 0x5f, 0x30, 0x72,
0x7d, 0x17, 0xd8, 0xb2, 0xbe, 0x84, 0x3e, 0x4d,
0x76, 0xbd, 0x62, 0x5d, 0x63, 0xfe, 0x11, 0x32,
0x11, 0x41, 0xdc, 0xed, 0x96, 0xfd, 0x31, 0x38,
0x6a, 0x84, 0x55, 0x7a, 0x33, 0x3f, 0x37, 0xc3,
0x37, 0x7b, 0xc1, 0xb7, 0x89, 0x00, 0x39, 0xa6,
0x94, 0x91, 0xb7, 0x19, 0x6b, 0x1d, 0x99, 0xeb,
0xf6, 0x10, 0xb9, 0xd2, 0xcd, 0x15, 0x0d, 0xbc,
0x24, 0x34, 0x9a, 0x52, 0x64, 0x21, 0x72, 0x1e,
0x9a, 0x00, 0xf2, 0xcf, 0xf1, 0x7d, 0x1a, 0x12,
0x8d, 0x39, 0xbc, 0xf9, 0x09, 0xfd, 0xd9, 0x22,
0x27, 0x28, 0xe1, 0x3a, 0x0b, 0x82, 0xba, 0x9a,
0xe5, 0x9d, 0xa8, 0x12, 0x6e, 0xf5, 0x4b, 0xc7,
0x2b, 0x9c, 0xdc, 0xfe, 0xf3, 0xe8, 0x74, 0x65,
0x3d, 0xe0, 0xaa, 0x64, 0xf3, 0x43, 0xa4, 0x88,
0xa8, 0xbe, 0x60, 0xdb, 0xfd, 0x2d, 0x3b, 0x84,
0x82, 0x8f, 0x4d, 0xbb, 0xe4, 0xa9, 0x59, 0xe3,
0x6c, 0x52, 0x45, 0xe4, 0x34, 0xdb, 0x28, 0x0e,
0x4a, 0x44, 0xb6, 0x9a, 0x25, 0x9b, 0x3b, 0xae,
0xe1, 0x12, 0x1d, 0x1c, 0x66, 0x7d, 0xb9, 0x5b,
0x5f, 0xc2, 0x4a, 0xaa, 0xd2, 0xe9, 0x65, 0xe2,
0x85, 0x6f, 0xf6, 0x67, 0x66, 0x8e, 0x0b, 0xd2,
0x60, 0xf8, 0x43, 0x60, 0x04, 0x9b, 0xa9, 0x3a,
0x6a, 0x3c, 0x02, 0x3c, 0x08, 0x9d, 0x60, 0x1c,
0xc4, 0x27, 0x3e, 0xff, 0xd0, 0x70, 0x94, 0x43,
0x3e, 0x9e, 0x69, 0x19, 0x22, 0xf0, 0xec, 0x26,
0x2d, 0xa5, 0x71, 0xf3, 0x92, 0x61, 0x95, 0xce,
0xc3, 0xc0, 0xa0, 0xc3, 0x98, 0x22, 0xdd, 0x32,
0x3c, 0x48, 0xcb, 0xd1, 0x61, 0xa0, 0xaa, 0x9a,
0x7e, 0x5a, 0xfa, 0x26, 0x46, 0x49, 0xfc, 0x9c,
0xaa, 0x21, 0x06, 0x45, 0xf1, 0xa0, 0xc9, 0xef,
0x6b, 0x89, 0xf2, 0x01, 0x20, 0x54, 0xfa, 0x0a,
0x23, 0xff, 0xbd, 0x64, 0x35, 0x94, 0xfd, 0x35,
0x70, 0x52, 0x94, 0x66, 0xc5, 0xd0, 0x27, 0xc1,
0x8f, 0x6d, 0xc4, 0xa3, 0x34, 0xc2, 0xea, 0xf0,
0xb3, 0x0d, 0x6c, 0x13, 0xb5, 0xc9, 0x6e, 0x5c,
0xeb, 0x8b, 0x7b, 0xf5, 0x21, 0x4c, 0xe3, 0xb7,
0x73, 0x6d, 0x07, 0xaa, 0x44, 0xc4, 0xba, 0xc5,
0xa5, 0x0e, 0x75, 0x28, 0xb7, 0x50, 0x22, 0x54,
0xa7, 0xe1, 0x2e, 0xfd, 0x20, 0xcd, 0xa4, 0x31,
0xa3, 0xb2, 0x73, 0x98, 0x7c, 0x3c, 0x8f, 0xa3,
0x40, 0x8a, 0xaf, 0x31, 0xfa, 0xf9, 0x70, 0x4d,
0x83, 0x10, 0xc4, 0xa0, 0x9c, 0xd6, 0xa3, 0xd5,
0x07, 0xaf, 0xaf, 0x35, 0x15, 0xd0, 0x84, 0x09,
0x20, 0x36, 0x88, 0xac, 0x6f, 0x16, 0x5e, 0x03,
0xa9, 0xfc, 0xb3, 0x2d, 0x01, 0x57, 0xb3, 0xed,
0x4b, 0x55, 0x2b, 0xbc, 0x92, 0x87, 0x3e, 0x27,
0xc4, 0x2c, 0x44, 0xac, 0x05, 0x5f, 0x26, 0xe7,
0xe9, 0xb0, 0x2d, 0x6b, 0x3c, 0x8c, 0xd2, 0xb4,
0x3c, 0xb4, 0x86, 0xfe, 0x68, 0x99, 0x2a, 0x42,
0xac, 0xa4, 0xb3, 0x89, 0x61, 0xb3, 0xd1, 0xdf,
0x9b, 0x58, 0xc7, 0x81, 0x62, 0x87, 0x26, 0x52,
0x51, 0xe7, 0x7d, 0x7c, 0x37, 0x14, 0xe5, 0x19,
0x28, 0x34, 0x3e, 0x95, 0x17, 0x36, 0x12, 0xf9,
0x5e, 0xc1, 0x3c, 0x9c, 0x28, 0x70, 0x06, 0xdf,
0xc4, 0x6d, 0x25, 0x04, 0x46, 0xe0, 0x95, 0xf0,
0xc8, 0x57, 0x48, 0x27, 0x26, 0xf3, 0xf7, 0x19,
0xbe, 0xea, 0xb4, 0xd4, 0x64, 0xaf, 0x67, 0x7c,
0xf5, 0xa9, 0xfb, 0x85, 0x4a, 0x43, 0x9c, 0x62,
0x06, 0x5e, 0x28, 0x2a, 0x7b, 0x1e, 0xb3, 0x07,
0xe7, 0x19, 0x32, 0xa4, 0x4e, 0xb4, 0xce, 0xe0,
0x92, 0x56, 0xf5, 0x10, 0xcb, 0x56, 0x34, 0x4b,
0x0d, 0xe1, 0xd3, 0x6d, 0xfe, 0xf0, 0x44, 0xf7,
0x22, 0x1d, 0x5e, 0x6b, 0xa7, 0xa5, 0x83, 0x2e,
0xeb, 0x14, 0xf2, 0xd7, 0x27, 0x5a, 0x2a, 0xd2,
0x55, 0x35, 0xe6, 0x7e, 0xd9, 0x3b, 0xac, 0x4e,
0x5a, 0x22, 0x46, 0xd5, 0x7b, 0x57, 0x9c, 0x58,
0xfe, 0xd0, 0xda, 0xbf, 0x7d, 0xe9, 0x8c, 0xb7,
0xba, 0x88, 0xf1, 0xc3, 0x82, 0x53, 0xc3, 0x66,
0x20, 0x51, 0x12, 0xd3, 0xf9, 0xaf, 0xe9, 0xcb,
0xc1, 0x7a, 0xe6, 0x22, 0x44, 0xa5, 0xdf, 0x18,
0xb3, 0x6e, 0x6c, 0xba, 0xf3, 0xc6, 0x24, 0x5a,
0x1c, 0x67, 0xa6, 0xa5, 0xb4, 0xb1, 0x35, 0xdf,
0x5a, 0x60, 0x5c, 0x0b, 0x66, 0xd3, 0x1f, 0x4e,
0x7c, 0xcb, 0x93, 0x7e, 0x2f, 0x6d, 0xbd, 0xce,
0x26, 0x52, 0x44, 0xee, 0xbb, 0xd8, 0x8f, 0xf2,
0x67, 0x38, 0x0d, 0x3b, 0xaa, 0x21, 0x73, 0xf8,
0x3b, 0x54, 0x9d, 0x4e, 0x5e, 0xf1, 0xa2, 0x18,
0x5a, 0xf1, 0x6c, 0x32, 0xbf, 0x0a, 0x73, 0x14,
0x48, 0x4f, 0x56, 0xc0, 0x87, 0x6d, 0x3b, 0x16,
0xcc, 0x3f, 0x44, 0x19, 0x85, 0x22, 0x43, 0x5f,
0x8c, 0x29, 0xbd, 0xa0, 0xce, 0x84, 0xd9, 0x4a,
0xcf, 0x00, 0x6b, 0x37, 0x35, 0xe0, 0xb3, 0xc9,
0xd1, 0x58, 0xd1, 0x1b, 0xc3, 0x6f, 0xe3, 0x50,
0xdb, 0xa6, 0x5e, 0x03, 0x18, 0xe5, 0xe2, 0xc1,
0x97, 0xd5, 0xf8, 0x42, 0x6f, 0xe6, 0x61, 0x80,
0xc9, 0x7c, 0xc6, 0x83, 0xf0, 0xad, 0x70, 0x13,
0x0e, 0x26, 0x75, 0xc0, 0x12, 0x23, 0x14, 0xef,
0x1f, 0xdf, 0xfd, 0x47, 0x99, 0x9f, 0x22, 0xf3,
0x57, 0x21, 0xdc, 0x38, 0xe4, 0x79, 0x87, 0x5b,
0x67, 0x66, 0xdd, 0x0b, 0xe0, 0xae, 0xb5, 0x97,
0xd8, 0xa6, 0x5d, 0x02, 0xcf, 0x6b, 0x84, 0x19,
0xc1, 0xbb, 0x25, 0xd2, 0x10, 0xb9, 0x63, 0xeb,
0x4b, 0x27, 0x8d, 0x05, 0x31, 0xce, 0x3b, 0x0c,
0x5f, 0xd4, 0x83, 0x47, 0xa4, 0x8b, 0xc4, 0x76,
0x33, 0x74, 0x1a, 0x07, 0xf8, 0x18, 0x82, 0x1c,
0x8e, 0x01, 0x75, 0x78, 0xea, 0xd9, 0x72, 0x61,
0x71, 0xa9, 0x09, 0x44, 0x7b, 0x0f, 0x12, 0xcf,
0x4c, 0x76, 0x7b, 0x69, 0xc8, 0x64, 0x98, 0x60,
0x45, 0xb6, 0xc7, 0x6b, 0xd8, 0x43, 0x99, 0x08,
0xc9, 0xd3, 0x6f, 0x01, 0x4f, 0x57, 0x6f, 0x49,
0x4f, 0x4f, 0x72, 0xa4, 0xa2, 0x45, 0xe1, 0x0e,
0xf2, 0x08, 0x3e, 0x67, 0xc3, 0x83, 0x5b, 0xb1,
0x24, 0xc0, 0xe0, 0x3a, 0xf5, 0x1f, 0xf2, 0x06,
0x4b, 0xa7, 0x6f, 0xd2, 0xb2, 0x81, 0x96, 0x91,
0x42, 0xb1, 0x53, 0x65, 0x3a, 0x12, 0xcd, 0x33,
0xb3, 0x7e, 0x79, 0xc0, 0x46, 0xf6, 0xd8, 0x4a,
0x22, 0x35, 0xb8, 0x3f, 0xe4, 0x08, 0x88, 0x49,
0x3c, 0x73, 0x9a, 0x44, 0xe3, 0x3b, 0xcc, 0xc4,
0xae, 0x7c, 0xbe, 0xfd, 0xa6, 0x4a, 0xd4, 0x26,
0x52, 0x58, 0x81, 0x30, 0x66, 0x44, 0x54, 0xc8,
0xe4, 0x7c, 0x5b, 0x63, 0x06, 0x60, 0x94, 0x62,
0xe5, 0x47, 0x45, 0xfb, 0x58, 0xf5, 0x6a, 0x7c,
0xb2, 0x35, 0x08, 0x03, 0x15, 0x68, 0xb3, 0x13,
0xa5, 0xbd, 0xf2, 0x1e, 0x2e, 0x1c, 0x8f, 0xc6,
0xc7, 0xd1, 0xa9, 0x64, 0x37, 0x2b, 0x23, 0xfa,
0x7e, 0x56, 0x22, 0xf0, 0x8a, 0xbd, 0xeb, 0x04
},
r256a128_cek[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
}
;
static int
test_jwe_ra_ptext_1024(struct lws_context *context, char *jwk_txt, int jwk_len)
{
char temp[4096], compact[4096];
struct lws_jwe jwe;
int n, ret = -1, temp_len = sizeof(temp);
lws_jwe_init(&jwe, context);
/* reuse the rsa private key from the JWE Appendix 2 test above */
if (lws_jwk_import(&jwe.jwk, NULL, NULL, jwk_txt, (unsigned int)jwk_len) < 0) {
lwsl_notice("%s: Failed to decode JWK test key\n", __func__);
goto bail;
}
/* dup the plaintext, it will be replaced in-situ by the ciphertext */
if (lws_jws_dup_element(&jwe.jws.map, LJWE_CTXT,
lws_concat_temp(temp, temp_len), &temp_len,
ra_ptext_1024, sizeof(ra_ptext_1024),
lws_gencrypto_padded_length(LWS_AES_CBC_BLOCKLEN,
sizeof(ra_ptext_1024)))) {
lwsl_notice("%s: Not enough temp space for ptext\n", __func__);
goto bail;
}
/* dup the cek, since it will be replaced by the encrypted key */
if (lws_jws_dup_element(&jwe.jws.map, LJWE_EKEY,
lws_concat_temp(temp, temp_len), &temp_len,
r256a128_cek, sizeof(r256a128_cek),
LWS_JWE_LIMIT_KEY_ELEMENT_BYTES)) {
lwsl_notice("%s: Not enough temp space for EKEY\n", __func__);
goto bail;
}
jwe.jws.map.buf[LJWE_JOSE] = rsa256a128_jose;
jwe.jws.map.len[LJWE_JOSE] = (uint32_t)strlen(rsa256a128_jose);
n = lws_jwe_parse_jose(&jwe.jose, jwe.jws.map.buf[LJWE_JOSE],
(int)jwe.jws.map.len[LJWE_JOSE],
lws_concat_temp(temp, temp_len), &temp_len);
if (n < 0) {
lwsl_err("%s: JOSE parse failed\n", __func__);
goto bail;
}
n = lws_jwe_encrypt(&jwe, lws_concat_temp(temp, temp_len),
&temp_len);
if (n < 0) {
lwsl_err("%s: lws_jwe_encrypt failed\n", __func__);
goto bail;
}
n = lws_jwe_render_compact(&jwe, compact, sizeof(compact));
if (n < 0) {
lwsl_err("%s: lws_jwe_render_compact failed: %d\n", __func__, n);
goto bail;
}
// puts(compact);
lws_jwe_destroy(&jwe);
lws_jwe_init(&jwe, context);
temp_len = sizeof(temp);
/* now we created the encrypted version, see if we can decrypt it */
if (lws_jwk_import(&jwe.jwk, NULL, NULL, jwk_txt, (unsigned int)jwk_len) < 0) {
lwsl_notice("%s: Failed to decode JWK test key\n", __func__);
goto bail;
}
if (lws_jws_compact_decode(compact, n, &jwe.jws.map, &jwe.jws.map_b64,
temp, &temp_len) != 5) {
lwsl_err("%s: failed to parse generated compact\n", __func__);
goto bail;
}
n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len),
&temp_len);
if (n < 0) {
lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n",
__func__);
goto bail;
}
/* allowing for trailing padding, confirm the plaintext */
if (jwe.jws.map.len[LJWE_CTXT] < sizeof(ra_ptext_1024) ||
lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT], ra_ptext_1024,
sizeof(ra_ptext_1024))) {
lwsl_err("%s: plaintext AES decrypt wrong\n", __func__);
lwsl_hexdump_notice(ra_ptext_1024, sizeof(ra_ptext_1024));
lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT],
jwe.jws.map.len[LJWE_CTXT]);
goto bail;
}
ret = 0;
bail:
lws_jwe_destroy(&jwe);
if (ret)
lwsl_err("%s: selftest failed +++++++++++++++++++\n", __func__);
else
lwsl_notice("%s: selftest OK\n", __func__);
return ret;
}
static const char *rsa256a192_jose =
"{ \"alg\":\"RSA1_5\",\"enc\":\"A192CBC-HS384\"}";
static const uint8_t r256a192_cek[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f
}
;
static int
test_jwe_r256a192_ptext(struct lws_context *context, char *jwk_txt, int jwk_len)
{
struct lws_jwe jwe;
char temp[4096], compact[4096];
int n, ret = -1, temp_len = sizeof(temp);
lws_jwe_init(&jwe, context);
/* reuse the rsa private key from the JWE Appendix 2 test above */
if (lws_jwk_import(&jwe.jwk, NULL, NULL, jwk_txt, (unsigned int)jwk_len) < 0) {
lwsl_notice("%s: Failed to decode JWK test key\n", __func__);
goto bail;
}
/*
* dup the plaintext into the ciphertext element, it will be
* encrypted in-place to a ciphertext of the same length + padding
*/
if (lws_jws_dup_element(&jwe.jws.map, LJWE_CTXT,
lws_concat_temp(temp, temp_len), &temp_len,
ra_ptext_1024, sizeof(ra_ptext_1024),
lws_gencrypto_padded_length(LWS_AES_CBC_BLOCKLEN,
sizeof(ra_ptext_1024)))) {
lwsl_notice("%s: Not enough temp space for ptext\n", __func__);
goto bail;
}
/* copy the cek, since it will be replaced by the encrypted key */
if (lws_jws_dup_element(&jwe.jws.map, LJWE_EKEY,
lws_concat_temp(temp, temp_len), &temp_len,
r256a192_cek, sizeof(r256a192_cek),
LWS_JWE_LIMIT_KEY_ELEMENT_BYTES)) {
lwsl_err("Problem getting random\n");
goto bail;
}
jwe.jws.map.buf[LJWE_JOSE] = rsa256a192_jose;
jwe.jws.map.len[LJWE_JOSE] = (uint32_t)strlen(rsa256a192_jose);
n = lws_jwe_parse_jose(&jwe.jose, jwe.jws.map.buf[LJWE_JOSE],
(int)jwe.jws.map.len[LJWE_JOSE],
lws_concat_temp(temp, temp_len), &temp_len);
if (n < 0) {
lwsl_err("%s: JOSE parse failed\n", __func__);
goto bail;
}
n = lws_jwe_encrypt(&jwe, lws_concat_temp(temp, temp_len),
&temp_len);
if (n < 0) {
lwsl_err("%s: lws_jwe_encrypt failed\n", __func__);
goto bail;
}
n = lws_jwe_render_compact(&jwe, compact, sizeof(compact));
if (n < 0) {
lwsl_err("%s: lws_jwe_render_compact failed: %d\n", __func__, n);
goto bail;
}
// puts(compact);
/* now we created the encrypted version, see if we can decrypt it */
lws_jwe_destroy(&jwe);
lws_jwe_init(&jwe, context);
if (lws_jwk_import(&jwe.jwk, NULL, NULL, jwk_txt, (unsigned int)jwk_len) < 0) {
lwsl_notice("%s: Failed to decode JWK test key\n", __func__);
goto bail;
}
if (lws_jws_compact_decode(compact, n, &jwe.jws.map, &jwe.jws.map_b64,
temp, &temp_len) != 5) {
lwsl_err("%s: failed to parse generated compact\n", __func__);
goto bail;
}
n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len),
&temp_len);
if (n < 0) {
lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n",
__func__);
goto bail;
}
/* allowing for trailing padding, confirm the plaintext */
if (jwe.jws.map.len[LJWE_CTXT] < sizeof(ra_ptext_1024) ||
lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT], ra_ptext_1024,
sizeof(ra_ptext_1024))) {
lwsl_err("%s: plaintext AES decrypt wrong\n", __func__);
lwsl_hexdump_notice(ra_ptext_1024, sizeof(ra_ptext_1024));
lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT],
jwe.jws.map.len[LJWE_CTXT]);
goto bail;
}
ret = 0;
bail:
lws_jwe_destroy(&jwe);
if (ret)
lwsl_err("%s: selftest failed +++++++++++++++++++\n", __func__);
else
lwsl_notice("%s: selftest OK\n", __func__);
return ret;
}
static const char *rsa256a256_jose =
"{ \"alg\":\"RSA1_5\",\"enc\":\"A256CBC-HS512\"}";
static const uint8_t r256a256_cek[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f
}
;
static int
test_jwe_r256a256_ptext(struct lws_context *context, char *jwk_txt, int jwk_len)
{
struct lws_jwe jwe;
char temp[4096], compact[4096];
int n, ret = -1, temp_len = sizeof(temp);
lws_jwe_init(&jwe, context);
/* reuse the rsa private key from the JWE Appendix 2 test above */
if (lws_jwk_import(&jwe.jwk, NULL, NULL, jwk_txt, (unsigned int)jwk_len) < 0) {
lwsl_notice("%s: Failed to decode JWK test key\n", __func__);
goto bail;
}
/*
* dup the plaintext into the ciphertext element, it will be
* encrypted in-place to a ciphertext of the same length + padding
*/
if (lws_jws_dup_element(&jwe.jws.map, LJWE_CTXT,
lws_concat_temp(temp, temp_len), &temp_len,
ra_ptext_1024, sizeof(ra_ptext_1024),
lws_gencrypto_padded_length(LWS_AES_CBC_BLOCKLEN,
sizeof(ra_ptext_1024)))) {
lwsl_notice("%s: Not enough temp space for ptext\n", __func__);
goto bail;
}
/* copy the cek, since it will be replaced by the encrypted key */
if (lws_jws_dup_element(&jwe.jws.map, LJWE_EKEY,
lws_concat_temp(temp, temp_len), &temp_len,
r256a256_cek, sizeof(r256a256_cek),
LWS_JWE_LIMIT_KEY_ELEMENT_BYTES)) {
lwsl_err("Problem getting random\n");
goto bail;
}
jwe.jws.map.buf[LJWE_JOSE] = rsa256a256_jose;
jwe.jws.map.len[LJWE_JOSE] = (uint32_t)strlen(rsa256a256_jose);
n = lws_jwe_parse_jose(&jwe.jose, rsa256a256_jose,
(int)strlen(rsa256a256_jose),
lws_concat_temp(temp, temp_len), &temp_len);
if (n < 0) {
lwsl_err("%s: JOSE parse failed\n", __func__);
goto bail;
}
n = lws_jwe_encrypt(&jwe, lws_concat_temp(temp, temp_len),
&temp_len);
if (n < 0) {
lwsl_err("%s: lws_jwe_encrypt failed\n", __func__);
goto bail;
}
n = lws_jwe_render_compact(&jwe, compact, sizeof(compact));
if (n < 0) {
lwsl_err("%s: lws_jwe_render_compact failed: %d\n", __func__, n);
goto bail;
}
// puts(compact);
/* now we created the encrypted version, see if we can decrypt it */
lws_jwe_destroy(&jwe);
lws_jwe_init(&jwe, context);
if (lws_jwk_import(&jwe.jwk, NULL, NULL, jwk_txt, (unsigned int)jwk_len) < 0) {
lwsl_notice("%s: Failed to decode JWK test key\n", __func__);
goto bail;
}
if (lws_jws_compact_decode(compact, n, &jwe.jws.map, &jwe.jws.map_b64,
temp, &temp_len) != 5) {
lwsl_err("%s: failed to parse generated compact\n", __func__);
goto bail;
}
n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len),
&temp_len);
if (n < 0) {
lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n",
__func__);
goto bail;
}
/* allowing for trailing padding, confirm the plaintext */
if (jwe.jws.map.len[LJWE_CTXT] < sizeof(ra_ptext_1024) ||
lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT], ra_ptext_1024,
sizeof(ra_ptext_1024))) {
lwsl_err("%s: plaintext AES decrypt wrong\n", __func__);
lwsl_hexdump_notice(ra_ptext_1024, sizeof(ra_ptext_1024));
lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT],
jwe.jws.map.len[LJWE_CTXT]);
goto bail;
}
ret = 0;
bail:
lws_jwe_destroy(&jwe);
if (ret)
lwsl_err("%s: selftest failed +++++++++++++++++++\n", __func__);
else
lwsl_notice("%s: selftest OK\n", __func__);
return ret;
}
/* produced by running the minimal example `lws-crypto-jwk -t RSA -b 2048 -c` */
static const char *rsa_key_2048 =
"{"
"\"e\":\"AQAB\","
"\"kty\":\"RSA\","
"\"n\":\"lBJdvUq-9_8hlcduIWuBjRb0tGzzAvS4foqoNCO7g-rOXMdeAcmq"
"aSzWTbkaGIc3L1I4-Q3TOZtxn2UhuDlShZRIhM6JCQuUVNVAF3TD7oXxHtZ"
"LJ7y_BqCUlrAmW31lu-nVmhY2G3xW26yXWUsDbCxz0hfLbVnXRSvVKLzYWm"
"_yyrFyEWfxB8peDocvKGh879z_aPCKE3PDOEl2AsgzYfpnWCLytkgnrTeL6"
"qY8HXxvvV-Jw-XMaRiwH0VldpIjs4DaoN35Kj1Ex7QOZznTkbYtMIqse8bR"
"LoR8Irkxbc5ncUAuX1KSV6lpPtelsA3RtEjJ4NHV-5eEABiYh8_CFQ\","
"\"d\":\"DDpguQ9RVQFMoJC5z2hlkvq91kvsXPv2Y9Dcki256xYlg55H7Pre"
"p__hahrABR2Jg6QVJhArt5ABjUnDQ_JL69HH6VvLD6RVVBTQ-FRBZ_3HYKY"
"Oynx5BA7tJm1BRatF5FkBCvq27i8nAc4vfjAb22o9CFvEW3FLaKAgOCncQ3"
"Tnbz9CddH89n7DXw4kBFI8q5ugF_aRIg5-i42W_hQinLaBhZ_zhAuE-nvlt"
"ZnhDal8cX3T60lNoUrDOlirqEOXKO3gXCHpm3csZ6nabHYD1UCyHOmi2RsR"
"pzjaiqjXdPbwPzQoh2DcYpavNrf1mtHiqTwLZDTJIRHWHufJzHf-sw\","
"\"p\":\"ySeC3FtvzduDEL-FX4JqbRN06PdBhUmosCkymmbBjriuLNpkGkG-"
"1ex7r-M8neUBZbctmDdih6cpLZ8hjZv3eEDZ4b5Z2LqZnja4QvVoWLUs4Fb"
"NN_PxJCR5H28uUfT6ThxqT0Nb2enb8Dyp0Qxvd7eJUeYz6jOt7pEK-ErTB4"
"M\","
"\"q\":\"vHG2Pd6QUH7vFZjJtXwmlVnrz5tdJvUPQvz7ggeM69cqhf4vLajz"
"sqP9GhJr7bEkp6vKVdZGmfEdiFRD8cssIZq651oAO5Wr7zZd2mR_hG9jZx7"
"8Davfuxr4SZNN-bmoxO6dbDi-X2c7fvMI2YeJwL4groNKyiosdUYILTrYRI"
"c\","
"\"dp\":\"h5Gqf2rcokgEQGBjuigCJDtNuskRjoxDNV6-rRL99nt_X9lcR9n"
"xjOnRvowOyXeTBoN7JjCFpllBxm6ORYtNMO28KomIsimo6NmGPBJ7XfXVJe"
"k6bDBrX-l4_HeJJ1FM9SHvgDYsjGQxh-rKpIqWAYBf-yOD758e5T85vndnX"
"JM\","
"\"dq\":\"K9LiB-dfdmjenw4mMp-JtYfw8Bn4gtvQzcpZjzbETgB-8iRXwm2"
"dJvk-HjcUhHWCyb-I0YeAacKKFK9MEconHDWIq87haPn4vyvMjcJ7aUgiPN"
"QW1_MVl8TA4xNvudi0Z__5-jYEB9nRG0fX0gbUQU-19_-uf-9o4WkE88fQj"
"bc\","
"\"qi\":\"LEkTRqmomn9UiASeRfAKw-Z5q7cye9CSL4luSexFvA3Du7Oin-s"
"L9a7F3nJN4CuYzhtNMxQ0hM7k6ExzhDhXDlNRHxnNEDt81-CFRV98v7GVWV"
"SH1KnaKf9wgegxSSm-x536ki2SI8EN4k4qkqRF0iLVHZK7CgnWMbtt6tnpp"
"3k\""
"}";
/* produced by running the minimal example `lws-crypto-jwk -t RSA -b 4096 -c` */
static const char *rsa_key_4096 =
"{"
"\"e\":\"AQAB\","
"\"kty\":\"RSA\","
"\"n\":\"uiLBz1SUgd4eQ0okg6tlPdk9QUhTsqXmiJXygWVFgzT45E5_Rfkq"
"vZ2fwAqQ8DvxkDTUWiKpeXMpPRNWG5GxuBuq9n7xdA1vn1eQi8LoekB28dg"
"3MwMfozVSKCzyxG1f81xPE5x3EMVhCcx6hshhlMEHkzNNhE07d-oRO87ZC0"
"z_5L3Vh03uJBXaDKVlsgHAazoHLhn6G4odqv-ro54T6Nx1eEtyTnMmFY5ND"
"V4rN0SjQvSefbZZtsrtby8Z0JmeyvynmDwOINj7FpmPmpFLoWGXntc2yxPP"
"8SHnqfT9ESh94fxCMxRhDNohgpegRHyiYwj3M5ZYY6reCZYfOQONSWmc8yp"
"NBMJqj4LuJ2bTMGAFS17ZP4ZZWm5RP9ax100Dgk0yxP1UrybG5dCfJRQvHC"
"ncxG_aL6cSQu2o4fXqlJsNHxk3FjHtV_CMZ3tqvGTvwrs4yxvKwKv6r3fRh"
"KL01bGOePzp9THkHW2-lzVj6kUwnxBdHGZE6fcAnczOdp8ZIEdV1w6ThimC"
"m3Bw_TIyl3tkuxRWXpc_d6Q4iiSVKGKCvUvfAlESpTA4tIhQkij-T9FEoj2"
"WE2H1D35AKmjcfLCh6yszu8cmDNedn862pwnawE2RvRFAyuI113fLQeCbCz"
"tQ1JHuD8cnQt0hpGzReTa5UJ8OEOGIlyXNdWZyTpk\","
"\"d\":\"G2ZW582AT-6xvz-IiP5fuJ9EMloygeuEeEo0aMJO3X3cfoUknJkN"
"ZtyvYa5cgBSe3la8hKkyD9_5K9WvGP9VLTAbdk4g_m-k5QyXiU9PeAGJ0Nd"
"-Zqq4y0Zj2eil8u7Tz0fhFxay-zvG6VGZnsIcBTD2C7_jUwyoaqJA17A_CH"
"gU-ifMqS56VgMGdlKZmf7Cg7ZGzM1DoS6vZ9bbfgoczaw4OZVHlg9Cxa0NI"
"CDi1S-sJcTLGN_RLISKN5H0J54ZfzF6fUEn5kNykLTZrAvj2XV7g4UUOogn"
"1cvjJYRcBVzTzQKcfxbqo2DvymDGFZbQM6pj80rYJ5HFPh2EapjggPN8hXp"
"NlTNDEvC84QFv0lo2E-0nVWQqcyHtXd431O1JH2h5X822zKjXxkaztQSCj9"
"YP7AdAeoxIaWOa3aO1vcwURH2WWaNV-_KXVkPJNzfo9-bGYwblMw_RIqIkN"
"BDayTb8rBuQHTCE_tSEHgoSnkityGpr8j_vgA-Fa-SqmdqUlbklVpwA_Mq_"
"UH7RCaqe91dWxRhS_7c85tFMRFCKOcaRXkwxEpP2LD1AYe8yvVQlr0Se8_d"
"RefuQcC-BECwMW-TCgR3VxAuL7ExNTYe4bhBD8WYXsHP7wDXWX2Q4v7IRzj"
"cfVIdpTNYuWEd69PvXBCuy75hmDniSmS3Xps3ItGU\","
"\"p\":\"961BtLSIZkHO7Vu1KfaA3urcwGpISKJiTSB5Nh6npxJr9mSjzv_f"
"e8VoxCX6CWGY0SEeQNUQ6ceTnAAxkSHtZJQGed598jBtxIexAWEE7oc9s9d"
"b0cWu4QWIVZYXrcOTEWmK1kWN4PXmnnQknrWQF49adn81BaOXqoL-tahe7f"
"faXzXe0RXuohK543ZKbuuHQ2TxqFG7CZpXiH_qn1Syao32u0V3iDFpmmCUV"
"h9O2JCzfo8sAosTrnQwC0pXz3Nvr_9Cnk6bMluJoMrwB1Ywg_DPQ1WvpYHO"
"URezEOqVC8Y3zrko199TMX2COKGNFgutVpnzxs2_h0PyINUmwrY4zQ\","
"\"q\":\"wGQRaxy_gBafbrVJy4f32O0a2FQHzmS--WgHhoteDoF6ZAajLcV0"
"GEvb-AVmFER1Wii62BFaFJOYQIegELvnBFFzD6oHJRX7bM4m36G8J_TC1o9"
"T1IFnxOpaoFDf4JWf2k7DCXClGg_zueyOD8fj8F6j2nqpOfytuLmikHcWMc"
"dGTHTCRtQmvOk3pm0uk2qR0cQb5L3Ocv45tCKr55tMc6Zx3DKkMt1kmUwd2"
"HFfk_0WM6R7q4LNGIjwl8dwiERppLKA8xao9i3jOOdFEfAD-Zqv8H-32cyH"
"Mg6Guo4tPNAYSzcsz8nbEYPtKVVm-PDuM2cx0iaKnS8BIK2XTbzc_Q\","
"\"dp\":\"ZXLWIwp_hEMYWyjhP9r0VlqlKTtfeEDrOuQ-Qei0iz6EclwurK8"
"p_yyRCSb1D7qmOaLzHWMollllINUDeIsJDdWEAY8cz4L-sy1RV1tCBeHnaC"
"6iMX5jb1Aw072y3T3qk4tDjxjWUHroh6bTCR8dckkJqNfaBAFKMlGNuyLIH"
"3kSPUV3ivUM1d4NvhnJyz02HmjOgz9W-Uv65rJei_zJR9P2aCbAG00CEHXW"
"zJ_uT86VdxV11WTaHu8Abt94sER8Tv6jbuyLrUjJSs9VGew32xNcEhya4ZQ"
"VyimG8zri6fu7CDXXgPS8wtzB5ihl_c2ypnJQ4_GKrgEqwEAOrFqvUQ\","
"\"dq\":\"uzlmngcm8R6S3qi7fL7_2fG7uyPjSN5P3uR21l8QFCu6kFbJO8S"
"4muBP20hds4F_dlLGqXgRYo7TjpCtmztQsKoWv_ql41hGCfeAawa41WViqm"
"xmlxmrgzzRHsw1YhgZrNgTAz_E290EQT3Mbd0HnCZtbDMMNisIYAj_A3lwd"
"tbHOaYyXb0dSZ_nkSUVO05tQ2aGAo8Xtl5ih0NqaQR_XNhwW2pI0lsTB__D"
"15tU-O5FSdJaq2ip8KNrBzmF8IYrDKTNykKWAKRdSEX_uFoLdD8t0mxn3SM"
"luffa8vdjXJfh3GiASmHUt3HcPOooQEAufoWBPVJWeGqCvWtRH8yYfQ\","
"\"qi\":\"h-e9es5J49OUF48gSXUI8cynZ8ydv5cThXc1deV3mil_7_7Hg8E"
"jV3gAErO4l-irHJplFmHFZvU1ud4zs1gtBt5TA-EeeepYOHMSssWDvDK3WI"
"zsM6C3vcNTSkT-ihaSFmPWHCVwJ1R3auWfeI2In3at0jd4t-OK-cCcGZXb7"
"90-EnyyDcdFTU9WfwVSOJffRGjoUYX8DexavClv7CBzPhpdUzGoeyarNaG4"
"z9MI8Q8txHyHgc_D70lZUum1cj0bZwgEj6yDzOPzSgUmICFJiLDDj93oPaI"
"v-5CQ_Ckju7icexc_kuuYTKBOLTj_vfaURnV3KCHul2UljUYOxkfeNQ\""
"}";
static const char *rsa_key_4096_no_optional =
"{"
"\"e\":\"AQAB\","
"\"kty\":\"RSA\","
"\"n\":\"uiLBz1SUgd4eQ0okg6tlPdk9QUhTsqXmiJXygWVFgzT45E5_Rfkq"
"vZ2fwAqQ8DvxkDTUWiKpeXMpPRNWG5GxuBuq9n7xdA1vn1eQi8LoekB28dg"
"3MwMfozVSKCzyxG1f81xPE5x3EMVhCcx6hshhlMEHkzNNhE07d-oRO87ZC0"
"z_5L3Vh03uJBXaDKVlsgHAazoHLhn6G4odqv-ro54T6Nx1eEtyTnMmFY5ND"
"V4rN0SjQvSefbZZtsrtby8Z0JmeyvynmDwOINj7FpmPmpFLoWGXntc2yxPP"
"8SHnqfT9ESh94fxCMxRhDNohgpegRHyiYwj3M5ZYY6reCZYfOQONSWmc8yp"
"NBMJqj4LuJ2bTMGAFS17ZP4ZZWm5RP9ax100Dgk0yxP1UrybG5dCfJRQvHC"
"ncxG_aL6cSQu2o4fXqlJsNHxk3FjHtV_CMZ3tqvGTvwrs4yxvKwKv6r3fRh"
"KL01bGOePzp9THkHW2-lzVj6kUwnxBdHGZE6fcAnczOdp8ZIEdV1w6ThimC"
"m3Bw_TIyl3tkuxRWXpc_d6Q4iiSVKGKCvUvfAlESpTA4tIhQkij-T9FEoj2"
"WE2H1D35AKmjcfLCh6yszu8cmDNedn862pwnawE2RvRFAyuI113fLQeCbCz"
"tQ1JHuD8cnQt0hpGzReTa5UJ8OEOGIlyXNdWZyTpk\","
"\"d\":\"G2ZW582AT-6xvz-IiP5fuJ9EMloygeuEeEo0aMJO3X3cfoUknJkN"
"ZtyvYa5cgBSe3la8hKkyD9_5K9WvGP9VLTAbdk4g_m-k5QyXiU9PeAGJ0Nd"
"-Zqq4y0Zj2eil8u7Tz0fhFxay-zvG6VGZnsIcBTD2C7_jUwyoaqJA17A_CH"
"gU-ifMqS56VgMGdlKZmf7Cg7ZGzM1DoS6vZ9bbfgoczaw4OZVHlg9Cxa0NI"
"CDi1S-sJcTLGN_RLISKN5H0J54ZfzF6fUEn5kNykLTZrAvj2XV7g4UUOogn"
"1cvjJYRcBVzTzQKcfxbqo2DvymDGFZbQM6pj80rYJ5HFPh2EapjggPN8hXp"
"NlTNDEvC84QFv0lo2E-0nVWQqcyHtXd431O1JH2h5X822zKjXxkaztQSCj9"
"YP7AdAeoxIaWOa3aO1vcwURH2WWaNV-_KXVkPJNzfo9-bGYwblMw_RIqIkN"
"BDayTb8rBuQHTCE_tSEHgoSnkityGpr8j_vgA-Fa-SqmdqUlbklVpwA_Mq_"
"UH7RCaqe91dWxRhS_7c85tFMRFCKOcaRXkwxEpP2LD1AYe8yvVQlr0Se8_d"
"RefuQcC-BECwMW-TCgR3VxAuL7ExNTYe4bhBD8WYXsHP7wDXWX2Q4v7IRzj"
"cfVIdpTNYuWEd69PvXBCuy75hmDniSmS3Xps3ItGU\","
"\"p\":\"961BtLSIZkHO7Vu1KfaA3urcwGpISKJiTSB5Nh6npxJr9mSjzv_f"
"e8VoxCX6CWGY0SEeQNUQ6ceTnAAxkSHtZJQGed598jBtxIexAWEE7oc9s9d"
"b0cWu4QWIVZYXrcOTEWmK1kWN4PXmnnQknrWQF49adn81BaOXqoL-tahe7f"
"faXzXe0RXuohK543ZKbuuHQ2TxqFG7CZpXiH_qn1Syao32u0V3iDFpmmCUV"
"h9O2JCzfo8sAosTrnQwC0pXz3Nvr_9Cnk6bMluJoMrwB1Ywg_DPQ1WvpYHO"
"URezEOqVC8Y3zrko199TMX2COKGNFgutVpnzxs2_h0PyINUmwrY4zQ\","
"\"q\":\"wGQRaxy_gBafbrVJy4f32O0a2FQHzmS--WgHhoteDoF6ZAajLcV0"
"GEvb-AVmFER1Wii62BFaFJOYQIegELvnBFFzD6oHJRX7bM4m36G8J_TC1o9"
"T1IFnxOpaoFDf4JWf2k7DCXClGg_zueyOD8fj8F6j2nqpOfytuLmikHcWMc"
"dGTHTCRtQmvOk3pm0uk2qR0cQb5L3Ocv45tCKr55tMc6Zx3DKkMt1kmUwd2"
"HFfk_0WM6R7q4LNGIjwl8dwiERppLKA8xao9i3jOOdFEfAD-Zqv8H-32cyH"
"Mg6Guo4tPNAYSzcsz8nbEYPtKVVm-PDuM2cx0iaKnS8BIK2XTbzc_Q\""
"}";
/* This is a compact JWE containing the plaintext ra_ptext_1024 for the key
* lws_jwe_ex_a2_jwk_json... produced by test test above running on OpenSSL.
*/
static char *jwe_compact_rsa_cbc_openssl =
"eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0."
"HgQBfAg2IUpExcs74-gtuSOciw6rxh2cc4x9MVRWDZKSvMqoBYKAxl6ebSxGTReHhbvhv2Rm8stKq"
"OIROhWzTNGTQPnSRMzAm9x6ms39hAIGh1KCEZ47MRYkCN7hElfDVtczOCX3ZRsG9_qYEmzcY1aJ-4"
"_LS3yeP0HfqKBmcfvjVLw-KqcUuHp5YXsZEvt28nA9uBlCN0ROWy_2Fs-zlQj8pDMWo5pZrffKTUX"
"gUh_UJ9eC3qNyXtQSqUH-5vDeHPhxNnIJOsmJ5ZUAjxXPm-RJZRC9THg0DzGRZn9IqfP9qcanbcZ8"
"iow7gjFh1EPp3MKlpZqDKbLLei1WZvz2_A."
"q4STtyu4yxZfH1HNDYlYcA."
"_uRfuwWO22_auSqXHORw_e_Q6PmbpC0sv0tefVKsj3Zqnh2qUBlj10kiWBMWoMMjqsClBO0nUoup4"
"c7i1YSqxlCHliXru3athv_EYtg5qvC-z2co9NiFABHCHmBDrhj7CuKN5gqFDt1EbYMLwWtU3gOnQy"
"dvnzfFcQs4_jKi6tRpQzbobrkkZ2p7Y_ltjA1Wmwqrp9O8DGSRnvcomqzGHcshuyxTkjLDzD8TSMR"
"S1kp-miy5eDGAcp-ymWiUKN7gswy5FPjPQYzgs7Vc0n0R1ljepRHJiHaP61z_DKWXrCE6RqAVqnaw"
"TjjVOXXKKF9pz9W7pZL8diLZ0Ueev6xk8wzRRsUChM5toQNzFLXsnzSDQSzfSKpRnLjYvosiEegyx"
"RrwtQwEcNCXRj0aGxG6e_W79JdUJoi4blpTtrAVn_pk7SgRiU3aly1vso5tV_0kvMOcS6Hn38mqRQ"
"PQxbdIpohi8C7FFabluZqGoiji8ZTM3v-2ib2vrBFj1YvoyPG1HXJsABINzo0xOkrMFNfN_oQrCSM"
"Ij49N86GXmYOnu5jtZeSMXZIR2BAXnu0upXMsvtSjU8D-LJJChy0XNYoyuJar5P3YhDStdTfmn0z-"
"XLwaIHWc1L9-rmW9CZey3HxCLKEnr7-FjXsXqzAArsFqn1X_sVR5HRHng5ioc7sUaRoC1S_k0XPVC"
"qCjZvkbRry2cp2313DNwjl8SK-iZA0fVUZVPM7_eZfpEgB3bBTyamtAaqQeES6lcVEtpg176Mlh64"
"3JCAjroJPP4eqAA3JHnDgwlO-XhlLPTNNQ5FMLBC_dp41A-H3HFlbQUR6jX3k_H4Ggqtit50EIye3"
"nnKb3emFn9KVyeZCYaBecYbicEIMKW7sWLbcE_cDGqkHZcMGTOQKRiLp-xwyEu89oDGAcGBYpmC_f"
"iQ2qyFfe6tQK_5nPZbtW2mudiYZ-d0YIURSTp58S_n6w3wLDUEcuZtv-nhCaFVy8oUbAztkBIK6pu"
"VamKhHVLkCtOGIdNJYbLKAedhK1lQVPbrvfcSDPPkhxSx9AjKqhKA3ZPMA_UXQb6p9c33tgi_MdZX"
"-jRGXwGKWBCrv4UjttFLV-a5U7NgxQIIjwfAoutXtYardFw2d5nTJRqBrw06PSqaLzQi616_b-U0g"
"6bWxrFObIWrKODkGfQcXPXIQxW_4Vh6gR2GaHSi_A_5SGH0zsBtYxisbKXLK2HiZJOXBew4-am6c0"
"R1jBh7QtOWpwrYWt0d_xxrWtKezeEp3FkrFkwWCgY9dT1uV8tKUuxeeGqshkrXifT4axttpkbi-qA"
"eG_C6J-H29CPqScclD-A5LIg7k-KmA9hsWrXttAvoCSawNj1tv9JHq0jgP1yZytDW1DkWdCBY0au5"
"4."
"qqYQEaGx-lUHoO43fOXvKQ"
;
static int
test_jwe_r256a128_jwe_openssl(struct lws_context *context)
{
struct lws_jwe jwe;
char temp[2048];
int n, ret = -1, temp_len = sizeof(temp);
lws_jwe_init(&jwe, context);
if (lws_jwk_import(&jwe.jwk, NULL, NULL, (char *)lws_jwe_ex_a2_jwk_json,
strlen((char *)lws_jwe_ex_a2_jwk_json)) < 0) {
lwsl_notice("%s: Failed to decode JWK test key\n", __func__);
goto bail;
}
/* converts a compact serialization to jws b64 + decoded maps */
if (lws_jws_compact_decode((const char *)jwe_compact_rsa_cbc_openssl,
(int)strlen((char *)jwe_compact_rsa_cbc_openssl),
&jwe.jws.map, &jwe.jws.map_b64,
temp, &temp_len) != 5) {
lwsl_err("%s: lws_jws_compact_decode failed\n", __func__);
goto bail;
}
n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len),
&temp_len);
if (n < 0) {
lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n",
__func__);
goto bail;
}
/* allowing for trailing padding, confirm the plaintext */
if (jwe.jws.map.len[LJWE_CTXT] < sizeof(ra_ptext_1024) ||
lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT], ra_ptext_1024,
sizeof(ra_ptext_1024))) {
lwsl_err("%s: plaintext RSA/AES decrypt wrong\n", __func__);
lwsl_hexdump_notice(ra_ptext_1024, sizeof(ra_ptext_1024));
lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT],
jwe.jws.map.len[LJWE_CTXT]);
goto bail;
}
ret = 0;
bail:
lws_jwe_destroy(&jwe);
if (ret)
lwsl_err("%s: selftest failed +++++++++++++++++++\n", __func__);
else
lwsl_notice("%s: selftest OK\n", __func__);
return ret;
}
/* This is a compact JWE containing the plaintext ra_ptext_1024 for the key
* lws_jwe_ex_a2_jwk_json... produced by test test above running on mbedTLS.
*/
static char
*jwe_compact_rsa_cbc_mbedtls =
"eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.Ptg-RZjEhY1dWg7T"
"v72rqRoHXBeory9ePCC5cfASTz8BH7IdSLQcPeBWHQsmd13TXPjo-dxnmkWkx9AyKdvy"
"K0A6oCnsP7KfbGzPwTy5eadpaaDZ3UyXIGmusLgiXGgDZ4d13voirbRQV9nQTPsagG_k"
"FGRI5dKzenG2WcbUhKG-uCmypzYqjNM3LqUzdH42jjjHFOBkmK_sWSZL7Uxqq8s08hkO"
"aXeUQyeM7Z8wm1bsZAvIfGri5LMcBS8P70AyENchlchZpTeACIOWk19ddLPUt-ruEcm0"
"zZV7Gjap7uG06a0m3VyR3vMpKkXnBHQxko-RICU2PDmELVXg0pZWTw.-VaaDaUiynH_t"
"sh2HqKISQ.vVE8j1TQinb4anJk0ArV9ccYdlUIO20vnMa7b-JGfQ7CFi_WVt6xNaqytB"
"QqiTHLtAxBDIV4m9Kwid-8Kcx7BmRqu-memxHztBSvBNOYWVPTxy5I2ORGLNEbPVrFYp"
"c2nm3TnHfr-_2fuw6_HEnyqv_c6ZyzU0-lHZ1pE5Cs-lrjnj4ibNcK6XHhrO3nxUjPMZ"
"rO-2B_tZwCxzKsFAqD_XGROvNGWXEgxgIr09MyuwKJnw2oZ0xOF_d3FVYjK5XMONgWPo"
"lyDmbP_XLSIUXbHmLxpDB5NPLN8SKRHbMV3_qw5rFRlak2C_XlR58P-Im1PQ8gMg7lgE"
"IFz2DrqF4sJA5TYbQG5KCdas0SfONlP1V692dufH5D30RGsiWNSrhiyDmUNC0SeB8VqA"
"bmc02pPGgzZHxa5-_xIHKm4h6fmnZFScjliBQ5W6smxQ6m2Kby0MkOdqlRYFn8qLYLmF"
"vmVNe_Q5-iLNobx-hyyeeExRXfzNOY0HHEKw67ipBWwqA0JGIggCWAFa0fpA-Wt7sNl_"
"gPy96nbwuXIuRoC3wuboUlDp9k2F1vC7VY6R9jdRk1VXT_O3liBIiUIRhZiqZZ75H2RV"
"pLYXGrvL5G9THdRcbsg3XUt-kF4vvGQAdNmPdRmuIG1DfGDmOZnXfrG8ckTvxoKBXdQZ"
"gfwfAQFgeHjltiWZTCSBV4464sn2qLZ1MP3Ku9bOjb72RCpIF60Cqssb8gTQyXQf48ZR"
"OBd242Q7Ae6PePmb_TcnG3jOguNUgmhj8iTU7QUz0uJWpJjMRPJ8vK8SnYEguGHer4qT"
"EocdMzRTTZB-Pr4-Ey0Hm0zeiFvjU0Qy6crjna6SKrgms4VAJT9LiicTYFPsmFBFQ0L1"
"BVDiZ3NTBIv_ajvzRpBNZ0IxEH5t6W3OY0223xUF3cq8c9HhwIxMf9a2-PmZ3mVWIRnU"
"nGegoVkzd2l6el8aw57v5KKYas4-EkovHntCZZ_hkZ1uHtezKq0EvjnT5xGWjPFjOZnh"
"veiozAsaMSSyTny6mcI-hjvcgd--7qlqWpt_BEkp9XVkP2k7eHLM9v4rL6hhk_n6yK3w"
"qKi0xDboxU5xjuBiGKb-E8um1MUEjuLqZanKSBsgU-Vwvw0gx1r-MG6BSlrgUlT2if5k"
"-Wfs6iVdpK7x1zZSsetp3NEjT4DUrfmp_E_CTXhOEP0AgzpQ4Ukx5bFN3gm5gyBZw1E8"
"q20Hs01OBcMJ9wenLEQVMvO_IEIkRNBMWEgoZ148As14LNOgdh1UBrF6W4pAUjYvA3WG"
"Zp7uG9ooDB1RF2aaeBqoLJflqIegsvsfaNNBDJ-U6i_jLG1FSlttEhJVdXll0gMSYlXD"
"O3BBil4eiUPfiksfOmsbwoIxc-3yPTivU3DPM.O_IaktJRbdV66zfhD0LQmw"
;
static int
test_jwe_r256a128_jwe_mbedtls(struct lws_context *context)
{
struct lws_jwe jwe;
char temp[2048];
int n, ret = -1, temp_len = sizeof(temp);
lws_jwe_init(&jwe, context);
if (lws_jwk_import(&jwe.jwk, NULL, NULL, (char *)lws_jwe_ex_a2_jwk_json,
strlen((char *)lws_jwe_ex_a2_jwk_json)) < 0) {
lwsl_notice("%s: Failed to decode JWK test key\n", __func__);
goto bail;
}
/* converts a compact serialization to jws b64 + decoded maps */
if (lws_jws_compact_decode((const char *)jwe_compact_rsa_cbc_mbedtls,
(int)strlen((char *)jwe_compact_rsa_cbc_mbedtls),
&jwe.jws.map, &jwe.jws.map_b64,
temp, &temp_len) != 5) {
lwsl_err("%s: lws_jws_compact_decode failed\n", __func__);
goto bail;
}
n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len),
&temp_len);
if (n < 0) {
lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n",
__func__);
goto bail;
}
/* allowing for trailing padding, confirm the plaintext */
if (jwe.jws.map.len[LJWE_CTXT] < sizeof(ra_ptext_1024) ||
lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT], ra_ptext_1024,
sizeof(ra_ptext_1024))) {
lwsl_err("%s: plaintext RSA/AES decrypt wrong\n", __func__);
lwsl_hexdump_notice(ra_ptext_1024, sizeof(ra_ptext_1024));
lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT],
jwe.jws.map.len[LJWE_CTXT]);
goto bail;
}
ret = 0;
bail:
lws_jwe_destroy(&jwe);
if (ret)
lwsl_err("%s: selftest failed +++++++++++++++++++\n", __func__);
else
lwsl_notice("%s: selftest OK\n", __func__);
return ret;
}
/* A.3. Example JWE Using AES Key Wrap and AES_128_CBC_HMAC_SHA_256
*
* This example encrypts the plaintext "Live long and prosper." to the
* recipient using AES Key Wrap for key encryption and
* AES_128_CBC_HMAC_SHA_256 for content encryption.
*/
/* "Live long and prosper." */
static uint8_t
ex_a3_ptext[] = {
76, 105, 118, 101, 32, 108, 111, 110,
103, 32, 97, 110, 100, 32, 112, 114,
111, 115, 112, 101, 114, 46
},
*ex_a3_compact = (uint8_t *)
"eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0"
"."
"6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ"
"."
"AxY8DCtDaGlsbGljb3RoZQ"
"."
"KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY"
"."
"U0m_YmjN04DJvceFICbCVQ",
*ex_a3_key = (uint8_t *)
"{\"kty\":\"oct\","
"\"k\":\"GawgguFyGrWKav7AX4VKUg\""
"}"
;
static int
test_jwe_a3(struct lws_context *context)
{
struct lws_jwe jwe;
char temp[2048];
int n, ret = -1, temp_len = sizeof(temp);
lws_jwe_init(&jwe, context);
if (lws_jwk_import(&jwe.jwk, NULL, NULL, (char *)ex_a3_key,
strlen((char *)ex_a3_key)) < 0) {
lwsl_notice("%s: Failed to decode JWK test key\n", __func__);
goto bail;
}
/* converts a compact serialization to jws b64 + decoded maps */
if (lws_jws_compact_decode((const char *)ex_a3_compact,
(int)strlen((char *)ex_a3_compact),
&jwe.jws.map, &jwe.jws.map_b64, temp,
&temp_len) != 5) {
lwsl_err("%s: lws_jws_compact_decode failed\n", __func__);
goto bail;
}
n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len),
&temp_len);
if (n < 0) {
lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n",
__func__);
goto bail;
}
/* allowing for trailing padding, confirm the plaintext */
if (jwe.jws.map.len[LJWE_CTXT] < sizeof(ex_a3_ptext) ||
lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT], ex_a3_ptext,
sizeof(ex_a3_ptext))) {
lwsl_err("%s: plaintext AES decrypt wrong\n", __func__);
lwsl_hexdump_notice(ex_a3_ptext, sizeof(ex_a3_ptext));
lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT],
jwe.jws.map.len[LJWE_CTXT]);
goto bail;
}
ret = 0;
bail:
lws_jwe_destroy(&jwe);
if (ret)
lwsl_err("%s: selftest failed +++++++++++++++++++\n", __func__);
else
lwsl_notice("%s: selftest OK\n", __func__);
return ret;
}
/* JWA B.2. Test Cases for AES_192_CBC_HMAC_SHA_384
*
* Unfortunately JWA just gives this test case as hex literals, not
* inside a JWE. So we have to prepare the inputs "by hand".
*/
static uint8_t
jwa_b2_ptext[] = {
0x41, 0x20, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72,
0x20, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x20,
0x6d, 0x75, 0x73, 0x74, 0x20, 0x6e, 0x6f, 0x74,
0x20, 0x62, 0x65, 0x20, 0x72, 0x65, 0x71, 0x75,
0x69, 0x72, 0x65, 0x64, 0x20, 0x74, 0x6f, 0x20,
0x62, 0x65, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65,
0x74, 0x2c, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x69,
0x74, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62,
0x65, 0x20, 0x61, 0x62, 0x6c, 0x65, 0x20, 0x74,
0x6f, 0x20, 0x66, 0x61, 0x6c, 0x6c, 0x20, 0x69,
0x6e, 0x74, 0x6f, 0x20, 0x74, 0x68, 0x65, 0x20,
0x68, 0x61, 0x6e, 0x64, 0x73, 0x20, 0x6f, 0x66,
0x20, 0x74, 0x68, 0x65, 0x20, 0x65, 0x6e, 0x65,
0x6d, 0x79, 0x20, 0x77, 0x69, 0x74, 0x68, 0x6f,
0x75, 0x74, 0x20, 0x69, 0x6e, 0x63, 0x6f, 0x6e,
0x76, 0x65, 0x6e, 0x69, 0x65, 0x6e, 0x63, 0x65
},
jwa_b2_rawkey[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
},
jwa_b2_iv[] = {
0x1a, 0xf3, 0x8c, 0x2d, 0xc2, 0xb9, 0x6f, 0xfd,
0xd8, 0x66, 0x94, 0x09, 0x23, 0x41, 0xbc, 0x04
},
jwa_b2_e[] = {
0xea, 0x65, 0xda, 0x6b, 0x59, 0xe6, 0x1e, 0xdb,
0x41, 0x9b, 0xe6, 0x2d, 0x19, 0x71, 0x2a, 0xe5,
0xd3, 0x03, 0xee, 0xb5, 0x00, 0x52, 0xd0, 0xdf,
0xd6, 0x69, 0x7f, 0x77, 0x22, 0x4c, 0x8e, 0xdb,
0x00, 0x0d, 0x27, 0x9b, 0xdc, 0x14, 0xc1, 0x07,
0x26, 0x54, 0xbd, 0x30, 0x94, 0x42, 0x30, 0xc6,
0x57, 0xbe, 0xd4, 0xca, 0x0c, 0x9f, 0x4a, 0x84,
0x66, 0xf2, 0x2b, 0x22, 0x6d, 0x17, 0x46, 0x21,
0x4b, 0xf8, 0xcf, 0xc2, 0x40, 0x0a, 0xdd, 0x9f,
0x51, 0x26, 0xe4, 0x79, 0x66, 0x3f, 0xc9, 0x0b,
0x3b, 0xed, 0x78, 0x7a, 0x2f, 0x0f, 0xfc, 0xbf,
0x39, 0x04, 0xbe, 0x2a, 0x64, 0x1d, 0x5c, 0x21,
0x05, 0xbf, 0xe5, 0x91, 0xba, 0xe2, 0x3b, 0x1d,
0x74, 0x49, 0xe5, 0x32, 0xee, 0xf6, 0x0a, 0x9a,
0xc8, 0xbb, 0x6c, 0x6b, 0x01, 0xd3, 0x5d, 0x49,
0x78, 0x7b, 0xcd, 0x57, 0xef, 0x48, 0x49, 0x27,
0xf2, 0x80, 0xad, 0xc9, 0x1a, 0xc0, 0xc4, 0xe7,
0x9c, 0x7b, 0x11, 0xef, 0xc6, 0x00, 0x54, 0xe3
},
jwa_b2_a[] = { /* "The second principle of Auguste Kerckhoffs" */
0x54, 0x68, 0x65, 0x20, 0x73, 0x65, 0x63, 0x6f,
0x6e, 0x64, 0x20, 0x70, 0x72, 0x69, 0x6e, 0x63,
0x69, 0x70, 0x6c, 0x65, 0x20, 0x6f, 0x66, 0x20,
0x41, 0x75, 0x67, 0x75, 0x73, 0x74, 0x65, 0x20,
0x4b, 0x65, 0x72, 0x63, 0x6b, 0x68, 0x6f, 0x66,
0x66, 0x73
},
jwa_b2_tag[] = {
0x84, 0x90, 0xac, 0x0e, 0x58, 0x94, 0x9b, 0xfe,
0x51, 0x87, 0x5d, 0x73, 0x3f, 0x93, 0xac, 0x20,
0x75, 0x16, 0x80, 0x39, 0xcc, 0xc7, 0x33, 0xd7
}
;
static int
test_jwa_b2(struct lws_context *context)
{
struct lws_jwe jwe;
int n, ret = -1;
char buf[2048];
lws_jwe_init(&jwe, context);
/*
* normally all this is interpreted from the JWE blob. But we don't
* have JWE test vectors for AES_256_CBC_HMAC_SHA_512, just a standalone
* one. So we have to create it all by hand.
*
* See test_jwe_a3 above for a more normal usage pattern.
*/
lws_jwk_dup_oct(&jwe.jwk, jwa_b2_rawkey, sizeof(jwa_b2_rawkey));
memcpy(buf, jwa_b2_e, sizeof(jwa_b2_e));
jwe.jws.map.buf[LJWE_IV] = (char *)jwa_b2_iv;
jwe.jws.map.len[LJWE_IV] = sizeof(jwa_b2_iv);
jwe.jws.map.buf[LJWE_CTXT] = buf;
jwe.jws.map.len[LJWE_CTXT] = sizeof(jwa_b2_e);
jwe.jws.map.buf[LJWE_ATAG] = (char *)jwa_b2_tag;
jwe.jws.map.len[LJWE_ATAG] = sizeof(jwa_b2_tag);
/*
* Normally this comes from the JOSE header. But this test vector
* doesn't have one... so...
*/
if (lws_gencrypto_jwe_alg_to_definition("A128KW", &jwe.jose.alg))
goto bail;
if (lws_gencrypto_jwe_enc_to_definition("A192CBC-HS384",
&jwe.jose.enc_alg))
goto bail;
n = lws_jwe_auth_and_decrypt_cbc_hs(&jwe, jwa_b2_rawkey,
jwa_b2_a, sizeof(jwa_b2_a));
if (n < 0) {
lwsl_err("%s: lws_jwe_a_cbc_hs_decrypt failed\n", __func__);
goto bail;
}
/* allowing for trailing padding, confirm the plaintext */
if (jwe.jws.map.len[LJWE_CTXT] < sizeof(jwa_b2_ptext) ||
lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT],jwa_b2_ptext,
sizeof(jwa_b2_ptext))) {
lwsl_err("%s: plaintext AES decrypt wrong\n", __func__);
lwsl_hexdump_notice(jwa_b2_ptext, sizeof(jwa_b2_ptext));
lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT],
jwe.jws.map.len[LJWE_CTXT]);
goto bail;
}
ret = 0;
bail:
lws_jwe_destroy(&jwe);
if (ret)
lwsl_err("%s: selftest failed +++++++++++++++++++\n", __func__);
else
lwsl_notice("%s: selftest OK\n", __func__);
return ret;
}
/* JWA B.3. Test Cases for AES_256_CBC_HMAC_SHA_512
*
* Unfortunately JWA just gives this test case as hex literals, not
* inside a JWE. So we have to prepare the inputs "by hand".
*/
static uint8_t
jwa_b3_ptext[] = {
0x41, 0x20, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72,
0x20, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x20,
0x6d, 0x75, 0x73, 0x74, 0x20, 0x6e, 0x6f, 0x74,
0x20, 0x62, 0x65, 0x20, 0x72, 0x65, 0x71, 0x75,
0x69, 0x72, 0x65, 0x64, 0x20, 0x74, 0x6f, 0x20,
0x62, 0x65, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65,
0x74, 0x2c, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x69,
0x74, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62,
0x65, 0x20, 0x61, 0x62, 0x6c, 0x65, 0x20, 0x74,
0x6f, 0x20, 0x66, 0x61, 0x6c, 0x6c, 0x20, 0x69,
0x6e, 0x74, 0x6f, 0x20, 0x74, 0x68, 0x65, 0x20,
0x68, 0x61, 0x6e, 0x64, 0x73, 0x20, 0x6f, 0x66,
0x20, 0x74, 0x68, 0x65, 0x20, 0x65, 0x6e, 0x65,
0x6d, 0x79, 0x20, 0x77, 0x69, 0x74, 0x68, 0x6f,
0x75, 0x74, 0x20, 0x69, 0x6e, 0x63, 0x6f, 0x6e,
0x76, 0x65, 0x6e, 0x69, 0x65, 0x6e, 0x63, 0x65
},
jwa_b3_rawkey[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f
},
jwa_b3_iv[] = {
0x1a, 0xf3, 0x8c, 0x2d, 0xc2, 0xb9, 0x6f, 0xfd,
0xd8, 0x66, 0x94, 0x09, 0x23, 0x41, 0xbc, 0x04
},
jwa_b3_e[] = {
0x4a, 0xff, 0xaa, 0xad, 0xb7, 0x8c, 0x31, 0xc5,
0xda, 0x4b, 0x1b, 0x59, 0x0d, 0x10, 0xff, 0xbd,
0x3d, 0xd8, 0xd5, 0xd3, 0x02, 0x42, 0x35, 0x26,
0x91, 0x2d, 0xa0, 0x37, 0xec, 0xbc, 0xc7, 0xbd,
0x82, 0x2c, 0x30, 0x1d, 0xd6, 0x7c, 0x37, 0x3b,
0xcc, 0xb5, 0x84, 0xad, 0x3e, 0x92, 0x79, 0xc2,
0xe6, 0xd1, 0x2a, 0x13, 0x74, 0xb7, 0x7f, 0x07,
0x75, 0x53, 0xdf, 0x82, 0x94, 0x10, 0x44, 0x6b,
0x36, 0xeb, 0xd9, 0x70, 0x66, 0x29, 0x6a, 0xe6,
0x42, 0x7e, 0xa7, 0x5c, 0x2e, 0x08, 0x46, 0xa1,
0x1a, 0x09, 0xcc, 0xf5, 0x37, 0x0d, 0xc8, 0x0b,
0xfe, 0xcb, 0xad, 0x28, 0xc7, 0x3f, 0x09, 0xb3,
0xa3, 0xb7, 0x5e, 0x66, 0x2a, 0x25, 0x94, 0x41,
0x0a, 0xe4, 0x96, 0xb2, 0xe2, 0xe6, 0x60, 0x9e,
0x31, 0xe6, 0xe0, 0x2c, 0xc8, 0x37, 0xf0, 0x53,
0xd2, 0x1f, 0x37, 0xff, 0x4f, 0x51, 0x95, 0x0b,
0xbe, 0x26, 0x38, 0xd0, 0x9d, 0xd7, 0xa4, 0x93,
0x09, 0x30, 0x80, 0x6d, 0x07, 0x03, 0xb1, 0xf6,
},
jwa_b3_a[] = { /* "The second principle of Auguste Kerckhoffs" */
0x54, 0x68, 0x65, 0x20, 0x73, 0x65, 0x63, 0x6f,
0x6e, 0x64, 0x20, 0x70, 0x72, 0x69, 0x6e, 0x63,
0x69, 0x70, 0x6c, 0x65, 0x20, 0x6f, 0x66, 0x20,
0x41, 0x75, 0x67, 0x75, 0x73, 0x74, 0x65, 0x20,
0x4b, 0x65, 0x72, 0x63, 0x6b, 0x68, 0x6f, 0x66,
0x66, 0x73
},
jws_b3_tag[] = {
0x4d, 0xd3, 0xb4, 0xc0, 0x88, 0xa7, 0xf4, 0x5c,
0x21, 0x68, 0x39, 0x64, 0x5b, 0x20, 0x12, 0xbf,
0x2e, 0x62, 0x69, 0xa8, 0xc5, 0x6a, 0x81, 0x6d,
0xbc, 0x1b, 0x26, 0x77, 0x61, 0x95, 0x5b, 0xc5
}
;
static int
test_jwa_b3(struct lws_context *context)
{
struct lws_jwe jwe;
char buf[2048];
int n, ret = -1;
lws_jwe_init(&jwe, context);
/*
* normally all this is interpreted from the JWE blob. But we don't
* have JWE test vectors for AES_256_CBC_HMAC_SHA_512, just a standalone
* one. So we have to create it all by hand.
*
* See test_jwe_a3 above for a more normal usage pattern.
*/
lws_jwk_dup_oct(&jwe.jwk, jwa_b3_rawkey, sizeof(jwa_b3_rawkey));
memcpy(buf, jwa_b3_e, sizeof(jwa_b3_e));
jwe.jws.map.buf[LJWE_IV] = (char *)jwa_b3_iv;
jwe.jws.map.len[LJWE_IV] = sizeof(jwa_b3_iv);
jwe.jws.map.buf[LJWE_CTXT] = buf;
jwe.jws.map.len[LJWE_CTXT] = sizeof(jwa_b3_e);
jwe.jws.map.buf[LJWE_ATAG] = (char *)jws_b3_tag;
jwe.jws.map.len[LJWE_ATAG] = sizeof(jws_b3_tag);
/*
* Normally this comes from the JOSE header. But this test vector
* doesn't feature one...
*/
if (lws_gencrypto_jwe_alg_to_definition("A128KW", &jwe.jose.alg))
goto bail;
if (lws_gencrypto_jwe_enc_to_definition("A256CBC-HS512",
&jwe.jose.enc_alg))
goto bail;
n = lws_jwe_auth_and_decrypt_cbc_hs(&jwe, jwa_b3_rawkey,
jwa_b3_a, sizeof(jwa_b3_a));
if (n < 0) {
lwsl_err("%s: lws_jwe_a_cbc_hs_decrypt failed\n", __func__);
goto bail;
}
/* allowing for trailing padding, confirm the plaintext */
if (jwe.jws.map.len[LJWE_CTXT] < sizeof(jwa_b3_ptext) ||
lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT],jwa_b3_ptext,
sizeof(jwa_b3_ptext))) {
lwsl_err("%s: plaintext AES decrypt wrong\n", __func__);
lwsl_hexdump_notice(jwa_b3_ptext, sizeof(jwa_b3_ptext));
lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT],
jwe.jws.map.len[LJWE_CTXT]);
goto bail;
}
ret = 0;
bail:
lws_jwe_destroy(&jwe);
if (ret)
lwsl_err("%s: selftest failed ++++++++++++++++++++\n", __func__);
else
lwsl_notice("%s: selftest OK\n", __func__);
return ret;
}
/* JWA C. Example ECDH-ES Key Agreement Computation
*
* This example uses ECDH-ES Key Agreement and the Concat KDF to derive
* the CEK in the manner described in Section 4.6. In this example, the
* ECDH-ES Direct Key Agreement mode ("alg" value "ECDH-ES") is used to
* produce an agreed-upon key for AES GCM with a 128-bit key ("enc"
* value "A128GCM").
*
* In this example, a producer Alice is encrypting content to a consumer
* Bob. The producer (Alice) generates an ephemeral key for the key
* agreement computation.
*
* JWA Appendix C where this comes from ONLY goes as far as to confirm the
* direct derived key, it doesn't do any AES128-GCM.
*/
static const char
*ex_jwa_c_jose =
"{\"alg\":\"ECDH-ES\","
"\"enc\":\"A128GCM\","
"\"apu\":\"QWxpY2U\"," /* b64u("Alice") */
"\"apv\":\"Qm9i\"," /* b64u("Bob") */
"\"epk\":" /* public part of A's ephemeral key */
"{\"kty\":\"EC\","
"\"crv\":\"P-256\","
"\"x\":\"gI0GAILBdu7T53akrFmMyGcsF3n5dO7MmwNBHKW5SV0\","
"\"y\":\"SLW_xSffzlPWrHEVI30DHM_4egVwt3NQqeUD7nMFpps\""
"}"
"}"
;
static uint8_t
ex_jwa_c_z[] = {
158, 86, 217, 29, 129, 113, 53, 211,
114, 131, 66, 131, 191, 132, 38, 156,
251, 49, 110, 163, 218, 128, 106, 72,
246, 218, 167, 121, 140, 254, 144, 196
},
ex_jwa_c_derived_key[] = {
86, 170, 141, 234, 248, 35, 109, 32,
92, 34, 40, 205, 113, 167, 16, 26
};
static int
test_jwa_c(struct lws_context *context)
{
struct lws_jwe jwe;
char temp[2048], *p;
int ret = -1, temp_len = sizeof(temp);
lws_jwe_init(&jwe, context);
/*
* again the JWA Appendix C test vectors are not in the form of a
* complete JWE, but just the JWE JOSE header, so we must fake up the
* pieces and perform just the (normally internal) key agreement step
* for this test.
*
* See test_jwe_a3 above for a more normal usage pattern.
*/
if (lws_jwe_parse_jose(&jwe.jose, ex_jwa_c_jose, (int)strlen(ex_jwa_c_jose),
temp, &temp_len) < 0) {
lwsl_err("%s: JOSE parse failed\n", __func__);
goto bail;
}
/*
* The ephemeral key has been parsed into a jwk "jwe.jose.jwk_ephemeral"
*
* In this example, the ECDH-ES Direct Key Agreement mode ("alg" value
* "ECDH-ES") is used to produce an agreed-upon key for AES GCM with a
* 128-bit key ("enc" value "A128GCM").
*/
p = lws_concat_temp(temp, temp_len);
if (lws_jwa_concat_kdf(&jwe, 1, (uint8_t *)p,
ex_jwa_c_z, sizeof(ex_jwa_c_z))) {
lwsl_err("%s: lws_jwa_concat_kdf failed\n", __func__);
goto bail;
}
/* allowing for trailing padding, confirm the plaintext */
if (lws_timingsafe_bcmp(p, ex_jwa_c_derived_key,
sizeof(ex_jwa_c_derived_key))) {
lwsl_err("%s: ECDH-ES direct derived key wrong\n", __func__);
lwsl_hexdump_notice(ex_jwa_c_derived_key,
sizeof(ex_jwa_c_derived_key));
lwsl_hexdump_notice(p, sizeof(ex_jwa_c_derived_key));
goto bail;
}
ret = 0;
bail:
lws_jwe_destroy(&jwe);
if (ret)
lwsl_err("%s: selftest failed +++++++++++++++++++\n", __func__);
else
lwsl_notice("%s: selftest OK\n", __func__);
return ret;
}
/*
* ECDH-ES Homebrew Encryption test
*/
static const char
/* peer key */
*ecdhes_t1_peer_p256_public_key = /* as below but with d removed */
"{"
"\"crv\":\"P-256\","
"\"kty\":\"EC\","
"\"x\":\"ySlIGttmXG80WPjDO01QaXg7oAzW3NE-a-GF0NDGk_E\","
"\"y\":\"i08k5z4ppqgtnLK8lh5qw4qp2FhxPdGjovgilajluuw\""
"}",
*ecdhes_t1_peer_p256_private_key = /* created by ./lws-crypto-jwk -t EC */
"{"
"\"crv\":\"P-256\","
"\"d\":\"ldszv0_cGFMkjxaPspGCP6X0NAaVCVeK48oH4RzT2T0\","
"\"kty\":\"EC\","
"\"x\":\"ySlIGttmXG80WPjDO01QaXg7oAzW3NE-a-GF0NDGk_E\","
"\"y\":\"i08k5z4ppqgtnLK8lh5qw4qp2FhxPdGjovgilajluuw\""
"}",
*ecdhes_t1_peer_p384_public_key = /* as below but with d removed */
"{\"crv\":\"P-384\","
"\"kty\":\"EC\","
"\"x\":\"injKcygDoG1AuP044ct88r_2DNinHr1CGqy4q2Sy5yo034Y"
"7yQ5_NT-lEUXrzlIW\","
"\"y\":\"y52QaJLhVm-ts8xa1jL8GkmwGm_dX6xV1PSq4s3pbwx2Hu9"
"X29z5WYcTPFOCPtwJ\"}",
*ecdhes_t1_peer_p384_private_key = /* created by ./lws-crypto-jwk -t EC -v "P-384" */
"{\"crv\":\"P-384\","
"\"d\":\"jYGze6ZwZxrflVx_I2lYWNf9GkfbeQNRwQCdtZhBlb85lk-"
"SAvaZuNiRUs_eWmPQ\","
"\"kty\":\"EC\","
"\"x\":\"injKcygDoG1AuP044ct88r_2DNinHr1CGqy4q2Sy5yo034Y"
"7yQ5_NT-lEUXrzlIW\","
"\"y\":\"y52QaJLhVm-ts8xa1jL8GkmwGm_dX6xV1PSq4s3pbwx2Hu9"
"X29z5WYcTPFOCPtwJ\"}",
*ecdhes_t1_peer_p521_public_key = /* as below but with d removed */
"{\"crv\":\"P-521\","
"\"kty\":\"EC\","
"\"x\":\"AYe0gAkPzzjeQW5Ek9tVrWdfi0u6k7LVUru-b2x7V9EM3d"
"L4SbQiS1p2j2gmZ2a6aDoKDRU_2E4u9EQrlswlty-g\","
"\"y\":\"AEAIIRkVL0WhtDlDSM7dciBtL1dOo5UPiW7ixIOv5K75Mo"
"uFNWO7cFmcxaCOn9459ex0giVyptmX_956C_DWabG6\"}",
*ecdhes_t1_peer_p521_private_key = /* created by ./lws-crypto-jwk -t EC -v "P-521" */
"{\"crv\":\"P-521\","
"\"d\":\"AUer7_-qJtQtDWN6CMeGB20rzTa648kpsfidTOu3lnn6__"
"yOXkMj1yTYUBjVOnUjGHiTU1rCGsw4CyF-1nDRe7SM\","
"\"kty\":\"EC\","
"\"x\":\"AYe0gAkPzzjeQW5Ek9tVrWdfi0u6k7LVUru-b2x7V9EM3d"
"L4SbQiS1p2j2gmZ2a6aDoKDRU_2E4u9EQrlswlty-g\","
"\"y\":\"AEAIIRkVL0WhtDlDSM7dciBtL1dOo5UPiW7ixIOv5K75Mo"
"uFNWO7cFmcxaCOn9459ex0giVyptmX_956C_DWabG6\"}",
*ecdhes_t1_jose_hdr_es_128 =
"{\"alg\":\"ECDH-ES\",\"enc\":\"A128CBC-HS256\"}",
*ecdhes_t1_jose_hdr_es_192 =
"{\"alg\":\"ECDH-ES\",\"enc\":\"A192CBC-HS384\"}",
*ecdhes_t1_jose_hdr_es_256 =
"{\"alg\":\"ECDH-ES\",\"enc\":\"A256CBC-HS512\"}",
*ecdhes_t1_jose_hdr_esakw128_128 =
"{\"alg\":\"ECDH-ES+A128KW\",\"enc\":\"A128CBC-HS256\"}",
*ecdhes_t1_jose_hdr_esakw192_192 =
"{\"alg\":\"ECDH-ES+A192KW\",\"enc\":\"A192CBC-HS384\"}",
*ecdhes_t1_jose_hdr_esakw256_256 =
"{\"alg\":\"ECDH-ES+A256KW\",\"enc\":\"A256CBC-HS512\"}",
*ecdhes_t1_plaintext =
"This test plaintext is exactly 64 bytes long when unencrypted..."
;
static int
test_ecdhes_t1(struct lws_context *context, const char *jose_hdr,
const char *peer_pubkey, const char *peer_privkey)
{
char temp[3072], compact[2048];
int n, ret = -1, temp_len = sizeof(temp);
struct lws_jwe jwe;
lws_jwe_init(&jwe, context);
/* read and interpret our canned JOSE header, setting the algorithm */
if (lws_jws_dup_element(&jwe.jws.map, LJWS_JOSE,
lws_concat_temp(temp, temp_len), &temp_len,
jose_hdr, strlen(jose_hdr), 0))
goto bail;
if (lws_jwe_parse_jose(&jwe.jose, jose_hdr, (int)strlen(jose_hdr),
temp, &temp_len) < 0) {
lwsl_err("%s: JOSE parse failed\n", __func__);
goto bail;
}
/* for ecdh-es encryption, we need the peer's pubkey */
if (lws_jwk_import(&jwe.jwk, NULL, NULL, (char *)peer_pubkey,
strlen((char *)peer_pubkey)) < 0) {
lwsl_notice("%s: Failed to decode JWK test key\n", __func__);
goto bail;
}
/*
* dup the plaintext into the ciphertext element, it will be
* encrypted in-place to a ciphertext of the same length + padding
*/
if (lws_jws_dup_element(&jwe.jws.map, LJWE_CTXT,
lws_concat_temp(temp, temp_len), &temp_len,
ecdhes_t1_plaintext,
strlen(ecdhes_t1_plaintext),
lws_gencrypto_padded_length(LWS_AES_CBC_BLOCKLEN,
strlen(ecdhes_t1_plaintext)))) {
lwsl_notice("%s: Not enough temp space for ptext\n", __func__);
goto bail;
}
/*
* perform the actual encryption
*/
n = lws_jwe_encrypt(&jwe, lws_concat_temp(temp, temp_len), &temp_len);
if (n < 0) {
lwsl_err("%s: lws_jwe_encrypt failed\n", __func__);
goto bail;
}
/*
* format for output
*/
n = lws_jwe_render_flattened(&jwe, compact, sizeof(compact));
if (n < 0) {
lwsl_err("%s: lws_jwe_render_compact failed: %d\n",
__func__, n);
goto bail;
}
// puts(compact);
n = lws_jwe_render_compact(&jwe, compact, sizeof(compact));
if (n < 0) {
lwsl_err("%s: lws_jwe_render_compact failed: %d\n",
__func__, n);
goto bail;
}
// puts(compact);
/* okay, let's try to decrypt the whole thing, as the recipient
* getting the compact. jws->jwk needs to be our private key. */
lws_jwe_destroy(&jwe);
temp_len = sizeof(temp);
lws_jwe_init(&jwe, context);
if (lws_jwk_import(&jwe.jwk, NULL, NULL, (char *)peer_privkey,
strlen((char *)peer_privkey)) < 0) {
lwsl_notice("%s: Failed to decode JWK test key\n", __func__);
goto bail;
}
/* converts a compact serialization to jws b64 + decoded maps */
if (lws_jws_compact_decode(compact, (int)strlen(compact), &jwe.jws.map,
&jwe.jws.map_b64, temp, &temp_len) != 5) {
lwsl_err("%s: lws_jws_compact_decode failed\n", __func__);
goto bail;
}
n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len),
&temp_len);
if (n < 0) {
lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n",
__func__);
goto bail;
}
ret = 0;
bail:
lws_jwe_destroy(&jwe);
if (ret)
lwsl_err("%s: %s selftest failed +++++++++++++++++++\n",
__func__, jose_hdr);
else
lwsl_notice("%s: %s selftest OK\n", __func__, jose_hdr);
return ret;
}
/* AES Key Wrap and AES_XXX_CBC_HMAC_SHA_YYY variations
*
* These were created using the node-jose node.js package
*/
static const char
*akw_ptext = "plaintext0123456",
*akw_ct_128_128 = "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Ii"
"wia2lkIjoiLTRXTEpQNWNrYUxBUFFFNXkwYXhLT0JUSTlFTngxUXBCa0toNkdOY2loOC"
"J9.h6oNSEgz3LwIMndEkPEa8H7_5zy0hh8TaU_1yWoNtu4Dh_WJpEgx9g.j7TYjj8wB0"
"RS6rclTWYmqw.zm3tPzuWhXoD7IsAWbA0xz-AJXvE9gydWPRBTaO40sQ.Okf7ttWDLPM"
"wIj1kUyUO_A",
*akw_ct_128_192 = "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTkyQ0JDLUhTMzg0Ii"
"wia2lkIjoiLTRXTEpQNWNrYUxBUFFFNXkwYXhLT0JUSTlFTngxUXBCa0toNkdOY2loOC"
"J9.XkRTu4nP3b0KZxXjkjdHEnbf6AWZUmFvpsqZLuLxKcrONqDUsnYasnVuo6U0QKRUm"
"cyBRtSPGW4.MzNxxoOp8JR2AHoLNve-vw.rdxgo6InRAxk3afG02_75l58u5m6KYHd3h"
"LH16ksnZE.v7BLKaRZIwhUPhhBRTd8yPwH0xa1fOft",
*akw_ct_128_256 = "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIi"
"wia2lkIjoiLTRXTEpQNWNrYUxBUFFFNXkwYXhLT0JUSTlFTngxUXBCa0toNkdOY2loOC"
"J9.mueR-8XzXs2RyvzzvghpIpGS1mGl7vkSjJDF5zqhH8-ektBpCXSd7R7MS5nh2-Xf_"
"8XDym1gn1QEQh5bDI3GPESnSN1TJR-h.g6plL_5L2BD8wcjZS7X79A.UTndfTFhGFaVZ"
"vWqPkV7dN00gckesd_7UylosVDqjwU.-rgi0jkYuCZDMwUVLxN6e6x8fXw2U0u4-vL8u"
"Kb__S8",
*akw_ct_192_128 = "eyJhbGciOiJBMTkyS1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Ii"
"wia2lkIjoiai10RWp2Q2JyNVlUZWtKUXlES3kyQXh5cjBWeUlUWXk4S3IycjB0cy1USS"
"J9.mEURnj2NvPa3TU0uR8mcm2cMd33Y6iYYZ_LFrYS_Gz49gcdxZpdk1Q.v3csq81X9o"
"mI-bcp6i-FTQ.EgroRqmqNfeH7XC9msLap1IGcqvc09SlnI4PO6RQqS0.hDi57mXD3vX"
"dx2r4Kwnv9w",
*akw_ct_192_192 = "eyJhbGciOiJBMTkyS1ciLCJlbmMiOiJBMTkyQ0JDLUhTMzg0Ii"
"wia2lkIjoiai10RWp2Q2JyNVlUZWtKUXlES3kyQXh5cjBWeUlUWXk4S3IycjB0cy1USS"
"J9.QHgtusQdP7Zvw9tsCZNkJyEmzg6KUaaIyTb2BXB0ng9mxSUIQ7y_6oqasYKBUJgBn"
"Koru-3CXOE.ZZXcGY35mmlAb4-IgA5XlQ.AuG2GRPeYJ80_4XoYAUgXbVY65ZQ689Grn"
"x8RCNQdfc.UjfgDr4z3PGQBdftWT2gqx1Egfd9PUR4",
*akw_ct_192_256 = "eyJhbGciOiJBMTkyS1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIi"
"wia2lkIjoiai10RWp2Q2JyNVlUZWtKUXlES3kyQXh5cjBWeUlUWXk4S3IycjB0cy1USS"
"J9.G6DziymYyU3-6unIa-Oz-0lksH05OJFDZKkFuShMuoazEMZ5ZH2S_65qD-pjpf8aN"
"2thOVOYT0mdtgFM0ARUfx8ZLhRFCcn1.yEKK4eARZIo9WtGVcQmgDQ.ovan2NXDmt_Ka"
"SsVJmhIMQqVz6meqz1oExfVcY8vdzA.R3T4lQIKX5cc2Ktv42e9u5PR--v_w2uK7F4Wp"
"Sr5SQ8",
*akw_ct_256_128 = "eyJhbGciOiJBMjU2S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Ii"
"wia2lkIjoiSDVwSzRRUU81U0tHbDA3UXhIdk9YMzVqS2FJbzA2NXVLdWRubVZFZVpJYy"
"J9.ZLWrz5CE7Iav2db37VL9ZABeaRVrV9af-7-46Loc9M2D0SPSNtsxpg.ktk-VU8-5b"
"XRvW_A6IqDjQ.xZVIglOhadDBHUYuxPx6Wr_YzOo0qCDH24xVe58qP9Q.pO_tME930wO"
"u5fNJ8ubGrw",
*akw_ct_256_192 = "eyJhbGciOiJBMjU2S1ciLCJlbmMiOiJBMTkyQ0JDLUhTMzg0Ii"
"wia2lkIjoiSDVwSzRRUU81U0tHbDA3UXhIdk9YMzVqS2FJbzA2NXVLdWRubVZFZVpJYy"
"J9.fcblAVZ7VOXtyhymqxDBr-zgvId18p3AURNbhH5FmAvKNuUVU37xPkz6BrFopLP0J"
"jqXaTyyg1s.fprTe2e0esH2w7EnLEgBZQ.g1BI0U1aKSM_JBEp9jC4BxBaFXVG5BW4nl"
"bhX1MDeLo.XOLanrIkitLLDRONnfM05avahl_lJ_UY",
*akw_ct_256_256 = "eyJhbGciOiJBMjU2S1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIi"
"wia2lkIjoiSDVwSzRRUU81U0tHbDA3UXhIdk9YMzVqS2FJbzA2NXVLdWRubVZFZVpJYy"
"J9.SpizfgtzQLJCCnYnUmNfiMMTyL8iIDi8OyUDrO00KJtfwJdNAcs-NuYQkLKx6PlDJ"
"IGjucT4-IuA8k_Oc752kq1BzTHMZ-Mo.go-e8xpQoCmLD5RBQw7ruA.WqkEdM6T1_z5F"
"C-8eGQfGjos7cHPy1ecZk1Ep-TYgXo.bZVHhIpe2PbjguQlK_afkYDlVmEtRAe3LUJUX"
"4STOtU",
*akw_key_128 = "{\"k\":\"JjVJVh8JsXvKf9qgHHWWBA\",\"kty\":\"oct\"}",
*akw_key_192 = "{\"k\":\"BYF6urCMDRMKFXXRxXrDSVtW71AUZghj\",\"kty\":\"oct\"}",
*akw_key_256 = "{\"k\":\"cSHyZXGEfnlgKud21cM6tAxRyXnK6xbWRTsyLUegTMk\",\"kty\":\"oct\"}"
;
static int
test_akw_decrypt(struct lws_context *context, const char *test_name,
const char *ciphertext, const char *key)
{
struct lws_jwe jwe;
char temp[2048];
int n, ret = -1, temp_len = sizeof(temp);
lws_jwe_init(&jwe, context);
if (lws_jwk_import(&jwe.jwk, NULL, NULL, key, strlen(key)) < 0) {
lwsl_notice("%s: Failed to decode JWK test key\n", __func__);
goto bail;
}
/* converts a compact serialization to jws b64 + decoded maps */
if (lws_jws_compact_decode(ciphertext, (int)strlen(ciphertext),
&jwe.jws.map, &jwe.jws.map_b64,
temp, &temp_len) != 5) {
lwsl_err("%s: lws_jws_compact_decode failed\n", __func__);
goto bail;
}
n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len), &temp_len);
if (n < 0) {
lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n",
__func__);
goto bail;
}
/* allowing for trailing padding, confirm the plaintext */
if (jwe.jws.map.len[LJWE_CTXT] < strlen(akw_ptext) ||
lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT], akw_ptext,
(uint32_t)strlen(akw_ptext))) {
lwsl_err("%s: plaintext AES decrypt wrong\n", __func__);
lwsl_hexdump_notice(akw_ptext, strlen(akw_ptext));
lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT],
jwe.jws.map.len[LJWE_CTXT]);
goto bail;
}
ret = 0;
bail:
lws_jwe_destroy(&jwe);
if (ret)
lwsl_err("%s: selftest %s failed +++++++++++++++++++\n",
__func__, test_name);
else
lwsl_notice("%s: selftest %s OK\n", __func__, test_name);
return ret;
}
static int
test_akw_encrypt(struct lws_context *context, const char *test_name,
const char *alg, const char *enc, const char *ciphertext,
const char *key, char *compact, int compact_len)
{
struct lws_jwe jwe;
char temp[4096];
int ret = -1, n, temp_len = sizeof(temp);
lws_jwe_init(&jwe, context);
if (lws_jwk_import(&jwe.jwk, NULL, NULL, key, strlen(key)) < 0) {
lwsl_notice("%s: Failed to decode JWK test key\n", __func__);
goto bail;
}
if (lws_gencrypto_jwe_alg_to_definition(alg, &jwe.jose.alg)) {
lwsl_err("Unknown cipher alg %s\n", alg);
goto bail;
}
if (lws_gencrypto_jwe_enc_to_definition(enc, &jwe.jose.enc_alg)) {
lwsl_err("Unknown payload enc alg %s\n", enc);
goto bail;
}
/* we require a JOSE-formatted header to do the encryption */
jwe.jws.map.buf[LJWS_JOSE] = temp;
jwe.jws.map.len[LJWS_JOSE] = (uint32_t)lws_snprintf(temp, (unsigned int)temp_len,
"{\"alg\":\"%s\", \"enc\":\"%s\"}", alg, enc);
temp_len -= (int)jwe.jws.map.len[LJWS_JOSE];
/*
* dup the plaintext into the ciphertext element, it will be
* encrypted in-place to a ciphertext of the same length + padding
*/
if (lws_jws_dup_element(&jwe.jws.map, LJWE_CTXT,
lws_concat_temp(temp, temp_len), &temp_len,
akw_ptext, strlen(akw_ptext),
lws_gencrypto_padded_length(LWS_AES_CBC_BLOCKLEN,
strlen(akw_ptext)))) {
lwsl_notice("%s: Not enough temp space for ptext\n", __func__);
goto bail;
}
/* CEK size is determined by hash / hmac size */
n = lws_gencrypto_bits_to_bytes(jwe.jose.enc_alg->keybits_fixed);
if (lws_jws_randomize_element(context, &jwe.jws.map, LJWE_EKEY,
lws_concat_temp(temp, temp_len),
&temp_len, (unsigned int)n,
LWS_JWE_LIMIT_KEY_ELEMENT_BYTES)) {
lwsl_err("Problem getting random\n");
goto bail;
}
n = lws_jwe_encrypt(&jwe, lws_concat_temp(temp, temp_len),
&temp_len);
if (n < 0) {
lwsl_err("%s: lws_jwe_encrypt failed\n", __func__);
goto bail;
}
n = lws_jwe_render_compact(&jwe, compact, (unsigned int)compact_len);
if (n < 0) {
lwsl_err("%s: lws_jwe_render_compact failed: %d\n",
__func__, n);
goto bail;
}
ret = 0;
bail:
lws_jwe_destroy(&jwe);
if (ret)
lwsl_err("%s: selftest %s failed +++++++++++++++++++\n",
__func__, test_name);
else
lwsl_notice("%s: selftest %s OK\n", __func__, test_name);
return ret;
}
/*
* Check we can handle multi-recipient JWE
*/
static char *complete =
"{"
"\"protected\":"
"\"eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0\","
"\"unprotected\":"
"{\"jku\":\"https://server.example.com/keys.jwks\"},"
"\"recipients\":["
"{\"header\":"
"{\"alg\":\"RSA1_5\",\"kid\":\"2011-04-29\"},"
"\"encrypted_key\":"
"\"UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-"
"kFm1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKx"
"GHZ7PcHALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3"
"YvkkysZIFNPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPh"
"cCdZ6XDP0_F8rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPg"
"wCp6X-nZZd9OHBv-B3oWh2TbqmScqXMR4gp_A\"},"
"{\"header\":"
"{\"alg\":\"A128KW\",\"kid\":\"7\"},"
"\"encrypted_key\":"
"\"6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ\"}],"
"\"iv\":"
"\"AxY8DCtDaGlsbGljb3RoZQ\","
"\"ciphertext\":"
"\"KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY\","
"\"tag\":"
"\"Mz-VPPyU4RlcuYv1IwIvzw\""
"}\""
;
static int
test_jwe_json_complete(struct lws_context *context)
{
struct lws_jwe jwe;
char temp[4096];
int ret = -1, temp_len = sizeof(temp);
lws_jwe_init(&jwe, context);
if (lws_jwe_parse_jose(&jwe.jose, complete, (int)strlen(complete),
temp, &temp_len) < 0) {
lwsl_err("%s: JOSE parse failed\n", __func__);
goto bail;
}
if (jwe.jose.recipients != 2) {
lwsl_err("%s: wrong recipients count %d\n", __func__,
jwe.jose.recipients);
goto bail;
}
ret = 0;
bail:
lws_jwe_destroy(&jwe);
if (ret)
lwsl_err("%s: selftest failed +++++++++++++++++++\n",
__func__);
else
lwsl_notice("%s: selftest OK\n", __func__);
return ret;
}
int
test_jwe(struct lws_context *context)
{
char compact[4096];
int n = 0;
n |= test_jwe_json_complete(context);
n |= test_ecdhes_t1(context, ecdhes_t1_jose_hdr_es_128,
ecdhes_t1_peer_p256_public_key,
ecdhes_t1_peer_p256_private_key);
n |= test_ecdhes_t1(context, ecdhes_t1_jose_hdr_es_192,
ecdhes_t1_peer_p384_public_key,
ecdhes_t1_peer_p384_private_key);
n |= test_ecdhes_t1(context, ecdhes_t1_jose_hdr_es_256,
ecdhes_t1_peer_p521_public_key,
ecdhes_t1_peer_p521_private_key);
n |= test_ecdhes_t1(context, ecdhes_t1_jose_hdr_esakw128_128,
ecdhes_t1_peer_p256_public_key,
ecdhes_t1_peer_p256_private_key);
n |= test_ecdhes_t1(context, ecdhes_t1_jose_hdr_esakw192_192,
ecdhes_t1_peer_p384_public_key,
ecdhes_t1_peer_p384_private_key);
n |= test_ecdhes_t1(context, ecdhes_t1_jose_hdr_esakw256_256,
ecdhes_t1_peer_p521_public_key,
ecdhes_t1_peer_p521_private_key);
n |= test_jwe_a1(context);
n |= test_jwe_a2(context);
n |= test_jwe_ra_ptext_1024(context, (char *)lws_jwe_ex_a2_jwk_json,
(int)strlen((char *)lws_jwe_ex_a2_jwk_json));
n |= test_jwe_r256a192_ptext(context, (char *)lws_jwe_ex_a2_jwk_json,
(int)strlen((char *)lws_jwe_ex_a2_jwk_json));
n |= test_jwe_r256a256_ptext(context, (char *)lws_jwe_ex_a2_jwk_json,
(int)strlen((char *)lws_jwe_ex_a2_jwk_json));
n |= test_jwe_ra_ptext_1024(context, (char *)rsa_key_2048,
(int)strlen((char *)rsa_key_2048));
n |= test_jwe_r256a192_ptext(context, (char *)rsa_key_2048,
(int)strlen((char *)rsa_key_2048));
n |= test_jwe_r256a256_ptext(context, (char *)rsa_key_2048,
(int)strlen((char *)rsa_key_2048));
n |= test_jwe_ra_ptext_1024(context, (char *)rsa_key_4096,
(int)strlen((char *)rsa_key_4096));
n |= test_jwe_r256a192_ptext(context, (char *)rsa_key_4096,
(int)strlen((char *)rsa_key_4096));
n |= test_jwe_r256a256_ptext(context, (char *)rsa_key_4096,
(int)strlen((char *)rsa_key_4096));
n |= test_jwe_ra_ptext_1024(context, (char *)rsa_key_4096_no_optional,
(int)strlen((char *)rsa_key_4096_no_optional));
n |= test_jwe_r256a192_ptext(context, (char *)rsa_key_4096_no_optional,
(int)strlen((char *)rsa_key_4096_no_optional));
n |= test_jwe_r256a256_ptext(context, (char *)rsa_key_4096_no_optional,
(int)strlen((char *)rsa_key_4096_no_optional));
/* AESKW decrypt all variations */
n |= test_akw_decrypt(context, "d-a128kw_128", akw_ct_128_128, akw_key_128);
n |= test_akw_decrypt(context, "d-a128kw_192", akw_ct_128_192, akw_key_128);
n |= test_akw_decrypt(context, "d-a128kw_256", akw_ct_128_256, akw_key_128);
n |= test_akw_decrypt(context, "d-a192kw_128", akw_ct_192_128, akw_key_192);
n |= test_akw_decrypt(context, "d-a192kw_192", akw_ct_192_192, akw_key_192);
n |= test_akw_decrypt(context, "d-a192kw_256", akw_ct_192_256, akw_key_192);
n |= test_akw_decrypt(context, "d-a256kw_128", akw_ct_256_128, akw_key_256);
n |= test_akw_decrypt(context, "d-a256kw_192", akw_ct_256_192, akw_key_256);
n |= test_akw_decrypt(context, "d-a256kw_256", akw_ct_256_256, akw_key_256);
/* AESKW encrypt then confirm decrypt */
if (!test_akw_encrypt(context, "ed-128kw_128", "A128KW", "A128CBC-HS256",
akw_ptext, akw_key_128, compact, sizeof(compact)))
n |= test_akw_decrypt(context, "ed-128kw_128", compact, akw_key_128);
else
n = -1;
if (!test_akw_encrypt(context, "ed-128kw_192", "A128KW", "A192CBC-HS384",
akw_ptext, akw_key_128, compact, sizeof(compact)))
n |= test_akw_decrypt(context, "ed-128kw_192", compact, akw_key_128);
else
n = -1;
if (!test_akw_encrypt(context, "ed-128kw_256", "A128KW", "A256CBC-HS512",
akw_ptext, akw_key_128, compact, sizeof(compact)))
n |= test_akw_decrypt(context, "ed-128kw_256", compact, akw_key_128);
else
n = -1;
if (!test_akw_encrypt(context, "ed-192kw_128", "A192KW", "A128CBC-HS256",
akw_ptext, akw_key_192, compact, sizeof(compact)))
n |= test_akw_decrypt(context, "ed-192kw_128", compact, akw_key_192);
else
n = -1;
if (!test_akw_encrypt(context, "ed-192kw_192", "A192KW", "A192CBC-HS384",
akw_ptext, akw_key_192, compact, sizeof(compact)))
n |= test_akw_decrypt(context, "ed-192kw_192", compact, akw_key_192);
else
n = -1;
if (!test_akw_encrypt(context, "ed-192kw_256", "A192KW", "A256CBC-HS512",
akw_ptext, akw_key_192, compact, sizeof(compact)))
n |= test_akw_decrypt(context, "ed-192kw_256", compact, akw_key_192);
else
n = -1;
if (!test_akw_encrypt(context, "ed-256kw_128", "A256KW", "A128CBC-HS256",
akw_ptext, akw_key_256, compact, sizeof(compact)))
n |= test_akw_decrypt(context, "ed-256kw_128", compact, akw_key_256);
else
n = -1;
if (!test_akw_encrypt(context, "ed-256kw_192", "A256KW", "A192CBC-HS384",
akw_ptext, akw_key_256, compact, sizeof(compact)))
n |= test_akw_decrypt(context, "ed-256kw_192", compact, akw_key_256);
else
n = -1;
if (!test_akw_encrypt(context, "ed-256kw_256", "A256KW", "A256CBC-HS512",
akw_ptext, akw_key_256, compact, sizeof(compact)))
n |= test_akw_decrypt(context, "ed-256kw_256", compact, akw_key_256);
else
n = -1;
n |= test_jwe_r256a128_jwe_openssl(context);
n |= test_jwe_r256a128_jwe_mbedtls(context);
n |= test_jwe_a3(context);
n |= test_jwa_b2(context);
n |= test_jwa_b3(context);
n |= test_jwa_c(context);
return n;
}