1*1c60b9acSAndroid Build Coastguard Worker# Lws Crypto Apis 2*1c60b9acSAndroid Build Coastguard Worker 3*1c60b9acSAndroid Build Coastguard Worker## Overview 4*1c60b9acSAndroid Build Coastguard Worker 5*1c60b9acSAndroid Build Coastguard Worker 6*1c60b9acSAndroid Build Coastguard Worker 7*1c60b9acSAndroid Build Coastguard WorkerLws provides a "generic" crypto layer on top of both OpenSSL and 8*1c60b9acSAndroid Build Coastguard Workercompatible tls library, and mbedtls. Using this layer, your code 9*1c60b9acSAndroid Build Coastguard Workercan work without any changes on both types of tls library crypto 10*1c60b9acSAndroid Build Coastguard Workerbackends... it's as simple as rebuilding lws with `-DLWS_WITH_MBEDTLS=0` 11*1c60b9acSAndroid Build Coastguard Workeror `=1` at cmake. 12*1c60b9acSAndroid Build Coastguard Worker 13*1c60b9acSAndroid Build Coastguard WorkerThe generic layer can be used directly (as in, eg, the sshd plugin), 14*1c60b9acSAndroid Build Coastguard Workeror via another layer on top, which processes JOSE JSON objects using 15*1c60b9acSAndroid Build Coastguard WorkerJWS (JSON Web Signatures), JWK (JSON Web Keys), and JWE (JSON Web 16*1c60b9acSAndroid Build Coastguard WorkerEncryption). 17*1c60b9acSAndroid Build Coastguard Worker 18*1c60b9acSAndroid Build Coastguard WorkerThe `JW` apis use the generic apis (`lws_genrsa_`, etc) to get the crypto tasks 19*1c60b9acSAndroid Build Coastguard Workerdone, so anything they can do you can also get done using the generic apis. 20*1c60b9acSAndroid Build Coastguard WorkerThe main difference is that with the generic apis, you must instantiate the 21*1c60b9acSAndroid Build Coastguard Workercorrect types and use type-specfic apis. With the `JW` apis, there is only 22*1c60b9acSAndroid Build Coastguard Workerone interface for all operations, with the details hidden in the api and 23*1c60b9acSAndroid Build Coastguard Workercontrolled by the JSON objects. 24*1c60b9acSAndroid Build Coastguard Worker 25*1c60b9acSAndroid Build Coastguard WorkerBecause of this, the `JW` apis are often preferred because they give you 26*1c60b9acSAndroid Build Coastguard Worker"crypto agility" cheaply... to change your crypto to another supported algorithm 27*1c60b9acSAndroid Build Coastguard Workeronce it's working, you literally just change your JSON defining the keys and 28*1c60b9acSAndroid Build Coastguard WorkerJWE or JWS algorithm. (It's up to you to define your policy for which 29*1c60b9acSAndroid Build Coastguard Workercombinations are acceptable by querying the parsed JW structs). 30*1c60b9acSAndroid Build Coastguard Worker 31*1c60b9acSAndroid Build Coastguard Worker## Crypto supported in generic layer 32*1c60b9acSAndroid Build Coastguard Worker 33*1c60b9acSAndroid Build Coastguard Worker### Generic Hash 34*1c60b9acSAndroid Build Coastguard Worker 35*1c60b9acSAndroid Build Coastguard Worker - SHA1 36*1c60b9acSAndroid Build Coastguard Worker - SHA256 37*1c60b9acSAndroid Build Coastguard Worker - SHA384 38*1c60b9acSAndroid Build Coastguard Worker - SHA512 39*1c60b9acSAndroid Build Coastguard Worker 40*1c60b9acSAndroid Build Coastguard Worker### Generic HMAC 41*1c60b9acSAndroid Build Coastguard Worker 42*1c60b9acSAndroid Build Coastguard Worker - SHA256 43*1c60b9acSAndroid Build Coastguard Worker - SHA384 44*1c60b9acSAndroid Build Coastguard Worker - SHA512 45*1c60b9acSAndroid Build Coastguard Worker 46*1c60b9acSAndroid Build Coastguard Worker### Generic AES 47*1c60b9acSAndroid Build Coastguard Worker 48*1c60b9acSAndroid Build Coastguard Worker - CBC 49*1c60b9acSAndroid Build Coastguard Worker - CFB128 50*1c60b9acSAndroid Build Coastguard Worker - CFB8 51*1c60b9acSAndroid Build Coastguard Worker - CTR 52*1c60b9acSAndroid Build Coastguard Worker - ECB 53*1c60b9acSAndroid Build Coastguard Worker - OFB 54*1c60b9acSAndroid Build Coastguard Worker - XTS 55*1c60b9acSAndroid Build Coastguard Worker - GCM 56*1c60b9acSAndroid Build Coastguard Worker - KW (Key Wrap) 57*1c60b9acSAndroid Build Coastguard Worker 58*1c60b9acSAndroid Build Coastguard Worker### Generic RSA 59*1c60b9acSAndroid Build Coastguard Worker 60*1c60b9acSAndroid Build Coastguard Worker - PKCS 1.5 61*1c60b9acSAndroid Build Coastguard Worker - OAEP / PSS 62*1c60b9acSAndroid Build Coastguard Worker 63*1c60b9acSAndroid Build Coastguard Worker### Generic EC 64*1c60b9acSAndroid Build Coastguard Worker 65*1c60b9acSAndroid Build Coastguard Worker - ECDH 66*1c60b9acSAndroid Build Coastguard Worker - ECDSA 67*1c60b9acSAndroid Build Coastguard Worker - P256 / P384 / P521 (sic) curves 68*1c60b9acSAndroid Build Coastguard Worker 69*1c60b9acSAndroid Build Coastguard Worker## Using the generic layer 70*1c60b9acSAndroid Build Coastguard Worker 71*1c60b9acSAndroid Build Coastguard WorkerAll the necessary includes are part of `libwebsockets.h`. 72*1c60b9acSAndroid Build Coastguard Worker 73*1c60b9acSAndroid Build Coastguard WorkerEnable `-DLWS_WITH_GENCRYPTO=1` at cmake. 74*1c60b9acSAndroid Build Coastguard Worker 75*1c60b9acSAndroid Build Coastguard Worker|api|header|Functionality| 76*1c60b9acSAndroid Build Coastguard Worker|---|---|---| 77*1c60b9acSAndroid Build Coastguard Worker|genhash|[./include/libwebsockets/lws-genhash.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-genhash.h)|Provides SHA1 + SHA2 hashes and hmac| 78*1c60b9acSAndroid Build Coastguard Worker|genrsa|[./include/libwebsockets/lws-genrsa.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-genrsa.h)|Provides RSA encryption, decryption, signing, verification, key generation and creation| 79*1c60b9acSAndroid Build Coastguard Worker|genaes|[./include/libwebsockets/lws-genaes.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-genaes.h)|Provides AES in all common variants for encryption and decryption| 80*1c60b9acSAndroid Build Coastguard Worker|genec|[./include/libwebsockets/lws-genec.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-genec.h)|Provides Elliptic Curve for encryption, decryption, signing, verification, key generation and creation| 81*1c60b9acSAndroid Build Coastguard Worker|x509|[./include/libwebsockets/lws-x509.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-x509.h)|Apis for X.509 Certificate loading, parsing, and stack verification, plus JWK key extraction from PEM X.509 certificate / private key| 82*1c60b9acSAndroid Build Coastguard Worker 83*1c60b9acSAndroid Build Coastguard WorkerUnit tests for these apis, which serve as usage examples, can be found in [./minimal-examples/api-tests/api-test-gencrypto](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/api-tests/api-test-gencrypto) 84*1c60b9acSAndroid Build Coastguard Worker 85*1c60b9acSAndroid Build Coastguard Worker### Keys in the generic layer 86*1c60b9acSAndroid Build Coastguard Worker 87*1c60b9acSAndroid Build Coastguard WorkerThe necessary types and defines are brought in by `libwebsockets.h`. 88*1c60b9acSAndroid Build Coastguard Worker 89*1c60b9acSAndroid Build Coastguard WorkerKeys are represented only by an array of `struct lws_jwk_elements`... the 90*1c60b9acSAndroid Build Coastguard Workerlength of the array is defined by the cipher... it's one of 91*1c60b9acSAndroid Build Coastguard Worker 92*1c60b9acSAndroid Build Coastguard Worker|key elements count|definition| 93*1c60b9acSAndroid Build Coastguard Worker|---|---| 94*1c60b9acSAndroid Build Coastguard Worker|`LWS_COUNT_OCT_KEY_ELEMENTS`|1| 95*1c60b9acSAndroid Build Coastguard Worker|`LWS_COUNT_RSA_KEY_ELEMENTS`|8| 96*1c60b9acSAndroid Build Coastguard Worker|`LWS_COUNT_EC_KEY_ELEMENTS`|4| 97*1c60b9acSAndroid Build Coastguard Worker|`LWS_COUNT_AES_KEY_ELEMENTS`|1| 98*1c60b9acSAndroid Build Coastguard Worker 99*1c60b9acSAndroid Build Coastguard Worker`struct lws_jwk_elements` is a simple pointer / length combination used to 100*1c60b9acSAndroid Build Coastguard Workerstore arbitrary octets that make up the key element's binary representation. 101*1c60b9acSAndroid Build Coastguard Worker 102*1c60b9acSAndroid Build Coastguard Worker## Using the JOSE layer 103*1c60b9acSAndroid Build Coastguard Worker 104*1c60b9acSAndroid Build Coastguard WorkerThe JOSE (JWK / JWS / JWE) stuff is a crypto-agile JSON-based layer 105*1c60b9acSAndroid Build Coastguard Workerthat uses the gencrypto support underneath. 106*1c60b9acSAndroid Build Coastguard Worker 107*1c60b9acSAndroid Build Coastguard Worker"Crypto Agility" means the JSON structs include information about the 108*1c60b9acSAndroid Build Coastguard Workeralgorithms and ciphers used in that particular object, making it easy to 109*1c60b9acSAndroid Build Coastguard Workerupgrade system crypto strength or cycle keys over time while supporting a 110*1c60b9acSAndroid Build Coastguard Workertransitional period where the old and new keys or algorithms + ciphers 111*1c60b9acSAndroid Build Coastguard Workerare also valid. 112*1c60b9acSAndroid Build Coastguard Worker 113*1c60b9acSAndroid Build Coastguard WorkerUniquely lws generic support means the JOSE stuff also has "tls library 114*1c60b9acSAndroid Build Coastguard Workeragility", code written to the lws generic or JOSE apis is completely unchanged 115*1c60b9acSAndroid Build Coastguard Workereven if the underlying tls library changes between OpenSSL and mbedtls, meaning 116*1c60b9acSAndroid Build Coastguard Workersharing code between server and client sides is painless. 117*1c60b9acSAndroid Build Coastguard Worker 118*1c60b9acSAndroid Build Coastguard WorkerAll the necessary includes are part of `libwebsockets.h`. 119*1c60b9acSAndroid Build Coastguard Worker 120*1c60b9acSAndroid Build Coastguard WorkerEnable `-DLWS_WITH_JOSE=1` at CMake. 121*1c60b9acSAndroid Build Coastguard Worker 122*1c60b9acSAndroid Build Coastguard Worker|api|header|Functionality| 123*1c60b9acSAndroid Build Coastguard Worker|---|---|---| 124*1c60b9acSAndroid Build Coastguard Worker|JOSE|[./include/libwebsockets/lws-jose.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-jose.h)|Provides crypto agility for JWS / JWE| 125*1c60b9acSAndroid Build Coastguard Worker|JWE|[./include/libwebsockets/lws-jwe.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-jwe.h)|Provides Encryption and Decryption services for RFC7516 JWE JSON| 126*1c60b9acSAndroid Build Coastguard Worker|JWS|[./include/libwebsockets/lws-jws.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-jws.h)|Provides signature and verifcation services for RFC7515 JWS JSON| 127*1c60b9acSAndroid Build Coastguard Worker|JWK|[./include/libwebsockets/lws-jwk.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-jwk.h)|Provides signature and verifcation services for RFC7517 JWK JSON, both "keys" arrays and singletons| 128*1c60b9acSAndroid Build Coastguard Worker 129*1c60b9acSAndroid Build Coastguard WorkerMinimal examples are provided in the form of commandline tools for JWK / JWS / JWE / x509 handling: 130*1c60b9acSAndroid Build Coastguard Worker 131*1c60b9acSAndroid Build Coastguard Worker - [JWK minimal example](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/crypto/minimal-crypto-jwk) 132*1c60b9acSAndroid Build Coastguard Worker - [JWS minimal example](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/crypto/minimal-crypto-jws) 133*1c60b9acSAndroid Build Coastguard Worker - [JWE minimal example](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/crypto/minimal-crypto-jwe) 134*1c60b9acSAndroid Build Coastguard Worker - [X509 minimal example](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/crypto/minimal-crypto-x509) 135*1c60b9acSAndroid Build Coastguard Worker 136*1c60b9acSAndroid Build Coastguard WorkerUnit tests for these apis, which serve as usage examples, can be found in [./minimal-examples/api-tests/api-test-jose](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/api-tests/api-test-jose) 137*1c60b9acSAndroid Build Coastguard Worker 138*1c60b9acSAndroid Build Coastguard Worker## Crypto supported in the JOSE layer 139*1c60b9acSAndroid Build Coastguard Worker 140*1c60b9acSAndroid Build Coastguard WorkerThe JOSE RFCs define specific short names for different algorithms 141*1c60b9acSAndroid Build Coastguard Worker 142*1c60b9acSAndroid Build Coastguard Worker### JWS 143*1c60b9acSAndroid Build Coastguard Worker 144*1c60b9acSAndroid Build Coastguard Worker|JSOE name|Hash|Signature| 145*1c60b9acSAndroid Build Coastguard Worker---|---|--- 146*1c60b9acSAndroid Build Coastguard Worker|RS256, RS384, RS512|SHA256/384/512|RSA 147*1c60b9acSAndroid Build Coastguard Worker|ES256, ES384, ES521|SHA256/384/512|EC 148*1c60b9acSAndroid Build Coastguard Worker 149*1c60b9acSAndroid Build Coastguard Worker### JWE 150*1c60b9acSAndroid Build Coastguard Worker 151*1c60b9acSAndroid Build Coastguard Worker|Key Encryption|Payload authentication + crypt| 152*1c60b9acSAndroid Build Coastguard Worker|---|---| 153*1c60b9acSAndroid Build Coastguard Worker|`RSAES-PKCS1-v1.5` 2048b & 4096b|`AES_128_CBC_HMAC_SHA_256`| 154*1c60b9acSAndroid Build Coastguard Worker|`RSAES-PKCS1-v1.5` 2048b|`AES_192_CBC_HMAC_SHA_384`| 155*1c60b9acSAndroid Build Coastguard Worker|`RSAES-PKCS1-v1.5` 2048b|`AES_256_CBC_HMAC_SHA_512`| 156*1c60b9acSAndroid Build Coastguard Worker|`RSAES-OAEP`|`AES_256_GCM`| 157*1c60b9acSAndroid Build Coastguard Worker|`AES128KW`, `AES192KW`, `AES256KW`|`AES_128_CBC_HMAC_SHA_256`| 158*1c60b9acSAndroid Build Coastguard Worker|`AES128KW`, `AES192KW`, `AES256KW`|`AES_192_CBC_HMAC_SHA_384`| 159*1c60b9acSAndroid Build Coastguard Worker|`AES128KW`, `AES192KW`, `AES256KW`|`AES_256_CBC_HMAC_SHA_512`| 160*1c60b9acSAndroid Build Coastguard Worker|`ECDH-ES` (P-256/384/521 key)|`AES_128/192/256_GCM`| 161*1c60b9acSAndroid Build Coastguard Worker|`ECDH-ES+A128/192/256KW` (P-256/384/521 key)|`AES_128/192/256_GCM`| 162*1c60b9acSAndroid Build Coastguard Worker 163*1c60b9acSAndroid Build Coastguard Worker### Keys in the JOSE layer 164*1c60b9acSAndroid Build Coastguard Worker 165*1c60b9acSAndroid Build Coastguard WorkerKeys in the JOSE layer use a `struct lws_jwk`, this contains two arrays of 166*1c60b9acSAndroid Build Coastguard Worker`struct lws_jwk_elements` sized for the worst case (currently RSA). One 167*1c60b9acSAndroid Build Coastguard Workerarray contains the key elements as described for the generic case, and the 168*1c60b9acSAndroid Build Coastguard Workerother contains various nonencrypted key metadata taken from JWK JSON. 169*1c60b9acSAndroid Build Coastguard Worker 170*1c60b9acSAndroid Build Coastguard Worker|metadata index|function| 171*1c60b9acSAndroid Build Coastguard Worker|---|---| 172*1c60b9acSAndroid Build Coastguard Worker|`JWK_META_KTY`|Key type, eg, "EC"| 173*1c60b9acSAndroid Build Coastguard Worker|`JWK_META_KID`|Arbitrary ID string| 174*1c60b9acSAndroid Build Coastguard Worker|`JWK_META_USE`|What the public key may be used to validate, "enc" or "sig"| 175*1c60b9acSAndroid Build Coastguard Worker|`JWK_META_KEY_OPS`|Which operations the key is authorized for, eg, "encrypt"| 176*1c60b9acSAndroid Build Coastguard Worker|`JWK_META_X5C`|Optional X.509 cert version of the key| 177*1c60b9acSAndroid Build Coastguard Worker|`JWK_META_ALG`|Optional overall crypto algorithm the key is intended for use with| 178*1c60b9acSAndroid Build Coastguard Worker 179*1c60b9acSAndroid Build Coastguard Worker`lws_jwk_destroy()` should be called when the jwk is going out of scope... this 180*1c60b9acSAndroid Build Coastguard Workertakes care to zero down any key element data in the jwk. 181*1c60b9acSAndroid Build Coastguard Worker 182
