/usr/include/cjose/jwk.h is in libcjose-dev 0.6.0+dfsg1-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 | /*
* Copyrights
*
* Portions created or assigned to Cisco Systems, Inc. are
* Copyright (c) 2014-2016 Cisco Systems, Inc. All Rights Reserved.
*/
/**
* \file
* \brief
* Functions and data structures for interacting with JSON Web Key (JWK) objects.
*
*/
#ifndef CJOSE_JWK_H
#define CJOSE_JWK_H
#include <stdbool.h>
#include <stdint.h>
#include <stddef.h>
#include <openssl/obj_mac.h>
#include "cjose/error.h"
#include "cjose/header.h"
#ifdef __cplusplus
extern "C" {
#endif
/** Enumeration of supported JSON Web Key (JWK) types */
typedef enum {
/** RSA Public (or Private) Key */
CJOSE_JWK_KTY_RSA = 1,
/** Elliptic Curve Public (or Private) Key */
CJOSE_JWK_KTY_EC,
/** Octet String (Symmetric) Key */
CJOSE_JWK_KTY_OCT
} cjose_jwk_kty_t;
/**
* Retrieves the string name for the given KTY enumeration.
*
* \param kty The JWK key type
* \param err [out] An optional error object which can be used to get additional
* information in the event of an error.
* \returns The string name for <tt>kty</tt>
*/
const char *cjose_jwk_name_for_kty(cjose_jwk_kty_t kty, cjose_err *err);
/** An instance of a JWK object. */
typedef struct _cjose_jwk_int cjose_jwk_t;
/**
* Retains a JWK object. The caller MUST call cjose_jwk_release() once the
* JWK object is no longer in use, or the program will leak memory.
*
* \param jwk The JWK object to retain
* \param err [out] An optional error object which can be used to get additional
* information in the event of an error.
* \returns The retained JWK object
*/
cjose_jwk_t *cjose_jwk_retain(cjose_jwk_t *jwk, cjose_err *err);
/**
* Releases a JWK object. For a newly-created key where cjose_jwk_retain() has
* not been called, the object is destroyed and its resources are released.
*
* If cjose_jwk_retain() has been called on the given JWK object, an internal
* count is decremented but no other resources are released.
*
* \param jwk The JWK object to release
* \returns <tt>true</tt> if the released JWK is still valid, or <tt>false</tt>
* if the JWK object's resources and memory have been freed.
*/
bool cjose_jwk_release(cjose_jwk_t *jwk);
/**
* Retrieves the key type for the given JWK object.
*
* \param jwk The JWK object
* \param err [out] An optional error object which can be used to get additional
* information in the event of an error.
* \returns the known key type
*/
cjose_jwk_kty_t cjose_jwk_get_kty(const cjose_jwk_t *jwk, cjose_err *err);
/**
* Retrieves the keysize of this JWK (in bits).
*
* \param jwk The JWK to retrieve the keysize of
* \param err [out] An optional error object which can be used to get additional
* information in the event of an error.
* \returns The keysize for this JWK, in bits
*/
size_t cjose_jwk_get_keysize(const cjose_jwk_t *jwk, cjose_err *err);
/**
* Retrieves the raw key data for this JWK.
*
* \b WARNING: this is the raw data specific to the key type, and could
* contain private key material.
* \b NOTE: This key data will be released when the key is released.
*
* \param jwk The JWK to retrieve key data from
* \returns The key data specific to the type of key
*/
void *cjose_jwk_get_keydata(const cjose_jwk_t *jwk, cjose_err *err);
/**
* Retrieves the key id for the given JWK object. The string returned by
* this call belongs to the JWK, caller should not attempt to free it.
*
* \param jwk The JWK object
* \param err [out] An optional error object which can be used to get additional
* information in the event of an error.
* \returns the current kid, or NULL if not set.
*/
const char *cjose_jwk_get_kid(const cjose_jwk_t *jwk, cjose_err *err);
/**
* Sets a new value for the kid attribute of the JWK. The string will be
* copied to an internal buffer of the JWK and released when the JWK object
* is released.
*
* \param jwk The JWK object
* \param kid The new kid value
* \param len The length of the kid string in bytes
* \param err [out] An optional error object which can be used to get additional
* information in the event of an error.
* \returns True if successful, false otherwise.
*/
bool cjose_jwk_set_kid(cjose_jwk_t *jwk, const char *kid, size_t len, cjose_err *err);
/**
* Serializes the given JWK to a JSON string.
*
* \b NOTE: The returned needs to be freed by the caller.
*
* \param jwk The JWK to serialize.
* \param priv <tt>true</tt> to include private/secret fields
* \param err [out] An optional error object which can be used to get additional
* information in the event of an error.
* \returns The JSON string representation of <tt>jwk</tt>
*/
char *cjose_jwk_to_json(const cjose_jwk_t *jwk, bool priv, cjose_err *err);
/** Key specification for RSA JWK objects. */
typedef struct
{
/** Public exponent */
uint8_t *e;
/** Length of <tt>e</tt> */
size_t elen;
/** Modulus */
uint8_t *n;
/** Length of <tt>n</tt> */
size_t nlen;
/** Private exponent */
uint8_t *d;
/** Length of <tt>d</tt> */
size_t dlen;
/** First prime */
uint8_t *p;
/** Length of <tt>p</tt> */
size_t plen;
/** Second prime */
uint8_t *q;
/** Length of <tt>q</tt> */
size_t qlen;
/** d (mod p - 1) */
uint8_t *dp;
/** Length of <tt>dp</tt> */
size_t dplen;
/** d (mod q - 1) */
uint8_t *dq;
/** Length of <tt>dq</tt> */
size_t dqlen;
/** coefficient */
uint8_t *qi;
/** Length of <tt>qi</tt> */
size_t qilen;
} cjose_jwk_rsa_keyspec;
/**
* Creates a new RSA JWK, using a secure random number generator.
*
* \b NOTE: The caller MUST call cjose_jwk_release() to release the JWK's
* resources.
*
* \param size The keysize, in bits
* \param e The public exponent
* \param elen The length of <tt>e</tt>
* \param err [out] An optional error object which can be used to get additional
* information in the event of an error.
* \returns The generated symmetric JWK object.
*/
cjose_jwk_t *cjose_jwk_create_RSA_random(size_t keysize, const uint8_t *e, size_t elen, cjose_err *err);
/**
* Creates a new RSA JWK, using the given raw value for the private
* and/or public keys.
*
* \b NOTE: The caller MUST call cjose_jwk_release() to release the JWK's
* resources.
*
* \b NOTE: This function makes a copy of all provided data; the caller
* MUST free the memory for <tt>spec</tt> after calling this function.
*
* \param spec The specified RSA key properties
* \param err [out] An optional error object which can be used to get additional
* information in the event of an error.
* \returns The generated RSA JWK object
*/
cjose_jwk_t *cjose_jwk_create_RSA_spec(const cjose_jwk_rsa_keyspec *spec, cjose_err *err);
/** Enumeration of supported Elliptic-Curve types */
typedef enum {
/** NIST P-256 Prime Curve (secp256r1) */
CJOSE_JWK_EC_P_256 = NID_X9_62_prime256v1,
/** NIST P-384 Prime Curve (secp384r1) */
CJOSE_JWK_EC_P_384 = NID_secp384r1,
/** NIST P-521 Prime Curve (secp521r1) */
CJOSE_JWK_EC_P_521 = NID_secp521r1,
/** Invalid Curve */
CJOSE_JWK_EC_INVALID = -1
} cjose_jwk_ec_curve;
/** Key specification for Elliptic Curve JWK objects. */
typedef struct
{
/** The elliptic curve */
cjose_jwk_ec_curve crv;
/** The private key */
uint8_t *d;
/** Length of <tt>d</tt> */
size_t dlen;
/** The public key's X coordinate */
uint8_t *x;
/** Length of <tt>x</tt> */
size_t xlen;
/** The public key's Y coordiate */
uint8_t *y;
/** Length of <tt>y</tt> */
size_t ylen;
} cjose_jwk_ec_keyspec;
/**
* Creates a new Elliptic-Curve JWK, using a secure random number generator.
*
* \b NOTE: The caller MUST call cjose_jwk_release() to release the JWK's
* resources.
*
* \param crv The EC Curve to generate against
* \param err [out] An optional error object which can be used to get additional
* information in the event of an error.
* \returns The generated Elliptic Curve JWK object
*/
cjose_jwk_t *cjose_jwk_create_EC_random(cjose_jwk_ec_curve crv, cjose_err *err);
/**
* Creates a new Elliptic-Curve JWK, using the given the raw values for
* the private and/or public keys.
*
* \b NOTE: The caller MUST call cjose_jwk_release() to release the JWK's
* resources.
*
* \b NOTE: This function makes a copy of all provided data; the caller
* MUST free the memory for <tt>spec</tt> after calling this function.
*
* \param spec The specified Elliptic Curve key properties
* \param err [out] An optional error object which can be used to get additional
* information in the event of an error.
* \returns The generated Elliptic Curve JWK object
*/
cjose_jwk_t *cjose_jwk_create_EC_spec(const cjose_jwk_ec_keyspec *spec, cjose_err *err);
/**
* Obtains the curve for the given (EC) JWK.
*
* \param jwk [in] The EC JWK to inspect
* \param err [out] An optional error object which can be used to get additional
* information in the event of an error.
* \returns The curve type
*/
const cjose_jwk_ec_curve cjose_jwk_EC_get_curve(const cjose_jwk_t *jwk, cjose_err *err);
/**
* Creates a new symmetric octet JWK, using a secure random number generator.
*
* \b NOTE: The caller MUST call cjose_jwk_release() to release the JWK's
* resources.
*
* \param size The keysize, in bits
* \param err [out] An optional error object which can be used to get additional
* information in the event of an error.
* \returns The generated symmetric JWK object.
*/
cjose_jwk_t *cjose_jwk_create_oct_random(size_t size, cjose_err *err);
/**
* Creates a new symmetric oct JWK, using the given raw key data.
*
* \b NOTE: <tt>data</tt> is copied, so the caller MUST free its memory
* after calling this function.
*
* \b NOTE: The caller MUST call cjose_jwk_release() to release the JWK's
* resources.
*
* \param data The key value.
* \param len The length of <tt>data</tt>
* \param err [out] An optional error object which can be used to get additional
* information in the event of an error.
* \returns The symmetric JWK object for the given raw key data.
*/
cjose_jwk_t *cjose_jwk_create_oct_spec(const uint8_t *data, size_t len, cjose_err *err);
/**
* Instantiates a new JWK given a JSON document representation conforming
* to JSON Web Key (JWK) IETF ID draft-ietf-jose-json-web-key.
*
* \b NOTE: A successful call returns a new cjose_jwk_t object. It is the
* caller's responsibility to call cjose_jwk_release() to release the JWK when
* it is no longer needed. Failure to do so will result in a memory leak.
*
* \param json A JSON document conforming to the Jose JWK specification.
* \param len The length of the given JSON document.
* \param err [out] An optional error object which can be used to get additional
* information in the event of an error.
* \returns A JWK object corresponding to the given JSON document. In
* the event the given JSON document cannot be parsed, or is
* otherwise an invalid JWK representation, this will return NULL.
*/
cjose_jwk_t *cjose_jwk_import(const char *json, size_t len, cjose_err *err);
/**
* Instantiates a new JWK given a JSON object conforming to JSON Web Key (JWK)
* IETF RFC 7518.
*
* \b NOTE: A successful call returns a new cjose_jwk_t object. It is the
* caller's responsibility to call cjose_jwk_release() to release the JWK when
* it is no longer needed. Failure to do so will result in a memory leak.
*
* \param json A JSON document conforming to the Jose JWK specification.
* \param err [out] An optional error object which can be used to get additional
* information in the event of an error.
* \returns A JWK object corresponding to the given JSON document. In
* the event the given JSON object is an invalid JWK representation, this
* will return NULL.
*/
cjose_jwk_t *cjose_jwk_import_json(cjose_header_t *json, cjose_err *err);
/**
* Computes an ECDH ephemeral key as an HKDF hash of the derived shared
* secret from a local EC key-pair and a peer's EC public key. The result is
* returned in the form of a new JWK of type oct.
*
* Note: on successful return of a jwk_ecdh_ephemeral_key, the caller becomes
* responsible for releasing that JWK wuth the cjose_jwk_release() command.
*
* \param jwk_self [in] The caller's own EC key pair.
* \param jwk_peer [in] The peer's EC public key.
* \param err [out] An optional error object which can be used to get additional
* information in the event of an error.
* \returns A new JWK representing the ephemeral key, or NULL in the event of
* and error.
*/
cjose_jwk_t *cjose_jwk_derive_ecdh_ephemeral_key(const cjose_jwk_t *jwk_self, const cjose_jwk_t *jwk_peer, cjose_err *err);
/**
Deprecated. Alias for cjose_jwk_derive_ecdh_ephemeral_key.
*/
cjose_jwk_t *cjose_jwk_derive_ecdh_secret(const cjose_jwk_t *jwk_self, const cjose_jwk_t *jwk_peer, cjose_err *err);
#ifdef __cplusplus
}
#endif
#endif // CJOSE_JWK_H
|