cbiedl
/
jose


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233
							.TH "jose_jws" 3 "Tue May 30 2017" "José" \" -*- nroff -*-
.ad l
.nh
.SH NAME
jose_jws \- JSON Web Signature (RFC 7515)  

.SH SYNOPSIS
.br
.PP
.SS "Functions"

.in +1c
.ti -1c
.RI "json_t * \fBjose_jws_hdr\fP (const json_t *sig)"
.br
.RI "Merges the JOSE headers of a JWS signature object\&. "
.ti -1c
.RI "bool \fBjose_jws_sig\fP (jose_cfg_t *cfg, json_t *jws, json_t *sig, const json_t *jwk)"
.br
.RI "Creates one or more signatures in a JWS object\&. "
.ti -1c
.RI "\fBjose_io_t\fP * \fBjose_jws_sig_io\fP (jose_cfg_t *cfg, json_t *jws, json_t *sig, const json_t *jwk)"
.br
.RI "Creates one or more signatures in a JWS object using streaming\&. "
.ti -1c
.RI "bool \fBjose_jws_ver\fP (jose_cfg_t *cfg, const json_t *jws, const json_t *sig, const json_t *jwk, bool all)"
.br
.RI "Verifies signatures of one or more JWKs in a JWS object\&. "
.ti -1c
.RI "\fBjose_io_t\fP * \fBjose_jws_ver_io\fP (jose_cfg_t *cfg, const json_t *jws, const json_t *sig, const json_t *jwk, bool all)"
.br
.RI "Verifies signatures of one or more JWKs in a JWS object using streaming\&. "
.in -1c
.SH "Detailed Description"
.PP 
JSON Web Signature (RFC 7515) 

JSON Web Token (RFC 7519)
.PP
A JSON Web Signature (JWS) is a standard data format for expresing cryptographic signatures in JSON\&. The signatures are produced using a JSON Web Key (JWK)\&.
.PP
For example, to create a simple signature of a string using a JWK (error handling omitted): 
.PP
.nf
json_t *sig(const char *str, const json_t *jwk) {
    json_auto_t *jws = json_pack("{s:o}", "payload",
                                 jose_b64_enc(str, strlen(str)));
    jose_jws_sig(NULL, jws, NULL, jwk);
    return json_incref(jws);
}

.fi
.PP
.PP
Likewise, to verify this signature (again, error handling omitted): 
.PP
.nf
char *ver(const json_t *jwe, const json_t *jwk) {
    char *str = NULL;
    size_t len = 0;

    if (!jose_jws_ver(NULL, jws, NULL, jwk))
        return NULL;

    len = jose_b64_dec(json_object_get(jwe, "payload"), NULL, 0);
    str = calloc(1, len + 1);
    jose_b64_dec(json_object_get(jwe, "payload"), str, len);
    return str;
}

.fi
.PP
.PP
\fBSee also:\fP
.RS 4
https://tools.ietf.org/html/rfc7515
.RE
.PP
A JSON Web Token (JWT) is a standard data format for expresing claims transferred between to parties in JSON\&. The JWT is wrapped in any number of Signatures (JWS) or Encryptions (JWE)\&.
.PP
\fBSee also:\fP
.RS 4
https://tools.ietf.org/html/rfc7515 
.RE
.PP

.SH "Function Documentation"
.PP 
.SS "json_t* jose_jws_hdr (const json_t * sig)"

.PP
Merges the JOSE headers of a JWS signature object\&. 
.PP
\fBParameters:\fP
.RS 4
\fIsig\fP A JWS signature object\&. 
.RE
.PP
\fBReturns:\fP
.RS 4
The newly allocated JOSE header\&. 
.RE
.PP

.SS "bool jose_jws_sig (jose_cfg_t * cfg, json_t * jws, json_t * sig, const json_t * jwk)"

.PP
Creates one or more signatures in a JWS object\&. The JWS object (\fCjws\fP) must contain the 'payload' property\&.
.PP
All signatures created will be appended to the JWS specified by \fCjws\fP\&. If the resulting JWS (\fCjws\fP) would contain only a single signature, the JWS will be represented in Flattened JWS JSON Serialization Syntax\&. Otherwise, it will be represented in General JWS JSON Serialization Syntax\&.
.PP
If \fCjwk\fP contains a JWK, a single signature is created\&. In this case, \fCjws\fP must contain either a JWS signature object template or NULL\&. You may specify algorithms or other signature behaviors simply by specifying them in the JOSE headers of the JWS signature object template as defined by RFC 7515\&. If a required property is missing, sensible defaults will be used and inserted into the JOSE headers; inferring them from the JWK (\fCjwk\fP) where possible\&.
.PP
If \fCjwk\fP contains an array of JWKs or a JWKSet, multiple signatures are created\&. In this case, the \fCsig\fP parameter must contain one of the following values:
.PP
.IP "1." 4
A JWS signature object template that will be used for all signatures\&. In this case, a copy will be made for each signature and \fCsig\fP will not be modified in any way\&.
.IP "2." 4
An array of JWS signature object templates\&. Each template will be used with its corresponding JWK from \fCjwk\fP\&. If the arrays in \fCsig\fP and \fCjwk\fP are a different size, an error will occur\&.
.IP "3." 4
NULL\&. This has the same effect as passing NULL for each separate key\&.
.PP
.PP
\fBParameters:\fP
.RS 4
\fIcfg\fP The configuration context (optional)\&. 
.br
\fIjws\fP The JWS object\&. 
.br
\fIsig\fP The JWS signature object template(s) or NULL\&. 
.br
\fIjwk\fP The JWK(s) or JWKSet used for creating signatures\&. 
.RE
.PP
\fBReturns:\fP
.RS 4
On success, true\&. Otherwise, false\&. 
.RE
.PP

.SS "\fBjose_io_t\fP* jose_jws_sig_io (jose_cfg_t * cfg, json_t * jws, json_t * sig, const json_t * jwk)"

.PP
Creates one or more signatures in a JWS object using streaming\&. This function behaves substantially like \fBjose_jws_sig()\fP except:
.PP
The payload is not specified in the JWS (\fCjws\fP)\&. Rather, the payload is provided using the returned IO object\&. The input to the returned IO object will not be internally Base64 encoded\&. So you may need to prepend the IO chain with the result of \fBjose_b64_enc_io()\fP (depending on your situation)\&.
.PP
Likewise, the payload is not stored in the JWS object (\fCjws\fP)\&. This allows for detached payloads and decreases memory use for signatures over large payloads\&. If you would like to attach the payload, it is your responsibility to do so manually\&.
.PP
\fBParameters:\fP
.RS 4
\fIcfg\fP The configuration context (optional)\&. 
.br
\fIjws\fP The JWS object\&. 
.br
\fIsig\fP The JWS signature object template(s) or NULL\&. 
.br
\fIjwk\fP The JWK(s) or JWKSet used for creating signatures\&. 
.RE
.PP
\fBReturns:\fP
.RS 4
The new IO object or NULL on error\&. 
.RE
.PP

.SS "bool jose_jws_ver (jose_cfg_t * cfg, const json_t * jws, const json_t * sig, const json_t * jwk, bool all)"

.PP
Verifies signatures of one or more JWKs in a JWS object\&. The JWS object (\fCjws\fP) must contain the 'payload' property\&.
.PP
If a single JWK (\fCjwk\fP) is specified, the \fCall\fP parameter is ignored\&. In this case, if you would like to verify a particular JWS signature object, you may specify it using the \fCsig\fP parameter\&. Otherwise, you may simply pass NULL to verify any of the JWS signature objects in the JWS object\&.
.PP
If \fCjwk\fP contains an array of JWKs or a JWKSet, the \fCall\fP parameter determines whether a valid signature is required for every JWK in order to successfully validate the JWS\&. For example, if you set \fCall\fP to false this function will succeed if a valid signature is found for any of the provided JWKs\&. When using this multiple JWK signature mode, the \fCsig\fP parameter must contain one of the following values:
.PP
.IP "1." 4
A single JWS signature object to validate against all/any of the provided JWKs\&.
.IP "2." 4
An array of JWS signature objects\&. In this case, each JWS signature object will be mapped to its corresponding JWK from \fCjwk\fP\&. If the arrays in \fCsig\fP and \fCjwk\fP are a different size, an error will occur\&.
.IP "3." 4
NULL\&. This has the same effect as passing NULL for each separate key\&.
.PP
.PP
\fBParameters:\fP
.RS 4
\fIcfg\fP The configuration context (optional)\&. 
.br
\fIjws\fP The JWS object\&. 
.br
\fIsig\fP The JWS signature object(s) to verify or NULL\&. 
.br
\fIjwk\fP The JWK(s) or JWKSet used for verifying signatures\&. 
.br
\fIall\fP Whether or not to require validation of all JWKs\&. 
.RE
.PP
\fBReturns:\fP
.RS 4
On success, true\&. Otherwise, false\&. 
.RE
.PP

.SS "\fBjose_io_t\fP* jose_jws_ver_io (jose_cfg_t * cfg, const json_t * jws, const json_t * sig, const json_t * jwk, bool all)"

.PP
Verifies signatures of one or more JWKs in a JWS object using streaming\&. This function behaves substantially like \fBjose_jws_ver()\fP except:
.PP
The payload is not specified in the JWS (\fCjws\fP)\&. Rather, the payload is provided using the returned IO object\&. The input to the returned IO object will not be internally Base64 encoded\&. So you may need to prepend the IO chain with the result of \fBjose_b64_enc_io()\fP (depending on your situation)\&.
.PP
Final signature verification is delayed until \fBjose_io_t::done()\fP returns\&.
.PP
\fBParameters:\fP
.RS 4
\fIcfg\fP The configuration context (optional)\&. 
.br
\fIjws\fP The JWS object\&. 
.br
\fIsig\fP The JWS signature object(s) to verify or NULL\&. 
.br
\fIjwk\fP The JWK(s) or JWKSet used for verifying signatures\&. 
.br
\fIall\fP Whether or not to require validation of all JWKs\&. 
.RE
.PP
\fBReturns:\fP
.RS 4
The new IO object or NULL on error\&. 
.RE
.PP

.SH "Author"
.PP 
Generated automatically by Doxygen for José from the source code\&.