C library implementing the Javascript Object Signing and Encryption (JOSE)
Clone or download
jdennis and linuxwolf fix concatkdf failures on big endian architectures (#78)
Several of the elements used to compute the digest in ECDH-ES key
agreement computation are represented in binary form as a 32-bit
integer length followed by that number of octets. The 32-bit length
integer is represented in big endian format (the 8 most significant
bits are in the first octet.).

The conversion to a 4 byte big endian integer was being computed
in a manner that only worked on little endian architectures. The
function htonl() returns a 32-bit integer whose octet sequence given
the address of the integer is big endian. There is no need for any
further manipulation.

The existing code used bit shifting on a 32-bit value. In C bit
shifting is endian agnostic for multi-octet values, a right shift
moves most significant bits toward least significant bits. The result
of a bit shift of a multi-octet value on either big or little
archictures will always be the same provided you "view" it as the same
data type (e.g. 32-bit integer). But indexing the octets of that
mulit-octet value will be different depending on endianness, hence the
assembled octets differed depending on endianness.

Issue: #77
Signed-off-by: John Dennis <jdennis@redhat.com>
Latest commit 46d238b Aug 3, 2018

README.md

cjose

Implementation of JOSE for C/C++

Prerequisites

MAC OS X All of the prerequisites can be installed via brew.

Build Tools

  • pkg-config (>= 0.20)
  • GNU Make >= 3.81
  • LLVM >= 5.1 or GCC >= 4.5
  • Autoconf (>= 2.69)
  • Automake (>= 1.14)
  • libtool (>= 2.4)
  • Check (>= 0.9.4) - unit testing (e.g. check-devel)
  • Doxygen (>= 1.8) - documentation
  • clang-format (= 3.9.0)

Libraries

  • OpenSSL >= 1.0.1h (or its API equivalent)
  • Jansson >= 2.3

Getting Started

As with most autoconf/automake projects:

git clone https://github.com/cisco/cjose.git
cd cjose
./configure && make

Common Options

--with-openssl: Specify the location where OpenSSL/CiscoSSL is installed
--with-jansson: Specify the location where Jansson is installed
--disable-shared: Only build static library

Debug Mode

To compile in debug mode (minimal optimization, active asserts, etc), specify the appropriate CFLAGS as a command-line argument when executing configure:

./configure CFLAGS="-g -O0 -DDEBUG"

Tests

To execute the unit tests:

make test

If successful, the list of checks will be displayed on the console. Otherwise, the file "test/test-suite.log" will list the specific test(s) that failed.

API Docs

To generate Doxygen API documentation:

make doxygen

Which will place the generated documentation in "doc/html".

From Scratch

To rebuild all of the project -- including those files generated by autoconf and automake:

autoreconf --force --install

Troubleshooting

Configure can't find check.h header file.

This has been seen on Mac OSX 10.8 and 10.9 when check has been installed via brew. A solution is to explicitly include the /usr/local/include directory in the cflags:

./configure CFLAGS="-I/usr/local/include"

Make fails due to many OpenSSL functions being "deprecated" or missing.

This has been seen on Mac OSX 10.9 when openssl 1.0.1h or newer has been installed via brew. A solution is to explicitly include the openssl directory in the configure command:

./configure --with-openssl=/usr/local/opt/openssl

Make fails due to json_* functions missing.

This has been seen on Mac OSX 10.9 when Jansson has been installed via brew. A solution is to explicitly include the jansson directory in the configure command:

./configure --with-jansson=/usr/local/opt/jansson

Contributing

Before Submitting PR

  • Run make clang-format
  • Run make test