mail archive of the barebox mailing list
 help / color / mirror / Atom feed
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: barebox@lists.infradead.org
Subject: [PATCH 0/3] crypto: add JSON Web Token (JWT) support
Date: Mon, 23 Oct 2023 16:31:20 +0200	[thread overview]
Message-ID: <20231023143122.1760217-1-a.fatoum@pengutronix.de> (raw)

JSON Web Token is a proposed Internet standard for creating tokens with
optional signature and/or optional encryption whose payload holds JSON that
asserts some number of claims. The tokens are signed either using a private
secret or a public/private key.

In the context of barebox, a JSON Web Token can be used as unlock token
for a system: By default, the system would be locked and only boot
signed payloads, but when a valid unlock token is provided, board code
can selectively allow access to disallowed features, such as booting
unsigned payloads or provide access to the console and shell.

This series adds first support for JSON Web Tokens on top of the already
existing JSON support. RS256 is the only currently supported format, but
more may be added in future. In lieu of upstreaming board code making
use of this, a selftest is added that decodes a JSON Web token after
verifying it and asserts that the claim contained inside are as expected.

Ahmad Fatoum (3):
  lib: base64: add support for base64url
  crypto: add JSON Web Token (JWT) support
  test: self: add JSON Web Token tests

 crypto/Kconfig                   |   6 +
 crypto/Makefile                  |   2 +
 crypto/jwt.c                     | 241 +++++++++++++++++++++++++++++++
 include/base64.h                 |   1 +
 include/crypto/jwt.h             |  55 +++++++
 lib/base64.c                     |  60 +++++++-
 test/self/Kconfig                |   7 +
 test/self/Makefile               |  11 +-
 test/self/jwt.c                  | 157 ++++++++++++++++++++
 test/self/jwt_test.pem           |  37 +++++
 test/self/jwt_test.pem.c_shipped |  49 +++++++
 11 files changed, 620 insertions(+), 6 deletions(-)
 create mode 100644 crypto/jwt.c
 create mode 100644 include/crypto/jwt.h
 create mode 100644 test/self/jwt.c
 create mode 100644 test/self/jwt_test.pem
 create mode 100644 test/self/jwt_test.pem.c_shipped

-- 
2.39.2




             reply	other threads:[~2023-10-23 14:33 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-23 14:31 Ahmad Fatoum [this message]
2023-10-23 14:31 ` [PATCH 1/3] lib: base64: add support for base64url Ahmad Fatoum
2023-10-23 14:31 ` [PATCH 2/3] crypto: add JSON Web Token (JWT) support Ahmad Fatoum
2023-11-01  9:13   ` Sascha Hauer
2023-10-23 14:31 ` [PATCH 3/3] test: self: add JSON Web Token tests Ahmad Fatoum
2023-11-02  7:20   ` Sascha Hauer
2023-11-02  8:07     ` Ahmad Fatoum
2023-11-01  9:10 ` [PATCH 0/3] crypto: add JSON Web Token (JWT) support Sascha Hauer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231023143122.1760217-1-a.fatoum@pengutronix.de \
    --to=a.fatoum@pengutronix.de \
    --cc=barebox@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox