From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: barebox@lists.infradead.org
Subject: [PATCH 0/3] crypto: add JSON Web Token (JWT) support
Date: Mon, 23 Oct 2023 16:31:20 +0200 [thread overview]
Message-ID: <20231023143122.1760217-1-a.fatoum@pengutronix.de> (raw)
JSON Web Token is a proposed Internet standard for creating tokens with
optional signature and/or optional encryption whose payload holds JSON that
asserts some number of claims. The tokens are signed either using a private
secret or a public/private key.
In the context of barebox, a JSON Web Token can be used as unlock token
for a system: By default, the system would be locked and only boot
signed payloads, but when a valid unlock token is provided, board code
can selectively allow access to disallowed features, such as booting
unsigned payloads or provide access to the console and shell.
This series adds first support for JSON Web Tokens on top of the already
existing JSON support. RS256 is the only currently supported format, but
more may be added in future. In lieu of upstreaming board code making
use of this, a selftest is added that decodes a JSON Web token after
verifying it and asserts that the claim contained inside are as expected.
Ahmad Fatoum (3):
lib: base64: add support for base64url
crypto: add JSON Web Token (JWT) support
test: self: add JSON Web Token tests
crypto/Kconfig | 6 +
crypto/Makefile | 2 +
crypto/jwt.c | 241 +++++++++++++++++++++++++++++++
include/base64.h | 1 +
include/crypto/jwt.h | 55 +++++++
lib/base64.c | 60 +++++++-
test/self/Kconfig | 7 +
test/self/Makefile | 11 +-
test/self/jwt.c | 157 ++++++++++++++++++++
test/self/jwt_test.pem | 37 +++++
test/self/jwt_test.pem.c_shipped | 49 +++++++
11 files changed, 620 insertions(+), 6 deletions(-)
create mode 100644 crypto/jwt.c
create mode 100644 include/crypto/jwt.h
create mode 100644 test/self/jwt.c
create mode 100644 test/self/jwt_test.pem
create mode 100644 test/self/jwt_test.pem.c_shipped
--
2.39.2
next reply other threads:[~2023-10-23 14:33 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-23 14:31 Ahmad Fatoum [this message]
2023-10-23 14:31 ` [PATCH 1/3] lib: base64: add support for base64url Ahmad Fatoum
2023-10-23 14:31 ` [PATCH 2/3] crypto: add JSON Web Token (JWT) support Ahmad Fatoum
2023-11-01 9:13 ` Sascha Hauer
2023-10-23 14:31 ` [PATCH 3/3] test: self: add JSON Web Token tests Ahmad Fatoum
2023-11-02 7:20 ` Sascha Hauer
2023-11-02 8:07 ` Ahmad Fatoum
2023-11-01 9:10 ` [PATCH 0/3] crypto: add JSON Web Token (JWT) support Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231023143122.1760217-1-a.fatoum@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox